search

firebase / firebase-js-sdk

Firebase Javascript SDK
https://firebase.google.com/docs/web/setup
Other
4.82k stars 884 forks source link

Duplicate accounts created with same email address #8470

Open thasu24 opened 2 weeks ago

thasu24 commented 2 weeks ago

Operating System

Unknown (production customer)

Environment (if applicable)

React 18.2.0 (browser unknown)

Firebase SDK Version

10.12.2

Firebase SDK Product(s)

Auth

Project Tooling

React

Detailed Problem Description

We are seeing duplicate accounts in the Firebase Auth UI that were created with the same email address with different UIDs.

Our application uses createUserWithEmailAndPassword(auth, email, password), and we have a Cloud function onCreate that is triggered when a new account is created.

We have logs from the onCreate cloudfunction that show that the function was triggered twice at the time the duplicate accounts were created. There were no other accounts created within the hour before or after. The timestamps for the two events are 600 ms apart:

Function execution started: 2024-08-27T00:53:47.030317366Z
Function execution started: 2024-08-27T00:53:47.632004145Z

The impact of this is that a customer made a purchase, but was unable to access that purchase, as the purchase was in the account with the first UID that was created, which we suspect is now "hidden" behind the second account that was created with the same email address.

We have "Link accounts that use the same email" set in order to link accounts from different providers. Our understanding was that it should not be possible to have duplicate accounts created through the same method (in this case createUserWithEmailAndPassword).

We are not able to reproduce this, as attempting to create an account twice with the same email address result in an "auth/email-already-in-use".

We could not find any other similar bug reports, but did find this discussion on reddit that might be related to the same behavior: https://www.reddit.com/r/Firebase/comments/1dekmoz/hey_im_having_a_problem_with_authentication/

Steps and code to reproduce issue

Not possible, as it was a customer action in our production system.

google-oss-bot commented 2 weeks ago

I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.

Chloe199719 commented 1 week ago

We are experiencing a very similar issue but we just using firebase auth in our system we started having email conflicts about 1 month ago for a small percentage of new users when check their emails in fireauth they had same email with different uid's as well We do not use any oauth providers only email and password

thasu24 commented 9 hours ago

We have had the same issue happen again on Sept 11th. We have logs from the auth onCreate trigger that show 2 accounts being create within less than 1 minute. There is also a similar recent report on StackOverflow, but we couldn't find any follow up to that issue being reported to Firebase Support (see https://stackoverflow.com/questions/78906884/users-has-2-accounts-with-same-email-and-provider).