UserContext, deleteAccount: if provider is google, always reauthenticate the user before performing any delete

2025-11-22 20:51:29 +10:00 · 2021-04-23 17:30:25 +02:00
parent 54ddfe30d7
commit f53e34c37d
1 changed files with 8 additions and 5 deletions
--- a/src/contexts/UserContext.js
+++ b/src/contexts/UserContext.js
@ -75,17 +75,20 @@ const UserProvider = ({ children }) => {

  const deleteAccount = async () => {
    const { currentUser } = firebase.auth();
+    const authProviderIsGoogle =
+      currentUser.providerData.length > 0 &&
+      currentUser.providerData[0].providerId === 'google.com';
    const deleteUser = firebase.functions().httpsCallable('deleteUser');

+    if (authProviderIsGoogle) {
+      const userCredential = await loginWithGoogle();
+      await currentUser.reauthenticateWithCredential(userCredential.credential);
+    }
+
    await deleteUser();

    try {
      await currentUser.delete();
-    } catch (error) {
-      if (error.code === 'auth/requires-recent-login') {
-        await loginWithGoogle();
-        await currentUser.delete();
-      }
    } finally {
      logout();
      toast(