android - Make login ONLY possible AFTER email is verified (using Firebase)

Question

I want to restrict the ability to login to ONLY users that have clicked the VERIFICATION LINK in their emails. If not, they should have no access to the app.

I have found the code that I think I should use, but it doesn't do what it's supposed to do and I'll show you what I wrote thus far (in a separate LoginActivity that starts MainActivity):

@Override
protected void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);
    setContentView(R.layout.activity_login);

    edtEmailLogin = findViewById(R.id.edtEmailLogin);
    edtPasswordLogin = findViewById(R.id.edtPasswordLogin);
    fAuth = FirebaseAuth.getInstance();
    progressBar = findViewById(R.id.progBarLogin);
}

@Override
protected void onStart() {
    super.onStart();
    FirebaseUser fUser = fAuth.getCurrentUser();
    if (fUser!=null) {
        Toast.makeText(this, "Welkom terug, je wordt direct ingelogd", Toast.LENGTH_SHORT).show();
        startActivity(new Intent(this, MainActivity.class));
        finish();
    }
}


public void btn_Login (View view) {
    String email = edtEmailLogin.getText().toString().trim();
    String password = edtPasswordLogin.getText().toString().trim();

    if (TextUtils.isEmpty(email)) {
        edtEmailLogin.setError("Vul hier je emailadres in");
        return;
    }

    if(TextUtils.isEmpty(password)) {
        edtPasswordLogin.setError("Vul hier je wachtwoord in");
        return;
    }

    if (!email.endsWith("prorail.nl")) {
        Toast.makeText(this, "Dit is geen geldig PRORAIL emailadres", Toast.LENGTH_SHORT).show();
        return;
    }

    progressBar.setVisibility(View.VISIBLE);

    fAuth.signInWithEmailAndPassword(email,password).addOnCompleteListener(task -> {
        if (task.isSuccessful()) {
            checkIfEmailVerified();
        } else {
            Toast.makeText(LoginActivity.this, "Er is iets misgegaan" + task.getException().getMessage(), Toast.LENGTH_LONG).show();
            progressBar.setVisibility(View.GONE);
        }
    });
}

private void checkIfEmailVerified() {
    FirebaseUser user = FirebaseAuth.getInstance().getCurrentUser();
    if (user.isEmailVerified()) {
        Toast.makeText(this, "Je bent geverifieerd en ingelogd", Toast.LENGTH_SHORT).show();
        startActivity(new Intent(this, MainActivity.class));
        finish();
    } else {
        Toast.makeText(this, "Controleer eerst je inbox en spamfolder om je emailadres te verifi?ren", Toast.LENGTH_LONG).show();
        FirebaseAuth.getInstance().signOut();
        startActivity(new Intent(this, LoginActivity.class));
    }
}

public void btn_NieuwAccount (View view) {
    startActivity(new Intent(this, RegisterActivity.class));
    Toast.makeText(this, "Registreer je account", Toast.LENGTH_SHORT).show();
}

public void btn_WachtwoordVergeten (View view) {
    EditText resetMail = new EditText(view.getContext());
    AlertDialog.Builder passwordResetDialog = new AlertDialog.Builder(view.getContext());
    passwordResetDialog.setIcon(android.R.drawable.ic_dialog_alert);
    passwordResetDialog.setTitle("Reset Wachtwoord?");
    passwordResetDialog.setMessage("Vul je ProRail emailadres is voor een reset link");
    passwordResetDialog.setView(resetMail);
    passwordResetDialog.setPositiveButton("Verder", (dialog, which) -> {
        String resetmail = resetMail.getText().toString();
        fAuth.sendPasswordResetEmail(resetmail).addOnSuccessListener(aVoid -> Toast.makeText(LoginActivity.this, "Email met reset link verstuurd.", Toast.LENGTH_SHORT).show()).addOnFailureListener(e -> Toast.makeText(LoginActivity.this, "Er is iets misgegaan. Controleer uw gegevens." + e.getMessage(), Toast.LENGTH_LONG).show());
    });
    passwordResetDialog.setNegativeButton("Terug", (dialog, which) -> {
    });
    passwordResetDialog.create().show();
}

So I'm using checkIfEmailVerified, and signOut if not verified, but when I run this on a phone it doesn't check it at all, you can just log in. Have I made an error in the code? Did I put in in the wrong place?

P.S.: It might help, so here's the RegisterActivity too:

@Override
protected void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);
    setContentView(R.layout.activity_register);

    edtEmailReg = findViewById(R.id.edtEmailRegister);
    edtPasswordReg = findViewById(R.id.edtPasswordRegister);
    fAuth = FirebaseAuth.getInstance();
    progressBar = findViewById(R.id.progBarRegister);
}

public void btn_Registreer (View view) {
    String email = edtEmailReg.getText().toString().trim();
    String password = edtPasswordReg.getText().toString().trim();

    if (TextUtils.isEmpty(email)){
        edtEmailReg.setError("Vul een geldig emailadres in");
        return;
    }

    if (TextUtils.isEmpty(password)){
        edtPasswordReg.setError("Vul een wachtwoord in");
        return;
    }

    if (!email.endsWith("prorail.nl")) {
        Toast.makeText(this, "Dit is geen geldig PRORAIL emailadres", Toast.LENGTH_SHORT).show();
        return;
    }

    progressBar.setVisibility(View.VISIBLE);

    fAuth.createUserWithEmailAndPassword(email,password).addOnCompleteListener(task -> {
        if (task.isSuccessful()) {

            FirebaseUser user = fAuth.getCurrentUser();
            assert user != null;
            user.sendEmailVerification().addOnSuccessListener(aVoid -> Toast.makeText(RegisterActivity.this, "Verificatie email is verstuurd, controleer ook je spamfolder", Toast.LENGTH_LONG).show()).addOnFailureListener(e -> Toast.makeText(RegisterActivity.this, "Er is iets misgegaan " + e.getMessage(), Toast.LENGTH_SHORT).show());

            Toast.makeText(RegisterActivity.this, "Gebruiker gecre?erd", Toast.LENGTH_SHORT).show();
            startActivity(new Intent(RegisterActivity.this, LoginActivity.class));
        } else {
            Toast.makeText(RegisterActivity.this, "Er heeft zich een fout voorgedaan " + Objects.requireNonNull(task.getException()).getMessage(), Toast.LENGTH_SHORT).show();
            progressBar.setVisibility(View.GONE);
        }
    });
}

public void btn_BestaandAccount (View view) {
    startActivity(new Intent(this, LoginActivity.class));
    Toast.makeText(this, "Login Pagina", Toast.LENGTH_SHORT).show();
}

Answer 1

After @FrankvanPuffelen convinced me to go into debugging mode I noticed I was directed to LoginActivity after registering my email adress and in LoginActivity I added the onStart method --> Immediate login! So it never got to the isEmailVerified boolean at all, it just skipped all the code after onStart. After deleting the onStart method the program worked as it should: First click on the link in the email and only THEN be able to log in.

Ofcourse, now my colleagues have to log in every time they close the app, but that's only needed one time per workday, so they will have to live with that :)

For me as a starting programmer this was very helpful, so thank you Frank for opening my eyes to debugging mode.