chore(docs): document how auth and user profile email are kept in sync

prescottprue / react-redux-firebase

Redux bindings for Firebase. Includes React Hooks and Higher Order Components.

https://react-redux-firebase.com

MIT License

2.55k stars 556 forks source link

chore(docs): document how auth and user profile email are kept in sync #859

Open matchatype opened 4 years ago

matchatype commented 4 years ago

Updating user email is easy using firebase hooks. You just call firebase.updateEmail('new@email.com').

If you are storing user profiles you can pass a second argument to update the profile as well firebase.updateEmail('new@email.com', true).

However, what happens if the user change his/her mind, and clicks on the email link received from firebase auth? User's email address would be reset to the old one, and now firebase auth and firebase profile would be out of sync, the first one holding the old email address, and the last one the new email address.

I couldn't find an example covering the use case, and I'm not sure what to do. I could keep checking for auth.email to equal profile.email but that looks wasteful. Maybe there's a trigger for a background function to keep things synced on a reset event, however I couldn't really find one.

Any suggestion?

prescottprue commented 4 years ago

When logging in the account is updated from the auth object, so that means that the next time the user logs in, if they did the change through Firebase, they should still have the same UID. That means that the new email should also be written (unless you set updateProfileOnLogin to false).

Is this not what you are seeing? I agree that this should be documented in the profile section just to clarify

matchatype commented 4 years ago

Here's the course of action:

Authenticate the first time using Google provider: a new user is created in firebase auth and a new user is added to the firestore's users collection with matching uid. All good.
I update account email using firebase.updateEmail(email, true): user account in firebase auth is updated with the new email and the firestore's related document in users collection is updated as well. All good.
I receive a notification email from firebase auth at the old email account, confirming the change and asking if I that was a mistake and I want to revert the change. I click on the reset link. firebase auth email account is restored, but firestore's user document in the users collection is not updated. Not good. Once the email is reset, the profile should stay in sync.

Is this behavior expected? Or should sync be performed in all those cases? If I figure this out I'd be happy to update the docs.

matchatype commented 4 years ago

For the sake of completeness, here's my config object:

const config = {
  attachAuthIsReady: true,
  enableClaims: true,
  keysToRemoveFromAuth: [],
  presence: "presence",
  sessions: "sessions",
  useFirestoreForProfile: true,
  useFirestoreForStorageMeta: true,
  userProfile: "users",
  profileFactory: (userData, profileData) => {
    const { providerData, ...profile } = profileData;
    return {
      ...profile,
      emailVerified: userData.emailVerified,
      isAnonymous: userData.isAnonymous
    };
  }
};

prescottprue commented 4 years ago

After your third bullet point, have you tried logging out and back in with the old email (since you have reverted the change?). That is the only way I am thinking it would work is if a client is aware of the UID having the old email since the library is running in client side code.

matchatype commented 4 years ago

Yes I did. Although I am kicked out anyway once I click the link, so logging back in with the old email is required.