You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When enabling Email Enumeration Protection through the firebase console it does not reflect on the authentication emulator when running the emulator with the project id of my firebase project and executing functions like sendPasswordResetEmail.
[REQUIRED] Steps to reproduce
init the emulators:
firebase login
firebase use $YOUR_PROJECT_ID
firebase emulators:start --only auth
Hey @JulioGrajales, in general, the emulators will not reflect changes made via the Firebase console. In this case however, nfortunately, we have not gotten a chance to implement emulator support for email enumeration protection yet.
Keeping this open to track the feature request - however, I can't make any promises as to when this may be supported.
I have only tested it with signInWithEmailAndPassword authentication method, but at least some support for email enumeration protection seems to now be possible:
Do an export of the firebase emulators after adding some users:
firebase emulators:export exports
Edit the file exports/auth_export/config.json
Set enableImprovedEmailPrivacy in the JSON file to true
Import the firebase emulators from the modified config:
firebase emulators:start --import=exports
At this point, the JSON return from invalid logins changes from EMAIL_NOT_FOUND or INVALID_PASSWORD to just INVALID_CREDENTIALS
Tested on version 13.7.3 of firebase-tools
After some searching, it seems that this has been added since v13.2.0, (#6702).
[REQUIRED] Environment info
firebase-tools: 13.0.3
Platform: Windows
[REQUIRED] Test case
When enabling Email Enumeration Protection through the firebase console it does not reflect on the authentication emulator when running the emulator with the project id of my firebase project and executing functions like
sendPasswordResetEmail
.[REQUIRED] Steps to reproduce
init the emulators:
firebase login firebase use $YOUR_PROJECT_ID firebase emulators:start --only auth
boiler plate html:
Click the button to execute the
sendPasswordResetEmail
function with a fake email address not registered in the list of users.[REQUIRED] Expected behavior
Return a
200
status code and the following JSON object:[REQUIRED] Actual behavior
It returns a
400
status code and the following JSON object:The text was updated successfully, but these errors were encountered: