fix(auth, android): catch native error in signWithEmailLink

mikehardy · mikehardy · commit accf260eee2f · 2025-04-29T10:58:59.000-05:00
the firebase-android-sdk throws an unhandled error if the link is
mal-formed (e.g., missing apiKey param) which bubbled up to javascript
inappropriately making it very hard to handle

now we catch all exceptions and handle correctly with a Promise reject,
and we probe the same with an e2e test
diff --git a/packages/auth/android/src/main/java/io/invertase/firebase/auth/ReactNativeFirebaseAuthModule.java b/packages/auth/android/src/main/java/io/invertase/firebase/auth/ReactNativeFirebaseAuthModule.java
@@ -459,18 +459,23 @@ private void signInWithEmailLink(
     FirebaseApp firebaseApp = FirebaseApp.getInstance(appName);
     FirebaseAuth firebaseAuth = FirebaseAuth.getInstance(firebaseApp);
 
-    firebaseAuth
-        .signInWithEmailLink(email, emailLink)
-        .addOnSuccessListener(
-            authResult -> {
-              Log.d(TAG, "signInWithEmailLink:onComplete:success");
-              promiseWithAuthResult(authResult, promise);
-            })
-        .addOnFailureListener(
-            exception -> {
-              Log.e(TAG, "signInWithEmailLink:onComplete:failure", exception);
-              promiseRejectAuthException(promise, exception);
-            });
+    try {
+      firebaseAuth
+          .signInWithEmailLink(email, emailLink)
+          .addOnSuccessListener(
+              authResult -> {
+                Log.d(TAG, "signInWithEmailLink:onComplete:success");
+                promiseWithAuthResult(authResult, promise);
+              })
+          .addOnFailureListener(
+              exception -> {
+                Log.e(TAG, "signInWithEmailLink:onComplete:failure", exception);
+                promiseRejectAuthException(promise, exception);
+              });
+    } catch (Exception exception) {
+      Log.e(TAG, "signInWithEmailLink:onComplete:totalfailure", exception);
+      promiseRejectAuthException(promise, exception);
+    }
   }
 
   @ReactMethod
diff --git a/packages/auth/e2e/emailLink.e2e.js b/packages/auth/e2e/emailLink.e2e.js
@@ -55,6 +55,7 @@ describe('auth() -> emailLink Provider', function () {
       await sendSignInLinkToEmail(auth, email, actionCodeSettings);
       const oobInfo = await getLastOob(email);
       oobInfo.oobLink.should.containEql(encodeURIComponent(continueUrl));
+      console.error('the oobLink was: ' + oobInfo.oobLink);
       const signInResponse = await signInUser(oobInfo.oobLink);
       signInResponse.should.containEql(continueUrl);
       signInResponse.should.containEql(oobInfo.oobCode);
@@ -96,9 +97,53 @@ describe('auth() -> emailLink Provider', function () {
     });
   });
 
-  // FOR MANUAL TESTING ONLY
-  xdescribe('signInWithEmailLink', function () {
-    it('should signIn', async function () {
+  describe('signInWithEmailLink', function () {
+    it.only('sign in via email does not crash with missing apiKey', async function () {
+      const { getAuth, sendSignInLinkToEmail, signInWithEmailLink } = authModular;
+
+      const auth = getAuth();
+      const random = Utils.randString(12, '#aa');
+      const email = `${random}@${random}.com`;
+      const continueUrl = `http://${Platform.android ? '10.0.2.2' : '127.0.0.1'}:8081/authLinkFoo?bar=${random}`;
+      const actionCodeSettings = {
+        url: continueUrl,
+        handleCodeInApp: true,
+        iOS: {
+          bundleId: 'com.testing',
+        },
+        android: {
+          packageName: 'com.testing',
+          installApp: true,
+          minimumVersion: '12',
+        },
+      };
+      await sendSignInLinkToEmail(auth, email, actionCodeSettings);
+      const oobInfo = await getLastOob(email);
+      oobInfo.oobLink.should.containEql(encodeURIComponent(continueUrl));
+
+      // Specifically remove the apiKey param. Android requires it and needs
+      // specific error handling or it crashes, See #8360
+      let linkNoApiKey = oobInfo.oobLink.replace('&apiKey=fake-api-key', '');
+      try {
+        const signInResponse = await signInWithEmailLink(auth, email, linkNoApiKey);
+        if (Platform.OS === 'android') {
+          throw new Error('Should have rejected on Android');
+        } else {
+          signInResponse.user.email.should.equal(email);
+          auth.currentUser.email.should.equal(email);
+        }
+      } catch (e) {
+        if (Platform.OS === 'android') {
+          e.message.should.containEql('Given link is not a valid email link');
+        } else {
+          // all non-android platforms should have been fine without apiKey
+          throw e;
+        }
+      }
+    });
+
+    // FOR MANUAL TESTING ONLY
+    xit('should signIn', async function () {
       const auth = getAuth();
       const email = 'MANUAL TEST EMAIL HERE';
       const emailLink = 'MANUAL TEST CODE HERE';
