@firebase/auth 1.1.0-canary.e037eeed6 → 1.1.0-canary.f497a400a

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (175) hide show
  1. package/README.md +28 -1
  2. package/dist/auth-public.d.ts +119 -0
  3. package/dist/auth.d.ts +179 -2
  4. package/dist/browser-cjs/{index-1a2a2779.js → index-316b8221.js} +548 -274
  5. package/dist/browser-cjs/index-316b8221.js.map +1 -0
  6. package/dist/browser-cjs/index.js +3 -2
  7. package/dist/browser-cjs/index.js.map +1 -1
  8. package/dist/browser-cjs/internal.js +3 -2
  9. package/dist/browser-cjs/internal.js.map +1 -1
  10. package/dist/browser-cjs/src/api/errors.d.ts +2 -1
  11. package/dist/browser-cjs/src/api/index.d.ts +2 -1
  12. package/dist/browser-cjs/src/api/password_policy/get_password_policy.d.ts +48 -0
  13. package/dist/browser-cjs/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  14. package/dist/browser-cjs/src/core/auth/auth_impl.d.ts +8 -2
  15. package/dist/browser-cjs/src/core/auth/password_policy_impl.d.ts +59 -0
  16. package/dist/browser-cjs/src/core/auth/password_policy_impl.test.d.ts +17 -0
  17. package/dist/browser-cjs/src/core/errors.d.ts +3 -1
  18. package/dist/browser-cjs/src/core/index.d.ts +25 -1
  19. package/dist/browser-cjs/src/model/auth.d.ts +7 -2
  20. package/dist/browser-cjs/src/model/password_policy.d.ts +111 -0
  21. package/dist/browser-cjs/src/model/public_types.d.ts +88 -0
  22. package/dist/browser-cjs/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  23. package/dist/browser-cjs/src/platform_node/index.d.ts +1 -0
  24. package/dist/browser-cjs/test/helpers/integration/helpers.d.ts +6 -0
  25. package/dist/browser-cjs/test/integration/flows/password_policy.test.d.ts +17 -0
  26. package/dist/cordova/index.js +2 -2
  27. package/dist/cordova/internal.js +2 -2
  28. package/dist/cordova/{popup_redirect-8599967b.js → popup_redirect-2410e07a.js} +737 -413
  29. package/dist/cordova/popup_redirect-2410e07a.js.map +1 -0
  30. package/dist/cordova/src/api/errors.d.ts +2 -1
  31. package/dist/cordova/src/api/index.d.ts +2 -1
  32. package/dist/cordova/src/api/password_policy/get_password_policy.d.ts +48 -0
  33. package/dist/cordova/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  34. package/dist/cordova/src/core/auth/auth_impl.d.ts +8 -2
  35. package/dist/cordova/src/core/auth/password_policy_impl.d.ts +59 -0
  36. package/dist/cordova/src/core/auth/password_policy_impl.test.d.ts +17 -0
  37. package/dist/cordova/src/core/errors.d.ts +3 -1
  38. package/dist/cordova/src/core/index.d.ts +25 -1
  39. package/dist/cordova/src/model/auth.d.ts +7 -2
  40. package/dist/cordova/src/model/password_policy.d.ts +111 -0
  41. package/dist/cordova/src/model/public_types.d.ts +88 -0
  42. package/dist/cordova/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  43. package/dist/cordova/src/platform_node/index.d.ts +1 -0
  44. package/dist/cordova/test/helpers/integration/helpers.d.ts +6 -0
  45. package/dist/cordova/test/integration/flows/password_policy.test.d.ts +17 -0
  46. package/dist/esm2017/{index-f8a66098.js → index-9be3d514.js} +548 -275
  47. package/dist/esm2017/index-9be3d514.js.map +1 -0
  48. package/dist/esm2017/index.js +2 -2
  49. package/dist/esm2017/internal.js +3 -3
  50. package/dist/esm2017/src/api/errors.d.ts +2 -1
  51. package/dist/esm2017/src/api/index.d.ts +2 -1
  52. package/dist/esm2017/src/api/password_policy/get_password_policy.d.ts +48 -0
  53. package/dist/esm2017/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  54. package/dist/esm2017/src/core/auth/auth_impl.d.ts +8 -2
  55. package/dist/esm2017/src/core/auth/password_policy_impl.d.ts +59 -0
  56. package/dist/esm2017/src/core/auth/password_policy_impl.test.d.ts +17 -0
  57. package/dist/esm2017/src/core/errors.d.ts +3 -1
  58. package/dist/esm2017/src/core/index.d.ts +25 -1
  59. package/dist/esm2017/src/model/auth.d.ts +7 -2
  60. package/dist/esm2017/src/model/password_policy.d.ts +111 -0
  61. package/dist/esm2017/src/model/public_types.d.ts +88 -0
  62. package/dist/esm2017/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  63. package/dist/esm2017/src/platform_node/index.d.ts +1 -0
  64. package/dist/esm2017/test/helpers/integration/helpers.d.ts +6 -0
  65. package/dist/esm2017/test/integration/flows/password_policy.test.d.ts +17 -0
  66. package/dist/esm5/{index-fdb9efbb.js → index-4ab2fcdf.js} +737 -413
  67. package/dist/esm5/index-4ab2fcdf.js.map +1 -0
  68. package/dist/esm5/index.js +1 -1
  69. package/dist/esm5/internal.js +2 -2
  70. package/dist/esm5/src/api/errors.d.ts +2 -1
  71. package/dist/esm5/src/api/index.d.ts +2 -1
  72. package/dist/esm5/src/api/password_policy/get_password_policy.d.ts +48 -0
  73. package/dist/esm5/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  74. package/dist/esm5/src/core/auth/auth_impl.d.ts +8 -2
  75. package/dist/esm5/src/core/auth/password_policy_impl.d.ts +59 -0
  76. package/dist/esm5/src/core/auth/password_policy_impl.test.d.ts +17 -0
  77. package/dist/esm5/src/core/errors.d.ts +3 -1
  78. package/dist/esm5/src/core/index.d.ts +25 -1
  79. package/dist/esm5/src/model/auth.d.ts +7 -2
  80. package/dist/esm5/src/model/password_policy.d.ts +111 -0
  81. package/dist/esm5/src/model/public_types.d.ts +88 -0
  82. package/dist/esm5/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  83. package/dist/esm5/src/platform_node/index.d.ts +1 -0
  84. package/dist/esm5/test/helpers/integration/helpers.d.ts +6 -0
  85. package/dist/esm5/test/integration/flows/password_policy.test.d.ts +17 -0
  86. package/dist/index.webworker.esm5.js +811 -487
  87. package/dist/index.webworker.esm5.js.map +1 -1
  88. package/dist/node/index.js +2 -1
  89. package/dist/node/index.js.map +1 -1
  90. package/dist/node/internal.js +2 -1
  91. package/dist/node/internal.js.map +1 -1
  92. package/dist/node/src/api/errors.d.ts +2 -1
  93. package/dist/node/src/api/index.d.ts +2 -1
  94. package/dist/node/src/api/password_policy/get_password_policy.d.ts +48 -0
  95. package/dist/node/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  96. package/dist/node/src/core/auth/auth_impl.d.ts +8 -2
  97. package/dist/node/src/core/auth/password_policy_impl.d.ts +59 -0
  98. package/dist/node/src/core/auth/password_policy_impl.test.d.ts +17 -0
  99. package/dist/node/src/core/errors.d.ts +3 -1
  100. package/dist/node/src/core/index.d.ts +25 -1
  101. package/dist/node/src/model/auth.d.ts +7 -2
  102. package/dist/node/src/model/password_policy.d.ts +111 -0
  103. package/dist/node/src/model/public_types.d.ts +88 -0
  104. package/dist/node/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  105. package/dist/node/src/platform_node/index.d.ts +1 -0
  106. package/dist/node/test/helpers/integration/helpers.d.ts +6 -0
  107. package/dist/node/test/integration/flows/password_policy.test.d.ts +17 -0
  108. package/dist/node/{totp-7ea0acc9.js → totp-4cc8bac4.js} +700 -375
  109. package/dist/node/totp-4cc8bac4.js.map +1 -0
  110. package/dist/node-esm/index.js +1 -1
  111. package/dist/node-esm/internal.js +2 -2
  112. package/dist/node-esm/src/api/errors.d.ts +2 -1
  113. package/dist/node-esm/src/api/index.d.ts +2 -1
  114. package/dist/node-esm/src/api/password_policy/get_password_policy.d.ts +48 -0
  115. package/dist/node-esm/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  116. package/dist/node-esm/src/core/auth/auth_impl.d.ts +8 -2
  117. package/dist/node-esm/src/core/auth/password_policy_impl.d.ts +59 -0
  118. package/dist/node-esm/src/core/auth/password_policy_impl.test.d.ts +17 -0
  119. package/dist/node-esm/src/core/errors.d.ts +3 -1
  120. package/dist/node-esm/src/core/index.d.ts +25 -1
  121. package/dist/node-esm/src/model/auth.d.ts +7 -2
  122. package/dist/node-esm/src/model/password_policy.d.ts +111 -0
  123. package/dist/node-esm/src/model/public_types.d.ts +88 -0
  124. package/dist/node-esm/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  125. package/dist/node-esm/src/platform_node/index.d.ts +1 -0
  126. package/dist/node-esm/test/helpers/integration/helpers.d.ts +6 -0
  127. package/dist/node-esm/test/integration/flows/password_policy.test.d.ts +17 -0
  128. package/dist/node-esm/{totp-af1856f8.js → totp-79809646.js} +540 -267
  129. package/dist/node-esm/totp-79809646.js.map +1 -0
  130. package/dist/rn/index.js +2 -1
  131. package/dist/rn/index.js.map +1 -1
  132. package/dist/rn/internal.js +2 -1
  133. package/dist/rn/internal.js.map +1 -1
  134. package/dist/rn/{phone-a321ec79.js → phone-87fdb2ba.js} +717 -392
  135. package/dist/rn/phone-87fdb2ba.js.map +1 -0
  136. package/dist/rn/src/api/errors.d.ts +2 -1
  137. package/dist/rn/src/api/index.d.ts +2 -1
  138. package/dist/rn/src/api/password_policy/get_password_policy.d.ts +48 -0
  139. package/dist/rn/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  140. package/dist/rn/src/core/auth/auth_impl.d.ts +8 -2
  141. package/dist/rn/src/core/auth/password_policy_impl.d.ts +59 -0
  142. package/dist/rn/src/core/auth/password_policy_impl.test.d.ts +17 -0
  143. package/dist/rn/src/core/errors.d.ts +3 -1
  144. package/dist/rn/src/core/index.d.ts +25 -1
  145. package/dist/rn/src/model/auth.d.ts +7 -2
  146. package/dist/rn/src/model/password_policy.d.ts +111 -0
  147. package/dist/rn/src/model/public_types.d.ts +88 -0
  148. package/dist/rn/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  149. package/dist/rn/src/platform_node/index.d.ts +1 -0
  150. package/dist/rn/test/helpers/integration/helpers.d.ts +6 -0
  151. package/dist/rn/test/integration/flows/password_policy.test.d.ts +17 -0
  152. package/dist/src/api/errors.d.ts +2 -1
  153. package/dist/src/api/index.d.ts +2 -1
  154. package/dist/src/api/password_policy/get_password_policy.d.ts +48 -0
  155. package/dist/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  156. package/dist/src/core/auth/auth_impl.d.ts +8 -2
  157. package/dist/src/core/auth/password_policy_impl.d.ts +59 -0
  158. package/dist/src/core/auth/password_policy_impl.test.d.ts +17 -0
  159. package/dist/src/core/errors.d.ts +3 -1
  160. package/dist/src/core/index.d.ts +25 -1
  161. package/dist/src/model/auth.d.ts +7 -2
  162. package/dist/src/model/password_policy.d.ts +111 -0
  163. package/dist/src/model/public_types.d.ts +88 -0
  164. package/dist/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  165. package/dist/src/platform_node/index.d.ts +1 -0
  166. package/dist/test/helpers/integration/helpers.d.ts +6 -0
  167. package/dist/test/integration/flows/password_policy.test.d.ts +17 -0
  168. package/package.json +6 -6
  169. package/dist/browser-cjs/index-1a2a2779.js.map +0 -1
  170. package/dist/cordova/popup_redirect-8599967b.js.map +0 -1
  171. package/dist/esm2017/index-f8a66098.js.map +0 -1
  172. package/dist/esm5/index-fdb9efbb.js.map +0 -1
  173. package/dist/node/totp-7ea0acc9.js.map +0 -1
  174. package/dist/node-esm/totp-af1856f8.js.map +0 -1
  175. package/dist/rn/phone-a321ec79.js.map +0 -1
@@ -918,6 +918,53 @@ var IndexedDBLocalPersistence = /** @class */ (function () {
918
918
  */
919
919
  var indexedDBLocalPersistence = IndexedDBLocalPersistence;
920
920
 
921
+ /**
922
+ * @license
923
+ * Copyright 2020 Google LLC
924
+ *
925
+ * Licensed under the Apache License, Version 2.0 (the "License");
926
+ * you may not use this file except in compliance with the License.
927
+ * You may obtain a copy of the License at
928
+ *
929
+ * http://www.apache.org/licenses/LICENSE-2.0
930
+ *
931
+ * Unless required by applicable law or agreed to in writing, software
932
+ * distributed under the License is distributed on an "AS IS" BASIS,
933
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
934
+ * See the License for the specific language governing permissions and
935
+ * limitations under the License.
936
+ */
937
+ function isV2(grecaptcha) {
938
+ return (grecaptcha !== undefined &&
939
+ grecaptcha.getResponse !== undefined);
940
+ }
941
+ function isEnterprise(grecaptcha) {
942
+ return (grecaptcha !== undefined &&
943
+ grecaptcha.enterprise !== undefined);
944
+ }
945
+ var RecaptchaConfig = /** @class */ (function () {
946
+ function RecaptchaConfig(response) {
947
+ /**
948
+ * The reCAPTCHA site key.
949
+ */
950
+ this.siteKey = '';
951
+ /**
952
+ * The reCAPTCHA enablement status of the {@link EmailAuthProvider} for the current tenant.
953
+ */
954
+ this.emailPasswordEnabled = false;
955
+ if (response.recaptchaKey === undefined) {
956
+ throw new Error('recaptchaKey undefined');
957
+ }
958
+ // Example response.recaptchaKey: "projects/proj123/keys/sitekey123"
959
+ this.siteKey = response.recaptchaKey.split('/')[3];
960
+ this.emailPasswordEnabled = response.recaptchaEnforcementState.some(function (enforcementState) {
961
+ return enforcementState.provider === 'EMAIL_PASSWORD_PROVIDER' &&
962
+ enforcementState.enforcementState !== 'OFF';
963
+ });
964
+ }
965
+ return RecaptchaConfig;
966
+ }());
967
+
921
968
  /**
922
969
  * @license
923
970
  * Copyright 2020 Google LLC
@@ -1090,6 +1137,8 @@ function _debugErrorMap() {
1090
1137
  _a["missing-recaptcha-version" /* AuthErrorCode.MISSING_RECAPTCHA_VERSION */] = 'The reCAPTCHA version is missing when sending request to the backend.',
1091
1138
  _a["invalid-req-type" /* AuthErrorCode.INVALID_REQ_TYPE */] = 'Invalid request parameters.',
1092
1139
  _a["invalid-recaptcha-version" /* AuthErrorCode.INVALID_RECAPTCHA_VERSION */] = 'The reCAPTCHA version is invalid when sending request to the backend.',
1140
+ _a["unsupported-password-policy-schema-version" /* AuthErrorCode.UNSUPPORTED_PASSWORD_POLICY_SCHEMA_VERSION */] = 'The password policy received from the backend uses a schema version that is not supported by this version of the Firebase SDK.',
1141
+ _a["password-does-not-meet-requirements" /* AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */] = 'The password does not meet the requirements.',
1093
1142
  _a;
1094
1143
  }
1095
1144
  function _prodErrorMap() {
@@ -1635,6 +1684,7 @@ var SERVER_ERROR_MAP = (_a$1 = {},
1635
1684
  _a$1["USER_NOT_FOUND" /* ServerError.USER_NOT_FOUND */] = "user-token-expired" /* AuthErrorCode.TOKEN_EXPIRED */,
1636
1685
  // Other errors.
1637
1686
  _a$1["TOO_MANY_ATTEMPTS_TRY_LATER" /* ServerError.TOO_MANY_ATTEMPTS_TRY_LATER */] = "too-many-requests" /* AuthErrorCode.TOO_MANY_ATTEMPTS_TRY_LATER */,
1687
+ _a$1["PASSWORD_DOES_NOT_MEET_REQUIREMENTS" /* ServerError.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */] = "password-does-not-meet-requirements" /* AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */,
1638
1688
  // Phone Auth related errors.
1639
1689
  _a$1["INVALID_CODE" /* ServerError.INVALID_CODE */] = "invalid-verification-code" /* AuthErrorCode.INVALID_CODE */,
1640
1690
  _a$1["INVALID_SESSION_INFO" /* ServerError.INVALID_SESSION_INFO */] = "invalid-verification-id" /* AuthErrorCode.INVALID_SESSION_INFO */,
@@ -1860,6 +1910,40 @@ function _makeTaggedError(auth, code, response) {
1860
1910
  return error;
1861
1911
  }
1862
1912
 
1913
+ /**
1914
+ * @license
1915
+ * Copyright 2020 Google LLC
1916
+ *
1917
+ * Licensed under the Apache License, Version 2.0 (the "License");
1918
+ * you may not use this file except in compliance with the License.
1919
+ * You may obtain a copy of the License at
1920
+ *
1921
+ * http://www.apache.org/licenses/LICENSE-2.0
1922
+ *
1923
+ * Unless required by applicable law or agreed to in writing, software
1924
+ * distributed under the License is distributed on an "AS IS" BASIS,
1925
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1926
+ * See the License for the specific language governing permissions and
1927
+ * limitations under the License.
1928
+ */
1929
+ function getRecaptchaParams(auth) {
1930
+ return __awaiter(this, void 0, void 0, function () {
1931
+ return __generator(this, function (_a) {
1932
+ switch (_a.label) {
1933
+ case 0: return [4 /*yield*/, _performApiRequest(auth, "GET" /* HttpMethod.GET */, "/v1/recaptchaParams" /* Endpoint.GET_RECAPTCHA_PARAM */)];
1934
+ case 1: return [2 /*return*/, ((_a.sent()).recaptchaSiteKey || '')];
1935
+ }
1936
+ });
1937
+ });
1938
+ }
1939
+ function getRecaptchaConfig(auth, request) {
1940
+ return __awaiter(this, void 0, void 0, function () {
1941
+ return __generator(this, function (_a) {
1942
+ return [2 /*return*/, _performApiRequest(auth, "GET" /* HttpMethod.GET */, "/v2/recaptchaConfig" /* Endpoint.GET_RECAPTCHA_CONFIG */, _addTidIfNecessary(auth, request))];
1943
+ });
1944
+ });
1945
+ }
1946
+
1863
1947
  /**
1864
1948
  * @license
1865
1949
  * Copyright 2020 Google LLC
@@ -3258,7 +3342,7 @@ function _getClientVersion(clientPlatform, frameworks) {
3258
3342
 
3259
3343
  /**
3260
3344
  * @license
3261
- * Copyright 2020 Google LLC
3345
+ * Copyright 2022 Google LLC
3262
3346
  *
3263
3347
  * Licensed under the Apache License, Version 2.0 (the "License");
3264
3348
  * you may not use this file except in compliance with the License.
@@ -3272,27 +3356,129 @@ function _getClientVersion(clientPlatform, frameworks) {
3272
3356
  * See the License for the specific language governing permissions and
3273
3357
  * limitations under the License.
3274
3358
  */
3275
- function getRecaptchaParams(auth) {
3276
- return __awaiter(this, void 0, void 0, function () {
3277
- return __generator(this, function (_a) {
3278
- switch (_a.label) {
3279
- case 0: return [4 /*yield*/, _performApiRequest(auth, "GET" /* HttpMethod.GET */, "/v1/recaptchaParams" /* Endpoint.GET_RECAPTCHA_PARAM */)];
3280
- case 1: return [2 /*return*/, ((_a.sent()).recaptchaSiteKey || '')];
3281
- }
3359
+ var AuthMiddlewareQueue = /** @class */ (function () {
3360
+ function AuthMiddlewareQueue(auth) {
3361
+ this.auth = auth;
3362
+ this.queue = [];
3363
+ }
3364
+ AuthMiddlewareQueue.prototype.pushCallback = function (callback, onAbort) {
3365
+ var _this = this;
3366
+ // The callback could be sync or async. Wrap it into a
3367
+ // function that is always async.
3368
+ var wrappedCallback = function (user) {
3369
+ return new Promise(function (resolve, reject) {
3370
+ try {
3371
+ var result = callback(user);
3372
+ // Either resolve with existing promise or wrap a non-promise
3373
+ // return value into a promise.
3374
+ resolve(result);
3375
+ }
3376
+ catch (e) {
3377
+ // Sync callback throws.
3378
+ reject(e);
3379
+ }
3380
+ });
3381
+ };
3382
+ // Attach the onAbort if present
3383
+ wrappedCallback.onAbort = onAbort;
3384
+ this.queue.push(wrappedCallback);
3385
+ var index = this.queue.length - 1;
3386
+ return function () {
3387
+ // Unsubscribe. Replace with no-op. Do not remove from array, or it will disturb
3388
+ // indexing of other elements.
3389
+ _this.queue[index] = function () { return Promise.resolve(); };
3390
+ };
3391
+ };
3392
+ AuthMiddlewareQueue.prototype.runMiddleware = function (nextUser) {
3393
+ return __awaiter(this, void 0, void 0, function () {
3394
+ var onAbortStack, _i, _a, beforeStateCallback, e_1, _b, onAbortStack_1, onAbort;
3395
+ return __generator(this, function (_c) {
3396
+ switch (_c.label) {
3397
+ case 0:
3398
+ if (this.auth.currentUser === nextUser) {
3399
+ return [2 /*return*/];
3400
+ }
3401
+ onAbortStack = [];
3402
+ _c.label = 1;
3403
+ case 1:
3404
+ _c.trys.push([1, 6, , 7]);
3405
+ _i = 0, _a = this.queue;
3406
+ _c.label = 2;
3407
+ case 2:
3408
+ if (!(_i < _a.length)) return [3 /*break*/, 5];
3409
+ beforeStateCallback = _a[_i];
3410
+ return [4 /*yield*/, beforeStateCallback(nextUser)];
3411
+ case 3:
3412
+ _c.sent();
3413
+ // Only push the onAbort if the callback succeeds
3414
+ if (beforeStateCallback.onAbort) {
3415
+ onAbortStack.push(beforeStateCallback.onAbort);
3416
+ }
3417
+ _c.label = 4;
3418
+ case 4:
3419
+ _i++;
3420
+ return [3 /*break*/, 2];
3421
+ case 5: return [3 /*break*/, 7];
3422
+ case 6:
3423
+ e_1 = _c.sent();
3424
+ // Run all onAbort, with separate try/catch to ignore any errors and
3425
+ // continue
3426
+ onAbortStack.reverse();
3427
+ for (_b = 0, onAbortStack_1 = onAbortStack; _b < onAbortStack_1.length; _b++) {
3428
+ onAbort = onAbortStack_1[_b];
3429
+ try {
3430
+ onAbort();
3431
+ }
3432
+ catch (_) {
3433
+ /* swallow error */
3434
+ }
3435
+ }
3436
+ throw this.auth._errorFactory.create("login-blocked" /* AuthErrorCode.LOGIN_BLOCKED */, {
3437
+ originalMessage: e_1 === null || e_1 === void 0 ? void 0 : e_1.message
3438
+ });
3439
+ case 7: return [2 /*return*/];
3440
+ }
3441
+ });
3282
3442
  });
3283
- });
3284
- }
3285
- function getRecaptchaConfig(auth, request) {
3443
+ };
3444
+ return AuthMiddlewareQueue;
3445
+ }());
3446
+
3447
+ /**
3448
+ * @license
3449
+ * Copyright 2023 Google LLC
3450
+ *
3451
+ * Licensed under the Apache License, Version 2.0 (the "License");
3452
+ * you may not use this file except in compliance with the License.
3453
+ * You may obtain a copy of the License at
3454
+ *
3455
+ * http://www.apache.org/licenses/LICENSE-2.0
3456
+ *
3457
+ * Unless required by applicable law or agreed to in writing, software
3458
+ * distributed under the License is distributed on an "AS IS" BASIS,
3459
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
3460
+ * See the License for the specific language governing permissions and
3461
+ * limitations under the License.
3462
+ */
3463
+ /**
3464
+ * Fetches the password policy for the currently set tenant or the project if no tenant is set.
3465
+ *
3466
+ * @param auth Auth object.
3467
+ * @param request Password policy request.
3468
+ * @returns Password policy response.
3469
+ */
3470
+ function _getPasswordPolicy(auth, request) {
3471
+ if (request === void 0) { request = {}; }
3286
3472
  return __awaiter(this, void 0, void 0, function () {
3287
3473
  return __generator(this, function (_a) {
3288
- return [2 /*return*/, _performApiRequest(auth, "GET" /* HttpMethod.GET */, "/v2/recaptchaConfig" /* Endpoint.GET_RECAPTCHA_CONFIG */, _addTidIfNecessary(auth, request))];
3474
+ return [2 /*return*/, _performApiRequest(auth, "GET" /* HttpMethod.GET */, "/v2/passwordPolicy" /* Endpoint.GET_PASSWORD_POLICY */, _addTidIfNecessary(auth, request))];
3289
3475
  });
3290
3476
  });
3291
3477
  }
3292
3478
 
3293
3479
  /**
3294
3480
  * @license
3295
- * Copyright 2020 Google LLC
3481
+ * Copyright 2023 Google LLC
3296
3482
  *
3297
3483
  * Licensed under the Apache License, Version 2.0 (the "License");
3298
3484
  * you may not use this file except in compliance with the License.
@@ -3306,336 +3492,138 @@ function getRecaptchaConfig(auth, request) {
3306
3492
  * See the License for the specific language governing permissions and
3307
3493
  * limitations under the License.
3308
3494
  */
3309
- function isV2(grecaptcha) {
3310
- return (grecaptcha !== undefined &&
3311
- grecaptcha.getResponse !== undefined);
3312
- }
3313
- function isEnterprise(grecaptcha) {
3314
- return (grecaptcha !== undefined &&
3315
- grecaptcha.enterprise !== undefined);
3316
- }
3317
- var RecaptchaConfig = /** @class */ (function () {
3318
- function RecaptchaConfig(response) {
3319
- /**
3320
- * The reCAPTCHA site key.
3321
- */
3322
- this.siteKey = '';
3323
- /**
3324
- * The reCAPTCHA enablement status of the {@link EmailAuthProvider} for the current tenant.
3325
- */
3326
- this.emailPasswordEnabled = false;
3327
- if (response.recaptchaKey === undefined) {
3328
- throw new Error('recaptchaKey undefined');
3495
+ // Minimum min password length enforced by the backend, even if no minimum length is set.
3496
+ var MINIMUM_MIN_PASSWORD_LENGTH = 6;
3497
+ /**
3498
+ * Stores password policy requirements and provides password validation against the policy.
3499
+ *
3500
+ * @internal
3501
+ */
3502
+ var PasswordPolicyImpl = /** @class */ (function () {
3503
+ function PasswordPolicyImpl(response) {
3504
+ var _a, _b, _c, _d;
3505
+ // Only include custom strength options defined in the response.
3506
+ var responseOptions = response.customStrengthOptions;
3507
+ this.customStrengthOptions = {};
3508
+ // TODO: Remove once the backend is updated to include the minimum min password length instead of undefined when there is no minimum length set.
3509
+ this.customStrengthOptions.minPasswordLength =
3510
+ (_a = responseOptions.minPasswordLength) !== null && _a !== void 0 ? _a : MINIMUM_MIN_PASSWORD_LENGTH;
3511
+ if (responseOptions.maxPasswordLength) {
3512
+ this.customStrengthOptions.maxPasswordLength =
3513
+ responseOptions.maxPasswordLength;
3514
+ }
3515
+ if (responseOptions.containsLowercaseCharacter !== undefined) {
3516
+ this.customStrengthOptions.containsLowercaseLetter =
3517
+ responseOptions.containsLowercaseCharacter;
3518
+ }
3519
+ if (responseOptions.containsUppercaseCharacter !== undefined) {
3520
+ this.customStrengthOptions.containsUppercaseLetter =
3521
+ responseOptions.containsUppercaseCharacter;
3522
+ }
3523
+ if (responseOptions.containsNumericCharacter !== undefined) {
3524
+ this.customStrengthOptions.containsNumericCharacter =
3525
+ responseOptions.containsNumericCharacter;
3526
+ }
3527
+ if (responseOptions.containsNonAlphanumericCharacter !== undefined) {
3528
+ this.customStrengthOptions.containsNonAlphanumericCharacter =
3529
+ responseOptions.containsNonAlphanumericCharacter;
3530
+ }
3531
+ this.enforcementState = response.enforcementState;
3532
+ if (this.enforcementState === 'ENFORCEMENT_STATE_UNSPECIFIED') {
3533
+ this.enforcementState = 'OFF';
3534
+ }
3535
+ // Use an empty string if no non-alphanumeric characters are specified in the response.
3536
+ this.allowedNonAlphanumericCharacters =
3537
+ (_c = (_b = response.allowedNonAlphanumericCharacters) === null || _b === void 0 ? void 0 : _b.join('')) !== null && _c !== void 0 ? _c : '';
3538
+ this.forceUpgradeOnSignin = (_d = response.forceUpgradeOnSignin) !== null && _d !== void 0 ? _d : false;
3539
+ this.schemaVersion = response.schemaVersion;
3540
+ }
3541
+ PasswordPolicyImpl.prototype.validatePassword = function (password) {
3542
+ var _a, _b, _c, _d, _e, _f;
3543
+ var status = {
3544
+ isValid: true,
3545
+ passwordPolicy: this
3546
+ };
3547
+ // Check the password length and character options.
3548
+ this.validatePasswordLengthOptions(password, status);
3549
+ this.validatePasswordCharacterOptions(password, status);
3550
+ // Combine the status into single isValid property.
3551
+ status.isValid && (status.isValid = (_a = status.meetsMinPasswordLength) !== null && _a !== void 0 ? _a : true);
3552
+ status.isValid && (status.isValid = (_b = status.meetsMaxPasswordLength) !== null && _b !== void 0 ? _b : true);
3553
+ status.isValid && (status.isValid = (_c = status.containsLowercaseLetter) !== null && _c !== void 0 ? _c : true);
3554
+ status.isValid && (status.isValid = (_d = status.containsUppercaseLetter) !== null && _d !== void 0 ? _d : true);
3555
+ status.isValid && (status.isValid = (_e = status.containsNumericCharacter) !== null && _e !== void 0 ? _e : true);
3556
+ status.isValid && (status.isValid = (_f = status.containsNonAlphanumericCharacter) !== null && _f !== void 0 ? _f : true);
3557
+ return status;
3558
+ };
3559
+ /**
3560
+ * Validates that the password meets the length options for the policy.
3561
+ *
3562
+ * @param password Password to validate.
3563
+ * @param status Validation status.
3564
+ */
3565
+ PasswordPolicyImpl.prototype.validatePasswordLengthOptions = function (password, status) {
3566
+ var minPasswordLength = this.customStrengthOptions.minPasswordLength;
3567
+ var maxPasswordLength = this.customStrengthOptions.maxPasswordLength;
3568
+ if (minPasswordLength) {
3569
+ status.meetsMinPasswordLength = password.length >= minPasswordLength;
3329
3570
  }
3330
- // Example response.recaptchaKey: "projects/proj123/keys/sitekey123"
3331
- this.siteKey = response.recaptchaKey.split('/')[3];
3332
- this.emailPasswordEnabled = response.recaptchaEnforcementState.some(function (enforcementState) {
3333
- return enforcementState.provider === 'EMAIL_PASSWORD_PROVIDER' &&
3334
- enforcementState.enforcementState !== 'OFF';
3335
- });
3336
- }
3337
- return RecaptchaConfig;
3338
- }());
3339
-
3340
- /**
3341
- * @license
3342
- * Copyright 2020 Google LLC
3343
- *
3344
- * Licensed under the Apache License, Version 2.0 (the "License");
3345
- * you may not use this file except in compliance with the License.
3346
- * You may obtain a copy of the License at
3347
- *
3348
- * http://www.apache.org/licenses/LICENSE-2.0
3349
- *
3350
- * Unless required by applicable law or agreed to in writing, software
3351
- * distributed under the License is distributed on an "AS IS" BASIS,
3352
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
3353
- * See the License for the specific language governing permissions and
3354
- * limitations under the License.
3355
- */
3356
- function getScriptParentElement() {
3357
- var _a, _b;
3358
- return (_b = (_a = document.getElementsByTagName('head')) === null || _a === void 0 ? void 0 : _a[0]) !== null && _b !== void 0 ? _b : document;
3359
- }
3360
- function _loadJS(url) {
3361
- // TODO: consider adding timeout support & cancellation
3362
- return new Promise(function (resolve, reject) {
3363
- var el = document.createElement('script');
3364
- el.setAttribute('src', url);
3365
- el.onload = resolve;
3366
- el.onerror = function (e) {
3367
- var error = _createError("internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
3368
- error.customData = e;
3369
- reject(error);
3370
- };
3371
- el.type = 'text/javascript';
3372
- el.charset = 'UTF-8';
3373
- getScriptParentElement().appendChild(el);
3374
- });
3375
- }
3376
- function _generateCallbackName(prefix) {
3377
- return "__".concat(prefix).concat(Math.floor(Math.random() * 1000000));
3378
- }
3379
-
3380
- /* eslint-disable @typescript-eslint/no-require-imports */
3381
- var RECAPTCHA_ENTERPRISE_URL = 'https://www.google.com/recaptcha/enterprise.js?render=';
3382
- var RECAPTCHA_ENTERPRISE_VERIFIER_TYPE = 'recaptcha-enterprise';
3383
- var FAKE_TOKEN = 'NO_RECAPTCHA';
3384
- var RecaptchaEnterpriseVerifier = /** @class */ (function () {
3385
- /**
3386
- *
3387
- * @param authExtern - The corresponding Firebase {@link Auth} instance.
3388
- *
3389
- */
3390
- function RecaptchaEnterpriseVerifier(authExtern) {
3391
- /**
3392
- * Identifies the type of application verifier (e.g. "recaptcha-enterprise").
3393
- */
3394
- this.type = RECAPTCHA_ENTERPRISE_VERIFIER_TYPE;
3395
- this.auth = _castAuth(authExtern);
3396
- }
3397
- /**
3398
- * Executes the verification process.
3399
- *
3400
- * @returns A Promise for a token that can be used to assert the validity of a request.
3401
- */
3402
- RecaptchaEnterpriseVerifier.prototype.verify = function (action, forceRefresh) {
3403
- if (action === void 0) { action = 'verify'; }
3404
- if (forceRefresh === void 0) { forceRefresh = false; }
3405
- return __awaiter(this, void 0, void 0, function () {
3406
- function retrieveSiteKey(auth) {
3407
- return __awaiter(this, void 0, void 0, function () {
3408
- var _this = this;
3409
- return __generator(this, function (_a) {
3410
- if (!forceRefresh) {
3411
- if (auth.tenantId == null && auth._agentRecaptchaConfig != null) {
3412
- return [2 /*return*/, auth._agentRecaptchaConfig.siteKey];
3413
- }
3414
- if (auth.tenantId != null &&
3415
- auth._tenantRecaptchaConfigs[auth.tenantId] !== undefined) {
3416
- return [2 /*return*/, auth._tenantRecaptchaConfigs[auth.tenantId].siteKey];
3417
- }
3418
- }
3419
- return [2 /*return*/, new Promise(function (resolve, reject) { return __awaiter(_this, void 0, void 0, function () {
3420
- return __generator(this, function (_a) {
3421
- getRecaptchaConfig(auth, {
3422
- clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */,
3423
- version: "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
3424
- })
3425
- .then(function (response) {
3426
- if (response.recaptchaKey === undefined) {
3427
- reject(new Error('recaptcha Enterprise site key undefined'));
3428
- }
3429
- else {
3430
- var config = new RecaptchaConfig(response);
3431
- if (auth.tenantId == null) {
3432
- auth._agentRecaptchaConfig = config;
3433
- }
3434
- else {
3435
- auth._tenantRecaptchaConfigs[auth.tenantId] = config;
3436
- }
3437
- return resolve(config.siteKey);
3438
- }
3439
- })
3440
- .catch(function (error) {
3441
- reject(error);
3442
- });
3443
- return [2 /*return*/];
3444
- });
3445
- }); })];
3446
- });
3447
- });
3448
- }
3449
- function retrieveRecaptchaToken(siteKey, resolve, reject) {
3450
- var grecaptcha = window.grecaptcha;
3451
- if (isEnterprise(grecaptcha)) {
3452
- grecaptcha.enterprise.ready(function () {
3453
- grecaptcha.enterprise
3454
- .execute(siteKey, { action: action })
3455
- .then(function (token) {
3456
- resolve(token);
3457
- })
3458
- .catch(function () {
3459
- resolve(FAKE_TOKEN);
3460
- });
3461
- });
3462
- }
3463
- else {
3464
- reject(Error('No reCAPTCHA enterprise script loaded.'));
3465
- }
3466
- }
3467
- var _this = this;
3468
- return __generator(this, function (_a) {
3469
- return [2 /*return*/, new Promise(function (resolve, reject) {
3470
- retrieveSiteKey(_this.auth)
3471
- .then(function (siteKey) {
3472
- if (!forceRefresh && isEnterprise(window.grecaptcha)) {
3473
- retrieveRecaptchaToken(siteKey, resolve, reject);
3474
- }
3475
- else {
3476
- if (typeof window === 'undefined') {
3477
- reject(new Error('RecaptchaVerifier is only supported in browser'));
3478
- return;
3479
- }
3480
- _loadJS(RECAPTCHA_ENTERPRISE_URL + siteKey)
3481
- .then(function () {
3482
- retrieveRecaptchaToken(siteKey, resolve, reject);
3483
- })
3484
- .catch(function (error) {
3485
- reject(error);
3486
- });
3487
- }
3488
- })
3489
- .catch(function (error) {
3490
- reject(error);
3491
- });
3492
- })];
3493
- });
3494
- });
3495
- };
3496
- return RecaptchaEnterpriseVerifier;
3497
- }());
3498
- function injectRecaptchaFields(auth, request, action, captchaResp) {
3499
- if (captchaResp === void 0) { captchaResp = false; }
3500
- return __awaiter(this, void 0, void 0, function () {
3501
- var verifier, captchaResponse, newRequest;
3502
- return __generator(this, function (_a) {
3503
- switch (_a.label) {
3504
- case 0:
3505
- verifier = new RecaptchaEnterpriseVerifier(auth);
3506
- _a.label = 1;
3507
- case 1:
3508
- _a.trys.push([1, 3, , 5]);
3509
- return [4 /*yield*/, verifier.verify(action)];
3510
- case 2:
3511
- captchaResponse = _a.sent();
3512
- return [3 /*break*/, 5];
3513
- case 3:
3514
- _a.sent();
3515
- return [4 /*yield*/, verifier.verify(action, true)];
3516
- case 4:
3517
- captchaResponse = _a.sent();
3518
- return [3 /*break*/, 5];
3519
- case 5:
3520
- newRequest = __assign({}, request);
3521
- if (!captchaResp) {
3522
- Object.assign(newRequest, { captchaResponse: captchaResponse });
3523
- }
3524
- else {
3525
- Object.assign(newRequest, { 'captchaResp': captchaResponse });
3526
- }
3527
- Object.assign(newRequest, { 'clientType': "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */ });
3528
- Object.assign(newRequest, {
3529
- 'recaptchaVersion': "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
3530
- });
3531
- return [2 /*return*/, newRequest];
3532
- }
3533
- });
3534
- });
3535
- }
3536
-
3537
- /**
3538
- * @license
3539
- * Copyright 2022 Google LLC
3540
- *
3541
- * Licensed under the Apache License, Version 2.0 (the "License");
3542
- * you may not use this file except in compliance with the License.
3543
- * You may obtain a copy of the License at
3544
- *
3545
- * http://www.apache.org/licenses/LICENSE-2.0
3546
- *
3547
- * Unless required by applicable law or agreed to in writing, software
3548
- * distributed under the License is distributed on an "AS IS" BASIS,
3549
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
3550
- * See the License for the specific language governing permissions and
3551
- * limitations under the License.
3552
- */
3553
- var AuthMiddlewareQueue = /** @class */ (function () {
3554
- function AuthMiddlewareQueue(auth) {
3555
- this.auth = auth;
3556
- this.queue = [];
3557
- }
3558
- AuthMiddlewareQueue.prototype.pushCallback = function (callback, onAbort) {
3559
- var _this = this;
3560
- // The callback could be sync or async. Wrap it into a
3561
- // function that is always async.
3562
- var wrappedCallback = function (user) {
3563
- return new Promise(function (resolve, reject) {
3564
- try {
3565
- var result = callback(user);
3566
- // Either resolve with existing promise or wrap a non-promise
3567
- // return value into a promise.
3568
- resolve(result);
3569
- }
3570
- catch (e) {
3571
- // Sync callback throws.
3572
- reject(e);
3573
- }
3574
- });
3575
- };
3576
- // Attach the onAbort if present
3577
- wrappedCallback.onAbort = onAbort;
3578
- this.queue.push(wrappedCallback);
3579
- var index = this.queue.length - 1;
3580
- return function () {
3581
- // Unsubscribe. Replace with no-op. Do not remove from array, or it will disturb
3582
- // indexing of other elements.
3583
- _this.queue[index] = function () { return Promise.resolve(); };
3584
- };
3585
- };
3586
- AuthMiddlewareQueue.prototype.runMiddleware = function (nextUser) {
3587
- return __awaiter(this, void 0, void 0, function () {
3588
- var onAbortStack, _i, _a, beforeStateCallback, e_1, _b, onAbortStack_1, onAbort;
3589
- return __generator(this, function (_c) {
3590
- switch (_c.label) {
3591
- case 0:
3592
- if (this.auth.currentUser === nextUser) {
3593
- return [2 /*return*/];
3594
- }
3595
- onAbortStack = [];
3596
- _c.label = 1;
3597
- case 1:
3598
- _c.trys.push([1, 6, , 7]);
3599
- _i = 0, _a = this.queue;
3600
- _c.label = 2;
3601
- case 2:
3602
- if (!(_i < _a.length)) return [3 /*break*/, 5];
3603
- beforeStateCallback = _a[_i];
3604
- return [4 /*yield*/, beforeStateCallback(nextUser)];
3605
- case 3:
3606
- _c.sent();
3607
- // Only push the onAbort if the callback succeeds
3608
- if (beforeStateCallback.onAbort) {
3609
- onAbortStack.push(beforeStateCallback.onAbort);
3610
- }
3611
- _c.label = 4;
3612
- case 4:
3613
- _i++;
3614
- return [3 /*break*/, 2];
3615
- case 5: return [3 /*break*/, 7];
3616
- case 6:
3617
- e_1 = _c.sent();
3618
- // Run all onAbort, with separate try/catch to ignore any errors and
3619
- // continue
3620
- onAbortStack.reverse();
3621
- for (_b = 0, onAbortStack_1 = onAbortStack; _b < onAbortStack_1.length; _b++) {
3622
- onAbort = onAbortStack_1[_b];
3623
- try {
3624
- onAbort();
3625
- }
3626
- catch (_) {
3627
- /* swallow error */
3628
- }
3629
- }
3630
- throw this.auth._errorFactory.create("login-blocked" /* AuthErrorCode.LOGIN_BLOCKED */, {
3631
- originalMessage: e_1 === null || e_1 === void 0 ? void 0 : e_1.message
3632
- });
3633
- case 7: return [2 /*return*/];
3634
- }
3635
- });
3636
- });
3637
- };
3638
- return AuthMiddlewareQueue;
3571
+ if (maxPasswordLength) {
3572
+ status.meetsMaxPasswordLength = password.length <= maxPasswordLength;
3573
+ }
3574
+ };
3575
+ /**
3576
+ * Validates that the password meets the character options for the policy.
3577
+ *
3578
+ * @param password Password to validate.
3579
+ * @param status Validation status.
3580
+ */
3581
+ PasswordPolicyImpl.prototype.validatePasswordCharacterOptions = function (password, status) {
3582
+ // Assign statuses for requirements even if the password is an empty string.
3583
+ this.updatePasswordCharacterOptionsStatuses(status,
3584
+ /* containsLowercaseCharacter= */ false,
3585
+ /* containsUppercaseCharacter= */ false,
3586
+ /* containsNumericCharacter= */ false,
3587
+ /* containsNonAlphanumericCharacter= */ false);
3588
+ var passwordChar;
3589
+ for (var i = 0; i < password.length; i++) {
3590
+ passwordChar = password.charAt(i);
3591
+ this.updatePasswordCharacterOptionsStatuses(status,
3592
+ /* containsLowercaseCharacter= */ passwordChar >= 'a' &&
3593
+ passwordChar <= 'z',
3594
+ /* containsUppercaseCharacter= */ passwordChar >= 'A' &&
3595
+ passwordChar <= 'Z',
3596
+ /* containsNumericCharacter= */ passwordChar >= '0' &&
3597
+ passwordChar <= '9',
3598
+ /* containsNonAlphanumericCharacter= */ this.allowedNonAlphanumericCharacters.includes(passwordChar));
3599
+ }
3600
+ };
3601
+ /**
3602
+ * Updates the running validation status with the statuses for the character options.
3603
+ * Expected to be called each time a character is processed to update each option status
3604
+ * based on the current character.
3605
+ *
3606
+ * @param status Validation status.
3607
+ * @param containsLowercaseCharacter Whether the character is a lowercase letter.
3608
+ * @param containsUppercaseCharacter Whether the character is an uppercase letter.
3609
+ * @param containsNumericCharacter Whether the character is a numeric character.
3610
+ * @param containsNonAlphanumericCharacter Whether the character is a non-alphanumeric character.
3611
+ */
3612
+ PasswordPolicyImpl.prototype.updatePasswordCharacterOptionsStatuses = function (status, containsLowercaseCharacter, containsUppercaseCharacter, containsNumericCharacter, containsNonAlphanumericCharacter) {
3613
+ if (this.customStrengthOptions.containsLowercaseLetter) {
3614
+ status.containsLowercaseLetter || (status.containsLowercaseLetter = containsLowercaseCharacter);
3615
+ }
3616
+ if (this.customStrengthOptions.containsUppercaseLetter) {
3617
+ status.containsUppercaseLetter || (status.containsUppercaseLetter = containsUppercaseCharacter);
3618
+ }
3619
+ if (this.customStrengthOptions.containsNumericCharacter) {
3620
+ status.containsNumericCharacter || (status.containsNumericCharacter = containsNumericCharacter);
3621
+ }
3622
+ if (this.customStrengthOptions.containsNonAlphanumericCharacter) {
3623
+ status.containsNonAlphanumericCharacter || (status.containsNonAlphanumericCharacter = containsNonAlphanumericCharacter);
3624
+ }
3625
+ };
3626
+ return PasswordPolicyImpl;
3639
3627
  }());
3640
3628
 
3641
3629
  /**
@@ -3668,6 +3656,7 @@ var AuthImpl = /** @class */ (function () {
3668
3656
  this.beforeStateQueue = new AuthMiddlewareQueue(this);
3669
3657
  this.redirectUser = null;
3670
3658
  this.isProactiveRefreshEnabled = false;
3659
+ this.EXPECTED_PASSWORD_POLICY_SCHEMA_VERSION = 1;
3671
3660
  // Any network calls will set this to true and prevent subsequent emulator
3672
3661
  // initialization
3673
3662
  this._canInitEmulator = true;
@@ -3678,6 +3667,8 @@ var AuthImpl = /** @class */ (function () {
3678
3667
  this._errorFactory = _DEFAULT_AUTH_ERROR_FACTORY;
3679
3668
  this._agentRecaptchaConfig = null;
3680
3669
  this._tenantRecaptchaConfigs = {};
3670
+ this._projectPasswordPolicy = null;
3671
+ this._tenantPasswordPolicies = {};
3681
3672
  // Tracks the last notified UID for state change listeners to prevent
3682
3673
  // repeated calls to the callbacks. Undefined means it's never been
3683
3674
  // called, whereas null means it's been called with a signed out user
@@ -4007,41 +3998,66 @@ var AuthImpl = /** @class */ (function () {
4007
3998
  });
4008
3999
  }); });
4009
4000
  };
4010
- AuthImpl.prototype.initializeRecaptchaConfig = function () {
4001
+ AuthImpl.prototype._getRecaptchaConfig = function () {
4002
+ if (this.tenantId == null) {
4003
+ return this._agentRecaptchaConfig;
4004
+ }
4005
+ else {
4006
+ return this._tenantRecaptchaConfigs[this.tenantId];
4007
+ }
4008
+ };
4009
+ AuthImpl.prototype.validatePassword = function (password) {
4011
4010
  return __awaiter(this, void 0, void 0, function () {
4012
- var response, config, verifier;
4011
+ var passwordPolicy;
4013
4012
  return __generator(this, function (_a) {
4014
4013
  switch (_a.label) {
4015
- case 0: return [4 /*yield*/, getRecaptchaConfig(this, {
4016
- clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */,
4017
- version: "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
4018
- })];
4014
+ case 0:
4015
+ if (!!this._getPasswordPolicyInternal()) return [3 /*break*/, 2];
4016
+ return [4 /*yield*/, this._updatePasswordPolicy()];
4019
4017
  case 1:
4020
- response = _a.sent();
4021
- config = new RecaptchaConfig(response);
4022
- if (this.tenantId == null) {
4023
- this._agentRecaptchaConfig = config;
4024
- }
4025
- else {
4026
- this._tenantRecaptchaConfigs[this.tenantId] = config;
4027
- }
4028
- if (config.emailPasswordEnabled) {
4029
- verifier = new RecaptchaEnterpriseVerifier(this);
4030
- void verifier.verify();
4018
+ _a.sent();
4019
+ _a.label = 2;
4020
+ case 2:
4021
+ passwordPolicy = this._getPasswordPolicyInternal();
4022
+ // Check that the policy schema version is supported by the SDK.
4023
+ // TODO: Update this logic to use a max supported policy schema version once we have multiple schema versions.
4024
+ if (passwordPolicy.schemaVersion !==
4025
+ this.EXPECTED_PASSWORD_POLICY_SCHEMA_VERSION) {
4026
+ return [2 /*return*/, Promise.reject(this._errorFactory.create("unsupported-password-policy-schema-version" /* AuthErrorCode.UNSUPPORTED_PASSWORD_POLICY_SCHEMA_VERSION */, {}))];
4031
4027
  }
4032
- return [2 /*return*/];
4028
+ return [2 /*return*/, passwordPolicy.validatePassword(password)];
4033
4029
  }
4034
4030
  });
4035
4031
  });
4036
4032
  };
4037
- AuthImpl.prototype._getRecaptchaConfig = function () {
4038
- if (this.tenantId == null) {
4039
- return this._agentRecaptchaConfig;
4033
+ AuthImpl.prototype._getPasswordPolicyInternal = function () {
4034
+ if (this.tenantId === null) {
4035
+ return this._projectPasswordPolicy;
4040
4036
  }
4041
4037
  else {
4042
- return this._tenantRecaptchaConfigs[this.tenantId];
4038
+ return this._tenantPasswordPolicies[this.tenantId];
4043
4039
  }
4044
4040
  };
4041
+ AuthImpl.prototype._updatePasswordPolicy = function () {
4042
+ return __awaiter(this, void 0, void 0, function () {
4043
+ var response, passwordPolicy;
4044
+ return __generator(this, function (_a) {
4045
+ switch (_a.label) {
4046
+ case 0: return [4 /*yield*/, _getPasswordPolicy(this)];
4047
+ case 1:
4048
+ response = _a.sent();
4049
+ passwordPolicy = new PasswordPolicyImpl(response);
4050
+ if (this.tenantId === null) {
4051
+ this._projectPasswordPolicy = passwordPolicy;
4052
+ }
4053
+ else {
4054
+ this._tenantPasswordPolicies[this.tenantId] = passwordPolicy;
4055
+ }
4056
+ return [2 /*return*/];
4057
+ }
4058
+ });
4059
+ });
4060
+ };
4045
4061
  AuthImpl.prototype._getPersistence = function () {
4046
4062
  return this.assertedPersistence.persistence.type;
4047
4063
  };
@@ -4317,54 +4333,280 @@ var AuthImpl = /** @class */ (function () {
4317
4333
  AuthImpl.prototype._getAppCheckToken = function () {
4318
4334
  var _a;
4319
4335
  return __awaiter(this, void 0, void 0, function () {
4320
- var appCheckTokenResult;
4321
- return __generator(this, function (_b) {
4322
- switch (_b.label) {
4323
- case 0: return [4 /*yield*/, ((_a = this.appCheckServiceProvider
4324
- .getImmediate({ optional: true })) === null || _a === void 0 ? void 0 : _a.getToken())];
4325
- case 1:
4326
- appCheckTokenResult = _b.sent();
4327
- if (appCheckTokenResult === null || appCheckTokenResult === void 0 ? void 0 : appCheckTokenResult.error) {
4328
- // Context: appCheck.getToken() will never throw even if an error happened.
4329
- // In the error case, a dummy token will be returned along with an error field describing
4330
- // the error. In general, we shouldn't care about the error condition and just use
4331
- // the token (actual or dummy) to send requests.
4332
- _logWarn("Error while retrieving App Check token: ".concat(appCheckTokenResult.error));
4336
+ var appCheckTokenResult;
4337
+ return __generator(this, function (_b) {
4338
+ switch (_b.label) {
4339
+ case 0: return [4 /*yield*/, ((_a = this.appCheckServiceProvider
4340
+ .getImmediate({ optional: true })) === null || _a === void 0 ? void 0 : _a.getToken())];
4341
+ case 1:
4342
+ appCheckTokenResult = _b.sent();
4343
+ if (appCheckTokenResult === null || appCheckTokenResult === void 0 ? void 0 : appCheckTokenResult.error) {
4344
+ // Context: appCheck.getToken() will never throw even if an error happened.
4345
+ // In the error case, a dummy token will be returned along with an error field describing
4346
+ // the error. In general, we shouldn't care about the error condition and just use
4347
+ // the token (actual or dummy) to send requests.
4348
+ _logWarn("Error while retrieving App Check token: ".concat(appCheckTokenResult.error));
4349
+ }
4350
+ return [2 /*return*/, appCheckTokenResult === null || appCheckTokenResult === void 0 ? void 0 : appCheckTokenResult.token];
4351
+ }
4352
+ });
4353
+ });
4354
+ };
4355
+ return AuthImpl;
4356
+ }());
4357
+ /**
4358
+ * Method to be used to cast down to our private implmentation of Auth.
4359
+ * It will also handle unwrapping from the compat type if necessary
4360
+ *
4361
+ * @param auth Auth object passed in from developer
4362
+ */
4363
+ function _castAuth(auth) {
4364
+ return getModularInstance(auth);
4365
+ }
4366
+ /** Helper class to wrap subscriber logic */
4367
+ var Subscription = /** @class */ (function () {
4368
+ function Subscription(auth) {
4369
+ var _this = this;
4370
+ this.auth = auth;
4371
+ this.observer = null;
4372
+ this.addObserver = createSubscribe(function (observer) { return (_this.observer = observer); });
4373
+ }
4374
+ Object.defineProperty(Subscription.prototype, "next", {
4375
+ get: function () {
4376
+ _assert(this.observer, this.auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
4377
+ return this.observer.next.bind(this.observer);
4378
+ },
4379
+ enumerable: false,
4380
+ configurable: true
4381
+ });
4382
+ return Subscription;
4383
+ }());
4384
+
4385
+ /**
4386
+ * @license
4387
+ * Copyright 2020 Google LLC
4388
+ *
4389
+ * Licensed under the Apache License, Version 2.0 (the "License");
4390
+ * you may not use this file except in compliance with the License.
4391
+ * You may obtain a copy of the License at
4392
+ *
4393
+ * http://www.apache.org/licenses/LICENSE-2.0
4394
+ *
4395
+ * Unless required by applicable law or agreed to in writing, software
4396
+ * distributed under the License is distributed on an "AS IS" BASIS,
4397
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
4398
+ * See the License for the specific language governing permissions and
4399
+ * limitations under the License.
4400
+ */
4401
+ function getScriptParentElement() {
4402
+ var _a, _b;
4403
+ return (_b = (_a = document.getElementsByTagName('head')) === null || _a === void 0 ? void 0 : _a[0]) !== null && _b !== void 0 ? _b : document;
4404
+ }
4405
+ function _loadJS(url) {
4406
+ // TODO: consider adding timeout support & cancellation
4407
+ return new Promise(function (resolve, reject) {
4408
+ var el = document.createElement('script');
4409
+ el.setAttribute('src', url);
4410
+ el.onload = resolve;
4411
+ el.onerror = function (e) {
4412
+ var error = _createError("internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
4413
+ error.customData = e;
4414
+ reject(error);
4415
+ };
4416
+ el.type = 'text/javascript';
4417
+ el.charset = 'UTF-8';
4418
+ getScriptParentElement().appendChild(el);
4419
+ });
4420
+ }
4421
+ function _generateCallbackName(prefix) {
4422
+ return "__".concat(prefix).concat(Math.floor(Math.random() * 1000000));
4423
+ }
4424
+
4425
+ /* eslint-disable @typescript-eslint/no-require-imports */
4426
+ var RECAPTCHA_ENTERPRISE_URL = 'https://www.google.com/recaptcha/enterprise.js?render=';
4427
+ var RECAPTCHA_ENTERPRISE_VERIFIER_TYPE = 'recaptcha-enterprise';
4428
+ var FAKE_TOKEN = 'NO_RECAPTCHA';
4429
+ var RecaptchaEnterpriseVerifier = /** @class */ (function () {
4430
+ /**
4431
+ *
4432
+ * @param authExtern - The corresponding Firebase {@link Auth} instance.
4433
+ *
4434
+ */
4435
+ function RecaptchaEnterpriseVerifier(authExtern) {
4436
+ /**
4437
+ * Identifies the type of application verifier (e.g. "recaptcha-enterprise").
4438
+ */
4439
+ this.type = RECAPTCHA_ENTERPRISE_VERIFIER_TYPE;
4440
+ this.auth = _castAuth(authExtern);
4441
+ }
4442
+ /**
4443
+ * Executes the verification process.
4444
+ *
4445
+ * @returns A Promise for a token that can be used to assert the validity of a request.
4446
+ */
4447
+ RecaptchaEnterpriseVerifier.prototype.verify = function (action, forceRefresh) {
4448
+ if (action === void 0) { action = 'verify'; }
4449
+ if (forceRefresh === void 0) { forceRefresh = false; }
4450
+ return __awaiter(this, void 0, void 0, function () {
4451
+ function retrieveSiteKey(auth) {
4452
+ return __awaiter(this, void 0, void 0, function () {
4453
+ var _this = this;
4454
+ return __generator(this, function (_a) {
4455
+ if (!forceRefresh) {
4456
+ if (auth.tenantId == null && auth._agentRecaptchaConfig != null) {
4457
+ return [2 /*return*/, auth._agentRecaptchaConfig.siteKey];
4458
+ }
4459
+ if (auth.tenantId != null &&
4460
+ auth._tenantRecaptchaConfigs[auth.tenantId] !== undefined) {
4461
+ return [2 /*return*/, auth._tenantRecaptchaConfigs[auth.tenantId].siteKey];
4462
+ }
4333
4463
  }
4334
- return [2 /*return*/, appCheckTokenResult === null || appCheckTokenResult === void 0 ? void 0 : appCheckTokenResult.token];
4464
+ return [2 /*return*/, new Promise(function (resolve, reject) { return __awaiter(_this, void 0, void 0, function () {
4465
+ return __generator(this, function (_a) {
4466
+ getRecaptchaConfig(auth, {
4467
+ clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */,
4468
+ version: "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
4469
+ })
4470
+ .then(function (response) {
4471
+ if (response.recaptchaKey === undefined) {
4472
+ reject(new Error('recaptcha Enterprise site key undefined'));
4473
+ }
4474
+ else {
4475
+ var config = new RecaptchaConfig(response);
4476
+ if (auth.tenantId == null) {
4477
+ auth._agentRecaptchaConfig = config;
4478
+ }
4479
+ else {
4480
+ auth._tenantRecaptchaConfigs[auth.tenantId] = config;
4481
+ }
4482
+ return resolve(config.siteKey);
4483
+ }
4484
+ })
4485
+ .catch(function (error) {
4486
+ reject(error);
4487
+ });
4488
+ return [2 /*return*/];
4489
+ });
4490
+ }); })];
4491
+ });
4492
+ });
4493
+ }
4494
+ function retrieveRecaptchaToken(siteKey, resolve, reject) {
4495
+ var grecaptcha = window.grecaptcha;
4496
+ if (isEnterprise(grecaptcha)) {
4497
+ grecaptcha.enterprise.ready(function () {
4498
+ grecaptcha.enterprise
4499
+ .execute(siteKey, { action: action })
4500
+ .then(function (token) {
4501
+ resolve(token);
4502
+ })
4503
+ .catch(function () {
4504
+ resolve(FAKE_TOKEN);
4505
+ });
4506
+ });
4507
+ }
4508
+ else {
4509
+ reject(Error('No reCAPTCHA enterprise script loaded.'));
4335
4510
  }
4511
+ }
4512
+ var _this = this;
4513
+ return __generator(this, function (_a) {
4514
+ return [2 /*return*/, new Promise(function (resolve, reject) {
4515
+ retrieveSiteKey(_this.auth)
4516
+ .then(function (siteKey) {
4517
+ if (!forceRefresh && isEnterprise(window.grecaptcha)) {
4518
+ retrieveRecaptchaToken(siteKey, resolve, reject);
4519
+ }
4520
+ else {
4521
+ if (typeof window === 'undefined') {
4522
+ reject(new Error('RecaptchaVerifier is only supported in browser'));
4523
+ return;
4524
+ }
4525
+ _loadJS(RECAPTCHA_ENTERPRISE_URL + siteKey)
4526
+ .then(function () {
4527
+ retrieveRecaptchaToken(siteKey, resolve, reject);
4528
+ })
4529
+ .catch(function (error) {
4530
+ reject(error);
4531
+ });
4532
+ }
4533
+ })
4534
+ .catch(function (error) {
4535
+ reject(error);
4536
+ });
4537
+ })];
4336
4538
  });
4337
4539
  });
4338
4540
  };
4339
- return AuthImpl;
4541
+ return RecaptchaEnterpriseVerifier;
4340
4542
  }());
4341
- /**
4342
- * Method to be used to cast down to our private implmentation of Auth.
4343
- * It will also handle unwrapping from the compat type if necessary
4344
- *
4345
- * @param auth Auth object passed in from developer
4346
- */
4347
- function _castAuth(auth) {
4348
- return getModularInstance(auth);
4543
+ function injectRecaptchaFields(auth, request, action, captchaResp) {
4544
+ if (captchaResp === void 0) { captchaResp = false; }
4545
+ return __awaiter(this, void 0, void 0, function () {
4546
+ var verifier, captchaResponse, newRequest;
4547
+ return __generator(this, function (_a) {
4548
+ switch (_a.label) {
4549
+ case 0:
4550
+ verifier = new RecaptchaEnterpriseVerifier(auth);
4551
+ _a.label = 1;
4552
+ case 1:
4553
+ _a.trys.push([1, 3, , 5]);
4554
+ return [4 /*yield*/, verifier.verify(action)];
4555
+ case 2:
4556
+ captchaResponse = _a.sent();
4557
+ return [3 /*break*/, 5];
4558
+ case 3:
4559
+ _a.sent();
4560
+ return [4 /*yield*/, verifier.verify(action, true)];
4561
+ case 4:
4562
+ captchaResponse = _a.sent();
4563
+ return [3 /*break*/, 5];
4564
+ case 5:
4565
+ newRequest = __assign({}, request);
4566
+ if (!captchaResp) {
4567
+ Object.assign(newRequest, { captchaResponse: captchaResponse });
4568
+ }
4569
+ else {
4570
+ Object.assign(newRequest, { 'captchaResp': captchaResponse });
4571
+ }
4572
+ Object.assign(newRequest, { 'clientType': "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */ });
4573
+ Object.assign(newRequest, {
4574
+ 'recaptchaVersion': "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
4575
+ });
4576
+ return [2 /*return*/, newRequest];
4577
+ }
4578
+ });
4579
+ });
4349
4580
  }
4350
- /** Helper class to wrap subscriber logic */
4351
- var Subscription = /** @class */ (function () {
4352
- function Subscription(auth) {
4353
- var _this = this;
4354
- this.auth = auth;
4355
- this.observer = null;
4356
- this.addObserver = createSubscribe(function (observer) { return (_this.observer = observer); });
4357
- }
4358
- Object.defineProperty(Subscription.prototype, "next", {
4359
- get: function () {
4360
- _assert(this.observer, this.auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
4361
- return this.observer.next.bind(this.observer);
4362
- },
4363
- enumerable: false,
4364
- configurable: true
4581
+ function _initializeRecaptchaConfig(auth) {
4582
+ return __awaiter(this, void 0, void 0, function () {
4583
+ var authInternal, response, config, verifier;
4584
+ return __generator(this, function (_a) {
4585
+ switch (_a.label) {
4586
+ case 0:
4587
+ authInternal = _castAuth(auth);
4588
+ return [4 /*yield*/, getRecaptchaConfig(authInternal, {
4589
+ clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */,
4590
+ version: "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
4591
+ })];
4592
+ case 1:
4593
+ response = _a.sent();
4594
+ config = new RecaptchaConfig(response);
4595
+ if (authInternal.tenantId == null) {
4596
+ authInternal._agentRecaptchaConfig = config;
4597
+ }
4598
+ else {
4599
+ authInternal._tenantRecaptchaConfigs[authInternal.tenantId] = config;
4600
+ }
4601
+ if (config.emailPasswordEnabled) {
4602
+ verifier = new RecaptchaEnterpriseVerifier(authInternal);
4603
+ void verifier.verify();
4604
+ }
4605
+ return [2 /*return*/];
4606
+ }
4607
+ });
4365
4608
  });
4366
- return Subscription;
4367
- }());
4609
+ }
4368
4610
 
4369
4611
  /**
4370
4612
  * @license
@@ -7024,6 +7266,36 @@ function _setActionCodeSettingsOnRequest(auth, request, actionCodeSettings) {
7024
7266
  * See the License for the specific language governing permissions and
7025
7267
  * limitations under the License.
7026
7268
  */
7269
+ /**
7270
+ * Updates the password policy cached in the {@link Auth} instance if a policy is already
7271
+ * cached for the project or tenant.
7272
+ *
7273
+ * @remarks
7274
+ * We only fetch the password policy if the password did not meet policy requirements and
7275
+ * there is an existing policy cached. A developer must call validatePassword at least
7276
+ * once for the cache to be automatically updated.
7277
+ *
7278
+ * @param auth - The {@link Auth} instance.
7279
+ *
7280
+ * @private
7281
+ */
7282
+ function recachePasswordPolicy(auth) {
7283
+ return __awaiter(this, void 0, void 0, function () {
7284
+ var authInternal;
7285
+ return __generator(this, function (_a) {
7286
+ switch (_a.label) {
7287
+ case 0:
7288
+ authInternal = _castAuth(auth);
7289
+ if (!authInternal._getPasswordPolicyInternal()) return [3 /*break*/, 2];
7290
+ return [4 /*yield*/, authInternal._updatePasswordPolicy()];
7291
+ case 1:
7292
+ _a.sent();
7293
+ _a.label = 2;
7294
+ case 2: return [2 /*return*/];
7295
+ }
7296
+ });
7297
+ });
7298
+ }
7027
7299
  /**
7028
7300
  * Sends a password reset email to the given email address.
7029
7301
  *
@@ -7127,12 +7399,22 @@ function sendPasswordResetEmail(auth, email, actionCodeSettings) {
7127
7399
  */
7128
7400
  function confirmPasswordReset(auth, oobCode, newPassword) {
7129
7401
  return __awaiter(this, void 0, void 0, function () {
7402
+ var _this = this;
7130
7403
  return __generator(this, function (_a) {
7131
7404
  switch (_a.label) {
7132
7405
  case 0: return [4 /*yield*/, resetPassword(getModularInstance(auth), {
7133
7406
  oobCode: oobCode,
7134
7407
  newPassword: newPassword
7135
- })];
7408
+ })
7409
+ .catch(function (error) { return __awaiter(_this, void 0, void 0, function () {
7410
+ return __generator(this, function (_a) {
7411
+ if (error.code ===
7412
+ "auth/".concat("password-does-not-meet-requirements" /* AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */)) {
7413
+ void recachePasswordPolicy(auth);
7414
+ }
7415
+ throw error;
7416
+ });
7417
+ }); })];
7136
7418
  case 1:
7137
7419
  _a.sent();
7138
7420
  return [2 /*return*/];
@@ -7288,13 +7570,16 @@ function createUserWithEmailAndPassword(auth, email, password) {
7288
7570
  case 1:
7289
7571
  requestWithRecaptcha = _a.sent();
7290
7572
  return [2 /*return*/, signUp(authInternal, requestWithRecaptcha)];
7291
- case 2: return [2 /*return*/, Promise.reject(error)];
7573
+ case 2: throw error;
7292
7574
  }
7293
7575
  });
7294
7576
  }); });
7295
7577
  _b.label = 3;
7296
7578
  case 3: return [4 /*yield*/, signUpResponse.catch(function (error) {
7297
- return Promise.reject(error);
7579
+ if (error.code === "auth/".concat("password-does-not-meet-requirements" /* AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */)) {
7580
+ void recachePasswordPolicy(auth);
7581
+ }
7582
+ throw error;
7298
7583
  })];
7299
7584
  case 4:
7300
7585
  response = _b.sent();
@@ -7326,7 +7611,15 @@ function createUserWithEmailAndPassword(auth, email, password) {
7326
7611
  * @public
7327
7612
  */
7328
7613
  function signInWithEmailAndPassword(auth, email, password) {
7329
- return signInWithCredential(getModularInstance(auth), EmailAuthProvider.credential(email, password));
7614
+ var _this = this;
7615
+ return signInWithCredential(getModularInstance(auth), EmailAuthProvider.credential(email, password)).catch(function (error) { return __awaiter(_this, void 0, void 0, function () {
7616
+ return __generator(this, function (_a) {
7617
+ if (error.code === "auth/".concat("password-does-not-meet-requirements" /* AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */)) {
7618
+ void recachePasswordPolicy(auth);
7619
+ }
7620
+ throw error;
7621
+ });
7622
+ }); });
7330
7623
  }
7331
7624
 
7332
7625
  /**
@@ -8064,8 +8357,39 @@ function setPersistence(auth, persistence) {
8064
8357
  * @public
8065
8358
  */
8066
8359
  function initializeRecaptchaConfig(auth) {
8067
- var authInternal = _castAuth(auth);
8068
- return authInternal.initializeRecaptchaConfig();
8360
+ return _initializeRecaptchaConfig(auth);
8361
+ }
8362
+ /**
8363
+ * Validates the password against the password policy configured for the project or tenant.
8364
+ *
8365
+ * @remarks
8366
+ * If no tenant ID is set on the `Auth` instance, then this method will use the password
8367
+ * policy configured for the project. Otherwise, this method will use the policy configured
8368
+ * for the tenant. If a password policy has not been configured, then the default policy
8369
+ * configured for all projects will be used.
8370
+ *
8371
+ * If an auth flow fails because a submitted password does not meet the password policy
8372
+ * requirements and this method has previously been called, then this method will use the
8373
+ * most recent policy available when called again.
8374
+ *
8375
+ * @example
8376
+ * ```javascript
8377
+ * validatePassword(auth, 'some-password');
8378
+ * ```
8379
+ *
8380
+ * @param auth The {@link Auth} instance.
8381
+ * @param password The password to validate.
8382
+ *
8383
+ * @public
8384
+ */
8385
+ function validatePassword(auth, password) {
8386
+ return __awaiter(this, void 0, void 0, function () {
8387
+ var authInternal;
8388
+ return __generator(this, function (_a) {
8389
+ authInternal = _castAuth(auth);
8390
+ return [2 /*return*/, authInternal.validatePassword(password)];
8391
+ });
8392
+ });
8069
8393
  }
8070
8394
  /**
8071
8395
  * Adds an observer for changes to the signed-in user's ID token.
@@ -8487,7 +8811,7 @@ function multiFactor(user) {
8487
8811
  }
8488
8812
 
8489
8813
  var name = "@firebase/auth";
8490
- var version = "1.1.0-canary.e037eeed6";
8814
+ var version = "1.1.0-canary.f497a400a";
8491
8815
 
8492
8816
  /**
8493
8817
  * @license
@@ -10690,5 +11014,5 @@ function generateNoEvent() {
10690
11014
  };
10691
11015
  }
10692
11016
 
10693
- export { isSignInWithEmailLink as $, ActionCodeOperation as A, EmailAuthProvider as B, FacebookAuthProvider as C, GithubAuthProvider as D, EmailAuthCredential as E, FactorId as F, GoogleAuthProvider as G, OAuthProvider as H, SAMLAuthProvider as I, signInAnonymously as J, signInWithCredential as K, linkWithCredential as L, reauthenticateWithCredential as M, signInWithCustomToken as N, OperationType as O, ProviderId as P, sendPasswordResetEmail as Q, confirmPasswordReset as R, SignInMethod as S, TwitterAuthProvider as T, applyActionCode as U, checkActionCode as V, verifyPasswordResetCode as W, createUserWithEmailAndPassword as X, signInWithEmailAndPassword as Y, sendSignInLinkToEmail as Z, _signInWithRedirect as _, _reauthenticateWithRedirect as a, FetchProvider as a$, signInWithEmailLink as a0, fetchSignInMethodsForEmail as a1, sendEmailVerification as a2, verifyBeforeUpdateEmail as a3, ActionCodeURL as a4, parseActionCodeURL as a5, updateProfile as a6, updateEmail as a7, updatePassword as a8, getIdToken as a9, _assertInstanceOf as aA, _withDefaultResolver as aB, FederatedAuthProvider as aC, _fail as aD, _getProjectConfig as aE, _getCurrentUrl as aF, _emulatorUrl as aG, _isChromeIOS as aH, _isFirefox as aI, _isIOSStandalone as aJ, _getRedirectUrl as aK, _setWindowLocation as aL, _isMobileBrowser as aM, _isSafari as aN, _isIOS as aO, _getRedirectResult as aP, _overrideRedirectResult as aQ, AuthEventManager as aR, debugFail as aS, finalizeEnrollPhoneMfa as aT, finalizeEnrollTotpMfa as aU, startEnrollTotpMfa as aV, _persistenceKeyName as aW, UserImpl as aX, _getInstance as aY, AuthImpl as aZ, _getClientVersion as a_, getIdTokenResult as aa, unlink as ab, getAdditionalUserInfo as ac, reload as ad, getMultiFactorResolver as ae, multiFactor as af, _performApiRequest as ag, _addTidIfNecessary as ah, _assert as ai, Delay as aj, _window as ak, isV2 as al, _createError as am, _loadJS as an, _generateCallbackName as ao, getRecaptchaParams as ap, _isHttpOrHttps as aq, _isWorker as ar, _castAuth as as, _assertLinkedStatus as at, sendPhoneVerificationCode as au, startEnrollPhoneMfa as av, _link$1 as aw, debugAssert as ax, _generateEventId as ay, AbstractPopupRedirectOperation as az, _linkWithRedirect as b, SAMLAuthCredential as b0, signInWithRedirect as b1, linkWithRedirect as b2, reauthenticateWithRedirect as b3, indexedDBLocalPersistence as c, cordovaPopupRedirectResolver as d, browserLocalPersistence as e, browserSessionPersistence as f, getRedirectResult as g, initializeRecaptchaConfig as h, initializeAuth as i, beforeAuthStateChanged as j, onAuthStateChanged as k, updateCurrentUser as l, signOut as m, deleteUser as n, onIdTokenChanged as o, debugErrorMap as p, prodErrorMap as q, registerAuth as r, setPersistence as s, AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY as t, useDeviceLanguage as u, connectAuthEmulator as v, AuthCredential as w, OAuthCredential as x, PhoneAuthCredential as y, inMemoryPersistence as z };
10694
- //# sourceMappingURL=popup_redirect-8599967b.js.map
11017
+ export { sendSignInLinkToEmail as $, ActionCodeOperation as A, inMemoryPersistence as B, EmailAuthProvider as C, FacebookAuthProvider as D, EmailAuthCredential as E, FactorId as F, GoogleAuthProvider as G, GithubAuthProvider as H, OAuthProvider as I, SAMLAuthProvider as J, signInAnonymously as K, signInWithCredential as L, linkWithCredential as M, reauthenticateWithCredential as N, OperationType as O, ProviderId as P, signInWithCustomToken as Q, sendPasswordResetEmail as R, SignInMethod as S, TwitterAuthProvider as T, confirmPasswordReset as U, applyActionCode as V, checkActionCode as W, verifyPasswordResetCode as X, createUserWithEmailAndPassword as Y, signInWithEmailAndPassword as Z, _signInWithRedirect as _, _reauthenticateWithRedirect as a, _getClientVersion as a$, isSignInWithEmailLink as a0, signInWithEmailLink as a1, fetchSignInMethodsForEmail as a2, sendEmailVerification as a3, verifyBeforeUpdateEmail as a4, ActionCodeURL as a5, parseActionCodeURL as a6, updateProfile as a7, updateEmail as a8, updatePassword as a9, AbstractPopupRedirectOperation as aA, _assertInstanceOf as aB, _withDefaultResolver as aC, FederatedAuthProvider as aD, _fail as aE, _getProjectConfig as aF, _getCurrentUrl as aG, _emulatorUrl as aH, _isChromeIOS as aI, _isFirefox as aJ, _isIOSStandalone as aK, _getRedirectUrl as aL, _setWindowLocation as aM, _isMobileBrowser as aN, _isSafari as aO, _isIOS as aP, _getRedirectResult as aQ, _overrideRedirectResult as aR, AuthEventManager as aS, debugFail as aT, finalizeEnrollPhoneMfa as aU, finalizeEnrollTotpMfa as aV, startEnrollTotpMfa as aW, _persistenceKeyName as aX, UserImpl as aY, _getInstance as aZ, AuthImpl as a_, getIdToken as aa, getIdTokenResult as ab, unlink as ac, getAdditionalUserInfo as ad, reload as ae, getMultiFactorResolver as af, multiFactor as ag, _performApiRequest as ah, _addTidIfNecessary as ai, _assert as aj, Delay as ak, _window as al, isV2 as am, _createError as an, _loadJS as ao, _generateCallbackName as ap, getRecaptchaParams as aq, _isHttpOrHttps as ar, _isWorker as as, _castAuth as at, _assertLinkedStatus as au, sendPhoneVerificationCode as av, startEnrollPhoneMfa as aw, _link$1 as ax, debugAssert as ay, _generateEventId as az, _linkWithRedirect as b, FetchProvider as b0, SAMLAuthCredential as b1, signInWithRedirect as b2, linkWithRedirect as b3, reauthenticateWithRedirect as b4, indexedDBLocalPersistence as c, cordovaPopupRedirectResolver as d, browserLocalPersistence as e, browserSessionPersistence as f, getRedirectResult as g, initializeRecaptchaConfig as h, initializeAuth as i, beforeAuthStateChanged as j, onAuthStateChanged as k, updateCurrentUser as l, signOut as m, deleteUser as n, onIdTokenChanged as o, debugErrorMap as p, prodErrorMap as q, registerAuth as r, setPersistence as s, AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY as t, useDeviceLanguage as u, validatePassword as v, connectAuthEmulator as w, AuthCredential as x, OAuthCredential as y, PhoneAuthCredential as z };
11018
+ //# sourceMappingURL=popup_redirect-2410e07a.js.map