Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

get_user_by_email can silently return wrong result when "allow multiple accounts with the same email address" is set #843

Open
Assignees
Labels
@kkom

Description

Describe your environment

  • Operating System version: macOS 15.2
  • Firebase SDK version: 6.6.0
  • Firebase Product: auth
  • Python version: 3.12
  • Pip version: uv 0.5.11

Describe the problem

I'm worried that the get_user_by_email function misleadingly silently skips some results.

It's typed as returning a single user record given an email address:

def get_user_by_email(self, email):
"""Gets the user data corresponding to the specified user email.
Args:
email: A user email address string.
Returns:
UserRecord: A user record instance.
Raises:
ValueError: If the email is None, empty or malformed.
UserNotFoundError: If no user exists for the specified email address.
FirebaseError: If an error occurs while retrieving the user.
"""
response = self._user_manager.get_user(email=email)
return _user_mgt.UserRecord(response)

However, it is possible to configure Firebase to allow multiple accounts with the same email address: https://support.google.com/firebase/answer/9134820

It looks like the implementation takes just the first user record if more than one matches the provided email:

def get_user(self, **kwargs):
"""Gets the user data corresponding to the provided key."""
if 'uid' in kwargs:
key, key_type = kwargs.pop('uid'), 'user ID'
payload = {'localId' : [_auth_utils.validate_uid(key, required=True)]}
elif 'email' in kwargs:
key, key_type = kwargs.pop('email'), 'email'
payload = {'email' : [_auth_utils.validate_email(key, required=True)]}
elif 'phone_number' in kwargs:
key, key_type = kwargs.pop('phone_number'), 'phone number'
payload = {'phoneNumber' : [_auth_utils.validate_phone(key, required=True)]}
else:
raise TypeError('Unsupported keyword arguments: {0}.'.format(kwargs))
body, http_resp = self._make_request('post', '/accounts:lookup', json=payload)
if not body or not body.get('users'):
raise _auth_utils.UserNotFoundError(
'No user record found for the provided {0}: {1}.'.format(key_type, key),
http_response=http_resp)
return body['users'][0]

I'd suggest replacing it with a get_users_by_email that returns a collections of records, to avoid misleading programmers unfamiliar with the "allow multiple accounts with the same email address" option.

Metadata

Metadata

Labels

Type

No type

Projects

No projects

Milestone

No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions

      AltStyle によって変換されたページ (->オリジナル) /