1

NOTE: I was able to figure this out. There is no need to change the rules in Firebase. See code below.

ORIGINAL POST I have an IOS app and I decided to build the Android/Kotlin version and I'm having a hard time with Firebase/isEmailVerify. I'm able to register a new user and send the email for verification, but, if I don't verify, I'm still able to login. I'm new at Kotlin. Any help is greatly appreciated.

UPDATED CODE

class LoginActivity : AppCompatActivity() {

lateinit var auth: FirebaseAuth
private var emailVerifier: Boolean = true

private val emailVerificationAlert = { _: DialogInterface, _: Int ->
    Toast.makeText(this.applicationContext, android.R.string.yes, Toast.LENGTH_SHORT).show()
}

override fun onCreate(savedInstanceState: Bundle?) {
    super.onCreate(savedInstanceState)
    setContentView(R.layout.activity_login)
    auth = FirebaseAuth.getInstance()
}

private fun verifyEmail() {
    val user = FirebaseAuth.getInstance().currentUser
    if (user != null) {
        emailVerifier = user.isEmailVerified()
    }
    if (emailVerifier) {
        finish()
    } else {
        userDidNotVerify()
        auth.signOut()
    }
}

fun loginBtnClicked(view: View) {
    val email = loginEmailTxt.text.toString()
    val password = loginPasswordTxt.text.toString()

    auth.signInWithEmailAndPassword(email, password)
        .addOnSuccessListener { exception ->
            println("USER LOGGED IN")
            verifyEmail()
        }
        .addOnFailureListener { exception ->
            Log.e("Exception", "Could not sign in user - ${exception.localizedMessage}") 
    }
}

private fun userDidNotVerify() {
    val builder = android.app.AlertDialog.Builder(this)
    with(builder) {
        this.setTitle("Confirm your email address.")
        this.setMessage("A confirmation email has been sent to" + " " + (loginEmailTxt.text) + " " +
                    "." + " " + "Click on the confirmation link to activate your account")
        this.setPositiveButton("OK", DialogInterface.OnClickListener(function = emailVerificationAlert))
        this.show()
    }
}

fun loginCreateClicked(view: View) {
    val createIntent = Intent(this, CreateUserActivity::class.java)
    startActivity(createIntent)
}

}

Eddie
  • 137
  • 1
  • 13

1 Answers1

0

It's expected that the user can still sign in before the email is verified. This provides a way for your app to allow the user to request another verification email to be sent, in case something happened to the first one.

If you want to restrict what the user can do before the email is verified, you can check isEmailVerfied() on the UserInfo object, and you can use the auth.token.email_verified in security rules to limit their access to databases and storage also provided by Firebase.

Doug Stevenson
  • 297,357
  • 32
  • 422
  • 441
  • Hello Doug, i was able to get this working in IOS with no modification of the rules in Firebase. If the user does not verify the email, they dont go anywhere. I'm just just trying to find the way to get this done in Kotlin. Here is the post regarding the IOS version of the app. https://stackoverflow.com/a/59607015/11151290 Thank you. – Eddie Jan 06 '20 at 05:27
  • You are using `self.authUser!.isEmailVerified` there. In the answer here, I gave you a link to the equivalent call for Java/Kotlin. It's up to you to write your app logic to use it the way you want. – Doug Stevenson Jan 06 '20 at 05:39