SwiftUI - Reauthenticate user credentials (FireStore)

Question

Ok, so I've looked online and even read the documents provided by Google, however, I just cannot seem to figure out where I'm going wrong.

I wish to change the password of an account. This is my code right now:

var credential: AuthCredential!

let user = Auth.auth().currentUser

VStack {
                Text("Enter new password").font(.caption).foregroundColor(Color(SYSTEM_FONT_COLOUR))
                       PasswordTextField(password: $changeLoginDetailsViewModel.newPassword)
                Spacer()
                SignInButton(action: {
                    self.user?.reauthenticate(with: self.credential) { (result, error) in
                        if let error = error {
                            print(error.localizedDescription)
                        }
                    }
                    self.changeLoginDetailsViewModel.changePassword()
                }, label: "Update Password")
            }

Every time I tap the "Update password" button, the application crashes. That's because credential is nil. So I did my research and found the method EmailAuthProvider(). So I added this line of code:

let email = EmailAuthProvider.credential(withEmail: (Auth.auth().currentUser?.email!)!, password: "thisIsNotTheRealPassword")

For ethical reasons and best practice, I do not store user password within my database. So how can I even get/access the current user's password? Without storing it?

I guess I can get the user to enter their current password which would allow for reauthentication, but that is there a way in which I can do it whilst the view loads? So they're not required to hit the update password button twice? And for better UI experience. They user is already logged in, and are not required to login unless they sign out.

Answer 1

OK, so to ensure I always had authenticated the user I demanded the user input their log in credentials prior to even getting the chance/view to update their credentials.

My solution:

Settings > Re-authentication view (explained to the user it's for security purposes) > Change password and e-mail view

Answer 2

So how can I even get/access the current user's password? Without storing it?

You can't. Firebase Authentication manages the password entirely and it doesn't provide a way to get that string. Doing so would be a security issue.

If you want to let the user change their password, you can call updatePassword() on the user object. You'll notice that it does not require the current password. The fact that the user is already signed in is proof that they own the account. I suggest also reading the documentation on setting a user's password.

If the case you're trying to handle is a forgotten password, there is a different process for that by sending a password reset email.