@firebase/auth 1.1.0-canary.e037eeed6 → 1.1.0-canary.f497a400a
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +28 -1
- package/dist/auth-public.d.ts +119 -0
- package/dist/auth.d.ts +179 -2
- package/dist/browser-cjs/{index-1a2a2779.js → index-316b8221.js} +548 -274
- package/dist/browser-cjs/index-316b8221.js.map +1 -0
- package/dist/browser-cjs/index.js +3 -2
- package/dist/browser-cjs/index.js.map +1 -1
- package/dist/browser-cjs/internal.js +3 -2
- package/dist/browser-cjs/internal.js.map +1 -1
- package/dist/browser-cjs/src/api/errors.d.ts +2 -1
- package/dist/browser-cjs/src/api/index.d.ts +2 -1
- package/dist/browser-cjs/src/api/password_policy/get_password_policy.d.ts +48 -0
- package/dist/browser-cjs/src/api/password_policy/get_password_policy.test.d.ts +17 -0
- package/dist/browser-cjs/src/core/auth/auth_impl.d.ts +8 -2
- package/dist/browser-cjs/src/core/auth/password_policy_impl.d.ts +59 -0
- package/dist/browser-cjs/src/core/auth/password_policy_impl.test.d.ts +17 -0
- package/dist/browser-cjs/src/core/errors.d.ts +3 -1
- package/dist/browser-cjs/src/core/index.d.ts +25 -1
- package/dist/browser-cjs/src/model/auth.d.ts +7 -2
- package/dist/browser-cjs/src/model/password_policy.d.ts +111 -0
- package/dist/browser-cjs/src/model/public_types.d.ts +88 -0
- package/dist/browser-cjs/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
- package/dist/browser-cjs/src/platform_node/index.d.ts +1 -0
- package/dist/browser-cjs/test/helpers/integration/helpers.d.ts +6 -0
- package/dist/browser-cjs/test/integration/flows/password_policy.test.d.ts +17 -0
- package/dist/cordova/index.js +2 -2
- package/dist/cordova/internal.js +2 -2
- package/dist/cordova/{popup_redirect-8599967b.js → popup_redirect-2410e07a.js} +737 -413
- package/dist/cordova/popup_redirect-2410e07a.js.map +1 -0
- package/dist/cordova/src/api/errors.d.ts +2 -1
- package/dist/cordova/src/api/index.d.ts +2 -1
- package/dist/cordova/src/api/password_policy/get_password_policy.d.ts +48 -0
- package/dist/cordova/src/api/password_policy/get_password_policy.test.d.ts +17 -0
- package/dist/cordova/src/core/auth/auth_impl.d.ts +8 -2
- package/dist/cordova/src/core/auth/password_policy_impl.d.ts +59 -0
- package/dist/cordova/src/core/auth/password_policy_impl.test.d.ts +17 -0
- package/dist/cordova/src/core/errors.d.ts +3 -1
- package/dist/cordova/src/core/index.d.ts +25 -1
- package/dist/cordova/src/model/auth.d.ts +7 -2
- package/dist/cordova/src/model/password_policy.d.ts +111 -0
- package/dist/cordova/src/model/public_types.d.ts +88 -0
- package/dist/cordova/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
- package/dist/cordova/src/platform_node/index.d.ts +1 -0
- package/dist/cordova/test/helpers/integration/helpers.d.ts +6 -0
- package/dist/cordova/test/integration/flows/password_policy.test.d.ts +17 -0
- package/dist/esm2017/{index-f8a66098.js → index-9be3d514.js} +548 -275
- package/dist/esm2017/index-9be3d514.js.map +1 -0
- package/dist/esm2017/index.js +2 -2
- package/dist/esm2017/internal.js +3 -3
- package/dist/esm2017/src/api/errors.d.ts +2 -1
- package/dist/esm2017/src/api/index.d.ts +2 -1
- package/dist/esm2017/src/api/password_policy/get_password_policy.d.ts +48 -0
- package/dist/esm2017/src/api/password_policy/get_password_policy.test.d.ts +17 -0
- package/dist/esm2017/src/core/auth/auth_impl.d.ts +8 -2
- package/dist/esm2017/src/core/auth/password_policy_impl.d.ts +59 -0
- package/dist/esm2017/src/core/auth/password_policy_impl.test.d.ts +17 -0
- package/dist/esm2017/src/core/errors.d.ts +3 -1
- package/dist/esm2017/src/core/index.d.ts +25 -1
- package/dist/esm2017/src/model/auth.d.ts +7 -2
- package/dist/esm2017/src/model/password_policy.d.ts +111 -0
- package/dist/esm2017/src/model/public_types.d.ts +88 -0
- package/dist/esm2017/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
- package/dist/esm2017/src/platform_node/index.d.ts +1 -0
- package/dist/esm2017/test/helpers/integration/helpers.d.ts +6 -0
- package/dist/esm2017/test/integration/flows/password_policy.test.d.ts +17 -0
- package/dist/esm5/{index-fdb9efbb.js → index-4ab2fcdf.js} +737 -413
- package/dist/esm5/index-4ab2fcdf.js.map +1 -0
- package/dist/esm5/index.js +1 -1
- package/dist/esm5/internal.js +2 -2
- package/dist/esm5/src/api/errors.d.ts +2 -1
- package/dist/esm5/src/api/index.d.ts +2 -1
- package/dist/esm5/src/api/password_policy/get_password_policy.d.ts +48 -0
- package/dist/esm5/src/api/password_policy/get_password_policy.test.d.ts +17 -0
- package/dist/esm5/src/core/auth/auth_impl.d.ts +8 -2
- package/dist/esm5/src/core/auth/password_policy_impl.d.ts +59 -0
- package/dist/esm5/src/core/auth/password_policy_impl.test.d.ts +17 -0
- package/dist/esm5/src/core/errors.d.ts +3 -1
- package/dist/esm5/src/core/index.d.ts +25 -1
- package/dist/esm5/src/model/auth.d.ts +7 -2
- package/dist/esm5/src/model/password_policy.d.ts +111 -0
- package/dist/esm5/src/model/public_types.d.ts +88 -0
- package/dist/esm5/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
- package/dist/esm5/src/platform_node/index.d.ts +1 -0
- package/dist/esm5/test/helpers/integration/helpers.d.ts +6 -0
- package/dist/esm5/test/integration/flows/password_policy.test.d.ts +17 -0
- package/dist/index.webworker.esm5.js +811 -487
- package/dist/index.webworker.esm5.js.map +1 -1
- package/dist/node/index.js +2 -1
- package/dist/node/index.js.map +1 -1
- package/dist/node/internal.js +2 -1
- package/dist/node/internal.js.map +1 -1
- package/dist/node/src/api/errors.d.ts +2 -1
- package/dist/node/src/api/index.d.ts +2 -1
- package/dist/node/src/api/password_policy/get_password_policy.d.ts +48 -0
- package/dist/node/src/api/password_policy/get_password_policy.test.d.ts +17 -0
- package/dist/node/src/core/auth/auth_impl.d.ts +8 -2
- package/dist/node/src/core/auth/password_policy_impl.d.ts +59 -0
- package/dist/node/src/core/auth/password_policy_impl.test.d.ts +17 -0
- package/dist/node/src/core/errors.d.ts +3 -1
- package/dist/node/src/core/index.d.ts +25 -1
- package/dist/node/src/model/auth.d.ts +7 -2
- package/dist/node/src/model/password_policy.d.ts +111 -0
- package/dist/node/src/model/public_types.d.ts +88 -0
- package/dist/node/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
- package/dist/node/src/platform_node/index.d.ts +1 -0
- package/dist/node/test/helpers/integration/helpers.d.ts +6 -0
- package/dist/node/test/integration/flows/password_policy.test.d.ts +17 -0
- package/dist/node/{totp-7ea0acc9.js → totp-4cc8bac4.js} +700 -375
- package/dist/node/totp-4cc8bac4.js.map +1 -0
- package/dist/node-esm/index.js +1 -1
- package/dist/node-esm/internal.js +2 -2
- package/dist/node-esm/src/api/errors.d.ts +2 -1
- package/dist/node-esm/src/api/index.d.ts +2 -1
- package/dist/node-esm/src/api/password_policy/get_password_policy.d.ts +48 -0
- package/dist/node-esm/src/api/password_policy/get_password_policy.test.d.ts +17 -0
- package/dist/node-esm/src/core/auth/auth_impl.d.ts +8 -2
- package/dist/node-esm/src/core/auth/password_policy_impl.d.ts +59 -0
- package/dist/node-esm/src/core/auth/password_policy_impl.test.d.ts +17 -0
- package/dist/node-esm/src/core/errors.d.ts +3 -1
- package/dist/node-esm/src/core/index.d.ts +25 -1
- package/dist/node-esm/src/model/auth.d.ts +7 -2
- package/dist/node-esm/src/model/password_policy.d.ts +111 -0
- package/dist/node-esm/src/model/public_types.d.ts +88 -0
- package/dist/node-esm/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
- package/dist/node-esm/src/platform_node/index.d.ts +1 -0
- package/dist/node-esm/test/helpers/integration/helpers.d.ts +6 -0
- package/dist/node-esm/test/integration/flows/password_policy.test.d.ts +17 -0
- package/dist/node-esm/{totp-af1856f8.js → totp-79809646.js} +540 -267
- package/dist/node-esm/totp-79809646.js.map +1 -0
- package/dist/rn/index.js +2 -1
- package/dist/rn/index.js.map +1 -1
- package/dist/rn/internal.js +2 -1
- package/dist/rn/internal.js.map +1 -1
- package/dist/rn/{phone-a321ec79.js → phone-87fdb2ba.js} +717 -392
- package/dist/rn/phone-87fdb2ba.js.map +1 -0
- package/dist/rn/src/api/errors.d.ts +2 -1
- package/dist/rn/src/api/index.d.ts +2 -1
- package/dist/rn/src/api/password_policy/get_password_policy.d.ts +48 -0
- package/dist/rn/src/api/password_policy/get_password_policy.test.d.ts +17 -0
- package/dist/rn/src/core/auth/auth_impl.d.ts +8 -2
- package/dist/rn/src/core/auth/password_policy_impl.d.ts +59 -0
- package/dist/rn/src/core/auth/password_policy_impl.test.d.ts +17 -0
- package/dist/rn/src/core/errors.d.ts +3 -1
- package/dist/rn/src/core/index.d.ts +25 -1
- package/dist/rn/src/model/auth.d.ts +7 -2
- package/dist/rn/src/model/password_policy.d.ts +111 -0
- package/dist/rn/src/model/public_types.d.ts +88 -0
- package/dist/rn/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
- package/dist/rn/src/platform_node/index.d.ts +1 -0
- package/dist/rn/test/helpers/integration/helpers.d.ts +6 -0
- package/dist/rn/test/integration/flows/password_policy.test.d.ts +17 -0
- package/dist/src/api/errors.d.ts +2 -1
- package/dist/src/api/index.d.ts +2 -1
- package/dist/src/api/password_policy/get_password_policy.d.ts +48 -0
- package/dist/src/api/password_policy/get_password_policy.test.d.ts +17 -0
- package/dist/src/core/auth/auth_impl.d.ts +8 -2
- package/dist/src/core/auth/password_policy_impl.d.ts +59 -0
- package/dist/src/core/auth/password_policy_impl.test.d.ts +17 -0
- package/dist/src/core/errors.d.ts +3 -1
- package/dist/src/core/index.d.ts +25 -1
- package/dist/src/model/auth.d.ts +7 -2
- package/dist/src/model/password_policy.d.ts +111 -0
- package/dist/src/model/public_types.d.ts +88 -0
- package/dist/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
- package/dist/src/platform_node/index.d.ts +1 -0
- package/dist/test/helpers/integration/helpers.d.ts +6 -0
- package/dist/test/integration/flows/password_policy.test.d.ts +17 -0
- package/package.json +6 -6
- package/dist/browser-cjs/index-1a2a2779.js.map +0 -1
- package/dist/cordova/popup_redirect-8599967b.js.map +0 -1
- package/dist/esm2017/index-f8a66098.js.map +0 -1
- package/dist/esm5/index-fdb9efbb.js.map +0 -1
- package/dist/node/totp-7ea0acc9.js.map +0 -1
- package/dist/node-esm/totp-af1856f8.js.map +0 -1
- package/dist/rn/phone-a321ec79.js.map +0 -1
|
@@ -2,8 +2,8 @@
|
|
|
2
2
|
|
|
3
3
|
var util = require('@firebase/util');
|
|
4
4
|
var app = require('@firebase/app');
|
|
5
|
-
var tslib = require('tslib');
|
|
6
5
|
var logger = require('@firebase/logger');
|
|
6
|
+
var tslib = require('tslib');
|
|
7
7
|
var component = require('@firebase/component');
|
|
8
8
|
|
|
9
9
|
/**
|
|
@@ -105,6 +105,50 @@ const ActionCodeOperation = {
|
|
|
105
105
|
VERIFY_EMAIL: 'VERIFY_EMAIL'
|
|
106
106
|
};
|
|
107
107
|
|
|
108
|
+
/**
|
|
109
|
+
* @license
|
|
110
|
+
* Copyright 2020 Google LLC
|
|
111
|
+
*
|
|
112
|
+
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
113
|
+
* you may not use this file except in compliance with the License.
|
|
114
|
+
* You may obtain a copy of the License at
|
|
115
|
+
*
|
|
116
|
+
* http://www.apache.org/licenses/LICENSE-2.0
|
|
117
|
+
*
|
|
118
|
+
* Unless required by applicable law or agreed to in writing, software
|
|
119
|
+
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
120
|
+
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
121
|
+
* See the License for the specific language governing permissions and
|
|
122
|
+
* limitations under the License.
|
|
123
|
+
*/
|
|
124
|
+
function isV2(grecaptcha) {
|
|
125
|
+
return (grecaptcha !== undefined &&
|
|
126
|
+
grecaptcha.getResponse !== undefined);
|
|
127
|
+
}
|
|
128
|
+
function isEnterprise(grecaptcha) {
|
|
129
|
+
return (grecaptcha !== undefined &&
|
|
130
|
+
grecaptcha.enterprise !== undefined);
|
|
131
|
+
}
|
|
132
|
+
class RecaptchaConfig {
|
|
133
|
+
constructor(response) {
|
|
134
|
+
/**
|
|
135
|
+
* The reCAPTCHA site key.
|
|
136
|
+
*/
|
|
137
|
+
this.siteKey = '';
|
|
138
|
+
/**
|
|
139
|
+
* The reCAPTCHA enablement status of the {@link EmailAuthProvider} for the current tenant.
|
|
140
|
+
*/
|
|
141
|
+
this.emailPasswordEnabled = false;
|
|
142
|
+
if (response.recaptchaKey === undefined) {
|
|
143
|
+
throw new Error('recaptchaKey undefined');
|
|
144
|
+
}
|
|
145
|
+
// Example response.recaptchaKey: "projects/proj123/keys/sitekey123"
|
|
146
|
+
this.siteKey = response.recaptchaKey.split('/')[3];
|
|
147
|
+
this.emailPasswordEnabled = response.recaptchaEnforcementState.some(enforcementState => enforcementState.provider === 'EMAIL_PASSWORD_PROVIDER' &&
|
|
148
|
+
enforcementState.enforcementState !== 'OFF');
|
|
149
|
+
}
|
|
150
|
+
}
|
|
151
|
+
|
|
108
152
|
/**
|
|
109
153
|
* @license
|
|
110
154
|
* Copyright 2020 Google LLC
|
|
@@ -275,7 +319,9 @@ function _debugErrorMap() {
|
|
|
275
319
|
["missing-client-type" /* AuthErrorCode.MISSING_CLIENT_TYPE */]: 'The reCAPTCHA client type is missing when sending request to the backend.',
|
|
276
320
|
["missing-recaptcha-version" /* AuthErrorCode.MISSING_RECAPTCHA_VERSION */]: 'The reCAPTCHA version is missing when sending request to the backend.',
|
|
277
321
|
["invalid-req-type" /* AuthErrorCode.INVALID_REQ_TYPE */]: 'Invalid request parameters.',
|
|
278
|
-
["invalid-recaptcha-version" /* AuthErrorCode.INVALID_RECAPTCHA_VERSION */]: 'The reCAPTCHA version is invalid when sending request to the backend.'
|
|
322
|
+
["invalid-recaptcha-version" /* AuthErrorCode.INVALID_RECAPTCHA_VERSION */]: 'The reCAPTCHA version is invalid when sending request to the backend.',
|
|
323
|
+
["unsupported-password-policy-schema-version" /* AuthErrorCode.UNSUPPORTED_PASSWORD_POLICY_SCHEMA_VERSION */]: 'The password policy received from the backend uses a schema version that is not supported by this version of the Firebase SDK.',
|
|
324
|
+
["password-does-not-meet-requirements" /* AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */]: 'The password does not meet the requirements.'
|
|
279
325
|
};
|
|
280
326
|
}
|
|
281
327
|
function _prodErrorMap() {
|
|
@@ -789,6 +835,7 @@ const SERVER_ERROR_MAP = {
|
|
|
789
835
|
["USER_NOT_FOUND" /* ServerError.USER_NOT_FOUND */]: "user-token-expired" /* AuthErrorCode.TOKEN_EXPIRED */,
|
|
790
836
|
// Other errors.
|
|
791
837
|
["TOO_MANY_ATTEMPTS_TRY_LATER" /* ServerError.TOO_MANY_ATTEMPTS_TRY_LATER */]: "too-many-requests" /* AuthErrorCode.TOO_MANY_ATTEMPTS_TRY_LATER */,
|
|
838
|
+
["PASSWORD_DOES_NOT_MEET_REQUIREMENTS" /* ServerError.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */]: "password-does-not-meet-requirements" /* AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */,
|
|
792
839
|
// Phone Auth related errors.
|
|
793
840
|
["INVALID_CODE" /* ServerError.INVALID_CODE */]: "invalid-verification-code" /* AuthErrorCode.INVALID_CODE */,
|
|
794
841
|
["INVALID_SESSION_INFO" /* ServerError.INVALID_SESSION_INFO */]: "invalid-verification-id" /* AuthErrorCode.INVALID_SESSION_INFO */,
|
|
@@ -973,6 +1020,29 @@ function _makeTaggedError(auth, code, response) {
|
|
|
973
1020
|
return error;
|
|
974
1021
|
}
|
|
975
1022
|
|
|
1023
|
+
/**
|
|
1024
|
+
* @license
|
|
1025
|
+
* Copyright 2020 Google LLC
|
|
1026
|
+
*
|
|
1027
|
+
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
1028
|
+
* you may not use this file except in compliance with the License.
|
|
1029
|
+
* You may obtain a copy of the License at
|
|
1030
|
+
*
|
|
1031
|
+
* http://www.apache.org/licenses/LICENSE-2.0
|
|
1032
|
+
*
|
|
1033
|
+
* Unless required by applicable law or agreed to in writing, software
|
|
1034
|
+
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
1035
|
+
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
1036
|
+
* See the License for the specific language governing permissions and
|
|
1037
|
+
* limitations under the License.
|
|
1038
|
+
*/
|
|
1039
|
+
async function getRecaptchaParams(auth) {
|
|
1040
|
+
return ((await _performApiRequest(auth, "GET" /* HttpMethod.GET */, "/v1/recaptchaParams" /* Endpoint.GET_RECAPTCHA_PARAM */)).recaptchaSiteKey || '');
|
|
1041
|
+
}
|
|
1042
|
+
async function getRecaptchaConfig(auth, request) {
|
|
1043
|
+
return _performApiRequest(auth, "GET" /* HttpMethod.GET */, "/v2/recaptchaConfig" /* Endpoint.GET_RECAPTCHA_CONFIG */, _addTidIfNecessary(auth, request));
|
|
1044
|
+
}
|
|
1045
|
+
|
|
976
1046
|
/**
|
|
977
1047
|
* @license
|
|
978
1048
|
* Copyright 2020 Google LLC
|
|
@@ -2095,7 +2165,7 @@ function _getClientVersion(clientPlatform, frameworks = []) {
|
|
|
2095
2165
|
|
|
2096
2166
|
/**
|
|
2097
2167
|
* @license
|
|
2098
|
-
* Copyright
|
|
2168
|
+
* Copyright 2022 Google LLC
|
|
2099
2169
|
*
|
|
2100
2170
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
2101
2171
|
* you may not use this file except in compliance with the License.
|
|
@@ -2109,16 +2179,74 @@ function _getClientVersion(clientPlatform, frameworks = []) {
|
|
|
2109
2179
|
* See the License for the specific language governing permissions and
|
|
2110
2180
|
* limitations under the License.
|
|
2111
2181
|
*/
|
|
2112
|
-
|
|
2113
|
-
|
|
2114
|
-
|
|
2115
|
-
|
|
2116
|
-
|
|
2182
|
+
class AuthMiddlewareQueue {
|
|
2183
|
+
constructor(auth) {
|
|
2184
|
+
this.auth = auth;
|
|
2185
|
+
this.queue = [];
|
|
2186
|
+
}
|
|
2187
|
+
pushCallback(callback, onAbort) {
|
|
2188
|
+
// The callback could be sync or async. Wrap it into a
|
|
2189
|
+
// function that is always async.
|
|
2190
|
+
const wrappedCallback = (user) => new Promise((resolve, reject) => {
|
|
2191
|
+
try {
|
|
2192
|
+
const result = callback(user);
|
|
2193
|
+
// Either resolve with existing promise or wrap a non-promise
|
|
2194
|
+
// return value into a promise.
|
|
2195
|
+
resolve(result);
|
|
2196
|
+
}
|
|
2197
|
+
catch (e) {
|
|
2198
|
+
// Sync callback throws.
|
|
2199
|
+
reject(e);
|
|
2200
|
+
}
|
|
2201
|
+
});
|
|
2202
|
+
// Attach the onAbort if present
|
|
2203
|
+
wrappedCallback.onAbort = onAbort;
|
|
2204
|
+
this.queue.push(wrappedCallback);
|
|
2205
|
+
const index = this.queue.length - 1;
|
|
2206
|
+
return () => {
|
|
2207
|
+
// Unsubscribe. Replace with no-op. Do not remove from array, or it will disturb
|
|
2208
|
+
// indexing of other elements.
|
|
2209
|
+
this.queue[index] = () => Promise.resolve();
|
|
2210
|
+
};
|
|
2211
|
+
}
|
|
2212
|
+
async runMiddleware(nextUser) {
|
|
2213
|
+
if (this.auth.currentUser === nextUser) {
|
|
2214
|
+
return;
|
|
2215
|
+
}
|
|
2216
|
+
// While running the middleware, build a temporary stack of onAbort
|
|
2217
|
+
// callbacks to call if one middleware callback rejects.
|
|
2218
|
+
const onAbortStack = [];
|
|
2219
|
+
try {
|
|
2220
|
+
for (const beforeStateCallback of this.queue) {
|
|
2221
|
+
await beforeStateCallback(nextUser);
|
|
2222
|
+
// Only push the onAbort if the callback succeeds
|
|
2223
|
+
if (beforeStateCallback.onAbort) {
|
|
2224
|
+
onAbortStack.push(beforeStateCallback.onAbort);
|
|
2225
|
+
}
|
|
2226
|
+
}
|
|
2227
|
+
}
|
|
2228
|
+
catch (e) {
|
|
2229
|
+
// Run all onAbort, with separate try/catch to ignore any errors and
|
|
2230
|
+
// continue
|
|
2231
|
+
onAbortStack.reverse();
|
|
2232
|
+
for (const onAbort of onAbortStack) {
|
|
2233
|
+
try {
|
|
2234
|
+
onAbort();
|
|
2235
|
+
}
|
|
2236
|
+
catch (_) {
|
|
2237
|
+
/* swallow error */
|
|
2238
|
+
}
|
|
2239
|
+
}
|
|
2240
|
+
throw this.auth._errorFactory.create("login-blocked" /* AuthErrorCode.LOGIN_BLOCKED */, {
|
|
2241
|
+
originalMessage: e === null || e === void 0 ? void 0 : e.message
|
|
2242
|
+
});
|
|
2243
|
+
}
|
|
2244
|
+
}
|
|
2117
2245
|
}
|
|
2118
2246
|
|
|
2119
2247
|
/**
|
|
2120
2248
|
* @license
|
|
2121
|
-
* Copyright
|
|
2249
|
+
* Copyright 2023 Google LLC
|
|
2122
2250
|
*
|
|
2123
2251
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
2124
2252
|
* you may not use this file except in compliance with the License.
|
|
@@ -2132,37 +2260,20 @@ async function getRecaptchaConfig(auth, request) {
|
|
|
2132
2260
|
* See the License for the specific language governing permissions and
|
|
2133
2261
|
* limitations under the License.
|
|
2134
2262
|
*/
|
|
2135
|
-
|
|
2136
|
-
|
|
2137
|
-
|
|
2138
|
-
|
|
2139
|
-
|
|
2140
|
-
|
|
2141
|
-
|
|
2142
|
-
}
|
|
2143
|
-
|
|
2144
|
-
constructor(response) {
|
|
2145
|
-
/**
|
|
2146
|
-
* The reCAPTCHA site key.
|
|
2147
|
-
*/
|
|
2148
|
-
this.siteKey = '';
|
|
2149
|
-
/**
|
|
2150
|
-
* The reCAPTCHA enablement status of the {@link EmailAuthProvider} for the current tenant.
|
|
2151
|
-
*/
|
|
2152
|
-
this.emailPasswordEnabled = false;
|
|
2153
|
-
if (response.recaptchaKey === undefined) {
|
|
2154
|
-
throw new Error('recaptchaKey undefined');
|
|
2155
|
-
}
|
|
2156
|
-
// Example response.recaptchaKey: "projects/proj123/keys/sitekey123"
|
|
2157
|
-
this.siteKey = response.recaptchaKey.split('/')[3];
|
|
2158
|
-
this.emailPasswordEnabled = response.recaptchaEnforcementState.some(enforcementState => enforcementState.provider === 'EMAIL_PASSWORD_PROVIDER' &&
|
|
2159
|
-
enforcementState.enforcementState !== 'OFF');
|
|
2160
|
-
}
|
|
2263
|
+
/**
|
|
2264
|
+
* Fetches the password policy for the currently set tenant or the project if no tenant is set.
|
|
2265
|
+
*
|
|
2266
|
+
* @param auth Auth object.
|
|
2267
|
+
* @param request Password policy request.
|
|
2268
|
+
* @returns Password policy response.
|
|
2269
|
+
*/
|
|
2270
|
+
async function _getPasswordPolicy(auth, request = {}) {
|
|
2271
|
+
return _performApiRequest(auth, "GET" /* HttpMethod.GET */, "/v2/passwordPolicy" /* Endpoint.GET_PASSWORD_POLICY */, _addTidIfNecessary(auth, request));
|
|
2161
2272
|
}
|
|
2162
2273
|
|
|
2163
2274
|
/**
|
|
2164
2275
|
* @license
|
|
2165
|
-
* Copyright
|
|
2276
|
+
* Copyright 2023 Google LLC
|
|
2166
2277
|
*
|
|
2167
2278
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
2168
2279
|
* you may not use this file except in compliance with the License.
|
|
@@ -2176,232 +2287,135 @@ class RecaptchaConfig {
|
|
|
2176
2287
|
* See the License for the specific language governing permissions and
|
|
2177
2288
|
* limitations under the License.
|
|
2178
2289
|
*/
|
|
2179
|
-
|
|
2180
|
-
|
|
2181
|
-
|
|
2182
|
-
|
|
2183
|
-
|
|
2184
|
-
|
|
2185
|
-
|
|
2186
|
-
|
|
2187
|
-
|
|
2188
|
-
|
|
2189
|
-
|
|
2190
|
-
|
|
2191
|
-
|
|
2192
|
-
|
|
2290
|
+
// Minimum min password length enforced by the backend, even if no minimum length is set.
|
|
2291
|
+
const MINIMUM_MIN_PASSWORD_LENGTH = 6;
|
|
2292
|
+
/**
|
|
2293
|
+
* Stores password policy requirements and provides password validation against the policy.
|
|
2294
|
+
*
|
|
2295
|
+
* @internal
|
|
2296
|
+
*/
|
|
2297
|
+
class PasswordPolicyImpl {
|
|
2298
|
+
constructor(response) {
|
|
2299
|
+
var _a, _b, _c, _d;
|
|
2300
|
+
// Only include custom strength options defined in the response.
|
|
2301
|
+
const responseOptions = response.customStrengthOptions;
|
|
2302
|
+
this.customStrengthOptions = {};
|
|
2303
|
+
// TODO: Remove once the backend is updated to include the minimum min password length instead of undefined when there is no minimum length set.
|
|
2304
|
+
this.customStrengthOptions.minPasswordLength =
|
|
2305
|
+
(_a = responseOptions.minPasswordLength) !== null && _a !== void 0 ? _a : MINIMUM_MIN_PASSWORD_LENGTH;
|
|
2306
|
+
if (responseOptions.maxPasswordLength) {
|
|
2307
|
+
this.customStrengthOptions.maxPasswordLength =
|
|
2308
|
+
responseOptions.maxPasswordLength;
|
|
2309
|
+
}
|
|
2310
|
+
if (responseOptions.containsLowercaseCharacter !== undefined) {
|
|
2311
|
+
this.customStrengthOptions.containsLowercaseLetter =
|
|
2312
|
+
responseOptions.containsLowercaseCharacter;
|
|
2313
|
+
}
|
|
2314
|
+
if (responseOptions.containsUppercaseCharacter !== undefined) {
|
|
2315
|
+
this.customStrengthOptions.containsUppercaseLetter =
|
|
2316
|
+
responseOptions.containsUppercaseCharacter;
|
|
2317
|
+
}
|
|
2318
|
+
if (responseOptions.containsNumericCharacter !== undefined) {
|
|
2319
|
+
this.customStrengthOptions.containsNumericCharacter =
|
|
2320
|
+
responseOptions.containsNumericCharacter;
|
|
2321
|
+
}
|
|
2322
|
+
if (responseOptions.containsNonAlphanumericCharacter !== undefined) {
|
|
2323
|
+
this.customStrengthOptions.containsNonAlphanumericCharacter =
|
|
2324
|
+
responseOptions.containsNonAlphanumericCharacter;
|
|
2325
|
+
}
|
|
2326
|
+
this.enforcementState = response.enforcementState;
|
|
2327
|
+
if (this.enforcementState === 'ENFORCEMENT_STATE_UNSPECIFIED') {
|
|
2328
|
+
this.enforcementState = 'OFF';
|
|
2329
|
+
}
|
|
2330
|
+
// Use an empty string if no non-alphanumeric characters are specified in the response.
|
|
2331
|
+
this.allowedNonAlphanumericCharacters =
|
|
2332
|
+
(_c = (_b = response.allowedNonAlphanumericCharacters) === null || _b === void 0 ? void 0 : _b.join('')) !== null && _c !== void 0 ? _c : '';
|
|
2333
|
+
this.forceUpgradeOnSignin = (_d = response.forceUpgradeOnSignin) !== null && _d !== void 0 ? _d : false;
|
|
2334
|
+
this.schemaVersion = response.schemaVersion;
|
|
2335
|
+
}
|
|
2336
|
+
validatePassword(password) {
|
|
2337
|
+
var _a, _b, _c, _d, _e, _f;
|
|
2338
|
+
const status = {
|
|
2339
|
+
isValid: true,
|
|
2340
|
+
passwordPolicy: this
|
|
2193
2341
|
};
|
|
2194
|
-
|
|
2195
|
-
|
|
2196
|
-
|
|
2197
|
-
|
|
2198
|
-
|
|
2199
|
-
|
|
2200
|
-
|
|
2201
|
-
|
|
2202
|
-
|
|
2203
|
-
|
|
2204
|
-
|
|
2205
|
-
const RECAPTCHA_ENTERPRISE_VERIFIER_TYPE = 'recaptcha-enterprise';
|
|
2206
|
-
const FAKE_TOKEN = 'NO_RECAPTCHA';
|
|
2207
|
-
class RecaptchaEnterpriseVerifier {
|
|
2208
|
-
/**
|
|
2209
|
-
*
|
|
2210
|
-
* @param authExtern - The corresponding Firebase {@link Auth} instance.
|
|
2211
|
-
*
|
|
2212
|
-
*/
|
|
2213
|
-
constructor(authExtern) {
|
|
2214
|
-
/**
|
|
2215
|
-
* Identifies the type of application verifier (e.g. "recaptcha-enterprise").
|
|
2216
|
-
*/
|
|
2217
|
-
this.type = RECAPTCHA_ENTERPRISE_VERIFIER_TYPE;
|
|
2218
|
-
this.auth = _castAuth(authExtern);
|
|
2342
|
+
// Check the password length and character options.
|
|
2343
|
+
this.validatePasswordLengthOptions(password, status);
|
|
2344
|
+
this.validatePasswordCharacterOptions(password, status);
|
|
2345
|
+
// Combine the status into single isValid property.
|
|
2346
|
+
status.isValid && (status.isValid = (_a = status.meetsMinPasswordLength) !== null && _a !== void 0 ? _a : true);
|
|
2347
|
+
status.isValid && (status.isValid = (_b = status.meetsMaxPasswordLength) !== null && _b !== void 0 ? _b : true);
|
|
2348
|
+
status.isValid && (status.isValid = (_c = status.containsLowercaseLetter) !== null && _c !== void 0 ? _c : true);
|
|
2349
|
+
status.isValid && (status.isValid = (_d = status.containsUppercaseLetter) !== null && _d !== void 0 ? _d : true);
|
|
2350
|
+
status.isValid && (status.isValid = (_e = status.containsNumericCharacter) !== null && _e !== void 0 ? _e : true);
|
|
2351
|
+
status.isValid && (status.isValid = (_f = status.containsNonAlphanumericCharacter) !== null && _f !== void 0 ? _f : true);
|
|
2352
|
+
return status;
|
|
2219
2353
|
}
|
|
2220
2354
|
/**
|
|
2221
|
-
*
|
|
2355
|
+
* Validates that the password meets the length options for the policy.
|
|
2222
2356
|
*
|
|
2223
|
-
* @
|
|
2357
|
+
* @param password Password to validate.
|
|
2358
|
+
* @param status Validation status.
|
|
2224
2359
|
*/
|
|
2225
|
-
|
|
2226
|
-
|
|
2227
|
-
|
|
2228
|
-
|
|
2229
|
-
|
|
2230
|
-
}
|
|
2231
|
-
if (auth.tenantId != null &&
|
|
2232
|
-
auth._tenantRecaptchaConfigs[auth.tenantId] !== undefined) {
|
|
2233
|
-
return auth._tenantRecaptchaConfigs[auth.tenantId].siteKey;
|
|
2234
|
-
}
|
|
2235
|
-
}
|
|
2236
|
-
return new Promise(async (resolve, reject) => {
|
|
2237
|
-
getRecaptchaConfig(auth, {
|
|
2238
|
-
clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */,
|
|
2239
|
-
version: "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
|
|
2240
|
-
})
|
|
2241
|
-
.then(response => {
|
|
2242
|
-
if (response.recaptchaKey === undefined) {
|
|
2243
|
-
reject(new Error('recaptcha Enterprise site key undefined'));
|
|
2244
|
-
}
|
|
2245
|
-
else {
|
|
2246
|
-
const config = new RecaptchaConfig(response);
|
|
2247
|
-
if (auth.tenantId == null) {
|
|
2248
|
-
auth._agentRecaptchaConfig = config;
|
|
2249
|
-
}
|
|
2250
|
-
else {
|
|
2251
|
-
auth._tenantRecaptchaConfigs[auth.tenantId] = config;
|
|
2252
|
-
}
|
|
2253
|
-
return resolve(config.siteKey);
|
|
2254
|
-
}
|
|
2255
|
-
})
|
|
2256
|
-
.catch(error => {
|
|
2257
|
-
reject(error);
|
|
2258
|
-
});
|
|
2259
|
-
});
|
|
2360
|
+
validatePasswordLengthOptions(password, status) {
|
|
2361
|
+
const minPasswordLength = this.customStrengthOptions.minPasswordLength;
|
|
2362
|
+
const maxPasswordLength = this.customStrengthOptions.maxPasswordLength;
|
|
2363
|
+
if (minPasswordLength) {
|
|
2364
|
+
status.meetsMinPasswordLength = password.length >= minPasswordLength;
|
|
2260
2365
|
}
|
|
2261
|
-
|
|
2262
|
-
|
|
2263
|
-
if (isEnterprise(grecaptcha)) {
|
|
2264
|
-
grecaptcha.enterprise.ready(() => {
|
|
2265
|
-
grecaptcha.enterprise
|
|
2266
|
-
.execute(siteKey, { action })
|
|
2267
|
-
.then(token => {
|
|
2268
|
-
resolve(token);
|
|
2269
|
-
})
|
|
2270
|
-
.catch(() => {
|
|
2271
|
-
resolve(FAKE_TOKEN);
|
|
2272
|
-
});
|
|
2273
|
-
});
|
|
2274
|
-
}
|
|
2275
|
-
else {
|
|
2276
|
-
reject(Error('No reCAPTCHA enterprise script loaded.'));
|
|
2277
|
-
}
|
|
2366
|
+
if (maxPasswordLength) {
|
|
2367
|
+
status.meetsMaxPasswordLength = password.length <= maxPasswordLength;
|
|
2278
2368
|
}
|
|
2279
|
-
return new Promise((resolve, reject) => {
|
|
2280
|
-
retrieveSiteKey(this.auth)
|
|
2281
|
-
.then(siteKey => {
|
|
2282
|
-
if (!forceRefresh && isEnterprise(window.grecaptcha)) {
|
|
2283
|
-
retrieveRecaptchaToken(siteKey, resolve, reject);
|
|
2284
|
-
}
|
|
2285
|
-
else {
|
|
2286
|
-
if (typeof window === 'undefined') {
|
|
2287
|
-
reject(new Error('RecaptchaVerifier is only supported in browser'));
|
|
2288
|
-
return;
|
|
2289
|
-
}
|
|
2290
|
-
_loadJS(RECAPTCHA_ENTERPRISE_URL + siteKey)
|
|
2291
|
-
.then(() => {
|
|
2292
|
-
retrieveRecaptchaToken(siteKey, resolve, reject);
|
|
2293
|
-
})
|
|
2294
|
-
.catch(error => {
|
|
2295
|
-
reject(error);
|
|
2296
|
-
});
|
|
2297
|
-
}
|
|
2298
|
-
})
|
|
2299
|
-
.catch(error => {
|
|
2300
|
-
reject(error);
|
|
2301
|
-
});
|
|
2302
|
-
});
|
|
2303
|
-
}
|
|
2304
|
-
}
|
|
2305
|
-
async function injectRecaptchaFields(auth, request, action, captchaResp = false) {
|
|
2306
|
-
const verifier = new RecaptchaEnterpriseVerifier(auth);
|
|
2307
|
-
let captchaResponse;
|
|
2308
|
-
try {
|
|
2309
|
-
captchaResponse = await verifier.verify(action);
|
|
2310
|
-
}
|
|
2311
|
-
catch (error) {
|
|
2312
|
-
captchaResponse = await verifier.verify(action, true);
|
|
2313
|
-
}
|
|
2314
|
-
const newRequest = Object.assign({}, request);
|
|
2315
|
-
if (!captchaResp) {
|
|
2316
|
-
Object.assign(newRequest, { captchaResponse });
|
|
2317
|
-
}
|
|
2318
|
-
else {
|
|
2319
|
-
Object.assign(newRequest, { 'captchaResp': captchaResponse });
|
|
2320
|
-
}
|
|
2321
|
-
Object.assign(newRequest, { 'clientType': "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */ });
|
|
2322
|
-
Object.assign(newRequest, {
|
|
2323
|
-
'recaptchaVersion': "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
|
|
2324
|
-
});
|
|
2325
|
-
return newRequest;
|
|
2326
|
-
}
|
|
2327
|
-
|
|
2328
|
-
/**
|
|
2329
|
-
* @license
|
|
2330
|
-
* Copyright 2022 Google LLC
|
|
2331
|
-
*
|
|
2332
|
-
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
2333
|
-
* you may not use this file except in compliance with the License.
|
|
2334
|
-
* You may obtain a copy of the License at
|
|
2335
|
-
*
|
|
2336
|
-
* http://www.apache.org/licenses/LICENSE-2.0
|
|
2337
|
-
*
|
|
2338
|
-
* Unless required by applicable law or agreed to in writing, software
|
|
2339
|
-
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
2340
|
-
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
2341
|
-
* See the License for the specific language governing permissions and
|
|
2342
|
-
* limitations under the License.
|
|
2343
|
-
*/
|
|
2344
|
-
class AuthMiddlewareQueue {
|
|
2345
|
-
constructor(auth) {
|
|
2346
|
-
this.auth = auth;
|
|
2347
|
-
this.queue = [];
|
|
2348
2369
|
}
|
|
2349
|
-
|
|
2350
|
-
|
|
2351
|
-
|
|
2352
|
-
|
|
2353
|
-
|
|
2354
|
-
|
|
2355
|
-
|
|
2356
|
-
|
|
2357
|
-
|
|
2358
|
-
|
|
2359
|
-
|
|
2360
|
-
|
|
2361
|
-
|
|
2362
|
-
|
|
2363
|
-
|
|
2364
|
-
|
|
2365
|
-
|
|
2366
|
-
|
|
2367
|
-
|
|
2368
|
-
|
|
2369
|
-
|
|
2370
|
-
|
|
2371
|
-
|
|
2372
|
-
|
|
2370
|
+
/**
|
|
2371
|
+
* Validates that the password meets the character options for the policy.
|
|
2372
|
+
*
|
|
2373
|
+
* @param password Password to validate.
|
|
2374
|
+
* @param status Validation status.
|
|
2375
|
+
*/
|
|
2376
|
+
validatePasswordCharacterOptions(password, status) {
|
|
2377
|
+
// Assign statuses for requirements even if the password is an empty string.
|
|
2378
|
+
this.updatePasswordCharacterOptionsStatuses(status,
|
|
2379
|
+
/* containsLowercaseCharacter= */ false,
|
|
2380
|
+
/* containsUppercaseCharacter= */ false,
|
|
2381
|
+
/* containsNumericCharacter= */ false,
|
|
2382
|
+
/* containsNonAlphanumericCharacter= */ false);
|
|
2383
|
+
let passwordChar;
|
|
2384
|
+
for (let i = 0; i < password.length; i++) {
|
|
2385
|
+
passwordChar = password.charAt(i);
|
|
2386
|
+
this.updatePasswordCharacterOptionsStatuses(status,
|
|
2387
|
+
/* containsLowercaseCharacter= */ passwordChar >= 'a' &&
|
|
2388
|
+
passwordChar <= 'z',
|
|
2389
|
+
/* containsUppercaseCharacter= */ passwordChar >= 'A' &&
|
|
2390
|
+
passwordChar <= 'Z',
|
|
2391
|
+
/* containsNumericCharacter= */ passwordChar >= '0' &&
|
|
2392
|
+
passwordChar <= '9',
|
|
2393
|
+
/* containsNonAlphanumericCharacter= */ this.allowedNonAlphanumericCharacters.includes(passwordChar));
|
|
2394
|
+
}
|
|
2373
2395
|
}
|
|
2374
|
-
|
|
2375
|
-
|
|
2376
|
-
|
|
2396
|
+
/**
|
|
2397
|
+
* Updates the running validation status with the statuses for the character options.
|
|
2398
|
+
* Expected to be called each time a character is processed to update each option status
|
|
2399
|
+
* based on the current character.
|
|
2400
|
+
*
|
|
2401
|
+
* @param status Validation status.
|
|
2402
|
+
* @param containsLowercaseCharacter Whether the character is a lowercase letter.
|
|
2403
|
+
* @param containsUppercaseCharacter Whether the character is an uppercase letter.
|
|
2404
|
+
* @param containsNumericCharacter Whether the character is a numeric character.
|
|
2405
|
+
* @param containsNonAlphanumericCharacter Whether the character is a non-alphanumeric character.
|
|
2406
|
+
*/
|
|
2407
|
+
updatePasswordCharacterOptionsStatuses(status, containsLowercaseCharacter, containsUppercaseCharacter, containsNumericCharacter, containsNonAlphanumericCharacter) {
|
|
2408
|
+
if (this.customStrengthOptions.containsLowercaseLetter) {
|
|
2409
|
+
status.containsLowercaseLetter || (status.containsLowercaseLetter = containsLowercaseCharacter);
|
|
2377
2410
|
}
|
|
2378
|
-
|
|
2379
|
-
|
|
2380
|
-
const onAbortStack = [];
|
|
2381
|
-
try {
|
|
2382
|
-
for (const beforeStateCallback of this.queue) {
|
|
2383
|
-
await beforeStateCallback(nextUser);
|
|
2384
|
-
// Only push the onAbort if the callback succeeds
|
|
2385
|
-
if (beforeStateCallback.onAbort) {
|
|
2386
|
-
onAbortStack.push(beforeStateCallback.onAbort);
|
|
2387
|
-
}
|
|
2388
|
-
}
|
|
2411
|
+
if (this.customStrengthOptions.containsUppercaseLetter) {
|
|
2412
|
+
status.containsUppercaseLetter || (status.containsUppercaseLetter = containsUppercaseCharacter);
|
|
2389
2413
|
}
|
|
2390
|
-
|
|
2391
|
-
|
|
2392
|
-
|
|
2393
|
-
|
|
2394
|
-
|
|
2395
|
-
try {
|
|
2396
|
-
onAbort();
|
|
2397
|
-
}
|
|
2398
|
-
catch (_) {
|
|
2399
|
-
/* swallow error */
|
|
2400
|
-
}
|
|
2401
|
-
}
|
|
2402
|
-
throw this.auth._errorFactory.create("login-blocked" /* AuthErrorCode.LOGIN_BLOCKED */, {
|
|
2403
|
-
originalMessage: e === null || e === void 0 ? void 0 : e.message
|
|
2404
|
-
});
|
|
2414
|
+
if (this.customStrengthOptions.containsNumericCharacter) {
|
|
2415
|
+
status.containsNumericCharacter || (status.containsNumericCharacter = containsNumericCharacter);
|
|
2416
|
+
}
|
|
2417
|
+
if (this.customStrengthOptions.containsNonAlphanumericCharacter) {
|
|
2418
|
+
status.containsNonAlphanumericCharacter || (status.containsNonAlphanumericCharacter = containsNonAlphanumericCharacter);
|
|
2405
2419
|
}
|
|
2406
2420
|
}
|
|
2407
2421
|
}
|
|
@@ -2436,6 +2450,7 @@ class AuthImpl {
|
|
|
2436
2450
|
this.beforeStateQueue = new AuthMiddlewareQueue(this);
|
|
2437
2451
|
this.redirectUser = null;
|
|
2438
2452
|
this.isProactiveRefreshEnabled = false;
|
|
2453
|
+
this.EXPECTED_PASSWORD_POLICY_SCHEMA_VERSION = 1;
|
|
2439
2454
|
// Any network calls will set this to true and prevent subsequent emulator
|
|
2440
2455
|
// initialization
|
|
2441
2456
|
this._canInitEmulator = true;
|
|
@@ -2446,6 +2461,8 @@ class AuthImpl {
|
|
|
2446
2461
|
this._errorFactory = _DEFAULT_AUTH_ERROR_FACTORY;
|
|
2447
2462
|
this._agentRecaptchaConfig = null;
|
|
2448
2463
|
this._tenantRecaptchaConfigs = {};
|
|
2464
|
+
this._projectPasswordPolicy = null;
|
|
2465
|
+
this._tenantPasswordPolicies = {};
|
|
2449
2466
|
// Tracks the last notified UID for state change listeners to prevent
|
|
2450
2467
|
// repeated calls to the callbacks. Undefined means it's never been
|
|
2451
2468
|
// called, whereas null means it's been called with a signed out user
|
|
@@ -2665,29 +2682,44 @@ class AuthImpl {
|
|
|
2665
2682
|
await this.assertedPersistence.setPersistence(_getInstance(persistence));
|
|
2666
2683
|
});
|
|
2667
2684
|
}
|
|
2668
|
-
|
|
2669
|
-
const response = await getRecaptchaConfig(this, {
|
|
2670
|
-
clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */,
|
|
2671
|
-
version: "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
|
|
2672
|
-
});
|
|
2673
|
-
const config = new RecaptchaConfig(response);
|
|
2685
|
+
_getRecaptchaConfig() {
|
|
2674
2686
|
if (this.tenantId == null) {
|
|
2675
|
-
this._agentRecaptchaConfig
|
|
2687
|
+
return this._agentRecaptchaConfig;
|
|
2676
2688
|
}
|
|
2677
2689
|
else {
|
|
2678
|
-
this._tenantRecaptchaConfigs[this.tenantId]
|
|
2690
|
+
return this._tenantRecaptchaConfigs[this.tenantId];
|
|
2691
|
+
}
|
|
2692
|
+
}
|
|
2693
|
+
async validatePassword(password) {
|
|
2694
|
+
if (!this._getPasswordPolicyInternal()) {
|
|
2695
|
+
await this._updatePasswordPolicy();
|
|
2679
2696
|
}
|
|
2680
|
-
|
|
2681
|
-
|
|
2682
|
-
|
|
2697
|
+
// Password policy will be defined after fetching.
|
|
2698
|
+
const passwordPolicy = this._getPasswordPolicyInternal();
|
|
2699
|
+
// Check that the policy schema version is supported by the SDK.
|
|
2700
|
+
// TODO: Update this logic to use a max supported policy schema version once we have multiple schema versions.
|
|
2701
|
+
if (passwordPolicy.schemaVersion !==
|
|
2702
|
+
this.EXPECTED_PASSWORD_POLICY_SCHEMA_VERSION) {
|
|
2703
|
+
return Promise.reject(this._errorFactory.create("unsupported-password-policy-schema-version" /* AuthErrorCode.UNSUPPORTED_PASSWORD_POLICY_SCHEMA_VERSION */, {}));
|
|
2683
2704
|
}
|
|
2705
|
+
return passwordPolicy.validatePassword(password);
|
|
2684
2706
|
}
|
|
2685
|
-
|
|
2686
|
-
if (this.tenantId
|
|
2687
|
-
return this.
|
|
2707
|
+
_getPasswordPolicyInternal() {
|
|
2708
|
+
if (this.tenantId === null) {
|
|
2709
|
+
return this._projectPasswordPolicy;
|
|
2688
2710
|
}
|
|
2689
2711
|
else {
|
|
2690
|
-
return this.
|
|
2712
|
+
return this._tenantPasswordPolicies[this.tenantId];
|
|
2713
|
+
}
|
|
2714
|
+
}
|
|
2715
|
+
async _updatePasswordPolicy() {
|
|
2716
|
+
const response = await _getPasswordPolicy(this);
|
|
2717
|
+
const passwordPolicy = new PasswordPolicyImpl(response);
|
|
2718
|
+
if (this.tenantId === null) {
|
|
2719
|
+
this._projectPasswordPolicy = passwordPolicy;
|
|
2720
|
+
}
|
|
2721
|
+
else {
|
|
2722
|
+
this._tenantPasswordPolicies[this.tenantId] = passwordPolicy;
|
|
2691
2723
|
}
|
|
2692
2724
|
}
|
|
2693
2725
|
_getPersistence() {
|
|
@@ -2925,6 +2957,189 @@ class Subscription {
|
|
|
2925
2957
|
}
|
|
2926
2958
|
}
|
|
2927
2959
|
|
|
2960
|
+
/**
|
|
2961
|
+
* @license
|
|
2962
|
+
* Copyright 2020 Google LLC
|
|
2963
|
+
*
|
|
2964
|
+
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
2965
|
+
* you may not use this file except in compliance with the License.
|
|
2966
|
+
* You may obtain a copy of the License at
|
|
2967
|
+
*
|
|
2968
|
+
* http://www.apache.org/licenses/LICENSE-2.0
|
|
2969
|
+
*
|
|
2970
|
+
* Unless required by applicable law or agreed to in writing, software
|
|
2971
|
+
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
2972
|
+
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
2973
|
+
* See the License for the specific language governing permissions and
|
|
2974
|
+
* limitations under the License.
|
|
2975
|
+
*/
|
|
2976
|
+
function getScriptParentElement() {
|
|
2977
|
+
var _a, _b;
|
|
2978
|
+
return (_b = (_a = document.getElementsByTagName('head')) === null || _a === void 0 ? void 0 : _a[0]) !== null && _b !== void 0 ? _b : document;
|
|
2979
|
+
}
|
|
2980
|
+
function _loadJS(url) {
|
|
2981
|
+
// TODO: consider adding timeout support & cancellation
|
|
2982
|
+
return new Promise((resolve, reject) => {
|
|
2983
|
+
const el = document.createElement('script');
|
|
2984
|
+
el.setAttribute('src', url);
|
|
2985
|
+
el.onload = resolve;
|
|
2986
|
+
el.onerror = e => {
|
|
2987
|
+
const error = _createError("internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
|
|
2988
|
+
error.customData = e;
|
|
2989
|
+
reject(error);
|
|
2990
|
+
};
|
|
2991
|
+
el.type = 'text/javascript';
|
|
2992
|
+
el.charset = 'UTF-8';
|
|
2993
|
+
getScriptParentElement().appendChild(el);
|
|
2994
|
+
});
|
|
2995
|
+
}
|
|
2996
|
+
function _generateCallbackName(prefix) {
|
|
2997
|
+
return `__${prefix}${Math.floor(Math.random() * 1000000)}`;
|
|
2998
|
+
}
|
|
2999
|
+
|
|
3000
|
+
/* eslint-disable @typescript-eslint/no-require-imports */
|
|
3001
|
+
const RECAPTCHA_ENTERPRISE_URL = 'https://www.google.com/recaptcha/enterprise.js?render=';
|
|
3002
|
+
const RECAPTCHA_ENTERPRISE_VERIFIER_TYPE = 'recaptcha-enterprise';
|
|
3003
|
+
const FAKE_TOKEN = 'NO_RECAPTCHA';
|
|
3004
|
+
class RecaptchaEnterpriseVerifier {
|
|
3005
|
+
/**
|
|
3006
|
+
*
|
|
3007
|
+
* @param authExtern - The corresponding Firebase {@link Auth} instance.
|
|
3008
|
+
*
|
|
3009
|
+
*/
|
|
3010
|
+
constructor(authExtern) {
|
|
3011
|
+
/**
|
|
3012
|
+
* Identifies the type of application verifier (e.g. "recaptcha-enterprise").
|
|
3013
|
+
*/
|
|
3014
|
+
this.type = RECAPTCHA_ENTERPRISE_VERIFIER_TYPE;
|
|
3015
|
+
this.auth = _castAuth(authExtern);
|
|
3016
|
+
}
|
|
3017
|
+
/**
|
|
3018
|
+
* Executes the verification process.
|
|
3019
|
+
*
|
|
3020
|
+
* @returns A Promise for a token that can be used to assert the validity of a request.
|
|
3021
|
+
*/
|
|
3022
|
+
async verify(action = 'verify', forceRefresh = false) {
|
|
3023
|
+
async function retrieveSiteKey(auth) {
|
|
3024
|
+
if (!forceRefresh) {
|
|
3025
|
+
if (auth.tenantId == null && auth._agentRecaptchaConfig != null) {
|
|
3026
|
+
return auth._agentRecaptchaConfig.siteKey;
|
|
3027
|
+
}
|
|
3028
|
+
if (auth.tenantId != null &&
|
|
3029
|
+
auth._tenantRecaptchaConfigs[auth.tenantId] !== undefined) {
|
|
3030
|
+
return auth._tenantRecaptchaConfigs[auth.tenantId].siteKey;
|
|
3031
|
+
}
|
|
3032
|
+
}
|
|
3033
|
+
return new Promise(async (resolve, reject) => {
|
|
3034
|
+
getRecaptchaConfig(auth, {
|
|
3035
|
+
clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */,
|
|
3036
|
+
version: "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
|
|
3037
|
+
})
|
|
3038
|
+
.then(response => {
|
|
3039
|
+
if (response.recaptchaKey === undefined) {
|
|
3040
|
+
reject(new Error('recaptcha Enterprise site key undefined'));
|
|
3041
|
+
}
|
|
3042
|
+
else {
|
|
3043
|
+
const config = new RecaptchaConfig(response);
|
|
3044
|
+
if (auth.tenantId == null) {
|
|
3045
|
+
auth._agentRecaptchaConfig = config;
|
|
3046
|
+
}
|
|
3047
|
+
else {
|
|
3048
|
+
auth._tenantRecaptchaConfigs[auth.tenantId] = config;
|
|
3049
|
+
}
|
|
3050
|
+
return resolve(config.siteKey);
|
|
3051
|
+
}
|
|
3052
|
+
})
|
|
3053
|
+
.catch(error => {
|
|
3054
|
+
reject(error);
|
|
3055
|
+
});
|
|
3056
|
+
});
|
|
3057
|
+
}
|
|
3058
|
+
function retrieveRecaptchaToken(siteKey, resolve, reject) {
|
|
3059
|
+
const grecaptcha = window.grecaptcha;
|
|
3060
|
+
if (isEnterprise(grecaptcha)) {
|
|
3061
|
+
grecaptcha.enterprise.ready(() => {
|
|
3062
|
+
grecaptcha.enterprise
|
|
3063
|
+
.execute(siteKey, { action })
|
|
3064
|
+
.then(token => {
|
|
3065
|
+
resolve(token);
|
|
3066
|
+
})
|
|
3067
|
+
.catch(() => {
|
|
3068
|
+
resolve(FAKE_TOKEN);
|
|
3069
|
+
});
|
|
3070
|
+
});
|
|
3071
|
+
}
|
|
3072
|
+
else {
|
|
3073
|
+
reject(Error('No reCAPTCHA enterprise script loaded.'));
|
|
3074
|
+
}
|
|
3075
|
+
}
|
|
3076
|
+
return new Promise((resolve, reject) => {
|
|
3077
|
+
retrieveSiteKey(this.auth)
|
|
3078
|
+
.then(siteKey => {
|
|
3079
|
+
if (!forceRefresh && isEnterprise(window.grecaptcha)) {
|
|
3080
|
+
retrieveRecaptchaToken(siteKey, resolve, reject);
|
|
3081
|
+
}
|
|
3082
|
+
else {
|
|
3083
|
+
if (typeof window === 'undefined') {
|
|
3084
|
+
reject(new Error('RecaptchaVerifier is only supported in browser'));
|
|
3085
|
+
return;
|
|
3086
|
+
}
|
|
3087
|
+
_loadJS(RECAPTCHA_ENTERPRISE_URL + siteKey)
|
|
3088
|
+
.then(() => {
|
|
3089
|
+
retrieveRecaptchaToken(siteKey, resolve, reject);
|
|
3090
|
+
})
|
|
3091
|
+
.catch(error => {
|
|
3092
|
+
reject(error);
|
|
3093
|
+
});
|
|
3094
|
+
}
|
|
3095
|
+
})
|
|
3096
|
+
.catch(error => {
|
|
3097
|
+
reject(error);
|
|
3098
|
+
});
|
|
3099
|
+
});
|
|
3100
|
+
}
|
|
3101
|
+
}
|
|
3102
|
+
async function injectRecaptchaFields(auth, request, action, captchaResp = false) {
|
|
3103
|
+
const verifier = new RecaptchaEnterpriseVerifier(auth);
|
|
3104
|
+
let captchaResponse;
|
|
3105
|
+
try {
|
|
3106
|
+
captchaResponse = await verifier.verify(action);
|
|
3107
|
+
}
|
|
3108
|
+
catch (error) {
|
|
3109
|
+
captchaResponse = await verifier.verify(action, true);
|
|
3110
|
+
}
|
|
3111
|
+
const newRequest = Object.assign({}, request);
|
|
3112
|
+
if (!captchaResp) {
|
|
3113
|
+
Object.assign(newRequest, { captchaResponse });
|
|
3114
|
+
}
|
|
3115
|
+
else {
|
|
3116
|
+
Object.assign(newRequest, { 'captchaResp': captchaResponse });
|
|
3117
|
+
}
|
|
3118
|
+
Object.assign(newRequest, { 'clientType': "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */ });
|
|
3119
|
+
Object.assign(newRequest, {
|
|
3120
|
+
'recaptchaVersion': "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
|
|
3121
|
+
});
|
|
3122
|
+
return newRequest;
|
|
3123
|
+
}
|
|
3124
|
+
async function _initializeRecaptchaConfig(auth) {
|
|
3125
|
+
const authInternal = _castAuth(auth);
|
|
3126
|
+
const response = await getRecaptchaConfig(authInternal, {
|
|
3127
|
+
clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */,
|
|
3128
|
+
version: "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
|
|
3129
|
+
});
|
|
3130
|
+
const config = new RecaptchaConfig(response);
|
|
3131
|
+
if (authInternal.tenantId == null) {
|
|
3132
|
+
authInternal._agentRecaptchaConfig = config;
|
|
3133
|
+
}
|
|
3134
|
+
else {
|
|
3135
|
+
authInternal._tenantRecaptchaConfigs[authInternal.tenantId] = config;
|
|
3136
|
+
}
|
|
3137
|
+
if (config.emailPasswordEnabled) {
|
|
3138
|
+
const verifier = new RecaptchaEnterpriseVerifier(authInternal);
|
|
3139
|
+
void verifier.verify();
|
|
3140
|
+
}
|
|
3141
|
+
}
|
|
3142
|
+
|
|
2928
3143
|
/**
|
|
2929
3144
|
* @license
|
|
2930
3145
|
* Copyright 2020 Google LLC
|
|
@@ -5282,6 +5497,25 @@ function _setActionCodeSettingsOnRequest(auth, request, actionCodeSettings) {
|
|
|
5282
5497
|
* See the License for the specific language governing permissions and
|
|
5283
5498
|
* limitations under the License.
|
|
5284
5499
|
*/
|
|
5500
|
+
/**
|
|
5501
|
+
* Updates the password policy cached in the {@link Auth} instance if a policy is already
|
|
5502
|
+
* cached for the project or tenant.
|
|
5503
|
+
*
|
|
5504
|
+
* @remarks
|
|
5505
|
+
* We only fetch the password policy if the password did not meet policy requirements and
|
|
5506
|
+
* there is an existing policy cached. A developer must call validatePassword at least
|
|
5507
|
+
* once for the cache to be automatically updated.
|
|
5508
|
+
*
|
|
5509
|
+
* @param auth - The {@link Auth} instance.
|
|
5510
|
+
*
|
|
5511
|
+
* @private
|
|
5512
|
+
*/
|
|
5513
|
+
async function recachePasswordPolicy(auth) {
|
|
5514
|
+
const authInternal = _castAuth(auth);
|
|
5515
|
+
if (authInternal._getPasswordPolicyInternal()) {
|
|
5516
|
+
await authInternal._updatePasswordPolicy();
|
|
5517
|
+
}
|
|
5518
|
+
}
|
|
5285
5519
|
/**
|
|
5286
5520
|
* Sends a password reset email to the given email address.
|
|
5287
5521
|
*
|
|
@@ -5362,6 +5596,13 @@ async function confirmPasswordReset(auth, oobCode, newPassword) {
|
|
|
5362
5596
|
await resetPassword(util.getModularInstance(auth), {
|
|
5363
5597
|
oobCode,
|
|
5364
5598
|
newPassword
|
|
5599
|
+
})
|
|
5600
|
+
.catch(async (error) => {
|
|
5601
|
+
if (error.code ===
|
|
5602
|
+
`auth/${"password-does-not-meet-requirements" /* AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */}`) {
|
|
5603
|
+
void recachePasswordPolicy(auth);
|
|
5604
|
+
}
|
|
5605
|
+
throw error;
|
|
5365
5606
|
});
|
|
5366
5607
|
// Do not return the email.
|
|
5367
5608
|
}
|
|
@@ -5480,13 +5721,14 @@ async function createUserWithEmailAndPassword(auth, email, password) {
|
|
|
5480
5721
|
const requestWithRecaptcha = await injectRecaptchaFields(authInternal, request, "signUpPassword" /* RecaptchaActionName.SIGN_UP_PASSWORD */);
|
|
5481
5722
|
return signUp(authInternal, requestWithRecaptcha);
|
|
5482
5723
|
}
|
|
5483
|
-
|
|
5484
|
-
return Promise.reject(error);
|
|
5485
|
-
}
|
|
5724
|
+
throw error;
|
|
5486
5725
|
});
|
|
5487
5726
|
}
|
|
5488
5727
|
const response = await signUpResponse.catch(error => {
|
|
5489
|
-
|
|
5728
|
+
if (error.code === `auth/${"password-does-not-meet-requirements" /* AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */}`) {
|
|
5729
|
+
void recachePasswordPolicy(auth);
|
|
5730
|
+
}
|
|
5731
|
+
throw error;
|
|
5490
5732
|
});
|
|
5491
5733
|
const userCredential = await UserCredentialImpl._fromIdTokenResponse(authInternal, "signIn" /* OperationType.SIGN_IN */, response);
|
|
5492
5734
|
await authInternal._updateCurrentUser(userCredential.user);
|
|
@@ -5509,7 +5751,12 @@ async function createUserWithEmailAndPassword(auth, email, password) {
|
|
|
5509
5751
|
* @public
|
|
5510
5752
|
*/
|
|
5511
5753
|
function signInWithEmailAndPassword(auth, email, password) {
|
|
5512
|
-
return signInWithCredential(util.getModularInstance(auth), EmailAuthProvider.credential(email, password))
|
|
5754
|
+
return signInWithCredential(util.getModularInstance(auth), EmailAuthProvider.credential(email, password)).catch(async (error) => {
|
|
5755
|
+
if (error.code === `auth/${"password-does-not-meet-requirements" /* AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */}`) {
|
|
5756
|
+
void recachePasswordPolicy(auth);
|
|
5757
|
+
}
|
|
5758
|
+
throw error;
|
|
5759
|
+
});
|
|
5513
5760
|
}
|
|
5514
5761
|
|
|
5515
5762
|
/**
|
|
@@ -6124,8 +6371,34 @@ function setPersistence(auth, persistence) {
|
|
|
6124
6371
|
* @public
|
|
6125
6372
|
*/
|
|
6126
6373
|
function initializeRecaptchaConfig(auth) {
|
|
6374
|
+
return _initializeRecaptchaConfig(auth);
|
|
6375
|
+
}
|
|
6376
|
+
/**
|
|
6377
|
+
* Validates the password against the password policy configured for the project or tenant.
|
|
6378
|
+
*
|
|
6379
|
+
* @remarks
|
|
6380
|
+
* If no tenant ID is set on the `Auth` instance, then this method will use the password
|
|
6381
|
+
* policy configured for the project. Otherwise, this method will use the policy configured
|
|
6382
|
+
* for the tenant. If a password policy has not been configured, then the default policy
|
|
6383
|
+
* configured for all projects will be used.
|
|
6384
|
+
*
|
|
6385
|
+
* If an auth flow fails because a submitted password does not meet the password policy
|
|
6386
|
+
* requirements and this method has previously been called, then this method will use the
|
|
6387
|
+
* most recent policy available when called again.
|
|
6388
|
+
*
|
|
6389
|
+
* @example
|
|
6390
|
+
* ```javascript
|
|
6391
|
+
* validatePassword(auth, 'some-password');
|
|
6392
|
+
* ```
|
|
6393
|
+
*
|
|
6394
|
+
* @param auth The {@link Auth} instance.
|
|
6395
|
+
* @param password The password to validate.
|
|
6396
|
+
*
|
|
6397
|
+
* @public
|
|
6398
|
+
*/
|
|
6399
|
+
async function validatePassword(auth, password) {
|
|
6127
6400
|
const authInternal = _castAuth(auth);
|
|
6128
|
-
return authInternal.
|
|
6401
|
+
return authInternal.validatePassword(password);
|
|
6129
6402
|
}
|
|
6130
6403
|
/**
|
|
6131
6404
|
* Adds an observer for changes to the signed-in user's ID token.
|
|
@@ -9933,7 +10206,7 @@ function _isEmptyString(input) {
|
|
|
9933
10206
|
}
|
|
9934
10207
|
|
|
9935
10208
|
var name = "@firebase/auth";
|
|
9936
|
-
var version = "1.1.0-canary.
|
|
10209
|
+
var version = "1.1.0-canary.f497a400a";
|
|
9937
10210
|
|
|
9938
10211
|
/**
|
|
9939
10212
|
* @license
|
|
@@ -10256,6 +10529,7 @@ exports.updatePassword = updatePassword;
|
|
|
10256
10529
|
exports.updatePhoneNumber = updatePhoneNumber;
|
|
10257
10530
|
exports.updateProfile = updateProfile;
|
|
10258
10531
|
exports.useDeviceLanguage = useDeviceLanguage;
|
|
10532
|
+
exports.validatePassword = validatePassword;
|
|
10259
10533
|
exports.verifyBeforeUpdateEmail = verifyBeforeUpdateEmail;
|
|
10260
10534
|
exports.verifyPasswordResetCode = verifyPasswordResetCode;
|
|
10261
|
-
//# sourceMappingURL=index-
|
|
10535
|
+
//# sourceMappingURL=index-316b8221.js.map
|