Merge branch 'auth-provider-swiftui' into mc/buttons

Author: morganchen12

FirebaseSwiftUI/FirebaseAuthSwiftUI/Sources/AuthServiceError.swift

@@ -0,0 +1,31 @@
+
+import SwiftUI
+
+public enum AuthServiceError: LocalizedError {
+  case invalidEmailLink
+  case notConfiguredProvider(String)
+  case clientIdNotFound(String)
+  case notConfiguredActionCodeSettings
+  case reauthenticationRequired(String)
+  case invalidCredentials(String)
+  case signInFailed(underlying: Error)
+
+  public var errorDescription: String? {
+    switch self {
+    case .invalidEmailLink:
+      return "Invalid sign in link. Most likely, the link you used has expired. Try signing in again."
+    case let .notConfiguredProvider(description):
+      return description
+    case let .clientIdNotFound(description):
+      return description
+    case .notConfiguredActionCodeSettings:
+      return "ActionCodeSettings has not been configured for `AuthConfiguration.emailLinkSignInActionCodeSettings`"
+    case let .reauthenticationRequired(description):
+      return description
+    case let .invalidCredentials(description):
+      return description
+    case let .signInFailed(underlying: error):
+      return "Failed to sign in: \(error.localizedDescription)"
+    }
+  }
+}

FirebaseSwiftUI/FirebaseAuthSwiftUI/Sources/Services/AccountService+Email.swift

@@ -0,0 +1,68 @@
+@preconcurrency import FirebaseAuth
+import Observation
+
+protocol EmailPasswordOperationReauthentication {
+  var passwordPrompt: PasswordPromptCoordinator { get }
+}
+
+extension EmailPasswordOperationReauthentication {
+  func reauthenticate() async throws -> AuthenticationToken {
+    guard let user = Auth.auth().currentUser else {
+      throw AuthServiceError.reauthenticationRequired("No user currently signed-in")
+    }
+
+    guard let email = user.email else {
+      throw AuthServiceError.invalidCredentials("User does not have an email address")
+    }
+
+    do {
+      let password = try await passwordPrompt.confirmPassword()
+
+      let credential = EmailAuthProvider.credential(withEmail: email, password: password)
+      try await Auth.auth().currentUser?.reauthenticate(with: credential)
+
+      return .firebase("")
+    } catch {
+      throw AuthServiceError.signInFailed(underlying: error)
+    }
+  }
+}
+
+class EmailPasswordDeleteUserOperation: DeleteUserOperation,
+  EmailPasswordOperationReauthentication {
+  let passwordPrompt: PasswordPromptCoordinator
+
+  init(passwordPrompt: PasswordPromptCoordinator) {
+    self.passwordPrompt = passwordPrompt
+  }
+}
+
+@MainActor
+@Observable
+public final class PasswordPromptCoordinator {
+  var isPromptingPassword = false
+  private var continuation: CheckedContinuation<String, Error>?
+
+  func confirmPassword() async throws -> String {
+    return try await withCheckedThrowingContinuation { continuation in
+      self.continuation = continuation
+      self.isPromptingPassword = true
+    }
+  }
+
+  func submit(password: String) {
+    continuation?.resume(returning: password)
+    cleanup()
+  }
+
+  func cancel() {
+    continuation?
+      .resume(throwing: AuthServiceError.reauthenticationRequired("Password entry cancelled"))
+    cleanup()
+  }
+
+  private func cleanup() {
+    continuation = nil
+    isPromptingPassword = false
+  }
+}

FirebaseSwiftUI/FirebaseAuthSwiftUI/Sources/Services/AccountService.swift

@@ -0,0 +1,45 @@
+import AuthenticationServices
+import FirebaseAuth
+
+extension NSError {
+  var requiresReauthentication: Bool {
+    domain == AuthErrorDomain && code == AuthErrorCode.requiresRecentLogin.rawValue
+  }
+
+  var credentialAlreadyInUse: Bool {
+    domain == AuthErrorDomain && code == AuthErrorCode.credentialAlreadyInUse.rawValue
+  }
+}
+
+enum AuthenticationToken {
+  case apple(ASAuthorizationAppleIDCredential, String)
+  case firebase(String)
+}
+
+protocol AuthenticatedOperation {
+  func callAsFunction(on user: User) async throws
+  func reauthenticate() async throws -> AuthenticationToken
+  func performOperation(on user: User, with token: AuthenticationToken?) async throws
+}
+
+extension AuthenticatedOperation {
+  func callAsFunction(on user: User) async throws {
+    do {
+      try await performOperation(on: user, with: nil)
+    } catch let error as NSError where error.requiresReauthentication {
+      let token = try await reauthenticate()
+      try await performOperation(on: user, with: token)
+    } catch AuthServiceError.reauthenticationRequired {
+      let token = try await reauthenticate()
+      try await performOperation(on: user, with: token)
+    }
+  }
+}
+
+protocol DeleteUserOperation: AuthenticatedOperation {}
+
+extension DeleteUserOperation {
+  func performOperation(on user: User, with _: AuthenticationToken? = nil) async throws {
+    try await user.delete()
+  }
+}

FirebaseSwiftUI/FirebaseAuthSwiftUI/Sources/Services/AuthService.swift

@@ -35,13 +35,6 @@ public enum AuthView {
   case emailLink
 }
 
-public enum AuthServiceError: Error {
-  case invalidEmailLink(String)
-  case notConfiguredProvider(String)
-  case clientIdNotFound(String)
-  case notConfiguredActionCodeSettings(String)
-}
-
 @MainActor
 private final class AuthListenerManager {
   private var authStateHandle: AuthStateDidChangeListenerHandle?
@@ -93,6 +86,7 @@ public final class AuthService {
   public var authenticationState: AuthenticationState = .unauthenticated
   public var authenticationFlow: AuthenticationFlow = .login
   public var errorMessage = ""
+  public let passwordPrompt: PasswordPromptCoordinator = .init()
 
   public var googleProvider: GoogleProviderProtocol?
   public var facebookProvider: FacebookProviderProtocol?
@@ -136,9 +130,7 @@ public final class AuthService {
     guard let actionCodeSettings = configuration
       .emailLinkSignInActionCodeSettings else {
       throw AuthServiceError
-        .notConfiguredActionCodeSettings(
-          "ActionCodeSettings has not been configured for `AuthConfiguration.emailLinkSignInActionCodeSettings`"
-        )
+        .notConfiguredActionCodeSettings
     }
     return actionCodeSettings
   }
@@ -188,7 +180,6 @@ public final class AuthService {
     } else {
       do {
         try await auth.signIn(with: credentials)
-        signedInCredential = credentials
         updateAuthenticationState()
       } catch {
         authenticationState = .unauthenticated
@@ -217,32 +208,14 @@ public final class AuthService {
 
 // MARK: - User API
 
-extension Date {
-  func isWithinPast(minutes: Int) -> Bool {
-    let calendar = Calendar.current
-    guard let timeAgo = calendar.date(byAdding: .minute, value: -minutes, to: Date()) else {
-      return false
-    }
-    return self >= timeAgo && self <= Date()
-  }
-}
-
 public extension AuthService {
-  func reauthenticate() async throws {
-    if let user = auth.currentUser, let credential = signedInCredential {
-      try await user.reauthenticate(with: credential)
-    }
-  }
-
   func deleteUser() async throws {
     do {
-      if let user = auth.currentUser, let lastSignInDate = user.metadata.lastSignInDate {
-        let needsReauth = !lastSignInDate.isWithinPast(minutes: 5)
-        if needsReauth {
-          try await reauthenticate()
-        }
-        try await user.delete()
+      if let user = auth.currentUser {
+        let operation = EmailPasswordDeleteUserOperation(passwordPrompt: passwordPrompt)
+        try await operation(on: user)
       }
+
     } catch {
       errorMessage = string.localizedErrorMessage(
         for: error
@@ -265,8 +238,6 @@ public extension AuthService {
 
     do {
       try await auth.createUser(withEmail: email, password: password)
-      let credential = EmailAuthProvider.credential(withEmail: email, password: password)
-      signedInCredential = credential
       updateAuthenticationState()
     } catch {
       authenticationState = .unauthenticated
@@ -310,9 +281,7 @@ public extension AuthService {
   func handleSignInLink(url url: URL) async throws {
     do {
       guard let email = emailLink else {
-        throw AuthServiceError.invalidEmailLink(
-          "Invalid sign in link. Most likely, the link you used has expired. Try signing in again."
-        )
+        throw AuthServiceError.invalidEmailLink
       }
       let link = url.absoluteString
       if auth.isSignIn(withEmailLink: link) {
@@ -333,45 +302,25 @@ public extension AuthService {
 
 public extension AuthService {
   func signInWithGoogle() async throws {
-    authenticationState = .authenticating
-    do {
-      guard let clientID = auth.app?.options.clientID else {
-        throw AuthServiceError
-          .clientIdNotFound(
-            "OAuth client ID not found. Please make sure Google Sign-In is enabled in the Firebase console. You may have to download a new GoogleService-Info.plist file after enabling Google Sign-In."
-          )
-      }
-      let credential = try await safeGoogleProvider.signInWithGoogle(clientID: clientID)
-
-      try await signIn(credentials: credential)
-      updateAuthenticationState()
-    } catch {
-      authenticationState = .unauthenticated
-      errorMessage = string.localizedErrorMessage(
-        for: error
-      )
-      throw error
+    guard let clientID = auth.app?.options.clientID else {
+      throw AuthServiceError
+        .clientIdNotFound(
+          "OAuth client ID not found. Please make sure Google Sign-In is enabled in the Firebase console. You may have to download a new GoogleService-Info.plist file after enabling Google Sign-In."
+        )
     }
+    let credential = try await safeGoogleProvider.signInWithGoogle(clientID: clientID)
+
+    try await signIn(credentials: credential)
   }
 }
 
 // MARK: - Facebook Sign In
 
 public extension AuthService {
   func signInWithFacebook(limitedLogin: Bool = true) async throws {
-    authenticationState = .authenticating
-    do {
-      let credential = try await safeFacebookProvider
-        .signInWithFacebook(isLimitedLogin: limitedLogin)
-      try await signIn(credentials: credential)
-      updateAuthenticationState()
-    } catch {
-      authenticationState = .unauthenticated
-      errorMessage = string.localizedErrorMessage(
-        for: error
-      )
-      throw error
-    }
+    let credential = try await safeFacebookProvider
+      .signInWithFacebook(isLimitedLogin: limitedLogin)
+    try await signIn(credentials: credential)
   }
 }
 
@@ -390,18 +339,8 @@ public extension AuthService {
   }
 
   func signInWithPhoneNumber(verificationID: String, verificationCode: String) async throws {
-    authenticationState = .authenticating
-    do {
-      let credential = PhoneAuthProvider.provider()
-        .credential(withVerificationID: verificationID, verificationCode: verificationCode)
-      try await signIn(credentials: credential)
-      updateAuthenticationState()
-    } catch {
-      authenticationState = .unauthenticated
-      errorMessage = string.localizedErrorMessage(
-        for: error
-      )
-      throw error
-    }
+    let credential = PhoneAuthProvider.provider()
+      .credential(withVerificationID: verificationID, verificationCode: verificationCode)
+    try await signIn(credentials: credential)
   }
 }

FirebaseSwiftUI/FirebaseAuthSwiftUI/Sources/Views/EmailAuthView.swift

@@ -36,17 +36,7 @@ public struct EmailAuthView {
   private func signInWithEmailPassword() async {
     do {
       try await authService.signIn(withEmail: email, password: password)
-    } catch let error as NSError {
-      switch AuthErrorCode(rawValue: error.code) {
-//      case .credentialAlreadyInUse:
-      default:
-        // TODO: - how are we handling this?
-        if let updatedCredential = error
-          .userInfo[AuthErrorUserInfoUpdatedCredentialKey] as? AuthCredential {
-          // user ought to merge accounts on their backend here
-        }
-      }
-    }
+    } catch {}
   }
 
   private func createUserWithEmailPassword() async {

FirebaseSwiftUI/FirebaseAuthSwiftUI/Sources/Views/PasswordPromptView.swift

@@ -0,0 +1,29 @@
+import SwiftUI
+
+struct PasswordPromptSheet {
+  @Bindable var coordinator: PasswordPromptCoordinator
+  @State private var password = ""
+}
+
+extension PasswordPromptSheet: View {
+  var body: some View {
+    VStack(spacing: 20) {
+      SecureField("Enter Password", text: $password)
+        .textFieldStyle(.roundedBorder)
+        .padding()
+
+      HStack {
+        Button("Cancel") {
+          coordinator.cancel()
+        }
+        Spacer()
+        Button("Submit") {
+          coordinator.submit(password: password)
+        }
+        .disabled(password.isEmpty)
+      }
+      .padding(.horizontal)
+    }
+    .padding()
+  }
+}