I am new to flutter and dart, but have some fundamentals of programing. When I enter a random email with a random password, Firebase will create a user with that email and password via createUserWithEmailAndPassword method without making sure if that email is a real one. How can I make sure the email is real?
Here is what I did:
void initState() {
late final _email = TextEditingController();
late final _firstName = TextEditingController();
late final _familyName = TextEditingController();
late final _password = TextEditingController();
super.initState();
}
@override
void dispose() {
_email.dispose();
_firstName.dispose();
_familyName.dispose();
_password.dispose();
super.dispose();
}
after initstate and dispose , I created a class extends StatefulWidget, which had inside it 4 TextFields with 4 controllers and a button which the onpressed function is :
onPressed: () async {
final email = _email.text.trim();
final password = _password.text.trim();
try {
FirebaseFirestore.instance;
final usercredential =
await FirebaseAuth.instance
.createUserWithEmailAndPassword(
email: email,
password: password);
final userEmail =
usercredential.user?.email;
print(usercredential);
if (userEmail == email) {
Navigator.pushAndRemoveUntil(
context,
MaterialPageRoute(
builder: (context) =>
UsernameAndPhonenumber(),
),
(route) => route.isFirst,
);
} else {
setState(() {
msg = "Please verify your email";
});
}
} on FirebaseAuthException catch (e) {
if (e.code == "channel-error") {
setState(() {
msg = "Can't be empty";
});
} else if (e.code ==
"weak-password") {
print("weak password");
setState(() {
msg =
"The password provided is too weak.";
});
} else if (e.code ==
"email-already-in-use") {
print(
"The account already exists for that email.");
setState(() {
msg =
"The account already exists for that email.";
});
} else if (e.code ==
"invalid-email") {
print("invalid email");
setState(() {
msg = "invalid email";
});
} else {
print("SOME ERROR HAPPENED HERE");
print(e.code);
print(e.code);
setState(() {
msg = "unknown erorr occured";
});
}
}
},
I am new to flutter and dart, but have some fundamentals of programing. When I enter a random email with a random password, Firebase will create a user with that email and password via createUserWithEmailAndPassword method without making sure if that email is a real one. How can I make sure the email is real?
Here is what I did:
void initState() {
late final _email = TextEditingController();
late final _firstName = TextEditingController();
late final _familyName = TextEditingController();
late final _password = TextEditingController();
super.initState();
}
@override
void dispose() {
_email.dispose();
_firstName.dispose();
_familyName.dispose();
_password.dispose();
super.dispose();
}
after initstate and dispose , I created a class extends StatefulWidget, which had inside it 4 TextFields with 4 controllers and a button which the onpressed function is :
onPressed: () async {
final email = _email.text.trim();
final password = _password.text.trim();
try {
FirebaseFirestore.instance;
final usercredential =
await FirebaseAuth.instance
.createUserWithEmailAndPassword(
email: email,
password: password);
final userEmail =
usercredential.user?.email;
print(usercredential);
if (userEmail == email) {
Navigator.pushAndRemoveUntil(
context,
MaterialPageRoute(
builder: (context) =>
UsernameAndPhonenumber(),
),
(route) => route.isFirst,
);
} else {
setState(() {
msg = "Please verify your email";
});
}
} on FirebaseAuthException catch (e) {
if (e.code == "channel-error") {
setState(() {
msg = "Can't be empty";
});
} else if (e.code ==
"weak-password") {
print("weak password");
setState(() {
msg =
"The password provided is too weak.";
});
} else if (e.code ==
"email-already-in-use") {
print(
"The account already exists for that email.");
setState(() {
msg =
"The account already exists for that email.";
});
} else if (e.code ==
"invalid-email") {
print("invalid email");
setState(() {
msg = "invalid email";
});
} else {
print("SOME ERROR HAPPENED HERE");
print(e.code);
print(e.code);
setState(() {
msg = "unknown erorr occured";
});
}
}
},
2 Answers
Reset to default 1To know whether an email address is real (and whether the user has access to the mailbox for that address) you have to send a message to it. In Firebase this is known as email verification and is tied to the emailVerified property of the user account. Email verification is built into the product in two ways:
- If you use email+password authentication, you can ask Firebase to send a message to the email address with a link in. When the user clicks that link, it opens a web page and the
emailVerifiedproperty in their profile will be set totrue. - You can use email link sign-in, which sends them a similar link, but when they click it it both sets the
emailVerifiedproperty in their profile totrueand signs them in to Firebase.
You'll typically want to check the value of the emailVerified property after the user has signed in, and only allow them access to (sensitive data in) the app when it is set to true.
Also see:
- Verify a user's email address before confirming registration, with Flutter and Firebase
- Firebase email/password authentication - how to require email verification?
- Security rule to only allow write for users with verified emails (for securing access to the Realtime Database based on the email being verified)
- (Firebase) Firestore security rules - allow if email verified without custom tokens? (for securing access to Firestore based on the email being verified)
There is no way to quickly know if the user has supplied a real email address. The only way to know for sure is to send an email to the address and ask them to respond to it. That's why Firebase offers email links as a form of verification. Read the documentation about that. It says provides:
The ability to authenticate a user while also verifying that the user is the legitimate owner of an email address.