Firestore: "Exceeded quota for veryifying passwords"?

Question

Hi I got this error in one of my ETE tests which exercises login functionality and start up behavior for my angular app.

The appears to be triggered by logging in using await this.angularFireAuth.auth.signInWithEmailAndPassword(uname, pw); where angularFireAuth is an injected instance of AngularFireAuthfrom '@angular/fire/auth';

I checked the Firestore quotas here but I can't find a reference to a quota for verifying passwords. Can anybody point me to what the quota is?

The console error reported looks like this:

zone-evergreen.js:659 Unhandled Promise rejection: Exceeded quota for verifying passwords. ; Zone: ProxyZone ; Task: Promise.then ; Value: u

The problem resolves after a few minutes and then test runs as expected.

Answer 1

I have found the message you are receiving being handled in this github thread.
Here are some of the important comments from the thread:

1. For the error you are facing "Exceeded quota for verifying passwords", this usually happens when one sends requests for verifying passwords or password login requests too many times at once (more than 20 requests per second per IP address or 25 requests per 10 min per account). When we get a huge amount of requests in a short period of time, the limit is applied automatically to protect our servers.
2. This is an internal quota (regardless of pricing plans) enforced by Firebase Authentication to prevent abuse when making authentication requests, for this reason the quota can change without notice.
3. In order to avoid triggering this alert, you can use a different IP address or back off the number of requests per minute to something like 10-20, to avoid triggering the automated abuse detection.

If you are sending too many requests in a short period of time from the same IP address, then there is an expectation that you will get throttled at some point. This may prevent you from getting successful integration tests but there is a security benefit that comes with that. The easier it is for you to test, the easier it is for malicious scripts to be written too against your project. We have similar integration tests in other firebase auth libraries (client and admin) and we try to work with the limit.

If you have a legitimate need to increase the limit, then you can file a bug with support and make a case for that. You could even file for a feature request to whitelist calls from certain IP addresses.