Reputation: 2274
Swift Delete User from Firestore and Authentication
Inside my app the user should be able to delete the account. I am struggling to get that done, as I have to delete from database and also from authentication.
I thought I can deleteFromAuthentication first and after that I deleteEntryFromDatabase. Theses are both of the functions:
//MARK: deleteUserFromDatabase
static func deleteUserEntryFromDatabase(oldUserId: String, finished: @escaping (_ done: Bool) -> Void) {
Auth.auth().signInAnonymously() { (authResult, error) in
let db = Firestore.firestore()
db.collection("users").document(oldUserId).delete() { err in
if err != nil {
Utilities.showErrorPopUp(labelContent: "Fehler", description: err!.localizedDescription)
finished(false)
} else {
finished(true)
}
}
}
}
//MARK: deleteUserFromAuthentication
static func deleteUserFromAuthentication(finished: @escaping (_ done: Bool, _ hasToReauthenticate: Bool) -> Void) {
let user = Auth.auth().currentUser
user?.delete { err in
if err != nil {
if let errCode = AuthErrorCode(rawValue: err!._code) {
switch errCode {
case .requiresRecentLogin:
finished(true, true)
default:
Utilities.showErrorPopUp(labelContent: "Fehler", description: err!.localizedDescription)
finished(false, false)
}
}
} else {
finished(true, false)
}
}
}
How I use them:
func deleteAccount() {
var uid = ""
if let defaults = UserDefaults(suiteName: UserDefaults.Keys.groupKey) {
uid = defaults.getUid()!
defaults.synchronize()
}
DataHandler.deleteUserFromAuthentication { (finished, hasToReauthenticate) in
if finished {
if hasToReauthenticate {
self.showReauthenticationAlert()
} else {
DataHandler.deleteUserEntryFromDatabase(oldUserId: uid) { (finished) in
if finished {
let firstLaunchVC = UIStoryboard(name: "Main", bundle: nil).instantiateViewController(withIdentifier: "FirstLaunchVC")
self.navigationController?.pushViewController(firstLaunchVC, animated: false)
if let defaults = UserDefaults(suiteName: UserDefaults.Keys.groupKey) {
defaults.removePersistentDomain(forName: UserDefaults.Keys.groupKey)
defaults.synchronize()
}
} else {
self.loadingFailed()
}
}
}
} else {
self.loadingFailed()
}
}
}
However this is not working as I get the error insufficient permissions. I thought I can do this workaround with signInAnonymously but apparently this is not working.
These are my Cloud-Firestore-Rules:
service cloud.firestore {
match /databases/{database}/documents {
match /{document=**} {
allow read;
allow write: if request.auth != null;
}
}
}
Can anyone help me out here? I hope everything is clear, let me know if you need more information.
Upvotes: 0
Views: 661
Answers (1)
Reputation: 598837
There are two ways to implement this:
In the client-side code: first delete the user's document from the database, and only then delete their account. So the order is exactly the opposite of how you do it now, because there's no secure way to delete the account from the client once the account is deleted. I.e. if you make your current approach work, anyone can delete anyone else's user document, which is a big security risk.
Create a Cloud Function that deletes the user's document when their account is deleted.
Upvotes: 1
Related Questions
- firebase error when deleting user account "This operation is sensitive and requires recent authentication. Log in again before retrying this request."
- Delete user account in firebase
- I can't delete the user logged in with apple
- How to log out user from app when I delete his account on firebase?
- iOS SWIFT: Unable to delete user from Firebase Database
- How to signoutout user from firebase console in swift
- Firebase Cloud Function to delete user
- SwiftUI & Firebase: How to delete a user?
- Problem with deleting account and documents with Firestore
- Delete Google or Facebook User from Firebase