diff --git a/app/src/main/java/app/closer/data/repository/FirebaseAuthRepositoryImpl.kt b/app/src/main/java/app/closer/data/repository/FirebaseAuthRepositoryImpl.kt index cc3096ef..1c23f71e 100644 --- a/app/src/main/java/app/closer/data/repository/FirebaseAuthRepositoryImpl.kt +++ b/app/src/main/java/app/closer/data/repository/FirebaseAuthRepositoryImpl.kt @@ -51,6 +51,12 @@ class FirebaseAuthRepositoryImpl @Inject constructor( runCatching { dataSource.sendPasswordResetEmail(email) } } + // No app-level rate limit: the data source re-authenticates against Firebase, whose own server-side + // throttling (surfaced as ChangePasswordException.TooManyAttempts) is the authoritative brute-force + // guard for the current-password check. + override suspend fun changePassword(currentPassword: String, newPassword: String): Result = + runCatching { dataSource.changePassword(currentPassword, newPassword) } + override suspend fun signOut() = dataSource.signOut() override suspend fun reauthenticateWithEmail(email: String, password: String): Result =