Merge pull request #1292 from firebase/account-exists-diff-credential

Author: russellwheatley

FirebaseSwiftUI/FirebaseAppleSwiftUI/Sources/Views/SignInWithAppleButton.swift

@@ -20,7 +20,6 @@ import SwiftUI
 @MainActor
 public struct SignInWithAppleButton {
   @Environment(AuthService.self) private var authService
-  @Environment(\.signInWithMergeConflictHandler) private var signInHandler
   let provider: AuthProviderSwift
   public init(provider: AuthProviderSwift) {
     self.provider = provider
@@ -35,13 +34,7 @@ extension SignInWithAppleButton: View {
       accessibilityId: "sign-in-with-apple-button"
     ) {
       Task {
-        if let handler = signInHandler {
-          try? await handler(authService) {
-            try await authService.signIn(provider)
-          }
-        } else {
-          try? await authService.signIn(provider)
-        }
+        try? await authService.signIn(provider)
       }
     }
   }

FirebaseSwiftUI/FirebaseAuthSwiftUI/Sources/AuthServiceError.swift

@@ -15,16 +15,56 @@
 import FirebaseAuth
 import SwiftUI
 
-public struct AccountMergeConflictContext: LocalizedError {
+/// Describes the specific type of account conflict that occurred
+public enum AccountConflictType: Equatable {
+  /// Account exists with a different provider (e.g., user signed up with Google, trying to use
+  /// email)
+  /// Solution: Sign in with existing provider, then link the new credential
+  case accountExistsWithDifferentCredential
+
+  /// The credential is already linked to another account
+  /// Solution: User must sign in with that account or unlink the credential
+  case credentialAlreadyInUse
+
+  /// Email is already registered with another method
+  /// Solution: Sign in with existing method, then link if desired
+  case emailAlreadyInUse
+
+  /// Trying to link anonymous account to an existing account
+  /// Solution: Sign out of anonymous, then sign in with the credential
+  case anonymousUpgradeConflict
+}
+
+public struct AccountConflictContext: LocalizedError, Identifiable, Equatable {
+  public let id = UUID()
+  public let conflictType: AccountConflictType
   public let credential: AuthCredential
   public let underlyingError: Error
   public let message: String
-  // TODO: - should make this User type once fixed upstream in firebase-ios-sdk. See: https://github.com/firebase/FirebaseUI-iOS/pull/1247#discussion_r2085455355
-  public let uid: String?
+  public let email: String?
+
+  /// Human-readable description of the conflict type
+  public var conflictDescription: String {
+    switch conflictType {
+    case .accountExistsWithDifferentCredential:
+      return "This account is already registered with a different sign-in method."
+    case .credentialAlreadyInUse:
+      return "This credential is already linked to another account."
+    case .emailAlreadyInUse:
+      return "This email address is already in use."
+    case .anonymousUpgradeConflict:
+      return "Cannot link anonymous account to an existing account."
+    }
+  }
 
   public var errorDescription: String? {
     return message
   }
+
+  public static func == (lhs: AccountConflictContext, rhs: AccountConflictContext) -> Bool {
+    // Compare by id since each AccountConflictContext instance is unique
+    lhs.id == rhs.id
+  }
 }
 
 public enum AuthServiceError: LocalizedError {
@@ -35,7 +75,7 @@ public enum AuthServiceError: LocalizedError {
   case reauthenticationRequired(String)
   case invalidCredentials(String)
   case signInFailed(underlying: Error)
-  case accountMergeConflict(context: AccountMergeConflictContext)
+  case accountConflict(AccountConflictContext)
   case providerNotFound(String)
   case multiFactorAuth(String)
   case rootViewControllerNotFound(String)
@@ -64,7 +104,7 @@ public enum AuthServiceError: LocalizedError {
       return description
     case let .signInCancelled(description):
       return description
-    case let .accountMergeConflict(context):
+    case let .accountConflict(context):
       return context.errorDescription
     case let .providerNotFound(description):
       return description

FirebaseSwiftUI/FirebaseAuthSwiftUI/Sources/Services/AuthService.swift

@@ -130,11 +130,27 @@ public final class AuthService {
   public var currentUser: User?
   public var authenticationState: AuthenticationState = .unauthenticated
   public var authenticationFlow: AuthenticationFlow = .signIn
-  public var currentError: AlertError?
+  private var _currentError: AlertError?
+
+  /// A binding that allows SwiftUI views to observe and clear errors
+  public var currentError: Binding<AlertError?> {
+    Binding(
+      get: { self._currentError },
+      set: { newValue in
+        if newValue == nil {
+          self._currentError = nil
+        }
+      }
+    )
+  }
+
   public let passwordPrompt: PasswordPromptCoordinator = .init()
   public var currentMFARequired: MFARequired?
   private var currentMFAResolver: MultiFactorResolver?
 
+  /// Current account conflict context - observe this to handle conflicts and update backend
+  public private(set) var currentAccountConflict: AccountConflictContext?
+
   // MARK: - Provider APIs
 
   private var listenerManager: AuthListenerManager?
@@ -204,11 +220,12 @@ public final class AuthService {
   }
 
   func reset() {
-    currentError = nil
+    _currentError = nil
+    currentAccountConflict = nil
   }
 
   func updateError(title: String = "Error", message: String, underlyingError: Error? = nil) {
-    currentError = AlertError(title: title, message: message, underlyingError: underlyingError)
+    _currentError = AlertError(title: title, message: message, underlyingError: underlyingError)
   }
 
   public var shouldHandleAnonymousUpgrade: Bool {
@@ -239,9 +256,12 @@ public final class AuthService {
       }
       updateAuthenticationState()
     } catch {
+      // Possible conflicts from user.link():
+      // - credentialAlreadyInUse: credential is already linked to another account
+      // - emailAlreadyInUse: email from credential is already used by another account
+      // - accountExistsWithDifferentCredential: account exists with different sign-in method
       authenticationState = .unauthenticated
-      updateError(message: string.localizedErrorMessage(for: error), underlyingError: error)
-      throw error
+      try handleErrorWithConflictCheck(error: error, credential: credentials)
     }
   }
 
@@ -254,32 +274,7 @@ public final class AuthService {
       let result = try await currentUser?.link(with: credentials)
       updateAuthenticationState()
       return .signedIn(result)
-    } catch let error as NSError {
-      // Handle credentialAlreadyInUse error
-      if error.code == AuthErrorCode.credentialAlreadyInUse.rawValue {
-        // Extract the updated credential from the error
-        let updatedCredential = error.userInfo["FIRAuthUpdatedCredentialKey"] as? AuthCredential
-          ?? credentials
-
-        let context = AccountMergeConflictContext(
-          credential: updatedCredential,
-          underlyingError: error,
-          message: "Unable to merge accounts. The credential is already associated with a different account.",
-          uid: currentUser?.uid
-        )
-        throw AuthServiceError.accountMergeConflict(context: context)
-      }
-
-      // Handle emailAlreadyInUse error
-      if error.code == AuthErrorCode.emailAlreadyInUse.rawValue {
-        let context = AccountMergeConflictContext(
-          credential: credentials,
-          underlyingError: error,
-          message: "Unable to merge accounts. This email is already associated with a different account.",
-          uid: currentUser?.uid
-        )
-        throw AuthServiceError.accountMergeConflict(context: context)
-      }
+    } catch {
       throw error
     }
   }
@@ -296,18 +291,19 @@ public final class AuthService {
       }
     } catch let error as NSError {
       authenticationState = .unauthenticated
+
       // Check if this is an MFA required error
       if error.code == AuthErrorCode.secondFactorRequired.rawValue {
         if let resolver = error
           .userInfo[AuthErrorUserInfoMultiFactorResolverKey] as? MultiFactorResolver {
           return handleMFARequiredError(resolver: resolver)
         }
-      } else {
-        // Don't want error modal on MFA error so we only update here
-        updateError(message: string.localizedErrorMessage(for: error), underlyingError: error)
       }
 
-      throw error
+      // Possible conflicts from auth.signIn(with:):
+      // - accountExistsWithDifferentCredential: account exists with different provider
+      // - credentialAlreadyInUse: credential is already linked to another account
+      try handleErrorWithConflictCheck(error: error, credential: credentials)
     }
   }
 
@@ -381,20 +377,21 @@ public extension AuthService {
 
   func createUser(email email: String, password: String) async throws -> SignInOutcome {
     authenticationState = .authenticating
+    let credential = EmailAuthProvider.credential(withEmail: email, password: password)
 
     do {
       if shouldHandleAnonymousUpgrade {
-        let credential = EmailAuthProvider.credential(withEmail: email, password: password)
         return try await handleAutoUpgradeAnonymousUser(credentials: credential)
       } else {
         let result = try await auth.createUser(withEmail: email, password: password)
         updateAuthenticationState()
         return .signedIn(result)
       }
     } catch {
+      // Possible conflicts from auth.createUser():
+      // - emailAlreadyInUse: email is already registered with another account
       authenticationState = .unauthenticated
-      updateError(message: string.localizedErrorMessage(for: error), underlyingError: error)
-      throw error
+      try handleErrorWithConflictCheck(error: error, credential: credential)
     }
   }
 
@@ -452,8 +449,18 @@ public extension AuthService {
         emailLink = nil
       }
     } catch {
-      updateError(message: string.localizedErrorMessage(for: error), underlyingError: error)
-      throw error
+      // Reconstruct credential for conflict handling
+      let link = url.absoluteString
+      guard let email = emailLink else {
+        throw AuthServiceError
+          .invalidEmailLink("email address is missing from app storage. Is this the same device?")
+      }
+      let credential = EmailAuthProvider.credential(withEmail: email, link: link)
+
+      // Possible conflicts from auth.signIn(withEmail:link:):
+      // - accountExistsWithDifferentCredential: account exists with different provider
+      // - credentialAlreadyInUse: credential is already linked to another account
+      try handleErrorWithConflictCheck(error: error, credential: credential)
     }
   }
 
@@ -853,6 +860,71 @@ public extension AuthService {
     }
   }
 
+  // MARK: - Account Conflict Helper Methods
+
+  private func determineConflictType(from error: NSError) -> AccountConflictType? {
+    switch error.code {
+    case AuthErrorCode.accountExistsWithDifferentCredential.rawValue:
+      return shouldHandleAnonymousUpgrade ? .anonymousUpgradeConflict :
+        .accountExistsWithDifferentCredential
+    case AuthErrorCode.credentialAlreadyInUse.rawValue:
+      return shouldHandleAnonymousUpgrade ? .anonymousUpgradeConflict : .credentialAlreadyInUse
+    case AuthErrorCode.emailAlreadyInUse.rawValue:
+      return shouldHandleAnonymousUpgrade ? .anonymousUpgradeConflict : .emailAlreadyInUse
+    default:
+      return nil
+    }
+  }
+
+  private func createConflictContext(from error: NSError,
+                                     conflictType: AccountConflictType,
+                                     credential: AuthCredential) -> AccountConflictContext {
+    let updatedCredential = error
+      .userInfo[AuthErrorUserInfoUpdatedCredentialKey] as? AuthCredential ?? credential
+    let email = error.userInfo[AuthErrorUserInfoEmailKey] as? String
+
+    return AccountConflictContext(
+      conflictType: conflictType,
+      credential: updatedCredential,
+      underlyingError: error,
+      message: string.localizedErrorMessage(for: error),
+      email: email
+    )
+  }
+
+  /// Handles account conflict errors by creating context, storing it, and throwing structured error
+  /// - Parameters:
+  ///   - error: The error to check and handle
+  ///   - credential: The credential that caused the conflict
+  /// - Throws: AuthServiceError.accountConflict if it's a conflict error, otherwise rethrows the
+  /// original error
+  private func handleErrorWithConflictCheck(error: Error,
+                                            credential: AuthCredential) throws -> Never {
+    // Check for account conflict errors
+    if let error = error as NSError?,
+       let conflictType = determineConflictType(from: error) {
+      let context = createConflictContext(
+        from: error,
+        conflictType: conflictType,
+        credential: credential
+      )
+
+      // Store it for consumers to observe
+      currentAccountConflict = context
+
+      // Only set error alert if we're NOT auto-handling it
+      if conflictType != .anonymousUpgradeConflict {
+        updateError(message: context.message, underlyingError: error)
+      }
+
+      // Throw the specific error with context
+      throw AuthServiceError.accountConflict(context)
+    } else {
+      updateError(message: string.localizedErrorMessage(for: error), underlyingError: error)
+      throw error
+    }
+  }
+
   // MARK: - MFA Helper Methods
 
   private func extractMFAHints(from resolver: MultiFactorResolver) -> [MFAHint] {