CODEWITHSUNDEEP
androidfirebasefirebase-authenticationgoogle-cloud-functionsemail-verification
Ysp
Ysp

Reputation: 302

how to check is user email verified or not in firebase without currentUser

In my app I am facing a situation in which I have email of user but not have password, so I can't log in and can't get Firebase auth.currentUser I want to know is user email verified or not before sending password reset link because after reset password user email will be verified but i don't have currentUser so can't use curruser.isEmailVerified

How can I check it ?
Is Firebase cloud functions usable here ?

Explanation: User is not logged in , user forgot password and user want to reset password but I want to know is user is verified or not because at sign up time I am sending verification link and store that user in my database if email is verified but there is no assurity that user will click on that link but user will be authenticated whether user click on link or not but verification is not assured now that unverified user try to reset password then firebase allow user to do that send email to user to reset password if user reset password then now user is verified but I can't store that user in my data because I can't distinguish verified user and unverified user I want to store that unverified user after reset password is done

Upvotes: 0

Views: 2254

Answers (1)

Dharmaraj
Dharmaraj

Reputation: 50840

If you are planning to send verification email from Firebase Client SDKs then you'll have to login the user and you should have access to email verified property from that. If you just need another way to check if user's email is verified without logging in user, then you can use Admin SDK with Cloud functions:

getAuth()
  .getUser(uid)
  .then((userRecord) => {
    console.log(userRecord)
  })
  .catch((error) => {
    console.log('Error fetching user data:', error);
  });

Here userRecord will contain information about user's email verification.

Then you can use generatePasswordResetLink() to create a password reset link but you'll have to setup a custom email service to send emails from a Cloud function.

Also, if user can receive password reset link that means they have access to the email and hence email is verified with that. One can simply use Firebase Auth REST API to request a verification email or password reset email bypassing such checks. If you strictly want to prevent anyone getting password reset links from Firebase client SDKs you might have to run your custom logic with some additional credentials.

Upvotes: 3

Related Questions