I am using firebase authentication in my app. My mail verification feature is active. Some users use one-time mail verification extensions and open an account. They are doing this for abuse of the app. How can I prevent "nezid.com , xcoxc.com , jeoce.com , cdfaq.com " from registering with these mail extensions?
Signup code :
private void registeruser(){
String email = editextregistermail.getText().toString().trim();
if (email.isEmpty()){
kayıtemail.requestFocus();
return;
}
if (!Patterns.EMAIL_ADDRESS.matcher(email).matches()){
kayıtemail.requestFocus();
return;
}
mAuth.createUserWithEmailAndPassword(email,passworld).addOnCompleteListener(new OnCompleteListener<AuthResult>() {
@Override
public void onComplete(@NonNull Task<AuthResult> task) {
if (task.isSuccessful()){
User user = new User(
name,
);
FirebaseDatabase.getInstance().getReference("Users")
.child(FirebaseAuth.getInstance().getCurrentUser().getUid())
.setValue(user).addOnCompleteListener(new OnCompleteListener<Void>() {
@Override
public void onComplete(@NonNull Task<Void> task) {
if (task.isSuccessful()){
FirebaseUser user = FirebaseAuth.getInstance().getCurrentUser();
if (user != null){
user.sendEmailVerification()
.addOnCompleteListener(new OnCompleteListener<Void>() {
@Override
public void onComplete(@NonNull Task<Void> task) {
if (task.isSuccessful()) {
Intent intent = new Intent(context, Login.class);
startActivity(intent);
finish();
mAuth.signOut();
}
else {
String error = task.getException().getMessage();
Toast.makeText(SignUp.this, error, Toast.LENGTH_LONG).show();
mAuth.signOut();
}
}
});
}
);
}
xml
<com.google.android.material.textfield.TextInputLayout
android:layout_width="match_parent"
android:layout_height="wrap_content"
android:layout_marginBottom="5dp"
android:focusable="true"
android:focusableInTouchMode="true">
<EditText
android:drawablePadding="5dp"
android:drawableLeft="@drawable/signupmail"
android:id="@ id/editextregistermail"
android:hint="Email"
android:ems="14"
android:inputType="textEmailAddress"
android:background="@drawable/signup_edittext_style"
android:layout_width="wrap_content"
android:layout_height="wrap_content" />
</com.google.android.material.textfield.TextInputLayout>
CodePudding user response:
How can I prevent "nezid.com , xcoxc.com , jeoce.com , cdfaq.com " from registering with these mail extensions?
You can take advantage of the newly available blocking Cloud Functions for Authentication.
The doc shows an example which shows how to prevent users who aren't part of the example.com domain from registering with your app. You can easily adapt it to fulfill your need, as follows (untested):
exports.beforeCreate = functions.auth.user().beforeCreate((user, context) => {
const arrayOfDomains = ['nezid.com' , 'xcoxc.com' , 'jeoce.com' , 'cdfaq.com'];
if (!user.email || arrayOfDomains.find(d => (user.email === d))) {
throw new functions.auth.HttpsError(
'invalid-argument', `Unauthorized email "${user.email}"`);
}
});
Don't forget that you need to upgrade your Firebase project to Firebase Authentication with Identity Platform for this Cloud Function to work.