React-redux-firebase: bug(auth): signIn: false option with createUser still logs new user in

@jpmazza Could you explain a little more about "it is not working"? What are you seeing? What are you expecting to see?

Currently the logic in v1.5.* will not log you in if you are already logged in which is intended (happens in this line here).

I'm seeing the same issue. I'm on version 1.5.0 and no matter what I set "signIn" (currently setting it to false) it logs me out and I get logged in at the newly created user.

let credentials = {
   email : user.email,
   password : user.password,
   signIn: false
};

let profile = {
   disabled: user.disabled,
   email: user.email,
   role: user.role,
   customer: user.role === 'admin' ? '' : user.customer
};

firebase.createUser( credentials, profile).then((userData) => {
   // Do something here
});

any updates on this?

@mixcas Are you still on v1.5.* or are you on v2.0.*? A fix hasn't been started yet for either, but I am trying to get a sense of which should be prioritized.

So we can get a sense, others reading this should either:

• up vote this comment if you are using v2.0.*
• down vote this comment if you are using v1.5.* and would like to see that fixed first

Doesn't seem that there is still much of a following on this issue after the v2.0.0 release. Is anyone still experiencing this?

Going to close since I am not able to replicate in v2.0.0. It also seems to be a relatively uncommon use case (more below). Reach out if you think this is incorrect or if you think it should be reopened.

Note about why this may not be a good idea

If you are not logging in and you are hoping to "create a user" your security rules will have to be relatively open - meaning anyone can write a new user to the users collection or even potentially modify existing users without being logged in. This is quite a security flaw as far as any real world application is concerned.

Another case would be where you are logged in as an admin type user and are creating other users - this type of logic should be done with firebase-admin within a function or server doing this on a client will change auth state (fires firebase's onAuthStateChanged).

@prescottprue I'm going to check my version and if it still and issue.

I fixed it by writing a _cloud function_ that creates the user using firebase-admin as you now suggest.

Hi @prescottprue ,
Forgive me if i write on this closes issue. I will create Users within a Cloud Function...
By the way, something is broken here:
https://github.com/prescottprue/react-redux-firebase/blob/c5b66806510591334032b40223834b6d7b000ffa/src/actions/auth.js#L551

firebase.auth().currentUser || (!!signIn && signIn === false)
Let's assume currentUser won't change (actually it does change) but anyway the second condition will be always false... maybe it should be something like:
firebase.auth().currentUser || (typeof signIn !== 'undefined' && signIn === false)

Am i wrong?
Thanks for your great work!
Marco

@marcorm !! is a way of doing existence checking and works very similarly to typeof signIn !== 'undefined', so it should function the same way in this case.

If you think it reads more clearly, totally open to a pull request where we can discuss the pros/cons.

Following this from the future, I'm using now 3.0.3 and I am facing a similar issue, My user is signed in as an admin for a hotel and I need to be able to add more admins to that hotel (the original admin will add admins) but because of the automatically signed process I can add that feature, and I see that the signIn credential is gone on this version, is there any other way of doing this?
Regards my friends

@chuckinSpace As mentioned above the best practice is to do this through a cloud function - Firebase automatically logs the user in when they are created on the client since the assumption is that the user being created will then be active. The option was removed since the Firebase SDK does this automatically and it would require logout/ back in, which isn't what was expected from the option.

Doing this through a cloud function would allow you to keep the user that is creating the new users logged in (that is the use case the user would expect).

@chuckinSpace heres an example of how I did it: https://github.com/interglobalvision/functions-andamiaje-co/blob/master/functions/index.js#L16

It could be a little outdated but serves as a reference.

In the front-end you just make a call to the function endpoint: https://github.com/interglobalvision/admin-andamiaje-co/blob/master/src/components/usuarios/UsuarioForm.jsx#L127

Message me if you need more help.