@firebase/auth 1.1.0-canary.e037eeed6 → 1.1.0-canary.f497a400a

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (175) hide show
  1. package/README.md +28 -1
  2. package/dist/auth-public.d.ts +119 -0
  3. package/dist/auth.d.ts +179 -2
  4. package/dist/browser-cjs/{index-1a2a2779.js → index-316b8221.js} +548 -274
  5. package/dist/browser-cjs/index-316b8221.js.map +1 -0
  6. package/dist/browser-cjs/index.js +3 -2
  7. package/dist/browser-cjs/index.js.map +1 -1
  8. package/dist/browser-cjs/internal.js +3 -2
  9. package/dist/browser-cjs/internal.js.map +1 -1
  10. package/dist/browser-cjs/src/api/errors.d.ts +2 -1
  11. package/dist/browser-cjs/src/api/index.d.ts +2 -1
  12. package/dist/browser-cjs/src/api/password_policy/get_password_policy.d.ts +48 -0
  13. package/dist/browser-cjs/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  14. package/dist/browser-cjs/src/core/auth/auth_impl.d.ts +8 -2
  15. package/dist/browser-cjs/src/core/auth/password_policy_impl.d.ts +59 -0
  16. package/dist/browser-cjs/src/core/auth/password_policy_impl.test.d.ts +17 -0
  17. package/dist/browser-cjs/src/core/errors.d.ts +3 -1
  18. package/dist/browser-cjs/src/core/index.d.ts +25 -1
  19. package/dist/browser-cjs/src/model/auth.d.ts +7 -2
  20. package/dist/browser-cjs/src/model/password_policy.d.ts +111 -0
  21. package/dist/browser-cjs/src/model/public_types.d.ts +88 -0
  22. package/dist/browser-cjs/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  23. package/dist/browser-cjs/src/platform_node/index.d.ts +1 -0
  24. package/dist/browser-cjs/test/helpers/integration/helpers.d.ts +6 -0
  25. package/dist/browser-cjs/test/integration/flows/password_policy.test.d.ts +17 -0
  26. package/dist/cordova/index.js +2 -2
  27. package/dist/cordova/internal.js +2 -2
  28. package/dist/cordova/{popup_redirect-8599967b.js → popup_redirect-2410e07a.js} +737 -413
  29. package/dist/cordova/popup_redirect-2410e07a.js.map +1 -0
  30. package/dist/cordova/src/api/errors.d.ts +2 -1
  31. package/dist/cordova/src/api/index.d.ts +2 -1
  32. package/dist/cordova/src/api/password_policy/get_password_policy.d.ts +48 -0
  33. package/dist/cordova/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  34. package/dist/cordova/src/core/auth/auth_impl.d.ts +8 -2
  35. package/dist/cordova/src/core/auth/password_policy_impl.d.ts +59 -0
  36. package/dist/cordova/src/core/auth/password_policy_impl.test.d.ts +17 -0
  37. package/dist/cordova/src/core/errors.d.ts +3 -1
  38. package/dist/cordova/src/core/index.d.ts +25 -1
  39. package/dist/cordova/src/model/auth.d.ts +7 -2
  40. package/dist/cordova/src/model/password_policy.d.ts +111 -0
  41. package/dist/cordova/src/model/public_types.d.ts +88 -0
  42. package/dist/cordova/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  43. package/dist/cordova/src/platform_node/index.d.ts +1 -0
  44. package/dist/cordova/test/helpers/integration/helpers.d.ts +6 -0
  45. package/dist/cordova/test/integration/flows/password_policy.test.d.ts +17 -0
  46. package/dist/esm2017/{index-f8a66098.js → index-9be3d514.js} +548 -275
  47. package/dist/esm2017/index-9be3d514.js.map +1 -0
  48. package/dist/esm2017/index.js +2 -2
  49. package/dist/esm2017/internal.js +3 -3
  50. package/dist/esm2017/src/api/errors.d.ts +2 -1
  51. package/dist/esm2017/src/api/index.d.ts +2 -1
  52. package/dist/esm2017/src/api/password_policy/get_password_policy.d.ts +48 -0
  53. package/dist/esm2017/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  54. package/dist/esm2017/src/core/auth/auth_impl.d.ts +8 -2
  55. package/dist/esm2017/src/core/auth/password_policy_impl.d.ts +59 -0
  56. package/dist/esm2017/src/core/auth/password_policy_impl.test.d.ts +17 -0
  57. package/dist/esm2017/src/core/errors.d.ts +3 -1
  58. package/dist/esm2017/src/core/index.d.ts +25 -1
  59. package/dist/esm2017/src/model/auth.d.ts +7 -2
  60. package/dist/esm2017/src/model/password_policy.d.ts +111 -0
  61. package/dist/esm2017/src/model/public_types.d.ts +88 -0
  62. package/dist/esm2017/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  63. package/dist/esm2017/src/platform_node/index.d.ts +1 -0
  64. package/dist/esm2017/test/helpers/integration/helpers.d.ts +6 -0
  65. package/dist/esm2017/test/integration/flows/password_policy.test.d.ts +17 -0
  66. package/dist/esm5/{index-fdb9efbb.js → index-4ab2fcdf.js} +737 -413
  67. package/dist/esm5/index-4ab2fcdf.js.map +1 -0
  68. package/dist/esm5/index.js +1 -1
  69. package/dist/esm5/internal.js +2 -2
  70. package/dist/esm5/src/api/errors.d.ts +2 -1
  71. package/dist/esm5/src/api/index.d.ts +2 -1
  72. package/dist/esm5/src/api/password_policy/get_password_policy.d.ts +48 -0
  73. package/dist/esm5/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  74. package/dist/esm5/src/core/auth/auth_impl.d.ts +8 -2
  75. package/dist/esm5/src/core/auth/password_policy_impl.d.ts +59 -0
  76. package/dist/esm5/src/core/auth/password_policy_impl.test.d.ts +17 -0
  77. package/dist/esm5/src/core/errors.d.ts +3 -1
  78. package/dist/esm5/src/core/index.d.ts +25 -1
  79. package/dist/esm5/src/model/auth.d.ts +7 -2
  80. package/dist/esm5/src/model/password_policy.d.ts +111 -0
  81. package/dist/esm5/src/model/public_types.d.ts +88 -0
  82. package/dist/esm5/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  83. package/dist/esm5/src/platform_node/index.d.ts +1 -0
  84. package/dist/esm5/test/helpers/integration/helpers.d.ts +6 -0
  85. package/dist/esm5/test/integration/flows/password_policy.test.d.ts +17 -0
  86. package/dist/index.webworker.esm5.js +811 -487
  87. package/dist/index.webworker.esm5.js.map +1 -1
  88. package/dist/node/index.js +2 -1
  89. package/dist/node/index.js.map +1 -1
  90. package/dist/node/internal.js +2 -1
  91. package/dist/node/internal.js.map +1 -1
  92. package/dist/node/src/api/errors.d.ts +2 -1
  93. package/dist/node/src/api/index.d.ts +2 -1
  94. package/dist/node/src/api/password_policy/get_password_policy.d.ts +48 -0
  95. package/dist/node/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  96. package/dist/node/src/core/auth/auth_impl.d.ts +8 -2
  97. package/dist/node/src/core/auth/password_policy_impl.d.ts +59 -0
  98. package/dist/node/src/core/auth/password_policy_impl.test.d.ts +17 -0
  99. package/dist/node/src/core/errors.d.ts +3 -1
  100. package/dist/node/src/core/index.d.ts +25 -1
  101. package/dist/node/src/model/auth.d.ts +7 -2
  102. package/dist/node/src/model/password_policy.d.ts +111 -0
  103. package/dist/node/src/model/public_types.d.ts +88 -0
  104. package/dist/node/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  105. package/dist/node/src/platform_node/index.d.ts +1 -0
  106. package/dist/node/test/helpers/integration/helpers.d.ts +6 -0
  107. package/dist/node/test/integration/flows/password_policy.test.d.ts +17 -0
  108. package/dist/node/{totp-7ea0acc9.js → totp-4cc8bac4.js} +700 -375
  109. package/dist/node/totp-4cc8bac4.js.map +1 -0
  110. package/dist/node-esm/index.js +1 -1
  111. package/dist/node-esm/internal.js +2 -2
  112. package/dist/node-esm/src/api/errors.d.ts +2 -1
  113. package/dist/node-esm/src/api/index.d.ts +2 -1
  114. package/dist/node-esm/src/api/password_policy/get_password_policy.d.ts +48 -0
  115. package/dist/node-esm/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  116. package/dist/node-esm/src/core/auth/auth_impl.d.ts +8 -2
  117. package/dist/node-esm/src/core/auth/password_policy_impl.d.ts +59 -0
  118. package/dist/node-esm/src/core/auth/password_policy_impl.test.d.ts +17 -0
  119. package/dist/node-esm/src/core/errors.d.ts +3 -1
  120. package/dist/node-esm/src/core/index.d.ts +25 -1
  121. package/dist/node-esm/src/model/auth.d.ts +7 -2
  122. package/dist/node-esm/src/model/password_policy.d.ts +111 -0
  123. package/dist/node-esm/src/model/public_types.d.ts +88 -0
  124. package/dist/node-esm/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  125. package/dist/node-esm/src/platform_node/index.d.ts +1 -0
  126. package/dist/node-esm/test/helpers/integration/helpers.d.ts +6 -0
  127. package/dist/node-esm/test/integration/flows/password_policy.test.d.ts +17 -0
  128. package/dist/node-esm/{totp-af1856f8.js → totp-79809646.js} +540 -267
  129. package/dist/node-esm/totp-79809646.js.map +1 -0
  130. package/dist/rn/index.js +2 -1
  131. package/dist/rn/index.js.map +1 -1
  132. package/dist/rn/internal.js +2 -1
  133. package/dist/rn/internal.js.map +1 -1
  134. package/dist/rn/{phone-a321ec79.js → phone-87fdb2ba.js} +717 -392
  135. package/dist/rn/phone-87fdb2ba.js.map +1 -0
  136. package/dist/rn/src/api/errors.d.ts +2 -1
  137. package/dist/rn/src/api/index.d.ts +2 -1
  138. package/dist/rn/src/api/password_policy/get_password_policy.d.ts +48 -0
  139. package/dist/rn/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  140. package/dist/rn/src/core/auth/auth_impl.d.ts +8 -2
  141. package/dist/rn/src/core/auth/password_policy_impl.d.ts +59 -0
  142. package/dist/rn/src/core/auth/password_policy_impl.test.d.ts +17 -0
  143. package/dist/rn/src/core/errors.d.ts +3 -1
  144. package/dist/rn/src/core/index.d.ts +25 -1
  145. package/dist/rn/src/model/auth.d.ts +7 -2
  146. package/dist/rn/src/model/password_policy.d.ts +111 -0
  147. package/dist/rn/src/model/public_types.d.ts +88 -0
  148. package/dist/rn/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  149. package/dist/rn/src/platform_node/index.d.ts +1 -0
  150. package/dist/rn/test/helpers/integration/helpers.d.ts +6 -0
  151. package/dist/rn/test/integration/flows/password_policy.test.d.ts +17 -0
  152. package/dist/src/api/errors.d.ts +2 -1
  153. package/dist/src/api/index.d.ts +2 -1
  154. package/dist/src/api/password_policy/get_password_policy.d.ts +48 -0
  155. package/dist/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  156. package/dist/src/core/auth/auth_impl.d.ts +8 -2
  157. package/dist/src/core/auth/password_policy_impl.d.ts +59 -0
  158. package/dist/src/core/auth/password_policy_impl.test.d.ts +17 -0
  159. package/dist/src/core/errors.d.ts +3 -1
  160. package/dist/src/core/index.d.ts +25 -1
  161. package/dist/src/model/auth.d.ts +7 -2
  162. package/dist/src/model/password_policy.d.ts +111 -0
  163. package/dist/src/model/public_types.d.ts +88 -0
  164. package/dist/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  165. package/dist/src/platform_node/index.d.ts +1 -0
  166. package/dist/test/helpers/integration/helpers.d.ts +6 -0
  167. package/dist/test/integration/flows/password_policy.test.d.ts +17 -0
  168. package/package.json +6 -6
  169. package/dist/browser-cjs/index-1a2a2779.js.map +0 -1
  170. package/dist/cordova/popup_redirect-8599967b.js.map +0 -1
  171. package/dist/esm2017/index-f8a66098.js.map +0 -1
  172. package/dist/esm5/index-fdb9efbb.js.map +0 -1
  173. package/dist/node/totp-7ea0acc9.js.map +0 -1
  174. package/dist/node-esm/totp-af1856f8.js.map +0 -1
  175. package/dist/rn/phone-a321ec79.js.map +0 -1
@@ -176,6 +176,8 @@ function _debugErrorMap() {
176
176
  _a["missing-recaptcha-version" /* AuthErrorCode.MISSING_RECAPTCHA_VERSION */] = 'The reCAPTCHA version is missing when sending request to the backend.',
177
177
  _a["invalid-req-type" /* AuthErrorCode.INVALID_REQ_TYPE */] = 'Invalid request parameters.',
178
178
  _a["invalid-recaptcha-version" /* AuthErrorCode.INVALID_RECAPTCHA_VERSION */] = 'The reCAPTCHA version is invalid when sending request to the backend.',
179
+ _a["unsupported-password-policy-schema-version" /* AuthErrorCode.UNSUPPORTED_PASSWORD_POLICY_SCHEMA_VERSION */] = 'The password policy received from the backend uses a schema version that is not supported by this version of the Firebase SDK.',
180
+ _a["password-does-not-meet-requirements" /* AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */] = 'The password does not meet the requirements.',
179
181
  _a;
180
182
  }
181
183
  function _prodErrorMap() {
@@ -549,7 +551,7 @@ function _initializeAuthInstance(auth, deps) {
549
551
  }
550
552
 
551
553
  var name = "@firebase/auth";
552
- var version = "1.1.0-canary.e037eeed6";
554
+ var version = "1.1.0-canary.f497a400a";
553
555
 
554
556
  /**
555
557
  * @license
@@ -955,6 +957,7 @@ var SERVER_ERROR_MAP = (_a$1 = {},
955
957
  _a$1["USER_NOT_FOUND" /* ServerError.USER_NOT_FOUND */] = "user-token-expired" /* AuthErrorCode.TOKEN_EXPIRED */,
956
958
  // Other errors.
957
959
  _a$1["TOO_MANY_ATTEMPTS_TRY_LATER" /* ServerError.TOO_MANY_ATTEMPTS_TRY_LATER */] = "too-many-requests" /* AuthErrorCode.TOO_MANY_ATTEMPTS_TRY_LATER */,
960
+ _a$1["PASSWORD_DOES_NOT_MEET_REQUIREMENTS" /* ServerError.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */] = "password-does-not-meet-requirements" /* AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */,
958
961
  // Phone Auth related errors.
959
962
  _a$1["INVALID_CODE" /* ServerError.INVALID_CODE */] = "invalid-verification-code" /* AuthErrorCode.INVALID_CODE */,
960
963
  _a$1["INVALID_SESSION_INFO" /* ServerError.INVALID_SESSION_INFO */] = "invalid-verification-id" /* AuthErrorCode.INVALID_SESSION_INFO */,
@@ -2367,7 +2370,7 @@ var PersistenceUserManager = /** @class */ (function () {
2367
2370
 
2368
2371
  /**
2369
2372
  * @license
2370
- * Copyright 2020 Google LLC
2373
+ * Copyright 2022 Google LLC
2371
2374
  *
2372
2375
  * Licensed under the Apache License, Version 2.0 (the "License");
2373
2376
  * you may not use this file except in compliance with the License.
@@ -2381,17 +2384,97 @@ var PersistenceUserManager = /** @class */ (function () {
2381
2384
  * See the License for the specific language governing permissions and
2382
2385
  * limitations under the License.
2383
2386
  */
2384
- function getRecaptchaConfig(auth, request) {
2385
- return __awaiter(this, void 0, void 0, function () {
2386
- return __generator(this, function (_a) {
2387
- return [2 /*return*/, _performApiRequest(auth, "GET" /* HttpMethod.GET */, "/v2/recaptchaConfig" /* Endpoint.GET_RECAPTCHA_CONFIG */, _addTidIfNecessary(auth, request))];
2387
+ var AuthMiddlewareQueue = /** @class */ (function () {
2388
+ function AuthMiddlewareQueue(auth) {
2389
+ this.auth = auth;
2390
+ this.queue = [];
2391
+ }
2392
+ AuthMiddlewareQueue.prototype.pushCallback = function (callback, onAbort) {
2393
+ var _this = this;
2394
+ // The callback could be sync or async. Wrap it into a
2395
+ // function that is always async.
2396
+ var wrappedCallback = function (user) {
2397
+ return new Promise(function (resolve, reject) {
2398
+ try {
2399
+ var result = callback(user);
2400
+ // Either resolve with existing promise or wrap a non-promise
2401
+ // return value into a promise.
2402
+ resolve(result);
2403
+ }
2404
+ catch (e) {
2405
+ // Sync callback throws.
2406
+ reject(e);
2407
+ }
2408
+ });
2409
+ };
2410
+ // Attach the onAbort if present
2411
+ wrappedCallback.onAbort = onAbort;
2412
+ this.queue.push(wrappedCallback);
2413
+ var index = this.queue.length - 1;
2414
+ return function () {
2415
+ // Unsubscribe. Replace with no-op. Do not remove from array, or it will disturb
2416
+ // indexing of other elements.
2417
+ _this.queue[index] = function () { return Promise.resolve(); };
2418
+ };
2419
+ };
2420
+ AuthMiddlewareQueue.prototype.runMiddleware = function (nextUser) {
2421
+ return __awaiter(this, void 0, void 0, function () {
2422
+ var onAbortStack, _i, _a, beforeStateCallback, e_1, _b, onAbortStack_1, onAbort;
2423
+ return __generator(this, function (_c) {
2424
+ switch (_c.label) {
2425
+ case 0:
2426
+ if (this.auth.currentUser === nextUser) {
2427
+ return [2 /*return*/];
2428
+ }
2429
+ onAbortStack = [];
2430
+ _c.label = 1;
2431
+ case 1:
2432
+ _c.trys.push([1, 6, , 7]);
2433
+ _i = 0, _a = this.queue;
2434
+ _c.label = 2;
2435
+ case 2:
2436
+ if (!(_i < _a.length)) return [3 /*break*/, 5];
2437
+ beforeStateCallback = _a[_i];
2438
+ return [4 /*yield*/, beforeStateCallback(nextUser)];
2439
+ case 3:
2440
+ _c.sent();
2441
+ // Only push the onAbort if the callback succeeds
2442
+ if (beforeStateCallback.onAbort) {
2443
+ onAbortStack.push(beforeStateCallback.onAbort);
2444
+ }
2445
+ _c.label = 4;
2446
+ case 4:
2447
+ _i++;
2448
+ return [3 /*break*/, 2];
2449
+ case 5: return [3 /*break*/, 7];
2450
+ case 6:
2451
+ e_1 = _c.sent();
2452
+ // Run all onAbort, with separate try/catch to ignore any errors and
2453
+ // continue
2454
+ onAbortStack.reverse();
2455
+ for (_b = 0, onAbortStack_1 = onAbortStack; _b < onAbortStack_1.length; _b++) {
2456
+ onAbort = onAbortStack_1[_b];
2457
+ try {
2458
+ onAbort();
2459
+ }
2460
+ catch (_) {
2461
+ /* swallow error */
2462
+ }
2463
+ }
2464
+ throw this.auth._errorFactory.create("login-blocked" /* AuthErrorCode.LOGIN_BLOCKED */, {
2465
+ originalMessage: e_1 === null || e_1 === void 0 ? void 0 : e_1.message
2466
+ });
2467
+ case 7: return [2 /*return*/];
2468
+ }
2469
+ });
2388
2470
  });
2389
- });
2390
- }
2471
+ };
2472
+ return AuthMiddlewareQueue;
2473
+ }());
2391
2474
 
2392
2475
  /**
2393
2476
  * @license
2394
- * Copyright 2020 Google LLC
2477
+ * Copyright 2023 Google LLC
2395
2478
  *
2396
2479
  * Licensed under the Apache License, Version 2.0 (the "License");
2397
2480
  * you may not use this file except in compliance with the License.
@@ -2405,36 +2488,25 @@ function getRecaptchaConfig(auth, request) {
2405
2488
  * See the License for the specific language governing permissions and
2406
2489
  * limitations under the License.
2407
2490
  */
2408
- function isEnterprise(grecaptcha) {
2409
- return (grecaptcha !== undefined &&
2410
- grecaptcha.enterprise !== undefined);
2411
- }
2412
- var RecaptchaConfig = /** @class */ (function () {
2413
- function RecaptchaConfig(response) {
2414
- /**
2415
- * The reCAPTCHA site key.
2416
- */
2417
- this.siteKey = '';
2418
- /**
2419
- * The reCAPTCHA enablement status of the {@link EmailAuthProvider} for the current tenant.
2420
- */
2421
- this.emailPasswordEnabled = false;
2422
- if (response.recaptchaKey === undefined) {
2423
- throw new Error('recaptchaKey undefined');
2424
- }
2425
- // Example response.recaptchaKey: "projects/proj123/keys/sitekey123"
2426
- this.siteKey = response.recaptchaKey.split('/')[3];
2427
- this.emailPasswordEnabled = response.recaptchaEnforcementState.some(function (enforcementState) {
2428
- return enforcementState.provider === 'EMAIL_PASSWORD_PROVIDER' &&
2429
- enforcementState.enforcementState !== 'OFF';
2491
+ /**
2492
+ * Fetches the password policy for the currently set tenant or the project if no tenant is set.
2493
+ *
2494
+ * @param auth Auth object.
2495
+ * @param request Password policy request.
2496
+ * @returns Password policy response.
2497
+ */
2498
+ function _getPasswordPolicy(auth, request) {
2499
+ if (request === void 0) { request = {}; }
2500
+ return __awaiter(this, void 0, void 0, function () {
2501
+ return __generator(this, function (_a) {
2502
+ return [2 /*return*/, _performApiRequest(auth, "GET" /* HttpMethod.GET */, "/v2/passwordPolicy" /* Endpoint.GET_PASSWORD_POLICY */, _addTidIfNecessary(auth, request))];
2430
2503
  });
2431
- }
2432
- return RecaptchaConfig;
2433
- }());
2504
+ });
2505
+ }
2434
2506
 
2435
2507
  /**
2436
2508
  * @license
2437
- * Copyright 2020 Google LLC
2509
+ * Copyright 2023 Google LLC
2438
2510
  *
2439
2511
  * Licensed under the Apache License, Version 2.0 (the "License");
2440
2512
  * you may not use this file except in compliance with the License.
@@ -2448,286 +2520,138 @@ var RecaptchaConfig = /** @class */ (function () {
2448
2520
  * See the License for the specific language governing permissions and
2449
2521
  * limitations under the License.
2450
2522
  */
2451
- function getScriptParentElement() {
2452
- var _a, _b;
2453
- return (_b = (_a = document.getElementsByTagName('head')) === null || _a === void 0 ? void 0 : _a[0]) !== null && _b !== void 0 ? _b : document;
2454
- }
2455
- function _loadJS(url) {
2456
- // TODO: consider adding timeout support & cancellation
2457
- return new Promise(function (resolve, reject) {
2458
- var el = document.createElement('script');
2459
- el.setAttribute('src', url);
2460
- el.onload = resolve;
2461
- el.onerror = function (e) {
2462
- var error = _createError("internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
2463
- error.customData = e;
2464
- reject(error);
2523
+ // Minimum min password length enforced by the backend, even if no minimum length is set.
2524
+ var MINIMUM_MIN_PASSWORD_LENGTH = 6;
2525
+ /**
2526
+ * Stores password policy requirements and provides password validation against the policy.
2527
+ *
2528
+ * @internal
2529
+ */
2530
+ var PasswordPolicyImpl = /** @class */ (function () {
2531
+ function PasswordPolicyImpl(response) {
2532
+ var _a, _b, _c, _d;
2533
+ // Only include custom strength options defined in the response.
2534
+ var responseOptions = response.customStrengthOptions;
2535
+ this.customStrengthOptions = {};
2536
+ // TODO: Remove once the backend is updated to include the minimum min password length instead of undefined when there is no minimum length set.
2537
+ this.customStrengthOptions.minPasswordLength =
2538
+ (_a = responseOptions.minPasswordLength) !== null && _a !== void 0 ? _a : MINIMUM_MIN_PASSWORD_LENGTH;
2539
+ if (responseOptions.maxPasswordLength) {
2540
+ this.customStrengthOptions.maxPasswordLength =
2541
+ responseOptions.maxPasswordLength;
2542
+ }
2543
+ if (responseOptions.containsLowercaseCharacter !== undefined) {
2544
+ this.customStrengthOptions.containsLowercaseLetter =
2545
+ responseOptions.containsLowercaseCharacter;
2546
+ }
2547
+ if (responseOptions.containsUppercaseCharacter !== undefined) {
2548
+ this.customStrengthOptions.containsUppercaseLetter =
2549
+ responseOptions.containsUppercaseCharacter;
2550
+ }
2551
+ if (responseOptions.containsNumericCharacter !== undefined) {
2552
+ this.customStrengthOptions.containsNumericCharacter =
2553
+ responseOptions.containsNumericCharacter;
2554
+ }
2555
+ if (responseOptions.containsNonAlphanumericCharacter !== undefined) {
2556
+ this.customStrengthOptions.containsNonAlphanumericCharacter =
2557
+ responseOptions.containsNonAlphanumericCharacter;
2558
+ }
2559
+ this.enforcementState = response.enforcementState;
2560
+ if (this.enforcementState === 'ENFORCEMENT_STATE_UNSPECIFIED') {
2561
+ this.enforcementState = 'OFF';
2562
+ }
2563
+ // Use an empty string if no non-alphanumeric characters are specified in the response.
2564
+ this.allowedNonAlphanumericCharacters =
2565
+ (_c = (_b = response.allowedNonAlphanumericCharacters) === null || _b === void 0 ? void 0 : _b.join('')) !== null && _c !== void 0 ? _c : '';
2566
+ this.forceUpgradeOnSignin = (_d = response.forceUpgradeOnSignin) !== null && _d !== void 0 ? _d : false;
2567
+ this.schemaVersion = response.schemaVersion;
2568
+ }
2569
+ PasswordPolicyImpl.prototype.validatePassword = function (password) {
2570
+ var _a, _b, _c, _d, _e, _f;
2571
+ var status = {
2572
+ isValid: true,
2573
+ passwordPolicy: this
2465
2574
  };
2466
- el.type = 'text/javascript';
2467
- el.charset = 'UTF-8';
2468
- getScriptParentElement().appendChild(el);
2469
- });
2470
- }
2471
-
2472
- /* eslint-disable @typescript-eslint/no-require-imports */
2473
- var RECAPTCHA_ENTERPRISE_URL = 'https://www.google.com/recaptcha/enterprise.js?render=';
2474
- var RECAPTCHA_ENTERPRISE_VERIFIER_TYPE = 'recaptcha-enterprise';
2475
- var FAKE_TOKEN = 'NO_RECAPTCHA';
2476
- var RecaptchaEnterpriseVerifier = /** @class */ (function () {
2575
+ // Check the password length and character options.
2576
+ this.validatePasswordLengthOptions(password, status);
2577
+ this.validatePasswordCharacterOptions(password, status);
2578
+ // Combine the status into single isValid property.
2579
+ status.isValid && (status.isValid = (_a = status.meetsMinPasswordLength) !== null && _a !== void 0 ? _a : true);
2580
+ status.isValid && (status.isValid = (_b = status.meetsMaxPasswordLength) !== null && _b !== void 0 ? _b : true);
2581
+ status.isValid && (status.isValid = (_c = status.containsLowercaseLetter) !== null && _c !== void 0 ? _c : true);
2582
+ status.isValid && (status.isValid = (_d = status.containsUppercaseLetter) !== null && _d !== void 0 ? _d : true);
2583
+ status.isValid && (status.isValid = (_e = status.containsNumericCharacter) !== null && _e !== void 0 ? _e : true);
2584
+ status.isValid && (status.isValid = (_f = status.containsNonAlphanumericCharacter) !== null && _f !== void 0 ? _f : true);
2585
+ return status;
2586
+ };
2477
2587
  /**
2588
+ * Validates that the password meets the length options for the policy.
2478
2589
  *
2479
- * @param authExtern - The corresponding Firebase {@link Auth} instance.
2590
+ * @param password Password to validate.
2591
+ * @param status Validation status.
2592
+ */
2593
+ PasswordPolicyImpl.prototype.validatePasswordLengthOptions = function (password, status) {
2594
+ var minPasswordLength = this.customStrengthOptions.minPasswordLength;
2595
+ var maxPasswordLength = this.customStrengthOptions.maxPasswordLength;
2596
+ if (minPasswordLength) {
2597
+ status.meetsMinPasswordLength = password.length >= minPasswordLength;
2598
+ }
2599
+ if (maxPasswordLength) {
2600
+ status.meetsMaxPasswordLength = password.length <= maxPasswordLength;
2601
+ }
2602
+ };
2603
+ /**
2604
+ * Validates that the password meets the character options for the policy.
2480
2605
  *
2606
+ * @param password Password to validate.
2607
+ * @param status Validation status.
2481
2608
  */
2482
- function RecaptchaEnterpriseVerifier(authExtern) {
2483
- /**
2484
- * Identifies the type of application verifier (e.g. "recaptcha-enterprise").
2485
- */
2486
- this.type = RECAPTCHA_ENTERPRISE_VERIFIER_TYPE;
2487
- this.auth = _castAuth(authExtern);
2488
- }
2609
+ PasswordPolicyImpl.prototype.validatePasswordCharacterOptions = function (password, status) {
2610
+ // Assign statuses for requirements even if the password is an empty string.
2611
+ this.updatePasswordCharacterOptionsStatuses(status,
2612
+ /* containsLowercaseCharacter= */ false,
2613
+ /* containsUppercaseCharacter= */ false,
2614
+ /* containsNumericCharacter= */ false,
2615
+ /* containsNonAlphanumericCharacter= */ false);
2616
+ var passwordChar;
2617
+ for (var i = 0; i < password.length; i++) {
2618
+ passwordChar = password.charAt(i);
2619
+ this.updatePasswordCharacterOptionsStatuses(status,
2620
+ /* containsLowercaseCharacter= */ passwordChar >= 'a' &&
2621
+ passwordChar <= 'z',
2622
+ /* containsUppercaseCharacter= */ passwordChar >= 'A' &&
2623
+ passwordChar <= 'Z',
2624
+ /* containsNumericCharacter= */ passwordChar >= '0' &&
2625
+ passwordChar <= '9',
2626
+ /* containsNonAlphanumericCharacter= */ this.allowedNonAlphanumericCharacters.includes(passwordChar));
2627
+ }
2628
+ };
2489
2629
  /**
2490
- * Executes the verification process.
2630
+ * Updates the running validation status with the statuses for the character options.
2631
+ * Expected to be called each time a character is processed to update each option status
2632
+ * based on the current character.
2491
2633
  *
2492
- * @returns A Promise for a token that can be used to assert the validity of a request.
2634
+ * @param status Validation status.
2635
+ * @param containsLowercaseCharacter Whether the character is a lowercase letter.
2636
+ * @param containsUppercaseCharacter Whether the character is an uppercase letter.
2637
+ * @param containsNumericCharacter Whether the character is a numeric character.
2638
+ * @param containsNonAlphanumericCharacter Whether the character is a non-alphanumeric character.
2493
2639
  */
2494
- RecaptchaEnterpriseVerifier.prototype.verify = function (action, forceRefresh) {
2495
- if (action === void 0) { action = 'verify'; }
2496
- if (forceRefresh === void 0) { forceRefresh = false; }
2497
- return __awaiter(this, void 0, void 0, function () {
2498
- function retrieveSiteKey(auth) {
2499
- return __awaiter(this, void 0, void 0, function () {
2500
- var _this = this;
2501
- return __generator(this, function (_a) {
2502
- if (!forceRefresh) {
2503
- if (auth.tenantId == null && auth._agentRecaptchaConfig != null) {
2504
- return [2 /*return*/, auth._agentRecaptchaConfig.siteKey];
2505
- }
2506
- if (auth.tenantId != null &&
2507
- auth._tenantRecaptchaConfigs[auth.tenantId] !== undefined) {
2508
- return [2 /*return*/, auth._tenantRecaptchaConfigs[auth.tenantId].siteKey];
2509
- }
2510
- }
2511
- return [2 /*return*/, new Promise(function (resolve, reject) { return __awaiter(_this, void 0, void 0, function () {
2512
- return __generator(this, function (_a) {
2513
- getRecaptchaConfig(auth, {
2514
- clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */,
2515
- version: "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
2516
- })
2517
- .then(function (response) {
2518
- if (response.recaptchaKey === undefined) {
2519
- reject(new Error('recaptcha Enterprise site key undefined'));
2520
- }
2521
- else {
2522
- var config = new RecaptchaConfig(response);
2523
- if (auth.tenantId == null) {
2524
- auth._agentRecaptchaConfig = config;
2525
- }
2526
- else {
2527
- auth._tenantRecaptchaConfigs[auth.tenantId] = config;
2528
- }
2529
- return resolve(config.siteKey);
2530
- }
2531
- })
2532
- .catch(function (error) {
2533
- reject(error);
2534
- });
2535
- return [2 /*return*/];
2536
- });
2537
- }); })];
2538
- });
2539
- });
2540
- }
2541
- function retrieveRecaptchaToken(siteKey, resolve, reject) {
2542
- var grecaptcha = window.grecaptcha;
2543
- if (isEnterprise(grecaptcha)) {
2544
- grecaptcha.enterprise.ready(function () {
2545
- grecaptcha.enterprise
2546
- .execute(siteKey, { action: action })
2547
- .then(function (token) {
2548
- resolve(token);
2549
- })
2550
- .catch(function () {
2551
- resolve(FAKE_TOKEN);
2552
- });
2553
- });
2554
- }
2555
- else {
2556
- reject(Error('No reCAPTCHA enterprise script loaded.'));
2557
- }
2558
- }
2559
- var _this = this;
2560
- return __generator(this, function (_a) {
2561
- return [2 /*return*/, new Promise(function (resolve, reject) {
2562
- retrieveSiteKey(_this.auth)
2563
- .then(function (siteKey) {
2564
- if (!forceRefresh && isEnterprise(window.grecaptcha)) {
2565
- retrieveRecaptchaToken(siteKey, resolve, reject);
2566
- }
2567
- else {
2568
- if (typeof window === 'undefined') {
2569
- reject(new Error('RecaptchaVerifier is only supported in browser'));
2570
- return;
2571
- }
2572
- _loadJS(RECAPTCHA_ENTERPRISE_URL + siteKey)
2573
- .then(function () {
2574
- retrieveRecaptchaToken(siteKey, resolve, reject);
2575
- })
2576
- .catch(function (error) {
2577
- reject(error);
2578
- });
2579
- }
2580
- })
2581
- .catch(function (error) {
2582
- reject(error);
2583
- });
2584
- })];
2585
- });
2586
- });
2587
- };
2588
- return RecaptchaEnterpriseVerifier;
2589
- }());
2590
- function injectRecaptchaFields(auth, request, action, captchaResp) {
2591
- if (captchaResp === void 0) { captchaResp = false; }
2592
- return __awaiter(this, void 0, void 0, function () {
2593
- var verifier, captchaResponse, newRequest;
2594
- return __generator(this, function (_a) {
2595
- switch (_a.label) {
2596
- case 0:
2597
- verifier = new RecaptchaEnterpriseVerifier(auth);
2598
- _a.label = 1;
2599
- case 1:
2600
- _a.trys.push([1, 3, , 5]);
2601
- return [4 /*yield*/, verifier.verify(action)];
2602
- case 2:
2603
- captchaResponse = _a.sent();
2604
- return [3 /*break*/, 5];
2605
- case 3:
2606
- _a.sent();
2607
- return [4 /*yield*/, verifier.verify(action, true)];
2608
- case 4:
2609
- captchaResponse = _a.sent();
2610
- return [3 /*break*/, 5];
2611
- case 5:
2612
- newRequest = __assign({}, request);
2613
- if (!captchaResp) {
2614
- Object.assign(newRequest, { captchaResponse: captchaResponse });
2615
- }
2616
- else {
2617
- Object.assign(newRequest, { 'captchaResp': captchaResponse });
2618
- }
2619
- Object.assign(newRequest, { 'clientType': "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */ });
2620
- Object.assign(newRequest, {
2621
- 'recaptchaVersion': "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
2622
- });
2623
- return [2 /*return*/, newRequest];
2624
- }
2625
- });
2626
- });
2627
- }
2628
-
2629
- /**
2630
- * @license
2631
- * Copyright 2022 Google LLC
2632
- *
2633
- * Licensed under the Apache License, Version 2.0 (the "License");
2634
- * you may not use this file except in compliance with the License.
2635
- * You may obtain a copy of the License at
2636
- *
2637
- * http://www.apache.org/licenses/LICENSE-2.0
2638
- *
2639
- * Unless required by applicable law or agreed to in writing, software
2640
- * distributed under the License is distributed on an "AS IS" BASIS,
2641
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
2642
- * See the License for the specific language governing permissions and
2643
- * limitations under the License.
2644
- */
2645
- var AuthMiddlewareQueue = /** @class */ (function () {
2646
- function AuthMiddlewareQueue(auth) {
2647
- this.auth = auth;
2648
- this.queue = [];
2649
- }
2650
- AuthMiddlewareQueue.prototype.pushCallback = function (callback, onAbort) {
2651
- var _this = this;
2652
- // The callback could be sync or async. Wrap it into a
2653
- // function that is always async.
2654
- var wrappedCallback = function (user) {
2655
- return new Promise(function (resolve, reject) {
2656
- try {
2657
- var result = callback(user);
2658
- // Either resolve with existing promise or wrap a non-promise
2659
- // return value into a promise.
2660
- resolve(result);
2661
- }
2662
- catch (e) {
2663
- // Sync callback throws.
2664
- reject(e);
2665
- }
2666
- });
2667
- };
2668
- // Attach the onAbort if present
2669
- wrappedCallback.onAbort = onAbort;
2670
- this.queue.push(wrappedCallback);
2671
- var index = this.queue.length - 1;
2672
- return function () {
2673
- // Unsubscribe. Replace with no-op. Do not remove from array, or it will disturb
2674
- // indexing of other elements.
2675
- _this.queue[index] = function () { return Promise.resolve(); };
2676
- };
2677
- };
2678
- AuthMiddlewareQueue.prototype.runMiddleware = function (nextUser) {
2679
- return __awaiter(this, void 0, void 0, function () {
2680
- var onAbortStack, _i, _a, beforeStateCallback, e_1, _b, onAbortStack_1, onAbort;
2681
- return __generator(this, function (_c) {
2682
- switch (_c.label) {
2683
- case 0:
2684
- if (this.auth.currentUser === nextUser) {
2685
- return [2 /*return*/];
2686
- }
2687
- onAbortStack = [];
2688
- _c.label = 1;
2689
- case 1:
2690
- _c.trys.push([1, 6, , 7]);
2691
- _i = 0, _a = this.queue;
2692
- _c.label = 2;
2693
- case 2:
2694
- if (!(_i < _a.length)) return [3 /*break*/, 5];
2695
- beforeStateCallback = _a[_i];
2696
- return [4 /*yield*/, beforeStateCallback(nextUser)];
2697
- case 3:
2698
- _c.sent();
2699
- // Only push the onAbort if the callback succeeds
2700
- if (beforeStateCallback.onAbort) {
2701
- onAbortStack.push(beforeStateCallback.onAbort);
2702
- }
2703
- _c.label = 4;
2704
- case 4:
2705
- _i++;
2706
- return [3 /*break*/, 2];
2707
- case 5: return [3 /*break*/, 7];
2708
- case 6:
2709
- e_1 = _c.sent();
2710
- // Run all onAbort, with separate try/catch to ignore any errors and
2711
- // continue
2712
- onAbortStack.reverse();
2713
- for (_b = 0, onAbortStack_1 = onAbortStack; _b < onAbortStack_1.length; _b++) {
2714
- onAbort = onAbortStack_1[_b];
2715
- try {
2716
- onAbort();
2717
- }
2718
- catch (_) {
2719
- /* swallow error */
2720
- }
2721
- }
2722
- throw this.auth._errorFactory.create("login-blocked" /* AuthErrorCode.LOGIN_BLOCKED */, {
2723
- originalMessage: e_1 === null || e_1 === void 0 ? void 0 : e_1.message
2724
- });
2725
- case 7: return [2 /*return*/];
2726
- }
2727
- });
2728
- });
2640
+ PasswordPolicyImpl.prototype.updatePasswordCharacterOptionsStatuses = function (status, containsLowercaseCharacter, containsUppercaseCharacter, containsNumericCharacter, containsNonAlphanumericCharacter) {
2641
+ if (this.customStrengthOptions.containsLowercaseLetter) {
2642
+ status.containsLowercaseLetter || (status.containsLowercaseLetter = containsLowercaseCharacter);
2643
+ }
2644
+ if (this.customStrengthOptions.containsUppercaseLetter) {
2645
+ status.containsUppercaseLetter || (status.containsUppercaseLetter = containsUppercaseCharacter);
2646
+ }
2647
+ if (this.customStrengthOptions.containsNumericCharacter) {
2648
+ status.containsNumericCharacter || (status.containsNumericCharacter = containsNumericCharacter);
2649
+ }
2650
+ if (this.customStrengthOptions.containsNonAlphanumericCharacter) {
2651
+ status.containsNonAlphanumericCharacter || (status.containsNonAlphanumericCharacter = containsNonAlphanumericCharacter);
2652
+ }
2729
2653
  };
2730
- return AuthMiddlewareQueue;
2654
+ return PasswordPolicyImpl;
2731
2655
  }());
2732
2656
 
2733
2657
  /**
@@ -2760,6 +2684,7 @@ var AuthImpl = /** @class */ (function () {
2760
2684
  this.beforeStateQueue = new AuthMiddlewareQueue(this);
2761
2685
  this.redirectUser = null;
2762
2686
  this.isProactiveRefreshEnabled = false;
2687
+ this.EXPECTED_PASSWORD_POLICY_SCHEMA_VERSION = 1;
2763
2688
  // Any network calls will set this to true and prevent subsequent emulator
2764
2689
  // initialization
2765
2690
  this._canInitEmulator = true;
@@ -2770,6 +2695,8 @@ var AuthImpl = /** @class */ (function () {
2770
2695
  this._errorFactory = _DEFAULT_AUTH_ERROR_FACTORY;
2771
2696
  this._agentRecaptchaConfig = null;
2772
2697
  this._tenantRecaptchaConfigs = {};
2698
+ this._projectPasswordPolicy = null;
2699
+ this._tenantPasswordPolicies = {};
2773
2700
  // Tracks the last notified UID for state change listeners to prevent
2774
2701
  // repeated calls to the callbacks. Undefined means it's never been
2775
2702
  // called, whereas null means it's been called with a signed out user
@@ -3099,41 +3026,66 @@ var AuthImpl = /** @class */ (function () {
3099
3026
  });
3100
3027
  }); });
3101
3028
  };
3102
- AuthImpl.prototype.initializeRecaptchaConfig = function () {
3029
+ AuthImpl.prototype._getRecaptchaConfig = function () {
3030
+ if (this.tenantId == null) {
3031
+ return this._agentRecaptchaConfig;
3032
+ }
3033
+ else {
3034
+ return this._tenantRecaptchaConfigs[this.tenantId];
3035
+ }
3036
+ };
3037
+ AuthImpl.prototype.validatePassword = function (password) {
3103
3038
  return __awaiter(this, void 0, void 0, function () {
3104
- var response, config, verifier;
3039
+ var passwordPolicy;
3105
3040
  return __generator(this, function (_a) {
3106
3041
  switch (_a.label) {
3107
- case 0: return [4 /*yield*/, getRecaptchaConfig(this, {
3108
- clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */,
3109
- version: "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
3110
- })];
3042
+ case 0:
3043
+ if (!!this._getPasswordPolicyInternal()) return [3 /*break*/, 2];
3044
+ return [4 /*yield*/, this._updatePasswordPolicy()];
3111
3045
  case 1:
3112
- response = _a.sent();
3113
- config = new RecaptchaConfig(response);
3114
- if (this.tenantId == null) {
3115
- this._agentRecaptchaConfig = config;
3116
- }
3117
- else {
3118
- this._tenantRecaptchaConfigs[this.tenantId] = config;
3119
- }
3120
- if (config.emailPasswordEnabled) {
3121
- verifier = new RecaptchaEnterpriseVerifier(this);
3122
- void verifier.verify();
3046
+ _a.sent();
3047
+ _a.label = 2;
3048
+ case 2:
3049
+ passwordPolicy = this._getPasswordPolicyInternal();
3050
+ // Check that the policy schema version is supported by the SDK.
3051
+ // TODO: Update this logic to use a max supported policy schema version once we have multiple schema versions.
3052
+ if (passwordPolicy.schemaVersion !==
3053
+ this.EXPECTED_PASSWORD_POLICY_SCHEMA_VERSION) {
3054
+ return [2 /*return*/, Promise.reject(this._errorFactory.create("unsupported-password-policy-schema-version" /* AuthErrorCode.UNSUPPORTED_PASSWORD_POLICY_SCHEMA_VERSION */, {}))];
3123
3055
  }
3124
- return [2 /*return*/];
3056
+ return [2 /*return*/, passwordPolicy.validatePassword(password)];
3125
3057
  }
3126
3058
  });
3127
3059
  });
3128
3060
  };
3129
- AuthImpl.prototype._getRecaptchaConfig = function () {
3130
- if (this.tenantId == null) {
3131
- return this._agentRecaptchaConfig;
3061
+ AuthImpl.prototype._getPasswordPolicyInternal = function () {
3062
+ if (this.tenantId === null) {
3063
+ return this._projectPasswordPolicy;
3132
3064
  }
3133
3065
  else {
3134
- return this._tenantRecaptchaConfigs[this.tenantId];
3066
+ return this._tenantPasswordPolicies[this.tenantId];
3135
3067
  }
3136
3068
  };
3069
+ AuthImpl.prototype._updatePasswordPolicy = function () {
3070
+ return __awaiter(this, void 0, void 0, function () {
3071
+ var response, passwordPolicy;
3072
+ return __generator(this, function (_a) {
3073
+ switch (_a.label) {
3074
+ case 0: return [4 /*yield*/, _getPasswordPolicy(this)];
3075
+ case 1:
3076
+ response = _a.sent();
3077
+ passwordPolicy = new PasswordPolicyImpl(response);
3078
+ if (this.tenantId === null) {
3079
+ this._projectPasswordPolicy = passwordPolicy;
3080
+ }
3081
+ else {
3082
+ this._tenantPasswordPolicies[this.tenantId] = passwordPolicy;
3083
+ }
3084
+ return [2 /*return*/];
3085
+ }
3086
+ });
3087
+ });
3088
+ };
3137
3089
  AuthImpl.prototype._getPersistence = function () {
3138
3090
  return this.assertedPersistence.persistence.type;
3139
3091
  };
@@ -4469,160 +4421,450 @@ var IndexedDBLocalPersistence = /** @class */ (function () {
4469
4421
  });
4470
4422
  });
4471
4423
  };
4472
- IndexedDBLocalPersistence.prototype.notifyListeners = function (key, newValue) {
4473
- this.localCache[key] = newValue;
4474
- var listeners = this.listeners[key];
4475
- if (listeners) {
4476
- for (var _i = 0, _a = Array.from(listeners); _i < _a.length; _i++) {
4477
- var listener = _a[_i];
4478
- listener(newValue);
4424
+ IndexedDBLocalPersistence.prototype.notifyListeners = function (key, newValue) {
4425
+ this.localCache[key] = newValue;
4426
+ var listeners = this.listeners[key];
4427
+ if (listeners) {
4428
+ for (var _i = 0, _a = Array.from(listeners); _i < _a.length; _i++) {
4429
+ var listener = _a[_i];
4430
+ listener(newValue);
4431
+ }
4432
+ }
4433
+ };
4434
+ IndexedDBLocalPersistence.prototype.startPolling = function () {
4435
+ var _this = this;
4436
+ this.stopPolling();
4437
+ this.pollTimer = setInterval(function () { return __awaiter(_this, void 0, void 0, function () { return __generator(this, function (_a) {
4438
+ return [2 /*return*/, this._poll()];
4439
+ }); }); }, _POLLING_INTERVAL_MS);
4440
+ };
4441
+ IndexedDBLocalPersistence.prototype.stopPolling = function () {
4442
+ if (this.pollTimer) {
4443
+ clearInterval(this.pollTimer);
4444
+ this.pollTimer = null;
4445
+ }
4446
+ };
4447
+ IndexedDBLocalPersistence.prototype._addListener = function (key, listener) {
4448
+ if (Object.keys(this.listeners).length === 0) {
4449
+ this.startPolling();
4450
+ }
4451
+ if (!this.listeners[key]) {
4452
+ this.listeners[key] = new Set();
4453
+ // Populate the cache to avoid spuriously triggering on first poll.
4454
+ void this._get(key); // This can happen in the background async and we can return immediately.
4455
+ }
4456
+ this.listeners[key].add(listener);
4457
+ };
4458
+ IndexedDBLocalPersistence.prototype._removeListener = function (key, listener) {
4459
+ if (this.listeners[key]) {
4460
+ this.listeners[key].delete(listener);
4461
+ if (this.listeners[key].size === 0) {
4462
+ delete this.listeners[key];
4463
+ }
4464
+ }
4465
+ if (Object.keys(this.listeners).length === 0) {
4466
+ this.stopPolling();
4467
+ }
4468
+ };
4469
+ IndexedDBLocalPersistence.type = 'LOCAL';
4470
+ return IndexedDBLocalPersistence;
4471
+ }());
4472
+ /**
4473
+ * An implementation of {@link Persistence} of type `LOCAL` using `indexedDB`
4474
+ * for the underlying storage.
4475
+ *
4476
+ * @public
4477
+ */
4478
+ var indexedDBLocalPersistence = IndexedDBLocalPersistence;
4479
+
4480
+ /**
4481
+ * @license
4482
+ * Copyright 2021 Google LLC
4483
+ *
4484
+ * Licensed under the Apache License, Version 2.0 (the "License");
4485
+ * you may not use this file except in compliance with the License.
4486
+ * You may obtain a copy of the License at
4487
+ *
4488
+ * http://www.apache.org/licenses/LICENSE-2.0
4489
+ *
4490
+ * Unless required by applicable law or agreed to in writing, software
4491
+ * distributed under the License is distributed on an "AS IS" BASIS,
4492
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
4493
+ * See the License for the specific language governing permissions and
4494
+ * limitations under the License.
4495
+ */
4496
+ /**
4497
+ * An enum of factors that may be used for multifactor authentication.
4498
+ *
4499
+ * @public
4500
+ */
4501
+ var FactorId = {
4502
+ /** Phone as second factor */
4503
+ PHONE: 'phone',
4504
+ TOTP: 'totp'
4505
+ };
4506
+ /**
4507
+ * Enumeration of supported providers.
4508
+ *
4509
+ * @public
4510
+ */
4511
+ var ProviderId = {
4512
+ /** Facebook provider ID */
4513
+ FACEBOOK: 'facebook.com',
4514
+ /** GitHub provider ID */
4515
+ GITHUB: 'github.com',
4516
+ /** Google provider ID */
4517
+ GOOGLE: 'google.com',
4518
+ /** Password provider */
4519
+ PASSWORD: 'password',
4520
+ /** Phone provider */
4521
+ PHONE: 'phone',
4522
+ /** Twitter provider ID */
4523
+ TWITTER: 'twitter.com'
4524
+ };
4525
+ /**
4526
+ * Enumeration of supported sign-in methods.
4527
+ *
4528
+ * @public
4529
+ */
4530
+ var SignInMethod = {
4531
+ /** Email link sign in method */
4532
+ EMAIL_LINK: 'emailLink',
4533
+ /** Email/password sign in method */
4534
+ EMAIL_PASSWORD: 'password',
4535
+ /** Facebook sign in method */
4536
+ FACEBOOK: 'facebook.com',
4537
+ /** GitHub sign in method */
4538
+ GITHUB: 'github.com',
4539
+ /** Google sign in method */
4540
+ GOOGLE: 'google.com',
4541
+ /** Phone sign in method */
4542
+ PHONE: 'phone',
4543
+ /** Twitter sign in method */
4544
+ TWITTER: 'twitter.com'
4545
+ };
4546
+ /**
4547
+ * Enumeration of supported operation types.
4548
+ *
4549
+ * @public
4550
+ */
4551
+ var OperationType = {
4552
+ /** Operation involving linking an additional provider to an already signed-in user. */
4553
+ LINK: 'link',
4554
+ /** Operation involving using a provider to reauthenticate an already signed-in user. */
4555
+ REAUTHENTICATE: 'reauthenticate',
4556
+ /** Operation involving signing in a user. */
4557
+ SIGN_IN: 'signIn'
4558
+ };
4559
+ /**
4560
+ * An enumeration of the possible email action types.
4561
+ *
4562
+ * @public
4563
+ */
4564
+ var ActionCodeOperation = {
4565
+ /** The email link sign-in action. */
4566
+ EMAIL_SIGNIN: 'EMAIL_SIGNIN',
4567
+ /** The password reset action. */
4568
+ PASSWORD_RESET: 'PASSWORD_RESET',
4569
+ /** The email revocation action. */
4570
+ RECOVER_EMAIL: 'RECOVER_EMAIL',
4571
+ /** The revert second factor addition email action. */
4572
+ REVERT_SECOND_FACTOR_ADDITION: 'REVERT_SECOND_FACTOR_ADDITION',
4573
+ /** The revert second factor addition email action. */
4574
+ VERIFY_AND_CHANGE_EMAIL: 'VERIFY_AND_CHANGE_EMAIL',
4575
+ /** The email verification action. */
4576
+ VERIFY_EMAIL: 'VERIFY_EMAIL'
4577
+ };
4578
+
4579
+ /**
4580
+ * @license
4581
+ * Copyright 2020 Google LLC
4582
+ *
4583
+ * Licensed under the Apache License, Version 2.0 (the "License");
4584
+ * you may not use this file except in compliance with the License.
4585
+ * You may obtain a copy of the License at
4586
+ *
4587
+ * http://www.apache.org/licenses/LICENSE-2.0
4588
+ *
4589
+ * Unless required by applicable law or agreed to in writing, software
4590
+ * distributed under the License is distributed on an "AS IS" BASIS,
4591
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
4592
+ * See the License for the specific language governing permissions and
4593
+ * limitations under the License.
4594
+ */
4595
+ function isEnterprise(grecaptcha) {
4596
+ return (grecaptcha !== undefined &&
4597
+ grecaptcha.enterprise !== undefined);
4598
+ }
4599
+ var RecaptchaConfig = /** @class */ (function () {
4600
+ function RecaptchaConfig(response) {
4601
+ /**
4602
+ * The reCAPTCHA site key.
4603
+ */
4604
+ this.siteKey = '';
4605
+ /**
4606
+ * The reCAPTCHA enablement status of the {@link EmailAuthProvider} for the current tenant.
4607
+ */
4608
+ this.emailPasswordEnabled = false;
4609
+ if (response.recaptchaKey === undefined) {
4610
+ throw new Error('recaptchaKey undefined');
4611
+ }
4612
+ // Example response.recaptchaKey: "projects/proj123/keys/sitekey123"
4613
+ this.siteKey = response.recaptchaKey.split('/')[3];
4614
+ this.emailPasswordEnabled = response.recaptchaEnforcementState.some(function (enforcementState) {
4615
+ return enforcementState.provider === 'EMAIL_PASSWORD_PROVIDER' &&
4616
+ enforcementState.enforcementState !== 'OFF';
4617
+ });
4618
+ }
4619
+ return RecaptchaConfig;
4620
+ }());
4621
+
4622
+ /**
4623
+ * @license
4624
+ * Copyright 2020 Google LLC
4625
+ *
4626
+ * Licensed under the Apache License, Version 2.0 (the "License");
4627
+ * you may not use this file except in compliance with the License.
4628
+ * You may obtain a copy of the License at
4629
+ *
4630
+ * http://www.apache.org/licenses/LICENSE-2.0
4631
+ *
4632
+ * Unless required by applicable law or agreed to in writing, software
4633
+ * distributed under the License is distributed on an "AS IS" BASIS,
4634
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
4635
+ * See the License for the specific language governing permissions and
4636
+ * limitations under the License.
4637
+ */
4638
+ function getRecaptchaConfig(auth, request) {
4639
+ return __awaiter(this, void 0, void 0, function () {
4640
+ return __generator(this, function (_a) {
4641
+ return [2 /*return*/, _performApiRequest(auth, "GET" /* HttpMethod.GET */, "/v2/recaptchaConfig" /* Endpoint.GET_RECAPTCHA_CONFIG */, _addTidIfNecessary(auth, request))];
4642
+ });
4643
+ });
4644
+ }
4645
+
4646
+ /**
4647
+ * @license
4648
+ * Copyright 2020 Google LLC
4649
+ *
4650
+ * Licensed under the Apache License, Version 2.0 (the "License");
4651
+ * you may not use this file except in compliance with the License.
4652
+ * You may obtain a copy of the License at
4653
+ *
4654
+ * http://www.apache.org/licenses/LICENSE-2.0
4655
+ *
4656
+ * Unless required by applicable law or agreed to in writing, software
4657
+ * distributed under the License is distributed on an "AS IS" BASIS,
4658
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
4659
+ * See the License for the specific language governing permissions and
4660
+ * limitations under the License.
4661
+ */
4662
+ function getScriptParentElement() {
4663
+ var _a, _b;
4664
+ return (_b = (_a = document.getElementsByTagName('head')) === null || _a === void 0 ? void 0 : _a[0]) !== null && _b !== void 0 ? _b : document;
4665
+ }
4666
+ function _loadJS(url) {
4667
+ // TODO: consider adding timeout support & cancellation
4668
+ return new Promise(function (resolve, reject) {
4669
+ var el = document.createElement('script');
4670
+ el.setAttribute('src', url);
4671
+ el.onload = resolve;
4672
+ el.onerror = function (e) {
4673
+ var error = _createError("internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
4674
+ error.customData = e;
4675
+ reject(error);
4676
+ };
4677
+ el.type = 'text/javascript';
4678
+ el.charset = 'UTF-8';
4679
+ getScriptParentElement().appendChild(el);
4680
+ });
4681
+ }
4682
+
4683
+ /* eslint-disable @typescript-eslint/no-require-imports */
4684
+ var RECAPTCHA_ENTERPRISE_URL = 'https://www.google.com/recaptcha/enterprise.js?render=';
4685
+ var RECAPTCHA_ENTERPRISE_VERIFIER_TYPE = 'recaptcha-enterprise';
4686
+ var FAKE_TOKEN = 'NO_RECAPTCHA';
4687
+ var RecaptchaEnterpriseVerifier = /** @class */ (function () {
4688
+ /**
4689
+ *
4690
+ * @param authExtern - The corresponding Firebase {@link Auth} instance.
4691
+ *
4692
+ */
4693
+ function RecaptchaEnterpriseVerifier(authExtern) {
4694
+ /**
4695
+ * Identifies the type of application verifier (e.g. "recaptcha-enterprise").
4696
+ */
4697
+ this.type = RECAPTCHA_ENTERPRISE_VERIFIER_TYPE;
4698
+ this.auth = _castAuth(authExtern);
4699
+ }
4700
+ /**
4701
+ * Executes the verification process.
4702
+ *
4703
+ * @returns A Promise for a token that can be used to assert the validity of a request.
4704
+ */
4705
+ RecaptchaEnterpriseVerifier.prototype.verify = function (action, forceRefresh) {
4706
+ if (action === void 0) { action = 'verify'; }
4707
+ if (forceRefresh === void 0) { forceRefresh = false; }
4708
+ return __awaiter(this, void 0, void 0, function () {
4709
+ function retrieveSiteKey(auth) {
4710
+ return __awaiter(this, void 0, void 0, function () {
4711
+ var _this = this;
4712
+ return __generator(this, function (_a) {
4713
+ if (!forceRefresh) {
4714
+ if (auth.tenantId == null && auth._agentRecaptchaConfig != null) {
4715
+ return [2 /*return*/, auth._agentRecaptchaConfig.siteKey];
4716
+ }
4717
+ if (auth.tenantId != null &&
4718
+ auth._tenantRecaptchaConfigs[auth.tenantId] !== undefined) {
4719
+ return [2 /*return*/, auth._tenantRecaptchaConfigs[auth.tenantId].siteKey];
4720
+ }
4721
+ }
4722
+ return [2 /*return*/, new Promise(function (resolve, reject) { return __awaiter(_this, void 0, void 0, function () {
4723
+ return __generator(this, function (_a) {
4724
+ getRecaptchaConfig(auth, {
4725
+ clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */,
4726
+ version: "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
4727
+ })
4728
+ .then(function (response) {
4729
+ if (response.recaptchaKey === undefined) {
4730
+ reject(new Error('recaptcha Enterprise site key undefined'));
4731
+ }
4732
+ else {
4733
+ var config = new RecaptchaConfig(response);
4734
+ if (auth.tenantId == null) {
4735
+ auth._agentRecaptchaConfig = config;
4736
+ }
4737
+ else {
4738
+ auth._tenantRecaptchaConfigs[auth.tenantId] = config;
4739
+ }
4740
+ return resolve(config.siteKey);
4741
+ }
4742
+ })
4743
+ .catch(function (error) {
4744
+ reject(error);
4745
+ });
4746
+ return [2 /*return*/];
4747
+ });
4748
+ }); })];
4749
+ });
4750
+ });
4751
+ }
4752
+ function retrieveRecaptchaToken(siteKey, resolve, reject) {
4753
+ var grecaptcha = window.grecaptcha;
4754
+ if (isEnterprise(grecaptcha)) {
4755
+ grecaptcha.enterprise.ready(function () {
4756
+ grecaptcha.enterprise
4757
+ .execute(siteKey, { action: action })
4758
+ .then(function (token) {
4759
+ resolve(token);
4760
+ })
4761
+ .catch(function () {
4762
+ resolve(FAKE_TOKEN);
4763
+ });
4764
+ });
4765
+ }
4766
+ else {
4767
+ reject(Error('No reCAPTCHA enterprise script loaded.'));
4768
+ }
4769
+ }
4770
+ var _this = this;
4771
+ return __generator(this, function (_a) {
4772
+ return [2 /*return*/, new Promise(function (resolve, reject) {
4773
+ retrieveSiteKey(_this.auth)
4774
+ .then(function (siteKey) {
4775
+ if (!forceRefresh && isEnterprise(window.grecaptcha)) {
4776
+ retrieveRecaptchaToken(siteKey, resolve, reject);
4777
+ }
4778
+ else {
4779
+ if (typeof window === 'undefined') {
4780
+ reject(new Error('RecaptchaVerifier is only supported in browser'));
4781
+ return;
4782
+ }
4783
+ _loadJS(RECAPTCHA_ENTERPRISE_URL + siteKey)
4784
+ .then(function () {
4785
+ retrieveRecaptchaToken(siteKey, resolve, reject);
4786
+ })
4787
+ .catch(function (error) {
4788
+ reject(error);
4789
+ });
4790
+ }
4791
+ })
4792
+ .catch(function (error) {
4793
+ reject(error);
4794
+ });
4795
+ })];
4796
+ });
4797
+ });
4798
+ };
4799
+ return RecaptchaEnterpriseVerifier;
4800
+ }());
4801
+ function injectRecaptchaFields(auth, request, action, captchaResp) {
4802
+ if (captchaResp === void 0) { captchaResp = false; }
4803
+ return __awaiter(this, void 0, void 0, function () {
4804
+ var verifier, captchaResponse, newRequest;
4805
+ return __generator(this, function (_a) {
4806
+ switch (_a.label) {
4807
+ case 0:
4808
+ verifier = new RecaptchaEnterpriseVerifier(auth);
4809
+ _a.label = 1;
4810
+ case 1:
4811
+ _a.trys.push([1, 3, , 5]);
4812
+ return [4 /*yield*/, verifier.verify(action)];
4813
+ case 2:
4814
+ captchaResponse = _a.sent();
4815
+ return [3 /*break*/, 5];
4816
+ case 3:
4817
+ _a.sent();
4818
+ return [4 /*yield*/, verifier.verify(action, true)];
4819
+ case 4:
4820
+ captchaResponse = _a.sent();
4821
+ return [3 /*break*/, 5];
4822
+ case 5:
4823
+ newRequest = __assign({}, request);
4824
+ if (!captchaResp) {
4825
+ Object.assign(newRequest, { captchaResponse: captchaResponse });
4826
+ }
4827
+ else {
4828
+ Object.assign(newRequest, { 'captchaResp': captchaResponse });
4829
+ }
4830
+ Object.assign(newRequest, { 'clientType': "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */ });
4831
+ Object.assign(newRequest, {
4832
+ 'recaptchaVersion': "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
4833
+ });
4834
+ return [2 /*return*/, newRequest];
4479
4835
  }
4480
- }
4481
- };
4482
- IndexedDBLocalPersistence.prototype.startPolling = function () {
4483
- var _this = this;
4484
- this.stopPolling();
4485
- this.pollTimer = setInterval(function () { return __awaiter(_this, void 0, void 0, function () { return __generator(this, function (_a) {
4486
- return [2 /*return*/, this._poll()];
4487
- }); }); }, _POLLING_INTERVAL_MS);
4488
- };
4489
- IndexedDBLocalPersistence.prototype.stopPolling = function () {
4490
- if (this.pollTimer) {
4491
- clearInterval(this.pollTimer);
4492
- this.pollTimer = null;
4493
- }
4494
- };
4495
- IndexedDBLocalPersistence.prototype._addListener = function (key, listener) {
4496
- if (Object.keys(this.listeners).length === 0) {
4497
- this.startPolling();
4498
- }
4499
- if (!this.listeners[key]) {
4500
- this.listeners[key] = new Set();
4501
- // Populate the cache to avoid spuriously triggering on first poll.
4502
- void this._get(key); // This can happen in the background async and we can return immediately.
4503
- }
4504
- this.listeners[key].add(listener);
4505
- };
4506
- IndexedDBLocalPersistence.prototype._removeListener = function (key, listener) {
4507
- if (this.listeners[key]) {
4508
- this.listeners[key].delete(listener);
4509
- if (this.listeners[key].size === 0) {
4510
- delete this.listeners[key];
4836
+ });
4837
+ });
4838
+ }
4839
+ function _initializeRecaptchaConfig(auth) {
4840
+ return __awaiter(this, void 0, void 0, function () {
4841
+ var authInternal, response, config, verifier;
4842
+ return __generator(this, function (_a) {
4843
+ switch (_a.label) {
4844
+ case 0:
4845
+ authInternal = _castAuth(auth);
4846
+ return [4 /*yield*/, getRecaptchaConfig(authInternal, {
4847
+ clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */,
4848
+ version: "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
4849
+ })];
4850
+ case 1:
4851
+ response = _a.sent();
4852
+ config = new RecaptchaConfig(response);
4853
+ if (authInternal.tenantId == null) {
4854
+ authInternal._agentRecaptchaConfig = config;
4855
+ }
4856
+ else {
4857
+ authInternal._tenantRecaptchaConfigs[authInternal.tenantId] = config;
4858
+ }
4859
+ if (config.emailPasswordEnabled) {
4860
+ verifier = new RecaptchaEnterpriseVerifier(authInternal);
4861
+ void verifier.verify();
4862
+ }
4863
+ return [2 /*return*/];
4511
4864
  }
4512
- }
4513
- if (Object.keys(this.listeners).length === 0) {
4514
- this.stopPolling();
4515
- }
4516
- };
4517
- IndexedDBLocalPersistence.type = 'LOCAL';
4518
- return IndexedDBLocalPersistence;
4519
- }());
4520
- /**
4521
- * An implementation of {@link Persistence} of type `LOCAL` using `indexedDB`
4522
- * for the underlying storage.
4523
- *
4524
- * @public
4525
- */
4526
- var indexedDBLocalPersistence = IndexedDBLocalPersistence;
4527
-
4528
- /**
4529
- * @license
4530
- * Copyright 2021 Google LLC
4531
- *
4532
- * Licensed under the Apache License, Version 2.0 (the "License");
4533
- * you may not use this file except in compliance with the License.
4534
- * You may obtain a copy of the License at
4535
- *
4536
- * http://www.apache.org/licenses/LICENSE-2.0
4537
- *
4538
- * Unless required by applicable law or agreed to in writing, software
4539
- * distributed under the License is distributed on an "AS IS" BASIS,
4540
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
4541
- * See the License for the specific language governing permissions and
4542
- * limitations under the License.
4543
- */
4544
- /**
4545
- * An enum of factors that may be used for multifactor authentication.
4546
- *
4547
- * @public
4548
- */
4549
- var FactorId = {
4550
- /** Phone as second factor */
4551
- PHONE: 'phone',
4552
- TOTP: 'totp'
4553
- };
4554
- /**
4555
- * Enumeration of supported providers.
4556
- *
4557
- * @public
4558
- */
4559
- var ProviderId = {
4560
- /** Facebook provider ID */
4561
- FACEBOOK: 'facebook.com',
4562
- /** GitHub provider ID */
4563
- GITHUB: 'github.com',
4564
- /** Google provider ID */
4565
- GOOGLE: 'google.com',
4566
- /** Password provider */
4567
- PASSWORD: 'password',
4568
- /** Phone provider */
4569
- PHONE: 'phone',
4570
- /** Twitter provider ID */
4571
- TWITTER: 'twitter.com'
4572
- };
4573
- /**
4574
- * Enumeration of supported sign-in methods.
4575
- *
4576
- * @public
4577
- */
4578
- var SignInMethod = {
4579
- /** Email link sign in method */
4580
- EMAIL_LINK: 'emailLink',
4581
- /** Email/password sign in method */
4582
- EMAIL_PASSWORD: 'password',
4583
- /** Facebook sign in method */
4584
- FACEBOOK: 'facebook.com',
4585
- /** GitHub sign in method */
4586
- GITHUB: 'github.com',
4587
- /** Google sign in method */
4588
- GOOGLE: 'google.com',
4589
- /** Phone sign in method */
4590
- PHONE: 'phone',
4591
- /** Twitter sign in method */
4592
- TWITTER: 'twitter.com'
4593
- };
4594
- /**
4595
- * Enumeration of supported operation types.
4596
- *
4597
- * @public
4598
- */
4599
- var OperationType = {
4600
- /** Operation involving linking an additional provider to an already signed-in user. */
4601
- LINK: 'link',
4602
- /** Operation involving using a provider to reauthenticate an already signed-in user. */
4603
- REAUTHENTICATE: 'reauthenticate',
4604
- /** Operation involving signing in a user. */
4605
- SIGN_IN: 'signIn'
4606
- };
4607
- /**
4608
- * An enumeration of the possible email action types.
4609
- *
4610
- * @public
4611
- */
4612
- var ActionCodeOperation = {
4613
- /** The email link sign-in action. */
4614
- EMAIL_SIGNIN: 'EMAIL_SIGNIN',
4615
- /** The password reset action. */
4616
- PASSWORD_RESET: 'PASSWORD_RESET',
4617
- /** The email revocation action. */
4618
- RECOVER_EMAIL: 'RECOVER_EMAIL',
4619
- /** The revert second factor addition email action. */
4620
- REVERT_SECOND_FACTOR_ADDITION: 'REVERT_SECOND_FACTOR_ADDITION',
4621
- /** The revert second factor addition email action. */
4622
- VERIFY_AND_CHANGE_EMAIL: 'VERIFY_AND_CHANGE_EMAIL',
4623
- /** The email verification action. */
4624
- VERIFY_EMAIL: 'VERIFY_EMAIL'
4625
- };
4865
+ });
4866
+ });
4867
+ }
4626
4868
 
4627
4869
  /**
4628
4870
  * Changes the {@link Auth} instance to communicate with the Firebase Auth Emulator, instead of production
@@ -7207,6 +7449,36 @@ function _setActionCodeSettingsOnRequest(auth, request, actionCodeSettings) {
7207
7449
  * See the License for the specific language governing permissions and
7208
7450
  * limitations under the License.
7209
7451
  */
7452
+ /**
7453
+ * Updates the password policy cached in the {@link Auth} instance if a policy is already
7454
+ * cached for the project or tenant.
7455
+ *
7456
+ * @remarks
7457
+ * We only fetch the password policy if the password did not meet policy requirements and
7458
+ * there is an existing policy cached. A developer must call validatePassword at least
7459
+ * once for the cache to be automatically updated.
7460
+ *
7461
+ * @param auth - The {@link Auth} instance.
7462
+ *
7463
+ * @private
7464
+ */
7465
+ function recachePasswordPolicy(auth) {
7466
+ return __awaiter(this, void 0, void 0, function () {
7467
+ var authInternal;
7468
+ return __generator(this, function (_a) {
7469
+ switch (_a.label) {
7470
+ case 0:
7471
+ authInternal = _castAuth(auth);
7472
+ if (!authInternal._getPasswordPolicyInternal()) return [3 /*break*/, 2];
7473
+ return [4 /*yield*/, authInternal._updatePasswordPolicy()];
7474
+ case 1:
7475
+ _a.sent();
7476
+ _a.label = 2;
7477
+ case 2: return [2 /*return*/];
7478
+ }
7479
+ });
7480
+ });
7481
+ }
7210
7482
  /**
7211
7483
  * Sends a password reset email to the given email address.
7212
7484
  *
@@ -7310,12 +7582,22 @@ function sendPasswordResetEmail(auth, email, actionCodeSettings) {
7310
7582
  */
7311
7583
  function confirmPasswordReset(auth, oobCode, newPassword) {
7312
7584
  return __awaiter(this, void 0, void 0, function () {
7585
+ var _this = this;
7313
7586
  return __generator(this, function (_a) {
7314
7587
  switch (_a.label) {
7315
7588
  case 0: return [4 /*yield*/, resetPassword(getModularInstance(auth), {
7316
7589
  oobCode: oobCode,
7317
7590
  newPassword: newPassword
7318
- })];
7591
+ })
7592
+ .catch(function (error) { return __awaiter(_this, void 0, void 0, function () {
7593
+ return __generator(this, function (_a) {
7594
+ if (error.code ===
7595
+ "auth/".concat("password-does-not-meet-requirements" /* AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */)) {
7596
+ void recachePasswordPolicy(auth);
7597
+ }
7598
+ throw error;
7599
+ });
7600
+ }); })];
7319
7601
  case 1:
7320
7602
  _a.sent();
7321
7603
  return [2 /*return*/];
@@ -7471,13 +7753,16 @@ function createUserWithEmailAndPassword(auth, email, password) {
7471
7753
  case 1:
7472
7754
  requestWithRecaptcha = _a.sent();
7473
7755
  return [2 /*return*/, signUp(authInternal, requestWithRecaptcha)];
7474
- case 2: return [2 /*return*/, Promise.reject(error)];
7756
+ case 2: throw error;
7475
7757
  }
7476
7758
  });
7477
7759
  }); });
7478
7760
  _b.label = 3;
7479
7761
  case 3: return [4 /*yield*/, signUpResponse.catch(function (error) {
7480
- return Promise.reject(error);
7762
+ if (error.code === "auth/".concat("password-does-not-meet-requirements" /* AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */)) {
7763
+ void recachePasswordPolicy(auth);
7764
+ }
7765
+ throw error;
7481
7766
  })];
7482
7767
  case 4:
7483
7768
  response = _b.sent();
@@ -7509,7 +7794,15 @@ function createUserWithEmailAndPassword(auth, email, password) {
7509
7794
  * @public
7510
7795
  */
7511
7796
  function signInWithEmailAndPassword(auth, email, password) {
7512
- return signInWithCredential(getModularInstance(auth), EmailAuthProvider.credential(email, password));
7797
+ var _this = this;
7798
+ return signInWithCredential(getModularInstance(auth), EmailAuthProvider.credential(email, password)).catch(function (error) { return __awaiter(_this, void 0, void 0, function () {
7799
+ return __generator(this, function (_a) {
7800
+ if (error.code === "auth/".concat("password-does-not-meet-requirements" /* AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */)) {
7801
+ void recachePasswordPolicy(auth);
7802
+ }
7803
+ throw error;
7804
+ });
7805
+ }); });
7513
7806
  }
7514
7807
 
7515
7808
  /**
@@ -8247,8 +8540,39 @@ function setPersistence(auth, persistence) {
8247
8540
  * @public
8248
8541
  */
8249
8542
  function initializeRecaptchaConfig(auth) {
8250
- var authInternal = _castAuth(auth);
8251
- return authInternal.initializeRecaptchaConfig();
8543
+ return _initializeRecaptchaConfig(auth);
8544
+ }
8545
+ /**
8546
+ * Validates the password against the password policy configured for the project or tenant.
8547
+ *
8548
+ * @remarks
8549
+ * If no tenant ID is set on the `Auth` instance, then this method will use the password
8550
+ * policy configured for the project. Otherwise, this method will use the policy configured
8551
+ * for the tenant. If a password policy has not been configured, then the default policy
8552
+ * configured for all projects will be used.
8553
+ *
8554
+ * If an auth flow fails because a submitted password does not meet the password policy
8555
+ * requirements and this method has previously been called, then this method will use the
8556
+ * most recent policy available when called again.
8557
+ *
8558
+ * @example
8559
+ * ```javascript
8560
+ * validatePassword(auth, 'some-password');
8561
+ * ```
8562
+ *
8563
+ * @param auth The {@link Auth} instance.
8564
+ * @param password The password to validate.
8565
+ *
8566
+ * @public
8567
+ */
8568
+ function validatePassword(auth, password) {
8569
+ return __awaiter(this, void 0, void 0, function () {
8570
+ var authInternal;
8571
+ return __generator(this, function (_a) {
8572
+ authInternal = _castAuth(auth);
8573
+ return [2 /*return*/, authInternal.validatePassword(password)];
8574
+ });
8575
+ });
8252
8576
  }
8253
8577
  /**
8254
8578
  * Adds an observer for changes to the signed-in user's ID token.
@@ -8691,5 +9015,5 @@ function getAuth(app) {
8691
9015
  return auth;
8692
9016
  }
8693
9017
 
8694
- export { ActionCodeOperation, ActionCodeURL, AuthCredential, AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY as AuthErrorCodes, EmailAuthCredential, EmailAuthProvider, FacebookAuthProvider, FactorId, GithubAuthProvider, GoogleAuthProvider, OAuthCredential, OAuthProvider, OperationType, PhoneAuthCredential, ProviderId, SAMLAuthProvider, SignInMethod, TwitterAuthProvider, applyActionCode, beforeAuthStateChanged, checkActionCode, confirmPasswordReset, connectAuthEmulator, createUserWithEmailAndPassword, debugErrorMap, deleteUser, fetchSignInMethodsForEmail, getAdditionalUserInfo, getAuth, getIdToken, getIdTokenResult, getMultiFactorResolver, inMemoryPersistence, indexedDBLocalPersistence, initializeAuth, initializeRecaptchaConfig, isSignInWithEmailLink, linkWithCredential, multiFactor, onAuthStateChanged, onIdTokenChanged, parseActionCodeURL, prodErrorMap, reauthenticateWithCredential, reload, sendEmailVerification, sendPasswordResetEmail, sendSignInLinkToEmail, setPersistence, signInAnonymously, signInWithCredential, signInWithCustomToken, signInWithEmailAndPassword, signInWithEmailLink, signOut, unlink, updateCurrentUser, updateEmail, updatePassword, updateProfile, useDeviceLanguage, verifyBeforeUpdateEmail, verifyPasswordResetCode };
9018
+ export { ActionCodeOperation, ActionCodeURL, AuthCredential, AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY as AuthErrorCodes, EmailAuthCredential, EmailAuthProvider, FacebookAuthProvider, FactorId, GithubAuthProvider, GoogleAuthProvider, OAuthCredential, OAuthProvider, OperationType, PhoneAuthCredential, ProviderId, SAMLAuthProvider, SignInMethod, TwitterAuthProvider, applyActionCode, beforeAuthStateChanged, checkActionCode, confirmPasswordReset, connectAuthEmulator, createUserWithEmailAndPassword, debugErrorMap, deleteUser, fetchSignInMethodsForEmail, getAdditionalUserInfo, getAuth, getIdToken, getIdTokenResult, getMultiFactorResolver, inMemoryPersistence, indexedDBLocalPersistence, initializeAuth, initializeRecaptchaConfig, isSignInWithEmailLink, linkWithCredential, multiFactor, onAuthStateChanged, onIdTokenChanged, parseActionCodeURL, prodErrorMap, reauthenticateWithCredential, reload, sendEmailVerification, sendPasswordResetEmail, sendSignInLinkToEmail, setPersistence, signInAnonymously, signInWithCredential, signInWithCustomToken, signInWithEmailAndPassword, signInWithEmailLink, signOut, unlink, updateCurrentUser, updateEmail, updatePassword, updateProfile, useDeviceLanguage, validatePassword, verifyBeforeUpdateEmail, verifyPasswordResetCode };
8695
9019
  //# sourceMappingURL=index.webworker.esm5.js.map