How to check if the email address exists or not and only if exists than send the email. In this moment an email is sent even if the entered email address is not assigned to a registered account (task.isSuccessful() return always true).
fAuth = FirebaseAuth.getInstance();
fAuth.sendPasswordResetEmail(email.getEditText().getText().toString()).addOnCompleteListener(new OnCompleteListener<Void>() {
@Override
public void onComplete(@NonNull Task<Void> task) {
if (task.isSuccessful()) {
NewFragment newFragment = new NewFragment();
loadFragment(newFragment);
} else {
email.setError(getString(R.string.email_not_assigned));
}
}
});
On projects created since September 15 2023, Firebase now enables its protection against enumeration attacks by default. Part of this protection is that certain APIs behave differently, to disallow such attacks. The sendPasswordResetEmail is one such API, as if it behaves as you want it to, it can be used to enumerate email addresses in the project.
Your options are to either find another way to implement the functionality (like keeping your own list of email addresses), or to disable the protection against email enumeration attacks for your project.