Merge branch 'development' of https://github.com/firebase/FirebaseUI-iOS into feat/cleanup-fixes

Author: demolaf

FirebaseSwiftUI/FirebaseAppleSwiftUI/Sources/Views/SignInWithAppleButton.swift

@@ -20,6 +20,8 @@ import SwiftUI
 @MainActor
 public struct SignInWithAppleButton {
   @Environment(AuthService.self) private var authService
+  @Environment(\.accountConflictHandler) private var accountConflictHandler
+  @Environment(\.mfaHandler) private var mfaHandler
   @Environment(\.reportError) private var reportError
   let provider: AppleProviderSwift
   public init(provider: AppleProviderSwift) {
@@ -36,13 +38,24 @@ extension SignInWithAppleButton: View {
     ) {
       Task {
         do {
-          _ = try await authService.signIn(provider)
+          let outcome = try await authService.signIn(provider)
+
+          // Handle MFA at view level
+          if case let .mfaRequired(mfaInfo) = outcome,
+             let onMFA = mfaHandler {
+            onMFA(mfaInfo)
+            return
+          }
         } catch {
-          if let errorHandler = reportError {
-            errorHandler(error)
-          } else {
-            throw error
+          reportError?(error)
+
+          if case let AuthServiceError.accountConflict(ctx) = error,
+             let onConflict = accountConflictHandler {
+            onConflict(ctx)
+            return
           }
+
+          throw error
         }
       }
     }

FirebaseSwiftUI/FirebaseAuthSwiftUI/Sources/Services/AuthService.swift

@@ -136,14 +136,12 @@ public final class AuthService {
   public var currentMFARequired: MFARequired?
   private var currentMFAResolver: MultiFactorResolver?
 
-  /// Current account conflict context - observe this to handle conflicts and update backend
-  public private(set) var currentAccountConflict: AccountConflictContext?
-
   // MARK: - Provider APIs
 
   private var listenerManager: AuthListenerManager?
 
   var emailSignInEnabled = false
+  private var emailSignInCallback: (@MainActor () -> Void)?
 
   private var providers: [AuthProviderUI] = []
 
@@ -154,12 +152,18 @@ public final class AuthService {
   public func renderButtons(spacing: CGFloat = 16) -> AnyView {
     AnyView(
       VStack(spacing: spacing) {
-        AuthProviderButton(
-          label: string.signInWithEmailLinkViewTitle,
-          style: .email,
-          accessibilityId: "sign-in-with-email-link-button"
-        ) {
-          self.navigator.push(.emailLink)
+        if emailSignInEnabled {
+          AuthProviderButton(
+            label: string.signInWithEmailLinkViewTitle,
+            style: .email,
+            accessibilityId: "sign-in-with-email-link-button"
+          ) {
+            if let callback = self.emailSignInCallback {
+              callback()
+            } else {
+              self.navigator.push(.emailLink)
+            }
+          }
         }
         ForEach(providers, id: \.id) { provider in
           provider.authButton()
@@ -189,17 +193,12 @@ public final class AuthService {
   }
 
   public func updateAuthenticationState() {
-    reset()
     authenticationState =
       (currentUser == nil || currentUser?.isAnonymous == true)
         ? .unauthenticated
         : .authenticated
   }
 
-  func reset() {
-    currentAccountConflict = nil
-  }
-
   public var shouldHandleAnonymousUpgrade: Bool {
     currentUser?.isAnonymous == true && configuration.shouldAutoUpgradeAnonymousUsers
   }
@@ -317,8 +316,17 @@ public extension AuthService {
 // MARK: - Email/Password Sign In
 
 public extension AuthService {
+  /// Enable email sign-in with default behavior (navigates to email link view)
   func withEmailSignIn() -> AuthService {
+    return withEmailSignIn { [weak self] in
+      self?.navigator.push(.emailLink)
+    }
+  }
+
+  /// Enable email sign-in with custom callback
+  func withEmailSignIn(onTap: @escaping @MainActor () -> Void) -> AuthService {
     emailSignInEnabled = true
+    emailSignInCallback = onTap
     return self
   }
 
@@ -823,7 +831,7 @@ public extension AuthService {
     )
   }
 
-  /// Handles account conflict errors by creating context, storing it, and throwing structured error
+  /// Handles account conflict errors by creating context and throwing structured error
   /// - Parameters:
   ///   - error: The error to check and handle
   ///   - credential: The credential that caused the conflict
@@ -840,10 +848,6 @@ public extension AuthService {
         credential: credential
       )
 
-      // Store it for consumers to observe
-      currentAccountConflict = context
-
-      // Throw the specific error with context
       throw AuthServiceError.accountConflict(context)
     } else {
       throw error
@@ -877,7 +881,6 @@ public extension AuthService {
     let hints = extractMFAHints(from: resolver)
     currentMFARequired = MFARequired(hints: hints)
     currentMFAResolver = resolver
-    navigator.push(.mfaResolution)
     return .mfaRequired(MFARequired(hints: hints))
   }
 

FirebaseSwiftUI/FirebaseAuthSwiftUI/Sources/Views/AccountConflictModifier.swift

@@ -0,0 +1,102 @@
+// Copyright 2025 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import FirebaseAuth
+import SwiftUI
+
+/// Environment key for accessing the account conflict handler
+public struct AccountConflictHandlerKey: @preconcurrency EnvironmentKey {
+  @MainActor public static let defaultValue: ((AccountConflictContext) -> Void)? = nil
+}
+
+public extension EnvironmentValues {
+  var accountConflictHandler: ((AccountConflictContext) -> Void)? {
+    get { self[AccountConflictHandlerKey.self] }
+    set { self[AccountConflictHandlerKey.self] = newValue }
+  }
+}
+
+/// View modifier that handles account conflicts at the view layer
+/// Automatically resolves anonymous upgrade conflicts and stores credentials for other conflicts
+@MainActor
+struct AccountConflictModifier: ViewModifier {
+  @Environment(AuthService.self) private var authService
+  @Environment(\.mfaHandler) private var mfaHandler
+  @Environment(\.reportError) private var reportError
+  @State private var pendingCredentialForLinking: AuthCredential?
+
+  func body(content: Content) -> some View {
+    content
+      .environment(\.accountConflictHandler, handleAccountConflict)
+      .onChange(of: authService.authenticationState) { _, newState in
+        // Auto-link pending credential after successful sign-in
+        if newState == .authenticated {
+          attemptAutoLinkPendingCredential()
+        }
+      }
+  }
+
+  /// Handle account conflicts - auto-resolve anonymous upgrades, store others for linking
+  func handleAccountConflict(_ conflict: AccountConflictContext) {
+    // Only auto-handle anonymous upgrade conflicts
+    if conflict.conflictType == .anonymousUpgradeConflict {
+      Task {
+        do {
+          // Sign out the anonymous user
+          try await authService.signOut()
+
+          // Sign in with the new credential
+          let outcome = try await authService.signIn(credentials: conflict.credential)
+
+          // Handle MFA at view level
+          if case let .mfaRequired(mfaInfo) = outcome,
+             let onMFA = mfaHandler {
+            onMFA(mfaInfo)
+          }
+        } catch {
+          // Report error to parent view for display
+          reportError?(error)
+        }
+      }
+    } else {
+      // Other conflicts: store credential for potential linking after sign-in
+      pendingCredentialForLinking = conflict.credential
+      // Error modal will show for user to see and handle
+    }
+  }
+
+  /// Attempt to link pending credential after successful sign-in
+  private func attemptAutoLinkPendingCredential() {
+    guard let credential = pendingCredentialForLinking else { return }
+
+    Task {
+      do {
+        try await authService.linkAccounts(credentials: credential)
+        // Successfully linked, clear the pending credential
+        pendingCredentialForLinking = nil
+      } catch {
+        // Silently swallow linking errors - user is already signed in
+        pendingCredentialForLinking = nil
+      }
+    }
+  }
+}
+
+extension View {
+  /// Adds account conflict handling to the view hierarchy
+  /// Should be applied at the NavigationStack level to handle conflicts throughout the auth flow
+  func accountConflictHandler() -> some View {
+    modifier(AccountConflictModifier())
+  }
+}

FirebaseSwiftUI/FirebaseAuthSwiftUI/Sources/Views/AuthPickerView.swift

@@ -26,8 +26,6 @@ public struct AuthPickerView<Content: View> {
   @Environment(AuthService.self) private var authService
   private let content: () -> Content
 
-  // View-layer state for handling auto-linking flow
-  @State private var pendingCredentialForLinking: AuthCredential?
   // View-layer error state
   @State private var error: AlertError?
 }
@@ -76,17 +74,10 @@ extension AuthPickerView: View {
           okButtonLabel: authService.string.okButtonLabel
         )
         .interactiveDismissDisabled(authService.configuration.interactiveDismissEnabled)
-      }
-      // View-layer logic: Handle account conflicts (auto-handle anonymous upgrade, store others for
-      // linking)
-      .onChange(of: authService.currentAccountConflict) { _, conflict in
-        handleAccountConflict(conflict)
-      }
-      // View-layer logic: Auto-link pending credential after successful sign-in
-      .onChange(of: authService.authenticationState) { _, newState in
-        if newState == .authenticated {
-          attemptAutoLinkPendingCredential()
-        }
+        // Apply account conflict handling at NavigationStack level
+        .accountConflictHandler()
+        // Apply MFA handling at NavigationStack level
+        .mfaHandler()
       }
   }
 
@@ -100,54 +91,6 @@ extension AuthPickerView: View {
     }
   }
 
-  /// View-layer logic: Handle account conflicts with type-specific behavior
-  private func handleAccountConflict(_ conflict: AccountConflictContext?) {
-    guard let conflict = conflict else { return }
-
-    // Only auto-handle anonymous upgrade conflicts
-    if conflict.conflictType == .anonymousUpgradeConflict {
-      Task {
-        do {
-          // Sign out the anonymous user
-          try await authService.signOut()
-
-          // Sign in with the new credential
-          _ = try await authService.signIn(credentials: conflict.credential)
-
-          // Successfully handled - conflict is cleared automatically by reset()
-        } catch let caughtError {
-          // Show error in alert
-          reportError(caughtError)
-        }
-      }
-    } else {
-      // Other conflicts: store credential for potential linking after sign-in
-      pendingCredentialForLinking = conflict.credential
-      // Show error modal for user to see and handle
-      error = AlertError(
-        message: conflict.message,
-        underlyingError: conflict.underlyingError
-      )
-    }
-  }
-
-  /// View-layer logic: Attempt to link pending credential after successful sign-in
-  private func attemptAutoLinkPendingCredential() {
-    guard let credential = pendingCredentialForLinking else { return }
-
-    Task {
-      do {
-        try await authService.linkAccounts(credentials: credential)
-        // Successfully linked, clear the pending credential
-        pendingCredentialForLinking = nil
-      } catch let caughtError {
-        // Show error - user is already signed in but linking failed
-        reportError(caughtError)
-        pendingCredentialForLinking = nil
-      }
-    }
-  }
-
   @ToolbarContentBuilder
   var toolbar: some ToolbarContent {
     ToolbarItem(placement: .topBarTrailing) {

FirebaseSwiftUI/FirebaseAuthSwiftUI/Sources/Views/EmailAuthView.swift

@@ -32,6 +32,8 @@ private enum FocusableField: Hashable {
 @MainActor
 public struct EmailAuthView {
   @Environment(AuthService.self) private var authService
+  @Environment(\.accountConflictHandler) private var accountConflictHandler
+  @Environment(\.mfaHandler) private var mfaHandler
   @Environment(\.reportError) private var reportError
 
   @State private var email = ""
@@ -54,25 +56,47 @@ public struct EmailAuthView {
 
   private func signInWithEmailPassword() async throws {
     do {
-      _ = try await authService.signIn(email: email, password: password)
+      let outcome = try await authService.signIn(email: email, password: password)
+
+      // Handle MFA at view level
+      if case let .mfaRequired(mfaInfo) = outcome,
+         let onMFA = mfaHandler {
+        onMFA(mfaInfo)
+        return
+      }
     } catch {
-      if let errorHandler = reportError {
-        errorHandler(error)
-      } else {
-        throw error
+      reportError?(error)
+
+      if case let AuthServiceError.accountConflict(ctx) = error,
+         let onConflict = accountConflictHandler {
+        onConflict(ctx)
+        return
       }
+
+      throw error
     }
   }
 
   private func createUserWithEmailPassword() async throws {
     do {
-      _ = try await authService.createUser(email: email, password: password)
+      let outcome = try await authService.createUser(email: email, password: password)
+
+      // Handle MFA at view level
+      if case let .mfaRequired(mfaInfo) = outcome,
+         let onMFA = mfaHandler {
+        onMFA(mfaInfo)
+        return
+      }
     } catch {
-      if let errorHandler = reportError {
-        errorHandler(error)
-      } else {
-        throw error
+      reportError?(error)
+
+      if case let AuthServiceError.accountConflict(ctx) = error,
+         let onConflict = accountConflictHandler {
+        onConflict(ctx)
+        return
       }
+
+      throw error
     }
   }
 }