@react-native-firebase/auth 22.0.0 → 22.2.0

package/CHANGELOG.md

@@ -3,6 +3,24 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [22.2.0](https://github.com/invertase/react-native-firebase/compare/v22.1.0...v22.2.0) (2025-05-12)
+
+### Bug Fixes
+
+- **auth, expo:** lowercase `String?` in swift using `.lowercased()` ([af435e8](https://github.com/invertase/react-native-firebase/commit/af435e8b8bc84a98e4fab336ade6952178c7f6f8))
+- **auth:** missing PhoneMultiFactorGenerator export ([aaaec03](https://github.com/invertase/react-native-firebase/commit/aaaec03bba10c68d0f700b6c4b26a17c467f71bb))
+
+## [22.1.0](https://github.com/invertase/react-native-firebase/compare/v22.0.0...v22.1.0) (2025-04-30)
+
+### Features
+
+- **auth, expo:** add support for AppDelegate.swift ([e4966ef](https://github.com/invertase/react-native-firebase/commit/e4966ef3b692b3b8a3b89fbf54a0a0d59ca06ab6))
+
+### Bug Fixes
+
+- **auth, android:** catch native error in signWithEmailLink ([a08580e](https://github.com/invertase/react-native-firebase/commit/a08580e29d672af99e890a60dbef8aba094b697c))
+- **auth:** delegate modular `multiFactor` to MultiFactorUser constructor ([0937c77](https://github.com/invertase/react-native-firebase/commit/0937c77c9642da082de34de39cbf6a1847ae065c))
+
 ## [22.0.0](https://github.com/invertase/react-native-firebase/compare/v21.14.0...v22.0.0) (2025-04-25)
 
 ### ⚠ BREAKING CHANGES

package/android/src/main/java/io/invertase/firebase/auth/ReactNativeFirebaseAuthModule.java

@@ -459,18 +459,23 @@ class ReactNativeFirebaseAuthModule extends ReactNativeFirebaseModule {
     FirebaseApp firebaseApp = FirebaseApp.getInstance(appName);
     FirebaseAuth firebaseAuth = FirebaseAuth.getInstance(firebaseApp);
 
-    firebaseAuth
-        .signInWithEmailLink(email, emailLink)
-        .addOnSuccessListener(
-            authResult -> {
-              Log.d(TAG, "signInWithEmailLink:onComplete:success");
-              promiseWithAuthResult(authResult, promise);
-            })
-        .addOnFailureListener(
-            exception -> {
-              Log.e(TAG, "signInWithEmailLink:onComplete:failure", exception);
-              promiseRejectAuthException(promise, exception);
-            });
+    try {
+      firebaseAuth
+          .signInWithEmailLink(email, emailLink)
+          .addOnSuccessListener(
+              authResult -> {
+                Log.d(TAG, "signInWithEmailLink:onComplete:success");
+                promiseWithAuthResult(authResult, promise);
+              })
+          .addOnFailureListener(
+              exception -> {
+                Log.e(TAG, "signInWithEmailLink:onComplete:failure", exception);
+                promiseRejectAuthException(promise, exception);
+              });
+    } catch (Exception exception) {
+      Log.e(TAG, "signInWithEmailLink:onComplete:totalfailure", exception);
+      promiseRejectAuthException(promise, exception);
+    }
   }
 
   @ReactMethod

package/lib/index.d.ts

@@ -1806,17 +1806,27 @@ export namespace FirebaseAuthTypes {
     /**
      * Signs a user in with an email and password.
      *
+     * ⚠️ Note:
+     * If "Email Enumeration Protection" is enabled in your Firebase Authentication settings (enabled by default),
+     * Firebase may return a generic `auth/invalid-login-credentials` error instead of more specific ones like
+     * `auth/user-not-found` or `auth/wrong-password`. This behavior is intended to prevent leaking information
+     * about whether an account with the given email exists.
+     *
+     * To receive detailed error codes, you must disable "Email Enumeration Protection", which may increase
+     * security risks if not properly handled on the frontend.
+     *
      * #### Example
      *
      * ```js
      * const userCredential = await firebase.auth().signInWithEmailAndPassword('joe.bloggs@example.com', '123456');
-     * ````
+     * ```
+     *
      * @error auth/invalid-email Thrown if the email address is not valid.
      * @error auth/user-disabled Thrown if the user corresponding to the given email has been disabled.
-     * @error auth/user-not-found Thrown if there is no user corresponding to the given email.
-     * @error auth/wrong-password Thrown if the password is invalid for the given email, or the account corresponding to the email does not have a password set.
-     * @param email The users email address.
-     * @param password The users password.
+     * @error auth/user-not-found Thrown if there is no user corresponding to the given email. (May be suppressed if email enumeration protection is enabled.)
+     * @error auth/wrong-password Thrown if the password is invalid or missing. (May be suppressed if email enumeration protection is enabled.)
+     * @param email The user's email address.
+     * @param password The user's password.
      */
     signInWithEmailAndPassword(email: string, password: string): Promise<UserCredential>;
 
@@ -2008,15 +2018,16 @@ export namespace FirebaseAuthTypes {
     sendSignInLinkToEmail(email: string, actionCodeSettings?: ActionCodeSettings): Promise<void>;
 
     /**
-     * Returns whether the user signed in with a given email link.
+     * Checks if an incoming link is a sign-in with email link suitable for signInWithEmailLink.
+     * Note that android and other platforms require `apiKey` link parameter for signInWithEmailLink
      *
      * #### Example
      *
      * ```js
-     * const signedInWithLink = await firebase.auth().isSignInWithEmailLink(link);
+     * const valid = await firebase.auth().isSignInWithEmailLink(link);
      * ```
      *
-     * @param emailLink The email link to check whether the user signed in with it.
+     * @param emailLink The email link to verify prior to using signInWithEmailLink
      */
     isSignInWithEmailLink(emailLink: string): Promise<boolean>;
 
@@ -2095,18 +2106,27 @@ export namespace FirebaseAuthTypes {
     /**
      * Returns a list of authentication methods that can be used to sign in a given user (identified by its main email address).
      *
+     * ⚠️ Note:
+     * If "Email Enumeration Protection" is enabled in your Firebase Authentication settings (which is the default),
+     * this method may return an empty array even if the email is registered, especially when called from an unauthenticated context.
+     *
+     * This is a security measure to prevent leaking account existence via email enumeration attacks.
+     * Do not use the result of this method to directly inform the user whether an email is registered.
+     *
      * #### Example
      *
      * ```js
      * const methods = await firebase.auth().fetchSignInMethodsForEmail('joe.bloggs@example.com');
      *
-     * methods.forEach((method) => {
-     *   console.log(method);
-     * });
+     * if (methods.length > 0) {
+     *   // Likely a registered user — offer sign-in
+     * } else {
+     *   // Could be unregistered OR email enumeration protection is active — offer registration
+     * }
      * ```
      *
      * @error auth/invalid-email Thrown if the email address is not valid.
-     * @param email The users email address.
+     * @param email The user's email address.
      */
     fetchSignInMethodsForEmail(email: string): Promise<string[]>;
 

package/lib/modular/index.d.ts

@@ -165,7 +165,8 @@ export interface PopupRedirectResolver {}
 export function initializeRecaptchaConfig(auth: Auth): Promise<void>;
 
 /**
- * Checks if an incoming link is a sign-in with email link suitable for signInWithEmailLink().
+ * Checks if an incoming link is a sign-in with email link suitable for signInWithEmailLink.
+ * Note that android and other platforms require `apiKey` link parameter for signInWithEmailLink
  *
  * @param auth - The Auth instance.
  * @param emailLink - The email link to check.
@@ -778,5 +779,6 @@ export {
   OAuthProvider,
   OIDCAuthProvider,
   PhoneAuthProvider,
+  PhoneMultiFactorGenerator,
   TwitterAuthProvider,
 } from '../index';

package/lib/modular/index.js

@@ -19,6 +19,7 @@ import { getApp } from '@react-native-firebase/app';
 import { fetchPasswordPolicy } from '../password-policy/passwordPolicyApi';
 import { PasswordPolicyImpl } from '../password-policy/PasswordPolicyImpl';
 import FacebookAuthProvider from '../providers/FacebookAuthProvider';
+import { MultiFactorUser } from '../multiFactor';
 export { FacebookAuthProvider };
 
 /**
@@ -462,7 +463,7 @@ export async function linkWithRedirect(user, provider, resolver) {
  * @returns {MultiFactorUser}
  */
 export function multiFactor(user) {
-  return user._auth.multiFactor(user);
+  return new MultiFactorUser(getAuth(), user);
 }
 
 /**

package/lib/version.js

@@ -1,2 +1,2 @@
 // Generated by genversion.
-module.exports = '22.0.0';
+module.exports = '22.2.0';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@react-native-firebase/auth",
-  "version": "22.0.0",
+  "version": "22.2.0",
   "author": "Invertase <oss@invertase.io> (http://invertase.io)",
   "description": "React Native Firebase - The authentication module provides an easy-to-use API to integrate an authentication workflow into new and existing applications. React Native Firebase provides access to all Firebase authentication methods and identity providers.",
   "main": "lib/index.js",
@@ -27,7 +27,7 @@
     "plist": "^3.1.0"
   },
   "peerDependencies": {
-    "@react-native-firebase/app": "22.0.0",
+    "@react-native-firebase/app": "22.2.0",
     "expo": ">=47.0.0"
   },
   "devDependencies": {
@@ -43,5 +43,5 @@
     "access": "public",
     "provenance": true
   },
-  "gitHead": "e9fee87b413c90e243347d5c60272f07f41d99b8"
+  "gitHead": "b302210509ceac8078b5fb9fd0b24e68f0641c6a"
 }

package/plugin/build/ios/openUrlFix.d.ts

@@ -12,9 +12,12 @@ export declare function withOpenUrlFixForAppDelegate({ config, props, }: {
     config: ExportedConfigWithProps<AppDelegateProjectFile>;
     props?: PluginConfigType;
 }): ExportedConfigWithProps<AppDelegateProjectFile>;
+export declare function modifyAppDelegate(contents: string, language: string): string | null;
 export declare const appDelegateOpenUrlInsertionPointAfter: RegExp;
 export declare const multiline_appDelegateOpenUrlInsertionPointAfter: RegExp;
 export declare function modifyObjcAppDelegate(contents: string): string | null;
+export declare const appDelegateSwiftOpenUrlInsertionPointAfter: RegExp;
+export declare function modifySwiftAppDelegate(contents: string): string | null;
 export type ExpoConfigPluginEntry = string | [] | [string] | [string, any];
 export declare function isFirebaseSwizzlingDisabled(config: ExportedConfigWithProps<InfoPlist>): boolean;
 export declare function ensureFirebaseSwizzlingIsEnabled(config: ExportedConfigWithProps<InfoPlist>): boolean;

package/plugin/build/ios/openUrlFix.js

@@ -1,9 +1,11 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.multiline_appDelegateOpenUrlInsertionPointAfter = exports.appDelegateOpenUrlInsertionPointAfter = exports.withIosCaptchaOpenUrlFix = void 0;
+exports.appDelegateSwiftOpenUrlInsertionPointAfter = exports.multiline_appDelegateOpenUrlInsertionPointAfter = exports.appDelegateOpenUrlInsertionPointAfter = exports.withIosCaptchaOpenUrlFix = void 0;
 exports.shouldApplyIosOpenUrlFix = shouldApplyIosOpenUrlFix;
 exports.withOpenUrlFixForAppDelegate = withOpenUrlFixForAppDelegate;
+exports.modifyAppDelegate = modifyAppDelegate;
 exports.modifyObjcAppDelegate = modifyObjcAppDelegate;
+exports.modifySwiftAppDelegate = modifySwiftAppDelegate;
 exports.isFirebaseSwizzlingDisabled = isFirebaseSwizzlingDisabled;
 exports.ensureFirebaseSwizzlingIsEnabled = ensureFirebaseSwizzlingIsEnabled;
 const config_plugins_1 = require("@expo/config-plugins");
@@ -42,32 +44,37 @@ function shouldApplyIosOpenUrlFix({ config, props, }) {
 function withOpenUrlFixForAppDelegate({ config, props, }) {
     const { language, contents } = config.modResults;
     const configValue = props?.ios?.captchaOpenUrlFix || 'default';
-    if (['objc', 'objcpp'].includes(language)) {
-        const newContents = modifyObjcAppDelegate(contents);
-        if (newContents === null) {
-            if (configValue === true) {
-                throw new Error("Failed to apply iOS openURL fix because no 'openURL' method was found");
-            }
-            else {
-                config_plugins_1.WarningAggregator.addWarningIOS('@react-native-firebase/auth', "Skipping iOS openURL fix because no 'openURL' method was found");
-                return config;
-            }
+    const newContents = modifyAppDelegate(contents, language);
+    if (newContents === null) {
+        if (configValue === true) {
+            throw new Error("Failed to apply iOS openURL fix because no 'openURL' method was found");
         }
         else {
-            if (configValue === 'default') {
-                config_plugins_1.WarningAggregator.addWarningIOS('@react-native-firebase/auth', 'modifying iOS AppDelegate openURL method to ignore firebaseauth reCAPTCHA redirect URLs');
-            }
-            return {
-                ...config,
-                modResults: {
-                    ...config.modResults,
-                    contents: newContents,
-                },
-            };
+            config_plugins_1.WarningAggregator.addWarningIOS('@react-native-firebase/auth', "Skipping iOS openURL fix because no 'openURL' method was found");
+            return config;
         }
     }
     else {
-        // TODO: Support Swift
+        if (configValue === 'default') {
+            config_plugins_1.WarningAggregator.addWarningIOS('@react-native-firebase/auth', 'modifying iOS AppDelegate openURL method to ignore firebaseauth reCAPTCHA redirect URLs');
+        }
+        return {
+            ...config,
+            modResults: {
+                ...config.modResults,
+                contents: newContents,
+            },
+        };
+    }
+}
+function modifyAppDelegate(contents, language) {
+    if (language === 'objc' || language === 'objcpp') {
+        return modifyObjcAppDelegate(contents);
+    }
+    else if (language === 'swift') {
+        return modifySwiftAppDelegate(contents);
+    }
+    else {
         throw new Error(`Don't know how to apply openUrlFix to AppDelegate of language "${language}"`);
     }
 }
@@ -116,6 +123,35 @@ function modifyObjcAppDelegate(contents) {
         comment: '//',
     }).contents;
 }
+// NOTE: `mergeContents()` doesn't support newlines for the `anchor` regex, so we have to replace it manually
+const skipOpenUrlForFirebaseAuthBlockSwift = `\
+// @generated begin @react-native-firebase/auth-openURL - expo prebuild (DO NOT MODIFY)
+    if url.host?.lowercased() == "firebaseauth" {
+      // invocations for Firebase Auth are handled elsewhere and should not be forwarded to Expo Router
+      return false
+    }
+// @generated end @react-native-firebase/auth-openURL\
+`;
+exports.appDelegateSwiftOpenUrlInsertionPointAfter = /public\s*override\s*func\s*application\s*\(\n\s*_\s*app\s*:\s*UIApplication,\n\s*open\s*url\s*:\s*URL,\n\s*options\s*:\s*\[UIApplication\.OpenURLOptionsKey\s*:\s*Any\]\s*=\s*\[:\]\n\s*\)\s*->\s*Bool\s*{\n/;
+function modifySwiftAppDelegate(contents) {
+    const pattern = exports.appDelegateSwiftOpenUrlInsertionPointAfter;
+    const fullMatch = contents.match(pattern);
+    if (!fullMatch) {
+        if (contents.match(/open url\s*:/)) {
+            throw new Error([
+                "Failed to apply 'captchaOpenUrlFix' but detected 'openURL' method.",
+                "Please manually apply the fix to your AppDelegate's openURL method,",
+                "then update your app.config.json by configuring the '@react-native-firebase/auth' plugin",
+                'to set `captchaOpenUrlFix: false`.',
+            ].join(' '));
+        }
+        else {
+            // openURL method was not found in AppDelegate
+            return null;
+        }
+    }
+    return contents.replace(pattern, `${fullMatch[0]}${skipOpenUrlForFirebaseAuthBlockSwift}\n`);
+}
 // Search the ExpoConfig plugins array to see if `pluginName` is present
 function isPluginEnabled(config, pluginName) {
     if (config.plugins === undefined) {

package/plugin/src/ios/openUrlFix.ts

@@ -62,35 +62,40 @@ export function withOpenUrlFixForAppDelegate({
   const { language, contents } = config.modResults;
   const configValue = props?.ios?.captchaOpenUrlFix || 'default';
 
-  if (['objc', 'objcpp'].includes(language)) {
-    const newContents = modifyObjcAppDelegate(contents);
-    if (newContents === null) {
-      if (configValue === true) {
-        throw new Error("Failed to apply iOS openURL fix because no 'openURL' method was found");
-      } else {
-        WarningAggregator.addWarningIOS(
-          '@react-native-firebase/auth',
-          "Skipping iOS openURL fix because no 'openURL' method was found",
-        );
-        return config;
-      }
+  const newContents = modifyAppDelegate(contents, language);
+  if (newContents === null) {
+    if (configValue === true) {
+      throw new Error("Failed to apply iOS openURL fix because no 'openURL' method was found");
     } else {
-      if (configValue === 'default') {
-        WarningAggregator.addWarningIOS(
-          '@react-native-firebase/auth',
-          'modifying iOS AppDelegate openURL method to ignore firebaseauth reCAPTCHA redirect URLs',
-        );
-      }
-      return {
-        ...config,
-        modResults: {
-          ...config.modResults,
-          contents: newContents,
-        },
-      };
+      WarningAggregator.addWarningIOS(
+        '@react-native-firebase/auth',
+        "Skipping iOS openURL fix because no 'openURL' method was found",
+      );
+      return config;
+    }
+  } else {
+    if (configValue === 'default') {
+      WarningAggregator.addWarningIOS(
+        '@react-native-firebase/auth',
+        'modifying iOS AppDelegate openURL method to ignore firebaseauth reCAPTCHA redirect URLs',
+      );
     }
+    return {
+      ...config,
+      modResults: {
+        ...config.modResults,
+        contents: newContents,
+      },
+    };
+  }
+}
+
+export function modifyAppDelegate(contents: string, language: string): string | null {
+  if (language === 'objc' || language === 'objcpp') {
+    return modifyObjcAppDelegate(contents);
+  } else if (language === 'swift') {
+    return modifySwiftAppDelegate(contents);
   } else {
-    // TODO: Support Swift
     throw new Error(`Don't know how to apply openUrlFix to AppDelegate of language "${language}"`);
   }
 }
@@ -147,6 +152,40 @@ export function modifyObjcAppDelegate(contents: string): string | null {
   }).contents;
 }
 
+// NOTE: `mergeContents()` doesn't support newlines for the `anchor` regex, so we have to replace it manually
+const skipOpenUrlForFirebaseAuthBlockSwift: string = `\
+// @generated begin @react-native-firebase/auth-openURL - expo prebuild (DO NOT MODIFY)
+    if url.host?.lowercased() == "firebaseauth" {
+      // invocations for Firebase Auth are handled elsewhere and should not be forwarded to Expo Router
+      return false
+    }
+// @generated end @react-native-firebase/auth-openURL\
+`;
+
+export const appDelegateSwiftOpenUrlInsertionPointAfter: RegExp =
+  /public\s*override\s*func\s*application\s*\(\n\s*_\s*app\s*:\s*UIApplication,\n\s*open\s*url\s*:\s*URL,\n\s*options\s*:\s*\[UIApplication\.OpenURLOptionsKey\s*:\s*Any\]\s*=\s*\[:\]\n\s*\)\s*->\s*Bool\s*{\n/;
+
+export function modifySwiftAppDelegate(contents: string): string | null {
+  const pattern = appDelegateSwiftOpenUrlInsertionPointAfter;
+  const fullMatch = contents.match(pattern);
+  if (!fullMatch) {
+    if (contents.match(/open url\s*:/)) {
+      throw new Error(
+        [
+          "Failed to apply 'captchaOpenUrlFix' but detected 'openURL' method.",
+          "Please manually apply the fix to your AppDelegate's openURL method,",
+          "then update your app.config.json by configuring the '@react-native-firebase/auth' plugin",
+          'to set `captchaOpenUrlFix: false`.',
+        ].join(' '),
+      );
+    } else {
+      // openURL method was not found in AppDelegate
+      return null;
+    }
+  }
+  return contents.replace(pattern, `${fullMatch[0]}${skipOpenUrlForFirebaseAuthBlockSwift}\n`);
+}
+
 export type ExpoConfigPluginEntry = string | [] | [string] | [string, any];
 
 // Search the ExpoConfig plugins array to see if `pluginName` is present