How to get fresh instance of current user from firebase database in android? Stop disabled/deleted user (in firebase databases) from login/sign-In in firebase Why disabled/deleted user still able to login to firebase databases ? Why after deleting/disabling a user from firebase console, still returning NON-NULL value ? What is the exact functionality of firebase reload() function/method in android ?

If you have used Email or OTP authentication for your application in android you will have user table  as shown below:

Sometimes admin wants to disable/delete a user, from firebase console, to stop their login to the application. 

The problem is that after disabling/deleting a user from server, it is still able to login to the application because the user will have local instance in their device. 

Following code snippet is used to check user instance for NULL value.

FirebaseUser user = FirebaseAuth.getInstance().getCurrentUser();

if (user != null){

// Go to login activity

 }else{

 // Go for authentication

}

The above piece of code is checking LOCAL instance of the application and NOT user status/instance on the server side. If an application data is cleared locally from the device (as shown in below snap), in that case user instance will be cleared and the above code will return NULL value for the user variable.

If a user is disabled/deleted on server side(in firebase databases) it will still be able to login as the device is still having the local instance.

Usually disabling/deleting a user from firebase console is not clearing/deleting the local instance from user mobile that's why its still returning non-null value which does not stop user from login.

To resolve the issue you will have to check local instance as well as user status on the server (in firebase user table). For this reload() function/method is used. So following code/check will do the trick.

if (user != null){

            user.reload();

        }

user.reload() will load new/fresh instance (user status) from firebase user table. if user does not exist or disabled on server side, it will NOT get a fresh instance and hence its local instance will also become NULL.

Final code will be:

    FirebaseUser user = FirebaseAuth.getInstance().getCurrentUser();

if (user != null){

            user.reload();

        }

if (user != null){     // again check user for fresh instance

// Go to login activity

        }else{

  // Go for authentication

}

Testing:

 Use case1: 

1. Install your application and login using OTP authentication. 

2. Go to firebase console and disable the user as shown in the above image. 

3. Close your application and then open it again (repeat it at least two times).

4. It will ask again for OTP authentication which indicates that user local instance has been initialized to NULL by reloading it from server(from firebase databases).

Use case2: 

1. Install your application and login using OTP. 

2. Go to firebase console and disable the user.

3. Disconnect your device from internet

4. Close your application and then open it again (repeat multiple times). 

5. This time it will not ask for re-authentication as Internet is disconnected and reload() function is not communicating with server to check user status on server to re-initialize the local instance of the user. It will only check for local instance which is NON-NULL. 

For practical implementation watch the video