@umituz/react-native-auth 4.3.53 → 4.3.55

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@umituz/react-native-auth",
-  "version": "4.3.53",
+  "version": "4.3.55",
   "description": "Authentication service for React Native apps - Secure, type-safe, and production-ready. Provider-agnostic design with dependency injection, configurable validation, and comprehensive error handling.",
   "main": "./src/index.ts",
   "types": "./src/index.ts",

package/src/infrastructure/services/AuthEventService.ts

@@ -89,13 +89,16 @@ class AuthEventService {
   private notifyListeners(event: string, payload: AuthEventPayload): void {
     const eventListeners = this.listeners.get(event);
     if (eventListeners) {
-      eventListeners.forEach((listener) => {
+      // Copy array before iterating to prevent issues if a listener
+      // removes itself or other listeners during notification
+      const snapshot = [...eventListeners];
+      for (const listener of snapshot) {
         try {
           listener(payload);
         } catch (error) {
           console.error(`[AuthEventService] Listener error for "${event}":`, error);
         }
-      });
+      }
     }
   }
 }

package/src/infrastructure/services/initializeAuth.ts

@@ -27,6 +27,7 @@ export interface InitializeAuthOptions {
 
 let isInitialized = false;
 let initializationPromise: Promise<{ success: boolean }> | null = null;
+let listenerUnsubscribe: (() => void) | null = null;
 const conversionState: { current: ConversionState } = {
   current: { previousUserId: null, wasAnonymous: false },
 };
@@ -102,7 +103,7 @@ async function doInitializeAuth(
     onAuthStateChange,
   });
 
-  initializeAuthListener({
+  listenerUnsubscribe = initializeAuthListener({
     autoAnonymousSignIn,
     onAuthStateChange: (user) => {
       void handleAuthStateChange(user);
@@ -118,6 +119,10 @@ export function isAuthInitialized(): boolean {
 }
 
 export function resetAuthInitialization(): void {
+  if (listenerUnsubscribe) {
+    listenerUnsubscribe();
+    listenerUnsubscribe = null;
+  }
   isInitialized = false;
   conversionState.current = { previousUserId: null, wasAnonymous: false };
 }

package/src/infrastructure/utils/listener/anonymousHandler.ts

@@ -11,12 +11,10 @@ import {
   completeAnonymousSignIn,
 } from "./listenerState.util";
 
-type Store = AuthActions & { isAnonymous: boolean };
-
 /**
  * Handle anonymous mode sign-in
  */
-export async function handleAnonymousMode(store: Store, auth: Auth): Promise<void> {
+export async function handleAnonymousMode(store: AuthActions, auth: Auth): Promise<void> {
   if (!startAnonymousSignIn()) {
     return; // Already signing in
   }

package/src/infrastructure/utils/listener/anonymousSignInHandler.ts

@@ -42,11 +42,13 @@ async function attemptAnonymousSignIn(
 
     callbacks.onSignInStart();
 
+    let timeoutId: ReturnType<typeof setTimeout> | undefined;
+
     try {
-        // Add timeout protection
-        const timeoutPromise = new Promise<never>((_, reject) =>
-            setTimeout(() => reject(new Error("Anonymous sign-in timeout")), timeout)
-        );
+        // Add timeout protection with proper cleanup
+        const timeoutPromise = new Promise<never>((_, reject) => {
+            timeoutId = setTimeout(() => reject(new Error("Anonymous sign-in timeout")), timeout);
+        });
 
         // Race between sign-in and timeout
         await Promise.race([
@@ -58,6 +60,11 @@ async function attemptAnonymousSignIn(
     } catch (error) {
         const signInError = error instanceof Error ? error : new Error("Unknown sign-in error");
         callbacks.onSignInFailure(signInError);
+    } finally {
+        // Always clear timeout to prevent timer leaks
+        if (timeoutId !== undefined) {
+            clearTimeout(timeoutId);
+        }
     }
 }
 

package/src/infrastructure/utils/listener/authListenerStateHandler.ts

@@ -5,34 +5,37 @@
 
 import type { Auth, User } from "firebase/auth";
 import type { AuthActions } from "../../../types/auth-store.types";
-import { completeInitialization } from "./listenerState.util";
 import { handleAnonymousMode } from "./anonymousHandler";
 import { safeCallbackSync } from "../safeCallback";
 
-type Store = AuthActions & { isAnonymous: boolean };
+type StoreActions = AuthActions;
+type GetIsAnonymous = () => boolean;
 
 /**
  * Handle auth state change from Firebase
  */
 export function handleAuthStateChange(
   user: User | null,
-  store: Store,
+  store: StoreActions,
   auth: Auth,
   autoAnonymousSignIn: boolean,
-  onAuthStateChange?: (user: User | null) => void | Promise<void>
+  onAuthStateChange?: (user: User | null) => void | Promise<void>,
+  getIsAnonymous?: GetIsAnonymous
 ): void {
   try {
     if (!user && autoAnonymousSignIn) {
+      // Don't call completeInitialization here - handleAnonymousMode
+      // will set initialized/loading when anonymous sign-in completes or fails.
       void handleAnonymousMode(store, auth);
-      completeInitialization();
       return;
     }
 
     store.setFirebaseUser(user);
     store.setInitialized(true);
 
-    // Handle conversion from anonymous
-    if (user && !user.isAnonymous && store.isAnonymous) {
+    // Handle conversion from anonymous - read fresh state, not stale snapshot
+    const currentIsAnonymous = getIsAnonymous ? getIsAnonymous() : false;
+    if (user && !user.isAnonymous && currentIsAnonymous) {
       store.setIsAnonymous(false);
     }
 

package/src/infrastructure/utils/listener/initializationHandlers.ts

@@ -6,12 +6,10 @@
 import type { AuthActions } from "../../../types/auth-store.types";
 import { completeInitialization } from "./listenerState.util";
 
-type Store = AuthActions & { isAnonymous: boolean };
-
 /**
  * Handle case where Firebase auth is not available
  */
-export function handleNoFirebaseAuth(store: Store): () => void {
+export function handleNoFirebaseAuth(store: AuthActions): () => void {
   completeInitialization();
   store.setLoading(false);
   store.setInitialized(true);

package/src/infrastructure/utils/listener/setupListener.ts

@@ -10,16 +10,18 @@ import { getAuthService } from "../../services/AuthService";
 import { completeInitialization, setUnsubscribe } from "./listenerState.util";
 import { handleAuthStateChange } from "./authListenerStateHandler";
 
-type Store = AuthActions & { isAnonymous: boolean };
+type StoreActions = AuthActions;
 
 /**
  * Setup Firebase auth listener with timeout protection
+ * @param getIsAnonymous - Function to read fresh isAnonymous state (avoids stale snapshots)
  */
 export function setupAuthListener(
   auth: Auth,
-  store: Store,
+  store: StoreActions,
   autoAnonymousSignIn: boolean,
-  onAuthStateChange?: (user: User | null) => void | Promise<void>
+  onAuthStateChange?: (user: User | null) => void | Promise<void>,
+  getIsAnonymous?: () => boolean
 ): void {
   const service = getAuthService();
 
@@ -46,7 +48,7 @@ export function setupAuthListener(
         hasTriggered = true;
         clearTimeout(timeout);
       }
-      handleAuthStateChange(user, store, auth, autoAnonymousSignIn, onAuthStateChange);
+      handleAuthStateChange(user, store, auth, autoAnonymousSignIn, onAuthStateChange, getIsAnonymous);
     });
 
     setUnsubscribe(unsubscribe);

package/src/init/createAuthInitModule.ts

@@ -98,7 +98,11 @@ export function createAuthInitModule(
 
             // Call custom callback if provided
             if (onUserConverted) {
-              await onUserConverted(anonymousId, authenticatedId);
+              try {
+                await onUserConverted(anonymousId, authenticatedId);
+              } catch (error) {
+                console.error('[AuthInitModule] onUserConverted callback failed:', error instanceof Error ? error.message : String(error));
+              }
             }
           },
         });

package/src/presentation/hooks/registerForm/registerFormSubmit.ts

@@ -33,10 +33,14 @@ export function useRegisterFormSubmit(
   const handleSignUp = useCallback(async () => {
     clearFormErrors();
 
+    // Sanitize once, use for both validation and sign-up
+    const sanitizedEmail = sanitizeEmail(fields.email);
+    const sanitizedName = sanitizeName(fields.displayName) || undefined;
+
     const validation = validateRegisterForm(
       {
-        displayName: sanitizeName(fields.displayName) || undefined,
-        email: sanitizeEmail(fields.email),
+        displayName: sanitizedName,
+        email: sanitizedEmail,
         password: fields.password,
         confirmPassword: fields.confirmPassword,
       },
@@ -50,7 +54,7 @@ export function useRegisterFormSubmit(
     }
 
     try {
-      await signUp(sanitizeEmail(fields.email), fields.password, sanitizeName(fields.displayName) || undefined);
+      await signUp(sanitizedEmail, fields.password, sanitizedName);
 
       if (translations) {
         alertService.success(translations.successTitle, translations.signUpSuccess);

package/src/presentation/hooks/useAuth.ts

@@ -3,7 +3,7 @@
  * React hook for authentication state management
  */
 
-import { useCallback } from "react";
+import { useCallback, useRef } from "react";
 import { useAuthStore } from "../stores/authStore";
 import {
   selectUser,
@@ -11,7 +11,6 @@ import {
   selectError,
   selectSetLoading,
   selectSetError,
-  selectSetIsAnonymous,
   selectIsAuthenticated,
   selectHasFirebaseUser,
   selectUserId,
@@ -57,21 +56,30 @@ export function useAuth(): UseAuthResult {
   const isAuthReady = useAuthStore(selectIsAuthReady);
   const setLoading = useAuthStore(selectSetLoading);
   const setError = useAuthStore(selectSetError);
-  const setIsAnonymous = useAuthStore(selectSetIsAnonymous);
 
   const signInMutation = useSignInMutation();
   const signUpMutation = useSignUpMutation();
   const signOutMutation = useSignOutMutation();
   const anonymousModeMutation = useAnonymousModeMutation();
 
+  // Store mutateAsync in refs to avoid recreating callbacks on every render.
+  // useMutation returns a new object each render, but mutateAsync is stable.
+  const signUpMutateRef = useRef(signUpMutation.mutateAsync);
+  signUpMutateRef.current = signUpMutation.mutateAsync;
+  const signInMutateRef = useRef(signInMutation.mutateAsync);
+  signInMutateRef.current = signInMutation.mutateAsync;
+  const signOutMutateRef = useRef(signOutMutation.mutateAsync);
+  signOutMutateRef.current = signOutMutation.mutateAsync;
+  const anonymousMutateRef = useRef(anonymousModeMutation.mutateAsync);
+  anonymousMutateRef.current = anonymousModeMutation.mutateAsync;
+
   const signUp = useCallback(
     async (email: string, password: string, displayName?: string) => {
       try {
         setLoading(true);
         setError(null);
-        await signUpMutation.mutateAsync({ email, password, displayName });
-        // Only clear anonymous flag after successful signup
-        setIsAnonymous(false);
+        await signUpMutateRef.current({ email, password, displayName });
+        // isAnonymous is automatically derived from firebaseUser by the auth listener
       } catch (err: unknown) {
         setError(err instanceof Error ? err.message : "Sign up failed");
         throw err;
@@ -79,7 +87,7 @@ export function useAuth(): UseAuthResult {
         setLoading(false);
       }
     },
-    [setIsAnonymous, setLoading, setError, signUpMutation]
+    [setLoading, setError]
   );
 
   const signIn = useCallback(
@@ -87,9 +95,8 @@ export function useAuth(): UseAuthResult {
       try {
         setLoading(true);
         setError(null);
-        await signInMutation.mutateAsync({ email, password });
-        // Only clear anonymous flag after successful signin
-        setIsAnonymous(false);
+        await signInMutateRef.current({ email, password });
+        // isAnonymous is automatically derived from firebaseUser by the auth listener
       } catch (err: unknown) {
         setError(err instanceof Error ? err.message : "Sign in failed");
         throw err;
@@ -97,37 +104,35 @@ export function useAuth(): UseAuthResult {
         setLoading(false);
       }
     },
-    [setIsAnonymous, setLoading, setError, signInMutation]
+    [setLoading, setError]
   );
 
   const signOut = useCallback(async () => {
     try {
       setLoading(true);
       setError(null);
-      await signOutMutation.mutateAsync();
+      await signOutMutateRef.current();
     } catch (err: unknown) {
       setError(err instanceof Error ? err.message : "Sign out failed");
       throw err;
     } finally {
       setLoading(false);
     }
-  }, [setLoading, setError, signOutMutation]);
+  }, [setLoading, setError]);
 
   const continueAnonymously = useCallback(async () => {
     try {
       setLoading(true);
       setError(null);
-      await anonymousModeMutation.mutateAsync();
-      // Only set anonymous flag after successful mutation
-      setIsAnonymous(true);
+      await anonymousMutateRef.current();
+      // isAnonymous is automatically derived from firebaseUser by the auth listener
     } catch (err: unknown) {
-      // Don't set anonymous flag on error - let user try again or choose another option
       setError(err instanceof Error ? err.message : "Failed to continue anonymously");
       throw err;
     } finally {
       setLoading(false);
     }
-  }, [setIsAnonymous, setLoading, setError, anonymousModeMutation]);
+  }, [setLoading, setError]);
 
   return {
     user, userId, userType, loading, isAuthReady, isAnonymous, isAuthenticated, hasFirebaseUser, error,

package/src/presentation/hooks/useLoginForm.ts

@@ -44,17 +44,13 @@ export function useLoginForm(config?: UseLoginFormConfig): UseLoginFormResult {
     setEmailError(null);
     setPasswordError(null);
     setLocalError(null);
-  }, []);
+  }, [setLocalError]);
 
   const { fields, updateField } = useFormFields(
     { email: "", password: "" },
     { clearLocalError }
   );
 
-  const clearErrors = useCallback(() => {
-    clearFieldErrorsState();
-  }, [clearFieldErrorsState]);
-
   const handleEmailChange = useCallback(
     (text: string) => {
       updateField("email", text);
@@ -72,10 +68,13 @@ export function useLoginForm(config?: UseLoginFormConfig): UseLoginFormResult {
   );
 
   const handleSignIn = useCallback(async () => {
-    clearErrors();
+    clearFieldErrorsState();
+
+    // Sanitize once, use for both validation and sign-in
+    const sanitizedEmail = sanitizeEmail(fields.email);
 
     const validation = validateLoginForm(
-      { email: sanitizeEmail(fields.email), password: fields.password },
+      { email: sanitizedEmail, password: fields.password },
       getErrorMessage
     );
 
@@ -88,7 +87,7 @@ export function useLoginForm(config?: UseLoginFormConfig): UseLoginFormResult {
     }
 
     try {
-      await signIn(sanitizeEmail(fields.email), fields.password);
+      await signIn(sanitizedEmail, fields.password);
 
       if (translations) {
         alertService.success(
@@ -99,7 +98,7 @@ export function useLoginForm(config?: UseLoginFormConfig): UseLoginFormResult {
     } catch (err: unknown) {
       setLocalError(handleAuthError(err));
     }
-  }, [fields, signIn, translations, handleAuthError, getErrorMessage, clearErrors]);
+  }, [fields, signIn, translations, handleAuthError, getErrorMessage, clearFieldErrorsState, setLocalError]);
 
   const handleContinueAnonymously = useCallback(async () => {
     try {

package/src/presentation/stores/initializeAuthListener.ts

@@ -48,8 +48,12 @@ export function initializeAuthListener(
     return handleNoFirebaseAuth(store);
   }
 
+  // Pass a getter function for isAnonymous to avoid stale snapshot reads.
+  // store.getState() returns a snapshot, but isAnonymous can change over time.
+  const getIsAnonymous = () => useAuthStore.getState().isAnonymous;
+
   // Setup the listener
-  setupAuthListener(auth, store, autoAnonymousSignIn, onAuthStateChange);
+  setupAuthListener(auth, store, autoAnonymousSignIn, onAuthStateChange, getIsAnonymous);
   completeListenerSetup();
 
   // Return cleanup function

package/src/presentation/utils/form/validation/formValidators.ts

@@ -17,15 +17,19 @@ import type {
   ProfileFormValues,
   FormValidationError,
 } from "./formValidation.types";
-import { sanitizeEmail, sanitizeName } from "../../../../infrastructure/utils/validation/sanitization";
+import { sanitizeName } from "../../../../infrastructure/utils/validation/sanitization";
 
+/**
+ * Validate login form values.
+ * IMPORTANT: Callers must sanitize email before passing to this function.
+ */
 export function validateLoginForm(
   values: LoginFormValues,
   getErrorMessage: (key: string) => string
 ): FormValidationResult {
   const errors: FormValidationError[] = [];
 
-  const emailResult = validateEmail(sanitizeEmail(values.email));
+  const emailResult = validateEmail(values.email);
   if (!emailResult.isValid && emailResult.error) {
     errors.push({ field: "email", message: getErrorMessage(emailResult.error) });
   }
@@ -38,6 +42,10 @@ export function validateLoginForm(
   return { isValid: errors.length === 0, errors };
 }
 
+/**
+ * Validate register form values.
+ * IMPORTANT: Callers must sanitize email before passing to this function.
+ */
 export function validateRegisterForm(
   values: RegisterFormValues,
   getErrorMessage: (key: string) => string,
@@ -45,7 +53,7 @@ export function validateRegisterForm(
 ): FormValidationResult {
   const errors: FormValidationError[] = [];
 
-  const emailResult = validateEmail(sanitizeEmail(values.email));
+  const emailResult = validateEmail(values.email);
   if (!emailResult.isValid && emailResult.error) {
     errors.push({ field: "email", message: getErrorMessage(emailResult.error) });
   }
@@ -63,6 +71,10 @@ export function validateRegisterForm(
   return { isValid: errors.length === 0, errors };
 }
 
+/**
+ * Validate profile form values.
+ * Email should be pre-sanitized by caller if provided.
+ */
 export function validateProfileForm(
   values: ProfileFormValues,
   getErrorMessage: (key: string) => string
@@ -77,7 +89,7 @@ export function validateProfileForm(
   }
 
   if (values.email) {
-    const emailResult = validateEmail(sanitizeEmail(values.email));
+    const emailResult = validateEmail(values.email);
     if (!emailResult.isValid && emailResult.error) {
       errors.push({ field: "email", message: getErrorMessage(emailResult.error) });
     }