Merge remote-tracking branch 'origin/main' into ThreadSafeMemoizerMemoryLeakFix

Author: dconeybe

FirebaseAuth/CHANGELOG.md

@@ -4,6 +4,7 @@
   for decoding `nil` values. (#14212)
 - [fixed] Address Xcode 16.2 concurrency compile time issues. (#14279)
 - [fixed] Fix handling of cloud blocking function errors. (#14052)
+- [fixed] Fix phone auth flow to skip RCE verification if appVerificationDisabledForTesting is set. (#14242)
 
 # 11.6.0
 - [added] Added reCAPTCHA Enterprise support for app verification during phone

FirebaseAuth/Sources/Swift/Auth/Auth.swift

@@ -2382,7 +2382,16 @@ extension Auth: AuthInterop {
   private let keychainServices: AuthKeychainServices
 
   /// The user access (ID) token used last time for posting auth state changed notification.
-  private var lastNotifiedUserToken: String?
+  ///
+  /// - Note: The atomic wrapper can be removed when the SDK is fully
+  /// synchronized with structured concurrency.
+  private var lastNotifiedUserToken: String? {
+    get { lastNotifiedUserTokenLock.withLock { _lastNotifiedUserToken } }
+    set { lastNotifiedUserTokenLock.withLock { _lastNotifiedUserToken = newValue } }
+  }
+
+  private var _lastNotifiedUserToken: String?
+  private var lastNotifiedUserTokenLock = NSLock()
 
   /// This flag denotes whether or not tokens should be automatically refreshed.
   /// Will only be set to `true` if the another Firebase service is included (additionally to

FirebaseAuth/Sources/Swift/AuthProvider/PhoneAuthProvider.swift

@@ -203,6 +203,21 @@ import Foundation
       }
 
       let recaptchaVerifier = AuthRecaptchaVerifier.shared(auth: auth)
+
+      if let settings = auth.settings,
+         settings.isAppVerificationDisabledForTesting {
+        // If app verification is disabled for testing
+        // do not fetch recaptcha config, as this is not implemented in emulator
+        // Treat this same as RCE enable status off
+
+        return try await verifyClAndSendVerificationCode(
+          toPhoneNumber: phoneNumber,
+          retryOnInvalidAppCredential: true,
+          multiFactorSession: multiFactorSession,
+          uiDelegate: uiDelegate
+        )
+      }
+
       try await recaptchaVerifier.retrieveRecaptchaConfig(forceRefresh: true)
 
       switch recaptchaVerifier.enablementStatus(forProvider: .phone) {

FirebaseAuth/Sources/Swift/SystemService/SecureTokenService.swift

@@ -125,8 +125,17 @@ class SecureTokenService: NSObject, NSSecureCoding {
   ///
   /// This method is specifically for providing the access token to internal clients during
   /// deserialization and sign-in events, and should not be used to retrieve the access token by
-  ///     anyone else.
-  var accessToken: String
+  /// anyone else.
+  ///
+  /// - Note: The atomic wrapper can be removed when the SDK is fully
+  /// synchronized with structured concurrency.
+  var accessToken: String {
+    get { accessTokenLock.withLock { _accessToken } }
+    set { accessTokenLock.withLock { _accessToken = newValue } }
+  }
+
+  private var _accessToken: String
+  private let accessTokenLock = NSLock()
 
   /// The refresh token for the user, or `nil` if the user has yet completed sign-in flow.
   ///
@@ -147,7 +156,7 @@ class SecureTokenService: NSObject, NSSecureCoding {
        refreshToken: String) {
     internalService = SecureTokenServiceInternal()
     self.requestConfiguration = requestConfiguration
-    self.accessToken = accessToken
+    _accessToken = accessToken
     self.accessTokenExpirationDate = accessTokenExpirationDate
     self.refreshToken = refreshToken
   }