Email verification with code without using verification link with firebase auth

Question

I am using firebase auth for user login in my android app. My problem is sending a link for email verification and password reset.

The links in the mails sent to the government agency e-mail addresses used by some of my users are rendered unclickable by the firewall. Firestore rules are set to be accessible to logged in users. How can I run password reset method on user login page, I can't access firestore because user is not logged in.

By storing a randomly generated code under the user in Firestore, I also email it and prevent the user from seeing the data in the application when he logs in, without verifying the code.

My users java codes;

public class Persons implements Serializable {
    private String person_name;
    private String person_phone;
    private String person_city;
    private String person_district;
    private boolean email_verification;
    private int verification_code;
    private Authorization person_authorization;

    constructors...
    getter and setter methods...
}

My firestore rules;

rules_version = '2';
service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read, write: if request.auth != null;
    }
  }
}

Answer 1

If you want to run the password reset method on the user login page without accessing Firestore directly, you can leverage Firebase Authentication's built-in functionality for password reset:

String emailAddress = "user@example.com";
FirebaseAuth.getInstance().sendPasswordResetEmail(emailAddress)
        .addOnCompleteListener(new OnCompleteListener<Void>() {
            @Override
            public void onComplete(@NonNull Task<Void> task) {
                if (task.isSuccessful()) {
                    // Password reset email sent successfully
                    // You can show a success message to the user
                } else {
                    // Password reset email failed to send
                    // You can show an error message to the user
                }
            }
        });

If you want to send a verification code instead of a password reset link, you can modify the approach slightly.

String recipientEmail = "user@example.com";
String verificationCode = "123456"; // Replace with your generated verification code

Properties properties = new Properties();
properties.put("mail.smtp.host", "your_smtp_host");
properties.put("mail.smtp.port", "your_smtp_port");
// Set other mail properties as needed

Session session = Session.getInstance(properties, null);
try {
    MimeMessage message = new MimeMessage(session);
    message.setFrom(new InternetAddress("your_sender_email"));
    message.setRecipient(Message.RecipientType.TO, new InternetAddress(recipientEmail));
    message.setSubject("Verification Code");
    message.setText("Your verification code is: " + verificationCode);

    Transport.send(message);
} catch (MessagingException e) {
    e.printStackTrace();
}

Once the user receives the verification code via email, they can enter it in your app's interface.

On the client-side, retrieve the verification code entered by the user.

Make a request to Firestore to fetch the user's document based on their email address.

Compare the verification code entered by the user with the one stored in Firestore. If they match, you can proceed with the verification process.

Note: Ensure you have appropriate security measures in place to prevent abuse or brute-force attempts. It uses the JavaMail library for sending emails.