Password Recovery Workflow
Password Recovery Workflow
RideEase utilizes Firebase Authentication to handle secure password resets. The workflow is designed to be user-friendly, featuring automatic email pre-filling and an anti-spam "cool-down" timer to prevent abuse of the reset service.
Workflow Overview
- Entry Point: Users access the password recovery screen from the
LoginActivityby clicking the "Forgot Password?" text. - Email Validation: The system validates that the input matches a standard email pattern before attempting to contact Firebase.
- Reset Trigger: A password reset link is sent to the provided email address via Firebase.
- Cool-down Period: Upon success, the submission button is disabled for 30 seconds to prevent multiple requests.
ResetPasswordActivity
ResetPasswordActivity is the primary interface for the recovery process. It handles input validation, communicates with the Firebase Auth SDK, and manages the UI state during the request.
Public Interface: Intent Extras
When navigating to this activity, you can pass the following extra to improve the user experience:
| Extra Key | Type | Description |
| :--- | :--- | :--- |
| EMAIL | String | (Optional) The email address already typed by the user in the login screen. |
Usage Example
To launch the password recovery screen from another activity:
Intent intent = new Intent(CurrentActivity.this, ResetPasswordActivity.class);
String userEmail = binding.emailEditText.getText().toString().trim();
if (!userEmail.isEmpty()) {
intent.putExtra("EMAIL", userEmail);
}
startActivity(intent);
Features and Behavior
Email Pre-filling
If an email address is passed via the Intent, the ResetPasswordActivity automatically populates the email field, allowing the user to request a reset with a single tap.
Input Validation
Before the request is sent, the activity performs the following checks:
- Presence: Ensures the email field is not empty.
- Format: Validates the input against
Patterns.EMAIL_ADDRESS. If the format is invalid, an error is displayed on theTextInputLayout.
Resend Timer (Anti-Spam)
To ensure the stability of the authentication service, the activity implements a 30-second countdown timer after a successful reset request:
- The Submit Button is disabled during the countdown.
- The button text dynamically updates to show the remaining time (e.g., "Resend in 24s").
- Once the timer expires, the button is re-enabled for a potential retry.
Loading State
The activity includes a visual feedback mechanism using a Lottie animation (loadingAnimation). This animation is toggled automatically when the reset request is in flight to indicate background processing.
Internal Triggers
The core logic resides in the sendResetEmail() method, which interfaces directly with the Firebase SDK:
firebaseAuth.sendPasswordResetEmail(email)
.addOnSuccessListener(aVoid -> {
// Triggers Resend Timer and Success Toast
})
.addOnFailureListener(e -> {
// Displays error message from Firebase
});
[!NOTE] The actual password reset occurs outside the app within a secure web page hosted by Firebase. The app's responsibility ends once the reset email is successfully dispatched.