How to handle Firebase password reset with email for accounts that signed in with Google or Facebook

2
votes

I have an iOS app written in Swift. Users can sign in with the new Firebase 3.2.1 version using an email and password or by signing in with Facebook or Google. However, I have ran into an issue when resetting the user's password. Firebase provides the function sendPasswordResetWithEmail which I am using as indicated below to send an email with a link that allows the user to reset their password.

It seemed to me that this sendPasswordResetWithEmail function should throw an error when the user enters an email that was used to sign in through Google or Facebook since the link provided in the email does not reset the Google or Facebook password. But it isn't.

If I provide the email for an account that was signed in through Google or Facebook, the email is found because it does exist in the list of emails in the Authentication tab in Firebase although it shows Google as the provider instead of Firebase. Thus, it does not throw the ErrorCodeUserNotFound error or any other error for that matter. Instead, Firebase is still sending the reset password email to the email provided and it allows me to reset the password and gives me a success message. However, of course I cannot log back on with that same account unless I do it through the Facebook or Google sign in button provided in my app in which case the password will remain to be the old password.

How should I handle this scenario?

This is the code I am using as indicated on the firebase.google.com site:

FIRAuth.auth()?.sendPasswordResetWithEmail(email!) { error in
          if  error != nil {
              // Display error message
              if let errorCode = FIRAuthErrorCode(rawValue: error!.code) {
                     switch (errorCode) {
                            case .ErrorCodeUserNotFound:
                                self.displayAlertMessage(INVALID_EMAIL_3RDPARTY_ERROR_TITLE, message:"No account exists with this email address. Please try another email address.");
                                return
                            default:
                                self.displayAlertMessage(ACCOUNT_CREATION_DB_ERROR_TITLE, message: ACCOUNT_CREATION_DB_ERROR_MESSAGE);
                                return
                            }
                        }

                    } else {
                       // Password reset email sent.
                    }}

Note: If I use an email address that is not listed in the Authentication tab in the Firebase database then it does throw the ErrorCodeUserNotFound error.

2
iosswiftfirebasefirebase-authentication

2 Answers

1
votes

Essentially what you should do is hide the button for users who have not logged in with an email. I've been trying to get this to work using providerDataor providerID and neither give me Facebook for a user that signed in with Facebook. My only idea at this point is to add the signup type (Email, Facebook, etc.) as a key in the real-time database for each user that can be fetched.

0
votes

I had the same issue and am trying to use the fetchProvidersForEmail() method here.

This way you can pass the email and determine if it is a Facebook or Gmail provider and prevent the user from trying to reset.