google-oss-bot
commented
1 year ago I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.
Open romansorochak opened 1 year ago
google-oss-bot
commented
1 year ago I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.
PaulWozny
commented
1 year ago Same issue occurs with react-native-firebase with google-sign-in as first factor:
Error: [auth/unknown] MFA_ENROLLMENT_NOT_FOUND
NativeFirebaseError: [auth/unknown] MFA_ENROLLMENT_NOT_FOUND
at resolveMultiFactorSignIn (http://192.168.50.163:8081/index.bundle?platform=ios&dev=true&hot=false:126322:52)
at resolveSignIn (http://192.168.50.163:8081/index.bundle?platform=ios&dev=true&hot=false:128803:51)
at eval (JavaScript:1:23)
at ?anon_0_ (http://192.168.50.163:8081/index.bundle?platform=ios&dev=true&hot=false:160337:37)
at next (native)
at asyncGeneratorStep (http://192.168.50.163:8081/index.bundle?platform=ios&dev=true&hot=false:4630:26)
at _next (http://192.168.50.163:8081/index.bundle?platform=ios&dev=true&hot=false:4649:29)
at anonymous (http://192.168.50.163:8081/index.bundle?platform=ios&dev=true&hot=false:4654:14)
at tryCallTwo (/Users/distiller/react-native/sdks/hermes/build_iphonesimulator/lib/InternalBytecode/InternalBytecode.js:61:9)
at doResolve (/Users/distiller/react-native/sdks/hermes/build_iphonesimulator/lib/InternalBytecode/InternalBytecode.js:216:25)
at Promise (/Users/distiller/react-native/sdks/hermes/build_iphonesimulator/lib/InternalBytecode/InternalBytecode.js:82:14)
paulb777
commented
1 year ago @romansorochak Thanks for the report and reproduction instructions. Would you share a project that demonstrates the issue to help us prioritize it?
christhompsongoogle
commented
1 year ago I'm not able to reproduce it using the friendly chat app codelab: https://firebase.google.com/codelabs/auth-mfa-blocking-functions
curl http://127.0.0.1:9199/emulator/v1/projects/demo-example/verificationCodes
{"verificationCodes":[{"code":"339404","phoneNumber":"+14081111111","sessionInfo":"PgzXxZvNnbzJ9U1u4i5L9jGTbSLwzc-A_KTUJ1g36Zimf-88UlU0yGUfRX57aJbl8jcL2_NTP-1-ZgKnljZ3qxPsymMnsdzyU6Ns5sADQK3EwcLylD2XF2t5vXJhApdbg2erPD5b-sb1RYyMIp1m__5rR-B_ijGt547CB5cgtyKvUkf7lraFBEdUOsfNXgFcWJvWDyhzSS10WxfopY8c5LtRRhN4DyoOsk"}]}If I were to guess, the line throwing the error in the emulator is here: https://github.com/firebase/firebase-tools/blob/a1287dd55b284c3463f3e216db86b0b46260e237/src/emulator/auth/operations.ts#L2102
romansorochak
commented
1 year ago @romansorochak Thanks for the report and reproduction instructions. Would you share a project that demonstrates the issue to help us prioritize it?
Hi @paulb777
Here is a test project with the issue.
It is missing GoogleService-Info.plist file.
Please use your own.
Thanks for you help !
romansorochak
commented
1 year ago Hi @paulb777 Just wondering if you were able to reproduce the issue ?
paulb777
commented
1 year ago @romansorochak Sorry, we haven't been able to get to it yet. I hope to in the next few days.
paulb777
commented
1 year ago @romansorochak We've been able to reproduce the issue and it looks like a bug in the emulator. We will investigate a fix and report back when we have more details.
romansorochak
commented
1 year ago @romansorochak We've been able to reproduce the issue and it looks like a bug in the emulator. We will investigate a fix and report back when we have more details.
Thank you a lot for your help !
paulb777
commented
1 year ago I also got the repro app running with a real Firebase console project and was able to see a difference in SDK behavior between the emulator and console project.
The execution paths diverge at https://github.com/firebase/firebase-ios-sdk/blob/master/FirebaseAuth/Sources/AuthProvider/Phone/FIRPhoneAuthProvider.m#L452: isAppVerificationDisabledForTesting is YES for the emulator and it sends a SendVerificationCodeRequest with:
(lldb) po postBody
{
phoneNumber = "+*******1234";
}The console project falls through to the StartMFAEnrollmentRequest and sends:
(lldb) po postBody
{
mfaEnrollmentId = "6e11e8de-bbd3-4afa-b379-8cfba337d640";
mfaPendingCredential = "AMzJoSkTTSYRvlAy74VToXPODKkQfzRNjNacGAWRF8B-K77KX2WroX45hQamZKBsPT8b4hjYNg0A_4Ix_paLyLqkv2xj9CLl4oA7dfD8NbSCcbFEK5e5Yl94FSaS33Rk9uQVoGzZbZ6lB_MvjQcMDXrv5w2Qn11Dj4ePwz0Ovcbvo0_uEyGIMoU";
phoneSignInInfo = {
phoneNumber = "+*******7074";
recaptchaToken = "03AKH6MRFaH21R6oi2chCjxPIZ972tbeM6xwG57SxO3jfWsZkrdjZ98yylOHL_uSFQTV6Z7riGNLW56Ne_i6kn0x6YD1udf3tCSoZj0BWdGr9r11k9Bb2JSAVvEP4BIjw4Kg4xfmVjA7IjTwbG_H-0wJgj1iUpySG6bDCDbshEsgREqkJed38tjmDzydd5UK8G3WvsA0NC9xBJoPv-FiDJ3JCFnDkspXhTLvHqNxDzLkFuO1aFcNpTnK-_Ba6weVDXySZcEJZwLaZVQhRr18eCHxxbquXeauFYnohOHuk7SNTu9aaW0X1cWfYpNxOVLXR7s2Yvd3I5R5uNJOmW0jjI_TeCzsK56oBIfJ-2pDBCWZoMibikjmph9ZTlaIppgnoN987IhvFyu7um5uE9Mq0SrbbzFKqG6q7DjE542sC9C8_pLiHxFxMM2-h40dHBR775_PaG3KLs7GAuXkyoXGBbx_oInANTitBer86zG2jBIRmspE3J7Ovzs7CzvAiMSGOz-9Vwdhiv_eiFAAz_hsK25x9t2GKdGTCE2R3SlKRrCbVg9woxP2mIJrSbrTM-JGhF-vUwgkShUofvuNnbCw_PxA5VbbmzuVu98A";
};
}
dantheli
commented
6 months ago Is there a fix planned for this issue? We'd love to be able to test authentication with the emulators but this is blocking us from doing so, even with SDK version 10.24.0. I looked at #12223 and it didn't seem like it fixed this particular bug but perhaps I missed something.
paulb777
commented
6 months ago @dantheli Sorry we haven't been able to prioritize this. In the meantime, please add a thumbs-up to the report above to indicate interest.
dantheli
commented
6 months ago Thanks Paul! I just did some digging myself following your April 20, 2023 findings and I think the underlying issue is this:
Emulator throws the error because the client SDK sends the phone number obfuscated, but emulator expects to have a full phone number (obviously). This occurs because if it's connected to the emulator, FIRPhoneAuthProvider as mentioned above will request a verification code using the phone number that the MFA resolver returns in the auth error. The number the MFA resolver returns is obfuscated, which should be expected because the client doesn't need to know the number.
I wrote a patch that fixes this by changing the FIRPhoneAuthProvider method to use the same path during emulator as with production, but skipping the app verification call of course. This seems to work. And as far as I can tell, this is what the JS SDK does, where phone MFA verification works fine with the emulator. I've pushed it to a fork.
I just put up PR #12874. If I have some more time I'll write some tests, but would love to know if I missed something silly.
paulb777
commented
6 months ago Thanks @dantheli! Please sign the CLA and address other CI issues and we can review.
Description
We're trying to automate E2E with Firebase Emulators. On the project we use
Sign in with email/password, email verification & MFA with phone number. When we create a user with email/password, email verification & MFA throughFirebase Auth Emulator Suitewe are able to login with email/password. But then when we try to proceed with an OTP code we're getting error -MFA_ENROLLMENT_NOT_FOUND.Reproducing the issue
Firebaseand addiOSproject.email/password&MFA.Firebase Auth Emulatorwith email/password, email verified, MFA enabled with some phone number.http://0.0.0.0:9099/emulator/v1/projects/{firebase_project_id}/verificationCodeswhere thefirebase_project_idis the id of the firebase project.FIRMultiFactorResolver.resolveSignInWithAssertionshould return success. Actual behaviourFIRMultiFactorResolver.resolveSignInWithAssertionreturns error -MFA_ENROLLMENT_NOT_FOUND.Firebase SDK Version
10.7.0
Xcode Version
14.2
Installation Method
Carthage
Firebase Product(s)
Authentication
Targeted Platforms
iOS
Relevant Log Output
If using Swift Package Manager, the project's Package.resolved
Expand
Package.resolvedsnippet```json Replace this line with the contents of your Package.resolved. ```
If using CocoaPods, the project's Podfile.lock
Expand
Podfile.locksnippet```yml Replace this line with the contents of your Podfile.lock! ```