@umituz/react-native-firebase 2.6.1 → 2.6.2

package/src/domains/account-deletion/domain/services/UserValidationService_part_ab

@@ -0,0 +1,136 @@
+
+    // Social providers may require recent auth for sensitive operations
+    if (operation === 'delete') {
+      return true;
+    }
+
+    return false;
+  }
+
+  /**
+   * Validate user email
+   */
+  validateEmail(user: User): Result<void> {
+    const email = user.email;
+
+    if (!email) {
+      return failureResultFrom('auth/no-email', 'User has no email');
+    }
+
+    const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+    if (!emailRegex.test(email)) {
+      return failureResultFrom('auth/invalid-email', 'Invalid email format');
+    }
+
+    return successResult();
+  }
+
+  /**
+   * Validate user is verified (if applicable)
+   */
+  validateVerified(user: User, requireVerification: boolean = false): Result<void> {
+    if (requireVerification && !user.emailVerified) {
+      return failureResultFrom('auth/unverified', 'Email not verified');
+    }
+
+    return successResult();
+  }
+
+  /**
+   * Get user metadata
+   */
+  getUserMetadata(user: User): {
+    readonly createdAt: number | null;
+    readonly lastSignInAt: number | null;
+  } {
+    return {
+      createdAt: user.metadata.creationTime ? new Date(user.metadata.creationTime).getTime() : null,
+      lastSignInAt: user.metadata.lastSignInTime ? new Date(user.metadata.lastSignInTime).getTime() : null,
+    };
+  }
+
+  /**
+   * Check if account is new (created recently)
+   */
+  isAccountNew(user: User, maxAgeMs: number = 24 * 60 * 60 * 1000): boolean {
+    const metadata = this.getUserMetadata(user);
+    if (!metadata.createdAt) return false;
+
+    const age = Date.now() - metadata.createdAt;
+    return age <= maxAgeMs;
+  }
+
+  /**
+   * Check if user recently signed in
+   */
+  isRecentSignIn(user: User, maxAgeMs: number = 5 * 60 * 1000): boolean {
+    const metadata = this.getUserMetadata(user);
+    if (!metadata.lastSignInAt) return false;
+
+    const timeSinceSignIn = Date.now() - metadata.lastSignInAt;
+    return timeSinceSignIn <= maxAgeMs;
+  }
+
+  /**
+   * Validate user can perform operation
+   * Comprehensive check combining multiple validations
+   */
+  validateCanPerformOperation(
+    user: User | null,
+    operation: 'delete' | 'update',
+    options: {
+      requireVerified?: boolean;
+      maxSignInAge?: number;
+      password?: string;
+      googleIdToken?: string;
+    } = {}
+  ): Result<{ userId: string; provider: string }> {
+    // Validate user ready for operation
+    const deletionValidation = this.validateForDeletion(user);
+    if (!deletionValidation.success) {
+      return deletionValidation;
+    }
+
+    const userId = deletionValidation.data!.userId;
+    const provider = deletionValidation.data!.provider;
+
+    // Validate email
+    if (user) {
+      const emailValidation = this.validateEmail(user);
+      if (!emailValidation.success) {
+        return emailValidation;
+      }
+
+      // Validate verification status
+      const verifiedValidation = this.validateVerified(user, options.requireVerified);
+      if (!verifiedValidation.success) {
+        return verifiedValidation;
+      }
+
+      // Check if recent sign-in required
+      if (options.maxSignInAge && !this.isRecentSignIn(user, options.maxSignInAge)) {
+        return failureResultFrom('auth/stale-session', 'Session too old, please sign in again');
+      }
+
+      // Validate credentials
+      const credentialsValidation = this.validateCredentials(user, options);
+      if (!credentialsValidation.success) {
+        return credentialsValidation;
+      }
+    }
+
+    return successResult({ userId, provider });
+  }
+}
+
+/**
+ * Factory function to create user validation service
+ */
+export function createUserValidationService(): UserValidationService {
+  return new UserValidationService();
+}
+
+/**
+ * Default instance for convenience
+ */
+export const userValidationService = createUserValidationService();

package/src/domains/account-deletion/infrastructure/services/AccountDeletionExecutor_part_aa

@@ -0,0 +1,150 @@
+/**
+ * Account Deletion Executor (Main)
+ * Single Responsibility: Execute account deletion with retry logic
+ *
+ * Infrastructure service that executes account deletion operations.
+ * Coordinates reauthentication and deletion with error handling.
+ *
+ * Max lines: 150 (enforced for maintainability)
+ */
+
+import type { User } from 'firebase/auth';
+import { getFirebaseAuth } from '../../../auth/infrastructure/config/FirebaseAuthClient';
+import { AccountDeletionRepository } from './AccountDeletionRepository';
+import { userValidationService } from '../../domain/services/UserValidationService';
+import type { Result } from '../../../../shared/domain/utils';
+import type { AccountDeletionOptions } from '../../application/ports/reauthentication.types';
+import type { AccountDeletionResult } from './AccountDeletionTypes';
+import { handleReauthentication } from './AccountDeletionReauthHandler';
+
+/**
+ * Account deletion executor
+ * Executes account deletion with automatic reauthentication
+ */
+export class AccountDeletionExecutor {
+  private readonly repository: AccountDeletionRepository;
+  private deletionInProgress = false;
+
+  constructor(repository?: AccountDeletionRepository) {
+    this.repository = repository || new AccountDeletionRepository();
+  }
+
+  /**
+   * Delete current user account
+   * Handles reauthentication automatically if enabled
+   */
+  async deleteCurrentUser(
+    options: AccountDeletionOptions = { autoReauthenticate: true }
+  ): Promise<AccountDeletionResult> {
+    // Prevent concurrent deletion attempts
+    if (this.deletionInProgress) {
+      return {
+        success: false,
+        error: { code: 'auth/operation-in-progress', message: 'Account deletion already in progress' },
+        requiresReauth: false,
+      };
+    }
+
+    this.deletionInProgress = true;
+
+    try {
+      const auth = getFirebaseAuth();
+      const user = auth?.currentUser;
+
+      if (!auth || !user) {
+        return {
+          success: false,
+          error: { code: 'auth/not-ready', message: 'Auth not ready' },
+          requiresReauth: false,
+        };
+      }
+
+      const originalUserId = user.uid;
+
+      // Validate user for deletion
+      const validation = await this.repository.validateForDeletion(user);
+      if (!validation.success) {
+        return {
+          success: false,
+          error: validation.error,
+          requiresReauth: false,
+        };
+      }
+
+      const provider = validation.data!.provider;
+
+      // Check if reauthentication is needed
+      const needsReauth = this.shouldReauthenticate(user, options, provider);
+      if (needsReauth) {
+        const reauthResult = await handleReauthentication(user, options, originalUserId, this.repository);
+        if (reauthResult) {
+          return reauthResult;
+        }
+      }
+
+      // Attempt deletion
+      return await this.performDeletion(user, originalUserId, options);
+    } finally {
+      this.deletionInProgress = false;
+    }
+  }
+
+  /**
+   * Delete specific user account
+   * Direct deletion without reauthentication
+   */
+  async deleteUserAccount(user: User | null): Promise<AccountDeletionResult> {
+    if (!user || user.isAnonymous) {
+      return {
+        success: false,
+        error: { code: 'auth/invalid', message: 'Invalid user' },
+        requiresReauth: false,
+      };
+    }
+
+    try {
+      const result = await this.repository.deleteAccount(user);
+      if (result.success) {
+        return { success: true };
+      }
+
+      return {
+        success: false,
+        error: result.error,
+        requiresReauth: result.error?.code === 'auth/requires-recent-login',
+      };
+    } catch (error: unknown) {
+      return {
+        success: false,
+        error: {
+          code: 'auth/failed',
+          message: error instanceof Error ? error.message : 'Unknown error',
+        },
+        requiresReauth: false,
+      };
+    }
+  }
+
+  /**
+   * Check if reauthentication is needed
+   */
+  private shouldReauthenticate(
+    user: User,
+    options: AccountDeletionOptions,
+    provider: string
+  ): boolean {
+    // Password users need reauthentication
+    if (provider === 'password' && options.autoReauthenticate && options.onPasswordRequired) {
+      return true;
+    }
+
+    // Check if credentials are provided
+    const hasCredentials = !!(options.password || options.googleIdToken);
+    if (hasCredentials) {
+      return true;
+    }
+
+    return false;
+  }
+
+  /**

package/src/domains/account-deletion/infrastructure/services/AccountDeletionExecutor_part_ab

@@ -0,0 +1,80 @@
+   * Perform account deletion
+   */
+  private async performDeletion(
+    user: User,
+    originalUserId: string,
+    options: AccountDeletionOptions
+  ): Promise<AccountDeletionResult> {
+    try {
+      // Validate user hasn't changed
+      const auth = getFirebaseAuth();
+      const validation = userValidationService.validateUserUnchanged(auth, originalUserId);
+      if (!validation.success) {
+        return {
+          success: false,
+          error: validation.error!,
+          requiresReauth: false,
+        };
+      }
+
+      // Delete account
+      const result = await this.repository.deleteAccount(user);
+      if (result.success) {
+        return { success: true };
+      }
+
+      // Check if reauthentication can help
+      const error = result.error;
+      if (
+        error?.code === 'auth/requires-recent-login' &&
+        options.autoReauthenticate
+      ) {
+        const reauthResult = await handleReauthentication(user, options, originalUserId, this.repository);
+        if (reauthResult) {
+          return reauthResult;
+        }
+      }
+
+      return {
+        success: false,
+        error,
+        requiresReauth: error?.code === 'auth/requires-recent-login',
+      };
+    } catch (error: unknown) {
+      return {
+        success: false,
+        error: {
+          code: 'auth/failed',
+          message: error instanceof Error ? error.message : 'Unknown error',
+        },
+        requiresReauth: false,
+      };
+    }
+  }
+
+  /**
+   * Check if deletion is in progress
+   */
+  isDeletionInProgress(): boolean {
+    return this.deletionInProgress;
+  }
+
+  /**
+   * Get the repository instance
+   */
+  getRepository(): AccountDeletionRepository {
+    return this.repository;
+  }
+}
+
+/**
+ * Factory function to create account deletion executor
+ */
+export function createAccountDeletionExecutor(): AccountDeletionExecutor {
+  return new AccountDeletionExecutor();
+}
+
+/**
+ * Default singleton instance
+ */
+export const accountDeletionExecutor = createAccountDeletionExecutor();

package/src/domains/account-deletion/infrastructure/services/AccountDeletionReauthHandler_part_aa

@@ -0,0 +1,150 @@
+/**
+ * Account Deletion Reauthentication Handler
+ * Single Responsibility: Handle reauthentication during account deletion
+ *
+ * Max lines: 150 (enforced for maintainability)
+ */
+
+import type { User } from 'firebase/auth';
+import { getFirebaseAuth } from '../../../auth/infrastructure/config/FirebaseAuthClient';
+import { userValidationService } from '../../domain/services/UserValidationService';
+import type { Result } from '../../../../shared/domain/utils';
+import type { AccountDeletionOptions } from '../../application/ports/reauthentication.types';
+import type { AccountDeletionResult, ReauthenticationContext } from './AccountDeletionTypes';
+
+/**
+ * Handle reauthentication during account deletion
+ * Coordinates reauthentication flow with credential management
+ */
+export async function handleReauthentication(
+  user: User,
+  options: AccountDeletionOptions,
+  originalUserId: string | undefined,
+  repository: any
+): Promise<AccountDeletionResult | null> {
+  // Validate user hasn't changed before reauthentication
+  if (originalUserId) {
+    const auth = getFirebaseAuth();
+    const validation = userValidationService.validateUserUnchanged(auth, originalUserId);
+    if (!validation.success) {
+      return {
+        success: false,
+        error: validation.error!,
+        requiresReauth: false,
+      };
+    }
+  }
+
+  // Import reauthentication functions
+  const {
+    getUserAuthProvider,
+    reauthenticateWithApple,
+    reauthenticateWithPassword,
+    reauthenticateWithGoogle,
+  } = await import('./reauthentication.service');
+
+  const provider = getUserAuthProvider(user);
+
+  // Attempt reauthentication based on provider
+  let reauthResult: { success: boolean; error?: { code?: string; message?: string } } | null = null;
+
+  if (provider === 'apple.com') {
+    reauthResult = await reauthenticateWithApple(user);
+  } else if (provider === 'google.com') {
+    const googleToken = await getGoogleToken(options);
+    if (!googleToken) {
+      return {
+        success: false,
+        error: { code: 'auth/google-reauth', message: 'Google reauthentication required' },
+        requiresReauth: true,
+      };
+    }
+    reauthResult = await reauthenticateWithGoogle(user, googleToken);
+  } else if (provider === 'password') {
+    const password = await getPassword(options);
+    if (!password) {
+      return {
+        success: false,
+        error: { code: 'auth/password-reauth', message: 'Password required' },
+        requiresReauth: true,
+      };
+    }
+    reauthResult = await reauthenticateWithPassword(user, password);
+  } else {
+    return null;
+  }
+
+  // If reauthentication successful, retry deletion
+  if (reauthResult.success) {
+    return await retryDeletionAfterReauth(originalUserId, repository);
+  }
+
+  return {
+    success: false,
+    error: {
+      code: reauthResult.error?.code || 'auth/reauth-failed',
+      message: reauthResult.error?.message || 'Reauthentication failed',
+    },
+    requiresReauth: true,
+  };
+}
+
+/**
+ * Get Google ID token from options or callback
+ */
+async function getGoogleToken(options: AccountDeletionOptions): Promise<string | undefined> {
+  if (options.googleIdToken) {
+    return options.googleIdToken;
+  }
+
+  if (options.onGoogleReauthRequired) {
+    return await options.onGoogleReauthRequired();
+  }
+
+  return undefined;
+}
+
+/**
+ * Get password from options or callback
+ */
+async function getPassword(options: AccountDeletionOptions): Promise<string | undefined> {
+  if (options.password) {
+    return options.password;
+  }
+
+  if (options.onPasswordRequired) {
+    return await options.onPasswordRequired();
+  }
+
+  return undefined;
+}
+
+/**
+ * Retry deletion after successful reauthentication
+ */
+async function retryDeletionAfterReauth(
+  originalUserId: string | undefined,
+  repository: any
+): Promise<AccountDeletionResult> {
+  try {
+    const auth = getFirebaseAuth();
+    const user = auth?.currentUser;
+
+    if (!user) {
+      return {
+        success: false,
+        error: { code: 'auth/not-ready', message: 'User not found after reauthentication' },
+        requiresReauth: false,
+      };
+    }
+
+    // Validate user hasn't changed after reauthentication
+    if (originalUserId) {
+      const validation = userValidationService.validateUserUnchanged(auth, originalUserId);
+      if (!validation.success) {
+        return {
+          success: false,
+          error: validation.error!,
+          requiresReauth: false,
+        };
+      }

package/src/domains/account-deletion/infrastructure/services/AccountDeletionReauthHandler_part_ab

@@ -0,0 +1,24 @@
+    }
+
+    // Delete account
+    const result = await repository.deleteAccount(user);
+    if (result.success) {
+      return { success: true };
+    }
+
+    return {
+      success: false,
+      error: result.error,
+      requiresReauth: false,
+    };
+  } catch (error: unknown) {
+    return {
+      success: false,
+      error: {
+        code: 'auth/failed',
+        message: error instanceof Error ? error.message : 'Unknown error',
+      },
+      requiresReauth: false,
+    };
+  }
+}

package/src/domains/account-deletion/infrastructure/services/AccountDeletionRepository_part_aa

@@ -0,0 +1,150 @@
+/**
+ * Account Deletion Repository
+ * Single Responsibility: Handle account deletion persistence
+ *
+ * Infrastructure repository that manages account deletion operations.
+ * Uses ServiceBase for error handling and initialization.
+ *
+ * Max lines: 150 (enforced for maintainability)
+ */
+
+import { deleteUser, type User } from 'firebase/auth';
+import { ServiceBase } from '../../../../shared/infrastructure/base/ServiceBase';
+import type { Result } from '../../../../shared/domain/utils';
+import { successResult } from '../../../../shared/domain/utils';
+import { markUserDeleted } from '../../../auth/infrastructure/services/user-document.service';
+
+/**
+ * Account deletion repository
+ * Manages account deletion operations and user document cleanup
+ */
+export class AccountDeletionRepository extends ServiceBase {
+  constructor() {
+    super({
+      serviceName: 'AccountDeletionRepository',
+      autoInitialize: true,
+    });
+  }
+
+  /**
+   * Delete user account from Firebase Auth
+   * Marks user document as deleted before account removal
+   */
+  async deleteAccount(user: User): Promise<Result<void>> {
+    return this.execute(async () => {
+      this.log('Deleting account', { userId: user.uid });
+
+      // Mark user document as deleted
+      const marked = await markUserDeleted(user.uid);
+      if (!marked && __DEV__) {
+        this.logError('Failed to mark user document as deleted');
+      }
+
+      // Delete user account
+      await deleteUser(user);
+
+      this.log('Account deleted successfully', { userId: user.uid });
+    }, 'account-deletion/delete-failed');
+  }
+
+  /**
+   * Validate user can be deleted
+   * Checks user is not anonymous and has valid provider
+   */
+  async validateForDeletion(user: User | null): Promise<Result<{ userId: string; provider: string }>> {
+    return this.executeSync(() => {
+      if (!user) {
+        return {
+          success: false,
+          error: {
+            code: 'auth/not-ready',
+            message: 'No authenticated user',
+          },
+        };
+      }
+
+      if (user.isAnonymous) {
+        return {
+          success: false,
+          error: {
+            code: 'auth/anonymous',
+            message: 'Cannot delete anonymous account',
+          },
+        };
+      }
+
+      const provider = this.getUserAuthProvider(user);
+      if (!provider) {
+        return {
+          success: false,
+          error: {
+            code: 'auth/unsupported',
+            message: 'Unsupported auth provider',
+          },
+        };
+      }
+
+      return successResult({
+        userId: user.uid,
+        provider,
+      });
+    }, 'account-deletion/validation-failed');
+  }
+
+  /**
+   * Get user's auth provider
+   */
+  private getUserAuthProvider(user: User): string | null {
+    if (!user.providerData || user.providerData.length === 0) {
+      return null;
+    }
+
+    for (const userInfo of user.providerData) {
+      if (userInfo.providerId) {
+        return userInfo.providerId;
+      }
+    }
+
+    return null;
+  }
+
+  /**
+   * Check if user is email/password user
+   */
+  isEmailPasswordUser(user: User): boolean {
+    return this.getUserAuthProvider(user) === 'password';
+  }
+
+  /**
+   * Check if user is Google user
+   */
+  isGoogleUser(user: User): boolean {
+    return this.getUserAuthProvider(user) === 'google.com';
+  }
+
+  /**
+   * Check if user is Apple user
+   */
+  isAppleUser(user: User): boolean {
+    return this.getUserAuthProvider(user) === 'apple.com';
+  }
+
+  /**
+   * Get user ID from user object
+   */
+  getUserId(user: User): string {
+    return user.uid;
+  }
+
+  /**
+   * Check if user email is verified
+   */
+  isEmailVerified(user: User): boolean {
+    return user.emailVerified || false;
+  }
+
+  /**
+   * Get user email
+   */
+  getEmail(user: User): string | null {
+    return user.email || null;