I am new to flutter and dart, but have some fundamentals of programing. When I enter a random email with a random password, Firebase will create a user with that email and password via createUserWithEmailAndPassword method without making sure if that email is a real one. How can I make sure the email is real?
Here is what I did:
void initState() {
late final _email = TextEditingController();
late final _firstName = TextEditingController();
late final _familyName = TextEditingController();
late final _password = TextEditingController();
super.initState();
}
@override
void dispose() {
_email.dispose();
_firstName.dispose();
_familyName.dispose();
_password.dispose();
super.dispose();
}
after initstate and dispose , I created a class extends StatefulWidget, which had inside it 4 TextFields with 4 controllers and a button which the onpressed function is :
onPressed: () async {
final email = _email.text.trim();
final password = _password.text.trim();
try {
FirebaseFirestore.instance;
final usercredential =
await FirebaseAuth.instance
.createUserWithEmailAndPassword(
email: email,
password: password);
final userEmail =
usercredential.user?.email;
print(usercredential);
if (userEmail == email) {
Navigator.pushAndRemoveUntil(
context,
MaterialPageRoute(
builder: (context) =>
UsernameAndPhonenumber(),
),
(route) => route.isFirst,
);
} else {
setState(() {
msg = "Please verify your email";
});
}
} on FirebaseAuthException catch (e) {
if (e.code == "channel-error") {
setState(() {
msg = "Can't be empty";
});
} else if (e.code ==
"weak-password") {
print("weak password");
setState(() {
msg =
"The password provided is too weak.";
});
} else if (e.code ==
"email-already-in-use") {
print(
"The account already exists for that email.");
setState(() {
msg =
"The account already exists for that email.";
});
} else if (e.code ==
"invalid-email") {
print("invalid email");
setState(() {
msg = "invalid email";
});
} else {
print("SOME ERROR HAPPENED HERE");
print(e.code);
print(e.code);
setState(() {
msg = "unknown erorr occured";
});
}
}
},
To know whether an email address is real (and whether the user has access to the mailbox for that address) you have to send a message to it. In Firebase this is known as email verification and is tied to the emailVerified property of the user account. Email verification is built into the product in two ways:
emailVerified property in their profile will be set to true.emailVerified property in their profile to true and signs them in to Firebase.You'll typically want to check the value of the emailVerified property after the user has signed in, and only allow them access to (sensitive data in) the app when it is set to true.
Also see: