firebase / flutterfire

🔥 A collection of Firebase plugins for Flutter apps.
BSD 3-Clause "New" or "Revised" License
8.61k stars 3.95k forks source link

🐛 [firebase_auth] linkWithCredential returns 'blocking-cloud-function-return-error' only in live app, not when emulating Firebase #12473

Open matt-hall-zory opened 6 months ago

matt-hall-zory commented 6 months ago

Bug report

In live deployment only, I cannot call linkWithCredential to upgrade an anonymous account with email/password. beforeCreate is being triggered and aborting the function. In emulated environment this works as expected.

final credential = EmailAuthProvider.credential(email: email, password: password);
final userCredential = await _firebaseAuth.currentUser?.linkWithCredential(credential); // this call throws 'blocking-cloud-function-return-error'

beforeCreate firebase function:

export const beforeCreateFunc = functions.auth.user().beforeCreate(async (user, context) => {
  throw new functions.auth.HttpsError("failed-precondition", "beforeCreate is always blocked");

Steps to reproduce

Steps to reproduce the behavior:

  1. Download
  2. Go through onboarding to create an anonymous account.
  3. Go to the account tab and click 'Sign Up'.
  4. Type in email, password, confirm password and click 'Sign Up'.
  5. Sign Up fails with 'Zory Account Already Exists' and 'blocking-cloud-function-return-error'

When this happens I can see in Firebase logs that 'beforeCreate' has been called. This does not happen when using the emulator.

Expected behavior

beforeCreate should not be called


emulator matches live behaviour so an alternative can be developed

Sample project

It's too challenging to produce a sample project. The issue only occurs on live deployment and would require creation of a firebase project & a flutter project with a live firebase project to test.

Additional context

beforeCreate is always blocked because we need to control when firebase auth records and associated firestore account records are created. We use a custom firebase function to control creation of accounts. beforeCreate should not be called when calling linkWithCredential against an existing anonymous account. linkWithCredential works fine for Sign Up With Google and Sign Up With Apple. Only email/password is affected.

This is a particularly frustrating issue affecting entire customer base. No customers has been able to create an account with email and password for since January 10. Around that time I upgraded firebase_auth from ^4.15.3 to ^4.16.0. Perhaps the issue was introduced then? Currently I'm running latest ^4.17.8 but the issue is still lingering. We have a temporary recourse to remote the ability to sign in with email/password and only allow customers to use Google & Apple. Most frustratingly we have an integration test to test this very issue which has been running successfully, and so the problem slipped through the net and into the wild.

We can't debug this issue successfully as that would require interacting with live Firebase & Firestore accounts.

'blocking-cloud-function-return-error' is not listed anywhere in the documentation.

Flutter doctor

Run flutter doctor and paste the output below:

Click To Expand ``` [✓] Flutter (Channel stable, 3.19.2, on macOS 14.3.1 23D60 darwin-arm64, locale en-AU) [✓] Android toolchain - develop for Android devices (Android SDK version 34.0.0) [✓] Xcode - develop for iOS and macOS (Xcode 15.3) [✓] Chrome - develop for the web [✓] Android Studio (version 2023.2) [✓] VS Code (version 1.87.1) [✓] Connected device (4 available) [✓] Network resources • No issues found! ```

Flutter dependencies

Run flutter pub deps -- --style=compact and paste the output below:

Click To Expand ``` Dart SDK 3.3.0 Flutter SDK 3.19.2 zory 1.0.6+10 dependencies: - auto_route 7.8.4 [flutter path collection meta] - bonsai 1.2.0 [logging] - cached_network_image 3.3.1 [cached_network_image_platform_interface cached_network_image_web flutter flutter_cache_manager octo_image] - carousel_slider 4.2.1 [flutter] - cloud_firestore 4.15.8 [cloud_firestore_platform_interface cloud_firestore_web collection firebase_core firebase_core_platform_interface flutter meta] - cloud_functions 4.6.8 [cloud_functions_platform_interface cloud_functions_web firebase_core firebase_core_platform_interface flutter] - collection 1.18.0 - crypto 3.0.3 [typed_data] - dart_json_mapper 2.2.10 [analyzer build build_config intl meta path reflectable collection pubspec_parse] - dots_indicator 3.0.0 [flutter] - equatable 2.0.5 [collection meta] - firebase_analytics 10.8.9 [firebase_analytics_platform_interface firebase_analytics_web firebase_core firebase_core_platform_interface flutter] - firebase_auth 4.17.8 [firebase_auth_platform_interface firebase_auth_web firebase_core firebase_core_platform_interface flutter meta] - firebase_core 2.27.0 [firebase_core_platform_interface firebase_core_web flutter meta] - firebase_crashlytics 3.4.18 [firebase_core firebase_core_platform_interface firebase_crashlytics_platform_interface flutter stack_trace] - firebase_messaging 14.7.19 [firebase_core firebase_core_platform_interface firebase_messaging_platform_interface firebase_messaging_web flutter meta] - flutter 0.0.0 [characters collection material_color_utilities meta vector_math sky_engine] - flutter_facebook_auth 6.1.1 [flutter flutter_facebook_auth_platform_interface flutter_facebook_auth_web facebook_auth_desktop] - flutter_launcher_icons 0.13.1 [args checked_yaml cli_util image json_annotation path yaml] - flutter_local_notifications 17.0.0 [clock flutter flutter_local_notifications_linux flutter_local_notifications_platform_interface timezone] - flutter_localizations 0.0.0 [flutter intl characters clock collection material_color_utilities meta path vector_math] - flutter_native_splash 2.3.10 [args flutter flutter_web_plugins js html image meta path universal_io xml yaml ansicolor] - flutter_riverpod 2.4.10 [collection flutter meta riverpod state_notifier] - google_sign_in 6.2.1 [flutter google_sign_in_android google_sign_in_ios google_sign_in_platform_interface google_sign_in_web] - google_sign_in_web 0.12.3+3 [flutter flutter_web_plugins google_identity_services_web google_sign_in_platform_interface http web] - http 1.2.0 [async http_parser meta web] - in_app_purchase 3.1.13 [flutter in_app_purchase_android in_app_purchase_platform_interface in_app_purchase_storekit] - in_app_review 2.0.8 [flutter in_app_review_platform_interface] - intl 0.18.1 [clock meta path] - package_info_plus 5.0.1 [ffi flutter flutter_web_plugins http meta path package_info_plus_platform_interface web win32] - percent_indicator 4.2.3 [flutter] - phosphor_flutter 2.0.1 [flutter] - rive 0.13.0 [collection flutter flutter_web_plugins http meta plugin_platform_interface rive_common] - rxdart 0.27.7 - screenshot 2.1.0 [flutter] - scrollable_positioned_list 0.3.8 [flutter collection] - share_plus 7.2.2 [cross_file meta mime flutter flutter_web_plugins share_plus_platform_interface file url_launcher_web url_launcher_windows url_launcher_linux url_launcher_platform_interface ffi win32] - shared_preferences 2.2.2 [flutter shared_preferences_android shared_preferences_foundation shared_preferences_linux shared_preferences_platform_interface shared_preferences_web shared_preferences_windows] - simple_shadow 0.3.1 [flutter] - storyboard 1.0.0 [flutter recase] - timezone 0.9.2 [path] - url_launcher 6.2.5 [flutter url_launcher_android url_launcher_ios url_launcher_linux url_launcher_macos url_launcher_platform_interface url_launcher_web url_launcher_windows] - uuid 4.3.3 [crypto sprintf meta fixnum] dev dependencies: - auto_route_generator 7.3.2 [build source_gen analyzer path build_runner code_builder dart_style xml args glob auto_route] - build_runner 2.4.8 [analyzer args async build build_config build_daemon build_resolvers build_runner_core code_builder collection crypto dart_style frontend_server_client glob graphs http_multi_server io js logging meta mime package_config path pool pub_semver pubspec_parse shelf shelf_web_socket stack_trace stream_transform timing watcher web_socket_channel yaml] - copy_with_extension_gen 5.0.4 [analyzer build source_gen copy_with_extension meta] - custom_lint 0.5.11 [analyzer analyzer_plugin args async ci cli_util collection freezed_annotation json_annotation meta package_config path pub_semver pubspec_parse rxdart uuid yaml] - fake_cloud_firestore 2.4.8 [flutter cloud_firestore cloud_firestore_platform_interface collection plugin_platform_interface quiver rxdart mock_exceptions fake_firebase_security_rules rx equatable clock] - firebase_auth_mocks 0.13.0 [flutter firebase_auth firebase_core meta equatable dart_jsonwebtoken uuid firebase_auth_platform_interface mock_exceptions] - flutter_lints 3.0.1 [lints] - flutter_test 0.0.0 [flutter test_api matcher path fake_async clock stack_trace vector_math leak_tracker_flutter_testing async boolean_selector characters collection leak_tracker leak_tracker_testing material_color_utilities meta source_span stream_channel string_scanner term_glyph vm_service] - integration_test 0.0.0 [flutter flutter_driver flutter_test path vm_service async boolean_selector characters clock collection fake_async file leak_tracker leak_tracker_flutter_testing leak_tracker_testing matcher material_color_utilities meta source_span stack_trace stream_channel string_scanner sync_http term_glyph test_api vector_math webdriver] - mocktail 1.0.3 [collection matcher test_api] - package_rename 1.5.3 [args html logger yaml] - path 1.9.0 - riverpod_lint 2.1.1 [analyzer analyzer_plugin collection custom_lint_builder meta path riverpod riverpod_analyzer_utils source_span yaml] transitive dependencies: - _fe_analyzer_shared 61.0.0 [meta] - _flutterfire_internals 1.3.25 [collection firebase_core firebase_core_platform_interface flutter meta] - adaptive_number 1.0.0 [fixnum] - analyzer 5.13.0 [_fe_analyzer_shared collection convert crypto glob meta package_config path pub_semver source_span watcher yaml] - analyzer_plugin 0.11.2 [analyzer collection dart_style pub_semver yaml] - ansicolor 2.0.2 - antlr4 4.13.1 [logging collection] - archive 3.4.10 [crypto path pointycastle] - args 2.4.2 - async 2.11.0 [collection meta] - boolean_selector 2.1.1 [source_span string_scanner] - build 2.4.1 [analyzer async convert crypto glob logging meta package_config path] - build_config 1.1.1 [checked_yaml json_annotation path pubspec_parse yaml] - build_daemon 4.0.1 [built_collection built_value crypto http_multi_server logging path pool shelf shelf_web_socket stream_transform watcher web_socket_channel] - build_resolvers 2.4.2 [analyzer async build collection convert crypto graphs logging package_config path pool pub_semver stream_transform yaml] - build_runner_core 7.3.0 [async build build_config build_resolvers collection convert crypto glob graphs json_annotation logging meta package_config path pool timing watcher yaml] - built_collection 5.1.1 - built_value 8.9.1 [built_collection collection fixnum meta] - cached_network_image_platform_interface 4.0.0 [flutter flutter_cache_manager] - cached_network_image_web 1.1.1 [cached_network_image_platform_interface flutter flutter_cache_manager] - cel 0.5.3 [antlr4 collection equatable] - characters 1.3.0 - checked_yaml 2.0.3 [json_annotation source_span yaml] - ci 0.1.0 - cli_util 0.4.1 [meta path] - clock 1.1.1 - cloud_firestore_platform_interface 6.1.9 [_flutterfire_internals collection firebase_core flutter meta plugin_platform_interface] - cloud_firestore_web 3.10.8 [_flutterfire_internals cloud_firestore_platform_interface collection firebase_core firebase_core_web flutter flutter_web_plugins js] - cloud_functions_platform_interface 5.5.19 [firebase_core flutter meta plugin_platform_interface] - cloud_functions_web 4.7.2 [cloud_functions_platform_interface firebase_core firebase_core_web flutter flutter_web_plugins js web] - code_builder 4.10.0 [built_collection built_value collection matcher meta] - convert 3.1.1 [typed_data] - copy_with_extension 5.0.4 [meta] - cross_file 0.3.3+8 [meta web] - csslib 1.0.0 [source_span] - custom_lint_builder 0.5.14 [analyzer analyzer_plugin collection custom_lint custom_lint_core glob hotreloader meta package_config path pubspec_parse rxdart] - custom_lint_core 0.5.14 [analyzer analyzer_plugin collection custom_lint matcher meta package_config path pubspec_parse source_span yaml] - dart_jsonwebtoken 2.13.0 [crypto pointycastle convert collection ed25519_edwards clock] - dart_style 2.3.2 [analyzer args path pub_semver source_span] - dbus 0.7.10 [args ffi meta xml] - ed25519_edwards 0.3.1 [collection crypto convert adaptive_number] - facebook_auth_desktop 1.0.3 [flutter http flutter_secure_storage flutter_facebook_auth_platform_interface] - fake_async 1.3.1 [clock collection] - fake_firebase_security_rules 0.5.3 [antlr4 cel equatable logger tuple] - ffi 2.1.2 - file 7.0.0 [meta path] - firebase_analytics_platform_interface 3.9.9 [_flutterfire_internals firebase_core flutter meta plugin_platform_interface] - firebase_analytics_web 0.5.5+21 [_flutterfire_internals firebase_analytics_platform_interface firebase_core firebase_core_web flutter flutter_web_plugins js] - firebase_auth_platform_interface 7.1.8 [_flutterfire_internals collection firebase_core flutter meta plugin_platform_interface] - firebase_auth_web 5.9.8 [firebase_auth_platform_interface firebase_core firebase_core_web flutter flutter_web_plugins http_parser js meta web] - firebase_core_platform_interface 5.0.0 [collection flutter flutter_test meta plugin_platform_interface] - firebase_core_web 2.11.5 [firebase_core_platform_interface flutter flutter_web_plugins js meta web] - firebase_crashlytics_platform_interface 3.6.25 [_flutterfire_internals collection firebase_core flutter meta plugin_platform_interface] - firebase_messaging_platform_interface 4.5.27 [_flutterfire_internals firebase_core flutter meta plugin_platform_interface] - firebase_messaging_web 3.6.8 [_flutterfire_internals firebase_core firebase_core_web firebase_messaging_platform_interface flutter flutter_web_plugins js meta web] - fixnum 1.1.0 - flutter_cache_manager 3.3.1 [clock collection file flutter http path path_provider rxdart sqflite uuid] - flutter_driver 0.0.0 [file flutter flutter_test fuchsia_remote_debug_protocol path meta vm_service webdriver async boolean_selector characters clock collection leak_tracker leak_tracker_flutter_testing leak_tracker_testing matcher material_color_utilities platform process source_span stack_trace stream_channel string_scanner sync_http term_glyph test_api vector_math] - flutter_facebook_auth_platform_interface 5.0.0 [flutter plugin_platform_interface] - flutter_facebook_auth_web 5.0.0 [flutter flutter_web_plugins js flutter_facebook_auth_platform_interface] - flutter_local_notifications_linux 4.0.0+1 [dbus ffi flutter flutter_local_notifications_platform_interface path xdg_directories] - flutter_local_notifications_platform_interface 7.0.0+1 [flutter plugin_platform_interface] - flutter_secure_storage 9.0.0 [flutter flutter_secure_storage_linux flutter_secure_storage_macos flutter_secure_storage_platform_interface flutter_secure_storage_web flutter_secure_storage_windows meta] - flutter_secure_storage_linux 1.2.0 [flutter flutter_secure_storage_platform_interface] - flutter_secure_storage_macos 3.0.1 [flutter flutter_secure_storage_platform_interface] - flutter_secure_storage_platform_interface 1.0.2 [flutter plugin_platform_interface] - flutter_secure_storage_web 1.1.2 [flutter flutter_secure_storage_platform_interface flutter_web_plugins js] - flutter_secure_storage_windows 3.0.0 [ffi flutter flutter_secure_storage_platform_interface path path_provider win32] - flutter_web_plugins 0.0.0 [flutter characters collection material_color_utilities meta vector_math] - freezed_annotation 2.4.1 [collection json_annotation meta] - frontend_server_client 3.2.0 [async path] - fuchsia_remote_debug_protocol 0.0.0 [process vm_service file meta path platform] - glob 2.1.2 [async collection file path string_scanner] - google_identity_services_web 0.3.0+2 [meta web] - google_sign_in_android 6.1.21 [flutter google_sign_in_platform_interface] - google_sign_in_ios 5.7.4 [flutter google_sign_in_platform_interface] - google_sign_in_platform_interface 2.4.5 [flutter plugin_platform_interface] - graphs 2.3.1 [collection] - hotreloader 4.2.0 [collection logging path stream_transform vm_service watcher] - html 0.15.4 [csslib source_span] - http_multi_server 3.2.1 [async] - http_parser 4.0.2 [collection source_span string_scanner typed_data] - image 4.1.7 [archive meta xml] - in_app_purchase_android 0.3.1 [collection flutter in_app_purchase_platform_interface json_annotation] - in_app_purchase_platform_interface 1.3.7 [flutter plugin_platform_interface] - in_app_purchase_storekit 0.3.12 [collection flutter in_app_purchase_platform_interface json_annotation] - in_app_review_platform_interface 2.0.5 [flutter url_launcher plugin_platform_interface platform] - io 1.0.4 [meta path string_scanner] - js 0.6.7 [meta] - json_annotation 4.8.1 [meta] - leak_tracker 10.0.0 [clock collection meta path vm_service] - leak_tracker_flutter_testing 2.0.1 [flutter leak_tracker leak_tracker_testing matcher meta] - leak_tracker_testing 2.0.1 [leak_tracker matcher meta] - lints 3.0.0 - logger 2.0.2+1 - logging 1.2.0 - matcher 0.12.16+1 [async meta stack_trace term_glyph test_api] - material_color_utilities 0.8.0 [collection] - meta 1.11.0 - mime 1.0.5 - mock_exceptions 0.8.2 [matcher] - more 4.2.0 [characters clock collection meta] - octo_image 2.0.0 [flutter] - package_config 2.1.0 [path] - package_info_plus_platform_interface 2.0.1 [flutter meta plugin_platform_interface] - path_provider 2.1.2 [flutter path_provider_android path_provider_foundation path_provider_linux path_provider_platform_interface path_provider_windows] - path_provider_android 2.2.2 [flutter path_provider_platform_interface] - path_provider_foundation 2.3.2 [flutter path_provider_platform_interface] - path_provider_linux 2.2.1 [ffi flutter path path_provider_platform_interface xdg_directories] - path_provider_platform_interface 2.1.2 [flutter platform plugin_platform_interface] - path_provider_windows 2.2.1 [ffi flutter path path_provider_platform_interface win32] - petitparser 6.0.2 [meta] - platform 3.1.4 - plugin_platform_interface 2.1.8 [meta] - pointycastle 3.7.4 [collection convert js] - pool 1.5.1 [async stack_trace] - process 5.0.2 [file path platform] - pub_semver 2.1.4 [collection meta] - pubspec_parse 1.2.3 [checked_yaml collection json_annotation pub_semver yaml] - quiver 3.2.1 [matcher] - recase 4.1.0 - reflectable 4.0.5 [analyzer build build_resolvers build_config build_runner build_runner_core dart_style glob logging package_config path source_span] - rive_common 0.3.2 [collection ffi flutter flutter_web_plugins graphs http meta plugin_platform_interface] - riverpod 2.5.0 [meta stack_trace state_notifier] - riverpod_analyzer_utils 0.3.4 [analyzer collection crypto custom_lint_core freezed_annotation meta path source_span] - rx 0.3.0 [collection matcher meta more] - share_plus_platform_interface 3.3.1 [cross_file flutter meta mime plugin_platform_interface path_provider uuid] - shared_preferences_android 2.2.1 [flutter shared_preferences_platform_interface] - shared_preferences_foundation 2.3.5 [flutter shared_preferences_platform_interface] - shared_preferences_linux 2.3.2 [file flutter path path_provider_linux path_provider_platform_interface shared_preferences_platform_interface] - shared_preferences_platform_interface 2.3.2 [flutter plugin_platform_interface] - shared_preferences_web 2.2.2 [flutter flutter_web_plugins shared_preferences_platform_interface web] - shared_preferences_windows 2.3.2 [file flutter path path_provider_platform_interface path_provider_windows shared_preferences_platform_interface] - shelf 1.4.1 [async collection http_parser path stack_trace stream_channel] - shelf_web_socket 1.0.4 [shelf stream_channel web_socket_channel] - sky_engine 0.0.99 - source_gen 1.5.0 [analyzer async build dart_style glob path source_span yaml] - source_span 1.10.0 [collection path term_glyph] - sprintf 7.0.0 - sqflite 2.3.2 [flutter sqflite_common path] - sqflite_common 2.5.3 [synchronized path meta] - stack_trace 1.11.1 [path] - state_notifier 1.0.0 [meta] - stream_channel 2.1.2 [async] - stream_transform 2.1.0 - string_scanner 1.2.0 [source_span] - sync_http 0.3.1 - synchronized 3.1.0+1 - term_glyph 1.2.1 - test_api 0.6.1 [async boolean_selector collection meta source_span stack_trace stream_channel string_scanner term_glyph] - timing 1.0.1 [json_annotation] - tuple 2.0.2 - typed_data 1.3.2 [collection] - universal_io 2.2.2 [collection meta typed_data] - url_launcher_android 6.3.0 [flutter url_launcher_platform_interface] - url_launcher_ios 6.2.4 [flutter url_launcher_platform_interface] - url_launcher_linux 3.1.1 [flutter url_launcher_platform_interface] - url_launcher_macos 3.1.0 [flutter url_launcher_platform_interface] - url_launcher_platform_interface 2.3.2 [flutter plugin_platform_interface] - url_launcher_web 2.2.3 [flutter flutter_web_plugins url_launcher_platform_interface web] - url_launcher_windows 3.1.1 [flutter url_launcher_platform_interface] - vector_math 2.1.4 - vm_service 13.0.0 - watcher 1.1.0 [async path] - web 0.4.2 - web_socket_channel 2.4.3 [async crypto stream_channel web] - webdriver 3.0.3 [matcher path stack_trace sync_http] - win32 5.2.0 [ffi] - xdg_directories 1.0.4 [meta path] - xml 6.5.0 [collection meta petitparser] - yaml 3.1.2 [collection source_span string_scanner] ```

matt-hall-zory commented 6 months ago

I pinned firebase_auth to 4.15.3 but that didn't fix the issue.

Lyokone commented 6 months ago

Hello @matt-hall-zory, thanks for the report. According to the documentation:,

Anonymous and custom authentication do not trigger blocking functions.

So it would make sense that the function is triggered when linking an anonymous to a credential. Not sure about the behaviour using the emulator but the live behavior seems fine.

matt-hall-zory commented 6 months ago

This is new behavior as of two months ago. My app would require a significant rewrite. I'm not even sure HOW I would restructure it.

In addition, why would email/password linking trigger the block, but Sign In With Google and Sign In With Apple would not.

Either way, IF this is the new desired workflow, the emulator must match the live workflow or I can't code and test around it.

Lyokone commented 6 months ago

I've run it internally and we recently had some changes around this function, see here:

matt-hall-zory commented 6 months ago

I'm not sure how 12313 issue is related. I'm unable to downgrade my SDK to get around the problem. I've recently updated the SDK in the app and server side is also up to date but with no luck.

matt-hall-zory commented 4 months ago

I've managed to create an MCVE for this task. I have also forwarded this issue to Firebase support. Image of the reproduced bug is attached. linkWithCredential-bug

Lyokone commented 2 months ago

Hello @matt-hall-zory, we had a couple of fixes around this in the Emulator as well as in the Native SDKs. Are you still seeing the same issue?

google-oss-bot commented 1 month ago

Hey @matt-hall-zory. We need more information to resolve this issue but there hasn't been an update in 7 weekdays. I'm marking the issue as stale and if there are no new updates in the next 7 days I will close it automatically.

If you have more information that will help us get to the bottom of this, just add a comment!

matt-hall-zory commented 1 month ago

I was told that rather than fixing the bug, the emulator would be updated to match live behaviour. I ran my integration tests against latest late last week, but it was still passed (and therefore emulator has not been fixed to match main). Did you run against my minimal reproducible project? Are you suggesting that the bug will be addressed in live? I'm currently out of office. I'll be able to test the MCVE when I get back in 2 weeks.

matt-hall-zory commented 1 month ago

OK! So I tested the MCVE. I verify that the behaviour of the emulator matches that of live now. I was able to create an anonymous account, then upgrade it to email/password authorized account without the blocking function being triggered. Thank you! Note that I was initially confused as I was told that the emulator would be modified to match live behaviour and not the other way around (so that's what I have been testing for).