Enforce Email Verification to Prevent Fake Account Signup #257
Description
Details
Currently, users can sign up using any email address without verifying ownership. This allows fake or disposable email accounts to be registered, which can lead to spam users, unreliable user data, and potential security concerns.
Although Google authentication ensures verified emails, manual email/password signup does not enforce verification, resulting in inconsistent authentication standards.
Expected Behavior
Users signing up with email/password should be required to verify their email address before gaining access to protected features or the main application.
Proposed Solution
Send a verification email immediately after signup using Firebase Authentication
Restrict access until emailVerified status is confirmed
Reload user state to check verification status
Optionally enforce verification through Firebase security rules
Implementation Plan
Trigger Firebase email verification after signup
Add verification status check during login/session validation
Display UI prompt guiding users to verify their email
Prevent navigation to protected routes until verified
(Optional) Add backend/Firebase rule enforcement
Acceptance Criteria
Verification email is sent after signup
Unverified users cannot access protected features
Verified users can log in normally
Google-authenticated users remain unaffected
No regression in existing authentication flow
Impact & Benefits
Prevents fake account creation
Improves platform security
Maintains authentication consistency
Enhances trust and data reliability
Contributor Note
@KaranUnique I would like to work on implementing this improvement if approved.