quickstarts/email-users/ --> Username and Password not accepted (3 times and rechecked)

[davidtaubmann]

We have been implementing the quickstarts/email-users/

With a bit of trouble and some tricky kind of error in every step always but we've managed to get to the final steps.

Nevertheless, on the last part (the test to trigger the Functions) as we got no email we checked the Registry tab in the Functions section of the Firebase Console and we found the error mentioned. So the Functions were correctly saved, the trigger is being fired correctly in both cases (new and deleted accounts) but when the Function tries to send the email it returns the error mentioned Error: Invalid login: 535-5.7.8 Username and Password not accepted.

We have already followed the process mentioned in the "Learn more link" included in the error (Verified password, Allowed less secure apps, and DisplayUnlockCaptcha button) with two different email accounts in GSuite (obviously redefining the node vars and redeploying the functions in both cases as Node asks) but it keeps saying the same, even after the third change of account, redeploy and less secure apps allowance.

Any idea on what could be the matter? Or should we try with an account outside Google's domains?

[nicolasgarnier]

Do you have 2-step auth enabled on these accounts by any chance? If so you should use an app specific password use this link to generate one: https://security.google.com/settings/security/apppasswords (and you may try that anyways, even if you don't have 2-step auth) Let me know if that worked for you and I'll add a note in the README :)

[davidtaubmann]

Hmm, nop... Both are GSuites accounts without 2-step auth (one Legacy, the other is a payed account), and when trying to access the link you gave we get an error "The setting you are looking for is not available for your account.".

I'll edit this answer upon this following tests:

Trying with a gmail account: Functions returns the same error, the link gives the same error. Trying with a Zoho account (addapted also the smtps address in functions/index.js line 26 to smtp.zoho.com, and redeployed as always): Results in a different error, maybe Functions is being limited to send emails only through google:

Error: getaddrinfo ENOTFOUND smtp.zoho.com smtp.zoho.com:465 at errnoException (dns.js:28:10) at GetAddrInfoReqWrap.onlookup [as oncomplete] (dns.js:76:26)

Trying with a cPanel webmail:

[nicolasgarnier]

I think you may have to enable this setting on your Gsuite domain:

"Allow access for less secure apps" via the URL https://admin.google.com/AdminHome#ServiceSettings/notab=1&service=securitysetting&subtab=lesssecureappsaccess

Then this should allow you to generate app specific passwords which you may or may not need after this setting has been enabled. Things are definitely working for me using my Gmail account and using my google.com account (which is Gsuite more or less and has that setting enabled)

[davidtaubmann]

Thanks Nicolas, but as stated in the first comment of this thread, we "Allowed less secure apps, and DisplayUnlockCaptcha button" since the first error, in both Gsuites accounts (with the links given on the description of the error: https://www.google.com/settings/security/lesssecureapps and https://accounts.google.com/DisplayUnlockCaptcha).

We have just tried with zoho and we get the mentioned error in the comment just above that I've been updating with the tests, It's only missing the last one (cPanel email).

[nicolasgarnier]

For the Error: getaddrinfo ENOTFOUND smtp.zoho.com smtp.zoho.com:465 error you need to enable billing on your account. Currently external requests are disabled by default for non-billing enabled account (eventually we'll throw a better error message at some poin)

[nicolasgarnier]

but as stated in the first comment of this thread, we "Allowed less secure apps"...

Oops sorry for missing that. By the way it seems that from this thread this feature might take 24h to activate in some case (in case you just turned that on).

[davidtaubmann]

So, the test on cPanel mail has no case...

Has someone managed to achieve this example with a testing account in Firebase?

So, where's the error? The procedure each time is:

1. https://www.google.com/settings/security/lesssecureapps - OK
2. https://accounts.google.com/DisplayUnlockCaptcha - OK
3. https://security.google.com/settings/security/apppasswords - ERR "The setting you are looking for is not available for your account."
4. firebase functions:config:set gmail.email='myusername@gmail.com' gmail.password='secretpassword'
5. firebase deploy --only functions - OK
6. Test of new or deleted account - OK
7. Response in Functions Registries - ERRs:

Billing account not configured. External network is not accessible and quotas are severily limited. Configure billing account to remove these restrictions

AND

Error: Invalid login: 535-5.7.8 Username and Password not accepted. Learn more at 535 5.7.8 https://support.google.com/mail/?p=BadCredentials r197sm152489itb.15 - gsmtpat SMTPConnection._formatError (/user_code/node_modules/nodemailer/node_modules/smtp-connection/lib/smtp-connection.js:528:15) at SMTPConnection._actionAUTHComplete (/user_code/node_modules/nodemailer/node_modules/smtp-connection/lib/smtp-connection.js:1231:30) at SMTPConnection. (/user_code/node_modules/nodemailer/node_modules/smtp-connection/lib/smtp-connection.js:319:22) at SMTPConnection._processResponse (/user_code/node_modules/nodemailer/node_modules/smtp-connection/lib/smtp-connection.js:669:16) at SMTPConnection._onData (/user_code/node_modules/nodemailer/node_modules/smtp-connection/lib/smtp-connection.js:493:10) at emitOne (events.js:96:13) at TLSSocket.emit (events.js:188:7) at readableAddChunk (_stream_readable.js:176:18) at TLSSocket.Readable.push (_stream_readable.js:134:10) at TLSWrap.onread (net.js:548:20)

[nicolasgarnier]

I'm not a Gsuite specialist but my intuition is that the "less secure app" option (1.) is taking a while to activate, otherwise you should have already access to the app password page (3.).

For any real apps I'd recommend you create an account with Sendgrid, Mailjet or Mailgun. Use these links as they come with a large free tier as well. they have noce Node SDKs too. We have some samples in the AppEngine Node docs: SendGrid, MailJet.

[davidtaubmann]

LOL, ok... this nightmare seems to be continuing all through the end of this amazing week already (we have been on this struggle since last Friday).

Correct me if I'm wrong in the statements at the end of each point:

1. Our app is being developed in Firebase, so the triggers should come from Firebase, so the examples and solutions you mention that use Third Partiy emailers can only be used on GCP Billing-enabled accounts.
2. This functionality will be a bit complicated to be implemented directly in our almost finished app (which does has a billing-enabled account in GCP), so we are first trying this email-users example directly on a test project (which obviously will not be a billing-enabled account ever) and the test should be working with the nodemailer directly.
3. But the connection nodemailer is trying to the gmail smtp might only work with App passwords, so we should better wait until being able to use an App (specific) password for the outgoing gmail account (nothing to do for the rest of the day, other than wait until tomorrow).

Correct?

[nicolasgarnier]

1. Yes, external requests will work on Functions if you have enabled Billing on GCP or if you are on the Flame or Blaze Firebase plan.
2. Yes that particular sample does not need to have billing enabled because requests to the Gmail SMTP work with free projects.
3. Maybe I hope this will work after 24h. IMO you should just test with a GMail account for now to make sure everything else work and make sure the issue with just with GSuite.

Side note: my advice is that you should enable billing even on test/dev projects. There are other features and APIs of Google Cloud that only works with billing enable projects (the Cloud Vision API for instance). It does not mean that you will be billed anything though since usually many products come with a free tier that should be enough for development. Enabling billing is mostly here to prevent abuse. However it's good to note that The Realtime Database is one of the notable exceptions where there is no free tier for Billing enabled projects which means you may be charged right away when you enable billing and use the RTDB.

[davidtaubmann]

ok, I'll wait for tests with gMail tomorrow and let you know here how it went.

About Billing-Enabled accounts, you got me a bit mixed with the last phrase in your Side Note (The Realtime Database is one of the notable exceptions where there is no free tier for Billing enabled projects)... Because it contradicts what we understand from the Pricing site in Firebase:

BLAZE-Realtime Database-Simultaneous connections: UNLIMITED... There is a limit of 100,000 simulateneous connections per database on the Flame and Blaze plans. See Pricing FAQ for more information.

[nicolasgarnier]

Well what I meant is: there is no free tier for the realtime database once you enable billing. So you will start paying as soon as you use the realtime DB on a Billing-enabled account.

On the other hand, for instance, Cloud Functions says:

On the Blaze plan, Cloud Functions provides a perpetual free tier. The first 2,000,000 invocations, 400,000 GB-sec, 200,000 CPU-sec, and 5GB of Internet egress traffic is provided for free each month. You are only charged on usage past this free allotment

What you quoted means there is a "hard" limit (that can be removed manually by support) of 100,000 simultaneous connections. This doesn't mention anything is free though.

[nicolasgarnier]

Just to illustrate: If you have 1 GB stored on the Realtime Database this is free on the Spark plan. But if you switch to the Blaze plan you will be billed 5 USD/month. The Blaze plan does not include a free tier of 1 GB of storage which may be counter-intuitive so I wanted to point that out.

[davidtaubmann]

Ok, your last comment helped a lot to understand what you mean, so there's no free tier for DATA STORED in the RealTimeDatabase for Blaze package... and indeed, it seems there's no free tier in anything under Blaze package, meaning that at least we are paying almost 7 bucks every month if I understand it correctly.

Now I get your point, we never analyzed Blaze plan deeply, since we are under development we never thought we would be charged something since the metrics of the Spark plan sounded just enough.

WELL, going back to the matter in here. One day later we have already the billing activated and the Blaze package is visible in the console of this test app, but the https://security.google.com/settings/security/apppasswords is still not working (neither in gmail, nor in Gsuite payed account after 24 hours from both ¿!? does it need a manual procedure that would be done until monday or what?) and the tests for this Firebase Function that tries to send an email through SMTP throws the following registries (the billing not configured flag is obviously not there any more):

Trying with a gmail account: STILL the same Username and Password error ¿!? (I'll include it entirely at the end of the post again, maybe you can find something helpful) Trying with a gSuite account: STILL the same Username and Password error Trying with a Zoho account (changed also smtp address in functions file): Error: Invalid login: 535 Authentication Failed (very different from last one... but credentials are correct) Trying with cPanel account (changed also smtp address in functions file): Error: Invalid login: 535 Incorrect authentication data (very different from the ones above) Trying with SendGrid: in process... will update here later Trying with Mailjet in process... will update here later

Based on your comment ("eventually we'll throw a better error message at some poin") I feel the Node.js platform of the Firebase Functions servers isn't still allowed to establish SMTP connections, or maybe we need to do something else somewhere to activate it.

Error: Invalid login: 535-5.7.8 Username and Password not accepted. Learn more at 535 5.7.8 https://support.google.com/mail/?p=BadCredentials b129sm1867886itc.3 - gsmtp at SMTPConnection._formatError (/user_code/node_modules/nodemailer/node_modules/smtp-connection/lib/smtp-connection.js:528:15) at SMTPConnection._actionAUTHComplete (/user_code/node_modules/nodemailer/node_modules/smtp-connection/lib/smtp-connection.js:1231:30) at SMTPConnection. (/user_code/node_modules/nodemailer/node_modules/smtp-connection/lib/smtp-connection.js:319:22) at SMTPConnection._processResponse (/user_code/node_modules/nodemailer/node_modules/smtp-connection/lib/smtp-connection.js:669:16) at SMTPConnection._onData (/user_code/node_modules/nodemailer/node_modules/smtp-connection/lib/smtp-connection.js:493:10) at emitOne (events.js:96:13) at TLSSocket.emit (events.js:188:7) at readableAddChunk (_stream_readable.js:176:18) at TLSSocket.Readable.push (_stream_readable.js:134:10) at TLSWrap.onread (net.js:548:20)

[nicolasgarnier]

Mhh it looks like the credentials are not passed correctly Have you add logs to make sure the values of the password/email are correct:

const gmailEmail = encodeURIComponent(functions.config().gmail.email);
const gmailPassword = encodeURIComponent(functions.config().gmail.password);

add this below:

console.log(gmailEmail);
console.log(gmailPassword);

Just in case. And also check by running the following commands:

firebase functions:config:get

[nicolasgarnier]

And make sure you have updated to the latest version of the firebase CLI (to v3.5.0) check it using firebase version. If you were part of the Alpha trusted tester and are still using 3.4.0 there was a bug when setting the two config variables at once...

[davidtaubmann]

LOL!

The firebase functions:config:get helped a lot:

"gmail": { "password": "'secretpassword'", "email": "'myusername@gmail.com'" }

As I see, there's a second quote inside the variable.... Let's make a complete test removing quotes from the setter string: firebase functions:config:set gmail.email=myusername@gmail.com gmail.password=secretpassword AMAZING! MARVELOUS!! Thanks!

gMail: Works! (First try asked for less secure apps auth by loging Error: Invalid login: 534-5.7.14) gSuite: Works! Zoho: Works! (First gave error because index.js from email isn't the same one as logged by smtp and it doesn't forces the change as gMail does, once changed it worked fine, but returns no email success log in the Registries, only the start and end) cPanel: Works! (and it did returned email success log)

So, the problem comes from the setter code you included in the instructions (https://github.com/firebase/functions-samples/tree/master/quickstarts/email-users), so I would recommend you to remmove the quotes, and just put an advice for the users who get an error to include quotes.

Note: https://security.google.com/settings/security/apppasswords STILL not working (gsuite, nor gmail)

THANKS! JUST ONE TINY FAST QUESTION: Where would you recommend us to register or announce our App as a 100% Firebase Progressive WebApp once it is finished (contests, lists. news, blogs, etc)??

[jamesdaniels]

@davidtaubmann can you open an issue on firebase/firebase-tools RE the extraneous quotes? Also you should contact G Suite support RE your app password.

Feel free to share what you've built on the Firebase Google Group :smile:

[petargeorgiev123]

For some mystery reason the encodeURIComponent(functions.config().gmail.email); returns to me the @ symbol with html representation ("prueba%40gmail.com"), so this was my reason to get the error

[tribby5]

I am still having a problem with this Quickstart even though I have fixed both of the issues above.

In regards to the above issue, encodeURI(functions.config().gmail.email); fixes the problem with the faulty html conversion for '@' because encodeURIComponent doesn't correctly translate '@'. I also used encodeURI for the password field. I logged both of these fields and they are correct.

Additionally, I have used firebase functions:config:get and both my gmail and password were correct and not mistranslated with extra quotations like they were for @davidtaubmann.

However like others, my app passwords fail. Today was the first day I enabled "allow access for less secure app" so would that be a possible reason for it failing, as that may take time to process?

[tribby5]

Fixed it by replacing the original nodemailer.createTransport code with this:

const mailTransport = nodemailer.createTransport({ service: 'Gmail', auth: { user: gmailEmail, pass: gmailPassword } });

[markodayan]

Hi there, just to add on here... I spent a good few hours also puzzled about why my email and password was being rejected. It turns out the encodingtoURI is not needed. If you do use the encodingtoURI, your login will fail.

Example: encodingtoURI gives email the result ---> example%40gmail.com Whereas excluding that will give you what is expected by the cloud function (example@gmail.com)

This is the current code: const gmailEmail = encodeURIComponent(functions.config().gmail.email); const gmailPassword = encodeURIComponent(functions.config().gmail.password);

Change it to the following:

const gmailEmail = functions.config().gmail.email; const gmailPassword = functions.config().gmail.password;

All you have to change is two lines of code. Hope this helps someone who hit the same block as I did. I strongly encourage admin to update the example doc immediately please. This was my first experience with Cloud Functions and email client so I was terribly confused! Well I guess i should of been console logging so I could of found out sooner lol -_-

[MartonEstok]

Just FYI I used the sample code exactly as found in this repo and had the above credentials issue. Now, after over 48 hours it started to work. So apparently it may take a very long time for the 'allow less secure apps' thing to work.

[iMnoorfahad]

i also faced problem to sending email using account

Error: Invalid login: 534-5.7.14 <https://accounts.google.com/signin/continue?sarp=1&scc=1&plt=AKgnsbs- 534-5.7.14 3WKMnnjTmWnx3Op7hSdf2BXGhSo2hCX1CeTDDqc1q5Pn2E3FC_V8gg-UJn1s0zPF4AD-Wj 534-5.7.14 mpySp7sYQqAfCUNwJrwJEJJvelo-jtHPFnjdBPb9ADv1JqMbFPih_uF3Gil3se> Please 534-5.7.14 log in via your web browser and then try again. 534-5.7.14 Learn more at 534 5.7.14 https://support.google.com/mail/answer/78754 q66sm1392200ili.69 - gsmtp at SMTPConnection._formatError (/srv/node_modules/nodemailer/lib/smtp-connection/index.js:771:19) at SMTPConnection._actionAUTHComplete (/srv/node_modules/nodemailer/lib/smtp-connection/index.js:1505:34) at SMTPConnection._responseActions.push.str (/srv/node_modules/nodemailer/lib/smtp-connection/index.js:544:26) at SMTPConnection._processResponse (/srv/node_modules/nodemailer/lib/smtp-connection/index.js:929:20) at SMTPConnection._onData (/srv/node_modules/nodemailer/lib/smtp-connection/index.js:736:14) at TLSSocket.SMTPConnection._onSocketData.chunk (/srv/node_modules/nodemailer/lib/smtp-connection/index.js:189:44) at emitOne (events.js:116:13) at TLSSocket.emit (events.js:211:7) at addChunk (_stream_readable.js:263:12) at readableAddChunk (_stream_readable.js:250:11) code: 'EAUTH', response: '534-5.7.14 <https://accounts.google.com/signin/continue?sarp=1&scc=1&plt=AKgnsbs-\n534-5.7.14 3WKMnnjTmWnx3Op7hSdf2BXGhSo2hCX1CeTDDqc1q5Pn2E3FC_V8gg-UJn1s0zPF4AD-Wj\n534-5.7.14 mpySp7sYQqAfCUNwJrwJEJJvelo-jtHPFnjdBPb9ADv1JqMbFPih_uF3Gil3se> Please\n534-5.7.14 log in via your web browser and then try again.\n534-5.7.14 Learn more at\n534 5.7.14 https://support.google.com/mail/answer/78754 q66sm1392200ili.69 - gsmtp', responseCode: 534, command: 'AUTH PLAIN'

[stev3]

I had a $ in my password, which I didn't realize was stripping my string until I checked my config:

firebase functions:config:get