Fix invalid user token error (#14672)

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>

Author: 3 people

FirebaseAuth/CHANGELOG.md

@@ -1,3 +1,7 @@
+# Unreleased
+- [fixed] Fix a `fatalError` unenrolling from MFA. An invalid user token now throws an
+  `invalidUserToken` error instead of crashing. (#14663)
+
 # 11.9.0
 - [changed] Using reCAPTCHA Enterprise and Firebase Auth requires reCAPTCHA
   Enterprise 18.7.0 or later.

FirebaseAuth/Sources/Swift/User/User.swift

@@ -1081,7 +1081,7 @@ extension User: NSSecureCoding {}
                           anonymous: Bool) async throws -> User {
     guard let accessToken = accessToken,
           let refreshToken = refreshToken else {
-      fatalError("Internal FirebaseAuth Error: nil token")
+      throw AuthErrorUtils.invalidUserTokenError(message: "Invalid user token: accessToken or refreshToken is nil")
     }
     let tokenService = SecureTokenService(withRequestConfiguration: auth.requestConfiguration,
                                           accessToken: accessToken,

FirebaseAuth/Tests/Unit/UserTests.swift

@@ -1554,6 +1554,23 @@ class UserTests: RPCBaseTests {
     }
   #endif
 
+  func testRetrieveUserWithInvalidToken() async throws {
+    let auth = try XCTUnwrap(self.auth)
+    do {
+      _ = try await User.retrieveUser(
+        withAuth: auth,
+        accessToken: nil,
+        accessTokenExpirationDate: Date(),
+        refreshToken: nil,
+        anonymous: false
+      )
+      XCTFail("Expected an error to be thrown")
+    } catch let error as NSError {
+      XCTAssertEqual(error.domain, AuthErrors.domain)
+      XCTAssertEqual(error.code, AuthErrorCode.invalidUserToken.rawValue)
+    }
+  }
+
   // MARK: Private helper functions
 
   private func expectVerifyPhoneNumberRequest(isLink: Bool = false) {