So I have a weird bug that I can't seem to track down. I'm using firebase functions on the backend and SwiftUI. My login flow goes like this:
User logs in from loginView. The loginView then uses a callback to pass a user to move on to the next View after a user logs in.
After this a user is passed to the View where it calls the firebase functions.
The problem is that every once in a while a user fails authentication. This doesn't happen every time and usually happens when a user has not logged in for 12 hours or more. I thought it may have been a race condition at first but after further investigation decided that it wasn't given the fact that it's using a callback.
Has anyone else experienced anything similar? If so is there any way to fix this?
I have tried making my firebase function stay warm by setting minimum instances to 1 because I initially thought it may be a cold start issue but this hasn't helped.
Any help would be greatly appreciated. Thanks.
On the frontend the code is pulling like so:
FirebaseAuthService().signIn(email: email, password: password) { result, error in
if (error?.occurred) != nil {
self.errorMessage = error!.details
self.state = .failed
self.showErrorAlert = true
return
}
if (localAuthEnabled) {
...... This piece of code works
FirebaseFirestoreService().fetchUser(userID: result?.user.uid ?? "", completion: { user, error
....... This piece of code works.
}
})
}
User is then taken to another view AFTER logging in
This view pulls from 5 or so firebase functions asynchronously (but the user is already logged in by this point). The function that it fails at is as follows
self.function.httpsCallable("api-report").call() { (result, error) in
... It is at times it gives me an auth error inside of this function.
}
I am using this to log out whenever a user put the app in the background or hits the log out button:
func signOut() -> Bool {
do {
try Auth.auth().signOut()
self.session = nil
return true
} catch let err as NSError {
print("Error signing out: %#", err)
return false
}
}
on the backend the report call does the following with the report. This is a large function. I have only added the call to show whats going on.
exports.handler = async (data, context) => {
if (!context.auth) {
console.log("report error context");
console.log(context);
throw new functions.https.HttpsError('failed-precondition', 'The function must be called ' +
'by authenticated users.', 'User must be authenticated');
}
}
It seems the call to your backend may be happening just as/after the user is logged out, or their token is being refreshed. If it's the token being refreshed, the client should just retry the call in cases such as this.
You could also check whether the token is about to expire, and force a refresh when that is the case, or delay calling the Cloud Function until the token has refreshed.
Related
I am implementing Facebook Sign In with Firebase in my Flutter App, and when a user signs in with Facebook Sign In for the first time I am changing the "emailverified" property to true. I do this through functions with the following code:
if (facebookUser.user?.emailVerified == false) {
try {
HttpsCallable callable = FirebaseFunctions.instance.httpsCallable('verifyFacebook');
await callable.call();
} on FirebaseFunctionsException catch (e) {
print(e.code);
print(e.plugin);
print(e.message);
}
}
where verifyFacebook is:
exports.verifyFacebook = functions.auth.user().onCreate(async (snap) => {
return await admin.auth().updateUser(snap.uid, {
emailVerified: true
});
})
What I do not understand is that a Firebase Function Exception of "unauthenticated" is printed in the console, but when I sign in for the second time the "emailverified" property is changed to true (meaning that the Firebase Function was executed properly)! How could this happen if in the try-catch part I was thrown an error?
I searched for other answers such as adding a permission in Google Cloud Console but none helped me :(
Thanks in advance!
In Google Cloud Console I added "allUsers" in the Permission property, and I expected my app to work fine without the "unauthenticated" error. However, the issue persisted.
The verifyFacebook function triggers every time a user is created with Firebase Authentication and is not a callable function. You don't have to call the function yourself. When you try to call it, the callable function does not exists and hence you get an error but the function triggered by Firebase Auth does run.
I have a firebase cloud function to create a user document with user data whenever a user registers. How would I return an error when the set() fails? Since this is not an http request (an I don't want to use an http request in this case) I have no response. So how would I catch errors?
export const onUserCreated = functions.region('europe-west1').auth.user().onCreate(async user => {
const privateUserData = {
phoneNumber: user.phoneNumber
}
const publicUserData = {
name: 'Nameless'
}
try
{
await firestore.doc('users').collection('private').doc('data').set(privateUserData);
}catch(error)
{
//What do I put here?
}
try
{
await firestore.doc('users').collection('public').doc('data').set(publicUserData);
}catch(error)
{
//What do I put here?
}
});
You can't "return" an error, since the client doesn't even "know" about this function running, there is nobody to respond to.
You can make a registration collection, and in your function make a document there for the current user (using the uid as the document id). In that document, you can put any information you'd like your user to know (status, errors, etc).
So your clients would have to add a listener to this document to learn about their registration.
In your particular code, I think the error is in doc('users'). I guess you meant doc('users/'+user.uid).
Your catch -block will receive errors that occur on your set -call:
try {
await firestore.doc('users').collection('public').doc('data').set(publicUserData);
} catch (error) {
// here you have the error info.
}
I made the following login function:
#objc func handleSignIn() {
guard let email = emailField.text else { return }
guard let pass = passwordField.text else { return }
Auth.auth().signIn(withEmail: email, password: pass) { user, error in
if error == nil && user != nil && (user!.user.isEmailVerified){
self.dismiss(animated: false, completion: nil)
}; if user != nil && !(user?.user.isEmailVerified)! {
self.lblStatus.text = "Please Verify Your Email"
}
else {
self.lblStatus.text = "Error logging in: \(error!.localizedDescription)"
resetForm()
}
}
Yet the user can still log in without verifying their email despite my attempts to prevent this with the && (user!.user.isEmailVerified) stipulation. What am I missing here?
The completion of a sign in just means that the user identified themselves, and you know which account represents their chosen identity. A sign-in does not imply authorization to do anything with that account, other than to update its profile information.
You'll notice there's a bit of a chicken and egg problem here. A sign-in has to complete successfully in order to get a User object, and that user object has the property which indicates if their email has been verified. So you have to allow a sign-in if you want read that property.
You could, in theory, sign the user out immediately if they haven't verified, but all that does is prevent them from requesting another email verification, in case they deleted the first one, or it wasn't able to be delivered. So now you just have an upset user who can't take any action to resolve the issue.
If you want to prevent the user from doing anything in other Firebase products until they're verified, you should use security rules to prevent whatever read and write access shouldn't be allowed. You can check the email verification flag in your rules. Look into using auth.token.emailVerified. Example for Realtime Database here.
I been looking for control what a kind of user can see in my app, this is a scholar project. I'm using Swift and Firebase Authentication. I have two kinds of users: Model and Client. In my app I have some views for the Model and other for the Client. What I want to do is that once they log in, in to the app show just the views for their kind of user. I don't know how to verify if the user that is trying to sign in is a Model or a Client.
#IBAction func signInTapped(_ sender: UIButton) {
if validateFields(){
Auth.auth().signIn(withEmail: emailTxt.text!, password: passTxt.text!, completion:{
(user, error) in
if let u = user {
//User is found
}else{
//Error
}
})
}
}
I know that the code need to be where is the comment "User is found" but I don't know if I need to modify something into the the Firebase Console
Create a Firebase Database or Firestore to your project.
Now when you authenticate a user you should also create a userobject in your databse. In this object you can create a field to store whether your user is a model or a client.
Now once the user has signed in, you can download this userobject from the database, check whether the user is a model or client, and send the user to their corresponding views.
You can use custom claims.
You set them using the Admin SDK
// Javascript
admin.auth().setCustomUserClaims(uid, {model: true}).then(() => {
// The new custom claims will propagate to the user's ID token the
// next time a new one is issued.
});
Then in client SDK just read the claim.
user.getIDTokenResult(completion: { (result, error) in
guard let model = result?.claims?["model"] as? NSNumber else {
// Something
}
if model.boolValue {
// Show something else
} else {
// Something else again
}
})
Shamelessly copied from Firebase Docs
Back when I was using Parse, it seemed like the SDK would store the session data locally and the user didn't have to log in again after refreshing the page (or exiting the mobile app). This doesn't seem to be the case with Firebase/Angularfire; everytime I refresh my web page, the authentication data gets lots. This seems like really basic and important functionality that I would be surprised the awesome people at Firebase haven't implemented. Am I missing something?
For completeness; here is my code in app.run():
// ASG june 2016 - Upgrade firebase SDK
firebase.initializeApp(FirebaseConfig);
// login as anonymous if not already logged in
var currentUser = $firebaseAuth().$getAuth();
if (currentUser) {
console.log("Signed in as:", currentUser);
} else {
console.log("Not logged in; going to log in as anonymous");
$firebaseAuth().$signInAnonymously().then(function(authData) {
console.log("Signed in anonymously as:", authData.uid);
}).catch(function(error) {
console.error("Anonymous authentication failed:", error);
});
}
// register the on auth callback
$firebaseAuth().$onAuthStateChanged(function(authData) {
if (authData) {
console.log("Logged in as:", authData.uid);
if(typeof($rootScope.userProfile) == "undefined"){
$rootScope.userProfile = FirebaseProfileService.getUserProfile(authData.uid, false);
}
}
});
Firebase absolutely presists authData and has a lot of goodness you hardly find elsewhere. Therefore, I don't see any logical reason behind calling getAuth() here as you can easily get the authData from the onAuthStateChanged listener. In this case, you may need to remove your operations of getting currentUser using getAuth() and move your ELSE condition to onAuthStateChanged if you want to sign up users as anonymous in case no AuthData was found, and then you will be good to go, I hope. Hope that works.
The auth token is persisted between page/app reloads. But it will often need to get a new refresh token when the page reloads, which requires a round-trip to the Firebase servers. Since this takes time, the initial getAuth() may return null while that process is ongoing.
var currentUser;
$firebaseAuth().$onAuthStateChanged(function(authData) {
if (authData) {
console.log("Logged in as:", authData.uid);
currentUser = authData.currentUser;
if(typeof($rootScope.userProfile) == "undefined"){
$rootScope.userProfile = FirebaseProfileService.getUserProfile(authData.uid, false);
}
}
else {
console.log("Not logged in; going to log in as anonymous");
currentUser = null;
$firebaseAuth().$signInAnonymously().catch(function(error) {
console.error("Anonymous authentication failed:", error);
});
}
});