firebase-admin-node icon indicating copy to clipboard operation
firebase-admin-node copied to clipboard

Published 20 hours ago verified publisher icon firebase

getUser() return value contains passwordHash and passwordSalt

Open hiranya911 opened this issue 5 years ago • 10 comments

The UserRecord returned by admin.auth().getUser() contains passwordHash and passwordSalt fields.

const admin = require('firebase-admin')
admin.initializeApp();
admin.auth().getUser(uid)
  .then((user) => console.log(user));

This resulted in:

UserRecord {
  uid: 'e1b2NmnasZXw0QtpYFcZ88IeK5t1',
  email: '********@gmail.com',
  emailVerified: true,
  displayName: undefined,
  photoURL: undefined,
  phoneNumber: undefined,
  disabled: false,
  metadata: 
   UserMetadata {
     creationTime: 'Wed, 03 Apr 2019 23:36:27 GMT',
     lastSignInTime: 'Thu, 04 Apr 2019 00:38:10 GMT' },
  providerData: 
   [ UserInfo {
       uid: '********@gmail.com',
       displayName: undefined,
       email: '********@gmail.com',
       photoURL: undefined,
       providerId: 'password',
       phoneNumber: undefined } ],
  passwordHash: 'UkVEQUNURUQ=',
  passwordSalt: undefined,
  customClaims: undefined,
  tokensValidAfterTime: 'Wed, 03 Apr 2019 23:36:27 GMT' }

This is contrary to the documented behavior:

passwordHash (string or undefined)

The user’s hashed password (base64-encoded), only if Firebase Auth hashing algorithm (SCRYPT) is used. If a different hashing algorithm had been used when uploading this user, as is typical when migrating from another Auth system, this will be an empty string. If no password is set, this is null. This is only available when the user is obtained from listUsers().

hiranya911 avatar Apr 09 '19 05:04 hiranya911

I found a few problems with this issue:

  • I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.
  • This issue does not seem to follow the issue template. Make sure you provide all the required information.

google-oss-bot avatar Apr 09 '19 05:04 google-oss-bot

Is there any other way to get the password hash?

LilJaaY avatar Aug 16 '19 17:08 LilJaaY

You can get passwordHash and passwordSalt using the listUsers method from admin auth api

zerobytes avatar Dec 12 '19 17:12 zerobytes

google does not fix this, right?

baotran-bryan avatar Mar 09 '20 09:03 baotran-bryan

@hiranya911: Which firebase-admin version are you using?

akashgangrade avatar Jul 22 '20 12:07 akashgangrade

documented behavior

Can confirm this is still an issue in this setup:

    "firebase": "9.6.4",
    "firebase-admin": "10.0.2",
    "firebase-functions": "3.16.0",

Acterion avatar Jan 28 '22 13:01 Acterion

I'm also have same problem. admin.auth().getUser return passwordHash and passwordSalt parameter with undefined. But I can get value for those parametes using admin.auth().listUsers How can I get passwordHash and passwordSalt values using admin.auth().getUser

Randima-Lahiru avatar Sep 08 '23 08:09 Randima-Lahiru

This makes no sense. I just want to get a single user password hash to match using firebase admin and I need to pull the entire user list to do it. Can you imagine charging the app with millions of user entries just to get only single entity property from one position? It's also heavy for Firebase servers at all...

luizfelipelaviola avatar Oct 05 '23 23:10 luizfelipelaviola

is there any update on this?

soknifedev avatar Oct 14 '23 00:10 soknifedev