I have an app on iOS and when user is Signed up (so it’s email and id is in firebase authenticated user) i used sendPasswordReset function to reset password and it’s working well, but if I type email that I don’t have in firebase function is still working(i think it should throw an error that "In firebase there is no an account like this" ). Please help me…
i wrote this functions in my AuthManager and pass in to the view:
func resetPassword(email: String) async throws {
do {
try await auth.sendPasswordReset(withEmail: email)
} catch {
print("Throw an error")
throw AuthErrorHandler.resetPasswordError
}
}
@MainActor
final class PasswordRecoveryViewModel: ObservableObject {
@Inject private var authenticationManager: AuthenticationManagerInterface
@Published var email: String = ""
func resetPassword() async throws {
try validation()
try await authenticationManager.resetPassword(email: email)
}
private func validation() throws {
try Validation.validateField(email, fieldName: "email")
try Validation.validateEmail(email: email)
}
}
private var recoveryButton: some View {
Button {
Task {
do {
try await viewModel.resetPassword()
print("password reset!")
launchViewModel.showRecoveryView.toggle()
} catch {
self.launchViewModel.error = error
}
}
} label: {
Text("Recovery now!")
.withMainButtonViewModifier()
}
}
2
Answers
On Firebase projects that were created since September 15 the email enumeration protection setting is enabled by default. This changes the responses you get back from the API to make it impossible for malicious users to use these APIs to scan your project, but unfortunately also makes your use-case impossible.
For more on this, see the docs I linked and:
I think maybe you need to check your Web API Key from firebase and from your app, they’re the same or not?If not the same api key, delete the old project and you need to recreate your project firebase and download GoogleService-Info.plist and add the new plist to your app. I think maybe ok!