如果您的用户已登录，在您的应用程序中并且您正在从 Firebase 控制台手动删除它，该用户将保持活动状态，直到令牌刷新.因此，最多大约一个小时，用户将保持经过身份验证.因此，如果您想立即限制用户的访问权限，则需要将其注销.

If your user is logged in, in your applicaiotn and you are manually deleting it from the Firebase Console, the user will remain active, till the token will be refreshed. So for about at most an hour, the user will remain authenticated. So if you want to restrict the access of a user instantly, you need to sign him out.

但还有另一种解决方法，您可以在 Firebase 数据库中创建一个名为 usersToLogOut 的新节点，并将所有用户 ID 添加为 keys 和布尔值 true 作为值.数据库应如下所示:

But there is another workaround, in which you can create a new node in your Firebase database named usersToLogOut and add there all the user ids as keys and the boolean true as a value. The database should look like this:

Firebase-root
     |
     --- usersToLogOut
             |
             --- uid1: true
             |
             --- uid2: true

下一步，当您手动删除该帐户时，您需要在该节点下添加用户的uid.您还需要使用 Firebase 安全规则来撤销未经授权用户的访问权限.规则应如下所示:

The next step, when you detele that account manually, you need to add the uid of the user under this node. You need to also to use, Firebase Security Rules, to revoke access for unauthorized users. The rules should look like this:

{
  "rules": {
    "usersToLogOut": {
      ".read": true,
      ".write": false
    },
    "posts": {
      ".read": "auth != null && !root.child('usersToLogOut').child(auth.uid).exists()"
    }
  }
}

编辑 1:

根据你的编辑，你说:我在这里问的不是如何从他/她那里保护我的数据库，而是我检查它是否已被删除但这是更简单的方法您可以通过使用上述规则来实现这一点.如果您从控制台手动删除用户，这并不意味着您将删除所有内容，包括数据库记录.你需要自己做这件事.所以最简单的方法就是使用规则.

According to your edit, you say: what I'm asking here is not how to secure my DB from him/her but I to check that It has been deleted but this the easier way way in which you can achieve this, by using the rules above. If you delete the user manually from the console this doesn't mean that you are deleteing everything with it, including database records. You need to do this your self. So the simplest way is to use rules.

此外，如果您删除所有用户记录，那么您可以添加一个侦听器并强制他退出，但这意味着您需要在数据库中搜索所有记录并相应地删除它们.第一个解决方案更简单，因为您只需要在数据库中添加一条记录即可！

Additionally, if you delete all user records, then you can add a listener and force him sign-out but this means that you need to search into you database for all records and remove them accordingly. The first solution is easier, because you only need to add a single record in your database and that's it!

编辑 2:

当您手动删除用户时，这并不意味着 firebaseUser 对象将为 null，因此检查无效性没有任何意义，因为用户仍将通过身份验证，直到下一次令牌刷新.所以要解决这个问题，你需要使用 Firebase 规则来限制访问.

When you are deleting a user manually this doesn't mean that the firebaseUser object will be null, so to check for nullity it does not make any sense because the user will still be authenticated till the next token refresh. So to solve this, you need to use Firebase rules to restrict the access.

因此您的代码将始终有效.我想说的是，在您从控制台手动删除用户到刷新令牌的时间之间，用户仍然可以访问您的应用程序的时间可能长达一个小时，就算他被删了.要停止这种情况，在那一小时内，您需要使用上述解决方案.

So your code will always work. What I was trying to say is that between the time in which you delete the user manually from the console and the time in which you get refreshed token, it can be up to an hour in which the user will still have access to your app, even if he is deleted. To stop this, for that hour, you need to use the solution above.

根据 OP 的评论编辑 3:

您的代码运行良好并且将始终有效，但问题是，即使您从控制台删除用户，他仍然可以访问数据库，直到下一次令牌刷新.是的，用户将能够访问数据库.该令牌将在大约一个小时内有效，如果您不想要，您可以限制使用安全规则，在那个小时内用户不再具有访问权限.

Your code works well and will always work but the problem is, even if you delete the user from the console he will still have accees to the database till the next token refresh. And yes, the user will be able to access the database. That token will be valid for about an hour and if you do not want that, you can restrict using the security rules and in that hour the user not have access anymore.

换句话说，如果您也从客户端删除它并且它无效并且如果其他人被盗"，则此令牌可以使用它来访问数据库.不是使用您的应用的用户，而是可能窃取了该令牌的人.

With other words if you delete it also from client side and if it is not valid and if someone else has 'stolen' this token could use it to access the DB. Not the user who is using your app but someone that could have stolen that token.