@firebase/auth 0.22.0 → 0.23.0-canary.0a27d2fbf

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (209) hide show
  1. package/CHANGELOG.md +8 -0
  2. package/dist/auth-public.d.ts +57 -0
  3. package/dist/auth.d.ts +71 -1
  4. package/dist/browser-cjs/{index-5859881d.js → index-5df83e84.js} +590 -207
  5. package/dist/browser-cjs/index-5df83e84.js.map +1 -0
  6. package/dist/browser-cjs/index.js +3 -2
  7. package/dist/browser-cjs/index.js.map +1 -1
  8. package/dist/browser-cjs/internal.js +3 -2
  9. package/dist/browser-cjs/internal.js.map +1 -1
  10. package/dist/browser-cjs/src/api/authentication/email_and_password.d.ts +9 -0
  11. package/dist/browser-cjs/src/api/authentication/recaptcha.d.ts +16 -0
  12. package/dist/browser-cjs/src/api/authentication/sign_up.d.ts +4 -0
  13. package/dist/browser-cjs/src/api/errors.d.ts +9 -1
  14. package/dist/browser-cjs/src/api/index.d.ts +17 -2
  15. package/dist/browser-cjs/src/core/auth/auth_impl.d.ts +9 -1
  16. package/dist/browser-cjs/src/core/errors.d.ts +17 -1
  17. package/dist/browser-cjs/src/core/index.d.ts +26 -0
  18. package/dist/browser-cjs/src/core/util/handler.d.ts +1 -1
  19. package/dist/browser-cjs/src/core/util/log.d.ts +1 -0
  20. package/dist/browser-cjs/src/model/auth.d.ts +6 -0
  21. package/dist/browser-cjs/src/platform_browser/auth_window.d.ts +2 -2
  22. package/dist/browser-cjs/src/platform_browser/recaptcha/recaptcha.d.ts +33 -0
  23. package/dist/browser-cjs/src/platform_browser/recaptcha/recaptcha.test.d.ts +17 -0
  24. package/dist/browser-cjs/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +40 -0
  25. package/dist/browser-cjs/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.test.d.ts +17 -0
  26. package/dist/browser-cjs/src/platform_browser/recaptcha/recaptcha_mock.d.ts +16 -1
  27. package/dist/browser-cjs/src/platform_browser/strategies/popup.d.ts +1 -1
  28. package/dist/browser-cjs/test/helpers/api/helper.d.ts +2 -0
  29. package/dist/browser-cjs/test/helpers/mock_auth.d.ts +5 -0
  30. package/dist/cordova/index.js +2 -2
  31. package/dist/cordova/internal.js +21 -77
  32. package/dist/cordova/internal.js.map +1 -1
  33. package/dist/cordova/{popup_redirect-3519667a.js → popup_redirect-b3f8e40c.js} +778 -214
  34. package/dist/cordova/popup_redirect-b3f8e40c.js.map +1 -0
  35. package/dist/cordova/src/api/authentication/email_and_password.d.ts +9 -0
  36. package/dist/cordova/src/api/authentication/recaptcha.d.ts +16 -0
  37. package/dist/cordova/src/api/authentication/sign_up.d.ts +4 -0
  38. package/dist/cordova/src/api/errors.d.ts +9 -1
  39. package/dist/cordova/src/api/index.d.ts +17 -2
  40. package/dist/cordova/src/core/auth/auth_impl.d.ts +9 -1
  41. package/dist/cordova/src/core/errors.d.ts +17 -1
  42. package/dist/cordova/src/core/index.d.ts +26 -0
  43. package/dist/cordova/src/core/util/handler.d.ts +1 -1
  44. package/dist/cordova/src/core/util/log.d.ts +1 -0
  45. package/dist/cordova/src/model/auth.d.ts +6 -0
  46. package/dist/cordova/src/platform_browser/auth_window.d.ts +2 -2
  47. package/dist/cordova/src/platform_browser/recaptcha/recaptcha.d.ts +33 -0
  48. package/dist/cordova/src/platform_browser/recaptcha/recaptcha.test.d.ts +17 -0
  49. package/dist/cordova/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +40 -0
  50. package/dist/cordova/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.test.d.ts +17 -0
  51. package/dist/cordova/src/platform_browser/recaptcha/recaptcha_mock.d.ts +16 -1
  52. package/dist/cordova/src/platform_browser/strategies/popup.d.ts +1 -1
  53. package/dist/cordova/test/helpers/api/helper.d.ts +2 -0
  54. package/dist/cordova/test/helpers/mock_auth.d.ts +5 -0
  55. package/dist/esm2017/{index-680e2b70.js → index-6cb4f120.js} +591 -209
  56. package/dist/esm2017/index-6cb4f120.js.map +1 -0
  57. package/dist/esm2017/index.js +2 -2
  58. package/dist/esm2017/internal.js +3 -3
  59. package/dist/esm2017/src/api/authentication/email_and_password.d.ts +9 -0
  60. package/dist/esm2017/src/api/authentication/recaptcha.d.ts +16 -0
  61. package/dist/esm2017/src/api/authentication/sign_up.d.ts +4 -0
  62. package/dist/esm2017/src/api/errors.d.ts +9 -1
  63. package/dist/esm2017/src/api/index.d.ts +17 -2
  64. package/dist/esm2017/src/core/auth/auth_impl.d.ts +9 -1
  65. package/dist/esm2017/src/core/errors.d.ts +17 -1
  66. package/dist/esm2017/src/core/index.d.ts +26 -0
  67. package/dist/esm2017/src/core/util/handler.d.ts +1 -1
  68. package/dist/esm2017/src/core/util/log.d.ts +1 -0
  69. package/dist/esm2017/src/model/auth.d.ts +6 -0
  70. package/dist/esm2017/src/platform_browser/auth_window.d.ts +2 -2
  71. package/dist/esm2017/src/platform_browser/recaptcha/recaptcha.d.ts +33 -0
  72. package/dist/esm2017/src/platform_browser/recaptcha/recaptcha.test.d.ts +17 -0
  73. package/dist/esm2017/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +40 -0
  74. package/dist/esm2017/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.test.d.ts +17 -0
  75. package/dist/esm2017/src/platform_browser/recaptcha/recaptcha_mock.d.ts +16 -1
  76. package/dist/esm2017/src/platform_browser/strategies/popup.d.ts +1 -1
  77. package/dist/esm2017/test/helpers/api/helper.d.ts +2 -0
  78. package/dist/esm2017/test/helpers/mock_auth.d.ts +5 -0
  79. package/dist/esm5/{index-714e827f.js → index-4dc6213a.js} +797 -289
  80. package/dist/esm5/index-4dc6213a.js.map +1 -0
  81. package/dist/esm5/index.js +1 -1
  82. package/dist/esm5/internal.js +2 -2
  83. package/dist/esm5/src/api/authentication/email_and_password.d.ts +9 -0
  84. package/dist/esm5/src/api/authentication/recaptcha.d.ts +16 -0
  85. package/dist/esm5/src/api/authentication/sign_up.d.ts +4 -0
  86. package/dist/esm5/src/api/errors.d.ts +9 -1
  87. package/dist/esm5/src/api/index.d.ts +17 -2
  88. package/dist/esm5/src/core/auth/auth_impl.d.ts +9 -1
  89. package/dist/esm5/src/core/errors.d.ts +17 -1
  90. package/dist/esm5/src/core/index.d.ts +26 -0
  91. package/dist/esm5/src/core/util/handler.d.ts +1 -1
  92. package/dist/esm5/src/core/util/log.d.ts +1 -0
  93. package/dist/esm5/src/model/auth.d.ts +6 -0
  94. package/dist/esm5/src/platform_browser/auth_window.d.ts +2 -2
  95. package/dist/esm5/src/platform_browser/recaptcha/recaptcha.d.ts +33 -0
  96. package/dist/esm5/src/platform_browser/recaptcha/recaptcha.test.d.ts +17 -0
  97. package/dist/esm5/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +40 -0
  98. package/dist/esm5/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.test.d.ts +17 -0
  99. package/dist/esm5/src/platform_browser/recaptcha/recaptcha_mock.d.ts +16 -1
  100. package/dist/esm5/src/platform_browser/strategies/popup.d.ts +1 -1
  101. package/dist/esm5/test/helpers/api/helper.d.ts +2 -0
  102. package/dist/esm5/test/helpers/mock_auth.d.ts +5 -0
  103. package/dist/index.webworker.esm5.js +602 -74
  104. package/dist/index.webworker.esm5.js.map +1 -1
  105. package/dist/node/index.js +2 -1
  106. package/dist/node/index.js.map +1 -1
  107. package/dist/node/internal.js +62 -42
  108. package/dist/node/internal.js.map +1 -1
  109. package/dist/node/src/api/authentication/email_and_password.d.ts +9 -0
  110. package/dist/node/src/api/authentication/recaptcha.d.ts +16 -0
  111. package/dist/node/src/api/authentication/sign_up.d.ts +4 -0
  112. package/dist/node/src/api/errors.d.ts +9 -1
  113. package/dist/node/src/api/index.d.ts +17 -2
  114. package/dist/node/src/core/auth/auth_impl.d.ts +9 -1
  115. package/dist/node/src/core/errors.d.ts +17 -1
  116. package/dist/node/src/core/index.d.ts +26 -0
  117. package/dist/node/src/core/util/handler.d.ts +1 -1
  118. package/dist/node/src/core/util/log.d.ts +1 -0
  119. package/dist/node/src/model/auth.d.ts +6 -0
  120. package/dist/node/src/platform_browser/auth_window.d.ts +2 -2
  121. package/dist/node/src/platform_browser/recaptcha/recaptcha.d.ts +33 -0
  122. package/dist/node/src/platform_browser/recaptcha/recaptcha.test.d.ts +17 -0
  123. package/dist/node/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +40 -0
  124. package/dist/node/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.test.d.ts +17 -0
  125. package/dist/node/src/platform_browser/recaptcha/recaptcha_mock.d.ts +16 -1
  126. package/dist/node/src/platform_browser/strategies/popup.d.ts +1 -1
  127. package/dist/node/test/helpers/api/helper.d.ts +2 -0
  128. package/dist/node/test/helpers/mock_auth.d.ts +5 -0
  129. package/dist/node/{totp-416a2adc.js → totp-c1b55906.js} +700 -171
  130. package/dist/node/totp-c1b55906.js.map +1 -0
  131. package/dist/node-esm/index.js +1 -1
  132. package/dist/node-esm/internal.js +16 -4
  133. package/dist/node-esm/internal.js.map +1 -1
  134. package/dist/node-esm/src/api/authentication/email_and_password.d.ts +9 -0
  135. package/dist/node-esm/src/api/authentication/recaptcha.d.ts +16 -0
  136. package/dist/node-esm/src/api/authentication/sign_up.d.ts +4 -0
  137. package/dist/node-esm/src/api/errors.d.ts +9 -1
  138. package/dist/node-esm/src/api/index.d.ts +17 -2
  139. package/dist/node-esm/src/core/auth/auth_impl.d.ts +9 -1
  140. package/dist/node-esm/src/core/errors.d.ts +17 -1
  141. package/dist/node-esm/src/core/index.d.ts +26 -0
  142. package/dist/node-esm/src/core/util/handler.d.ts +1 -1
  143. package/dist/node-esm/src/core/util/log.d.ts +1 -0
  144. package/dist/node-esm/src/model/auth.d.ts +6 -0
  145. package/dist/node-esm/src/platform_browser/auth_window.d.ts +2 -2
  146. package/dist/node-esm/src/platform_browser/recaptcha/recaptcha.d.ts +33 -0
  147. package/dist/node-esm/src/platform_browser/recaptcha/recaptcha.test.d.ts +17 -0
  148. package/dist/node-esm/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +40 -0
  149. package/dist/node-esm/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.test.d.ts +17 -0
  150. package/dist/node-esm/src/platform_browser/recaptcha/recaptcha_mock.d.ts +16 -1
  151. package/dist/node-esm/src/platform_browser/strategies/popup.d.ts +1 -1
  152. package/dist/node-esm/test/helpers/api/helper.d.ts +2 -0
  153. package/dist/node-esm/test/helpers/mock_auth.d.ts +5 -0
  154. package/dist/node-esm/{totp-c3bf2a20.js → totp-5cad7b9f.js} +557 -140
  155. package/dist/node-esm/totp-5cad7b9f.js.map +1 -0
  156. package/dist/rn/index.js +2 -1
  157. package/dist/rn/index.js.map +1 -1
  158. package/dist/rn/internal.js +79 -48
  159. package/dist/rn/internal.js.map +1 -1
  160. package/dist/rn/{phone-2ec1815d.js → phone-5059d9ba.js} +738 -259
  161. package/dist/rn/phone-5059d9ba.js.map +1 -0
  162. package/dist/rn/src/api/authentication/email_and_password.d.ts +9 -0
  163. package/dist/rn/src/api/authentication/recaptcha.d.ts +16 -0
  164. package/dist/rn/src/api/authentication/sign_up.d.ts +4 -0
  165. package/dist/rn/src/api/errors.d.ts +9 -1
  166. package/dist/rn/src/api/index.d.ts +17 -2
  167. package/dist/rn/src/core/auth/auth_impl.d.ts +9 -1
  168. package/dist/rn/src/core/errors.d.ts +17 -1
  169. package/dist/rn/src/core/index.d.ts +26 -0
  170. package/dist/rn/src/core/util/handler.d.ts +1 -1
  171. package/dist/rn/src/core/util/log.d.ts +1 -0
  172. package/dist/rn/src/model/auth.d.ts +6 -0
  173. package/dist/rn/src/platform_browser/auth_window.d.ts +2 -2
  174. package/dist/rn/src/platform_browser/recaptcha/recaptcha.d.ts +33 -0
  175. package/dist/rn/src/platform_browser/recaptcha/recaptcha.test.d.ts +17 -0
  176. package/dist/rn/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +40 -0
  177. package/dist/rn/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.test.d.ts +17 -0
  178. package/dist/rn/src/platform_browser/recaptcha/recaptcha_mock.d.ts +16 -1
  179. package/dist/rn/src/platform_browser/strategies/popup.d.ts +1 -1
  180. package/dist/rn/test/helpers/api/helper.d.ts +2 -0
  181. package/dist/rn/test/helpers/mock_auth.d.ts +5 -0
  182. package/dist/src/api/authentication/email_and_password.d.ts +9 -0
  183. package/dist/src/api/authentication/recaptcha.d.ts +16 -0
  184. package/dist/src/api/authentication/sign_up.d.ts +4 -0
  185. package/dist/src/api/errors.d.ts +9 -1
  186. package/dist/src/api/index.d.ts +17 -2
  187. package/dist/src/core/auth/auth_impl.d.ts +9 -1
  188. package/dist/src/core/errors.d.ts +17 -1
  189. package/dist/src/core/index.d.ts +26 -0
  190. package/dist/src/core/util/handler.d.ts +1 -1
  191. package/dist/src/core/util/log.d.ts +1 -0
  192. package/dist/src/model/auth.d.ts +6 -0
  193. package/dist/src/platform_browser/auth_window.d.ts +2 -2
  194. package/dist/src/platform_browser/recaptcha/recaptcha.d.ts +33 -0
  195. package/dist/src/platform_browser/recaptcha/recaptcha.test.d.ts +17 -0
  196. package/dist/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +40 -0
  197. package/dist/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.test.d.ts +17 -0
  198. package/dist/src/platform_browser/recaptcha/recaptcha_mock.d.ts +16 -1
  199. package/dist/src/platform_browser/strategies/popup.d.ts +1 -1
  200. package/dist/test/helpers/api/helper.d.ts +2 -0
  201. package/dist/test/helpers/mock_auth.d.ts +5 -0
  202. package/package.json +6 -6
  203. package/dist/browser-cjs/index-5859881d.js.map +0 -1
  204. package/dist/cordova/popup_redirect-3519667a.js.map +0 -1
  205. package/dist/esm2017/index-680e2b70.js.map +0 -1
  206. package/dist/esm5/index-714e827f.js.map +0 -1
  207. package/dist/node/totp-416a2adc.js.map +0 -1
  208. package/dist/node-esm/totp-c3bf2a20.js.map +0 -1
  209. package/dist/rn/phone-2ec1815d.js.map +0 -1
@@ -2,8 +2,8 @@
2
2
 
3
3
  var util = require('@firebase/util');
4
4
  var app = require('@firebase/app');
5
- var logger = require('@firebase/logger');
6
5
  var tslib = require('tslib');
6
+ var logger = require('@firebase/logger');
7
7
  var component = require('@firebase/component');
8
8
 
9
9
  /**
@@ -267,7 +267,15 @@ function _debugErrorMap() {
267
267
  ["already-initialized" /* AuthErrorCode.ALREADY_INITIALIZED */]: 'initializeAuth() has already been called with ' +
268
268
  'different options. To avoid this error, call initializeAuth() with the ' +
269
269
  'same options as when it was originally called, or call getAuth() to return the' +
270
- ' already initialized instance.'
270
+ ' already initialized instance.',
271
+ ["missing-recaptcha-token" /* AuthErrorCode.MISSING_RECAPTCHA_TOKEN */]: 'The reCAPTCHA token is missing when sending request to the backend.',
272
+ ["invalid-recaptcha-token" /* AuthErrorCode.INVALID_RECAPTCHA_TOKEN */]: 'The reCAPTCHA token is invalid when sending request to the backend.',
273
+ ["invalid-recaptcha-action" /* AuthErrorCode.INVALID_RECAPTCHA_ACTION */]: 'The reCAPTCHA action is invalid when sending request to the backend.',
274
+ ["recaptcha-not-enabled" /* AuthErrorCode.RECAPTCHA_NOT_ENABLED */]: 'reCAPTCHA Enterprise integration is not enabled for this project.',
275
+ ["missing-client-type" /* AuthErrorCode.MISSING_CLIENT_TYPE */]: 'The reCAPTCHA client type is missing when sending request to the backend.',
276
+ ["missing-recaptcha-version" /* AuthErrorCode.MISSING_RECAPTCHA_VERSION */]: 'The reCAPTCHA version is missing when sending request to the backend.',
277
+ ["invalid-req-type" /* AuthErrorCode.INVALID_REQ_TYPE */]: 'Invalid request parameters.',
278
+ ["invalid-recaptcha-version" /* AuthErrorCode.INVALID_RECAPTCHA_VERSION */]: 'The reCAPTCHA version is invalid when sending request to the backend.'
271
279
  };
272
280
  }
273
281
  function _prodErrorMap() {
@@ -403,7 +411,15 @@ const AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY = {
403
411
  USER_SIGNED_OUT: 'auth/user-signed-out',
404
412
  WEAK_PASSWORD: 'auth/weak-password',
405
413
  WEB_STORAGE_UNSUPPORTED: 'auth/web-storage-unsupported',
406
- ALREADY_INITIALIZED: 'auth/already-initialized'
414
+ ALREADY_INITIALIZED: 'auth/already-initialized',
415
+ RECAPTCHA_NOT_ENABLED: 'auth/recaptcha-not-enabled',
416
+ MISSING_RECAPTCHA_TOKEN: 'auth/missing-recaptcha-token',
417
+ INVALID_RECAPTCHA_TOKEN: 'auth/invalid-recaptcha-token',
418
+ INVALID_RECAPTCHA_ACTION: 'auth/invalid-recaptcha-action',
419
+ MISSING_CLIENT_TYPE: 'auth/missing-client-type',
420
+ MISSING_RECAPTCHA_VERSION: 'auth/missing-recaptcha-version',
421
+ INVALID_RECAPTCHA_VERSION: 'auth/invalid-recaptcha-version',
422
+ INVALID_REQ_TYPE: 'auth/invalid-req-type'
407
423
  };
408
424
 
409
425
  /**
@@ -423,6 +439,11 @@ const AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY = {
423
439
  * limitations under the License.
424
440
  */
425
441
  const logClient = new logger.Logger('@firebase/auth');
442
+ function _logWarn(msg, ...args) {
443
+ if (logClient.logLevel <= logger.LogLevel.WARN) {
444
+ logClient.warn(`Auth (${app.SDK_VERSION}): ${msg}`, ...args);
445
+ }
446
+ }
426
447
  function _logError(msg, ...args) {
427
448
  if (logClient.logLevel <= logger.LogLevel.ERROR) {
428
449
  logClient.error(`Auth (${app.SDK_VERSION}): ${msg}`, ...args);
@@ -513,103 +534,6 @@ function debugAssert(assertion, message) {
513
534
  }
514
535
  }
515
536
 
516
- /**
517
- * @license
518
- * Copyright 2020 Google LLC
519
- *
520
- * Licensed under the Apache License, Version 2.0 (the "License");
521
- * you may not use this file except in compliance with the License.
522
- * You may obtain a copy of the License at
523
- *
524
- * http://www.apache.org/licenses/LICENSE-2.0
525
- *
526
- * Unless required by applicable law or agreed to in writing, software
527
- * distributed under the License is distributed on an "AS IS" BASIS,
528
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
529
- * See the License for the specific language governing permissions and
530
- * limitations under the License.
531
- */
532
- const instanceCache = new Map();
533
- function _getInstance(cls) {
534
- debugAssert(cls instanceof Function, 'Expected a class definition');
535
- let instance = instanceCache.get(cls);
536
- if (instance) {
537
- debugAssert(instance instanceof cls, 'Instance stored in cache mismatched with class');
538
- return instance;
539
- }
540
- instance = new cls();
541
- instanceCache.set(cls, instance);
542
- return instance;
543
- }
544
-
545
- /**
546
- * @license
547
- * Copyright 2020 Google LLC
548
- *
549
- * Licensed under the Apache License, Version 2.0 (the "License");
550
- * you may not use this file except in compliance with the License.
551
- * You may obtain a copy of the License at
552
- *
553
- * http://www.apache.org/licenses/LICENSE-2.0
554
- *
555
- * Unless required by applicable law or agreed to in writing, software
556
- * distributed under the License is distributed on an "AS IS" BASIS,
557
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
558
- * See the License for the specific language governing permissions and
559
- * limitations under the License.
560
- */
561
- /**
562
- * Initializes an {@link Auth} instance with fine-grained control over
563
- * {@link Dependencies}.
564
- *
565
- * @remarks
566
- *
567
- * This function allows more control over the {@link Auth} instance than
568
- * {@link getAuth}. `getAuth` uses platform-specific defaults to supply
569
- * the {@link Dependencies}. In general, `getAuth` is the easiest way to
570
- * initialize Auth and works for most use cases. Use `initializeAuth` if you
571
- * need control over which persistence layer is used, or to minimize bundle
572
- * size if you're not using either `signInWithPopup` or `signInWithRedirect`.
573
- *
574
- * For example, if your app only uses anonymous accounts and you only want
575
- * accounts saved for the current session, initialize `Auth` with:
576
- *
577
- * ```js
578
- * const auth = initializeAuth(app, {
579
- * persistence: browserSessionPersistence,
580
- * popupRedirectResolver: undefined,
581
- * });
582
- * ```
583
- *
584
- * @public
585
- */
586
- function initializeAuth(app$1, deps) {
587
- const provider = app._getProvider(app$1, 'auth');
588
- if (provider.isInitialized()) {
589
- const auth = provider.getImmediate();
590
- const initialOptions = provider.getOptions();
591
- if (util.deepEqual(initialOptions, deps !== null && deps !== void 0 ? deps : {})) {
592
- return auth;
593
- }
594
- else {
595
- _fail(auth, "already-initialized" /* AuthErrorCode.ALREADY_INITIALIZED */);
596
- }
597
- }
598
- const auth = provider.initialize({ options: deps });
599
- return auth;
600
- }
601
- function _initializeAuthInstance(auth, deps) {
602
- const persistence = (deps === null || deps === void 0 ? void 0 : deps.persistence) || [];
603
- const hierarchy = (Array.isArray(persistence) ? persistence : [persistence]).map(_getInstance);
604
- if (deps === null || deps === void 0 ? void 0 : deps.errorMap) {
605
- auth._updateErrorMap(deps.errorMap);
606
- }
607
- // This promise is intended to float; auth initialization happens in the
608
- // background, meanwhile the auth object may be used by the app.
609
- // eslint-disable-next-line @typescript-eslint/no-floating-promises
610
- auth._initializeWithPersistence(hierarchy, deps === null || deps === void 0 ? void 0 : deps.popupRedirectResolver);
611
- }
612
-
613
537
  /**
614
538
  * @license
615
539
  * Copyright 2020 Google LLC
@@ -888,7 +812,16 @@ const SERVER_ERROR_MAP = {
888
812
  ["SECOND_FACTOR_EXISTS" /* ServerError.SECOND_FACTOR_EXISTS */]: "second-factor-already-in-use" /* AuthErrorCode.SECOND_FACTOR_ALREADY_ENROLLED */,
889
813
  ["SECOND_FACTOR_LIMIT_EXCEEDED" /* ServerError.SECOND_FACTOR_LIMIT_EXCEEDED */]: "maximum-second-factor-count-exceeded" /* AuthErrorCode.SECOND_FACTOR_LIMIT_EXCEEDED */,
890
814
  // Blocking functions related errors.
891
- ["BLOCKING_FUNCTION_ERROR_RESPONSE" /* ServerError.BLOCKING_FUNCTION_ERROR_RESPONSE */]: "internal-error" /* AuthErrorCode.INTERNAL_ERROR */
815
+ ["BLOCKING_FUNCTION_ERROR_RESPONSE" /* ServerError.BLOCKING_FUNCTION_ERROR_RESPONSE */]: "internal-error" /* AuthErrorCode.INTERNAL_ERROR */,
816
+ // Recaptcha related errors.
817
+ ["RECAPTCHA_NOT_ENABLED" /* ServerError.RECAPTCHA_NOT_ENABLED */]: "recaptcha-not-enabled" /* AuthErrorCode.RECAPTCHA_NOT_ENABLED */,
818
+ ["MISSING_RECAPTCHA_TOKEN" /* ServerError.MISSING_RECAPTCHA_TOKEN */]: "missing-recaptcha-token" /* AuthErrorCode.MISSING_RECAPTCHA_TOKEN */,
819
+ ["INVALID_RECAPTCHA_TOKEN" /* ServerError.INVALID_RECAPTCHA_TOKEN */]: "invalid-recaptcha-token" /* AuthErrorCode.INVALID_RECAPTCHA_TOKEN */,
820
+ ["INVALID_RECAPTCHA_ACTION" /* ServerError.INVALID_RECAPTCHA_ACTION */]: "invalid-recaptcha-action" /* AuthErrorCode.INVALID_RECAPTCHA_ACTION */,
821
+ ["MISSING_CLIENT_TYPE" /* ServerError.MISSING_CLIENT_TYPE */]: "missing-client-type" /* AuthErrorCode.MISSING_CLIENT_TYPE */,
822
+ ["MISSING_RECAPTCHA_VERSION" /* ServerError.MISSING_RECAPTCHA_VERSION */]: "missing-recaptcha-version" /* AuthErrorCode.MISSING_RECAPTCHA_VERSION */,
823
+ ["INVALID_RECAPTCHA_VERSION" /* ServerError.INVALID_RECAPTCHA_VERSION */]: "invalid-recaptcha-version" /* AuthErrorCode.INVALID_RECAPTCHA_VERSION */,
824
+ ["INVALID_REQ_TYPE" /* ServerError.INVALID_REQ_TYPE */]: "invalid-req-type" /* AuthErrorCode.INVALID_REQ_TYPE */
892
825
  };
893
826
 
894
827
  /**
@@ -1790,6 +1723,35 @@ class UserImpl {
1790
1723
  }
1791
1724
  }
1792
1725
 
1726
+ /**
1727
+ * @license
1728
+ * Copyright 2020 Google LLC
1729
+ *
1730
+ * Licensed under the Apache License, Version 2.0 (the "License");
1731
+ * you may not use this file except in compliance with the License.
1732
+ * You may obtain a copy of the License at
1733
+ *
1734
+ * http://www.apache.org/licenses/LICENSE-2.0
1735
+ *
1736
+ * Unless required by applicable law or agreed to in writing, software
1737
+ * distributed under the License is distributed on an "AS IS" BASIS,
1738
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1739
+ * See the License for the specific language governing permissions and
1740
+ * limitations under the License.
1741
+ */
1742
+ const instanceCache = new Map();
1743
+ function _getInstance(cls) {
1744
+ debugAssert(cls instanceof Function, 'Expected a class definition');
1745
+ let instance = instanceCache.get(cls);
1746
+ if (instance) {
1747
+ debugAssert(instance instanceof cls, 'Instance stored in cache mismatched with class');
1748
+ return instance;
1749
+ }
1750
+ instance = new cls();
1751
+ instanceCache.set(cls, instance);
1752
+ return instance;
1753
+ }
1754
+
1793
1755
  /**
1794
1756
  * @license
1795
1757
  * Copyright 2019 Google LLC
@@ -2131,6 +2093,242 @@ function _getClientVersion(clientPlatform, frameworks = []) {
2131
2093
  return `${reportedPlatform}/${"JsCore" /* ClientImplementation.CORE */}/${app.SDK_VERSION}/${reportedFrameworks}`;
2132
2094
  }
2133
2095
 
2096
+ /**
2097
+ * @license
2098
+ * Copyright 2020 Google LLC
2099
+ *
2100
+ * Licensed under the Apache License, Version 2.0 (the "License");
2101
+ * you may not use this file except in compliance with the License.
2102
+ * You may obtain a copy of the License at
2103
+ *
2104
+ * http://www.apache.org/licenses/LICENSE-2.0
2105
+ *
2106
+ * Unless required by applicable law or agreed to in writing, software
2107
+ * distributed under the License is distributed on an "AS IS" BASIS,
2108
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
2109
+ * See the License for the specific language governing permissions and
2110
+ * limitations under the License.
2111
+ */
2112
+ async function getRecaptchaParams(auth) {
2113
+ return ((await _performApiRequest(auth, "GET" /* HttpMethod.GET */, "/v1/recaptchaParams" /* Endpoint.GET_RECAPTCHA_PARAM */)).recaptchaSiteKey || '');
2114
+ }
2115
+ async function getRecaptchaConfig(auth, request) {
2116
+ return _performApiRequest(auth, "GET" /* HttpMethod.GET */, "/v2/recaptchaConfig" /* Endpoint.GET_RECAPTCHA_CONFIG */, _addTidIfNecessary(auth, request));
2117
+ }
2118
+
2119
+ /**
2120
+ * @license
2121
+ * Copyright 2020 Google LLC
2122
+ *
2123
+ * Licensed under the Apache License, Version 2.0 (the "License");
2124
+ * you may not use this file except in compliance with the License.
2125
+ * You may obtain a copy of the License at
2126
+ *
2127
+ * http://www.apache.org/licenses/LICENSE-2.0
2128
+ *
2129
+ * Unless required by applicable law or agreed to in writing, software
2130
+ * distributed under the License is distributed on an "AS IS" BASIS,
2131
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
2132
+ * See the License for the specific language governing permissions and
2133
+ * limitations under the License.
2134
+ */
2135
+ function isV2(grecaptcha) {
2136
+ return (grecaptcha !== undefined &&
2137
+ grecaptcha.getResponse !== undefined);
2138
+ }
2139
+ function isEnterprise(grecaptcha) {
2140
+ return (grecaptcha !== undefined &&
2141
+ grecaptcha.enterprise !== undefined);
2142
+ }
2143
+ class RecaptchaConfig {
2144
+ constructor(response) {
2145
+ /**
2146
+ * The reCAPTCHA site key.
2147
+ */
2148
+ this.siteKey = '';
2149
+ /**
2150
+ * The reCAPTCHA enablement status of the {@link EmailAuthProvider} for the current tenant.
2151
+ */
2152
+ this.emailPasswordEnabled = false;
2153
+ if (response.recaptchaKey === undefined) {
2154
+ throw new Error('recaptchaKey undefined');
2155
+ }
2156
+ // Example response.recaptchaKey: "projects/proj123/keys/sitekey123"
2157
+ this.siteKey = response.recaptchaKey.split('/')[3];
2158
+ this.emailPasswordEnabled = response.recaptchaEnforcementState.some(enforcementState => enforcementState.provider === 'EMAIL_PASSWORD_PROVIDER' &&
2159
+ enforcementState.enforcementState !== 'OFF');
2160
+ }
2161
+ }
2162
+
2163
+ /**
2164
+ * @license
2165
+ * Copyright 2020 Google LLC
2166
+ *
2167
+ * Licensed under the Apache License, Version 2.0 (the "License");
2168
+ * you may not use this file except in compliance with the License.
2169
+ * You may obtain a copy of the License at
2170
+ *
2171
+ * http://www.apache.org/licenses/LICENSE-2.0
2172
+ *
2173
+ * Unless required by applicable law or agreed to in writing, software
2174
+ * distributed under the License is distributed on an "AS IS" BASIS,
2175
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
2176
+ * See the License for the specific language governing permissions and
2177
+ * limitations under the License.
2178
+ */
2179
+ function getScriptParentElement() {
2180
+ var _a, _b;
2181
+ return (_b = (_a = document.getElementsByTagName('head')) === null || _a === void 0 ? void 0 : _a[0]) !== null && _b !== void 0 ? _b : document;
2182
+ }
2183
+ function _loadJS(url) {
2184
+ // TODO: consider adding timeout support & cancellation
2185
+ return new Promise((resolve, reject) => {
2186
+ const el = document.createElement('script');
2187
+ el.setAttribute('src', url);
2188
+ el.onload = resolve;
2189
+ el.onerror = e => {
2190
+ const error = _createError("internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
2191
+ error.customData = e;
2192
+ reject(error);
2193
+ };
2194
+ el.type = 'text/javascript';
2195
+ el.charset = 'UTF-8';
2196
+ getScriptParentElement().appendChild(el);
2197
+ });
2198
+ }
2199
+ function _generateCallbackName(prefix) {
2200
+ return `__${prefix}${Math.floor(Math.random() * 1000000)}`;
2201
+ }
2202
+
2203
+ /* eslint-disable @typescript-eslint/no-require-imports */
2204
+ const RECAPTCHA_ENTERPRISE_URL = 'https://www.google.com/recaptcha/enterprise.js?render=';
2205
+ const RECAPTCHA_ENTERPRISE_VERIFIER_TYPE = 'recaptcha-enterprise';
2206
+ class RecaptchaEnterpriseVerifier {
2207
+ /**
2208
+ *
2209
+ * @param authExtern - The corresponding Firebase {@link Auth} instance.
2210
+ *
2211
+ */
2212
+ constructor(authExtern) {
2213
+ /**
2214
+ * Identifies the type of application verifier (e.g. "recaptcha-enterprise").
2215
+ */
2216
+ this.type = RECAPTCHA_ENTERPRISE_VERIFIER_TYPE;
2217
+ this.auth = _castAuth(authExtern);
2218
+ }
2219
+ /**
2220
+ * Executes the verification process.
2221
+ *
2222
+ * @returns A Promise for a token that can be used to assert the validity of a request.
2223
+ */
2224
+ async verify(action = 'verify', forceRefresh = false) {
2225
+ async function retrieveSiteKey(auth) {
2226
+ if (!forceRefresh) {
2227
+ if (auth.tenantId == null && auth._agentRecaptchaConfig != null) {
2228
+ return auth._agentRecaptchaConfig.siteKey;
2229
+ }
2230
+ if (auth.tenantId != null &&
2231
+ auth._tenantRecaptchaConfigs[auth.tenantId] !== undefined) {
2232
+ return auth._tenantRecaptchaConfigs[auth.tenantId].siteKey;
2233
+ }
2234
+ }
2235
+ return new Promise(async (resolve, reject) => {
2236
+ getRecaptchaConfig(auth, {
2237
+ clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */,
2238
+ version: "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
2239
+ })
2240
+ .then(response => {
2241
+ if (response.recaptchaKey === undefined) {
2242
+ reject(new Error('recaptcha Enterprise site key undefined'));
2243
+ }
2244
+ else {
2245
+ const config = new RecaptchaConfig(response);
2246
+ if (auth.tenantId == null) {
2247
+ auth._agentRecaptchaConfig = config;
2248
+ }
2249
+ else {
2250
+ auth._tenantRecaptchaConfigs[auth.tenantId] = config;
2251
+ }
2252
+ return resolve(config.siteKey);
2253
+ }
2254
+ })
2255
+ .catch(error => {
2256
+ reject(error);
2257
+ });
2258
+ });
2259
+ }
2260
+ function retrieveRecaptchaToken(siteKey, resolve, reject) {
2261
+ const grecaptcha = window.grecaptcha;
2262
+ if (isEnterprise(grecaptcha)) {
2263
+ grecaptcha.enterprise.ready(() => {
2264
+ try {
2265
+ grecaptcha.enterprise
2266
+ .execute(siteKey, { action })
2267
+ .then(token => {
2268
+ resolve(token);
2269
+ })
2270
+ .catch(error => {
2271
+ reject(error);
2272
+ });
2273
+ }
2274
+ catch (error) {
2275
+ reject(error);
2276
+ }
2277
+ });
2278
+ }
2279
+ else {
2280
+ reject(Error('No reCAPTCHA enterprise script loaded.'));
2281
+ }
2282
+ }
2283
+ return new Promise((resolve, reject) => {
2284
+ retrieveSiteKey(this.auth)
2285
+ .then(siteKey => {
2286
+ if (!forceRefresh && isEnterprise(window.grecaptcha)) {
2287
+ retrieveRecaptchaToken(siteKey, resolve, reject);
2288
+ }
2289
+ else {
2290
+ if (typeof window === 'undefined') {
2291
+ reject(new Error('RecaptchaVerifier is only supported in browser'));
2292
+ return;
2293
+ }
2294
+ _loadJS(RECAPTCHA_ENTERPRISE_URL + siteKey)
2295
+ .then(() => {
2296
+ retrieveRecaptchaToken(siteKey, resolve, reject);
2297
+ })
2298
+ .catch(error => {
2299
+ reject(error);
2300
+ });
2301
+ }
2302
+ })
2303
+ .catch(error => {
2304
+ reject(error);
2305
+ });
2306
+ });
2307
+ }
2308
+ }
2309
+ async function injectRecaptchaFields(auth, request, action, captchaResp = false) {
2310
+ const verifier = new RecaptchaEnterpriseVerifier(auth);
2311
+ let captchaResponse;
2312
+ try {
2313
+ captchaResponse = await verifier.verify(action);
2314
+ }
2315
+ catch (error) {
2316
+ captchaResponse = await verifier.verify(action, true);
2317
+ }
2318
+ const newRequest = Object.assign({}, request);
2319
+ if (!captchaResp) {
2320
+ Object.assign(newRequest, { captchaResponse });
2321
+ }
2322
+ else {
2323
+ Object.assign(newRequest, { 'captchaResp': captchaResponse });
2324
+ }
2325
+ Object.assign(newRequest, { 'clientType': "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */ });
2326
+ Object.assign(newRequest, {
2327
+ 'recaptchaVersion': "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
2328
+ });
2329
+ return newRequest;
2330
+ }
2331
+
2134
2332
  /**
2135
2333
  * @license
2136
2334
  * Copyright 2022 Google LLC
@@ -2229,9 +2427,10 @@ class AuthMiddlewareQueue {
2229
2427
  * limitations under the License.
2230
2428
  */
2231
2429
  class AuthImpl {
2232
- constructor(app, heartbeatServiceProvider, config) {
2430
+ constructor(app, heartbeatServiceProvider, appCheckServiceProvider, config) {
2233
2431
  this.app = app;
2234
2432
  this.heartbeatServiceProvider = heartbeatServiceProvider;
2433
+ this.appCheckServiceProvider = appCheckServiceProvider;
2235
2434
  this.config = config;
2236
2435
  this.currentUser = null;
2237
2436
  this.emulatorConfig = null;
@@ -2249,6 +2448,8 @@ class AuthImpl {
2249
2448
  this._initializationPromise = null;
2250
2449
  this._popupRedirectResolver = null;
2251
2450
  this._errorFactory = _DEFAULT_AUTH_ERROR_FACTORY;
2451
+ this._agentRecaptchaConfig = null;
2452
+ this._tenantRecaptchaConfigs = {};
2252
2453
  // Tracks the last notified UID for state change listeners to prevent
2253
2454
  // repeated calls to the callbacks. Undefined means it's never been
2254
2455
  // called, whereas null means it's been called with a signed out user
@@ -2468,6 +2669,31 @@ class AuthImpl {
2468
2669
  await this.assertedPersistence.setPersistence(_getInstance(persistence));
2469
2670
  });
2470
2671
  }
2672
+ async initializeRecaptchaConfig() {
2673
+ const response = await getRecaptchaConfig(this, {
2674
+ clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */,
2675
+ version: "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
2676
+ });
2677
+ const config = new RecaptchaConfig(response);
2678
+ if (this.tenantId == null) {
2679
+ this._agentRecaptchaConfig = config;
2680
+ }
2681
+ else {
2682
+ this._tenantRecaptchaConfigs[this.tenantId] = config;
2683
+ }
2684
+ if (config.emailPasswordEnabled) {
2685
+ const verifier = new RecaptchaEnterpriseVerifier(this);
2686
+ void verifier.verify();
2687
+ }
2688
+ }
2689
+ _getRecaptchaConfig() {
2690
+ if (this.tenantId == null) {
2691
+ return this._agentRecaptchaConfig;
2692
+ }
2693
+ else {
2694
+ return this._tenantRecaptchaConfigs[this.tenantId];
2695
+ }
2696
+ }
2471
2697
  _getPersistence() {
2472
2698
  return this.assertedPersistence.persistence.type;
2473
2699
  }
@@ -2647,8 +2873,26 @@ class AuthImpl {
2647
2873
  if (heartbeatsHeader) {
2648
2874
  headers["X-Firebase-Client" /* HttpHeader.X_FIREBASE_CLIENT */] = heartbeatsHeader;
2649
2875
  }
2876
+ // If the App Check service exists, add the App Check token in the headers
2877
+ const appCheckToken = await this._getAppCheckToken();
2878
+ if (appCheckToken) {
2879
+ headers["X-Firebase-AppCheck" /* HttpHeader.X_FIREBASE_APP_CHECK */] = appCheckToken;
2880
+ }
2650
2881
  return headers;
2651
2882
  }
2883
+ async _getAppCheckToken() {
2884
+ var _a;
2885
+ const appCheckTokenResult = await ((_a = this.appCheckServiceProvider
2886
+ .getImmediate({ optional: true })) === null || _a === void 0 ? void 0 : _a.getToken());
2887
+ if (appCheckTokenResult === null || appCheckTokenResult === void 0 ? void 0 : appCheckTokenResult.error) {
2888
+ // Context: appCheck.getToken() will never throw even if an error happened.
2889
+ // In the error case, a dummy token will be returned along with an error field describing
2890
+ // the error. In general, we shouldn't care about the error condition and just use
2891
+ // the token (actual or dummy) to send requests.
2892
+ _logWarn(`Error while retrieving App Check token: ${appCheckTokenResult.error}`);
2893
+ }
2894
+ return appCheckTokenResult === null || appCheckTokenResult === void 0 ? void 0 : appCheckTokenResult.token;
2895
+ }
2652
2896
  }
2653
2897
  /**
2654
2898
  * Method to be used to cast down to our private implmentation of Auth.
@@ -2672,6 +2916,74 @@ class Subscription {
2672
2916
  }
2673
2917
  }
2674
2918
 
2919
+ /**
2920
+ * @license
2921
+ * Copyright 2020 Google LLC
2922
+ *
2923
+ * Licensed under the Apache License, Version 2.0 (the "License");
2924
+ * you may not use this file except in compliance with the License.
2925
+ * You may obtain a copy of the License at
2926
+ *
2927
+ * http://www.apache.org/licenses/LICENSE-2.0
2928
+ *
2929
+ * Unless required by applicable law or agreed to in writing, software
2930
+ * distributed under the License is distributed on an "AS IS" BASIS,
2931
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
2932
+ * See the License for the specific language governing permissions and
2933
+ * limitations under the License.
2934
+ */
2935
+ /**
2936
+ * Initializes an {@link Auth} instance with fine-grained control over
2937
+ * {@link Dependencies}.
2938
+ *
2939
+ * @remarks
2940
+ *
2941
+ * This function allows more control over the {@link Auth} instance than
2942
+ * {@link getAuth}. `getAuth` uses platform-specific defaults to supply
2943
+ * the {@link Dependencies}. In general, `getAuth` is the easiest way to
2944
+ * initialize Auth and works for most use cases. Use `initializeAuth` if you
2945
+ * need control over which persistence layer is used, or to minimize bundle
2946
+ * size if you're not using either `signInWithPopup` or `signInWithRedirect`.
2947
+ *
2948
+ * For example, if your app only uses anonymous accounts and you only want
2949
+ * accounts saved for the current session, initialize `Auth` with:
2950
+ *
2951
+ * ```js
2952
+ * const auth = initializeAuth(app, {
2953
+ * persistence: browserSessionPersistence,
2954
+ * popupRedirectResolver: undefined,
2955
+ * });
2956
+ * ```
2957
+ *
2958
+ * @public
2959
+ */
2960
+ function initializeAuth(app$1, deps) {
2961
+ const provider = app._getProvider(app$1, 'auth');
2962
+ if (provider.isInitialized()) {
2963
+ const auth = provider.getImmediate();
2964
+ const initialOptions = provider.getOptions();
2965
+ if (util.deepEqual(initialOptions, deps !== null && deps !== void 0 ? deps : {})) {
2966
+ return auth;
2967
+ }
2968
+ else {
2969
+ _fail(auth, "already-initialized" /* AuthErrorCode.ALREADY_INITIALIZED */);
2970
+ }
2971
+ }
2972
+ const auth = provider.initialize({ options: deps });
2973
+ return auth;
2974
+ }
2975
+ function _initializeAuthInstance(auth, deps) {
2976
+ const persistence = (deps === null || deps === void 0 ? void 0 : deps.persistence) || [];
2977
+ const hierarchy = (Array.isArray(persistence) ? persistence : [persistence]).map(_getInstance);
2978
+ if (deps === null || deps === void 0 ? void 0 : deps.errorMap) {
2979
+ auth._updateErrorMap(deps.errorMap);
2980
+ }
2981
+ // This promise is intended to float; auth initialization happens in the
2982
+ // background, meanwhile the auth object may be used by the app.
2983
+ // eslint-disable-next-line @typescript-eslint/no-floating-promises
2984
+ auth._initializeWithPersistence(hierarchy, deps === null || deps === void 0 ? void 0 : deps.popupRedirectResolver);
2985
+ }
2986
+
2675
2987
  /**
2676
2988
  * Changes the {@link Auth} instance to communicate with the Firebase Auth Emulator, instead of production
2677
2989
  * Firebase Auth services.
@@ -3011,13 +3323,31 @@ class EmailAuthCredential extends AuthCredential {
3011
3323
  }
3012
3324
  /** @internal */
3013
3325
  async _getIdTokenResponse(auth) {
3326
+ var _a;
3014
3327
  switch (this.signInMethod) {
3015
3328
  case "password" /* SignInMethod.EMAIL_PASSWORD */:
3016
- return signInWithPassword(auth, {
3329
+ const request = {
3017
3330
  returnSecureToken: true,
3018
3331
  email: this._email,
3019
- password: this._password
3020
- });
3332
+ password: this._password,
3333
+ clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */
3334
+ };
3335
+ if ((_a = auth._getRecaptchaConfig()) === null || _a === void 0 ? void 0 : _a.emailPasswordEnabled) {
3336
+ const requestWithRecaptcha = await injectRecaptchaFields(auth, request, "signInWithPassword" /* RecaptchaActionName.SIGN_IN_WITH_PASSWORD */);
3337
+ return signInWithPassword(auth, requestWithRecaptcha);
3338
+ }
3339
+ else {
3340
+ return signInWithPassword(auth, request).catch(async (error) => {
3341
+ if (error.code === `auth/${"missing-recaptcha-token" /* AuthErrorCode.MISSING_RECAPTCHA_TOKEN */}`) {
3342
+ console.log('Sign-in with email address and password is protected by reCAPTCHA for this project. Automatically triggering the reCAPTCHA flow and restarting the sign-in flow.');
3343
+ const requestWithRecaptcha = await injectRecaptchaFields(auth, request, "signInWithPassword" /* RecaptchaActionName.SIGN_IN_WITH_PASSWORD */);
3344
+ return signInWithPassword(auth, requestWithRecaptcha);
3345
+ }
3346
+ else {
3347
+ return Promise.reject(error);
3348
+ }
3349
+ });
3350
+ }
3021
3351
  case "emailLink" /* SignInMethod.EMAIL_LINK */:
3022
3352
  return signInWithEmailLink$1(auth, {
3023
3353
  email: this._email,
@@ -4976,15 +5306,39 @@ function _setActionCodeSettingsOnRequest(auth, request, actionCodeSettings) {
4976
5306
  * @public
4977
5307
  */
4978
5308
  async function sendPasswordResetEmail(auth, email, actionCodeSettings) {
4979
- const authModular = util.getModularInstance(auth);
5309
+ var _a;
5310
+ const authInternal = _castAuth(auth);
4980
5311
  const request = {
4981
5312
  requestType: "PASSWORD_RESET" /* ActionCodeOperation.PASSWORD_RESET */,
4982
- email
5313
+ email,
5314
+ clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */
4983
5315
  };
4984
- if (actionCodeSettings) {
4985
- _setActionCodeSettingsOnRequest(authModular, request, actionCodeSettings);
5316
+ if ((_a = authInternal._getRecaptchaConfig()) === null || _a === void 0 ? void 0 : _a.emailPasswordEnabled) {
5317
+ const requestWithRecaptcha = await injectRecaptchaFields(authInternal, request, "getOobCode" /* RecaptchaActionName.GET_OOB_CODE */, true);
5318
+ if (actionCodeSettings) {
5319
+ _setActionCodeSettingsOnRequest(authInternal, requestWithRecaptcha, actionCodeSettings);
5320
+ }
5321
+ await sendPasswordResetEmail$1(authInternal, requestWithRecaptcha);
5322
+ }
5323
+ else {
5324
+ if (actionCodeSettings) {
5325
+ _setActionCodeSettingsOnRequest(authInternal, request, actionCodeSettings);
5326
+ }
5327
+ await sendPasswordResetEmail$1(authInternal, request)
5328
+ .catch(async (error) => {
5329
+ if (error.code === `auth/${"missing-recaptcha-token" /* AuthErrorCode.MISSING_RECAPTCHA_TOKEN */}`) {
5330
+ console.log('Password resets are protected by reCAPTCHA for this project. Automatically triggering the reCAPTCHA flow and restarting the password reset flow.');
5331
+ const requestWithRecaptcha = await injectRecaptchaFields(authInternal, request, "getOobCode" /* RecaptchaActionName.GET_OOB_CODE */, true);
5332
+ if (actionCodeSettings) {
5333
+ _setActionCodeSettingsOnRequest(authInternal, requestWithRecaptcha, actionCodeSettings);
5334
+ }
5335
+ await sendPasswordResetEmail$1(authInternal, requestWithRecaptcha);
5336
+ }
5337
+ else {
5338
+ return Promise.reject(error);
5339
+ }
5340
+ });
4986
5341
  }
4987
- await sendPasswordResetEmail$1(authModular, request);
4988
5342
  }
4989
5343
  /**
4990
5344
  * Completes the password reset process, given a confirmation code and new password.
@@ -5097,11 +5451,33 @@ async function verifyPasswordResetCode(auth, code) {
5097
5451
  * @public
5098
5452
  */
5099
5453
  async function createUserWithEmailAndPassword(auth, email, password) {
5454
+ var _a;
5100
5455
  const authInternal = _castAuth(auth);
5101
- const response = await signUp(authInternal, {
5456
+ const request = {
5102
5457
  returnSecureToken: true,
5103
5458
  email,
5104
- password
5459
+ password,
5460
+ clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */
5461
+ };
5462
+ let signUpResponse;
5463
+ if ((_a = authInternal._getRecaptchaConfig()) === null || _a === void 0 ? void 0 : _a.emailPasswordEnabled) {
5464
+ const requestWithRecaptcha = await injectRecaptchaFields(authInternal, request, "signUpPassword" /* RecaptchaActionName.SIGN_UP_PASSWORD */);
5465
+ signUpResponse = signUp(authInternal, requestWithRecaptcha);
5466
+ }
5467
+ else {
5468
+ signUpResponse = signUp(authInternal, request).catch(async (error) => {
5469
+ if (error.code === `auth/${"missing-recaptcha-token" /* AuthErrorCode.MISSING_RECAPTCHA_TOKEN */}`) {
5470
+ console.log('Sign-up is protected by reCAPTCHA for this project. Automatically triggering the reCAPTCHA flow and restarting the sign-up flow.');
5471
+ const requestWithRecaptcha = await injectRecaptchaFields(authInternal, request, "signUpPassword" /* RecaptchaActionName.SIGN_UP_PASSWORD */);
5472
+ return signUp(authInternal, requestWithRecaptcha);
5473
+ }
5474
+ else {
5475
+ return Promise.reject(error);
5476
+ }
5477
+ });
5478
+ }
5479
+ const response = await signUpResponse.catch(error => {
5480
+ return Promise.reject(error);
5105
5481
  });
5106
5482
  const userCredential = await UserCredentialImpl._fromIdTokenResponse(authInternal, "signIn" /* OperationType.SIGN_IN */, response);
5107
5483
  await authInternal._updateCurrentUser(userCredential.user);
@@ -5182,16 +5558,39 @@ function signInWithEmailAndPassword(auth, email, password) {
5182
5558
  * @public
5183
5559
  */
5184
5560
  async function sendSignInLinkToEmail(auth, email, actionCodeSettings) {
5185
- const authModular = util.getModularInstance(auth);
5561
+ var _a;
5562
+ const authInternal = _castAuth(auth);
5186
5563
  const request = {
5187
5564
  requestType: "EMAIL_SIGNIN" /* ActionCodeOperation.EMAIL_SIGNIN */,
5188
- email
5565
+ email,
5566
+ clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */
5189
5567
  };
5190
- _assert(actionCodeSettings.handleCodeInApp, authModular, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */);
5191
- if (actionCodeSettings) {
5192
- _setActionCodeSettingsOnRequest(authModular, request, actionCodeSettings);
5568
+ function setActionCodeSettings(request, actionCodeSettings) {
5569
+ _assert(actionCodeSettings.handleCodeInApp, authInternal, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */);
5570
+ if (actionCodeSettings) {
5571
+ _setActionCodeSettingsOnRequest(authInternal, request, actionCodeSettings);
5572
+ }
5573
+ }
5574
+ if ((_a = authInternal._getRecaptchaConfig()) === null || _a === void 0 ? void 0 : _a.emailPasswordEnabled) {
5575
+ const requestWithRecaptcha = await injectRecaptchaFields(authInternal, request, "getOobCode" /* RecaptchaActionName.GET_OOB_CODE */, true);
5576
+ setActionCodeSettings(requestWithRecaptcha, actionCodeSettings);
5577
+ await sendSignInLinkToEmail$1(authInternal, requestWithRecaptcha);
5578
+ }
5579
+ else {
5580
+ setActionCodeSettings(request, actionCodeSettings);
5581
+ await sendSignInLinkToEmail$1(authInternal, request)
5582
+ .catch(async (error) => {
5583
+ if (error.code === `auth/${"missing-recaptcha-token" /* AuthErrorCode.MISSING_RECAPTCHA_TOKEN */}`) {
5584
+ console.log('Email link sign-in is protected by reCAPTCHA for this project. Automatically triggering the reCAPTCHA flow and restarting the sign-in flow.');
5585
+ const requestWithRecaptcha = await injectRecaptchaFields(authInternal, request, "getOobCode" /* RecaptchaActionName.GET_OOB_CODE */, true);
5586
+ setActionCodeSettings(requestWithRecaptcha, actionCodeSettings);
5587
+ await sendSignInLinkToEmail$1(authInternal, requestWithRecaptcha);
5588
+ }
5589
+ else {
5590
+ return Promise.reject(error);
5591
+ }
5592
+ });
5193
5593
  }
5194
- await sendSignInLinkToEmail$1(authModular, request);
5195
5594
  }
5196
5595
  /**
5197
5596
  * Checks if an incoming link is a sign-in with email link suitable for {@link signInWithEmailLink}.
@@ -5686,6 +6085,35 @@ function getAdditionalUserInfo(userCredential) {
5686
6085
  function setPersistence(auth, persistence) {
5687
6086
  return util.getModularInstance(auth).setPersistence(persistence);
5688
6087
  }
6088
+ /**
6089
+ * Loads the reCAPTCHA configuration into the `Auth` instance.
6090
+ *
6091
+ * @remarks
6092
+ * This will load the reCAPTCHA config, which indicates whether the reCAPTCHA
6093
+ * verification flow should be triggered for each auth provider, into the
6094
+ * current Auth session.
6095
+ *
6096
+ * If initializeRecaptchaConfig() is not invoked, the auth flow will always start
6097
+ * without reCAPTCHA verification. If the provider is configured to require reCAPTCHA
6098
+ * verification, the SDK will transparently load the reCAPTCHA config and restart the
6099
+ * auth flows.
6100
+ *
6101
+ * Thus, by calling this optional method, you will reduce the latency of future auth flows.
6102
+ * Loading the reCAPTCHA config early will also enhance the signal collected by reCAPTCHA.
6103
+ *
6104
+ * @example
6105
+ * ```javascript
6106
+ * initializeRecaptchaConfig(auth);
6107
+ * ```
6108
+ *
6109
+ * @param auth - The {@link Auth} instance.
6110
+ *
6111
+ * @public
6112
+ */
6113
+ function initializeRecaptchaConfig(auth) {
6114
+ const authInternal = _castAuth(auth);
6115
+ return authInternal.initializeRecaptchaConfig();
6116
+ }
5689
6117
  /**
5690
6118
  * Adds an observer for changes to the signed-in user's ID token.
5691
6119
  *
@@ -7031,66 +7459,6 @@ function finalizeSignInTotpMfa(auth, request) {
7031
7459
  return _performApiRequest(auth, "POST" /* HttpMethod.POST */, "/v2/accounts/mfaSignIn:finalize" /* Endpoint.FINALIZE_MFA_SIGN_IN */, _addTidIfNecessary(auth, request));
7032
7460
  }
7033
7461
 
7034
- /**
7035
- * @license
7036
- * Copyright 2020 Google LLC
7037
- *
7038
- * Licensed under the Apache License, Version 2.0 (the "License");
7039
- * you may not use this file except in compliance with the License.
7040
- * You may obtain a copy of the License at
7041
- *
7042
- * http://www.apache.org/licenses/LICENSE-2.0
7043
- *
7044
- * Unless required by applicable law or agreed to in writing, software
7045
- * distributed under the License is distributed on an "AS IS" BASIS,
7046
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
7047
- * See the License for the specific language governing permissions and
7048
- * limitations under the License.
7049
- */
7050
- async function getRecaptchaParams(auth) {
7051
- return ((await _performApiRequest(auth, "GET" /* HttpMethod.GET */, "/v1/recaptchaParams" /* Endpoint.GET_RECAPTCHA_PARAM */)).recaptchaSiteKey || '');
7052
- }
7053
-
7054
- /**
7055
- * @license
7056
- * Copyright 2020 Google LLC
7057
- *
7058
- * Licensed under the Apache License, Version 2.0 (the "License");
7059
- * you may not use this file except in compliance with the License.
7060
- * You may obtain a copy of the License at
7061
- *
7062
- * http://www.apache.org/licenses/LICENSE-2.0
7063
- *
7064
- * Unless required by applicable law or agreed to in writing, software
7065
- * distributed under the License is distributed on an "AS IS" BASIS,
7066
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
7067
- * See the License for the specific language governing permissions and
7068
- * limitations under the License.
7069
- */
7070
- function getScriptParentElement() {
7071
- var _a, _b;
7072
- return (_b = (_a = document.getElementsByTagName('head')) === null || _a === void 0 ? void 0 : _a[0]) !== null && _b !== void 0 ? _b : document;
7073
- }
7074
- function _loadJS(url) {
7075
- // TODO: consider adding timeout support & cancellation
7076
- return new Promise((resolve, reject) => {
7077
- const el = document.createElement('script');
7078
- el.setAttribute('src', url);
7079
- el.onload = resolve;
7080
- el.onerror = e => {
7081
- const error = _createError("internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
7082
- error.customData = e;
7083
- reject(error);
7084
- };
7085
- el.type = 'text/javascript';
7086
- el.charset = 'UTF-8';
7087
- getScriptParentElement().appendChild(el);
7088
- });
7089
- }
7090
- function _generateCallbackName(prefix) {
7091
- return `__${prefix}${Math.floor(Math.random() * 1000000)}`;
7092
- }
7093
-
7094
7462
  /**
7095
7463
  * @license
7096
7464
  * Copyright 2020 Google LLC
@@ -7257,7 +7625,7 @@ class ReCaptchaLoaderImpl {
7257
7625
  }
7258
7626
  load(auth, hl = '') {
7259
7627
  _assert(isHostLanguageValid(hl), auth, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */);
7260
- if (this.shouldResolveImmediately(hl)) {
7628
+ if (this.shouldResolveImmediately(hl) && isV2(_window().grecaptcha)) {
7261
7629
  return Promise.resolve(_window().grecaptcha);
7262
7630
  }
7263
7631
  return new Promise((resolve, reject) => {
@@ -7268,7 +7636,7 @@ class ReCaptchaLoaderImpl {
7268
7636
  _window().clearTimeout(networkTimeout);
7269
7637
  delete _window()[_JSLOAD_CALLBACK];
7270
7638
  const recaptcha = _window().grecaptcha;
7271
- if (!recaptcha) {
7639
+ if (!recaptcha || !isV2(recaptcha)) {
7272
7640
  reject(_createError(auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */));
7273
7641
  return;
7274
7642
  }
@@ -8252,11 +8620,13 @@ class PopupOperation extends AbstractPopupRedirectOperation {
8252
8620
  if ((_b = (_a = this.authWindow) === null || _a === void 0 ? void 0 : _a.window) === null || _b === void 0 ? void 0 : _b.closed) {
8253
8621
  // Make sure that there is sufficient time for whatever action to
8254
8622
  // complete. The window could have closed but the sign in network
8255
- // call could still be in flight.
8623
+ // call could still be in flight. This is specifically true for
8624
+ // Firefox or if the opener is in an iframe, in which case the oauth
8625
+ // helper closes the popup.
8256
8626
  this.pollId = window.setTimeout(() => {
8257
8627
  this.pollId = null;
8258
8628
  this.reject(_createError(this.auth, "popup-closed-by-user" /* AuthErrorCode.POPUP_CLOSED_BY_USER */));
8259
- }, 2000 /* _Timeout.AUTH_EVENT */);
8629
+ }, 8000 /* _Timeout.AUTH_EVENT */);
8260
8630
  return;
8261
8631
  }
8262
8632
  this.pollId = window.setTimeout(poll, _POLL_WINDOW_CLOSE_TIMEOUT.get());
@@ -9114,7 +9484,13 @@ const WIDGET_PATH = '__/auth/handler';
9114
9484
  * @internal
9115
9485
  */
9116
9486
  const EMULATOR_WIDGET_PATH = 'emulator/auth/handler';
9117
- function _getRedirectUrl(auth, provider, authType, redirectUrl, eventId, additionalParams) {
9487
+ /**
9488
+ * Fragment name for the App Check token that gets passed to the widget
9489
+ *
9490
+ * @internal
9491
+ */
9492
+ const FIREBASE_APP_CHECK_FRAGMENT_ID = encodeURIComponent('fac');
9493
+ async function _getRedirectUrl(auth, provider, authType, redirectUrl, eventId, additionalParams) {
9118
9494
  _assert(auth.config.authDomain, auth, "auth-domain-config-required" /* AuthErrorCode.MISSING_AUTH_DOMAIN */);
9119
9495
  _assert(auth.config.apiKey, auth, "invalid-api-key" /* AuthErrorCode.INVALID_API_KEY */);
9120
9496
  const params = {
@@ -9153,7 +9529,13 @@ function _getRedirectUrl(auth, provider, authType, redirectUrl, eventId, additio
9153
9529
  delete paramsDict[key];
9154
9530
  }
9155
9531
  }
9156
- return `${getHandlerBase(auth)}?${util.querystring(paramsDict).slice(1)}`;
9532
+ // Sets the App Check token to pass to the widget
9533
+ const appCheckToken = await auth._getAppCheckToken();
9534
+ const appCheckTokenFragment = appCheckToken
9535
+ ? `#${FIREBASE_APP_CHECK_FRAGMENT_ID}=${encodeURIComponent(appCheckToken)}`
9536
+ : '';
9537
+ // Start at index 1 to skip the leading '&' in the query string
9538
+ return `${getHandlerBase(auth)}?${util.querystring(paramsDict).slice(1)}${appCheckTokenFragment}`;
9157
9539
  }
9158
9540
  function getHandlerBase({ config }) {
9159
9541
  if (!config.emulator) {
@@ -9197,12 +9579,13 @@ class BrowserPopupRedirectResolver {
9197
9579
  async _openPopup(auth, provider, authType, eventId) {
9198
9580
  var _a;
9199
9581
  debugAssert((_a = this.eventManagers[auth._key()]) === null || _a === void 0 ? void 0 : _a.manager, '_initialize() not called before _openPopup()');
9200
- const url = _getRedirectUrl(auth, provider, authType, _getCurrentUrl(), eventId);
9582
+ const url = await _getRedirectUrl(auth, provider, authType, _getCurrentUrl(), eventId);
9201
9583
  return _open(auth, url, _generateEventId());
9202
9584
  }
9203
9585
  async _openRedirect(auth, provider, authType, eventId) {
9204
9586
  await this._originValidation(auth);
9205
- _setWindowLocation(_getRedirectUrl(auth, provider, authType, _getCurrentUrl(), eventId));
9587
+ const url = await _getRedirectUrl(auth, provider, authType, _getCurrentUrl(), eventId);
9588
+ _setWindowLocation(url);
9206
9589
  return new Promise(() => { });
9207
9590
  }
9208
9591
  _initialize(auth) {
@@ -9487,7 +9870,7 @@ function _isEmptyString(input) {
9487
9870
  }
9488
9871
 
9489
9872
  var name = "@firebase/auth";
9490
- var version = "0.22.0";
9873
+ var version = "0.23.0-canary.0a27d2fbf";
9491
9874
 
9492
9875
  /**
9493
9876
  * @license
@@ -9593,26 +9976,25 @@ function registerAuth(clientPlatform) {
9593
9976
  app._registerComponent(new component.Component("auth" /* _ComponentName.AUTH */, (container, { options: deps }) => {
9594
9977
  const app = container.getProvider('app').getImmediate();
9595
9978
  const heartbeatServiceProvider = container.getProvider('heartbeat');
9979
+ const appCheckServiceProvider = container.getProvider('app-check-internal');
9596
9980
  const { apiKey, authDomain } = app.options;
9597
- return ((app, heartbeatServiceProvider) => {
9598
- _assert(apiKey && !apiKey.includes(':'), "invalid-api-key" /* AuthErrorCode.INVALID_API_KEY */, { appName: app.name });
9599
- // Auth domain is optional if IdP sign in isn't being used
9600
- _assert(!(authDomain === null || authDomain === void 0 ? void 0 : authDomain.includes(':')), "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */, {
9601
- appName: app.name
9602
- });
9603
- const config = {
9604
- apiKey,
9605
- authDomain,
9606
- clientPlatform,
9607
- apiHost: "identitytoolkit.googleapis.com" /* DefaultConfig.API_HOST */,
9608
- tokenApiHost: "securetoken.googleapis.com" /* DefaultConfig.TOKEN_API_HOST */,
9609
- apiScheme: "https" /* DefaultConfig.API_SCHEME */,
9610
- sdkClientVersion: _getClientVersion(clientPlatform)
9611
- };
9612
- const authInstance = new AuthImpl(app, heartbeatServiceProvider, config);
9613
- _initializeAuthInstance(authInstance, deps);
9614
- return authInstance;
9615
- })(app, heartbeatServiceProvider);
9981
+ _assert(apiKey && !apiKey.includes(':'), "invalid-api-key" /* AuthErrorCode.INVALID_API_KEY */, { appName: app.name });
9982
+ // Auth domain is optional if IdP sign in isn't being used
9983
+ _assert(!(authDomain === null || authDomain === void 0 ? void 0 : authDomain.includes(':')), "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */, {
9984
+ appName: app.name
9985
+ });
9986
+ const config = {
9987
+ apiKey,
9988
+ authDomain,
9989
+ clientPlatform,
9990
+ apiHost: "identitytoolkit.googleapis.com" /* DefaultConfig.API_HOST */,
9991
+ tokenApiHost: "securetoken.googleapis.com" /* DefaultConfig.TOKEN_API_HOST */,
9992
+ apiScheme: "https" /* DefaultConfig.API_SCHEME */,
9993
+ sdkClientVersion: _getClientVersion(clientPlatform)
9994
+ };
9995
+ const authInstance = new AuthImpl(app, heartbeatServiceProvider, appCheckServiceProvider, config);
9996
+ _initializeAuthInstance(authInstance, deps);
9997
+ return authInstance;
9616
9998
  }, "PUBLIC" /* ComponentType.PUBLIC */)
9617
9999
  /**
9618
10000
  * Auth can only be initialized by explicitly calling getAuth() or initializeAuth()
@@ -9779,6 +10161,7 @@ exports.getRedirectResult = getRedirectResult;
9779
10161
  exports.inMemoryPersistence = inMemoryPersistence;
9780
10162
  exports.indexedDBLocalPersistence = indexedDBLocalPersistence;
9781
10163
  exports.initializeAuth = initializeAuth;
10164
+ exports.initializeRecaptchaConfig = initializeRecaptchaConfig;
9782
10165
  exports.isSignInWithEmailLink = isSignInWithEmailLink;
9783
10166
  exports.linkWithCredential = linkWithCredential;
9784
10167
  exports.linkWithPhoneNumber = linkWithPhoneNumber;
@@ -9816,4 +10199,4 @@ exports.updateProfile = updateProfile;
9816
10199
  exports.useDeviceLanguage = useDeviceLanguage;
9817
10200
  exports.verifyBeforeUpdateEmail = verifyBeforeUpdateEmail;
9818
10201
  exports.verifyPasswordResetCode = verifyPasswordResetCode;
9819
- //# sourceMappingURL=index-5859881d.js.map
10202
+ //# sourceMappingURL=index-5df83e84.js.map