auth: generatePasswordResetLink returns auth/internal-error on valid non-registered email address

[loukotal]

Describe your environment

• Operating System version: macOS 10.15.7
• Firebase SDK version: 9.4.2
• Firebase Product: auth
• Node.js version: 14.16.0
• NPM version: 6.14.11

Describe the problem

Calling generatePasswordResetLink with a valid email that is "not registered" (or, in other words, is not tied to any user), results in auth/internal-error. We used to catch auth/user-not-found error code for cases where the email was not found, but it seems like the error code changed to EMAIL_NOT_FOUND. EMAIL_NOT_FOUND is not handled/mapped and therefore the response results in auth/internal-error. The error code is not present in the docs here, is it not handled on purpose then?
I would have thought an error code like this is something that could have its own error code and not default to auth/internal-error, hence this issue.

Or is to something to be reported on the official Firebase bug report site here? If so, then I am sorry for opening the issue here and I will report it on the Firebase website.

Relevant pieces of code I could (or could not) find:

• query for EMAIL_NOT_FOUND response code: https://github.com/firebase/firebase-admin-node/search?q=EMAIL_NOT_FOUND
• default value if response code is not present:

  firebase-admin-node/src/utils/error.ts

  Line 157 in 1862342

  const clientCodeKey = AUTH_SERVER_TO_CLIENT_CODE[serverErrorCode] || 'INTERNAL_ERROR';

• AuthClientErrorCode definition:

  firebase-admin-node/src/utils/error.ts

  Line 344 in 1862342

  export class AuthClientErrorCode {

• Auth server to client enum error codes:

  firebase-admin-node/src/utils/error.ts

  Line 830 in 1862342

  const AUTH_SERVER_TO_CLIENT_CODE: ServerToClientCode = {

I also went through the python sdk and it seems like EMAIL_NOT_FOUND is also not handled. Maybe it is on purpose then?

Steps to reproduce:

1. Initialize firebase-admin app with a service account
2. Call generatePasswordResetLink with a valid email that is not tied to any user
3. Catch error

Or curl command to REST API for quick testing:

curl 'https://identitytoolkit.googleapis.com/v1/accounts:sendOobCode?key=API_KEY' \
-H 'Content-Type: application/json' \
--data-binary '{"requestType":"PASSWORD_RESET","email":"notRegisteredEmail@example.com@example.com"}'

Error info:

{
    code: 'auth/internal-error',
    message: 'An internal error has occurred. Raw server response: "{"error":{"code":400,"message":"EMAIL_NOT_FOUND","errors":[{"message":"EMAIL_NOT_FOUND","domain":"global","reason":"invalid"}]}}"'
  },
  codePrefix: 'auth'
}

Relevant Code:

import * as admin from "firebase-admin";

admin.initializeApp({
    credential: admin.credential.cert("GCP_SERVICE_ACCOUNT")
})

admin.auth().generatePasswordResetLink("notRegisteredEmail@example.com").catch(console.error).finally(process.exit);

Expected behaviour

EMAIL_NOT_FOUND is defined in AuthClientErrorCode and correctly mapped so that error.code does not return auth/internal-error but auth/email-not-found (or similar).

---

I will gladly provide more information if needed and if this is something that should be added, I think I would manage to make a PR for it. I have it mostly ready, but I am not sure if it is a desired behaviour to handle this error code, since it is not handled in the python sdk as well (from what I could gather).

Thank you!

[hiranya911]

Thanks for the detailed report @loukotal. Indeed looks like an error code change in the backend.

@bojeil-google did something change in the backend?

[bojeil-google]

Thanks @loukotal for notifying us. I am also able to recreate it. I am unaware of any recent change that may have caused this. I have filed an internal report with the backend team on this. I also recommend you file a ticket with support. Do you happen to know when this started happening? This could help pinpoint the culprit.

[loukotal]

Thank you both for a quick response! I have filed the ticket with support.

As for when this started happening - we noticed first error events on 2021-03-18 (around 12 am). Hopefully this is of any help.

[bojeil-google]

Hey @loukotal, can you confirm that before 2021-03-18, you were seeing auth/user-not-found error code when a user was not registered?

[loukotal]

Sorry for the later response. Unfortunately I was not able to find any logs pointing to the api returning auth/user-not-found when user was not registered.
On the other hand, when searching through logs I found an earlier appearance of the error - on 2021-03-01. I apologise for the wrong date in the previous message, I was looking at our error reporting service and did not sift through all logs 🙇.

[bojeil-google]

Yeah the reason we ask is because we are not completely sure this is a regression. It may be that we never returned USER_NOT_FOUND for all the different email action link operations (it returns for some but not all). We can't find any recent backend change to confirm that there was a change in behavior.

[loukotal]

I see, thank you for the update. So if I understand it correctly, EMAIL_NOT_FOUND is the correct error message and is just not handled by the sdk?

What confused me and made me open the issue was that I didn't find it in the docs, the node SDK or the python sdk.

Thank you for your time!

[bojeil-google]

I see, thank you for the update. So if I understand it correctly, EMAIL_NOT_FOUND is the correct error message and is just not handled by the sdk?

What confused me and made me open the issue was that I didn't find it in the docs, the node SDK or the python sdk.

Thank you for your time!

We don't know yet. This could be an older regression but we can't say for sure. It is still under investigation.

[hiranya911]

Hi @bojeil-google. Did we find any resolution for this? Is there any action items for this repo?