refactor: reauth helpers

russellwheatley · russellwheatley · commit 9ef04f9403d9 · 2025-11-18T14:49:26.000Z
diff --git a/FirebaseSwiftUI/FirebaseAuthSwiftUI/Sources/Services/AuthService.swift b/FirebaseSwiftUI/FirebaseAuthSwiftUI/Sources/Services/AuthService.swift
@@ -217,12 +217,20 @@ public final class AuthService {
 
       try await user.link(with: credentials)
       updateAuthenticationState()
-    } catch {
+    } catch let error as NSError {
+      authenticationState = .unauthenticated
+      
+      // Check if reauthentication is needed
+      if error.domain == AuthErrorDomain,
+         error.code == AuthErrorCode.requiresRecentLogin.rawValue ||
+         error.code == AuthErrorCode.userTokenExpired.rawValue {
+        try await requireReauthentication()
+      }
+      
       // Possible conflicts from user.link():
       // - credentialAlreadyInUse: credential is already linked to another account
       // - emailAlreadyInUse: email from credential is already used by another account
       // - accountExistsWithDifferentCredential: account exists with different sign-in method
-      authenticationState = .unauthenticated
       try handleErrorWithConflictCheck(error: error, credential: credentials)
     }
   }
@@ -293,15 +301,37 @@ public extension AuthService {
       throw AuthServiceError.noCurrentUser
     }
 
-    try await user.delete()
+    do {
+      try await user.delete()
+    } catch let error as NSError {
+      // Check if reauthentication is needed
+      if error.domain == AuthErrorDomain,
+         error.code == AuthErrorCode.requiresRecentLogin.rawValue ||
+         error.code == AuthErrorCode.userTokenExpired.rawValue {
+        try await requireReauthentication()
+      } else {
+        throw error
+      }
+    }
   }
 
   func updatePassword(to password: String) async throws {
     guard let user = auth.currentUser else {
       throw AuthServiceError.noCurrentUser
     }
 
-    try await user.updatePassword(to: password)
+    do {
+      try await user.updatePassword(to: password)
+    } catch let error as NSError {
+      // Check if reauthentication is needed
+      if error.domain == AuthErrorDomain,
+         error.code == AuthErrorCode.requiresRecentLogin.rawValue ||
+         error.code == AuthErrorCode.userTokenExpired.rawValue {
+        try await requireReauthentication()
+      } else {
+        throw error
+      }
+    }
   }
 }
 
@@ -694,8 +724,19 @@ public extension AuthService {
     }
 
     // Complete the enrollment
-    try await user.multiFactor.enroll(with: assertion, displayName: displayName)
-    currentUser = auth.currentUser
+    do {
+      try await user.multiFactor.enroll(with: assertion, displayName: displayName)
+      currentUser = auth.currentUser
+    } catch let error as NSError {
+      // Check if reauthentication is needed
+      if error.domain == AuthErrorDomain,
+         error.code == AuthErrorCode.requiresRecentLogin.rawValue ||
+         error.code == AuthErrorCode.userTokenExpired.rawValue {
+        try await requireReauthentication()
+      } else {
+        throw error
+      }
+    }
   }
 
   /// Reauthenticates with a simple provider (Google, Apple, Facebook, Twitter, etc.)
@@ -812,13 +853,24 @@ public extension AuthService {
 
     let multiFactorUser = user.multiFactor
 
-    try await multiFactorUser.unenroll(withFactorUID: factorUid)
+    do {
+      try await multiFactorUser.unenroll(withFactorUID: factorUid)
 
-    // This is the only we to get the actual latest enrolledFactors
-    currentUser = Auth.auth().currentUser
-    let freshFactors = currentUser?.multiFactor.enrolledFactors ?? []
+      // This is the only we to get the actual latest enrolledFactors
+      currentUser = Auth.auth().currentUser
+      let freshFactors = currentUser?.multiFactor.enrolledFactors ?? []
 
-    return freshFactors
+      return freshFactors
+    } catch let error as NSError {
+      // Check if reauthentication is needed
+      if error.domain == AuthErrorDomain,
+         error.code == AuthErrorCode.requiresRecentLogin.rawValue ||
+         error.code == AuthErrorCode.userTokenExpired.rawValue {
+        try await requireReauthentication()
+      } else {
+        throw error
+      }
+    }
   }
 
   // MARK: - Account Conflict Helper Methods
diff --git a/FirebaseSwiftUI/FirebaseAuthSwiftUI/Sources/Services/ReauthenticationHelpers.swift b/FirebaseSwiftUI/FirebaseAuthSwiftUI/Sources/Services/ReauthenticationHelpers.swift
@@ -15,71 +15,44 @@
 import FirebaseAuth
 
 /// Execute an operation that may require reauthentication
-/// Automatically handles simple providers (Google, Apple, etc.)
-/// For email/phone, the coordinator must be provided to handle the UI flow
+/// Automatically handles reauth errors by presenting UI and retrying
 /// - Parameters:
 ///   - authService: The auth service managing authentication
-///   - coordinator: The coordinator managing reauthentication UI (for email/phone)
+///   - coordinator: The coordinator managing reauthentication UI
 ///   - operation: The operation to execute
 /// - Throws: Rethrows errors from the operation or reauthentication process
 @MainActor
-public func withReauthenticationIfNeeded(authService: AuthService,
-                                         coordinator: ReauthenticationCoordinator,
-                                         operation: @escaping () async throws
-                                           -> Void) async throws {
+public func withReauthenticationIfNeeded(
+  authService: AuthService,
+  coordinator: ReauthenticationCoordinator,
+  operation: @escaping () async throws -> Void
+) async throws {
   do {
     try await operation()
-  } catch let error as NSError {
-    // Check if reauthentication is needed
-    if error.domain == AuthErrorDomain,
-       error.code == AuthErrorCode.requiresRecentLogin.rawValue ||
-       error.code == AuthErrorCode.userTokenExpired.rawValue {
-      // Determine the provider context
-      let providerId = try await authService.getCurrentSignInProvider()
-      let context = ReauthContext(
-        providerId: providerId,
-        providerName: getProviderDisplayName(providerId),
-        phoneNumber: authService.currentUser?.phoneNumber,
-        email: authService.currentUser?.email
-      )
-
-      // Handle based on provider type
-      switch providerId {
-      case PhoneAuthProviderID, EmailAuthProviderID:
-        // For email/phone, use coordinator to handle UI flow
-        try await coordinator.requestReauth(context: context)
-
-      default:
-        // For simple providers (Google, Apple, etc.), AuthService can handle it directly
-        try await authService.reauthenticate(context: context)
-      }
-
-      // Retry the operation after successful reauth
-      try await operation()
-    } else {
+  } catch let error as AuthServiceError {
+    // Check if this is a reauthentication error
+    let context: ReauthContext?
+    
+    switch error {
+    case .emailReauthenticationRequired(let ctx):
+      context = ctx
+    case .phoneReauthenticationRequired(let ctx):
+      context = ctx
+    case .simpleReauthenticationRequired(let ctx):
+      context = ctx
+    default:
+      // Not a reauth error, rethrow
       throw error
     }
-  }
-}
-
-/// Get a user-friendly display name for a provider ID
-/// - Parameter providerId: The provider ID from Firebase Auth
-/// - Returns: A user-friendly name for the provider
-public func getProviderDisplayName(_ providerId: String) -> String {
-  switch providerId {
-  case EmailAuthProviderID:
-    return "Email"
-  case PhoneAuthProviderID:
-    return "Phone"
-  case "google.com":
-    return "Google"
-  case "apple.com":
-    return "Apple"
-  case "facebook.com":
-    return "Facebook"
-  case "twitter.com":
-    return "Twitter"
-  default:
-    return providerId
+    
+    guard let reauthContext = context else {
+      throw error
+    }
+    
+    // Request reauthentication through coordinator (shows UI)
+    try await coordinator.requestReauth(context: reauthContext)
+    
+    // After successful reauth, retry the operation
+    try await operation()
   }
 }
