feat: google reauthenticate logic for sensitive operations

russellwheatley · russellwheatley · commit 2d71e74c0c03 · 2025-05-22T12:25:52.000+01:00
diff --git a/FirebaseSwiftUI/FirebaseAuthSwiftUI/Sources/Services/AuthService.swift b/FirebaseSwiftUI/FirebaseAuthSwiftUI/Sources/Services/AuthService.swift
@@ -8,6 +8,7 @@ public protocol ExternalAuthProvider {
 
 public protocol GoogleProviderAuthUIProtocol: ExternalAuthProvider {
   @MainActor func signInWithGoogle(clientID: String) async throws -> AuthCredential
+  @MainActor func deleteUser(user: User) async throws
 }
 
 public protocol FacebookProviderAuthUIProtocol: ExternalAuthProvider {
@@ -265,6 +266,8 @@ public extension AuthService {
           try await operation(on: user)
         } else if providerId == "facebook.com" {
           try await facebookProvider.deleteUser(user: user)
+        } else if providerId == "google.com" {
+          try await googleProvider.deleteUser(user: user)
         }
       }
 
diff --git a/FirebaseSwiftUI/FirebaseAuthSwiftUI/Sources/Views/AuthPickerView.swift b/FirebaseSwiftUI/FirebaseAuthSwiftUI/Sources/Views/AuthPickerView.swift
@@ -15,46 +15,48 @@ public struct AuthPickerView {
 
 extension AuthPickerView: View {
   public var body: some View {
-    VStack {
-      Text(authService.string.authPickerTitle)
-        .font(.largeTitle)
-        .fontWeight(.bold)
-        .padding()
-      if authService.authenticationState == .authenticated {
-        SignedInView()
-      } else if authService.authView == .passwordRecovery {
-        PasswordRecoveryView()
-      } else if authService.authView == .emailLink {
-        EmailLinkView()
-      } else {
-        if authService.emailSignInEnabled {
-          Text(authService.authenticationFlow == .login ? authService.string
-            .emailLoginFlowLabel : authService.string.emailSignUpFlowLabel)
-          Divider()
-          EmailAuthView()
-        }
-        VStack {
-          authService.renderButtons()
-        }.padding(.horizontal)
-        if authService.emailSignInEnabled {
-          Divider()
-          HStack {
-            Text(authService
-              .authenticationFlow == .login ? authService.string.dontHaveAnAccountYetLabel :
-              authService.string.alreadyHaveAnAccountLabel)
-            Button(action: {
-              withAnimation {
-                switchFlow()
+    ScrollView {
+      VStack {
+        Text(authService.string.authPickerTitle)
+          .font(.largeTitle)
+          .fontWeight(.bold)
+          .padding()
+        if authService.authenticationState == .authenticated {
+          SignedInView()
+        } else if authService.authView == .passwordRecovery {
+          PasswordRecoveryView()
+        } else if authService.authView == .emailLink {
+          EmailLinkView()
+        } else {
+          if authService.emailSignInEnabled {
+            Text(authService.authenticationFlow == .login ? authService.string
+              .emailLoginFlowLabel : authService.string.emailSignUpFlowLabel)
+            Divider()
+            EmailAuthView()
+          }
+          VStack {
+            authService.renderButtons()
+          }.padding(.horizontal)
+          if authService.emailSignInEnabled {
+            Divider()
+            HStack {
+              Text(authService
+                .authenticationFlow == .login ? authService.string.dontHaveAnAccountYetLabel :
+                authService.string.alreadyHaveAnAccountLabel)
+              Button(action: {
+                withAnimation {
+                  switchFlow()
+                }
+              }) {
+                Text(authService.authenticationFlow == .signUp ? authService.string
+                  .emailLoginFlowLabel : authService.string.emailSignUpFlowLabel)
+                  .fontWeight(.semibold)
+                  .foregroundColor(.blue)
               }
-            }) {
-              Text(authService.authenticationFlow == .signUp ? authService.string
-                .emailLoginFlowLabel : authService.string.emailSignUpFlowLabel)
-                .fontWeight(.semibold)
-                .foregroundColor(.blue)
             }
+            PrivacyTOCsView(displayMode: .footer)
+            Text(authService.errorMessage).foregroundColor(.red)
           }
-          PrivacyTOCsView(displayMode: .footer)
-          Text(authService.errorMessage).foregroundColor(.red)
         }
       }
     }
diff --git a/FirebaseSwiftUI/FirebaseGoogleSwiftUI/Sources/Services/AccountService+Google.swift b/FirebaseSwiftUI/FirebaseGoogleSwiftUI/Sources/Services/AccountService+Google.swift
@@ -0,0 +1,54 @@
+//
+//  AccountService+Google.swift
+//  FirebaseUI
+//
+//  Created by Russell Wheatley on 22/05/2025.
+//
+
+//
+//  AccountService+Facebook.swift
+//  FirebaseUI
+//
+//  Created by Russell Wheatley on 14/05/2025.
+//
+
+@preconcurrency import FirebaseAuth
+import FirebaseAuthSwiftUI
+import Observation
+
+protocol GoogleOperationReauthentication {
+  var googleProvider: GoogleProviderAuthUI { get }
+}
+
+extension GoogleOperationReauthentication {
+  @MainActor func reauthenticate() async throws -> AuthenticationToken {
+    guard let user = Auth.auth().currentUser else {
+      throw AuthServiceError.reauthenticationRequired("No user currently signed-in")
+    }
+
+    do {
+      let credential = try await googleProvider
+        .signInWithGoogle(clientID: googleProvider.clientID)
+      try await user.reauthenticate(with: credential)
+
+      return .firebase("")
+    } catch {
+      throw AuthServiceError.signInFailed(underlying: error)
+    }
+  }
+}
+
+@MainActor
+class GoogleDeleteUserOperation: AuthenticatedOperation,
+  @preconcurrency GoogleOperationReauthentication {
+  let googleProvider: GoogleProviderAuthUI
+  init(googleProvider: GoogleProviderAuthUI) {
+    self.googleProvider = googleProvider
+  }
+
+  func callAsFunction(on user: User) async throws {
+    try await callAsFunction(on: user) {
+      try await user.delete()
+    }
+  }
+}
diff --git a/FirebaseSwiftUI/FirebaseGoogleSwiftUI/Sources/Services/GoogleProviderAuthUI.swift b/FirebaseSwiftUI/FirebaseGoogleSwiftUI/Sources/Services/GoogleProviderAuthUI.swift
@@ -20,23 +20,19 @@ public class GoogleProviderAuthUI: @preconcurrency GoogleProviderAuthUIProtocol
   let scopes: [String]
   let shortName = "Google"
   let providerId = "google.com"
-  let clientID: String
+  public let clientID: String
   public init(scopes: [String]? = nil, clientID: String = FirebaseApp.app()!.options.clientID!) {
     self.scopes = scopes ?? kDefaultScopes
     self.clientID = clientID
   }
 
   @MainActor public func authButton() -> AnyView {
-    let customViewModel = GoogleSignInButtonViewModel(
-      scheme: .light,
-      style: .wide,
-      state: .normal
-    )
-    return AnyView(GoogleSignInButton(viewModel: customViewModel) {
-      Task {
-        try await self.signInWithGoogle(clientID: self.clientID)
-      }
-    })
+    AnyView(SignInWithGoogleButton())
+  }
+
+  public func deleteUser(user: User) async throws {
+    let operation = GoogleDeleteUserOperation(googleProvider: self)
+    try await operation(on: user)
   }
 
   @MainActor public func signInWithGoogle(clientID: String) async throws -> AuthCredential {
diff --git a/FirebaseSwiftUI/FirebaseGoogleSwiftUI/Sources/Views/SignInWithGoogleButton.swift b/FirebaseSwiftUI/FirebaseGoogleSwiftUI/Sources/Views/SignInWithGoogleButton.swift
@@ -0,0 +1,37 @@
+//
+//  SignInWithGoogleButton.swift
+//  FirebaseUI
+//
+//  Created by Russell Wheatley on 22/05/2025.
+//
+import FirebaseAuthSwiftUI
+import FirebaseCore
+import GoogleSignInSwift
+import SwiftUI
+
+@MainActor
+public struct SignInWithGoogleButton {
+  @Environment(AuthService.self) private var authService
+
+  let customViewModel = GoogleSignInButtonViewModel(
+    scheme: .light,
+    style: .wide,
+    state: .normal
+  )
+}
+
+extension SignInWithGoogleButton: View {
+  public var body: some View {
+    GoogleSignInButton(viewModel: customViewModel) {
+      Task {
+        try await authService.signInWithGoogle()
+      }
+    }
+  }
+}
+
+#Preview {
+  FirebaseOptions.dummyConfigurationForPreview()
+  return SignInWithGoogleButton()
+    .environment(AuthService())
+}
diff --git a/samples/swiftui/FirebaseSwiftUIExample/FirebaseSwiftUIExample/ContentView.swift b/samples/swiftui/FirebaseSwiftUIExample/FirebaseSwiftUIExample/ContentView.swift
@@ -25,7 +25,6 @@ struct ContentView: View {
     actionCodeSettings.linkDomain = "flutterfire-e2e-tests.firebaseapp.com"
     actionCodeSettings.setIOSBundleID(Bundle.main.bundleIdentifier!)
     let configuration = AuthConfiguration(
-      shouldAutoUpgradeAnonymousUsers: true,
       tosUrl: URL(string: "https://example.com/tos"),
       privacyPolicyUrl: URL(string: "https://example.com/privacy"),
       emailLinkSignInActionCodeSettings: actionCodeSettings

Original file line number	Diff line number	Diff line change
`@@ -8,6 +8,7 @@ public protocol ExternalAuthProvider {`
`8`	`8`
`9`	`9`	`public protocol GoogleProviderAuthUIProtocol: ExternalAuthProvider {`
`10`	`10`	`@MainActor func signInWithGoogle(clientID: String) async throws -> AuthCredential`
	`11`	`+ @MainActor func deleteUser(user: User) async throws`
`11`	`12`	`}`
`12`	`13`
`13`	`14`	`public protocol FacebookProviderAuthUIProtocol: ExternalAuthProvider {`
`@@ -265,6 +266,8 @@ public extension AuthService {`
`265`	`266`	`try await operation(on: user)`
`266`	`267`	`} else if providerId == "facebook.com" {`
`267`	`268`	`try await facebookProvider.deleteUser(user: user)`
	`269`	`+ } else if providerId == "google.com" {`
	`270`	`+ try await googleProvider.deleteUser(user: user)`
`268`	`271`	`}`
`269`	`272`	`}`
`270`	`273`