I have a register page which creates users by email and password using this code:
Auth.auth().createUser(withEmail: emailTextfield.text!, password: passwordTextfield.text!) {
(user, error) in
if error != nil {
print(error!)
}
else
{
print("Successful")
}
}
The problem is when someone register by an email that already exist on the firebase, the program accepts it. Then it is logging the new account automatically as the old account.
There is a configuration option in your Firebase Authentication console to allow/disallow multiple users to sign up with the same email address. If you disallow it, signing up with an email address that already exists will return an error message.
Even if you do allow multiple users to sign up with the same email address, that doesn't have to be a security risk. It all depends on the needs of your app.
If in your app you want to verify that the user has access to the associated mail address before they can use your app, be sure to send them an email verification message first. Then check whether their email address is verified before allowing them to access resources. E.g. in the Firebase Realtime Database that would be: Security rule to only allow write for users with verified emails
As above, for some cases it's fine to have multiple users on the same email. However, if not, then when people sign up with and check your user table with something like
if (<your table name>.child(<Users>).hasChild(<email>)) {
alert('Sorry this email has already been used.') }
else {
<your code to create the user here>
print ('successful!') }
This way the user account wont be created unless it's a new unused email.
