firebase · ncooke3 · Aug 31, 2024 · Aug 31, 2024 · Aug 31, 2024 · Aug 31, 2024
diff --git a/FirebaseAuth/CHANGELOG.md b/FirebaseAuth/CHANGELOG.md
@@ -1,7 +1,12 @@
-# 11.2.0
+# Unreleased
 - [Fixed] Fixed crashes that could occur in Swift continuation blocks running in the Xcode 16
   betas. (#13480)
 - [Fixed] Fixed Phone Auth via Sandbox APNS tokens that broke in 11.0.0. (#13479)
+- [Fixed] Fix crash when fetching sign in methods due to unexpected nil.
+  Previously, fetching sign in methods could return both a `nil` array of sign
+  in methods and a `nil` error. In such cases, an empty array is instead
+  returned with the `nil` error. (#13550)
+
 
 # 11.1.0
 - [fixed] Fixed `Swift.error` conformance for `AuthErrorCode`. (#13430)

diff --git a/FirebaseAuth/Sources/Swift/Auth/Auth.swift b/FirebaseAuth/Sources/Swift/Auth/Auth.swift
@@ -290,7 +290,7 @@ extension Auth: AuthInterop {
                                      completion: (([String]?, Error?) -> Void)? = nil) {
     kAuthGlobalWorkQueue.async {
       let request = CreateAuthURIRequest(identifier: email,
-                                         continueURI: "http:www.google.com",
+                                         continueURI: "http://www.google.com/",
                                          requestConfiguration: self.requestConfiguration)
       Task {
         do {

diff --git a/FirebaseAuth/Sources/Swift/Backend/RPC/CreateAuthURIResponse.swift b/FirebaseAuth/Sources/Swift/Backend/RPC/CreateAuthURIResponse.swift
@@ -33,8 +33,8 @@ class CreateAuthURIResponse: AuthRPCResponse {
   /// A list of provider IDs the passed identifier could use to sign in with.
   var allProviders: [String]?
 
-  /// A list of sign-in methods available for the passed  identifier.
-  var signinMethods: [String]?
+  /// A list of sign-in methods available for the passed identifier.
+  var signinMethods: [String] = []
 
   /// Bare initializer.
   required init() {}
@@ -45,6 +45,6 @@ class CreateAuthURIResponse: AuthRPCResponse {
     registered = dictionary["registered"] as? Bool ?? false
     forExistingProvider = dictionary["forExistingProvider"] as? Bool ?? false
     allProviders = dictionary["allProviders"] as? [String]
-    signinMethods = dictionary["signinMethods"] as? [String]
+    signinMethods = dictionary["signinMethods"] as? [String] ?? []
 /// - Parameter completion: Optionally; a block which is invoked when the list of sign in methods 
 /// for the specified email address is ready or an error was encountered. Invoked asynchronously 
 /// on the main thread in the future. 
 /// - Parameter completion: Optionally; a block which is invoked when the list of sign in methods 
 /// for the specified email address is ready or an error was encountered. Invoked asynchronously 
 /// on the main thread in the future. 
   }
 }
diff --git a/FirebaseAuth/Tests/SampleSwift/SwiftApiTests/EmailPasswordTests.swift b/FirebaseAuth/Tests/SampleSwift/SwiftApiTests/EmailPasswordTests.swift
@@ -69,12 +69,15 @@ class EmailPasswordTests: TestsBase {
     waitForExpectations(timeout: TestsBase.kExpectationsTimeout)
   }
 
-  @available(iOS 13, tvOS 13, macOS 10.15, macCatalyst 13, watchOS 7, *)
   func testSignInExistingUserWithEmailAndPasswordAsync() async throws {
     let auth = Auth.auth()
     try await auth.signIn(withEmail: kExistingEmailToSignIn, password: "password")
     XCTAssertEqual(auth.currentUser?.email,
                    kExistingEmailToSignIn,
                    "Signed user does not match request.")
+    // Regression test for #13550. Auth enumeration protection is enabled for
+    // the test project, so no sign in methods should be returned.
+    let signInMethods = try await auth.fetchSignInMethods(forEmail: kExistingEmailToSignIn)
+    XCTAssertEqual(signInMethods, [])
   }
 }