@firebase/auth 1.1.0-canary.e037eeed6 → 1.1.0-canary.f497a400a

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (175) hide show
  1. package/README.md +28 -1
  2. package/dist/auth-public.d.ts +119 -0
  3. package/dist/auth.d.ts +179 -2
  4. package/dist/browser-cjs/{index-1a2a2779.js → index-316b8221.js} +548 -274
  5. package/dist/browser-cjs/index-316b8221.js.map +1 -0
  6. package/dist/browser-cjs/index.js +3 -2
  7. package/dist/browser-cjs/index.js.map +1 -1
  8. package/dist/browser-cjs/internal.js +3 -2
  9. package/dist/browser-cjs/internal.js.map +1 -1
  10. package/dist/browser-cjs/src/api/errors.d.ts +2 -1
  11. package/dist/browser-cjs/src/api/index.d.ts +2 -1
  12. package/dist/browser-cjs/src/api/password_policy/get_password_policy.d.ts +48 -0
  13. package/dist/browser-cjs/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  14. package/dist/browser-cjs/src/core/auth/auth_impl.d.ts +8 -2
  15. package/dist/browser-cjs/src/core/auth/password_policy_impl.d.ts +59 -0
  16. package/dist/browser-cjs/src/core/auth/password_policy_impl.test.d.ts +17 -0
  17. package/dist/browser-cjs/src/core/errors.d.ts +3 -1
  18. package/dist/browser-cjs/src/core/index.d.ts +25 -1
  19. package/dist/browser-cjs/src/model/auth.d.ts +7 -2
  20. package/dist/browser-cjs/src/model/password_policy.d.ts +111 -0
  21. package/dist/browser-cjs/src/model/public_types.d.ts +88 -0
  22. package/dist/browser-cjs/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  23. package/dist/browser-cjs/src/platform_node/index.d.ts +1 -0
  24. package/dist/browser-cjs/test/helpers/integration/helpers.d.ts +6 -0
  25. package/dist/browser-cjs/test/integration/flows/password_policy.test.d.ts +17 -0
  26. package/dist/cordova/index.js +2 -2
  27. package/dist/cordova/internal.js +2 -2
  28. package/dist/cordova/{popup_redirect-8599967b.js → popup_redirect-2410e07a.js} +737 -413
  29. package/dist/cordova/popup_redirect-2410e07a.js.map +1 -0
  30. package/dist/cordova/src/api/errors.d.ts +2 -1
  31. package/dist/cordova/src/api/index.d.ts +2 -1
  32. package/dist/cordova/src/api/password_policy/get_password_policy.d.ts +48 -0
  33. package/dist/cordova/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  34. package/dist/cordova/src/core/auth/auth_impl.d.ts +8 -2
  35. package/dist/cordova/src/core/auth/password_policy_impl.d.ts +59 -0
  36. package/dist/cordova/src/core/auth/password_policy_impl.test.d.ts +17 -0
  37. package/dist/cordova/src/core/errors.d.ts +3 -1
  38. package/dist/cordova/src/core/index.d.ts +25 -1
  39. package/dist/cordova/src/model/auth.d.ts +7 -2
  40. package/dist/cordova/src/model/password_policy.d.ts +111 -0
  41. package/dist/cordova/src/model/public_types.d.ts +88 -0
  42. package/dist/cordova/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  43. package/dist/cordova/src/platform_node/index.d.ts +1 -0
  44. package/dist/cordova/test/helpers/integration/helpers.d.ts +6 -0
  45. package/dist/cordova/test/integration/flows/password_policy.test.d.ts +17 -0
  46. package/dist/esm2017/{index-f8a66098.js → index-9be3d514.js} +548 -275
  47. package/dist/esm2017/index-9be3d514.js.map +1 -0
  48. package/dist/esm2017/index.js +2 -2
  49. package/dist/esm2017/internal.js +3 -3
  50. package/dist/esm2017/src/api/errors.d.ts +2 -1
  51. package/dist/esm2017/src/api/index.d.ts +2 -1
  52. package/dist/esm2017/src/api/password_policy/get_password_policy.d.ts +48 -0
  53. package/dist/esm2017/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  54. package/dist/esm2017/src/core/auth/auth_impl.d.ts +8 -2
  55. package/dist/esm2017/src/core/auth/password_policy_impl.d.ts +59 -0
  56. package/dist/esm2017/src/core/auth/password_policy_impl.test.d.ts +17 -0
  57. package/dist/esm2017/src/core/errors.d.ts +3 -1
  58. package/dist/esm2017/src/core/index.d.ts +25 -1
  59. package/dist/esm2017/src/model/auth.d.ts +7 -2
  60. package/dist/esm2017/src/model/password_policy.d.ts +111 -0
  61. package/dist/esm2017/src/model/public_types.d.ts +88 -0
  62. package/dist/esm2017/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  63. package/dist/esm2017/src/platform_node/index.d.ts +1 -0
  64. package/dist/esm2017/test/helpers/integration/helpers.d.ts +6 -0
  65. package/dist/esm2017/test/integration/flows/password_policy.test.d.ts +17 -0
  66. package/dist/esm5/{index-fdb9efbb.js → index-4ab2fcdf.js} +737 -413
  67. package/dist/esm5/index-4ab2fcdf.js.map +1 -0
  68. package/dist/esm5/index.js +1 -1
  69. package/dist/esm5/internal.js +2 -2
  70. package/dist/esm5/src/api/errors.d.ts +2 -1
  71. package/dist/esm5/src/api/index.d.ts +2 -1
  72. package/dist/esm5/src/api/password_policy/get_password_policy.d.ts +48 -0
  73. package/dist/esm5/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  74. package/dist/esm5/src/core/auth/auth_impl.d.ts +8 -2
  75. package/dist/esm5/src/core/auth/password_policy_impl.d.ts +59 -0
  76. package/dist/esm5/src/core/auth/password_policy_impl.test.d.ts +17 -0
  77. package/dist/esm5/src/core/errors.d.ts +3 -1
  78. package/dist/esm5/src/core/index.d.ts +25 -1
  79. package/dist/esm5/src/model/auth.d.ts +7 -2
  80. package/dist/esm5/src/model/password_policy.d.ts +111 -0
  81. package/dist/esm5/src/model/public_types.d.ts +88 -0
  82. package/dist/esm5/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  83. package/dist/esm5/src/platform_node/index.d.ts +1 -0
  84. package/dist/esm5/test/helpers/integration/helpers.d.ts +6 -0
  85. package/dist/esm5/test/integration/flows/password_policy.test.d.ts +17 -0
  86. package/dist/index.webworker.esm5.js +811 -487
  87. package/dist/index.webworker.esm5.js.map +1 -1
  88. package/dist/node/index.js +2 -1
  89. package/dist/node/index.js.map +1 -1
  90. package/dist/node/internal.js +2 -1
  91. package/dist/node/internal.js.map +1 -1
  92. package/dist/node/src/api/errors.d.ts +2 -1
  93. package/dist/node/src/api/index.d.ts +2 -1
  94. package/dist/node/src/api/password_policy/get_password_policy.d.ts +48 -0
  95. package/dist/node/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  96. package/dist/node/src/core/auth/auth_impl.d.ts +8 -2
  97. package/dist/node/src/core/auth/password_policy_impl.d.ts +59 -0
  98. package/dist/node/src/core/auth/password_policy_impl.test.d.ts +17 -0
  99. package/dist/node/src/core/errors.d.ts +3 -1
  100. package/dist/node/src/core/index.d.ts +25 -1
  101. package/dist/node/src/model/auth.d.ts +7 -2
  102. package/dist/node/src/model/password_policy.d.ts +111 -0
  103. package/dist/node/src/model/public_types.d.ts +88 -0
  104. package/dist/node/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  105. package/dist/node/src/platform_node/index.d.ts +1 -0
  106. package/dist/node/test/helpers/integration/helpers.d.ts +6 -0
  107. package/dist/node/test/integration/flows/password_policy.test.d.ts +17 -0
  108. package/dist/node/{totp-7ea0acc9.js → totp-4cc8bac4.js} +700 -375
  109. package/dist/node/totp-4cc8bac4.js.map +1 -0
  110. package/dist/node-esm/index.js +1 -1
  111. package/dist/node-esm/internal.js +2 -2
  112. package/dist/node-esm/src/api/errors.d.ts +2 -1
  113. package/dist/node-esm/src/api/index.d.ts +2 -1
  114. package/dist/node-esm/src/api/password_policy/get_password_policy.d.ts +48 -0
  115. package/dist/node-esm/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  116. package/dist/node-esm/src/core/auth/auth_impl.d.ts +8 -2
  117. package/dist/node-esm/src/core/auth/password_policy_impl.d.ts +59 -0
  118. package/dist/node-esm/src/core/auth/password_policy_impl.test.d.ts +17 -0
  119. package/dist/node-esm/src/core/errors.d.ts +3 -1
  120. package/dist/node-esm/src/core/index.d.ts +25 -1
  121. package/dist/node-esm/src/model/auth.d.ts +7 -2
  122. package/dist/node-esm/src/model/password_policy.d.ts +111 -0
  123. package/dist/node-esm/src/model/public_types.d.ts +88 -0
  124. package/dist/node-esm/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  125. package/dist/node-esm/src/platform_node/index.d.ts +1 -0
  126. package/dist/node-esm/test/helpers/integration/helpers.d.ts +6 -0
  127. package/dist/node-esm/test/integration/flows/password_policy.test.d.ts +17 -0
  128. package/dist/node-esm/{totp-af1856f8.js → totp-79809646.js} +540 -267
  129. package/dist/node-esm/totp-79809646.js.map +1 -0
  130. package/dist/rn/index.js +2 -1
  131. package/dist/rn/index.js.map +1 -1
  132. package/dist/rn/internal.js +2 -1
  133. package/dist/rn/internal.js.map +1 -1
  134. package/dist/rn/{phone-a321ec79.js → phone-87fdb2ba.js} +717 -392
  135. package/dist/rn/phone-87fdb2ba.js.map +1 -0
  136. package/dist/rn/src/api/errors.d.ts +2 -1
  137. package/dist/rn/src/api/index.d.ts +2 -1
  138. package/dist/rn/src/api/password_policy/get_password_policy.d.ts +48 -0
  139. package/dist/rn/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  140. package/dist/rn/src/core/auth/auth_impl.d.ts +8 -2
  141. package/dist/rn/src/core/auth/password_policy_impl.d.ts +59 -0
  142. package/dist/rn/src/core/auth/password_policy_impl.test.d.ts +17 -0
  143. package/dist/rn/src/core/errors.d.ts +3 -1
  144. package/dist/rn/src/core/index.d.ts +25 -1
  145. package/dist/rn/src/model/auth.d.ts +7 -2
  146. package/dist/rn/src/model/password_policy.d.ts +111 -0
  147. package/dist/rn/src/model/public_types.d.ts +88 -0
  148. package/dist/rn/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  149. package/dist/rn/src/platform_node/index.d.ts +1 -0
  150. package/dist/rn/test/helpers/integration/helpers.d.ts +6 -0
  151. package/dist/rn/test/integration/flows/password_policy.test.d.ts +17 -0
  152. package/dist/src/api/errors.d.ts +2 -1
  153. package/dist/src/api/index.d.ts +2 -1
  154. package/dist/src/api/password_policy/get_password_policy.d.ts +48 -0
  155. package/dist/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  156. package/dist/src/core/auth/auth_impl.d.ts +8 -2
  157. package/dist/src/core/auth/password_policy_impl.d.ts +59 -0
  158. package/dist/src/core/auth/password_policy_impl.test.d.ts +17 -0
  159. package/dist/src/core/errors.d.ts +3 -1
  160. package/dist/src/core/index.d.ts +25 -1
  161. package/dist/src/model/auth.d.ts +7 -2
  162. package/dist/src/model/password_policy.d.ts +111 -0
  163. package/dist/src/model/public_types.d.ts +88 -0
  164. package/dist/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  165. package/dist/src/platform_node/index.d.ts +1 -0
  166. package/dist/test/helpers/integration/helpers.d.ts +6 -0
  167. package/dist/test/integration/flows/password_policy.test.d.ts +17 -0
  168. package/package.json +6 -6
  169. package/dist/browser-cjs/index-1a2a2779.js.map +0 -1
  170. package/dist/cordova/popup_redirect-8599967b.js.map +0 -1
  171. package/dist/esm2017/index-f8a66098.js.map +0 -1
  172. package/dist/esm5/index-fdb9efbb.js.map +0 -1
  173. package/dist/node/totp-7ea0acc9.js.map +0 -1
  174. package/dist/node-esm/totp-af1856f8.js.map +0 -1
  175. package/dist/rn/phone-a321ec79.js.map +0 -1
@@ -104,6 +104,46 @@ const ActionCodeOperation = {
104
104
  VERIFY_EMAIL: 'VERIFY_EMAIL'
105
105
  };
106
106
 
107
+ /**
108
+ * @license
109
+ * Copyright 2020 Google LLC
110
+ *
111
+ * Licensed under the Apache License, Version 2.0 (the "License");
112
+ * you may not use this file except in compliance with the License.
113
+ * You may obtain a copy of the License at
114
+ *
115
+ * http://www.apache.org/licenses/LICENSE-2.0
116
+ *
117
+ * Unless required by applicable law or agreed to in writing, software
118
+ * distributed under the License is distributed on an "AS IS" BASIS,
119
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
120
+ * See the License for the specific language governing permissions and
121
+ * limitations under the License.
122
+ */
123
+ function isEnterprise(grecaptcha) {
124
+ return (grecaptcha !== undefined &&
125
+ grecaptcha.enterprise !== undefined);
126
+ }
127
+ class RecaptchaConfig {
128
+ constructor(response) {
129
+ /**
130
+ * The reCAPTCHA site key.
131
+ */
132
+ this.siteKey = '';
133
+ /**
134
+ * The reCAPTCHA enablement status of the {@link EmailAuthProvider} for the current tenant.
135
+ */
136
+ this.emailPasswordEnabled = false;
137
+ if (response.recaptchaKey === undefined) {
138
+ throw new Error('recaptchaKey undefined');
139
+ }
140
+ // Example response.recaptchaKey: "projects/proj123/keys/sitekey123"
141
+ this.siteKey = response.recaptchaKey.split('/')[3];
142
+ this.emailPasswordEnabled = response.recaptchaEnforcementState.some(enforcementState => enforcementState.provider === 'EMAIL_PASSWORD_PROVIDER' &&
143
+ enforcementState.enforcementState !== 'OFF');
144
+ }
145
+ }
146
+
107
147
  /**
108
148
  * @license
109
149
  * Copyright 2020 Google LLC
@@ -274,7 +314,9 @@ function _debugErrorMap() {
274
314
  ["missing-client-type" /* AuthErrorCode.MISSING_CLIENT_TYPE */]: 'The reCAPTCHA client type is missing when sending request to the backend.',
275
315
  ["missing-recaptcha-version" /* AuthErrorCode.MISSING_RECAPTCHA_VERSION */]: 'The reCAPTCHA version is missing when sending request to the backend.',
276
316
  ["invalid-req-type" /* AuthErrorCode.INVALID_REQ_TYPE */]: 'Invalid request parameters.',
277
- ["invalid-recaptcha-version" /* AuthErrorCode.INVALID_RECAPTCHA_VERSION */]: 'The reCAPTCHA version is invalid when sending request to the backend.'
317
+ ["invalid-recaptcha-version" /* AuthErrorCode.INVALID_RECAPTCHA_VERSION */]: 'The reCAPTCHA version is invalid when sending request to the backend.',
318
+ ["unsupported-password-policy-schema-version" /* AuthErrorCode.UNSUPPORTED_PASSWORD_POLICY_SCHEMA_VERSION */]: 'The password policy received from the backend uses a schema version that is not supported by this version of the Firebase SDK.',
319
+ ["password-does-not-meet-requirements" /* AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */]: 'The password does not meet the requirements.'
278
320
  };
279
321
  }
280
322
  function _prodErrorMap() {
@@ -778,6 +820,7 @@ const SERVER_ERROR_MAP = {
778
820
  ["USER_NOT_FOUND" /* ServerError.USER_NOT_FOUND */]: "user-token-expired" /* AuthErrorCode.TOKEN_EXPIRED */,
779
821
  // Other errors.
780
822
  ["TOO_MANY_ATTEMPTS_TRY_LATER" /* ServerError.TOO_MANY_ATTEMPTS_TRY_LATER */]: "too-many-requests" /* AuthErrorCode.TOO_MANY_ATTEMPTS_TRY_LATER */,
823
+ ["PASSWORD_DOES_NOT_MEET_REQUIREMENTS" /* ServerError.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */]: "password-does-not-meet-requirements" /* AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */,
781
824
  // Phone Auth related errors.
782
825
  ["INVALID_CODE" /* ServerError.INVALID_CODE */]: "invalid-verification-code" /* AuthErrorCode.INVALID_CODE */,
783
826
  ["INVALID_SESSION_INFO" /* ServerError.INVALID_SESSION_INFO */]: "invalid-verification-id" /* AuthErrorCode.INVALID_SESSION_INFO */,
@@ -962,6 +1005,26 @@ function _makeTaggedError(auth, code, response) {
962
1005
  return error;
963
1006
  }
964
1007
 
1008
+ /**
1009
+ * @license
1010
+ * Copyright 2020 Google LLC
1011
+ *
1012
+ * Licensed under the Apache License, Version 2.0 (the "License");
1013
+ * you may not use this file except in compliance with the License.
1014
+ * You may obtain a copy of the License at
1015
+ *
1016
+ * http://www.apache.org/licenses/LICENSE-2.0
1017
+ *
1018
+ * Unless required by applicable law or agreed to in writing, software
1019
+ * distributed under the License is distributed on an "AS IS" BASIS,
1020
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1021
+ * See the License for the specific language governing permissions and
1022
+ * limitations under the License.
1023
+ */
1024
+ async function getRecaptchaConfig(auth, request) {
1025
+ return _performApiRequest(auth, "GET" /* HttpMethod.GET */, "/v2/recaptchaConfig" /* Endpoint.GET_RECAPTCHA_CONFIG */, _addTidIfNecessary(auth, request));
1026
+ }
1027
+
965
1028
  /**
966
1029
  * @license
967
1030
  * Copyright 2020 Google LLC
@@ -2080,7 +2143,7 @@ function _getClientVersion(clientPlatform, frameworks = []) {
2080
2143
 
2081
2144
  /**
2082
2145
  * @license
2083
- * Copyright 2020 Google LLC
2146
+ * Copyright 2022 Google LLC
2084
2147
  *
2085
2148
  * Licensed under the Apache License, Version 2.0 (the "License");
2086
2149
  * you may not use this file except in compliance with the License.
@@ -2094,13 +2157,74 @@ function _getClientVersion(clientPlatform, frameworks = []) {
2094
2157
  * See the License for the specific language governing permissions and
2095
2158
  * limitations under the License.
2096
2159
  */
2097
- async function getRecaptchaConfig(auth, request) {
2098
- return _performApiRequest(auth, "GET" /* HttpMethod.GET */, "/v2/recaptchaConfig" /* Endpoint.GET_RECAPTCHA_CONFIG */, _addTidIfNecessary(auth, request));
2160
+ class AuthMiddlewareQueue {
2161
+ constructor(auth) {
2162
+ this.auth = auth;
2163
+ this.queue = [];
2164
+ }
2165
+ pushCallback(callback, onAbort) {
2166
+ // The callback could be sync or async. Wrap it into a
2167
+ // function that is always async.
2168
+ const wrappedCallback = (user) => new Promise((resolve, reject) => {
2169
+ try {
2170
+ const result = callback(user);
2171
+ // Either resolve with existing promise or wrap a non-promise
2172
+ // return value into a promise.
2173
+ resolve(result);
2174
+ }
2175
+ catch (e) {
2176
+ // Sync callback throws.
2177
+ reject(e);
2178
+ }
2179
+ });
2180
+ // Attach the onAbort if present
2181
+ wrappedCallback.onAbort = onAbort;
2182
+ this.queue.push(wrappedCallback);
2183
+ const index = this.queue.length - 1;
2184
+ return () => {
2185
+ // Unsubscribe. Replace with no-op. Do not remove from array, or it will disturb
2186
+ // indexing of other elements.
2187
+ this.queue[index] = () => Promise.resolve();
2188
+ };
2189
+ }
2190
+ async runMiddleware(nextUser) {
2191
+ if (this.auth.currentUser === nextUser) {
2192
+ return;
2193
+ }
2194
+ // While running the middleware, build a temporary stack of onAbort
2195
+ // callbacks to call if one middleware callback rejects.
2196
+ const onAbortStack = [];
2197
+ try {
2198
+ for (const beforeStateCallback of this.queue) {
2199
+ await beforeStateCallback(nextUser);
2200
+ // Only push the onAbort if the callback succeeds
2201
+ if (beforeStateCallback.onAbort) {
2202
+ onAbortStack.push(beforeStateCallback.onAbort);
2203
+ }
2204
+ }
2205
+ }
2206
+ catch (e) {
2207
+ // Run all onAbort, with separate try/catch to ignore any errors and
2208
+ // continue
2209
+ onAbortStack.reverse();
2210
+ for (const onAbort of onAbortStack) {
2211
+ try {
2212
+ onAbort();
2213
+ }
2214
+ catch (_) {
2215
+ /* swallow error */
2216
+ }
2217
+ }
2218
+ throw this.auth._errorFactory.create("login-blocked" /* AuthErrorCode.LOGIN_BLOCKED */, {
2219
+ originalMessage: e === null || e === void 0 ? void 0 : e.message
2220
+ });
2221
+ }
2222
+ }
2099
2223
  }
2100
2224
 
2101
2225
  /**
2102
2226
  * @license
2103
- * Copyright 2020 Google LLC
2227
+ * Copyright 2023 Google LLC
2104
2228
  *
2105
2229
  * Licensed under the Apache License, Version 2.0 (the "License");
2106
2230
  * you may not use this file except in compliance with the License.
@@ -2114,33 +2238,20 @@ async function getRecaptchaConfig(auth, request) {
2114
2238
  * See the License for the specific language governing permissions and
2115
2239
  * limitations under the License.
2116
2240
  */
2117
- function isEnterprise(grecaptcha) {
2118
- return (grecaptcha !== undefined &&
2119
- grecaptcha.enterprise !== undefined);
2120
- }
2121
- class RecaptchaConfig {
2122
- constructor(response) {
2123
- /**
2124
- * The reCAPTCHA site key.
2125
- */
2126
- this.siteKey = '';
2127
- /**
2128
- * The reCAPTCHA enablement status of the {@link EmailAuthProvider} for the current tenant.
2129
- */
2130
- this.emailPasswordEnabled = false;
2131
- if (response.recaptchaKey === undefined) {
2132
- throw new Error('recaptchaKey undefined');
2133
- }
2134
- // Example response.recaptchaKey: "projects/proj123/keys/sitekey123"
2135
- this.siteKey = response.recaptchaKey.split('/')[3];
2136
- this.emailPasswordEnabled = response.recaptchaEnforcementState.some(enforcementState => enforcementState.provider === 'EMAIL_PASSWORD_PROVIDER' &&
2137
- enforcementState.enforcementState !== 'OFF');
2138
- }
2241
+ /**
2242
+ * Fetches the password policy for the currently set tenant or the project if no tenant is set.
2243
+ *
2244
+ * @param auth Auth object.
2245
+ * @param request Password policy request.
2246
+ * @returns Password policy response.
2247
+ */
2248
+ async function _getPasswordPolicy(auth, request = {}) {
2249
+ return _performApiRequest(auth, "GET" /* HttpMethod.GET */, "/v2/passwordPolicy" /* Endpoint.GET_PASSWORD_POLICY */, _addTidIfNecessary(auth, request));
2139
2250
  }
2140
2251
 
2141
2252
  /**
2142
2253
  * @license
2143
- * Copyright 2020 Google LLC
2254
+ * Copyright 2023 Google LLC
2144
2255
  *
2145
2256
  * Licensed under the Apache License, Version 2.0 (the "License");
2146
2257
  * you may not use this file except in compliance with the License.
@@ -2154,229 +2265,135 @@ class RecaptchaConfig {
2154
2265
  * See the License for the specific language governing permissions and
2155
2266
  * limitations under the License.
2156
2267
  */
2157
- function getScriptParentElement() {
2158
- var _a, _b;
2159
- return (_b = (_a = document.getElementsByTagName('head')) === null || _a === void 0 ? void 0 : _a[0]) !== null && _b !== void 0 ? _b : document;
2160
- }
2161
- function _loadJS(url) {
2162
- // TODO: consider adding timeout support & cancellation
2163
- return new Promise((resolve, reject) => {
2164
- const el = document.createElement('script');
2165
- el.setAttribute('src', url);
2166
- el.onload = resolve;
2167
- el.onerror = e => {
2168
- const error = _createError("internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
2169
- error.customData = e;
2170
- reject(error);
2268
+ // Minimum min password length enforced by the backend, even if no minimum length is set.
2269
+ const MINIMUM_MIN_PASSWORD_LENGTH = 6;
2270
+ /**
2271
+ * Stores password policy requirements and provides password validation against the policy.
2272
+ *
2273
+ * @internal
2274
+ */
2275
+ class PasswordPolicyImpl {
2276
+ constructor(response) {
2277
+ var _a, _b, _c, _d;
2278
+ // Only include custom strength options defined in the response.
2279
+ const responseOptions = response.customStrengthOptions;
2280
+ this.customStrengthOptions = {};
2281
+ // TODO: Remove once the backend is updated to include the minimum min password length instead of undefined when there is no minimum length set.
2282
+ this.customStrengthOptions.minPasswordLength =
2283
+ (_a = responseOptions.minPasswordLength) !== null && _a !== void 0 ? _a : MINIMUM_MIN_PASSWORD_LENGTH;
2284
+ if (responseOptions.maxPasswordLength) {
2285
+ this.customStrengthOptions.maxPasswordLength =
2286
+ responseOptions.maxPasswordLength;
2287
+ }
2288
+ if (responseOptions.containsLowercaseCharacter !== undefined) {
2289
+ this.customStrengthOptions.containsLowercaseLetter =
2290
+ responseOptions.containsLowercaseCharacter;
2291
+ }
2292
+ if (responseOptions.containsUppercaseCharacter !== undefined) {
2293
+ this.customStrengthOptions.containsUppercaseLetter =
2294
+ responseOptions.containsUppercaseCharacter;
2295
+ }
2296
+ if (responseOptions.containsNumericCharacter !== undefined) {
2297
+ this.customStrengthOptions.containsNumericCharacter =
2298
+ responseOptions.containsNumericCharacter;
2299
+ }
2300
+ if (responseOptions.containsNonAlphanumericCharacter !== undefined) {
2301
+ this.customStrengthOptions.containsNonAlphanumericCharacter =
2302
+ responseOptions.containsNonAlphanumericCharacter;
2303
+ }
2304
+ this.enforcementState = response.enforcementState;
2305
+ if (this.enforcementState === 'ENFORCEMENT_STATE_UNSPECIFIED') {
2306
+ this.enforcementState = 'OFF';
2307
+ }
2308
+ // Use an empty string if no non-alphanumeric characters are specified in the response.
2309
+ this.allowedNonAlphanumericCharacters =
2310
+ (_c = (_b = response.allowedNonAlphanumericCharacters) === null || _b === void 0 ? void 0 : _b.join('')) !== null && _c !== void 0 ? _c : '';
2311
+ this.forceUpgradeOnSignin = (_d = response.forceUpgradeOnSignin) !== null && _d !== void 0 ? _d : false;
2312
+ this.schemaVersion = response.schemaVersion;
2313
+ }
2314
+ validatePassword(password) {
2315
+ var _a, _b, _c, _d, _e, _f;
2316
+ const status = {
2317
+ isValid: true,
2318
+ passwordPolicy: this
2171
2319
  };
2172
- el.type = 'text/javascript';
2173
- el.charset = 'UTF-8';
2174
- getScriptParentElement().appendChild(el);
2175
- });
2176
- }
2177
-
2178
- /* eslint-disable @typescript-eslint/no-require-imports */
2179
- const RECAPTCHA_ENTERPRISE_URL = 'https://www.google.com/recaptcha/enterprise.js?render=';
2180
- const RECAPTCHA_ENTERPRISE_VERIFIER_TYPE = 'recaptcha-enterprise';
2181
- const FAKE_TOKEN = 'NO_RECAPTCHA';
2182
- class RecaptchaEnterpriseVerifier {
2183
- /**
2184
- *
2185
- * @param authExtern - The corresponding Firebase {@link Auth} instance.
2186
- *
2187
- */
2188
- constructor(authExtern) {
2189
- /**
2190
- * Identifies the type of application verifier (e.g. "recaptcha-enterprise").
2191
- */
2192
- this.type = RECAPTCHA_ENTERPRISE_VERIFIER_TYPE;
2193
- this.auth = _castAuth(authExtern);
2320
+ // Check the password length and character options.
2321
+ this.validatePasswordLengthOptions(password, status);
2322
+ this.validatePasswordCharacterOptions(password, status);
2323
+ // Combine the status into single isValid property.
2324
+ status.isValid && (status.isValid = (_a = status.meetsMinPasswordLength) !== null && _a !== void 0 ? _a : true);
2325
+ status.isValid && (status.isValid = (_b = status.meetsMaxPasswordLength) !== null && _b !== void 0 ? _b : true);
2326
+ status.isValid && (status.isValid = (_c = status.containsLowercaseLetter) !== null && _c !== void 0 ? _c : true);
2327
+ status.isValid && (status.isValid = (_d = status.containsUppercaseLetter) !== null && _d !== void 0 ? _d : true);
2328
+ status.isValid && (status.isValid = (_e = status.containsNumericCharacter) !== null && _e !== void 0 ? _e : true);
2329
+ status.isValid && (status.isValid = (_f = status.containsNonAlphanumericCharacter) !== null && _f !== void 0 ? _f : true);
2330
+ return status;
2194
2331
  }
2195
2332
  /**
2196
- * Executes the verification process.
2333
+ * Validates that the password meets the length options for the policy.
2197
2334
  *
2198
- * @returns A Promise for a token that can be used to assert the validity of a request.
2335
+ * @param password Password to validate.
2336
+ * @param status Validation status.
2199
2337
  */
2200
- async verify(action = 'verify', forceRefresh = false) {
2201
- async function retrieveSiteKey(auth) {
2202
- if (!forceRefresh) {
2203
- if (auth.tenantId == null && auth._agentRecaptchaConfig != null) {
2204
- return auth._agentRecaptchaConfig.siteKey;
2205
- }
2206
- if (auth.tenantId != null &&
2207
- auth._tenantRecaptchaConfigs[auth.tenantId] !== undefined) {
2208
- return auth._tenantRecaptchaConfigs[auth.tenantId].siteKey;
2209
- }
2210
- }
2211
- return new Promise(async (resolve, reject) => {
2212
- getRecaptchaConfig(auth, {
2213
- clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */,
2214
- version: "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
2215
- })
2216
- .then(response => {
2217
- if (response.recaptchaKey === undefined) {
2218
- reject(new Error('recaptcha Enterprise site key undefined'));
2219
- }
2220
- else {
2221
- const config = new RecaptchaConfig(response);
2222
- if (auth.tenantId == null) {
2223
- auth._agentRecaptchaConfig = config;
2224
- }
2225
- else {
2226
- auth._tenantRecaptchaConfigs[auth.tenantId] = config;
2227
- }
2228
- return resolve(config.siteKey);
2229
- }
2230
- })
2231
- .catch(error => {
2232
- reject(error);
2233
- });
2234
- });
2235
- }
2236
- function retrieveRecaptchaToken(siteKey, resolve, reject) {
2237
- const grecaptcha = window.grecaptcha;
2238
- if (isEnterprise(grecaptcha)) {
2239
- grecaptcha.enterprise.ready(() => {
2240
- grecaptcha.enterprise
2241
- .execute(siteKey, { action })
2242
- .then(token => {
2243
- resolve(token);
2244
- })
2245
- .catch(() => {
2246
- resolve(FAKE_TOKEN);
2247
- });
2248
- });
2249
- }
2250
- else {
2251
- reject(Error('No reCAPTCHA enterprise script loaded.'));
2252
- }
2253
- }
2254
- return new Promise((resolve, reject) => {
2255
- retrieveSiteKey(this.auth)
2256
- .then(siteKey => {
2257
- if (!forceRefresh && isEnterprise(window.grecaptcha)) {
2258
- retrieveRecaptchaToken(siteKey, resolve, reject);
2259
- }
2260
- else {
2261
- if (typeof window === 'undefined') {
2262
- reject(new Error('RecaptchaVerifier is only supported in browser'));
2263
- return;
2264
- }
2265
- _loadJS(RECAPTCHA_ENTERPRISE_URL + siteKey)
2266
- .then(() => {
2267
- retrieveRecaptchaToken(siteKey, resolve, reject);
2268
- })
2269
- .catch(error => {
2270
- reject(error);
2271
- });
2272
- }
2273
- })
2274
- .catch(error => {
2275
- reject(error);
2276
- });
2277
- });
2278
- }
2279
- }
2280
- async function injectRecaptchaFields(auth, request, action, captchaResp = false) {
2281
- const verifier = new RecaptchaEnterpriseVerifier(auth);
2282
- let captchaResponse;
2283
- try {
2284
- captchaResponse = await verifier.verify(action);
2285
- }
2286
- catch (error) {
2287
- captchaResponse = await verifier.verify(action, true);
2288
- }
2289
- const newRequest = Object.assign({}, request);
2290
- if (!captchaResp) {
2291
- Object.assign(newRequest, { captchaResponse });
2292
- }
2293
- else {
2294
- Object.assign(newRequest, { 'captchaResp': captchaResponse });
2295
- }
2296
- Object.assign(newRequest, { 'clientType': "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */ });
2297
- Object.assign(newRequest, {
2298
- 'recaptchaVersion': "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
2299
- });
2300
- return newRequest;
2301
- }
2302
-
2303
- /**
2304
- * @license
2305
- * Copyright 2022 Google LLC
2306
- *
2307
- * Licensed under the Apache License, Version 2.0 (the "License");
2308
- * you may not use this file except in compliance with the License.
2309
- * You may obtain a copy of the License at
2310
- *
2311
- * http://www.apache.org/licenses/LICENSE-2.0
2312
- *
2313
- * Unless required by applicable law or agreed to in writing, software
2314
- * distributed under the License is distributed on an "AS IS" BASIS,
2315
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
2316
- * See the License for the specific language governing permissions and
2317
- * limitations under the License.
2318
- */
2319
- class AuthMiddlewareQueue {
2320
- constructor(auth) {
2321
- this.auth = auth;
2322
- this.queue = [];
2323
- }
2324
- pushCallback(callback, onAbort) {
2325
- // The callback could be sync or async. Wrap it into a
2326
- // function that is always async.
2327
- const wrappedCallback = (user) => new Promise((resolve, reject) => {
2328
- try {
2329
- const result = callback(user);
2330
- // Either resolve with existing promise or wrap a non-promise
2331
- // return value into a promise.
2332
- resolve(result);
2333
- }
2334
- catch (e) {
2335
- // Sync callback throws.
2336
- reject(e);
2337
- }
2338
- });
2339
- // Attach the onAbort if present
2340
- wrappedCallback.onAbort = onAbort;
2341
- this.queue.push(wrappedCallback);
2342
- const index = this.queue.length - 1;
2343
- return () => {
2344
- // Unsubscribe. Replace with no-op. Do not remove from array, or it will disturb
2345
- // indexing of other elements.
2346
- this.queue[index] = () => Promise.resolve();
2347
- };
2338
+ validatePasswordLengthOptions(password, status) {
2339
+ const minPasswordLength = this.customStrengthOptions.minPasswordLength;
2340
+ const maxPasswordLength = this.customStrengthOptions.maxPasswordLength;
2341
+ if (minPasswordLength) {
2342
+ status.meetsMinPasswordLength = password.length >= minPasswordLength;
2343
+ }
2344
+ if (maxPasswordLength) {
2345
+ status.meetsMaxPasswordLength = password.length <= maxPasswordLength;
2346
+ }
2348
2347
  }
2349
- async runMiddleware(nextUser) {
2350
- if (this.auth.currentUser === nextUser) {
2351
- return;
2348
+ /**
2349
+ * Validates that the password meets the character options for the policy.
2350
+ *
2351
+ * @param password Password to validate.
2352
+ * @param status Validation status.
2353
+ */
2354
+ validatePasswordCharacterOptions(password, status) {
2355
+ // Assign statuses for requirements even if the password is an empty string.
2356
+ this.updatePasswordCharacterOptionsStatuses(status,
2357
+ /* containsLowercaseCharacter= */ false,
2358
+ /* containsUppercaseCharacter= */ false,
2359
+ /* containsNumericCharacter= */ false,
2360
+ /* containsNonAlphanumericCharacter= */ false);
2361
+ let passwordChar;
2362
+ for (let i = 0; i < password.length; i++) {
2363
+ passwordChar = password.charAt(i);
2364
+ this.updatePasswordCharacterOptionsStatuses(status,
2365
+ /* containsLowercaseCharacter= */ passwordChar >= 'a' &&
2366
+ passwordChar <= 'z',
2367
+ /* containsUppercaseCharacter= */ passwordChar >= 'A' &&
2368
+ passwordChar <= 'Z',
2369
+ /* containsNumericCharacter= */ passwordChar >= '0' &&
2370
+ passwordChar <= '9',
2371
+ /* containsNonAlphanumericCharacter= */ this.allowedNonAlphanumericCharacters.includes(passwordChar));
2352
2372
  }
2353
- // While running the middleware, build a temporary stack of onAbort
2354
- // callbacks to call if one middleware callback rejects.
2355
- const onAbortStack = [];
2356
- try {
2357
- for (const beforeStateCallback of this.queue) {
2358
- await beforeStateCallback(nextUser);
2359
- // Only push the onAbort if the callback succeeds
2360
- if (beforeStateCallback.onAbort) {
2361
- onAbortStack.push(beforeStateCallback.onAbort);
2362
- }
2363
- }
2373
+ }
2374
+ /**
2375
+ * Updates the running validation status with the statuses for the character options.
2376
+ * Expected to be called each time a character is processed to update each option status
2377
+ * based on the current character.
2378
+ *
2379
+ * @param status Validation status.
2380
+ * @param containsLowercaseCharacter Whether the character is a lowercase letter.
2381
+ * @param containsUppercaseCharacter Whether the character is an uppercase letter.
2382
+ * @param containsNumericCharacter Whether the character is a numeric character.
2383
+ * @param containsNonAlphanumericCharacter Whether the character is a non-alphanumeric character.
2384
+ */
2385
+ updatePasswordCharacterOptionsStatuses(status, containsLowercaseCharacter, containsUppercaseCharacter, containsNumericCharacter, containsNonAlphanumericCharacter) {
2386
+ if (this.customStrengthOptions.containsLowercaseLetter) {
2387
+ status.containsLowercaseLetter || (status.containsLowercaseLetter = containsLowercaseCharacter);
2364
2388
  }
2365
- catch (e) {
2366
- // Run all onAbort, with separate try/catch to ignore any errors and
2367
- // continue
2368
- onAbortStack.reverse();
2369
- for (const onAbort of onAbortStack) {
2370
- try {
2371
- onAbort();
2372
- }
2373
- catch (_) {
2374
- /* swallow error */
2375
- }
2376
- }
2377
- throw this.auth._errorFactory.create("login-blocked" /* AuthErrorCode.LOGIN_BLOCKED */, {
2378
- originalMessage: e === null || e === void 0 ? void 0 : e.message
2379
- });
2389
+ if (this.customStrengthOptions.containsUppercaseLetter) {
2390
+ status.containsUppercaseLetter || (status.containsUppercaseLetter = containsUppercaseCharacter);
2391
+ }
2392
+ if (this.customStrengthOptions.containsNumericCharacter) {
2393
+ status.containsNumericCharacter || (status.containsNumericCharacter = containsNumericCharacter);
2394
+ }
2395
+ if (this.customStrengthOptions.containsNonAlphanumericCharacter) {
2396
+ status.containsNonAlphanumericCharacter || (status.containsNonAlphanumericCharacter = containsNonAlphanumericCharacter);
2380
2397
  }
2381
2398
  }
2382
2399
  }
@@ -2411,6 +2428,7 @@ class AuthImpl {
2411
2428
  this.beforeStateQueue = new AuthMiddlewareQueue(this);
2412
2429
  this.redirectUser = null;
2413
2430
  this.isProactiveRefreshEnabled = false;
2431
+ this.EXPECTED_PASSWORD_POLICY_SCHEMA_VERSION = 1;
2414
2432
  // Any network calls will set this to true and prevent subsequent emulator
2415
2433
  // initialization
2416
2434
  this._canInitEmulator = true;
@@ -2421,6 +2439,8 @@ class AuthImpl {
2421
2439
  this._errorFactory = _DEFAULT_AUTH_ERROR_FACTORY;
2422
2440
  this._agentRecaptchaConfig = null;
2423
2441
  this._tenantRecaptchaConfigs = {};
2442
+ this._projectPasswordPolicy = null;
2443
+ this._tenantPasswordPolicies = {};
2424
2444
  // Tracks the last notified UID for state change listeners to prevent
2425
2445
  // repeated calls to the callbacks. Undefined means it's never been
2426
2446
  // called, whereas null means it's been called with a signed out user
@@ -2640,29 +2660,44 @@ class AuthImpl {
2640
2660
  await this.assertedPersistence.setPersistence(_getInstance(persistence));
2641
2661
  });
2642
2662
  }
2643
- async initializeRecaptchaConfig() {
2644
- const response = await getRecaptchaConfig(this, {
2645
- clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */,
2646
- version: "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
2647
- });
2648
- const config = new RecaptchaConfig(response);
2663
+ _getRecaptchaConfig() {
2649
2664
  if (this.tenantId == null) {
2650
- this._agentRecaptchaConfig = config;
2665
+ return this._agentRecaptchaConfig;
2651
2666
  }
2652
2667
  else {
2653
- this._tenantRecaptchaConfigs[this.tenantId] = config;
2668
+ return this._tenantRecaptchaConfigs[this.tenantId];
2654
2669
  }
2655
- if (config.emailPasswordEnabled) {
2656
- const verifier = new RecaptchaEnterpriseVerifier(this);
2657
- void verifier.verify();
2670
+ }
2671
+ async validatePassword(password) {
2672
+ if (!this._getPasswordPolicyInternal()) {
2673
+ await this._updatePasswordPolicy();
2674
+ }
2675
+ // Password policy will be defined after fetching.
2676
+ const passwordPolicy = this._getPasswordPolicyInternal();
2677
+ // Check that the policy schema version is supported by the SDK.
2678
+ // TODO: Update this logic to use a max supported policy schema version once we have multiple schema versions.
2679
+ if (passwordPolicy.schemaVersion !==
2680
+ this.EXPECTED_PASSWORD_POLICY_SCHEMA_VERSION) {
2681
+ return Promise.reject(this._errorFactory.create("unsupported-password-policy-schema-version" /* AuthErrorCode.UNSUPPORTED_PASSWORD_POLICY_SCHEMA_VERSION */, {}));
2658
2682
  }
2683
+ return passwordPolicy.validatePassword(password);
2659
2684
  }
2660
- _getRecaptchaConfig() {
2661
- if (this.tenantId == null) {
2662
- return this._agentRecaptchaConfig;
2685
+ _getPasswordPolicyInternal() {
2686
+ if (this.tenantId === null) {
2687
+ return this._projectPasswordPolicy;
2663
2688
  }
2664
2689
  else {
2665
- return this._tenantRecaptchaConfigs[this.tenantId];
2690
+ return this._tenantPasswordPolicies[this.tenantId];
2691
+ }
2692
+ }
2693
+ async _updatePasswordPolicy() {
2694
+ const response = await _getPasswordPolicy(this);
2695
+ const passwordPolicy = new PasswordPolicyImpl(response);
2696
+ if (this.tenantId === null) {
2697
+ this._projectPasswordPolicy = passwordPolicy;
2698
+ }
2699
+ else {
2700
+ this._tenantPasswordPolicies[this.tenantId] = passwordPolicy;
2666
2701
  }
2667
2702
  }
2668
2703
  _getPersistence() {
@@ -2900,6 +2935,186 @@ class Subscription {
2900
2935
  }
2901
2936
  }
2902
2937
 
2938
+ /**
2939
+ * @license
2940
+ * Copyright 2020 Google LLC
2941
+ *
2942
+ * Licensed under the Apache License, Version 2.0 (the "License");
2943
+ * you may not use this file except in compliance with the License.
2944
+ * You may obtain a copy of the License at
2945
+ *
2946
+ * http://www.apache.org/licenses/LICENSE-2.0
2947
+ *
2948
+ * Unless required by applicable law or agreed to in writing, software
2949
+ * distributed under the License is distributed on an "AS IS" BASIS,
2950
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
2951
+ * See the License for the specific language governing permissions and
2952
+ * limitations under the License.
2953
+ */
2954
+ function getScriptParentElement() {
2955
+ var _a, _b;
2956
+ return (_b = (_a = document.getElementsByTagName('head')) === null || _a === void 0 ? void 0 : _a[0]) !== null && _b !== void 0 ? _b : document;
2957
+ }
2958
+ function _loadJS(url) {
2959
+ // TODO: consider adding timeout support & cancellation
2960
+ return new Promise((resolve, reject) => {
2961
+ const el = document.createElement('script');
2962
+ el.setAttribute('src', url);
2963
+ el.onload = resolve;
2964
+ el.onerror = e => {
2965
+ const error = _createError("internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
2966
+ error.customData = e;
2967
+ reject(error);
2968
+ };
2969
+ el.type = 'text/javascript';
2970
+ el.charset = 'UTF-8';
2971
+ getScriptParentElement().appendChild(el);
2972
+ });
2973
+ }
2974
+
2975
+ /* eslint-disable @typescript-eslint/no-require-imports */
2976
+ const RECAPTCHA_ENTERPRISE_URL = 'https://www.google.com/recaptcha/enterprise.js?render=';
2977
+ const RECAPTCHA_ENTERPRISE_VERIFIER_TYPE = 'recaptcha-enterprise';
2978
+ const FAKE_TOKEN = 'NO_RECAPTCHA';
2979
+ class RecaptchaEnterpriseVerifier {
2980
+ /**
2981
+ *
2982
+ * @param authExtern - The corresponding Firebase {@link Auth} instance.
2983
+ *
2984
+ */
2985
+ constructor(authExtern) {
2986
+ /**
2987
+ * Identifies the type of application verifier (e.g. "recaptcha-enterprise").
2988
+ */
2989
+ this.type = RECAPTCHA_ENTERPRISE_VERIFIER_TYPE;
2990
+ this.auth = _castAuth(authExtern);
2991
+ }
2992
+ /**
2993
+ * Executes the verification process.
2994
+ *
2995
+ * @returns A Promise for a token that can be used to assert the validity of a request.
2996
+ */
2997
+ async verify(action = 'verify', forceRefresh = false) {
2998
+ async function retrieveSiteKey(auth) {
2999
+ if (!forceRefresh) {
3000
+ if (auth.tenantId == null && auth._agentRecaptchaConfig != null) {
3001
+ return auth._agentRecaptchaConfig.siteKey;
3002
+ }
3003
+ if (auth.tenantId != null &&
3004
+ auth._tenantRecaptchaConfigs[auth.tenantId] !== undefined) {
3005
+ return auth._tenantRecaptchaConfigs[auth.tenantId].siteKey;
3006
+ }
3007
+ }
3008
+ return new Promise(async (resolve, reject) => {
3009
+ getRecaptchaConfig(auth, {
3010
+ clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */,
3011
+ version: "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
3012
+ })
3013
+ .then(response => {
3014
+ if (response.recaptchaKey === undefined) {
3015
+ reject(new Error('recaptcha Enterprise site key undefined'));
3016
+ }
3017
+ else {
3018
+ const config = new RecaptchaConfig(response);
3019
+ if (auth.tenantId == null) {
3020
+ auth._agentRecaptchaConfig = config;
3021
+ }
3022
+ else {
3023
+ auth._tenantRecaptchaConfigs[auth.tenantId] = config;
3024
+ }
3025
+ return resolve(config.siteKey);
3026
+ }
3027
+ })
3028
+ .catch(error => {
3029
+ reject(error);
3030
+ });
3031
+ });
3032
+ }
3033
+ function retrieveRecaptchaToken(siteKey, resolve, reject) {
3034
+ const grecaptcha = window.grecaptcha;
3035
+ if (isEnterprise(grecaptcha)) {
3036
+ grecaptcha.enterprise.ready(() => {
3037
+ grecaptcha.enterprise
3038
+ .execute(siteKey, { action })
3039
+ .then(token => {
3040
+ resolve(token);
3041
+ })
3042
+ .catch(() => {
3043
+ resolve(FAKE_TOKEN);
3044
+ });
3045
+ });
3046
+ }
3047
+ else {
3048
+ reject(Error('No reCAPTCHA enterprise script loaded.'));
3049
+ }
3050
+ }
3051
+ return new Promise((resolve, reject) => {
3052
+ retrieveSiteKey(this.auth)
3053
+ .then(siteKey => {
3054
+ if (!forceRefresh && isEnterprise(window.grecaptcha)) {
3055
+ retrieveRecaptchaToken(siteKey, resolve, reject);
3056
+ }
3057
+ else {
3058
+ if (typeof window === 'undefined') {
3059
+ reject(new Error('RecaptchaVerifier is only supported in browser'));
3060
+ return;
3061
+ }
3062
+ _loadJS(RECAPTCHA_ENTERPRISE_URL + siteKey)
3063
+ .then(() => {
3064
+ retrieveRecaptchaToken(siteKey, resolve, reject);
3065
+ })
3066
+ .catch(error => {
3067
+ reject(error);
3068
+ });
3069
+ }
3070
+ })
3071
+ .catch(error => {
3072
+ reject(error);
3073
+ });
3074
+ });
3075
+ }
3076
+ }
3077
+ async function injectRecaptchaFields(auth, request, action, captchaResp = false) {
3078
+ const verifier = new RecaptchaEnterpriseVerifier(auth);
3079
+ let captchaResponse;
3080
+ try {
3081
+ captchaResponse = await verifier.verify(action);
3082
+ }
3083
+ catch (error) {
3084
+ captchaResponse = await verifier.verify(action, true);
3085
+ }
3086
+ const newRequest = Object.assign({}, request);
3087
+ if (!captchaResp) {
3088
+ Object.assign(newRequest, { captchaResponse });
3089
+ }
3090
+ else {
3091
+ Object.assign(newRequest, { 'captchaResp': captchaResponse });
3092
+ }
3093
+ Object.assign(newRequest, { 'clientType': "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */ });
3094
+ Object.assign(newRequest, {
3095
+ 'recaptchaVersion': "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
3096
+ });
3097
+ return newRequest;
3098
+ }
3099
+ async function _initializeRecaptchaConfig(auth) {
3100
+ const authInternal = _castAuth(auth);
3101
+ const response = await getRecaptchaConfig(authInternal, {
3102
+ clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */,
3103
+ version: "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
3104
+ });
3105
+ const config = new RecaptchaConfig(response);
3106
+ if (authInternal.tenantId == null) {
3107
+ authInternal._agentRecaptchaConfig = config;
3108
+ }
3109
+ else {
3110
+ authInternal._tenantRecaptchaConfigs[authInternal.tenantId] = config;
3111
+ }
3112
+ if (config.emailPasswordEnabled) {
3113
+ const verifier = new RecaptchaEnterpriseVerifier(authInternal);
3114
+ void verifier.verify();
3115
+ }
3116
+ }
3117
+
2903
3118
  /**
2904
3119
  * @license
2905
3120
  * Copyright 2020 Google LLC
@@ -5254,6 +5469,25 @@ function _setActionCodeSettingsOnRequest(auth, request, actionCodeSettings) {
5254
5469
  * See the License for the specific language governing permissions and
5255
5470
  * limitations under the License.
5256
5471
  */
5472
+ /**
5473
+ * Updates the password policy cached in the {@link Auth} instance if a policy is already
5474
+ * cached for the project or tenant.
5475
+ *
5476
+ * @remarks
5477
+ * We only fetch the password policy if the password did not meet policy requirements and
5478
+ * there is an existing policy cached. A developer must call validatePassword at least
5479
+ * once for the cache to be automatically updated.
5480
+ *
5481
+ * @param auth - The {@link Auth} instance.
5482
+ *
5483
+ * @private
5484
+ */
5485
+ async function recachePasswordPolicy(auth) {
5486
+ const authInternal = _castAuth(auth);
5487
+ if (authInternal._getPasswordPolicyInternal()) {
5488
+ await authInternal._updatePasswordPolicy();
5489
+ }
5490
+ }
5257
5491
  /**
5258
5492
  * Sends a password reset email to the given email address.
5259
5493
  *
@@ -5334,6 +5568,13 @@ async function confirmPasswordReset(auth, oobCode, newPassword) {
5334
5568
  await resetPassword(getModularInstance(auth), {
5335
5569
  oobCode,
5336
5570
  newPassword
5571
+ })
5572
+ .catch(async (error) => {
5573
+ if (error.code ===
5574
+ `auth/${"password-does-not-meet-requirements" /* AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */}`) {
5575
+ void recachePasswordPolicy(auth);
5576
+ }
5577
+ throw error;
5337
5578
  });
5338
5579
  // Do not return the email.
5339
5580
  }
@@ -5452,13 +5693,14 @@ async function createUserWithEmailAndPassword(auth, email, password) {
5452
5693
  const requestWithRecaptcha = await injectRecaptchaFields(authInternal, request, "signUpPassword" /* RecaptchaActionName.SIGN_UP_PASSWORD */);
5453
5694
  return signUp(authInternal, requestWithRecaptcha);
5454
5695
  }
5455
- else {
5456
- return Promise.reject(error);
5457
- }
5696
+ throw error;
5458
5697
  });
5459
5698
  }
5460
5699
  const response = await signUpResponse.catch(error => {
5461
- return Promise.reject(error);
5700
+ if (error.code === `auth/${"password-does-not-meet-requirements" /* AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */}`) {
5701
+ void recachePasswordPolicy(auth);
5702
+ }
5703
+ throw error;
5462
5704
  });
5463
5705
  const userCredential = await UserCredentialImpl._fromIdTokenResponse(authInternal, "signIn" /* OperationType.SIGN_IN */, response);
5464
5706
  await authInternal._updateCurrentUser(userCredential.user);
@@ -5481,7 +5723,12 @@ async function createUserWithEmailAndPassword(auth, email, password) {
5481
5723
  * @public
5482
5724
  */
5483
5725
  function signInWithEmailAndPassword(auth, email, password) {
5484
- return signInWithCredential(getModularInstance(auth), EmailAuthProvider.credential(email, password));
5726
+ return signInWithCredential(getModularInstance(auth), EmailAuthProvider.credential(email, password)).catch(async (error) => {
5727
+ if (error.code === `auth/${"password-does-not-meet-requirements" /* AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */}`) {
5728
+ void recachePasswordPolicy(auth);
5729
+ }
5730
+ throw error;
5731
+ });
5485
5732
  }
5486
5733
 
5487
5734
  /**
@@ -6096,8 +6343,34 @@ function setPersistence(auth, persistence) {
6096
6343
  * @public
6097
6344
  */
6098
6345
  function initializeRecaptchaConfig(auth) {
6346
+ return _initializeRecaptchaConfig(auth);
6347
+ }
6348
+ /**
6349
+ * Validates the password against the password policy configured for the project or tenant.
6350
+ *
6351
+ * @remarks
6352
+ * If no tenant ID is set on the `Auth` instance, then this method will use the password
6353
+ * policy configured for the project. Otherwise, this method will use the policy configured
6354
+ * for the tenant. If a password policy has not been configured, then the default policy
6355
+ * configured for all projects will be used.
6356
+ *
6357
+ * If an auth flow fails because a submitted password does not meet the password policy
6358
+ * requirements and this method has previously been called, then this method will use the
6359
+ * most recent policy available when called again.
6360
+ *
6361
+ * @example
6362
+ * ```javascript
6363
+ * validatePassword(auth, 'some-password');
6364
+ * ```
6365
+ *
6366
+ * @param auth The {@link Auth} instance.
6367
+ * @param password The password to validate.
6368
+ *
6369
+ * @public
6370
+ */
6371
+ async function validatePassword(auth, password) {
6099
6372
  const authInternal = _castAuth(auth);
6100
- return authInternal.initializeRecaptchaConfig();
6373
+ return authInternal.validatePassword(password);
6101
6374
  }
6102
6375
  /**
6103
6376
  * Adds an observer for changes to the signed-in user's ID token.
@@ -6428,7 +6701,7 @@ function multiFactor(user) {
6428
6701
  }
6429
6702
 
6430
6703
  var name = "@firebase/auth";
6431
- var version = "1.1.0-canary.e037eeed6";
6704
+ var version = "1.1.0-canary.f497a400a";
6432
6705
 
6433
6706
  /**
6434
6707
  * @license
@@ -6837,5 +7110,5 @@ function _isEmptyString(input) {
6837
7110
  return typeof input === 'undefined' || (input === null || input === void 0 ? void 0 : input.length) === 0;
6838
7111
  }
6839
7112
 
6840
- export { signInWithCredential as $, ActionCodeOperation as A, signOut as B, deleteUser as C, debugErrorMap as D, prodErrorMap as E, FactorId as F, AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY as G, initializeAuth as H, connectAuthEmulator as I, AuthCredential as J, EmailAuthCredential as K, OAuthCredential as L, PhoneAuthCredential as M, inMemoryPersistence as N, OperationType as O, PhoneAuthProvider as P, EmailAuthProvider as Q, RecaptchaVerifier as R, SignInMethod as S, TotpMultiFactorGenerator as T, FacebookAuthProvider as U, GoogleAuthProvider as V, GithubAuthProvider as W, OAuthProvider as X, SAMLAuthProvider as Y, TwitterAuthProvider as Z, signInAnonymously as _, browserSessionPersistence as a, linkWithCredential as a0, reauthenticateWithCredential as a1, signInWithCustomToken as a2, sendPasswordResetEmail as a3, confirmPasswordReset as a4, applyActionCode as a5, checkActionCode as a6, verifyPasswordResetCode as a7, createUserWithEmailAndPassword as a8, signInWithEmailAndPassword as a9, _persistenceKeyName as aA, _castAuth as aB, FederatedAuthProvider as aC, BaseOAuthProvider as aD, _emulatorUrl as aE, _performApiRequest as aF, _isIOS as aG, _isAndroid as aH, _isIOS7Or8 as aI, _createError as aJ, _isIframe as aK, _isMobileBrowser as aL, _isIE10 as aM, _isSafari as aN, UserImpl as aO, AuthImpl as aP, _getClientVersion as aQ, FetchProvider as aR, SAMLAuthCredential as aS, sendSignInLinkToEmail as aa, isSignInWithEmailLink as ab, signInWithEmailLink as ac, fetchSignInMethodsForEmail as ad, sendEmailVerification as ae, verifyBeforeUpdateEmail as af, ActionCodeURL as ag, parseActionCodeURL as ah, updateProfile as ai, updateEmail as aj, updatePassword as ak, getIdToken as al, getIdTokenResult as am, unlink as an, getAdditionalUserInfo as ao, reload as ap, getMultiFactorResolver as aq, multiFactor as ar, _getInstance as as, _assert as at, _signInWithCredential as au, _reauthenticate as av, _link as aw, signInWithIdp as ax, _fail as ay, debugAssert as az, browserLocalPersistence as b, signInWithPopup as c, linkWithPopup as d, reauthenticateWithPopup as e, signInWithRedirect as f, linkWithRedirect as g, reauthenticateWithRedirect as h, indexedDBLocalPersistence as i, getRedirectResult as j, browserPopupRedirectResolver as k, linkWithPhoneNumber as l, PhoneMultiFactorGenerator as m, TotpSecret as n, getAuth as o, ProviderId as p, setPersistence as q, reauthenticateWithPhoneNumber as r, signInWithPhoneNumber as s, initializeRecaptchaConfig as t, updatePhoneNumber as u, onIdTokenChanged as v, beforeAuthStateChanged as w, onAuthStateChanged as x, useDeviceLanguage as y, updateCurrentUser as z };
6841
- //# sourceMappingURL=totp-af1856f8.js.map
7113
+ export { signInAnonymously as $, ActionCodeOperation as A, updateCurrentUser as B, signOut as C, deleteUser as D, debugErrorMap as E, FactorId as F, prodErrorMap as G, AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY as H, initializeAuth as I, connectAuthEmulator as J, AuthCredential as K, EmailAuthCredential as L, OAuthCredential as M, PhoneAuthCredential as N, OperationType as O, PhoneAuthProvider as P, inMemoryPersistence as Q, RecaptchaVerifier as R, SignInMethod as S, TotpMultiFactorGenerator as T, EmailAuthProvider as U, FacebookAuthProvider as V, GoogleAuthProvider as W, GithubAuthProvider as X, OAuthProvider as Y, SAMLAuthProvider as Z, TwitterAuthProvider as _, browserSessionPersistence as a, signInWithCredential as a0, linkWithCredential as a1, reauthenticateWithCredential as a2, signInWithCustomToken as a3, sendPasswordResetEmail as a4, confirmPasswordReset as a5, applyActionCode as a6, checkActionCode as a7, verifyPasswordResetCode as a8, createUserWithEmailAndPassword as a9, debugAssert as aA, _persistenceKeyName as aB, _castAuth as aC, FederatedAuthProvider as aD, BaseOAuthProvider as aE, _emulatorUrl as aF, _performApiRequest as aG, _isIOS as aH, _isAndroid as aI, _isIOS7Or8 as aJ, _createError as aK, _isIframe as aL, _isMobileBrowser as aM, _isIE10 as aN, _isSafari as aO, UserImpl as aP, AuthImpl as aQ, _getClientVersion as aR, FetchProvider as aS, SAMLAuthCredential as aT, signInWithEmailAndPassword as aa, sendSignInLinkToEmail as ab, isSignInWithEmailLink as ac, signInWithEmailLink as ad, fetchSignInMethodsForEmail as ae, sendEmailVerification as af, verifyBeforeUpdateEmail as ag, ActionCodeURL as ah, parseActionCodeURL as ai, updateProfile as aj, updateEmail as ak, updatePassword as al, getIdToken as am, getIdTokenResult as an, unlink as ao, getAdditionalUserInfo as ap, reload as aq, getMultiFactorResolver as ar, multiFactor as as, _getInstance as at, _assert as au, _signInWithCredential as av, _reauthenticate as aw, _link as ax, signInWithIdp as ay, _fail as az, browserLocalPersistence as b, signInWithPopup as c, linkWithPopup as d, reauthenticateWithPopup as e, signInWithRedirect as f, linkWithRedirect as g, reauthenticateWithRedirect as h, indexedDBLocalPersistence as i, getRedirectResult as j, browserPopupRedirectResolver as k, linkWithPhoneNumber as l, PhoneMultiFactorGenerator as m, TotpSecret as n, getAuth as o, ProviderId as p, setPersistence as q, reauthenticateWithPhoneNumber as r, signInWithPhoneNumber as s, initializeRecaptchaConfig as t, updatePhoneNumber as u, validatePassword as v, onIdTokenChanged as w, beforeAuthStateChanged as x, onAuthStateChanged as y, useDeviceLanguage as z };
7114
+ //# sourceMappingURL=totp-79809646.js.map