feat(auth): Add multi-factor support for the sign-in flow #6593
Conversation
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
1 Ignored Deployment
|
|
|
fzuellich
changed the title
fzuellich
force-pushed
the
add-multi-factor-support
branch
from
c7ba289
to
fdf92f9
Compare
fzuellich
force-pushed
the
add-multi-factor-support
branch
from
fdf92f9
to
5a6f5f5
Compare
fzuellich
force-pushed
the
add-multi-factor-support
branch
from
5a6f5f5
to
0861ac4
Compare
|
I'm really sorry I haven't gotten to this yet - I really want this functionality, I truly appreciate the PR, and I will collaborate with you to get it merged+released. I appreciate the patience |
There was a problem hiding this comment.
Wow, this looks like excellent work. Finally got a chance to review through it.
I left some mostly-trivial / easy to resolve comments, what do you think?
How is this working for you currently? Does it seem to work? You may not have had a chance to test integrate it yet as the CI runs require approval for first-time PRs so the patch-package patch set is not being generated until I approve.
I just approved a run now which should kick out patches for test integration case that helps
packages/auth/e2e/multiFactor.e2e.js
Outdated
| }); | ||
|
|
||
| describe('sign-in', function () { | ||
| it(':android: requires multi-factor auth when enrolled', async function () { |
There was a problem hiding this comment.
interesting - I'm not familiar with this it(':android: <description>' form of exclusion, is this documented somewhere?
Historically we have been doing the if (<Platform conditional here>) { do the test } else { this.skip() } style I believe
There was a problem hiding this comment.
When running the tests e.g. yarn run tests:android:test it outputs the mocha command which uses a grep option:
mocha --config e2e/.mocharc.js --configuration android.emu.debug --grep :ios: --invert --use-custom-logger true e2e
After a quick Google search I couldn't find Detox documentation describing the feature, just some issues:
wix/Detox#712
And a test covering this behaviour: https://github.com/wix/Detox/blob/master/detox/local-cli/test.test.js#L78
Should I move it to the style you mention?
There was a problem hiding this comment.
Let me see what the output looks like after the e2e runs, as long as there is still evidence in the output that there is a test but it is skipped (and the total test count / skipped test count registers them), that's the real goal for me. How they are skipped isn't so important
There was a problem hiding this comment.
It does not appear to show up in list of skipped tests (it would be an entry with a - like this) so I don't think this works well - it hides them too well. I'd prefer the if-platform/else-skip style
multi-factor
✔ has no multi-factor information if not enrolled
✔ can not reuse session after logout (1035ms)
enroll
✔ throws an error for unknown sessions
✔ throws an error for unknown verification code
packages/auth/e2e/multiFactor.e2e.js
Outdated
| .auth() | ||
| .verifyPhoneNumberForMultiFactor({ phoneNumber: getRandomPhoneNumber(), session }); | ||
| } catch (e) { | ||
| // TODO fix in code to match web |
There was a problem hiding this comment.
is this still an active TODO item?
There was a problem hiding this comment.
Yes this is one of the TODOs I mentioned. There is at least one more in the Android code.
There was a problem hiding this comment.
The todos are sovled now :)
mikehardy
added
the
Workflow: Waiting for User Response
|
Oh - should have written this as nearly the first thing: the test support is absolutely fantastic, really really appreciated. It gives me so much more confidence during review that it does in fact work, knowing it's got e2e tests going with coverage we can see |
|
Interesting jest failure, referencing appCheck package? Is that a transitive dep of MFA? 🤔 Formatting failure can be fixed with react-native-firebase/package.json Line 13 in bf1de6c (likewise if there is an android one, just run |
|
Very happy to hear you are happy with the PR! :) Already resolved some of the more trivial comments. I hope I get a chance to look at the rest today, but can't promise it.
I'm linking the package using Open todos:
|
Codecov Report
@@ Coverage Diff @@
## main #6593 +/- ##
=============================================
+ Coverage 54.53% 72.20% +17.67%
=============================================
Files 209 115 -94
Lines 10399 4754 -5645
Branches 1650 1064 -586
=============================================
- Hits 5670 3432 -2238
+ Misses 4445 1240 -3205
+ Partials 284 82 -202 |
|
You may want to rebase this against current main - I've just ingested the major releases firebase-ios-sdk v10 and firebase-android-sdk v31, and on android they did fix a multi-factor issue: https://firebase.google.com/support/release-notes/android#auth_v21-1-0 The releases themselves are otherwise very low impact (in my opinion), with the only actual breaking change that affects react-native-firebase being a higher minimum iOS target (11) now I enhanced the android e2e stability as well so CI shouldn't be so finicky. Other than that, I'll stand by until I hear the "all clear" then I can test through this again. No pressure at all of course, but I am excited to see it merged, whenever it is ready. Cheers |
Awesome, that explains the broken timestamp when using Android! Do you want me to do a rebase and push-force or rather merge main into this branch? We have some urgent stuff going right now, so I get less done than I would like. |
fzuellich
force-pushed
the
add-multi-factor-support
branch
from
5595da3
to
97cfa44
Compare
|
The latest commits should fix all todos for this PR. I double checked linting 🤞 Currently I'm unable to integrate the latest changes into our app using yalc. Some classpath issues for Android and iOS. I hope this is resolved when I switch to a patch-package. Please test through this again. :) |
|
Huh - never heard of yalc before, interesting! Either way, CI running now, should be a new patch-package set shortly and since I just released (again) last night the patch set will be clean |
to match the error message produced by the Web.
|
I did some more testing and discovered two smaller issues with the error handling. I pushed the fixes as two commits. I hope it makes it easier to review the changes. |
|
🤔 |
to match the error message produced by the Web.
fzuellich
force-pushed
the
add-multi-factor-support
branch
from
3e7d5fc
to
ce15f02
Compare
|
Hola @mikehardy, I pushed a fix for that syntax error. If you get a chance can you let the checks run again? :) |
mikehardy
added
Workflow: Needs Review
|
Green CI is a beautiful thing - I'll do one more review pass through here but I imagine this is good to go if it is working for you - the patch-set may be useful in verifying same ? |
|
I'm quite happy with the iOS part so far (using the patch set). Still having trouble with the Android side due to
So far the internet wasn't too useful to fix this issue and I secretly hope this will magically solve itself once we have a real package. 🙈 |
|
That one is a pain! react-native-firebase/packages/messaging/android/build.gradle Lines 119 to 120 in e6fbf59 |
|
Thanks Mike, your suggestion fixed it! I need to improve my Google powers ;) I walked through the enrollment and sign-in using Android as well. It works for us 🥳 |
|
Fantastic, so my status understanding is no known issues/ ready for final review+merge release (hopefully) then. Enqueued for me as such |
|
Sounds good. I'm sure we'll be the first to open a PR if we find a bug. 😇 Do you have an ETA that I can communicate to management? |
There was a problem hiding this comment.
Re-scanned it all for final review ✅
Tested e2e locally after pulling current main + rebase (just to be sure)
- ios ✅
- android ✅
Merging now, will release in just a moment so should be available as 16.3.0 in a few minutes.
You can communicate to management that the quality of the PR and attention to detail on testing gives me a really high level of confidence, making quick review possible and leading to me shipping it immediately despite the size of the PR, how's that vs an ETA ;-)?. This is a fantastic addition to the module, I really appreciate it and I'm sure others hoping for it will be thrilled as well. Happy to collaborate on any followups as needed if (or when, it's a big feature...) something comes up. Cheers
mikehardy
removed
the
Workflow: Needs Review
|
That sounds awesome. Thank you so much for the collaboration! |
|
@fzuellich not sure if this is relevant for you or not, but saw it in the release notes for just-released 10.1.0 of firebase-ios-sdk and thought you might be interested, it just released: firebase/firebase-ios-sdk#10296 I'm releasing the SDK update packaged into a version here shortly so that fix (among others) will be generally available here |
Description
At Kyan Health we are using
react-native-firebasefor our mobile apps. We plan to roll out multi-factor authentication to our users soon. After implementing the necessary code on the web (using the original Firebase libraries) we were missing multi-factor support for the apps.I'm aware that there are a few small todos left in the code. Nonetheless I'd appreciate some early feedback from the maintainers to see how we can get the PR merged. :)
Open questions on our side:
:android:. I have the feeling that this is not properly implemented on Firebase' side. Testing against a real life Firebase project doesn't run into issues with missing multi-factor authentication. I also find it strange the the Firebase emulator prints a different SMS code message for iOS devices (masks the phone number). Any thought or hints how to solve this problem? 😇Related issues
I'm aware of:
Release Summary
Checklist
AndroidiOSe2etests added or updated inpackages/\*\*/e2ejesttests added or updated inpackages/\*\*/__tests__Test Plan
🔥