strapi-plugin-firebase-authentication 1.2.4 → 1.3.2

package/dist/_chunks/{index-D41v41O3.js → index-B4ptk_Em.js}

@@ -2,7 +2,7 @@
 Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
 const jsxRuntime = require("react/jsx-runtime");
 const m = require("react");
-const api = require("./api-FVfrlu9T.js");
+const api = require("./api-Bg075IIT.js");
 const admin = require("@strapi/strapi/admin");
 const reactRouterDom = require("react-router-dom");
 function SettingsPage() {
@@ -25,6 +25,8 @@ function SettingsPage() {
     "http://localhost:3000/verify-email"
   );
   const [emailVerificationEmailSubject, setEmailVerificationEmailSubject] = m.useState("Verify Your Email");
+  const [includeCredentialsInPasswordResetLink, setIncludeCredentialsInPasswordResetLink] = m.useState(false);
+  const [includeCredentialsInVerificationLink, setIncludeCredentialsInVerificationLink] = m.useState(false);
   const [loading, setLoading] = m.useState(true);
   const [showEditModal, setShowEditModal] = m.useState(false);
   const [editWebApiKey, setEditWebApiKey] = m.useState("");
@@ -53,6 +55,8 @@ function SettingsPage() {
       setMagicLinkExpiryHours(data?.magicLinkExpiryHours || 1);
       setEmailVerificationUrl(data?.emailVerificationUrl || "http://localhost:3000/verify-email");
       setEmailVerificationEmailSubject(data?.emailVerificationEmailSubject || "Verify Your Email");
+      setIncludeCredentialsInPasswordResetLink(data?.includeCredentialsInPasswordResetLink || false);
+      setIncludeCredentialsInVerificationLink(data?.includeCredentialsInVerificationLink || false);
     }).catch((error) => {
       setLoading(false);
       console.error("Error retrieving Firebase config:", error);
@@ -80,6 +84,8 @@ function SettingsPage() {
       setMagicLinkExpiryHours(1);
       setEmailVerificationUrl("http://localhost:3000/verify-email");
       setEmailVerificationEmailSubject("Verify Your Email");
+      setIncludeCredentialsInPasswordResetLink(false);
+      setIncludeCredentialsInVerificationLink(false);
       setLoading(false);
       toggleNotification({
         type: "success",
@@ -107,7 +113,9 @@ function SettingsPage() {
         magicLinkEmailSubject,
         magicLinkExpiryHours,
         emailVerificationUrl,
-        emailVerificationEmailSubject
+        emailVerificationEmailSubject,
+        includeCredentialsInPasswordResetLink,
+        includeCredentialsInVerificationLink
       });
       if (!data || !data.firebase_config_json) {
         throw new Error("Invalid response from server");
@@ -140,7 +148,9 @@ function SettingsPage() {
         magicLinkEmailSubject,
         magicLinkExpiryHours,
         emailVerificationUrl,
-        emailVerificationEmailSubject
+        emailVerificationEmailSubject,
+        includeCredentialsInPasswordResetLink,
+        includeCredentialsInVerificationLink
       });
       if (data) {
         setPasswordRequirementsRegex(data.passwordRequirementsRegex || passwordRequirementsRegex);
@@ -153,6 +163,12 @@ function SettingsPage() {
         setMagicLinkExpiryHours(data.magicLinkExpiryHours || magicLinkExpiryHours);
         setEmailVerificationUrl(data.emailVerificationUrl || emailVerificationUrl);
         setEmailVerificationEmailSubject(data.emailVerificationEmailSubject || emailVerificationEmailSubject);
+        setIncludeCredentialsInPasswordResetLink(
+          data.includeCredentialsInPasswordResetLink ?? includeCredentialsInPasswordResetLink
+        );
+        setIncludeCredentialsInVerificationLink(
+          data.includeCredentialsInVerificationLink ?? includeCredentialsInVerificationLink
+        );
       }
       setLoading(false);
       toggleNotification({
@@ -181,7 +197,9 @@ function SettingsPage() {
         magicLinkEmailSubject,
         magicLinkExpiryHours,
         emailVerificationUrl,
-        emailVerificationEmailSubject
+        emailVerificationEmailSubject,
+        includeCredentialsInPasswordResetLink,
+        includeCredentialsInVerificationLink
       });
       if (data) {
         setEnableMagicLink(data.enableMagicLink || enableMagicLink);
@@ -218,11 +236,16 @@ function SettingsPage() {
         magicLinkEmailSubject,
         magicLinkExpiryHours,
         emailVerificationUrl,
-        emailVerificationEmailSubject
+        emailVerificationEmailSubject,
+        includeCredentialsInPasswordResetLink,
+        includeCredentialsInVerificationLink
       });
       if (data) {
         setEmailVerificationUrl(data.emailVerificationUrl || emailVerificationUrl);
         setEmailVerificationEmailSubject(data.emailVerificationEmailSubject || emailVerificationEmailSubject);
+        setIncludeCredentialsInVerificationLink(
+          data.includeCredentialsInVerificationLink ?? includeCredentialsInVerificationLink
+        );
       }
       setLoading(false);
       toggleNotification({
@@ -260,7 +283,9 @@ function SettingsPage() {
         magicLinkEmailSubject,
         magicLinkExpiryHours,
         emailVerificationUrl,
-        emailVerificationEmailSubject
+        emailVerificationEmailSubject,
+        includeCredentialsInPasswordResetLink,
+        includeCredentialsInVerificationLink
       });
       if (!data || !data.firebase_config_json) {
         throw new Error("Invalid response from server");
@@ -295,7 +320,9 @@ function SettingsPage() {
         magicLinkEmailSubject,
         magicLinkExpiryHours,
         emailVerificationUrl,
-        emailVerificationEmailSubject
+        emailVerificationEmailSubject,
+        includeCredentialsInPasswordResetLink,
+        includeCredentialsInVerificationLink
       });
       if (!data || !data.firebase_config_json) {
         throw new Error("Invalid response from server");
@@ -677,6 +704,20 @@ function SettingsPage() {
             }
           )
         ] }),
+        /* @__PURE__ */ jsxRuntime.jsxs(api.R, { marginBottom: 3, children: [
+          /* @__PURE__ */ jsxRuntime.jsx(api.E, { variant: "omega", fontWeight: "bold", style: { display: "block", marginBottom: "8px" }, children: "Include Login Credentials in Link" }),
+          /* @__PURE__ */ jsxRuntime.jsxs(api.T, { alignItems: "center", gap: 2, children: [
+            /* @__PURE__ */ jsxRuntime.jsx(
+              api.D1,
+              {
+                name: "includeCredentialsInPasswordResetLink",
+                checked: includeCredentialsInPasswordResetLink,
+                onChange: (e) => setIncludeCredentialsInPasswordResetLink(e.target.checked)
+              }
+            ),
+            /* @__PURE__ */ jsxRuntime.jsx(api.E, { variant: "omega", textColor: "neutral600", children: "Append a Firebase custom token to the reset link, allowing users to be automatically logged in" })
+          ] })
+        ] }),
         /* @__PURE__ */ jsxRuntime.jsx(
           api.T,
           {
@@ -727,6 +768,20 @@ function SettingsPage() {
             }
           )
         ] }),
+        /* @__PURE__ */ jsxRuntime.jsxs(api.R, { marginBottom: 3, children: [
+          /* @__PURE__ */ jsxRuntime.jsx(api.E, { variant: "omega", fontWeight: "bold", style: { display: "block", marginBottom: "8px" }, children: "Include Login Credentials in Link" }),
+          /* @__PURE__ */ jsxRuntime.jsxs(api.T, { alignItems: "center", gap: 2, children: [
+            /* @__PURE__ */ jsxRuntime.jsx(
+              api.D1,
+              {
+                name: "includeCredentialsInVerificationLink",
+                checked: includeCredentialsInVerificationLink,
+                onChange: (e) => setIncludeCredentialsInVerificationLink(e.target.checked)
+              }
+            ),
+            /* @__PURE__ */ jsxRuntime.jsx(api.E, { variant: "omega", textColor: "neutral600", children: "Append a Firebase custom token to the verification link, allowing users to be automatically logged in" })
+          ] })
+        ] }),
         /* @__PURE__ */ jsxRuntime.jsx(
           api.T,
           {

package/dist/_chunks/{index-Bdn3O-sg.mjs → index-CAZnRswo.mjs}

@@ -1,6 +1,6 @@
 import { jsx, jsxs, Fragment } from "react/jsx-runtime";
 import { useState, useEffect } from "react";
-import { T, R, E, J as Jm, N as Nn, G as G0, I as Is, M as M1, D as D1, i as i1, t as t1, g as getFirebaseConfig, s as saveFirebaseConfig, f as delFirebaseConfig, j as savePasswordSettings } from "./api-NexSh9zC.mjs";
+import { T, R, E, J as Jm, N as Nn, G as G0, I as Is, M as M1, D as D1, i as i1, t as t1, g as getFirebaseConfig, s as saveFirebaseConfig, f as delFirebaseConfig, j as savePasswordSettings } from "./api-CLQa5PFi.mjs";
 import { useNotification, Page } from "@strapi/strapi/admin";
 import { useNavigate } from "react-router-dom";
 function SettingsPage() {
@@ -23,6 +23,8 @@ function SettingsPage() {
     "http://localhost:3000/verify-email"
   );
   const [emailVerificationEmailSubject, setEmailVerificationEmailSubject] = useState("Verify Your Email");
+  const [includeCredentialsInPasswordResetLink, setIncludeCredentialsInPasswordResetLink] = useState(false);
+  const [includeCredentialsInVerificationLink, setIncludeCredentialsInVerificationLink] = useState(false);
   const [loading, setLoading] = useState(true);
   const [showEditModal, setShowEditModal] = useState(false);
   const [editWebApiKey, setEditWebApiKey] = useState("");
@@ -51,6 +53,8 @@ function SettingsPage() {
       setMagicLinkExpiryHours(data?.magicLinkExpiryHours || 1);
       setEmailVerificationUrl(data?.emailVerificationUrl || "http://localhost:3000/verify-email");
       setEmailVerificationEmailSubject(data?.emailVerificationEmailSubject || "Verify Your Email");
+      setIncludeCredentialsInPasswordResetLink(data?.includeCredentialsInPasswordResetLink || false);
+      setIncludeCredentialsInVerificationLink(data?.includeCredentialsInVerificationLink || false);
     }).catch((error) => {
       setLoading(false);
       console.error("Error retrieving Firebase config:", error);
@@ -78,6 +82,8 @@ function SettingsPage() {
       setMagicLinkExpiryHours(1);
       setEmailVerificationUrl("http://localhost:3000/verify-email");
       setEmailVerificationEmailSubject("Verify Your Email");
+      setIncludeCredentialsInPasswordResetLink(false);
+      setIncludeCredentialsInVerificationLink(false);
       setLoading(false);
       toggleNotification({
         type: "success",
@@ -105,7 +111,9 @@ function SettingsPage() {
         magicLinkEmailSubject,
         magicLinkExpiryHours,
         emailVerificationUrl,
-        emailVerificationEmailSubject
+        emailVerificationEmailSubject,
+        includeCredentialsInPasswordResetLink,
+        includeCredentialsInVerificationLink
       });
       if (!data || !data.firebase_config_json) {
         throw new Error("Invalid response from server");
@@ -138,7 +146,9 @@ function SettingsPage() {
         magicLinkEmailSubject,
         magicLinkExpiryHours,
         emailVerificationUrl,
-        emailVerificationEmailSubject
+        emailVerificationEmailSubject,
+        includeCredentialsInPasswordResetLink,
+        includeCredentialsInVerificationLink
       });
       if (data) {
         setPasswordRequirementsRegex(data.passwordRequirementsRegex || passwordRequirementsRegex);
@@ -151,6 +161,12 @@ function SettingsPage() {
         setMagicLinkExpiryHours(data.magicLinkExpiryHours || magicLinkExpiryHours);
         setEmailVerificationUrl(data.emailVerificationUrl || emailVerificationUrl);
         setEmailVerificationEmailSubject(data.emailVerificationEmailSubject || emailVerificationEmailSubject);
+        setIncludeCredentialsInPasswordResetLink(
+          data.includeCredentialsInPasswordResetLink ?? includeCredentialsInPasswordResetLink
+        );
+        setIncludeCredentialsInVerificationLink(
+          data.includeCredentialsInVerificationLink ?? includeCredentialsInVerificationLink
+        );
       }
       setLoading(false);
       toggleNotification({
@@ -179,7 +195,9 @@ function SettingsPage() {
         magicLinkEmailSubject,
         magicLinkExpiryHours,
         emailVerificationUrl,
-        emailVerificationEmailSubject
+        emailVerificationEmailSubject,
+        includeCredentialsInPasswordResetLink,
+        includeCredentialsInVerificationLink
       });
       if (data) {
         setEnableMagicLink(data.enableMagicLink || enableMagicLink);
@@ -216,11 +234,16 @@ function SettingsPage() {
         magicLinkEmailSubject,
         magicLinkExpiryHours,
         emailVerificationUrl,
-        emailVerificationEmailSubject
+        emailVerificationEmailSubject,
+        includeCredentialsInPasswordResetLink,
+        includeCredentialsInVerificationLink
       });
       if (data) {
         setEmailVerificationUrl(data.emailVerificationUrl || emailVerificationUrl);
         setEmailVerificationEmailSubject(data.emailVerificationEmailSubject || emailVerificationEmailSubject);
+        setIncludeCredentialsInVerificationLink(
+          data.includeCredentialsInVerificationLink ?? includeCredentialsInVerificationLink
+        );
       }
       setLoading(false);
       toggleNotification({
@@ -258,7 +281,9 @@ function SettingsPage() {
         magicLinkEmailSubject,
         magicLinkExpiryHours,
         emailVerificationUrl,
-        emailVerificationEmailSubject
+        emailVerificationEmailSubject,
+        includeCredentialsInPasswordResetLink,
+        includeCredentialsInVerificationLink
       });
       if (!data || !data.firebase_config_json) {
         throw new Error("Invalid response from server");
@@ -293,7 +318,9 @@ function SettingsPage() {
         magicLinkEmailSubject,
         magicLinkExpiryHours,
         emailVerificationUrl,
-        emailVerificationEmailSubject
+        emailVerificationEmailSubject,
+        includeCredentialsInPasswordResetLink,
+        includeCredentialsInVerificationLink
       });
       if (!data || !data.firebase_config_json) {
         throw new Error("Invalid response from server");
@@ -675,6 +702,20 @@ function SettingsPage() {
             }
           )
         ] }),
+        /* @__PURE__ */ jsxs(R, { marginBottom: 3, children: [
+          /* @__PURE__ */ jsx(E, { variant: "omega", fontWeight: "bold", style: { display: "block", marginBottom: "8px" }, children: "Include Login Credentials in Link" }),
+          /* @__PURE__ */ jsxs(T, { alignItems: "center", gap: 2, children: [
+            /* @__PURE__ */ jsx(
+              D1,
+              {
+                name: "includeCredentialsInPasswordResetLink",
+                checked: includeCredentialsInPasswordResetLink,
+                onChange: (e) => setIncludeCredentialsInPasswordResetLink(e.target.checked)
+              }
+            ),
+            /* @__PURE__ */ jsx(E, { variant: "omega", textColor: "neutral600", children: "Append a Firebase custom token to the reset link, allowing users to be automatically logged in" })
+          ] })
+        ] }),
         /* @__PURE__ */ jsx(
           T,
           {
@@ -725,6 +766,20 @@ function SettingsPage() {
             }
           )
         ] }),
+        /* @__PURE__ */ jsxs(R, { marginBottom: 3, children: [
+          /* @__PURE__ */ jsx(E, { variant: "omega", fontWeight: "bold", style: { display: "block", marginBottom: "8px" }, children: "Include Login Credentials in Link" }),
+          /* @__PURE__ */ jsxs(T, { alignItems: "center", gap: 2, children: [
+            /* @__PURE__ */ jsx(
+              D1,
+              {
+                name: "includeCredentialsInVerificationLink",
+                checked: includeCredentialsInVerificationLink,
+                onChange: (e) => setIncludeCredentialsInVerificationLink(e.target.checked)
+              }
+            ),
+            /* @__PURE__ */ jsx(E, { variant: "omega", textColor: "neutral600", children: "Append a Firebase custom token to the verification link, allowing users to be automatically logged in" })
+          ] })
+        ] }),
         /* @__PURE__ */ jsx(
           T,
           {

package/dist/_chunks/{index-ROJyqJld.js → index-CyOVjVQb.js}

@@ -2663,7 +2663,7 @@ const index = {
         id: `${PLUGIN_ID}.page.title`,
         defaultMessage: PLUGIN_ID
       },
-      Component: () => Promise.resolve().then(() => require("./App-Dg_AxJhA.js")).then((mod) => ({
+      Component: () => Promise.resolve().then(() => require("./App-BmP-duLn.js")).then((mod) => ({
         default: mod.App
       })),
       permissions: PERMISSIONS["menu-link"]
@@ -2685,7 +2685,7 @@ const index = {
           id: "settings",
           to: `/settings/${PLUGIN_ID}`,
           async Component() {
-            const component = await Promise.resolve().then(() => require("./index-D41v41O3.js"));
+            const component = await Promise.resolve().then(() => require("./index-B4ptk_Em.js"));
             return component.default;
           },
           permissions: PERMISSIONS["menu-link"]

package/dist/admin/index.js

@@ -1,5 +1,5 @@
 "use strict";
-const index = require("../_chunks/index-ROJyqJld.js");
+const index = require("../_chunks/index-CyOVjVQb.js");
 require("react/jsx-runtime");
 require("@strapi/strapi/admin");
 require("react-router-dom");

package/dist/admin/index.mjs

@@ -1,4 +1,4 @@
-import { B } from "../_chunks/index-B9spFspk.mjs";
+import { B } from "../_chunks/index-B2NvsXdF.mjs";
 import "react/jsx-runtime";
 import "@strapi/strapi/admin";
 import "react-router-dom";

package/dist/admin/src/pages/Settings/api.d.ts

@@ -10,6 +10,8 @@ export declare const saveFirebaseConfig: (json: string, firebaseWebApiKey?: stri
     magicLinkExpiryHours?: number;
     emailVerificationUrl?: string;
     emailVerificationEmailSubject?: string;
+    includeCredentialsInPasswordResetLink?: boolean;
+    includeCredentialsInVerificationLink?: boolean;
 }) => Promise<any>;
 export declare const getFirebaseConfig: () => Promise<any>;
 export declare const delFirebaseConfig: () => Promise<any>;
@@ -24,4 +26,6 @@ export declare const savePasswordSettings: (passwordConfig: {
     magicLinkExpiryHours?: number;
     emailVerificationUrl?: string;
     emailVerificationEmailSubject?: string;
+    includeCredentialsInPasswordResetLink?: boolean;
+    includeCredentialsInVerificationLink?: boolean;
 }) => Promise<any>;

package/dist/server/index.js

@@ -330,6 +330,16 @@ const attributes$1 = {
   emailVerificationEmailSubject: {
     type: "string",
     "default": "Verify Your Email"
+  },
+  includeCredentialsInPasswordResetLink: {
+    type: "boolean",
+    "default": false,
+    description: "Include Firebase custom token in password reset links for auto-login"
+  },
+  includeCredentialsInVerificationLink: {
+    type: "boolean",
+    "default": false,
+    description: "Include Firebase custom token in email verification links for auto-login"
   }
 };
 const firebaseAuthenticationConfiguration = {
@@ -28994,6 +29004,29 @@ const firebaseController = {
       }
       throw error2;
     }
+  },
+  /**
+   * Check password - validates a password against the authenticated user's Firebase account
+   * POST /api/firebase-authentication/checkPassword
+   * Authenticated endpoint - requires valid JWT (enforced by is-authenticated policy)
+   *
+   * @param ctx - Koa context with { password } in body
+   * @returns { valid: true } or { valid: false }
+   */
+  async checkPassword(ctx) {
+    strapi.log.debug("checkPassword endpoint called");
+    try {
+      const { password } = ctx.request.body || {};
+      const user = ctx.state.user;
+      if (!password) {
+        throw new ValidationError$1("Password is required");
+      }
+      const result = await strapi.plugin(pluginName).service("firebaseService").checkPassword(user, password);
+      ctx.body = result;
+    } catch (error2) {
+      strapi.log.error("checkPassword controller error:", error2);
+      throw error2;
+    }
   }
 };
 const STRAPI_DESTINATION = "strapi";
@@ -29196,7 +29229,9 @@ const settingsController = {
         magicLinkEmailSubject = "Sign in to Your Application",
         magicLinkExpiryHours = 1,
         emailVerificationUrl = "http://localhost:3000/verify-email",
-        emailVerificationEmailSubject = "Verify Your Email"
+        emailVerificationEmailSubject = "Verify Your Email",
+        includeCredentialsInPasswordResetLink = false,
+        includeCredentialsInVerificationLink = false
       } = requestBody;
       const existingConfig = await strapi.db.query("plugin::firebase-authentication.firebase-authentication-configuration").findOne({ where: {} });
       let result;
@@ -29212,7 +29247,9 @@ const settingsController = {
             magicLinkEmailSubject,
             magicLinkExpiryHours,
             emailVerificationUrl,
-            emailVerificationEmailSubject
+            emailVerificationEmailSubject,
+            includeCredentialsInPasswordResetLink,
+            includeCredentialsInVerificationLink
           }
         });
       } else {
@@ -29228,7 +29265,9 @@ const settingsController = {
             magicLinkEmailSubject,
             magicLinkExpiryHours,
             emailVerificationUrl,
-            emailVerificationEmailSubject
+            emailVerificationEmailSubject,
+            includeCredentialsInPasswordResetLink,
+            includeCredentialsInVerificationLink
           }
         });
       }
@@ -29242,7 +29281,9 @@ const settingsController = {
         magicLinkEmailSubject: result.magicLinkEmailSubject,
         magicLinkExpiryHours: result.magicLinkExpiryHours,
         emailVerificationUrl: result.emailVerificationUrl,
-        emailVerificationEmailSubject: result.emailVerificationEmailSubject
+        emailVerificationEmailSubject: result.emailVerificationEmailSubject,
+        includeCredentialsInPasswordResetLink: result.includeCredentialsInPasswordResetLink,
+        includeCredentialsInVerificationLink: result.includeCredentialsInVerificationLink
       };
     } catch (error2) {
       throw new ApplicationError$2("Error saving password configuration", {
@@ -29466,6 +29507,14 @@ const contentApi = {
         // Public endpoint - token provides authentication
         policies: []
       }
+    },
+    {
+      method: "POST",
+      path: "/checkPassword",
+      handler: "firebaseController.checkPassword",
+      config: {
+        policies: ["plugin::firebase-authentication.is-authenticated"]
+      }
     }
   ]
 };
@@ -29589,7 +29638,10 @@ const settingsService = ({ strapi: strapi2 }) => {
           magicLinkExpiryHours: configObject.magicLinkExpiryHours || 1,
           // Include email verification configuration fields
           emailVerificationUrl: configObject.emailVerificationUrl || "http://localhost:3000/verify-email",
-          emailVerificationEmailSubject: configObject.emailVerificationEmailSubject || "Verify Your Email"
+          emailVerificationEmailSubject: configObject.emailVerificationEmailSubject || "Verify Your Email",
+          // Include credentials in link settings
+          includeCredentialsInPasswordResetLink: configObject.includeCredentialsInPasswordResetLink || false,
+          includeCredentialsInVerificationLink: configObject.includeCredentialsInVerificationLink || false
         };
       } catch (error2) {
         strapi2.log.error(`Firebase config error: ${error2.message}`);
@@ -29634,7 +29686,9 @@ const settingsService = ({ strapi: strapi2 }) => {
           magicLinkEmailSubject = "Sign in to Your Application",
           magicLinkExpiryHours = 1,
           emailVerificationUrl = "http://localhost:3000/verify-email",
-          emailVerificationEmailSubject = "Verify Your Email"
+          emailVerificationEmailSubject = "Verify Your Email",
+          includeCredentialsInPasswordResetLink = false,
+          includeCredentialsInVerificationLink = false
         } = requestBody;
         if (!requestBody) throw new ValidationError3(ERROR_MESSAGES.MISSING_DATA);
         try {
@@ -29672,7 +29726,9 @@ const settingsService = ({ strapi: strapi2 }) => {
               magicLinkEmailSubject,
               magicLinkExpiryHours,
               emailVerificationUrl,
-              emailVerificationEmailSubject
+              emailVerificationEmailSubject,
+              includeCredentialsInPasswordResetLink,
+              includeCredentialsInVerificationLink
             }
           });
         } else {
@@ -29690,7 +29746,9 @@ const settingsService = ({ strapi: strapi2 }) => {
               magicLinkEmailSubject,
               magicLinkExpiryHours,
               emailVerificationUrl,
-              emailVerificationEmailSubject
+              emailVerificationEmailSubject,
+              includeCredentialsInPasswordResetLink,
+              includeCredentialsInVerificationLink
             }
           });
         }
@@ -29727,6 +29785,8 @@ const settingsService = ({ strapi: strapi2 }) => {
         res.magicLinkExpiryHours = res.magicLinkExpiryHours || magicLinkExpiryHours;
         res.emailVerificationUrl = res.emailVerificationUrl || emailVerificationUrl;
         res.emailVerificationEmailSubject = res.emailVerificationEmailSubject || emailVerificationEmailSubject;
+        res.includeCredentialsInPasswordResetLink = res.includeCredentialsInPasswordResetLink ?? includeCredentialsInPasswordResetLink;
+        res.includeCredentialsInVerificationLink = res.includeCredentialsInVerificationLink ?? includeCredentialsInVerificationLink;
         return res;
       } catch (error2) {
         strapi2.log.error("=== FIREBASE CONFIG SAVE ERROR ===");
@@ -30927,7 +30987,16 @@ const firebaseService = ({ strapi: strapi2 }) => ({
       );
       const tokenService2 = strapi2.plugin("firebase-authentication").service("tokenService");
       const token = await tokenService2.generateResetToken(firebaseData.documentId);
-      const resetLink = `${resetUrl}?token=${token}`;
+      let resetLink = `${resetUrl}?token=${token}`;
+      if (config2?.includeCredentialsInPasswordResetLink) {
+        try {
+          const customToken = await strapi2.firebase.auth().createCustomToken(firebaseUser.uid);
+          resetLink = `${resetLink}&fjwt=${customToken}`;
+          strapi2.log.info(`[forgotPassword] Added Firebase custom token to reset link`);
+        } catch (tokenError) {
+          strapi2.log.warn(`[forgotPassword] Could not generate custom token: ${tokenError.message}`);
+        }
+      }
       strapi2.log.info(`✅ [forgotPassword] Custom reset link generated for ${email2}`);
       strapi2.log.info(`[forgotPassword] Attempting to send password reset email to: ${email2}`);
       await strapi2.plugin("firebase-authentication").service("emailService").sendPasswordResetEmail(firebaseUser, resetLink);
@@ -31152,7 +31221,16 @@ const firebaseService = ({ strapi: strapi2 }) => ({
       );
       const tokenService2 = strapi2.plugin("firebase-authentication").service("tokenService");
       const token = await tokenService2.generateVerificationToken(firebaseData.documentId, email2);
-      const verificationLink = `${verificationUrl}?token=${token}`;
+      let verificationLink = `${verificationUrl}?token=${token}`;
+      if (config2?.includeCredentialsInVerificationLink) {
+        try {
+          const customToken = await strapi2.firebase.auth().createCustomToken(firebaseUser.uid);
+          verificationLink = `${verificationLink}&fjwt=${customToken}`;
+          strapi2.log.info(`[sendVerificationEmail] Added Firebase custom token to verification link`);
+        } catch (tokenError) {
+          strapi2.log.warn(`[sendVerificationEmail] Could not generate custom token: ${tokenError.message}`);
+        }
+      }
       strapi2.log.info(`✅ [sendVerificationEmail] Verification link generated for ${email2}`);
       strapi2.log.info(`[sendVerificationEmail] Attempting to send verification email to: ${email2}`);
       await strapi2.plugin("firebase-authentication").service("emailService").sendVerificationEmail(firebaseUser, verificationLink);
@@ -31264,6 +31342,54 @@ const firebaseService = ({ strapi: strapi2 }) => ({
       }
       throw new ApplicationError$2("Failed to verify email. Please try again.");
     }
+  },
+  /**
+   * Check if a password is valid for the authenticated user
+   * Uses Firebase Identity Toolkit API to verify the password
+   *
+   * @param user - Authenticated user from ctx.state.user
+   * @param password - Password to check
+   * @returns { valid: true } or { valid: false }
+   */
+  async checkPassword(user, password) {
+    if (!user || !user.email) {
+      throw new ValidationError$1("User email is required");
+    }
+    const config2 = await strapi2.plugin("firebase-authentication").service("settingsService").getFirebaseConfigJson();
+    if (!config2 || !config2.firebaseWebApiKey) {
+      throw new ApplicationError$2(
+        "Password verification is not available. Web API Key is not configured.\n\nTo enable password verification:\n1. Go to Firebase Console > Project Settings > General\n2. Copy your Web API Key\n3. Add it in Strapi Admin > Settings > Firebase Authentication > Optional Settings"
+      );
+    }
+    try {
+      const response = await fetch(
+        `https://identitytoolkit.googleapis.com/v1/accounts:signInWithPassword?key=${config2.firebaseWebApiKey}`,
+        {
+          method: "POST",
+          headers: {
+            "Content-Type": "application/json"
+          },
+          body: JSON.stringify({
+            email: user.email,
+            password,
+            returnSecureToken: false
+          })
+        }
+      );
+      const data = await response.json();
+      if (!response.ok) {
+        const errorMessage = data.error?.message || "Authentication failed";
+        strapi2.log.debug(`checkPassword: password invalid for user ${user.email}: ${errorMessage}`);
+        if (errorMessage === "INVALID_PASSWORD" || errorMessage === "INVALID_LOGIN_CREDENTIALS" || errorMessage.includes("INVALID")) {
+          return { valid: false };
+        }
+        return { valid: false };
+      }
+      return { valid: true };
+    } catch (error2) {
+      strapi2.log.error("checkPassword error:", error2);
+      throw new ApplicationError$2("Failed to verify password");
+    }
   }
 });
 const passwordResetTemplate = {