Email and password auth

[robbrad]

What is needed to add email and password authentication

Issue I have found is it's possible to enter the same username again and it overwrites an existing account

[hmellor]

Issue I have found is it's possible to enter the same username again and it overwrites an existing account

This was actually intentional. It prevents a user from changing their display name and orphaning a bid they made with the old display name. i.e. bids are attached to UUIDs and the UUID is linked to whatever the user most recently set their display name to.

Originally, I didn't want email and password authentication because I didn't want to be handling personal information. But if you wanted to make a PR adding it as an option on the host side (i.e. the person hosting the website can choose which type of authentication they want to deploy, I'd accept that as a PR. I'd start here https://firebase.google.com/docs/auth/web/firebaseui

[robbrad]

I have managed it and made quite a lot of code changes to the solution

Unfortunately I didn't make it optional. 🤦‍♂️

I'll submit a PR but more for reference.

I'm not at all used to firebase or JavaScript unfortunately

[ItsCheeseGromit]

From the original report, "Issue I have found is it's possible to enter the same username again and it overwrites an existing account"

This sounds like userA could choose displayname1
Then userB could also choose displayname1 and would assume control of the bids?

Or would there be a warning/error if a displayname1 was in (active) use?

[hmellor]

This sounds like userA could choose displayname1
Then userB could also choose displayname1 and would assume control of the bids?

In Firestore, a bid contains only an amount and a uid. Since the user does not choose their uid, they cannot assume control of another bidders bids.

This uid can then be cross referenced with the user document users/{uid} to see what the display name of that user is. Other users having the same display name are harmless.