refactor: use retry reauthenticate logic and create password prompt

Author: russellwheatley

FirebaseSwiftUI/FirebaseAuthSwiftUI/Sources/AuthServiceError.swift

@@ -0,0 +1,31 @@
+
+import SwiftUI
+
+public enum AuthServiceError: LocalizedError {
+  case invalidEmailLink
+  case notConfiguredProvider(String)
+  case clientIdNotFound(String)
+  case notConfiguredActionCodeSettings
+  case reauthenticationRequired(String)
+  case invalidCredentials(String)
+  case signInFailed(underlying: Error)
+
+  public var errorDescription: String? {
+    switch self {
+    case .invalidEmailLink:
+      return "Invalid sign in link. Most likely, the link you used has expired. Try signing in again."
+    case let .notConfiguredProvider(description):
+      return description
+    case let .clientIdNotFound(description):
+      return description
+    case .notConfiguredActionCodeSettings:
+      return "ActionCodeSettings has not been configured for `AuthConfiguration.emailLinkSignInActionCodeSettings`"
+    case let .reauthenticationRequired(description):
+      return description
+    case let .invalidCredentials(description):
+      return description
+    case let .signInFailed(underlying: error):
+      return "Failed to sign in: \(error.localizedDescription)"
+    }
+  }
+}

FirebaseSwiftUI/FirebaseAuthSwiftUI/Sources/Services/AccountService+Email.swift

@@ -0,0 +1,68 @@
+@preconcurrency import FirebaseAuth
+import Observation
+
+protocol EmailPasswordOperationReauthentication {
+  var passwordPrompt: PasswordPromptCoordinator { get }
+}
+
+extension EmailPasswordOperationReauthentication {
+  func reauthenticate() async throws -> AuthenticationToken {
+    guard let user = Auth.auth().currentUser else {
+      throw AuthServiceError.reauthenticationRequired("No user currently signed-in")
+    }
+
+    guard let email = user.email else {
+      throw AuthServiceError.invalidCredentials("User does not have an email address")
+    }
+
+    do {
+      let password = try await passwordPrompt.confirmPassword()
+
+      let credential = EmailAuthProvider.credential(withEmail: email, password: password)
+      try await Auth.auth().currentUser?.reauthenticate(with: credential)
+
+      return .firebase("")
+    } catch {
+      throw AuthServiceError.signInFailed(underlying: error)
+    }
+  }
+}
+
+class EmailPasswordDeleteUserOperation: DeleteUserOperation,
+  EmailPasswordOperationReauthentication {
+  let passwordPrompt: PasswordPromptCoordinator
+
+  init(passwordPrompt: PasswordPromptCoordinator) {
+    self.passwordPrompt = passwordPrompt
+  }
+}
+
+@MainActor
+@Observable
+public final class PasswordPromptCoordinator {
+  var isPromptingPassword = false
+  private var continuation: CheckedContinuation<String, Error>?
+
+  func confirmPassword() async throws -> String {
+    return try await withCheckedThrowingContinuation { continuation in
+      self.continuation = continuation
+      self.isPromptingPassword = true
+    }
+  }
+
+  func submit(password: String) {
+    continuation?.resume(returning: password)
+    cleanup()
+  }
+
+  func cancel() {
+    continuation?
+      .resume(throwing: AuthServiceError.reauthenticationRequired("Password entry cancelled"))
+    cleanup()
+  }
+
+  private func cleanup() {
+    continuation = nil
+    isPromptingPassword = false
+  }
+}

FirebaseSwiftUI/FirebaseAuthSwiftUI/Sources/Services/AccountService.swift

@@ -0,0 +1,45 @@
+import AuthenticationServices
+import FirebaseAuth
+
+extension NSError {
+  var requiresReauthentication: Bool {
+    domain == AuthErrorDomain && code == AuthErrorCode.requiresRecentLogin.rawValue
+  }
+
+  var credentialAlreadyInUse: Bool {
+    domain == AuthErrorDomain && code == AuthErrorCode.credentialAlreadyInUse.rawValue
+  }
+}
+
+enum AuthenticationToken {
+  case apple(ASAuthorizationAppleIDCredential, String)
+  case firebase(String)
+}
+
+protocol AuthenticatedOperation {
+  func callAsFunction(on user: User) async throws
+  func reauthenticate() async throws -> AuthenticationToken
+  func performOperation(on user: User, with token: AuthenticationToken?) async throws
+}
+
+extension AuthenticatedOperation {
+  func callAsFunction(on user: User) async throws {
+    do {
+      try await performOperation(on: user, with: nil)
+    } catch let error as NSError where error.requiresReauthentication {
+      let token = try await reauthenticate()
+      try await performOperation(on: user, with: token)
+    } catch AuthServiceError.reauthenticationRequired {
+      let token = try await reauthenticate()
+      try await performOperation(on: user, with: token)
+    }
+  }
+}
+
+protocol DeleteUserOperation: AuthenticatedOperation {}
+
+extension DeleteUserOperation {
+  func performOperation(on user: User, with _: AuthenticationToken? = nil) async throws {
+    try await user.delete()
+  }
+}

FirebaseSwiftUI/FirebaseAuthSwiftUI/Sources/Services/AuthService.swift

@@ -31,13 +31,6 @@ public enum AuthView {
   case emailLink
 }
 
-public enum AuthServiceError: Error {
-  case invalidEmailLink(String)
-  case notConfiguredProvider(String)
-  case clientIdNotFound(String)
-  case notConfiguredActionCodeSettings(String)
-}
-
 @MainActor
 private final class AuthListenerManager {
   private var authStateHandle: AuthStateDidChangeListenerHandle?
@@ -89,12 +82,12 @@ public final class AuthService {
   public var authenticationState: AuthenticationState = .unauthenticated
   public var authenticationFlow: AuthenticationFlow = .login
   public var errorMessage = ""
+  public let passwordPrompt: PasswordPromptCoordinator = .init()
 
   private var listenerManager: AuthListenerManager?
   private let googleProvider: GoogleProviderProtocol?
   private let facebookProvider: FacebookProviderProtocol?
   private let phoneAuthProvider: PhoneAuthProviderProtocol?
-  private var signedInCredential: AuthCredential?
 
   private var safeGoogleProvider: GoogleProviderProtocol {
     get throws {
@@ -131,9 +124,7 @@ public final class AuthService {
     guard let actionCodeSettings = configuration
       .emailLinkSignInActionCodeSettings else {
       throw AuthServiceError
-        .notConfiguredActionCodeSettings(
-          "ActionCodeSettings has not been configured for `AuthConfiguration.emailLinkSignInActionCodeSettings`"
-        )
+        .notConfiguredActionCodeSettings
     }
     return actionCodeSettings
   }
@@ -183,7 +174,6 @@ public final class AuthService {
     } else {
       do {
         try await auth.signIn(with: credentials)
-        signedInCredential = credentials
         updateAuthenticationState()
       } catch {
         authenticationState = .unauthenticated
@@ -212,32 +202,14 @@ public final class AuthService {
 
 // MARK: - User API
 
-extension Date {
-  func isWithinPast(minutes: Int) -> Bool {
-    let calendar = Calendar.current
-    guard let timeAgo = calendar.date(byAdding: .minute, value: -minutes, to: Date()) else {
-      return false
-    }
-    return self >= timeAgo && self <= Date()
-  }
-}
-
 public extension AuthService {
-  func reauthenticate() async throws {
-    if let user = auth.currentUser, let credential = signedInCredential {
-      try await user.reauthenticate(with: credential)
-    }
-  }
-
   func deleteUser() async throws {
     do {
-      if let user = auth.currentUser, let lastSignInDate = user.metadata.lastSignInDate {
-        let needsReauth = !lastSignInDate.isWithinPast(minutes: 5)
-        if needsReauth {
-          try await reauthenticate()
-        }
-        try await user.delete()
+      if let user = auth.currentUser {
+        let operation = EmailPasswordDeleteUserOperation(passwordPrompt: passwordPrompt)
+        try await operation(on: user)
       }
+
     } catch {
       errorMessage = string.localizedErrorMessage(
         for: error
@@ -261,7 +233,6 @@ public extension AuthService {
     do {
       try await auth.createUser(withEmail: email, password: password)
       let credential = EmailAuthProvider.credential(withEmail: email, password: password)
-      signedInCredential = credential
       updateAuthenticationState()
     } catch {
       authenticationState = .unauthenticated
@@ -305,9 +276,7 @@ public extension AuthService {
   func handleSignInLink(url url: URL) async throws {
     do {
       guard let email = emailLink else {
-        throw AuthServiceError.invalidEmailLink(
-          "Invalid sign in link. Most likely, the link you used has expired. Try signing in again."
-        )
+        throw AuthServiceError.invalidEmailLink
       }
       let link = url.absoluteString
       if auth.isSignIn(withEmailLink: link) {

FirebaseSwiftUI/FirebaseAuthSwiftUI/Sources/Views/PasswordPromptView.swift

@@ -0,0 +1,29 @@
+import SwiftUI
+
+struct PasswordPromptSheet {
+  @Bindable var coordinator: PasswordPromptCoordinator
+  @State private var password = ""
+}
+
+extension PasswordPromptSheet: View {
+  var body: some View {
+    VStack(spacing: 20) {
+      SecureField("Enter Password", text: $password)
+        .textFieldStyle(.roundedBorder)
+        .padding()
+
+      HStack {
+        Button("Cancel") {
+          coordinator.cancel()
+        }
+        Spacer()
+        Button("Submit") {
+          coordinator.submit(password: password)
+        }
+        .disabled(password.isEmpty)
+      }
+      .padding(.horizontal)
+    }
+    .padding()
+  }
+}

FirebaseSwiftUI/FirebaseAuthSwiftUI/Sources/Views/SignedInView.swift

@@ -1,10 +1,18 @@
 import SwiftUI
 
+@MainActor
 public struct SignedInView {
   @Environment(AuthService.self) private var authService
 }
 
 extension SignedInView: View {
+  private var isShowingPasswordPrompt: Binding<Bool> {
+    Binding(
+      get: { authService.passwordPrompt.isPromptingPassword },
+      set: { authService.passwordPrompt.isPromptingPassword = $0 }
+    )
+  }
+
   public var body: some View {
     VStack {
       Text("Signed in")
@@ -13,22 +21,25 @@ extension SignedInView: View {
       if authService.currentUser?.isEmailVerified == false {
         VerifyEmailView()
       }
-    }
-    Button("Sign out") {
-      Task {
-        do {
-          try await authService.signOut()
-        } catch {}
+
+      Button("Sign out") {
+        Task {
+          do {
+            try await authService.signOut()
+          } catch {}
+        }
       }
-    }
-    Divider()
-    Button("Delete account") {
-      Task {
-        do {
-          try await authService.deleteUser()
-        } catch {}
+      Divider()
+      Button("Delete account") {
+        Task {
+          do {
+            try await authService.deleteUser()
+          } catch {}
+        }
       }
+      Text(authService.errorMessage).foregroundColor(.red)
+    }.sheet(isPresented: isShowingPasswordPrompt) {
+      PasswordPromptSheet(coordinator: authService.passwordPrompt)
     }
-    Text(authService.errorMessage).foregroundColor(.red)
   }
 }