@umituz/react-native-firebase 2.5.1 → 2.6.1

package/src/domains/account-deletion/infrastructure/services/AccountDeletionExecutor.ts

@@ -0,0 +1,230 @@
+/**
+ * Account Deletion Executor (Main)
+ * Single Responsibility: Execute account deletion with retry logic
+ *
+ * Infrastructure service that executes account deletion operations.
+ * Coordinates reauthentication and deletion with error handling.
+ *
+ * Max lines: 150 (enforced for maintainability)
+ */
+
+import type { User } from 'firebase/auth';
+import { getFirebaseAuth } from '../../../auth/infrastructure/config/FirebaseAuthClient';
+import { AccountDeletionRepository } from './AccountDeletionRepository';
+import { userValidationService } from '../../domain/services/UserValidationService';
+import type { Result } from '../../../../shared/domain/utils';
+import type { AccountDeletionOptions } from '../../application/ports/reauthentication.types';
+import type { AccountDeletionResult } from './AccountDeletionTypes';
+import { handleReauthentication } from './AccountDeletionReauthHandler';
+
+/**
+ * Account deletion executor
+ * Executes account deletion with automatic reauthentication
+ */
+export class AccountDeletionExecutor {
+  private readonly repository: AccountDeletionRepository;
+  private deletionInProgress = false;
+
+  constructor(repository?: AccountDeletionRepository) {
+    this.repository = repository || new AccountDeletionRepository();
+  }
+
+  /**
+   * Delete current user account
+   * Handles reauthentication automatically if enabled
+   */
+  async deleteCurrentUser(
+    options: AccountDeletionOptions = { autoReauthenticate: true }
+  ): Promise<AccountDeletionResult> {
+    // Prevent concurrent deletion attempts
+    if (this.deletionInProgress) {
+      return {
+        success: false,
+        error: { code: 'auth/operation-in-progress', message: 'Account deletion already in progress' },
+        requiresReauth: false,
+      };
+    }
+
+    this.deletionInProgress = true;
+
+    try {
+      const auth = getFirebaseAuth();
+      const user = auth?.currentUser;
+
+      if (!auth || !user) {
+        return {
+          success: false,
+          error: { code: 'auth/not-ready', message: 'Auth not ready' },
+          requiresReauth: false,
+        };
+      }
+
+      const originalUserId = user.uid;
+
+      // Validate user for deletion
+      const validation = await this.repository.validateForDeletion(user);
+      if (!validation.success) {
+        return {
+          success: false,
+          error: validation.error,
+          requiresReauth: false,
+        };
+      }
+
+      const provider = validation.data!.provider;
+
+      // Check if reauthentication is needed
+      const needsReauth = this.shouldReauthenticate(user, options, provider);
+      if (needsReauth) {
+        const reauthResult = await handleReauthentication(user, options, originalUserId, this.repository);
+        if (reauthResult) {
+          return reauthResult;
+        }
+      }
+
+      // Attempt deletion
+      return await this.performDeletion(user, originalUserId, options);
+    } finally {
+      this.deletionInProgress = false;
+    }
+  }
+
+  /**
+   * Delete specific user account
+   * Direct deletion without reauthentication
+   */
+  async deleteUserAccount(user: User | null): Promise<AccountDeletionResult> {
+    if (!user || user.isAnonymous) {
+      return {
+        success: false,
+        error: { code: 'auth/invalid', message: 'Invalid user' },
+        requiresReauth: false,
+      };
+    }
+
+    try {
+      const result = await this.repository.deleteAccount(user);
+      if (result.success) {
+        return { success: true };
+      }
+
+      return {
+        success: false,
+        error: result.error,
+        requiresReauth: result.error?.code === 'auth/requires-recent-login',
+      };
+    } catch (error: unknown) {
+      return {
+        success: false,
+        error: {
+          code: 'auth/failed',
+          message: error instanceof Error ? error.message : 'Unknown error',
+        },
+        requiresReauth: false,
+      };
+    }
+  }
+
+  /**
+   * Check if reauthentication is needed
+   */
+  private shouldReauthenticate(
+    user: User,
+    options: AccountDeletionOptions,
+    provider: string
+  ): boolean {
+    // Password users need reauthentication
+    if (provider === 'password' && options.autoReauthenticate && options.onPasswordRequired) {
+      return true;
+    }
+
+    // Check if credentials are provided
+    const hasCredentials = !!(options.password || options.googleIdToken);
+    if (hasCredentials) {
+      return true;
+    }
+
+    return false;
+  }
+
+  /**
+   * Perform account deletion
+   */
+  private async performDeletion(
+    user: User,
+    originalUserId: string,
+    options: AccountDeletionOptions
+  ): Promise<AccountDeletionResult> {
+    try {
+      // Validate user hasn't changed
+      const auth = getFirebaseAuth();
+      const validation = userValidationService.validateUserUnchanged(auth, originalUserId);
+      if (!validation.success) {
+        return {
+          success: false,
+          error: validation.error!,
+          requiresReauth: false,
+        };
+      }
+
+      // Delete account
+      const result = await this.repository.deleteAccount(user);
+      if (result.success) {
+        return { success: true };
+      }
+
+      // Check if reauthentication can help
+      const error = result.error;
+      if (
+        error?.code === 'auth/requires-recent-login' &&
+        options.autoReauthenticate
+      ) {
+        const reauthResult = await handleReauthentication(user, options, originalUserId, this.repository);
+        if (reauthResult) {
+          return reauthResult;
+        }
+      }
+
+      return {
+        success: false,
+        error,
+        requiresReauth: error?.code === 'auth/requires-recent-login',
+      };
+    } catch (error: unknown) {
+      return {
+        success: false,
+        error: {
+          code: 'auth/failed',
+          message: error instanceof Error ? error.message : 'Unknown error',
+        },
+        requiresReauth: false,
+      };
+    }
+  }
+
+  /**
+   * Check if deletion is in progress
+   */
+  isDeletionInProgress(): boolean {
+    return this.deletionInProgress;
+  }
+
+  /**
+   * Get the repository instance
+   */
+  getRepository(): AccountDeletionRepository {
+    return this.repository;
+  }
+}
+
+/**
+ * Factory function to create account deletion executor
+ */
+export function createAccountDeletionExecutor(): AccountDeletionExecutor {
+  return new AccountDeletionExecutor();
+}
+
+/**
+ * Default singleton instance
+ */
+export const accountDeletionExecutor = createAccountDeletionExecutor();

package/src/domains/account-deletion/infrastructure/services/AccountDeletionReauthHandler.ts

@@ -0,0 +1,174 @@
+/**
+ * Account Deletion Reauthentication Handler
+ * Single Responsibility: Handle reauthentication during account deletion
+ *
+ * Max lines: 150 (enforced for maintainability)
+ */
+
+import type { User } from 'firebase/auth';
+import { getFirebaseAuth } from '../../../auth/infrastructure/config/FirebaseAuthClient';
+import { userValidationService } from '../../domain/services/UserValidationService';
+import type { Result } from '../../../../shared/domain/utils';
+import type { AccountDeletionOptions } from '../../application/ports/reauthentication.types';
+import type { AccountDeletionResult, ReauthenticationContext } from './AccountDeletionTypes';
+
+/**
+ * Handle reauthentication during account deletion
+ * Coordinates reauthentication flow with credential management
+ */
+export async function handleReauthentication(
+  user: User,
+  options: AccountDeletionOptions,
+  originalUserId: string | undefined,
+  repository: any
+): Promise<AccountDeletionResult | null> {
+  // Validate user hasn't changed before reauthentication
+  if (originalUserId) {
+    const auth = getFirebaseAuth();
+    const validation = userValidationService.validateUserUnchanged(auth, originalUserId);
+    if (!validation.success) {
+      return {
+        success: false,
+        error: validation.error!,
+        requiresReauth: false,
+      };
+    }
+  }
+
+  // Import reauthentication functions
+  const {
+    getUserAuthProvider,
+    reauthenticateWithApple,
+    reauthenticateWithPassword,
+    reauthenticateWithGoogle,
+  } = await import('./reauthentication.service');
+
+  const provider = getUserAuthProvider(user);
+
+  // Attempt reauthentication based on provider
+  let reauthResult: { success: boolean; error?: { code?: string; message?: string } } | null = null;
+
+  if (provider === 'apple.com') {
+    reauthResult = await reauthenticateWithApple(user);
+  } else if (provider === 'google.com') {
+    const googleToken = await getGoogleToken(options);
+    if (!googleToken) {
+      return {
+        success: false,
+        error: { code: 'auth/google-reauth', message: 'Google reauthentication required' },
+        requiresReauth: true,
+      };
+    }
+    reauthResult = await reauthenticateWithGoogle(user, googleToken);
+  } else if (provider === 'password') {
+    const password = await getPassword(options);
+    if (!password) {
+      return {
+        success: false,
+        error: { code: 'auth/password-reauth', message: 'Password required' },
+        requiresReauth: true,
+      };
+    }
+    reauthResult = await reauthenticateWithPassword(user, password);
+  } else {
+    return null;
+  }
+
+  // If reauthentication successful, retry deletion
+  if (reauthResult.success) {
+    return await retryDeletionAfterReauth(originalUserId, repository);
+  }
+
+  return {
+    success: false,
+    error: {
+      code: reauthResult.error?.code || 'auth/reauth-failed',
+      message: reauthResult.error?.message || 'Reauthentication failed',
+    },
+    requiresReauth: true,
+  };
+}
+
+/**
+ * Get Google ID token from options or callback
+ */
+async function getGoogleToken(options: AccountDeletionOptions): Promise<string | undefined> {
+  if (options.googleIdToken) {
+    return options.googleIdToken;
+  }
+
+  if (options.onGoogleReauthRequired) {
+    return await options.onGoogleReauthRequired();
+  }
+
+  return undefined;
+}
+
+/**
+ * Get password from options or callback
+ */
+async function getPassword(options: AccountDeletionOptions): Promise<string | undefined> {
+  if (options.password) {
+    return options.password;
+  }
+
+  if (options.onPasswordRequired) {
+    return await options.onPasswordRequired();
+  }
+
+  return undefined;
+}
+
+/**
+ * Retry deletion after successful reauthentication
+ */
+async function retryDeletionAfterReauth(
+  originalUserId: string | undefined,
+  repository: any
+): Promise<AccountDeletionResult> {
+  try {
+    const auth = getFirebaseAuth();
+    const user = auth?.currentUser;
+
+    if (!user) {
+      return {
+        success: false,
+        error: { code: 'auth/not-ready', message: 'User not found after reauthentication' },
+        requiresReauth: false,
+      };
+    }
+
+    // Validate user hasn't changed after reauthentication
+    if (originalUserId) {
+      const validation = userValidationService.validateUserUnchanged(auth, originalUserId);
+      if (!validation.success) {
+        return {
+          success: false,
+          error: validation.error!,
+          requiresReauth: false,
+        };
+      }
+    }
+
+    // Delete account
+    const result = await repository.deleteAccount(user);
+    if (result.success) {
+      return { success: true };
+    }
+
+    return {
+      success: false,
+      error: result.error,
+      requiresReauth: false,
+    };
+  } catch (error: unknown) {
+    return {
+      success: false,
+      error: {
+        code: 'auth/failed',
+        message: error instanceof Error ? error.message : 'Unknown error',
+      },
+      requiresReauth: false,
+    };
+  }
+}

package/src/domains/account-deletion/infrastructure/services/AccountDeletionRepository.ts

@@ -0,0 +1,266 @@
+/**
+ * Account Deletion Repository
+ * Single Responsibility: Handle account deletion persistence
+ *
+ * Infrastructure repository that manages account deletion operations.
+ * Uses ServiceBase for error handling and initialization.
+ *
+ * Max lines: 150 (enforced for maintainability)
+ */
+
+import { deleteUser, type User } from 'firebase/auth';
+import { ServiceBase } from '../../../../shared/infrastructure/base/ServiceBase';
+import type { Result } from '../../../../shared/domain/utils';
+import { successResult } from '../../../../shared/domain/utils';
+import { markUserDeleted } from '../../../auth/infrastructure/services/user-document.service';
+
+/**
+ * Account deletion repository
+ * Manages account deletion operations and user document cleanup
+ */
+export class AccountDeletionRepository extends ServiceBase {
+  constructor() {
+    super({
+      serviceName: 'AccountDeletionRepository',
+      autoInitialize: true,
+    });
+  }
+
+  /**
+   * Delete user account from Firebase Auth
+   * Marks user document as deleted before account removal
+   */
+  async deleteAccount(user: User): Promise<Result<void>> {
+    return this.execute(async () => {
+      this.log('Deleting account', { userId: user.uid });
+
+      // Mark user document as deleted
+      const marked = await markUserDeleted(user.uid);
+      if (!marked && __DEV__) {
+        this.logError('Failed to mark user document as deleted');
+      }
+
+      // Delete user account
+      await deleteUser(user);
+
+      this.log('Account deleted successfully', { userId: user.uid });
+    }, 'account-deletion/delete-failed');
+  }
+
+  /**
+   * Validate user can be deleted
+   * Checks user is not anonymous and has valid provider
+   */
+  async validateForDeletion(user: User | null): Promise<Result<{ userId: string; provider: string }>> {
+    return this.executeSync(() => {
+      if (!user) {
+        return {
+          success: false,
+          error: {
+            code: 'auth/not-ready',
+            message: 'No authenticated user',
+          },
+        };
+      }
+
+      if (user.isAnonymous) {
+        return {
+          success: false,
+          error: {
+            code: 'auth/anonymous',
+            message: 'Cannot delete anonymous account',
+          },
+        };
+      }
+
+      const provider = this.getUserAuthProvider(user);
+      if (!provider) {
+        return {
+          success: false,
+          error: {
+            code: 'auth/unsupported',
+            message: 'Unsupported auth provider',
+          },
+        };
+      }
+
+      return successResult({
+        userId: user.uid,
+        provider,
+      });
+    }, 'account-deletion/validation-failed');
+  }
+
+  /**
+   * Get user's auth provider
+   */
+  private getUserAuthProvider(user: User): string | null {
+    if (!user.providerData || user.providerData.length === 0) {
+      return null;
+    }
+
+    for (const userInfo of user.providerData) {
+      if (userInfo.providerId) {
+        return userInfo.providerId;
+      }
+    }
+
+    return null;
+  }
+
+  /**
+   * Check if user is email/password user
+   */
+  isEmailPasswordUser(user: User): boolean {
+    return this.getUserAuthProvider(user) === 'password';
+  }
+
+  /**
+   * Check if user is Google user
+   */
+  isGoogleUser(user: User): boolean {
+    return this.getUserAuthProvider(user) === 'google.com';
+  }
+
+  /**
+   * Check if user is Apple user
+   */
+  isAppleUser(user: User): boolean {
+    return this.getUserAuthProvider(user) === 'apple.com';
+  }
+
+  /**
+   * Get user ID from user object
+   */
+  getUserId(user: User): string {
+    return user.uid;
+  }
+
+  /**
+   * Check if user email is verified
+   */
+  isEmailVerified(user: User): boolean {
+    return user.emailVerified || false;
+  }
+
+  /**
+   * Get user email
+   */
+  getEmail(user: User): string | null {
+    return user.email || null;
+  }
+
+  /**
+   * Get account creation time
+   */
+  getCreationTime(user: User): Date | null {
+    if (!user.metadata.creationTime) {
+      return null;
+    }
+    return new Date(user.metadata.creationTime);
+  }
+
+  /**
+   * Get last sign-in time
+   */
+  getLastSignInTime(user: User): Date | null {
+    if (!user.metadata.lastSignInTime) {
+      return null;
+    }
+    return new Date(user.metadata.lastSignInTime);
+  }
+
+  /**
+   * Check if account is new (created within specified days)
+   */
+  isAccountNew(user: User, maxAgeDays: number = 1): boolean {
+    const creationTime = this.getCreationTime(user);
+    if (!creationTime) return false;
+
+    const ageMs = Date.now() - creationTime.getTime();
+    const maxAgeMs = maxAgeDays * 24 * 60 * 60 * 1000;
+
+    return ageMs <= maxAgeMs;
+  }
+
+  /**
+   * Check if user recently signed in
+   */
+  isRecentSignIn(user: User, maxAgeMinutes: number = 5): boolean {
+    const lastSignIn = this.getLastSignInTime(user);
+    if (!lastSignIn) return false;
+
+    const timeSinceSignIn = Date.now() - lastSignIn.getTime();
+    const maxAgeMs = maxAgeMinutes * 60 * 1000;
+
+    return timeSinceSignIn <= maxAgeMs;
+  }
+
+  /**
+   * Mark user as deleted in database
+   * Separate method for flexibility
+   */
+  async markUserDeleted(userId: string): Promise<Result<void>> {
+    return this.execute(async () => {
+      this.log('Marking user as deleted', { userId });
+
+      const marked = await markUserDeleted(userId);
+      if (!marked) {
+        this.logError('Failed to mark user as deleted in database');
+      }
+
+      return successResult();
+    }, 'account-deletion/mark-failed');
+  }
+
+  /**
+   * Cleanup user data
+   * Override in subclass for custom cleanup logic
+   */
+  protected async cleanupUserData(userId: string): Promise<Result<void>> {
+    return this.execute(async () => {
+      this.log('Cleaning up user data', { userId });
+      // Override in subclass for custom cleanup
+      return successResult();
+    }, 'account-deletion/cleanup-failed');
+  }
+
+  /**
+   * Complete deletion with cleanup
+   * Deletes account and cleans up user data
+   */
+  async deleteWithCleanup(user: User): Promise<Result<void>> {
+    return this.execute(async () => {
+      this.log('Starting deletion with cleanup', { userId: user.uid });
+
+      // Delete account (includes marking document as deleted)
+      const deleteResult = await this.deleteAccount(user);
+      if (!deleteResult.success) {
+        return deleteResult;
+      }
+
+      // Cleanup additional user data
+      const cleanupResult = await this.cleanupUserData(user.uid);
+      if (!cleanupResult.success) {
+        this.logError('Cleanup failed, but account was deleted', {
+          userId: user.uid,
+          error: cleanupResult.error,
+        });
+      }
+
+      this.log('Deletion with cleanup completed', { userId: user.uid });
+    }, 'account-deletion/complete-failed');
+  }
+}
+
+/**
+ * Factory function to create account deletion repository
+ */
+export function createAccountDeletionRepository(): AccountDeletionRepository {
+  return new AccountDeletionRepository();
+}
+
+/**
+ * Default singleton instance
+ */
+export const accountDeletionRepository = createAccountDeletionRepository();

package/src/domains/account-deletion/infrastructure/services/AccountDeletionTypes.ts

@@ -0,0 +1,33 @@
+/**
+ * Account Deletion Types
+ * Single Responsibility: Define account deletion types
+ *
+ * Max lines: 150 (enforced for maintainability)
+ */
+
+import type { Result } from '../../../../shared/domain/utils';
+
+/**
+ * Account deletion result
+ */
+export interface AccountDeletionResult extends Result<void> {
+  readonly requiresReauth?: boolean;
+}
+
+/**
+ * Reauthentication context
+ */
+export interface ReauthenticationContext {
+  readonly user: import('firebase/auth').User;
+  readonly options: import('../../application/ports/reauthentication.types').AccountDeletionOptions;
+  readonly originalUserId?: string;
+  readonly repository: AccountDeletionRepository;
+}
+
+/**
+ * Reauthentication result
+ */
+export interface ReauthenticationResult {
+  readonly success: boolean;
+  readonly error?: { code?: string; message?: string };
+}