In my registration activity the user has to type in an email address and then a password which is longer than 6, has a special sign etc. The problem is after matching all the password requirements the user clicks on the register button and then the toast message pops up that an email has been sent but in the same time the user gets logged in. When pressing on the back button of the phone the user is in the app which he should only be when he verified his address.
Here is part of my email register activity:
btnSignUp.setOnClickListener(new View.OnClickListener() {
@Override
public void onClick(View v) {
String email = inputEmail.getText().toString();
String password = inputPassword.getText().toString();
String passwordConfirm = inputPasswordConfirm.getText().toString();
if (password.length() < 6) {
Toast.makeText(getApplicationContext(), "Das Passwort ist zu kurz, gebe mindestens 6 Zeichen ein.", Toast.LENGTH_SHORT).show();
return;
}
if (!password.matches("^(?=.*[A-Za-z])(?=.*\\d)(?=.*[$@$!%*#?&])[A-Za-z\\d$@$!%*#?&]{8,}$")){
Toast.makeText(RegistrationEmailActivity.this, "Dein Passwort hat mindestens eine der folgenden Anforderungen nicht: Großbuchstaben, Zahl, Spezialzeichen.", Toast.LENGTH_SHORT).show();
return;
}
if (TextUtils.isEmpty(passwordConfirm)){
Toast.makeText(getApplicationContext(), "Bestätige dein Passwort", Toast.LENGTH_SHORT).show();
}
else if (!password.equals(passwordConfirm)){
Toast.makeText(getApplicationContext(), "Die Passwörter stimmen nicht überein. Bitte überprüfe deine Eingabe.", Toast.LENGTH_SHORT).show();
}
else {
progressBar.setVisibility(View.VISIBLE);
//create user
auth.createUserWithEmailAndPassword(email, password)
.addOnCompleteListener( new OnCompleteListener<AuthResult>() {
@Override
public void onComplete(@NonNull Task<AuthResult> task) {
Toast.makeText(RegistrationEmailActivity.this, "Welcome to the app", Toast.LENGTH_SHORT).show();
progressBar.setVisibility(View.GONE);
if (!task.isSuccessful()) {
Toast.makeText(RegistrationEmailActivity.this, "Authentication failed." + task.getException(),
Toast.LENGTH_SHORT).show();
} else {
auth.getCurrentUser().sendEmailVerification().addOnCompleteListener(new OnCompleteListener<Void>() {
@Override
public void onComplete(@NonNull Task<Void> task) {
if (task.isSuccessful()){
Toast.makeText(RegistrationEmailActivity.this, "Du wurdest erfolgreich registriert. Schau in deinem Postfach nach und klicke auf den Link, " +
"damit die E-Mail verifiziert wird und du dich einloggen kannst.", Toast.LENGTH_SHORT).show();
}else {
Toast.makeText(RegistrationEmailActivity.this, "Das hat leider nicht geklappt. Überprüfe deine E-Mail und versuche es erneut.", Toast.LENGTH_SHORT).show();
}
}
});
}
}
});
}
}
});
I used this tutorial https://www.youtube.com/watch?v=06YKlMdWyMM to verify the email. At 19:09 I guess he shows some solution to the problem but I don't know where to implement this code.
When you create an account on Firebase Authentication, that user is automatically signed in. There is no way to prevent that, and this is the intended behavior.
If you want to only allow the user access to certain screens in your app after they verified their email address, you can check isEmailVerified in your code before navigating to that screen.
If you want to prevent the unverified user from accessing certain data in your (Firebase Realtime Database, Cloud Firestore, or Cloud Storage) backend, you can check the user's token in your security rules to ensure their email address is verified.