fix(auth): improve user identifier retrieval and manage MFA button visibility

Author: demolaf

auth/src/main/java/com/firebase/ui/auth/ui/screens/FirebaseAuthScreen.kt

@@ -28,16 +28,10 @@ import androidx.compose.foundation.layout.padding
 import androidx.compose.material3.AlertDialog
 import androidx.compose.material3.Button
 import androidx.compose.material3.CircularProgressIndicator
-import androidx.compose.material3.ExperimentalMaterial3Api
 import androidx.compose.material3.MaterialTheme
-import androidx.compose.material3.PlainTooltip
 import androidx.compose.material3.Scaffold
 import androidx.compose.material3.Surface
 import androidx.compose.material3.Text
-import androidx.compose.material3.TooltipAnchorPosition
-import androidx.compose.material3.TooltipBox
-import androidx.compose.material3.TooltipDefaults
-import androidx.compose.material3.rememberTooltipState
 import androidx.compose.runtime.Composable
 import androidx.compose.runtime.CompositionLocalProvider
 import androidx.compose.runtime.LaunchedEffect
@@ -78,6 +72,7 @@ import com.firebase.ui.auth.ui.screens.email.EmailAuthScreen
 import com.firebase.ui.auth.ui.screens.phone.PhoneAuthScreen
 import com.firebase.ui.auth.util.EmailLinkPersistenceManager
 import com.firebase.ui.auth.util.SignInPreferenceManager
+import com.firebase.ui.auth.util.displayIdentifier
 import com.google.firebase.auth.AuthCredential
 import com.google.firebase.auth.AuthResult
 import com.google.firebase.auth.MultiFactorResolver
@@ -723,7 +718,6 @@ private fun SuccessDestination(
     }
 }
 
-@OptIn(ExperimentalMaterial3Api::class)
 @Composable
 private fun AuthSuccessContent(
     authUI: FirebaseAuthUI,
@@ -733,7 +727,7 @@ private fun AuthSuccessContent(
     onManageMfa: () -> Unit,
 ) {
     val user = authUI.getCurrentUser()
-    val userIdentifier = user?.email ?: user?.phoneNumber ?: user?.uid.orEmpty()
+    val userIdentifier = user?.displayIdentifier().orEmpty()
     Column(
         modifier = Modifier.fillMaxSize(),
         verticalArrangement = Arrangement.Center,
@@ -746,26 +740,9 @@ private fun AuthSuccessContent(
             )
             Spacer(modifier = Modifier.height(16.dp))
         }
-        if (user != null && authUI.auth.app.options.projectId != null) {
-            TooltipBox(
-                positionProvider = TooltipDefaults.rememberTooltipPositionProvider(
-                    TooltipAnchorPosition.Above
-                ),
-                tooltip = {
-                    PlainTooltip {
-                        Text(stringProvider.mfaDisabledTooltip)
-                    }
-                },
-                state = rememberTooltipState(
-                    initialIsVisible = !configuration.isMfaEnabled
-                )
-            ) {
-                Button(
-                    onClick = onManageMfa,
-                    enabled = configuration.isMfaEnabled
-                ) {
-                    Text(stringProvider.manageMfaAction)
-                }
+        if (user != null && authUI.auth.app.options.projectId != null && configuration.isMfaEnabled) {
+            Button(onClick = onManageMfa) {
+                Text(stringProvider.manageMfaAction)
             }
             Spacer(modifier = Modifier.height(8.dp))
         }
@@ -783,7 +760,7 @@ private fun EmailVerificationContent(
     onSignOut: () -> Unit,
 ) {
     val user = authUI.getCurrentUser()
-    val emailLabel = user?.email ?: stringProvider.emailProvider
+    val emailLabel = user?.email?.takeIf { it.isNotBlank() } ?: stringProvider.emailProvider
     Column(
         modifier = Modifier.fillMaxSize(),
         verticalArrangement = Arrangement.Center,

auth/src/main/java/com/firebase/ui/auth/util/UserUtils.kt

@@ -0,0 +1,32 @@
+/*
+ * Copyright 2025 Google Inc. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the
+ * License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.firebase.ui.auth.util
+
+import com.google.firebase.auth.FirebaseUser
+
+/**
+ * Returns the best available display identifier for the user, trying each field in order:
+ * email → phoneNumber → displayName → uid.
+ *
+ * Each field is checked for blank (not just null) so that an empty string returned by the
+ * Firebase SDK falls through to the next candidate rather than being displayed as-is.
+ * [FirebaseUser.uid] is always non-null and non-blank for a signed-in user, so the result
+ * is guaranteed to be non-blank.
+ */
+fun FirebaseUser.displayIdentifier(): String =
+    email?.takeIf { it.isNotBlank() }
+        ?: phoneNumber?.takeIf { it.isNotBlank() }
+        ?: displayName?.takeIf { it.isNotBlank() }
+        ?: uid

e2eTest/src/test/java/com/firebase/ui/auth/ui/screens/MfaDisabledTest.kt

@@ -5,8 +5,8 @@ import android.os.Looper
 import androidx.compose.material3.Text
 import androidx.compose.runtime.collectAsState
 import androidx.compose.runtime.getValue
+import androidx.compose.ui.test.assertDoesNotExist
 import androidx.compose.ui.test.assertIsDisplayed
-import androidx.compose.ui.test.assertIsNotEnabled
 import androidx.compose.ui.test.junit4.createComposeRule
 import androidx.compose.ui.test.onNodeWithText
 import androidx.compose.ui.test.performClick
@@ -147,10 +147,9 @@ class MfaDisabledTest {
         composeTestRule.waitForIdle()
         shadowOf(Looper.getMainLooper()).idle()
 
-        // Verify the Manage MFA button is displayed but disabled
+        // Verify the Manage MFA button is not shown when MFA is disabled
         composeTestRule.onNodeWithText(stringProvider.manageMfaAction)
-            .assertIsDisplayed()
-            .assertIsNotEnabled()
+            .assertDoesNotExist()
     }
 
     @Test