Open JulioGrajales opened 8 months ago
Hey @JulioGrajales, in general, the emulators will not reflect changes made via the Firebase console. In this case however, nfortunately, we have not gotten a chance to implement emulator support for email enumeration protection yet.
Keeping this open to track the feature request - however, I can't make any promises as to when this may be supported.
I have only tested it with signInWithEmailAndPassword
authentication method, but at least some support for email enumeration protection seems to now be possible:
Do an export of the firebase emulators after adding some users:
firebase emulators:export exports
Edit the file exports/auth_export/config.json
Set enableImprovedEmailPrivacy
in the JSON file to true
Import the firebase emulators from the modified config:
firebase emulators:start --import=exports
At this point, the JSON return from invalid logins changes from EMAIL_NOT_FOUND
or INVALID_PASSWORD
to just INVALID_CREDENTIALS
Tested on version 13.7.3 of firebase-tools
After some searching, it seems that this has been added since v13.2.0, (#6702).
[REQUIRED] Environment info
firebase-tools: 13.0.3
Platform: Windows
[REQUIRED] Test case
When enabling Email Enumeration Protection through the firebase console it does not reflect on the authentication emulator when running the emulator with the project id of my firebase project and executing functions like
sendPasswordResetEmail
.[REQUIRED] Steps to reproduce
init the emulators:
boiler plate html:
Click the button to execute the
sendPasswordResetEmail
function with a fake email address not registered in the list of users.[REQUIRED] Expected behavior
Return a
200
status code and the following JSON object:[REQUIRED] Actual behavior
It returns a
400
status code and the following JSON object: