Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

get_user_by_email can silently return wrong result when "allow multiple accounts with the same email address" is set #843

Open
kkom opened this issue Dec 23, 2024 · 1 comment
Open

get_user_by_email can silently return wrong result when "allow multiple accounts with the same email address" is set #843

kkom opened this issue Dec 23, 2024 · 1 comment
Assignees
@Xiaoshouzi-gh
Labels
api: auth

Comments

@kkom
Copy link

kkom commented Dec 23, 2024
edited
Loading

Describe your environment

  • Operating System version: macOS 15.2
  • Firebase SDK version: 6.6.0
  • Firebase Product: auth
  • Python version: 3.12
  • Pip version: uv 0.5.11

Describe the problem

I'm worried that the get_user_by_email function misleadingly silently skips some results.

It's typed as returning a single user record given an email address:

firebase-admin-python/firebase_admin/_auth_client.py

Lines 179 to 194 in 8ba819a

def get_user_by_email(self, email):
"""Gets the user data corresponding to the specified user email.
Args:
email: A user email address string.
Returns:
UserRecord: A user record instance.
Raises:
ValueError: If the email is None, empty or malformed.
UserNotFoundError: If no user exists for the specified email address.
FirebaseError: If an error occurs while retrieving the user.
"""
response = self._user_manager.get_user(email=email)
return _user_mgt.UserRecord(response)

However, it is possible to configure Firebase to allow multiple accounts with the same email address: https://support.google.com/firebase/answer/9134820

It looks like the implementation takes just the first user record if more than one matches the provided email:

firebase-admin-python/firebase_admin/_user_mgt.py

Lines 583 to 602 in 8ba819a

def get_user(self, **kwargs):
"""Gets the user data corresponding to the provided key."""
if 'uid' in kwargs:
key, key_type = kwargs.pop('uid'), 'user ID'
payload = {'localId' : [_auth_utils.validate_uid(key, required=True)]}
elif 'email' in kwargs:
key, key_type = kwargs.pop('email'), 'email'
payload = {'email' : [_auth_utils.validate_email(key, required=True)]}
elif 'phone_number' in kwargs:
key, key_type = kwargs.pop('phone_number'), 'phone number'
payload = {'phoneNumber' : [_auth_utils.validate_phone(key, required=True)]}
else:
raise TypeError('Unsupported keyword arguments: {0}.'.format(kwargs))
body, http_resp = self._make_request('post', '/accounts:lookup', json=payload)
if not body or not body.get('users'):
raise _auth_utils.UserNotFoundError(
'No user record found for the provided {0}: {1}.'.format(key_type, key),
http_response=http_resp)
return body['users'][0]

I'd suggest replacing it with a get_users_by_email that returns a collections of records, to avoid misleading programmers unfamiliar with the "allow multiple accounts with the same email address" option.
@google-oss-bot
Copy link

I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Xiaoshouzi-gh Xiaoshouzi-gh

Labels
api: auth
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@lahirumaramba @kkom @google-oss-bot @Xiaoshouzi-gh