From 5d87679e433e357a18cc3344bbf911455014a341 Mon Sep 17 00:00:00 2001 From: Mike Hardy Date: Mon, 13 May 2024 08:59:40 -0500 Subject: [PATCH] fix(auth, ios): reject multi-factor API call if session not found behavior should mirror what android native MFA does with this change --- packages/auth/ios/RNFBAuth/RNFBAuthModule.m | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/packages/auth/ios/RNFBAuth/RNFBAuthModule.m b/packages/auth/ios/RNFBAuth/RNFBAuthModule.m index 3c95235ace..7425a1c021 100644 --- a/packages/auth/ios/RNFBAuth/RNFBAuthModule.m +++ b/packages/auth/ios/RNFBAuth/RNFBAuthModule.m @@ -892,8 +892,15 @@ - (void)invalidate { DLog(@"verifyPhoneNumberForMultifactor phoneNumber: %@", phoneNumber); DLog(@"verifyPhoneNumberForMultifactor sessionId: %@", sessionId); FIRMultiFactorSession *session = cachedSessions[sessionId]; - DLog(@"using instance VerifyPhoneNumberForMultifactor: %@", - firebaseApp.name)[[FIRPhoneAuthProvider providerWithAuth:[FIRAuth authWithApp:firebaseApp]] + if (session == nil) { + [RNFBSharedUtils rejectPromiseWithUserInfo:reject + userInfo:(NSMutableDictionary *)@{ + @"code" : @"invalid-multi-factor-session", + @"message" : @"can't find session for provided key" + }]; + return; + } + [[FIRPhoneAuthProvider providerWithAuth:[FIRAuth authWithApp:firebaseApp]] verifyPhoneNumber:phoneNumber UIDelegate:nil multiFactorSession:session