0

I have created an app in Android Studio where the user signs up with email and password besides few other fields. This is the code I am using:

public class MainActivity extends AppCompatActivity {

EditText etName, etService, etDes, etCost, etContact, etPass, etEmail;
Button offer;
CountryCodePicker ccp;
private FirebaseAuth mAuth;

@Override
protected void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);
    setContentView(R.layout.activity_register);

    etName = findViewById(R.id.enterName);
    etService = findViewById(R.id.enterService);
    etDes = findViewById(R.id.enterDescription);
    etCost = findViewById(R.id.enterCost);
    etContact = findViewById(R.id.enterContact);
    etPass = findViewById(R.id.enterPassword);
    etEmail = findViewById(R.id.enterEmail);
    ccp = findViewById(R.id.ccpLogin);

    ccp.registerCarrierNumberEditText(etContact);

    offer = findViewById(R.id.offerBtn);

    mAuth=FirebaseAuth.getInstance();

    offer.setOnClickListener(new View.OnClickListener() {

        @Override
        public void onClick(View v) {

            final String putEmail=etEmail.getText().toString();
            final String putPass=etPass.getText().toString();

            //final String fullNumber = ccp.getFullNumberWithPlus();

            //final String key=fullNumber+putEmail;

            if(notEmpty()){
            mAuth.createUserWithEmailAndPassword(putEmail, putPass).addOnCompleteListener(new OnCompleteListener<AuthResult>() {
                @Override
                public void onComplete(@NonNull Task<AuthResult> task) {
                    if (task.isSuccessful())
                    {
                        final String putName=etName.getText().toString();
                        final String putService=etService.getText().toString();
                        final String putDes=etDes.getText().toString();
                        final String putCost=etCost.getText().toString();
                        final String putEmail=etEmail.getText().toString();
                        final String putPass=etPass.getText().toString();

                        final String fullNumber = ccp.getFullNumberWithPlus();

                        sendVerificationEmail();
                        //checkVerification(putName,putService,putDes,putCost,fullNumber,putPass,putEmail);
                    }
                    else
                        Toast.makeText(MainActivity.this, "Failed to send EMail", Toast.LENGTH_LONG).show();
                }
            });
            }
            else
                Toast.makeText(MainActivity.this, "All Fields Are Required", Toast.LENGTH_LONG).show();
        }
    });
}

Now my question is is there any way that I can stop users from signing up without verifying their email ids first? The createUserWithEmailAndPassword() method seems to sign in the user first before their email id is verified which, I think, defeats the very purpose of using email verification i.e. to stop users from reaching the database with a fake or invalid email id. Also there seems to be no way that I can delete the user from Firebase "Users" section under "Authentication" if the user hasn't verified his email id as by then he has already been created and signed in.

Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
Raunak Deb
  • 51
  • 1
  • 10
  • What do you mean through "can stop users from signing up without verifying their email ids first"? – Alex Mamo Feb 09 '19 at 11:39
  • I mean that when I use createUserWithEmailAndPassword() method the user email id appears in the "Users" page in the Firebase "Authentication" page even before I verified his email id by sending an email. But I want him to appear in the "Users" only after he has verified his email as in that way anyone with any random email id(which doesn't even exists)will be able to make an account. – Raunak Deb Feb 09 '19 at 12:11
  • There is no way to prevent a user from signing in without a verified email address. But you can prevent them from accessing backend resources in your app, by checking in the security rules if the email address is verified (for example for [Firestore](https://stackoverflow.com/a/50239804)). Also see https://stackoverflow.com/q/48028927, https://stackoverflow.com/q/48363332, https://stackoverflow.com/a/49710244, https://stackoverflow.com/a/38019847 – Frank van Puffelen Feb 09 '19 at 16:02
  • But then wouldn't it fill my "Users" page with a lot of fake or invalid email ids and would also take up a lot of my space in Firebase. I have found by testing that even fake emails get created in the "Users" page even though they are not verified. So is there any way that I could delete those fake emails if they are not verified as soon as they log in for the first time? – Raunak Deb Feb 10 '19 at 06:02
  • @FrankvanPuffelen What is the point of having email verification if they can sign in anyway? Also, createUserWithEmailAndPassword signs the user in automatically. My workaround is to log them out immediatly if there is no emailverification or after creation. – Michelangelo Jun 13 '19 at 20:18
  • Firebase caters for many use-cases, including many that work fine without a verified email address, or that start before the email address is verified. For example: you can check in your application code whether the email address is verified. Which means you can show in your app that they should check their mailbox for the verification email. And you can check in your server-side security rules (or other server-side security checks) whether the email address is verified and allow/disallow access to data based on that. – Frank van Puffelen Jun 13 '19 at 21:52

1 Answers1

0

You can use the FirebaseUI. It takes care of the login-ui, login process and gives you a chance to handle the email verification, check out this question about how to do the FirebaseUI email verification:

Email verification for Firebase Auth UIFirebaseUI

Try the demo app at FirebaseUI

Erik
  • 5,039
  • 10
  • 63
  • 119