This is a follow up to this question. I have a firebase function which is supposed to take an OTP, validate it and then change a user's password based on whether it is correct or not (for some reason I'm not able to use firebase's inbuild password reset functionality). Following is my function:
exports.resetPassword = functions.https.onCall((data, context) => {
return new Promise((resolve, reject) => {
if(data.sesId && data.otp){
admin.firestore().collection('verification').doc(data.sesId).get().then(verSnp => {
if(verSnp.data().attempt != 'verified'){
var now = new Date().getTime()
if(verSnp.data().expiring > now){
if(data.email == verSnp.data().email){
if(verSnp.data().attempt > 0){
if(data.otp == verSnp.data().otp){
admin.auth().getUserByEmail(data.email).then(user => {
admin.auth().updateUser(user.uid,{
password: data.password
}).then(() => {
admin.firestore().collection('verification').doc(data.sesId).update({
attempt: 'verified'
}).then(() => {
Promise.resolve()
}).catch(() => {
throw new Error('Error updating the database.')
})
}).catch(() => {
throw new Error('Error updating the password. Please try again.')
})
}).catch(() => {
throw new Error('Incorrect email. How did you get here?')
})
} else {
var redAttempt = verSnp.data().attempt - 1
admin.firestore().collection('verification').doc(data.sesId).update({
attempt: redAttempt
}).then(() => {
throw new Error(`Incorrect OTP. You have ${redAttempt} attempts remaining.`)
}).catch(() => {
throw new Error('Wrong OTP, try again.')
})
}
} else {
throw new Error('Incorrect OTP. You have exhausted your attempts. Please request a new OTP.')
}
} else {
throw new Error('Incorrect email. How did you get here?')
}
} else {
throw new Error('OTP is expired. Please request a new OTP.')
}
} else {
throw new Error('OTP is invalid. Please request a new OTP.')
}
}).catch(() => {
throw new Error('Invalid session id. Please request the OTP through Forgot Password.')
})
} else {
throw new Error('Enter OTP')
}
})
})
When I run the function, it gets executed, because I can see it in the console statements, but I'm getting following error on my client side.
Access to fetch at 'https://us-central1-project-name.cloudfunctions.net/functionName' from origin 'http://localhost:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
and when I log the response received from the function, it shows {"code":"internal"}.
What is the cors package? How do I solve this problem?
Part 2 (not related)
Also, on lines 11 and 12 of my function, I'm using
admin.auth().getUserByEmail(data.email).then(user => {
admin.auth().updateUser(user.uid, {password: data.password})
})
Is this correct?
For part 1 I referred to this question, but it has no answers.
See Question&Answers more detail:
os 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
