'Firebase Auth getCurrentUser() retrieves a deleted user
Hello and thanks for your time.
I've been working on an android app using Firebase.
I've set up Firebase Authentication and the user can register with email and password and log in after email verification.
When the app opens, I check if the user is still logged in with the onStart()
method, but I tried that after deleting the user from firebase and I could still log in!
Should I be checking this in another way?
@Override
public void onStart() {
super.onStart();
// Check if user is signed in (non-null) and update UI accordingly.
FirebaseUser currentUser = mAuth.getCurrentUser();
updateUI(currentUser);
}
******************************************* UPDATE *********************************************
Fixed the problem using AuthStateListener
, but then I split the signIn and createAccount methods into 2 separate activities With that I also separated the createAccount()
from signInWithEmailAndPassword()
methods which made me add this mAuth = FirebaseAuth.getInstance()
in both activities onCreate()
method. In the logIn activity I added
mAuthListener = new FirebaseAuth.AuthStateListener() {
@Override
public void onAuthStateChanged(@NonNull FirebaseAuth firebaseAuth) {
FirebaseUser currentUser = mAuth.getCurrentUser();
...
}
};
but now doesn't work. Am I forgetting something or just can't do this?
Here's the code I found relevant:
LogInActivity class onCreate():
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_log_in);
// Views
emailEditText = findViewById(R.id.emailEditText);
passwordEditText = findViewById(R.id.pswdEditText);
// Buttons
findViewById(R.id.logInButton).setOnClickListener(this);
findViewById(R.id.forgottenPaswdTextButton).setOnClickListener(this);
findViewById(R.id.registerTextButton).setOnClickListener(this);
// Initialize Firebase Auth
mAuth = FirebaseAuth.getInstance();
// Check for user connection
mAuthListener = new FirebaseAuth.AuthStateListener() {
@Override
public void onAuthStateChanged(@NonNull FirebaseAuth firebaseAuth) {
// Check if user is signed in (non-null) and update UI accordingly.
FirebaseUser currentUser = mAuth.getCurrentUser();
if (currentUser != null) {
Log.d(TAG, "onAuthStateChanged:signed_in:" + currentUser.getUid());
} else {
Log.d(TAG, "onAuthStateChanged:signed_out");
}
updateUI(currentUser);
}
};
}
SignInActivity class onCreate():
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_sign_in);
// Views
emailEditText = findViewById(R.id.emailEditText);
passwordEditText = findViewById(R.id.pswdEditText);
passwordRetypedEditText = findViewById(R.id.pswdRetypeEditText);
nameEditText = findViewById(R.id.nameEditText);
// Buttons
findViewById(R.id.signUpButton).setOnClickListener(this);
findViewById(R.id.logInTextButton).setOnClickListener(this);
// Initialize Firebase Auth
mAuth = FirebaseAuth.getInstance();
}
Solution 1:[1]
You can listen to AuthStateListener for FirebaseUser
's state changes.
Why?, basically when you remove user from server or other device, it would still be valid in your current device because of it's token is not refreshed yet locally.
Find out about more here.
Doc states that:
There are some cases where
getCurrentUser
will return a non-nullFirebaseUser
but the underlying token is not valid. This can happen, for example, if the user was deleted on another device and the local token has not refreshed. In this case, you may get a valid usergetCurrentUser
but subsequent calls to authenticated resources will fail.
getCurrentUser
might also return null because the auth object has not finished initializing.If you attach an
AuthStateListener
you will get a callback every time the underlying token state changes. This can be useful to react to edge cases like those mentioned above.
Solution 2:[2]
seems like firebase saves user preferences locally try to clear the app and login again check this document FIREBASE USER AUTH
Solution 3:[3]
For me, AuthStateListener didn't help me anymore. So I used work around, I removed the user from the realtime database and then I checked if he exists or not, If not then sign out like that:
DatabaseReference dbUsersRef = FirebaseDatabase.getInstance().getReference("Users");
dbUsersRef.child(FirebaseAuth.getInstance().getCurrentUser().getUid()).addListenerForSingleValueEvent(new ValueEventListener() {
@Override
public void onDataChange(@com.google.firebase.database.annotations.NotNull DataSnapshot dataSnapshot) {
if (!dataSnapshot.exists()){
FirebaseAuth.getInstance().signOut();
// user has sign out
} else {
// user still logged in
}
}
@Override
public void onCancelled(DatabaseError databaseError) {
}
});
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
Solution | Source |
---|---|
Solution 1 | Jeel Vankhede |
Solution 2 | |
Solution 3 | Islam Ahmed |