ultimate-jekyll-manager 1.3.4 → 1.3.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +14 -0
- package/dist/assets/js/libs/auth.js +24 -0
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -14,6 +14,20 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
|
|
14
14
|
- `Fixed` for any bug fixes.
|
|
15
15
|
- `Security` in case of vulnerabilities.
|
|
16
16
|
|
|
17
|
+
---
|
|
18
|
+
## [1.3.6] - 2026-05-24
|
|
19
|
+
|
|
20
|
+
### Fixed
|
|
21
|
+
|
|
22
|
+
- **`auth/error-code:-47` now shows a friendly message instead of the raw FirebaseError.** v1.3.5's diagnostic confirmed: on the OAuth redirect path (`signInWithIdp` → 503), Firebase strips the BEM-side `HttpsError` message and delivers `code: 'auth/error-code:-47'` with `customData: {}` — empty. There's nothing to extract because Firebase ate the message client-side. This contradicts Firebase's own [Identity Platform docs](https://cloud.google.com/identity-platform/docs/blocking-functions) which describe a `BLOCKING_FUNCTION_ERROR_RESPONSE` wrapper that SHOULD carry the original message. The wrapper works on the 400 path (email signup, OAuth popup) — our v1.3.4 extractor handles that fine. The 503 path is broken: tracked at [firebase-js-sdk#8054](https://github.com/firebase/firebase-js-sdk/issues/8054), where a Firebase engineer said "503 seems to be the working as design error codes" then the issue was auto-closed as stale 5 weeks later without a fix or workaround. The `-47` code is 1:1 with "blocking-function rejected this signup," so `extractBlockingFunctionMessage()` now returns a generic-but-helpful message covering all three BEM `beforeCreate` reasons (rate limit, disposable email, custom hook reject): "Account creation is temporarily restricted. This can happen if you've recently created too many accounts, or your email is on our blocked list. Please try again later or contact support." The original `customData.serverResponse` path stays as the primary handler — the `-47` catchall is an additive fallback for when Firebase eats the message.
|
|
23
|
+
|
|
24
|
+
---
|
|
25
|
+
## [1.3.5] - 2026-05-24
|
|
26
|
+
|
|
27
|
+
### Added
|
|
28
|
+
|
|
29
|
+
- **Diagnostic logging in `extractBlockingFunctionMessage()` (`src/assets/js/libs/auth.js`).** When BEM's `beforeCreate` rate limit (2 signups/day/IP) fires via Google OAuth redirect, the user just saw "Firebase: Error (auth/error-code:-47)" instead of the helpful "Unable to create account at this time. Please try again later." message. The 1.3.4 extraction handles the standard 400-with-`BLOCKING_FUNCTION_ERROR_RESPONSE` path, but the 503 path (Google's Identity Toolkit returns 503 directly with code -47, no `customData.serverResponse`) flows through to the generic `auth.code` branch. Added a `console.warn` that dumps the full error shape (code, message, customData, serverResponse) so the next failed signup attempt reveals exactly what Firebase delivers — then we can write a matching handler. Diagnostic ships first; fix follows in a subsequent version.
|
|
30
|
+
|
|
17
31
|
---
|
|
18
32
|
## [1.3.4] - 2026-05-22
|
|
19
33
|
|
|
@@ -802,6 +802,30 @@ export default function () {
|
|
|
802
802
|
//
|
|
803
803
|
// Returns just the inner message string, or null if nothing useful was found.
|
|
804
804
|
function extractBlockingFunctionMessage(error) {
|
|
805
|
+
// Diagnostic: dump the full shape of every error that lands here so we can
|
|
806
|
+
// see exactly what Firebase delivers when BEM's beforeCreate throws. The
|
|
807
|
+
// 503 path (Identity Toolkit returns 503 with code -47, no BLOCKING_FUNCTION
|
|
808
|
+
// wrapper) needs different handling than the 400 path.
|
|
809
|
+
console.warn('[Auth] extractBlockingFunctionMessage: error shape', {
|
|
810
|
+
code: error?.code,
|
|
811
|
+
message: error?.message,
|
|
812
|
+
name: error?.name,
|
|
813
|
+
hasCustomData: !!error?.customData,
|
|
814
|
+
hasServerResponse: !!error?.customData?.serverResponse,
|
|
815
|
+
serverResponse: error?.customData?.serverResponse,
|
|
816
|
+
fullError: error,
|
|
817
|
+
});
|
|
818
|
+
|
|
819
|
+
// The OAuth redirect path (signInWithIdp → 503) delivers the rejection as
|
|
820
|
+
// `auth/error-code:-47` with NO `customData.serverResponse` blob — Firebase
|
|
821
|
+
// strips the BEM-side message before it reaches the client. The code is
|
|
822
|
+
// 1:1 with "blocking-function rejected this signup," so surface a generic-
|
|
823
|
+
// but-helpful message that covers all three BEM beforeCreate reasons
|
|
824
|
+
// (rate limit, disposable email, custom hook reject).
|
|
825
|
+
if (error?.code === 'auth/error-code:-47') {
|
|
826
|
+
return 'Account creation is temporarily restricted. This can happen if you\'ve recently created too many accounts, or your email is on our blocked list. Please try again later or contact support.';
|
|
827
|
+
}
|
|
828
|
+
|
|
805
829
|
const raw = error?.customData?.serverResponse;
|
|
806
830
|
if (!raw) {
|
|
807
831
|
return null;
|