@firebase/auth 1.1.0-canary.e201e5390 → 1.1.0-canary.f497a400a

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (175) hide show
  1. package/README.md +28 -1
  2. package/dist/auth-public.d.ts +119 -0
  3. package/dist/auth.d.ts +179 -2
  4. package/dist/browser-cjs/{index-df624435.js → index-316b8221.js} +548 -274
  5. package/dist/browser-cjs/index-316b8221.js.map +1 -0
  6. package/dist/browser-cjs/index.js +3 -2
  7. package/dist/browser-cjs/index.js.map +1 -1
  8. package/dist/browser-cjs/internal.js +3 -2
  9. package/dist/browser-cjs/internal.js.map +1 -1
  10. package/dist/browser-cjs/src/api/errors.d.ts +2 -1
  11. package/dist/browser-cjs/src/api/index.d.ts +2 -1
  12. package/dist/browser-cjs/src/api/password_policy/get_password_policy.d.ts +48 -0
  13. package/dist/browser-cjs/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  14. package/dist/browser-cjs/src/core/auth/auth_impl.d.ts +8 -2
  15. package/dist/browser-cjs/src/core/auth/password_policy_impl.d.ts +59 -0
  16. package/dist/browser-cjs/src/core/auth/password_policy_impl.test.d.ts +17 -0
  17. package/dist/browser-cjs/src/core/errors.d.ts +3 -1
  18. package/dist/browser-cjs/src/core/index.d.ts +25 -1
  19. package/dist/browser-cjs/src/model/auth.d.ts +7 -2
  20. package/dist/browser-cjs/src/model/password_policy.d.ts +111 -0
  21. package/dist/browser-cjs/src/model/public_types.d.ts +88 -0
  22. package/dist/browser-cjs/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  23. package/dist/browser-cjs/src/platform_node/index.d.ts +1 -0
  24. package/dist/browser-cjs/test/helpers/integration/helpers.d.ts +6 -0
  25. package/dist/browser-cjs/test/integration/flows/password_policy.test.d.ts +17 -0
  26. package/dist/cordova/index.js +2 -2
  27. package/dist/cordova/internal.js +2 -2
  28. package/dist/cordova/{popup_redirect-b7da569e.js → popup_redirect-2410e07a.js} +737 -413
  29. package/dist/cordova/popup_redirect-2410e07a.js.map +1 -0
  30. package/dist/cordova/src/api/errors.d.ts +2 -1
  31. package/dist/cordova/src/api/index.d.ts +2 -1
  32. package/dist/cordova/src/api/password_policy/get_password_policy.d.ts +48 -0
  33. package/dist/cordova/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  34. package/dist/cordova/src/core/auth/auth_impl.d.ts +8 -2
  35. package/dist/cordova/src/core/auth/password_policy_impl.d.ts +59 -0
  36. package/dist/cordova/src/core/auth/password_policy_impl.test.d.ts +17 -0
  37. package/dist/cordova/src/core/errors.d.ts +3 -1
  38. package/dist/cordova/src/core/index.d.ts +25 -1
  39. package/dist/cordova/src/model/auth.d.ts +7 -2
  40. package/dist/cordova/src/model/password_policy.d.ts +111 -0
  41. package/dist/cordova/src/model/public_types.d.ts +88 -0
  42. package/dist/cordova/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  43. package/dist/cordova/src/platform_node/index.d.ts +1 -0
  44. package/dist/cordova/test/helpers/integration/helpers.d.ts +6 -0
  45. package/dist/cordova/test/integration/flows/password_policy.test.d.ts +17 -0
  46. package/dist/esm2017/{index-e04f7451.js → index-9be3d514.js} +548 -275
  47. package/dist/esm2017/index-9be3d514.js.map +1 -0
  48. package/dist/esm2017/index.js +2 -2
  49. package/dist/esm2017/internal.js +3 -3
  50. package/dist/esm2017/src/api/errors.d.ts +2 -1
  51. package/dist/esm2017/src/api/index.d.ts +2 -1
  52. package/dist/esm2017/src/api/password_policy/get_password_policy.d.ts +48 -0
  53. package/dist/esm2017/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  54. package/dist/esm2017/src/core/auth/auth_impl.d.ts +8 -2
  55. package/dist/esm2017/src/core/auth/password_policy_impl.d.ts +59 -0
  56. package/dist/esm2017/src/core/auth/password_policy_impl.test.d.ts +17 -0
  57. package/dist/esm2017/src/core/errors.d.ts +3 -1
  58. package/dist/esm2017/src/core/index.d.ts +25 -1
  59. package/dist/esm2017/src/model/auth.d.ts +7 -2
  60. package/dist/esm2017/src/model/password_policy.d.ts +111 -0
  61. package/dist/esm2017/src/model/public_types.d.ts +88 -0
  62. package/dist/esm2017/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  63. package/dist/esm2017/src/platform_node/index.d.ts +1 -0
  64. package/dist/esm2017/test/helpers/integration/helpers.d.ts +6 -0
  65. package/dist/esm2017/test/integration/flows/password_policy.test.d.ts +17 -0
  66. package/dist/esm5/{index-8ca3adc5.js → index-4ab2fcdf.js} +737 -413
  67. package/dist/esm5/index-4ab2fcdf.js.map +1 -0
  68. package/dist/esm5/index.js +1 -1
  69. package/dist/esm5/internal.js +2 -2
  70. package/dist/esm5/src/api/errors.d.ts +2 -1
  71. package/dist/esm5/src/api/index.d.ts +2 -1
  72. package/dist/esm5/src/api/password_policy/get_password_policy.d.ts +48 -0
  73. package/dist/esm5/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  74. package/dist/esm5/src/core/auth/auth_impl.d.ts +8 -2
  75. package/dist/esm5/src/core/auth/password_policy_impl.d.ts +59 -0
  76. package/dist/esm5/src/core/auth/password_policy_impl.test.d.ts +17 -0
  77. package/dist/esm5/src/core/errors.d.ts +3 -1
  78. package/dist/esm5/src/core/index.d.ts +25 -1
  79. package/dist/esm5/src/model/auth.d.ts +7 -2
  80. package/dist/esm5/src/model/password_policy.d.ts +111 -0
  81. package/dist/esm5/src/model/public_types.d.ts +88 -0
  82. package/dist/esm5/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  83. package/dist/esm5/src/platform_node/index.d.ts +1 -0
  84. package/dist/esm5/test/helpers/integration/helpers.d.ts +6 -0
  85. package/dist/esm5/test/integration/flows/password_policy.test.d.ts +17 -0
  86. package/dist/index.webworker.esm5.js +811 -487
  87. package/dist/index.webworker.esm5.js.map +1 -1
  88. package/dist/node/index.js +2 -1
  89. package/dist/node/index.js.map +1 -1
  90. package/dist/node/internal.js +2 -1
  91. package/dist/node/internal.js.map +1 -1
  92. package/dist/node/src/api/errors.d.ts +2 -1
  93. package/dist/node/src/api/index.d.ts +2 -1
  94. package/dist/node/src/api/password_policy/get_password_policy.d.ts +48 -0
  95. package/dist/node/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  96. package/dist/node/src/core/auth/auth_impl.d.ts +8 -2
  97. package/dist/node/src/core/auth/password_policy_impl.d.ts +59 -0
  98. package/dist/node/src/core/auth/password_policy_impl.test.d.ts +17 -0
  99. package/dist/node/src/core/errors.d.ts +3 -1
  100. package/dist/node/src/core/index.d.ts +25 -1
  101. package/dist/node/src/model/auth.d.ts +7 -2
  102. package/dist/node/src/model/password_policy.d.ts +111 -0
  103. package/dist/node/src/model/public_types.d.ts +88 -0
  104. package/dist/node/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  105. package/dist/node/src/platform_node/index.d.ts +1 -0
  106. package/dist/node/test/helpers/integration/helpers.d.ts +6 -0
  107. package/dist/node/test/integration/flows/password_policy.test.d.ts +17 -0
  108. package/dist/node/{totp-1af99381.js → totp-4cc8bac4.js} +700 -375
  109. package/dist/node/totp-4cc8bac4.js.map +1 -0
  110. package/dist/node-esm/index.js +1 -1
  111. package/dist/node-esm/internal.js +2 -2
  112. package/dist/node-esm/src/api/errors.d.ts +2 -1
  113. package/dist/node-esm/src/api/index.d.ts +2 -1
  114. package/dist/node-esm/src/api/password_policy/get_password_policy.d.ts +48 -0
  115. package/dist/node-esm/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  116. package/dist/node-esm/src/core/auth/auth_impl.d.ts +8 -2
  117. package/dist/node-esm/src/core/auth/password_policy_impl.d.ts +59 -0
  118. package/dist/node-esm/src/core/auth/password_policy_impl.test.d.ts +17 -0
  119. package/dist/node-esm/src/core/errors.d.ts +3 -1
  120. package/dist/node-esm/src/core/index.d.ts +25 -1
  121. package/dist/node-esm/src/model/auth.d.ts +7 -2
  122. package/dist/node-esm/src/model/password_policy.d.ts +111 -0
  123. package/dist/node-esm/src/model/public_types.d.ts +88 -0
  124. package/dist/node-esm/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  125. package/dist/node-esm/src/platform_node/index.d.ts +1 -0
  126. package/dist/node-esm/test/helpers/integration/helpers.d.ts +6 -0
  127. package/dist/node-esm/test/integration/flows/password_policy.test.d.ts +17 -0
  128. package/dist/node-esm/{totp-7de24448.js → totp-79809646.js} +540 -267
  129. package/dist/node-esm/totp-79809646.js.map +1 -0
  130. package/dist/rn/index.js +2 -1
  131. package/dist/rn/index.js.map +1 -1
  132. package/dist/rn/internal.js +2 -1
  133. package/dist/rn/internal.js.map +1 -1
  134. package/dist/rn/{phone-a11d12b4.js → phone-87fdb2ba.js} +717 -392
  135. package/dist/rn/phone-87fdb2ba.js.map +1 -0
  136. package/dist/rn/src/api/errors.d.ts +2 -1
  137. package/dist/rn/src/api/index.d.ts +2 -1
  138. package/dist/rn/src/api/password_policy/get_password_policy.d.ts +48 -0
  139. package/dist/rn/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  140. package/dist/rn/src/core/auth/auth_impl.d.ts +8 -2
  141. package/dist/rn/src/core/auth/password_policy_impl.d.ts +59 -0
  142. package/dist/rn/src/core/auth/password_policy_impl.test.d.ts +17 -0
  143. package/dist/rn/src/core/errors.d.ts +3 -1
  144. package/dist/rn/src/core/index.d.ts +25 -1
  145. package/dist/rn/src/model/auth.d.ts +7 -2
  146. package/dist/rn/src/model/password_policy.d.ts +111 -0
  147. package/dist/rn/src/model/public_types.d.ts +88 -0
  148. package/dist/rn/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  149. package/dist/rn/src/platform_node/index.d.ts +1 -0
  150. package/dist/rn/test/helpers/integration/helpers.d.ts +6 -0
  151. package/dist/rn/test/integration/flows/password_policy.test.d.ts +17 -0
  152. package/dist/src/api/errors.d.ts +2 -1
  153. package/dist/src/api/index.d.ts +2 -1
  154. package/dist/src/api/password_policy/get_password_policy.d.ts +48 -0
  155. package/dist/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  156. package/dist/src/core/auth/auth_impl.d.ts +8 -2
  157. package/dist/src/core/auth/password_policy_impl.d.ts +59 -0
  158. package/dist/src/core/auth/password_policy_impl.test.d.ts +17 -0
  159. package/dist/src/core/errors.d.ts +3 -1
  160. package/dist/src/core/index.d.ts +25 -1
  161. package/dist/src/model/auth.d.ts +7 -2
  162. package/dist/src/model/password_policy.d.ts +111 -0
  163. package/dist/src/model/public_types.d.ts +88 -0
  164. package/dist/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  165. package/dist/src/platform_node/index.d.ts +1 -0
  166. package/dist/test/helpers/integration/helpers.d.ts +6 -0
  167. package/dist/test/integration/flows/password_policy.test.d.ts +17 -0
  168. package/package.json +6 -6
  169. package/dist/browser-cjs/index-df624435.js.map +0 -1
  170. package/dist/cordova/popup_redirect-b7da569e.js.map +0 -1
  171. package/dist/esm2017/index-e04f7451.js.map +0 -1
  172. package/dist/esm5/index-8ca3adc5.js.map +0 -1
  173. package/dist/node/totp-1af99381.js.map +0 -1
  174. package/dist/node-esm/totp-7de24448.js.map +0 -1
  175. package/dist/rn/phone-a11d12b4.js.map +0 -1
@@ -6,6 +6,53 @@ var app = require('@firebase/app');
6
6
  var component = require('@firebase/component');
7
7
  var logger = require('@firebase/logger');
8
8
 
9
+ /**
10
+ * @license
11
+ * Copyright 2020 Google LLC
12
+ *
13
+ * Licensed under the Apache License, Version 2.0 (the "License");
14
+ * you may not use this file except in compliance with the License.
15
+ * You may obtain a copy of the License at
16
+ *
17
+ * http://www.apache.org/licenses/LICENSE-2.0
18
+ *
19
+ * Unless required by applicable law or agreed to in writing, software
20
+ * distributed under the License is distributed on an "AS IS" BASIS,
21
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
22
+ * See the License for the specific language governing permissions and
23
+ * limitations under the License.
24
+ */
25
+ function isV2(grecaptcha) {
26
+ return (grecaptcha !== undefined &&
27
+ grecaptcha.getResponse !== undefined);
28
+ }
29
+ function isEnterprise(grecaptcha) {
30
+ return (grecaptcha !== undefined &&
31
+ grecaptcha.enterprise !== undefined);
32
+ }
33
+ var RecaptchaConfig = /** @class */ (function () {
34
+ function RecaptchaConfig(response) {
35
+ /**
36
+ * The reCAPTCHA site key.
37
+ */
38
+ this.siteKey = '';
39
+ /**
40
+ * The reCAPTCHA enablement status of the {@link EmailAuthProvider} for the current tenant.
41
+ */
42
+ this.emailPasswordEnabled = false;
43
+ if (response.recaptchaKey === undefined) {
44
+ throw new Error('recaptchaKey undefined');
45
+ }
46
+ // Example response.recaptchaKey: "projects/proj123/keys/sitekey123"
47
+ this.siteKey = response.recaptchaKey.split('/')[3];
48
+ this.emailPasswordEnabled = response.recaptchaEnforcementState.some(function (enforcementState) {
49
+ return enforcementState.provider === 'EMAIL_PASSWORD_PROVIDER' &&
50
+ enforcementState.enforcementState !== 'OFF';
51
+ });
52
+ }
53
+ return RecaptchaConfig;
54
+ }());
55
+
9
56
  /**
10
57
  * @license
11
58
  * Copyright 2020 Google LLC
@@ -178,6 +225,8 @@ function _debugErrorMap() {
178
225
  _a["missing-recaptcha-version" /* AuthErrorCode.MISSING_RECAPTCHA_VERSION */] = 'The reCAPTCHA version is missing when sending request to the backend.',
179
226
  _a["invalid-req-type" /* AuthErrorCode.INVALID_REQ_TYPE */] = 'Invalid request parameters.',
180
227
  _a["invalid-recaptcha-version" /* AuthErrorCode.INVALID_RECAPTCHA_VERSION */] = 'The reCAPTCHA version is invalid when sending request to the backend.',
228
+ _a["unsupported-password-policy-schema-version" /* AuthErrorCode.UNSUPPORTED_PASSWORD_POLICY_SCHEMA_VERSION */] = 'The password policy received from the backend uses a schema version that is not supported by this version of the Firebase SDK.',
229
+ _a["password-does-not-meet-requirements" /* AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */] = 'The password does not meet the requirements.',
181
230
  _a;
182
231
  }
183
232
  function _prodErrorMap() {
@@ -723,6 +772,7 @@ var SERVER_ERROR_MAP = (_a$1 = {},
723
772
  _a$1["USER_NOT_FOUND" /* ServerError.USER_NOT_FOUND */] = "user-token-expired" /* AuthErrorCode.TOKEN_EXPIRED */,
724
773
  // Other errors.
725
774
  _a$1["TOO_MANY_ATTEMPTS_TRY_LATER" /* ServerError.TOO_MANY_ATTEMPTS_TRY_LATER */] = "too-many-requests" /* AuthErrorCode.TOO_MANY_ATTEMPTS_TRY_LATER */,
775
+ _a$1["PASSWORD_DOES_NOT_MEET_REQUIREMENTS" /* ServerError.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */] = "password-does-not-meet-requirements" /* AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */,
726
776
  // Phone Auth related errors.
727
777
  _a$1["INVALID_CODE" /* ServerError.INVALID_CODE */] = "invalid-verification-code" /* AuthErrorCode.INVALID_CODE */,
728
778
  _a$1["INVALID_SESSION_INFO" /* ServerError.INVALID_SESSION_INFO */] = "invalid-verification-id" /* AuthErrorCode.INVALID_SESSION_INFO */,
@@ -948,6 +998,40 @@ function _makeTaggedError(auth, code, response) {
948
998
  return error;
949
999
  }
950
1000
 
1001
+ /**
1002
+ * @license
1003
+ * Copyright 2020 Google LLC
1004
+ *
1005
+ * Licensed under the Apache License, Version 2.0 (the "License");
1006
+ * you may not use this file except in compliance with the License.
1007
+ * You may obtain a copy of the License at
1008
+ *
1009
+ * http://www.apache.org/licenses/LICENSE-2.0
1010
+ *
1011
+ * Unless required by applicable law or agreed to in writing, software
1012
+ * distributed under the License is distributed on an "AS IS" BASIS,
1013
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1014
+ * See the License for the specific language governing permissions and
1015
+ * limitations under the License.
1016
+ */
1017
+ function getRecaptchaParams(auth) {
1018
+ return tslib.__awaiter(this, void 0, void 0, function () {
1019
+ return tslib.__generator(this, function (_a) {
1020
+ switch (_a.label) {
1021
+ case 0: return [4 /*yield*/, _performApiRequest(auth, "GET" /* HttpMethod.GET */, "/v1/recaptchaParams" /* Endpoint.GET_RECAPTCHA_PARAM */)];
1022
+ case 1: return [2 /*return*/, ((_a.sent()).recaptchaSiteKey || '')];
1023
+ }
1024
+ });
1025
+ });
1026
+ }
1027
+ function getRecaptchaConfig(auth, request) {
1028
+ return tslib.__awaiter(this, void 0, void 0, function () {
1029
+ return tslib.__generator(this, function (_a) {
1030
+ return [2 /*return*/, _performApiRequest(auth, "GET" /* HttpMethod.GET */, "/v2/recaptchaConfig" /* Endpoint.GET_RECAPTCHA_CONFIG */, _addTidIfNecessary(auth, request))];
1031
+ });
1032
+ });
1033
+ }
1034
+
951
1035
  /**
952
1036
  * @license
953
1037
  * Copyright 2020 Google LLC
@@ -2346,7 +2430,7 @@ function _getClientVersion(clientPlatform, frameworks) {
2346
2430
 
2347
2431
  /**
2348
2432
  * @license
2349
- * Copyright 2020 Google LLC
2433
+ * Copyright 2022 Google LLC
2350
2434
  *
2351
2435
  * Licensed under the Apache License, Version 2.0 (the "License");
2352
2436
  * you may not use this file except in compliance with the License.
@@ -2360,27 +2444,97 @@ function _getClientVersion(clientPlatform, frameworks) {
2360
2444
  * See the License for the specific language governing permissions and
2361
2445
  * limitations under the License.
2362
2446
  */
2363
- function getRecaptchaParams(auth) {
2364
- return tslib.__awaiter(this, void 0, void 0, function () {
2365
- return tslib.__generator(this, function (_a) {
2366
- switch (_a.label) {
2367
- case 0: return [4 /*yield*/, _performApiRequest(auth, "GET" /* HttpMethod.GET */, "/v1/recaptchaParams" /* Endpoint.GET_RECAPTCHA_PARAM */)];
2368
- case 1: return [2 /*return*/, ((_a.sent()).recaptchaSiteKey || '')];
2369
- }
2370
- });
2371
- });
2372
- }
2373
- function getRecaptchaConfig(auth, request) {
2374
- return tslib.__awaiter(this, void 0, void 0, function () {
2375
- return tslib.__generator(this, function (_a) {
2376
- return [2 /*return*/, _performApiRequest(auth, "GET" /* HttpMethod.GET */, "/v2/recaptchaConfig" /* Endpoint.GET_RECAPTCHA_CONFIG */, _addTidIfNecessary(auth, request))];
2447
+ var AuthMiddlewareQueue = /** @class */ (function () {
2448
+ function AuthMiddlewareQueue(auth) {
2449
+ this.auth = auth;
2450
+ this.queue = [];
2451
+ }
2452
+ AuthMiddlewareQueue.prototype.pushCallback = function (callback, onAbort) {
2453
+ var _this = this;
2454
+ // The callback could be sync or async. Wrap it into a
2455
+ // function that is always async.
2456
+ var wrappedCallback = function (user) {
2457
+ return new Promise(function (resolve, reject) {
2458
+ try {
2459
+ var result = callback(user);
2460
+ // Either resolve with existing promise or wrap a non-promise
2461
+ // return value into a promise.
2462
+ resolve(result);
2463
+ }
2464
+ catch (e) {
2465
+ // Sync callback throws.
2466
+ reject(e);
2467
+ }
2468
+ });
2469
+ };
2470
+ // Attach the onAbort if present
2471
+ wrappedCallback.onAbort = onAbort;
2472
+ this.queue.push(wrappedCallback);
2473
+ var index = this.queue.length - 1;
2474
+ return function () {
2475
+ // Unsubscribe. Replace with no-op. Do not remove from array, or it will disturb
2476
+ // indexing of other elements.
2477
+ _this.queue[index] = function () { return Promise.resolve(); };
2478
+ };
2479
+ };
2480
+ AuthMiddlewareQueue.prototype.runMiddleware = function (nextUser) {
2481
+ return tslib.__awaiter(this, void 0, void 0, function () {
2482
+ var onAbortStack, _i, _a, beforeStateCallback, e_1, _b, onAbortStack_1, onAbort;
2483
+ return tslib.__generator(this, function (_c) {
2484
+ switch (_c.label) {
2485
+ case 0:
2486
+ if (this.auth.currentUser === nextUser) {
2487
+ return [2 /*return*/];
2488
+ }
2489
+ onAbortStack = [];
2490
+ _c.label = 1;
2491
+ case 1:
2492
+ _c.trys.push([1, 6, , 7]);
2493
+ _i = 0, _a = this.queue;
2494
+ _c.label = 2;
2495
+ case 2:
2496
+ if (!(_i < _a.length)) return [3 /*break*/, 5];
2497
+ beforeStateCallback = _a[_i];
2498
+ return [4 /*yield*/, beforeStateCallback(nextUser)];
2499
+ case 3:
2500
+ _c.sent();
2501
+ // Only push the onAbort if the callback succeeds
2502
+ if (beforeStateCallback.onAbort) {
2503
+ onAbortStack.push(beforeStateCallback.onAbort);
2504
+ }
2505
+ _c.label = 4;
2506
+ case 4:
2507
+ _i++;
2508
+ return [3 /*break*/, 2];
2509
+ case 5: return [3 /*break*/, 7];
2510
+ case 6:
2511
+ e_1 = _c.sent();
2512
+ // Run all onAbort, with separate try/catch to ignore any errors and
2513
+ // continue
2514
+ onAbortStack.reverse();
2515
+ for (_b = 0, onAbortStack_1 = onAbortStack; _b < onAbortStack_1.length; _b++) {
2516
+ onAbort = onAbortStack_1[_b];
2517
+ try {
2518
+ onAbort();
2519
+ }
2520
+ catch (_) {
2521
+ /* swallow error */
2522
+ }
2523
+ }
2524
+ throw this.auth._errorFactory.create("login-blocked" /* AuthErrorCode.LOGIN_BLOCKED */, {
2525
+ originalMessage: e_1 === null || e_1 === void 0 ? void 0 : e_1.message
2526
+ });
2527
+ case 7: return [2 /*return*/];
2528
+ }
2529
+ });
2377
2530
  });
2378
- });
2379
- }
2531
+ };
2532
+ return AuthMiddlewareQueue;
2533
+ }());
2380
2534
 
2381
2535
  /**
2382
2536
  * @license
2383
- * Copyright 2020 Google LLC
2537
+ * Copyright 2023 Google LLC
2384
2538
  *
2385
2539
  * Licensed under the Apache License, Version 2.0 (the "License");
2386
2540
  * you may not use this file except in compliance with the License.
@@ -2394,40 +2548,25 @@ function getRecaptchaConfig(auth, request) {
2394
2548
  * See the License for the specific language governing permissions and
2395
2549
  * limitations under the License.
2396
2550
  */
2397
- function isV2(grecaptcha) {
2398
- return (grecaptcha !== undefined &&
2399
- grecaptcha.getResponse !== undefined);
2400
- }
2401
- function isEnterprise(grecaptcha) {
2402
- return (grecaptcha !== undefined &&
2403
- grecaptcha.enterprise !== undefined);
2404
- }
2405
- var RecaptchaConfig = /** @class */ (function () {
2406
- function RecaptchaConfig(response) {
2407
- /**
2408
- * The reCAPTCHA site key.
2409
- */
2410
- this.siteKey = '';
2411
- /**
2412
- * The reCAPTCHA enablement status of the {@link EmailAuthProvider} for the current tenant.
2413
- */
2414
- this.emailPasswordEnabled = false;
2415
- if (response.recaptchaKey === undefined) {
2416
- throw new Error('recaptchaKey undefined');
2417
- }
2418
- // Example response.recaptchaKey: "projects/proj123/keys/sitekey123"
2419
- this.siteKey = response.recaptchaKey.split('/')[3];
2420
- this.emailPasswordEnabled = response.recaptchaEnforcementState.some(function (enforcementState) {
2421
- return enforcementState.provider === 'EMAIL_PASSWORD_PROVIDER' &&
2422
- enforcementState.enforcementState !== 'OFF';
2551
+ /**
2552
+ * Fetches the password policy for the currently set tenant or the project if no tenant is set.
2553
+ *
2554
+ * @param auth Auth object.
2555
+ * @param request Password policy request.
2556
+ * @returns Password policy response.
2557
+ */
2558
+ function _getPasswordPolicy(auth, request) {
2559
+ if (request === void 0) { request = {}; }
2560
+ return tslib.__awaiter(this, void 0, void 0, function () {
2561
+ return tslib.__generator(this, function (_a) {
2562
+ return [2 /*return*/, _performApiRequest(auth, "GET" /* HttpMethod.GET */, "/v2/passwordPolicy" /* Endpoint.GET_PASSWORD_POLICY */, _addTidIfNecessary(auth, request))];
2423
2563
  });
2424
- }
2425
- return RecaptchaConfig;
2426
- }());
2564
+ });
2565
+ }
2427
2566
 
2428
2567
  /**
2429
2568
  * @license
2430
- * Copyright 2020 Google LLC
2569
+ * Copyright 2023 Google LLC
2431
2570
  *
2432
2571
  * Licensed under the Apache License, Version 2.0 (the "License");
2433
2572
  * you may not use this file except in compliance with the License.
@@ -2441,289 +2580,138 @@ var RecaptchaConfig = /** @class */ (function () {
2441
2580
  * See the License for the specific language governing permissions and
2442
2581
  * limitations under the License.
2443
2582
  */
2444
- function getScriptParentElement() {
2445
- var _a, _b;
2446
- return (_b = (_a = document.getElementsByTagName('head')) === null || _a === void 0 ? void 0 : _a[0]) !== null && _b !== void 0 ? _b : document;
2447
- }
2448
- function _loadJS(url) {
2449
- // TODO: consider adding timeout support & cancellation
2450
- return new Promise(function (resolve, reject) {
2451
- var el = document.createElement('script');
2452
- el.setAttribute('src', url);
2453
- el.onload = resolve;
2454
- el.onerror = function (e) {
2455
- var error = _createError("internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
2456
- error.customData = e;
2457
- reject(error);
2583
+ // Minimum min password length enforced by the backend, even if no minimum length is set.
2584
+ var MINIMUM_MIN_PASSWORD_LENGTH = 6;
2585
+ /**
2586
+ * Stores password policy requirements and provides password validation against the policy.
2587
+ *
2588
+ * @internal
2589
+ */
2590
+ var PasswordPolicyImpl = /** @class */ (function () {
2591
+ function PasswordPolicyImpl(response) {
2592
+ var _a, _b, _c, _d;
2593
+ // Only include custom strength options defined in the response.
2594
+ var responseOptions = response.customStrengthOptions;
2595
+ this.customStrengthOptions = {};
2596
+ // TODO: Remove once the backend is updated to include the minimum min password length instead of undefined when there is no minimum length set.
2597
+ this.customStrengthOptions.minPasswordLength =
2598
+ (_a = responseOptions.minPasswordLength) !== null && _a !== void 0 ? _a : MINIMUM_MIN_PASSWORD_LENGTH;
2599
+ if (responseOptions.maxPasswordLength) {
2600
+ this.customStrengthOptions.maxPasswordLength =
2601
+ responseOptions.maxPasswordLength;
2602
+ }
2603
+ if (responseOptions.containsLowercaseCharacter !== undefined) {
2604
+ this.customStrengthOptions.containsLowercaseLetter =
2605
+ responseOptions.containsLowercaseCharacter;
2606
+ }
2607
+ if (responseOptions.containsUppercaseCharacter !== undefined) {
2608
+ this.customStrengthOptions.containsUppercaseLetter =
2609
+ responseOptions.containsUppercaseCharacter;
2610
+ }
2611
+ if (responseOptions.containsNumericCharacter !== undefined) {
2612
+ this.customStrengthOptions.containsNumericCharacter =
2613
+ responseOptions.containsNumericCharacter;
2614
+ }
2615
+ if (responseOptions.containsNonAlphanumericCharacter !== undefined) {
2616
+ this.customStrengthOptions.containsNonAlphanumericCharacter =
2617
+ responseOptions.containsNonAlphanumericCharacter;
2618
+ }
2619
+ this.enforcementState = response.enforcementState;
2620
+ if (this.enforcementState === 'ENFORCEMENT_STATE_UNSPECIFIED') {
2621
+ this.enforcementState = 'OFF';
2622
+ }
2623
+ // Use an empty string if no non-alphanumeric characters are specified in the response.
2624
+ this.allowedNonAlphanumericCharacters =
2625
+ (_c = (_b = response.allowedNonAlphanumericCharacters) === null || _b === void 0 ? void 0 : _b.join('')) !== null && _c !== void 0 ? _c : '';
2626
+ this.forceUpgradeOnSignin = (_d = response.forceUpgradeOnSignin) !== null && _d !== void 0 ? _d : false;
2627
+ this.schemaVersion = response.schemaVersion;
2628
+ }
2629
+ PasswordPolicyImpl.prototype.validatePassword = function (password) {
2630
+ var _a, _b, _c, _d, _e, _f;
2631
+ var status = {
2632
+ isValid: true,
2633
+ passwordPolicy: this
2458
2634
  };
2459
- el.type = 'text/javascript';
2460
- el.charset = 'UTF-8';
2461
- getScriptParentElement().appendChild(el);
2462
- });
2463
- }
2464
- function _generateCallbackName(prefix) {
2465
- return "__".concat(prefix).concat(Math.floor(Math.random() * 1000000));
2466
- }
2467
-
2468
- /* eslint-disable @typescript-eslint/no-require-imports */
2469
- var RECAPTCHA_ENTERPRISE_URL = 'https://www.google.com/recaptcha/enterprise.js?render=';
2470
- var RECAPTCHA_ENTERPRISE_VERIFIER_TYPE = 'recaptcha-enterprise';
2471
- var FAKE_TOKEN = 'NO_RECAPTCHA';
2472
- var RecaptchaEnterpriseVerifier = /** @class */ (function () {
2635
+ // Check the password length and character options.
2636
+ this.validatePasswordLengthOptions(password, status);
2637
+ this.validatePasswordCharacterOptions(password, status);
2638
+ // Combine the status into single isValid property.
2639
+ status.isValid && (status.isValid = (_a = status.meetsMinPasswordLength) !== null && _a !== void 0 ? _a : true);
2640
+ status.isValid && (status.isValid = (_b = status.meetsMaxPasswordLength) !== null && _b !== void 0 ? _b : true);
2641
+ status.isValid && (status.isValid = (_c = status.containsLowercaseLetter) !== null && _c !== void 0 ? _c : true);
2642
+ status.isValid && (status.isValid = (_d = status.containsUppercaseLetter) !== null && _d !== void 0 ? _d : true);
2643
+ status.isValid && (status.isValid = (_e = status.containsNumericCharacter) !== null && _e !== void 0 ? _e : true);
2644
+ status.isValid && (status.isValid = (_f = status.containsNonAlphanumericCharacter) !== null && _f !== void 0 ? _f : true);
2645
+ return status;
2646
+ };
2473
2647
  /**
2648
+ * Validates that the password meets the length options for the policy.
2474
2649
  *
2475
- * @param authExtern - The corresponding Firebase {@link Auth} instance.
2476
- *
2650
+ * @param password Password to validate.
2651
+ * @param status Validation status.
2477
2652
  */
2478
- function RecaptchaEnterpriseVerifier(authExtern) {
2479
- /**
2480
- * Identifies the type of application verifier (e.g. "recaptcha-enterprise").
2481
- */
2482
- this.type = RECAPTCHA_ENTERPRISE_VERIFIER_TYPE;
2483
- this.auth = _castAuth(authExtern);
2484
- }
2653
+ PasswordPolicyImpl.prototype.validatePasswordLengthOptions = function (password, status) {
2654
+ var minPasswordLength = this.customStrengthOptions.minPasswordLength;
2655
+ var maxPasswordLength = this.customStrengthOptions.maxPasswordLength;
2656
+ if (minPasswordLength) {
2657
+ status.meetsMinPasswordLength = password.length >= minPasswordLength;
2658
+ }
2659
+ if (maxPasswordLength) {
2660
+ status.meetsMaxPasswordLength = password.length <= maxPasswordLength;
2661
+ }
2662
+ };
2485
2663
  /**
2486
- * Executes the verification process.
2664
+ * Validates that the password meets the character options for the policy.
2487
2665
  *
2488
- * @returns A Promise for a token that can be used to assert the validity of a request.
2666
+ * @param password Password to validate.
2667
+ * @param status Validation status.
2489
2668
  */
2490
- RecaptchaEnterpriseVerifier.prototype.verify = function (action, forceRefresh) {
2491
- if (action === void 0) { action = 'verify'; }
2492
- if (forceRefresh === void 0) { forceRefresh = false; }
2493
- return tslib.__awaiter(this, void 0, void 0, function () {
2494
- function retrieveSiteKey(auth) {
2495
- return tslib.__awaiter(this, void 0, void 0, function () {
2496
- var _this = this;
2497
- return tslib.__generator(this, function (_a) {
2498
- if (!forceRefresh) {
2499
- if (auth.tenantId == null && auth._agentRecaptchaConfig != null) {
2500
- return [2 /*return*/, auth._agentRecaptchaConfig.siteKey];
2501
- }
2502
- if (auth.tenantId != null &&
2503
- auth._tenantRecaptchaConfigs[auth.tenantId] !== undefined) {
2504
- return [2 /*return*/, auth._tenantRecaptchaConfigs[auth.tenantId].siteKey];
2505
- }
2506
- }
2507
- return [2 /*return*/, new Promise(function (resolve, reject) { return tslib.__awaiter(_this, void 0, void 0, function () {
2508
- return tslib.__generator(this, function (_a) {
2509
- getRecaptchaConfig(auth, {
2510
- clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */,
2511
- version: "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
2512
- })
2513
- .then(function (response) {
2514
- if (response.recaptchaKey === undefined) {
2515
- reject(new Error('recaptcha Enterprise site key undefined'));
2516
- }
2517
- else {
2518
- var config = new RecaptchaConfig(response);
2519
- if (auth.tenantId == null) {
2520
- auth._agentRecaptchaConfig = config;
2521
- }
2522
- else {
2523
- auth._tenantRecaptchaConfigs[auth.tenantId] = config;
2524
- }
2525
- return resolve(config.siteKey);
2526
- }
2527
- })
2528
- .catch(function (error) {
2529
- reject(error);
2530
- });
2531
- return [2 /*return*/];
2532
- });
2533
- }); })];
2534
- });
2535
- });
2536
- }
2537
- function retrieveRecaptchaToken(siteKey, resolve, reject) {
2538
- var grecaptcha = window.grecaptcha;
2539
- if (isEnterprise(grecaptcha)) {
2540
- grecaptcha.enterprise.ready(function () {
2541
- grecaptcha.enterprise
2542
- .execute(siteKey, { action: action })
2543
- .then(function (token) {
2544
- resolve(token);
2545
- })
2546
- .catch(function () {
2547
- resolve(FAKE_TOKEN);
2548
- });
2549
- });
2550
- }
2551
- else {
2552
- reject(Error('No reCAPTCHA enterprise script loaded.'));
2553
- }
2554
- }
2555
- var _this = this;
2556
- return tslib.__generator(this, function (_a) {
2557
- return [2 /*return*/, new Promise(function (resolve, reject) {
2558
- retrieveSiteKey(_this.auth)
2559
- .then(function (siteKey) {
2560
- if (!forceRefresh && isEnterprise(window.grecaptcha)) {
2561
- retrieveRecaptchaToken(siteKey, resolve, reject);
2562
- }
2563
- else {
2564
- if (typeof window === 'undefined') {
2565
- reject(new Error('RecaptchaVerifier is only supported in browser'));
2566
- return;
2567
- }
2568
- _loadJS(RECAPTCHA_ENTERPRISE_URL + siteKey)
2569
- .then(function () {
2570
- retrieveRecaptchaToken(siteKey, resolve, reject);
2571
- })
2572
- .catch(function (error) {
2573
- reject(error);
2574
- });
2575
- }
2576
- })
2577
- .catch(function (error) {
2578
- reject(error);
2579
- });
2580
- })];
2581
- });
2582
- });
2583
- };
2584
- return RecaptchaEnterpriseVerifier;
2585
- }());
2586
- function injectRecaptchaFields(auth, request, action, captchaResp) {
2587
- if (captchaResp === void 0) { captchaResp = false; }
2588
- return tslib.__awaiter(this, void 0, void 0, function () {
2589
- var verifier, captchaResponse, newRequest;
2590
- return tslib.__generator(this, function (_a) {
2591
- switch (_a.label) {
2592
- case 0:
2593
- verifier = new RecaptchaEnterpriseVerifier(auth);
2594
- _a.label = 1;
2595
- case 1:
2596
- _a.trys.push([1, 3, , 5]);
2597
- return [4 /*yield*/, verifier.verify(action)];
2598
- case 2:
2599
- captchaResponse = _a.sent();
2600
- return [3 /*break*/, 5];
2601
- case 3:
2602
- _a.sent();
2603
- return [4 /*yield*/, verifier.verify(action, true)];
2604
- case 4:
2605
- captchaResponse = _a.sent();
2606
- return [3 /*break*/, 5];
2607
- case 5:
2608
- newRequest = tslib.__assign({}, request);
2609
- if (!captchaResp) {
2610
- Object.assign(newRequest, { captchaResponse: captchaResponse });
2611
- }
2612
- else {
2613
- Object.assign(newRequest, { 'captchaResp': captchaResponse });
2614
- }
2615
- Object.assign(newRequest, { 'clientType': "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */ });
2616
- Object.assign(newRequest, {
2617
- 'recaptchaVersion': "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
2618
- });
2619
- return [2 /*return*/, newRequest];
2620
- }
2621
- });
2622
- });
2623
- }
2624
-
2625
- /**
2626
- * @license
2627
- * Copyright 2022 Google LLC
2628
- *
2629
- * Licensed under the Apache License, Version 2.0 (the "License");
2630
- * you may not use this file except in compliance with the License.
2631
- * You may obtain a copy of the License at
2632
- *
2633
- * http://www.apache.org/licenses/LICENSE-2.0
2634
- *
2635
- * Unless required by applicable law or agreed to in writing, software
2636
- * distributed under the License is distributed on an "AS IS" BASIS,
2637
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
2638
- * See the License for the specific language governing permissions and
2639
- * limitations under the License.
2640
- */
2641
- var AuthMiddlewareQueue = /** @class */ (function () {
2642
- function AuthMiddlewareQueue(auth) {
2643
- this.auth = auth;
2644
- this.queue = [];
2645
- }
2646
- AuthMiddlewareQueue.prototype.pushCallback = function (callback, onAbort) {
2647
- var _this = this;
2648
- // The callback could be sync or async. Wrap it into a
2649
- // function that is always async.
2650
- var wrappedCallback = function (user) {
2651
- return new Promise(function (resolve, reject) {
2652
- try {
2653
- var result = callback(user);
2654
- // Either resolve with existing promise or wrap a non-promise
2655
- // return value into a promise.
2656
- resolve(result);
2657
- }
2658
- catch (e) {
2659
- // Sync callback throws.
2660
- reject(e);
2661
- }
2662
- });
2663
- };
2664
- // Attach the onAbort if present
2665
- wrappedCallback.onAbort = onAbort;
2666
- this.queue.push(wrappedCallback);
2667
- var index = this.queue.length - 1;
2668
- return function () {
2669
- // Unsubscribe. Replace with no-op. Do not remove from array, or it will disturb
2670
- // indexing of other elements.
2671
- _this.queue[index] = function () { return Promise.resolve(); };
2672
- };
2669
+ PasswordPolicyImpl.prototype.validatePasswordCharacterOptions = function (password, status) {
2670
+ // Assign statuses for requirements even if the password is an empty string.
2671
+ this.updatePasswordCharacterOptionsStatuses(status,
2672
+ /* containsLowercaseCharacter= */ false,
2673
+ /* containsUppercaseCharacter= */ false,
2674
+ /* containsNumericCharacter= */ false,
2675
+ /* containsNonAlphanumericCharacter= */ false);
2676
+ var passwordChar;
2677
+ for (var i = 0; i < password.length; i++) {
2678
+ passwordChar = password.charAt(i);
2679
+ this.updatePasswordCharacterOptionsStatuses(status,
2680
+ /* containsLowercaseCharacter= */ passwordChar >= 'a' &&
2681
+ passwordChar <= 'z',
2682
+ /* containsUppercaseCharacter= */ passwordChar >= 'A' &&
2683
+ passwordChar <= 'Z',
2684
+ /* containsNumericCharacter= */ passwordChar >= '0' &&
2685
+ passwordChar <= '9',
2686
+ /* containsNonAlphanumericCharacter= */ this.allowedNonAlphanumericCharacters.includes(passwordChar));
2687
+ }
2673
2688
  };
2674
- AuthMiddlewareQueue.prototype.runMiddleware = function (nextUser) {
2675
- return tslib.__awaiter(this, void 0, void 0, function () {
2676
- var onAbortStack, _i, _a, beforeStateCallback, e_1, _b, onAbortStack_1, onAbort;
2677
- return tslib.__generator(this, function (_c) {
2678
- switch (_c.label) {
2679
- case 0:
2680
- if (this.auth.currentUser === nextUser) {
2681
- return [2 /*return*/];
2682
- }
2683
- onAbortStack = [];
2684
- _c.label = 1;
2685
- case 1:
2686
- _c.trys.push([1, 6, , 7]);
2687
- _i = 0, _a = this.queue;
2688
- _c.label = 2;
2689
- case 2:
2690
- if (!(_i < _a.length)) return [3 /*break*/, 5];
2691
- beforeStateCallback = _a[_i];
2692
- return [4 /*yield*/, beforeStateCallback(nextUser)];
2693
- case 3:
2694
- _c.sent();
2695
- // Only push the onAbort if the callback succeeds
2696
- if (beforeStateCallback.onAbort) {
2697
- onAbortStack.push(beforeStateCallback.onAbort);
2698
- }
2699
- _c.label = 4;
2700
- case 4:
2701
- _i++;
2702
- return [3 /*break*/, 2];
2703
- case 5: return [3 /*break*/, 7];
2704
- case 6:
2705
- e_1 = _c.sent();
2706
- // Run all onAbort, with separate try/catch to ignore any errors and
2707
- // continue
2708
- onAbortStack.reverse();
2709
- for (_b = 0, onAbortStack_1 = onAbortStack; _b < onAbortStack_1.length; _b++) {
2710
- onAbort = onAbortStack_1[_b];
2711
- try {
2712
- onAbort();
2713
- }
2714
- catch (_) {
2715
- /* swallow error */
2716
- }
2717
- }
2718
- throw this.auth._errorFactory.create("login-blocked" /* AuthErrorCode.LOGIN_BLOCKED */, {
2719
- originalMessage: e_1 === null || e_1 === void 0 ? void 0 : e_1.message
2720
- });
2721
- case 7: return [2 /*return*/];
2722
- }
2723
- });
2724
- });
2689
+ /**
2690
+ * Updates the running validation status with the statuses for the character options.
2691
+ * Expected to be called each time a character is processed to update each option status
2692
+ * based on the current character.
2693
+ *
2694
+ * @param status Validation status.
2695
+ * @param containsLowercaseCharacter Whether the character is a lowercase letter.
2696
+ * @param containsUppercaseCharacter Whether the character is an uppercase letter.
2697
+ * @param containsNumericCharacter Whether the character is a numeric character.
2698
+ * @param containsNonAlphanumericCharacter Whether the character is a non-alphanumeric character.
2699
+ */
2700
+ PasswordPolicyImpl.prototype.updatePasswordCharacterOptionsStatuses = function (status, containsLowercaseCharacter, containsUppercaseCharacter, containsNumericCharacter, containsNonAlphanumericCharacter) {
2701
+ if (this.customStrengthOptions.containsLowercaseLetter) {
2702
+ status.containsLowercaseLetter || (status.containsLowercaseLetter = containsLowercaseCharacter);
2703
+ }
2704
+ if (this.customStrengthOptions.containsUppercaseLetter) {
2705
+ status.containsUppercaseLetter || (status.containsUppercaseLetter = containsUppercaseCharacter);
2706
+ }
2707
+ if (this.customStrengthOptions.containsNumericCharacter) {
2708
+ status.containsNumericCharacter || (status.containsNumericCharacter = containsNumericCharacter);
2709
+ }
2710
+ if (this.customStrengthOptions.containsNonAlphanumericCharacter) {
2711
+ status.containsNonAlphanumericCharacter || (status.containsNonAlphanumericCharacter = containsNonAlphanumericCharacter);
2712
+ }
2725
2713
  };
2726
- return AuthMiddlewareQueue;
2714
+ return PasswordPolicyImpl;
2727
2715
  }());
2728
2716
 
2729
2717
  /**
@@ -2756,6 +2744,7 @@ var AuthImpl = /** @class */ (function () {
2756
2744
  this.beforeStateQueue = new AuthMiddlewareQueue(this);
2757
2745
  this.redirectUser = null;
2758
2746
  this.isProactiveRefreshEnabled = false;
2747
+ this.EXPECTED_PASSWORD_POLICY_SCHEMA_VERSION = 1;
2759
2748
  // Any network calls will set this to true and prevent subsequent emulator
2760
2749
  // initialization
2761
2750
  this._canInitEmulator = true;
@@ -2766,6 +2755,8 @@ var AuthImpl = /** @class */ (function () {
2766
2755
  this._errorFactory = _DEFAULT_AUTH_ERROR_FACTORY;
2767
2756
  this._agentRecaptchaConfig = null;
2768
2757
  this._tenantRecaptchaConfigs = {};
2758
+ this._projectPasswordPolicy = null;
2759
+ this._tenantPasswordPolicies = {};
2769
2760
  // Tracks the last notified UID for state change listeners to prevent
2770
2761
  // repeated calls to the callbacks. Undefined means it's never been
2771
2762
  // called, whereas null means it's been called with a signed out user
@@ -3095,41 +3086,66 @@ var AuthImpl = /** @class */ (function () {
3095
3086
  });
3096
3087
  }); });
3097
3088
  };
3098
- AuthImpl.prototype.initializeRecaptchaConfig = function () {
3089
+ AuthImpl.prototype._getRecaptchaConfig = function () {
3090
+ if (this.tenantId == null) {
3091
+ return this._agentRecaptchaConfig;
3092
+ }
3093
+ else {
3094
+ return this._tenantRecaptchaConfigs[this.tenantId];
3095
+ }
3096
+ };
3097
+ AuthImpl.prototype.validatePassword = function (password) {
3099
3098
  return tslib.__awaiter(this, void 0, void 0, function () {
3100
- var response, config, verifier;
3099
+ var passwordPolicy;
3101
3100
  return tslib.__generator(this, function (_a) {
3102
3101
  switch (_a.label) {
3103
- case 0: return [4 /*yield*/, getRecaptchaConfig(this, {
3104
- clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */,
3105
- version: "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
3106
- })];
3102
+ case 0:
3103
+ if (!!this._getPasswordPolicyInternal()) return [3 /*break*/, 2];
3104
+ return [4 /*yield*/, this._updatePasswordPolicy()];
3107
3105
  case 1:
3108
- response = _a.sent();
3109
- config = new RecaptchaConfig(response);
3110
- if (this.tenantId == null) {
3111
- this._agentRecaptchaConfig = config;
3112
- }
3113
- else {
3114
- this._tenantRecaptchaConfigs[this.tenantId] = config;
3115
- }
3116
- if (config.emailPasswordEnabled) {
3117
- verifier = new RecaptchaEnterpriseVerifier(this);
3118
- void verifier.verify();
3106
+ _a.sent();
3107
+ _a.label = 2;
3108
+ case 2:
3109
+ passwordPolicy = this._getPasswordPolicyInternal();
3110
+ // Check that the policy schema version is supported by the SDK.
3111
+ // TODO: Update this logic to use a max supported policy schema version once we have multiple schema versions.
3112
+ if (passwordPolicy.schemaVersion !==
3113
+ this.EXPECTED_PASSWORD_POLICY_SCHEMA_VERSION) {
3114
+ return [2 /*return*/, Promise.reject(this._errorFactory.create("unsupported-password-policy-schema-version" /* AuthErrorCode.UNSUPPORTED_PASSWORD_POLICY_SCHEMA_VERSION */, {}))];
3119
3115
  }
3120
- return [2 /*return*/];
3116
+ return [2 /*return*/, passwordPolicy.validatePassword(password)];
3121
3117
  }
3122
3118
  });
3123
3119
  });
3124
3120
  };
3125
- AuthImpl.prototype._getRecaptchaConfig = function () {
3126
- if (this.tenantId == null) {
3127
- return this._agentRecaptchaConfig;
3121
+ AuthImpl.prototype._getPasswordPolicyInternal = function () {
3122
+ if (this.tenantId === null) {
3123
+ return this._projectPasswordPolicy;
3128
3124
  }
3129
3125
  else {
3130
- return this._tenantRecaptchaConfigs[this.tenantId];
3126
+ return this._tenantPasswordPolicies[this.tenantId];
3131
3127
  }
3132
3128
  };
3129
+ AuthImpl.prototype._updatePasswordPolicy = function () {
3130
+ return tslib.__awaiter(this, void 0, void 0, function () {
3131
+ var response, passwordPolicy;
3132
+ return tslib.__generator(this, function (_a) {
3133
+ switch (_a.label) {
3134
+ case 0: return [4 /*yield*/, _getPasswordPolicy(this)];
3135
+ case 1:
3136
+ response = _a.sent();
3137
+ passwordPolicy = new PasswordPolicyImpl(response);
3138
+ if (this.tenantId === null) {
3139
+ this._projectPasswordPolicy = passwordPolicy;
3140
+ }
3141
+ else {
3142
+ this._tenantPasswordPolicies[this.tenantId] = passwordPolicy;
3143
+ }
3144
+ return [2 /*return*/];
3145
+ }
3146
+ });
3147
+ });
3148
+ };
3133
3149
  AuthImpl.prototype._getPersistence = function () {
3134
3150
  return this.assertedPersistence.persistence.type;
3135
3151
  };
@@ -3405,54 +3421,280 @@ var AuthImpl = /** @class */ (function () {
3405
3421
  AuthImpl.prototype._getAppCheckToken = function () {
3406
3422
  var _a;
3407
3423
  return tslib.__awaiter(this, void 0, void 0, function () {
3408
- var appCheckTokenResult;
3409
- return tslib.__generator(this, function (_b) {
3410
- switch (_b.label) {
3411
- case 0: return [4 /*yield*/, ((_a = this.appCheckServiceProvider
3412
- .getImmediate({ optional: true })) === null || _a === void 0 ? void 0 : _a.getToken())];
3413
- case 1:
3414
- appCheckTokenResult = _b.sent();
3415
- if (appCheckTokenResult === null || appCheckTokenResult === void 0 ? void 0 : appCheckTokenResult.error) {
3416
- // Context: appCheck.getToken() will never throw even if an error happened.
3417
- // In the error case, a dummy token will be returned along with an error field describing
3418
- // the error. In general, we shouldn't care about the error condition and just use
3419
- // the token (actual or dummy) to send requests.
3420
- _logWarn("Error while retrieving App Check token: ".concat(appCheckTokenResult.error));
3424
+ var appCheckTokenResult;
3425
+ return tslib.__generator(this, function (_b) {
3426
+ switch (_b.label) {
3427
+ case 0: return [4 /*yield*/, ((_a = this.appCheckServiceProvider
3428
+ .getImmediate({ optional: true })) === null || _a === void 0 ? void 0 : _a.getToken())];
3429
+ case 1:
3430
+ appCheckTokenResult = _b.sent();
3431
+ if (appCheckTokenResult === null || appCheckTokenResult === void 0 ? void 0 : appCheckTokenResult.error) {
3432
+ // Context: appCheck.getToken() will never throw even if an error happened.
3433
+ // In the error case, a dummy token will be returned along with an error field describing
3434
+ // the error. In general, we shouldn't care about the error condition and just use
3435
+ // the token (actual or dummy) to send requests.
3436
+ _logWarn("Error while retrieving App Check token: ".concat(appCheckTokenResult.error));
3437
+ }
3438
+ return [2 /*return*/, appCheckTokenResult === null || appCheckTokenResult === void 0 ? void 0 : appCheckTokenResult.token];
3439
+ }
3440
+ });
3441
+ });
3442
+ };
3443
+ return AuthImpl;
3444
+ }());
3445
+ /**
3446
+ * Method to be used to cast down to our private implmentation of Auth.
3447
+ * It will also handle unwrapping from the compat type if necessary
3448
+ *
3449
+ * @param auth Auth object passed in from developer
3450
+ */
3451
+ function _castAuth(auth) {
3452
+ return util.getModularInstance(auth);
3453
+ }
3454
+ /** Helper class to wrap subscriber logic */
3455
+ var Subscription = /** @class */ (function () {
3456
+ function Subscription(auth) {
3457
+ var _this = this;
3458
+ this.auth = auth;
3459
+ this.observer = null;
3460
+ this.addObserver = util.createSubscribe(function (observer) { return (_this.observer = observer); });
3461
+ }
3462
+ Object.defineProperty(Subscription.prototype, "next", {
3463
+ get: function () {
3464
+ _assert(this.observer, this.auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
3465
+ return this.observer.next.bind(this.observer);
3466
+ },
3467
+ enumerable: false,
3468
+ configurable: true
3469
+ });
3470
+ return Subscription;
3471
+ }());
3472
+
3473
+ /**
3474
+ * @license
3475
+ * Copyright 2020 Google LLC
3476
+ *
3477
+ * Licensed under the Apache License, Version 2.0 (the "License");
3478
+ * you may not use this file except in compliance with the License.
3479
+ * You may obtain a copy of the License at
3480
+ *
3481
+ * http://www.apache.org/licenses/LICENSE-2.0
3482
+ *
3483
+ * Unless required by applicable law or agreed to in writing, software
3484
+ * distributed under the License is distributed on an "AS IS" BASIS,
3485
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
3486
+ * See the License for the specific language governing permissions and
3487
+ * limitations under the License.
3488
+ */
3489
+ function getScriptParentElement() {
3490
+ var _a, _b;
3491
+ return (_b = (_a = document.getElementsByTagName('head')) === null || _a === void 0 ? void 0 : _a[0]) !== null && _b !== void 0 ? _b : document;
3492
+ }
3493
+ function _loadJS(url) {
3494
+ // TODO: consider adding timeout support & cancellation
3495
+ return new Promise(function (resolve, reject) {
3496
+ var el = document.createElement('script');
3497
+ el.setAttribute('src', url);
3498
+ el.onload = resolve;
3499
+ el.onerror = function (e) {
3500
+ var error = _createError("internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
3501
+ error.customData = e;
3502
+ reject(error);
3503
+ };
3504
+ el.type = 'text/javascript';
3505
+ el.charset = 'UTF-8';
3506
+ getScriptParentElement().appendChild(el);
3507
+ });
3508
+ }
3509
+ function _generateCallbackName(prefix) {
3510
+ return "__".concat(prefix).concat(Math.floor(Math.random() * 1000000));
3511
+ }
3512
+
3513
+ /* eslint-disable @typescript-eslint/no-require-imports */
3514
+ var RECAPTCHA_ENTERPRISE_URL = 'https://www.google.com/recaptcha/enterprise.js?render=';
3515
+ var RECAPTCHA_ENTERPRISE_VERIFIER_TYPE = 'recaptcha-enterprise';
3516
+ var FAKE_TOKEN = 'NO_RECAPTCHA';
3517
+ var RecaptchaEnterpriseVerifier = /** @class */ (function () {
3518
+ /**
3519
+ *
3520
+ * @param authExtern - The corresponding Firebase {@link Auth} instance.
3521
+ *
3522
+ */
3523
+ function RecaptchaEnterpriseVerifier(authExtern) {
3524
+ /**
3525
+ * Identifies the type of application verifier (e.g. "recaptcha-enterprise").
3526
+ */
3527
+ this.type = RECAPTCHA_ENTERPRISE_VERIFIER_TYPE;
3528
+ this.auth = _castAuth(authExtern);
3529
+ }
3530
+ /**
3531
+ * Executes the verification process.
3532
+ *
3533
+ * @returns A Promise for a token that can be used to assert the validity of a request.
3534
+ */
3535
+ RecaptchaEnterpriseVerifier.prototype.verify = function (action, forceRefresh) {
3536
+ if (action === void 0) { action = 'verify'; }
3537
+ if (forceRefresh === void 0) { forceRefresh = false; }
3538
+ return tslib.__awaiter(this, void 0, void 0, function () {
3539
+ function retrieveSiteKey(auth) {
3540
+ return tslib.__awaiter(this, void 0, void 0, function () {
3541
+ var _this = this;
3542
+ return tslib.__generator(this, function (_a) {
3543
+ if (!forceRefresh) {
3544
+ if (auth.tenantId == null && auth._agentRecaptchaConfig != null) {
3545
+ return [2 /*return*/, auth._agentRecaptchaConfig.siteKey];
3546
+ }
3547
+ if (auth.tenantId != null &&
3548
+ auth._tenantRecaptchaConfigs[auth.tenantId] !== undefined) {
3549
+ return [2 /*return*/, auth._tenantRecaptchaConfigs[auth.tenantId].siteKey];
3550
+ }
3421
3551
  }
3422
- return [2 /*return*/, appCheckTokenResult === null || appCheckTokenResult === void 0 ? void 0 : appCheckTokenResult.token];
3552
+ return [2 /*return*/, new Promise(function (resolve, reject) { return tslib.__awaiter(_this, void 0, void 0, function () {
3553
+ return tslib.__generator(this, function (_a) {
3554
+ getRecaptchaConfig(auth, {
3555
+ clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */,
3556
+ version: "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
3557
+ })
3558
+ .then(function (response) {
3559
+ if (response.recaptchaKey === undefined) {
3560
+ reject(new Error('recaptcha Enterprise site key undefined'));
3561
+ }
3562
+ else {
3563
+ var config = new RecaptchaConfig(response);
3564
+ if (auth.tenantId == null) {
3565
+ auth._agentRecaptchaConfig = config;
3566
+ }
3567
+ else {
3568
+ auth._tenantRecaptchaConfigs[auth.tenantId] = config;
3569
+ }
3570
+ return resolve(config.siteKey);
3571
+ }
3572
+ })
3573
+ .catch(function (error) {
3574
+ reject(error);
3575
+ });
3576
+ return [2 /*return*/];
3577
+ });
3578
+ }); })];
3579
+ });
3580
+ });
3581
+ }
3582
+ function retrieveRecaptchaToken(siteKey, resolve, reject) {
3583
+ var grecaptcha = window.grecaptcha;
3584
+ if (isEnterprise(grecaptcha)) {
3585
+ grecaptcha.enterprise.ready(function () {
3586
+ grecaptcha.enterprise
3587
+ .execute(siteKey, { action: action })
3588
+ .then(function (token) {
3589
+ resolve(token);
3590
+ })
3591
+ .catch(function () {
3592
+ resolve(FAKE_TOKEN);
3593
+ });
3594
+ });
3595
+ }
3596
+ else {
3597
+ reject(Error('No reCAPTCHA enterprise script loaded.'));
3423
3598
  }
3599
+ }
3600
+ var _this = this;
3601
+ return tslib.__generator(this, function (_a) {
3602
+ return [2 /*return*/, new Promise(function (resolve, reject) {
3603
+ retrieveSiteKey(_this.auth)
3604
+ .then(function (siteKey) {
3605
+ if (!forceRefresh && isEnterprise(window.grecaptcha)) {
3606
+ retrieveRecaptchaToken(siteKey, resolve, reject);
3607
+ }
3608
+ else {
3609
+ if (typeof window === 'undefined') {
3610
+ reject(new Error('RecaptchaVerifier is only supported in browser'));
3611
+ return;
3612
+ }
3613
+ _loadJS(RECAPTCHA_ENTERPRISE_URL + siteKey)
3614
+ .then(function () {
3615
+ retrieveRecaptchaToken(siteKey, resolve, reject);
3616
+ })
3617
+ .catch(function (error) {
3618
+ reject(error);
3619
+ });
3620
+ }
3621
+ })
3622
+ .catch(function (error) {
3623
+ reject(error);
3624
+ });
3625
+ })];
3424
3626
  });
3425
3627
  });
3426
3628
  };
3427
- return AuthImpl;
3629
+ return RecaptchaEnterpriseVerifier;
3428
3630
  }());
3429
- /**
3430
- * Method to be used to cast down to our private implmentation of Auth.
3431
- * It will also handle unwrapping from the compat type if necessary
3432
- *
3433
- * @param auth Auth object passed in from developer
3434
- */
3435
- function _castAuth(auth) {
3436
- return util.getModularInstance(auth);
3631
+ function injectRecaptchaFields(auth, request, action, captchaResp) {
3632
+ if (captchaResp === void 0) { captchaResp = false; }
3633
+ return tslib.__awaiter(this, void 0, void 0, function () {
3634
+ var verifier, captchaResponse, newRequest;
3635
+ return tslib.__generator(this, function (_a) {
3636
+ switch (_a.label) {
3637
+ case 0:
3638
+ verifier = new RecaptchaEnterpriseVerifier(auth);
3639
+ _a.label = 1;
3640
+ case 1:
3641
+ _a.trys.push([1, 3, , 5]);
3642
+ return [4 /*yield*/, verifier.verify(action)];
3643
+ case 2:
3644
+ captchaResponse = _a.sent();
3645
+ return [3 /*break*/, 5];
3646
+ case 3:
3647
+ _a.sent();
3648
+ return [4 /*yield*/, verifier.verify(action, true)];
3649
+ case 4:
3650
+ captchaResponse = _a.sent();
3651
+ return [3 /*break*/, 5];
3652
+ case 5:
3653
+ newRequest = tslib.__assign({}, request);
3654
+ if (!captchaResp) {
3655
+ Object.assign(newRequest, { captchaResponse: captchaResponse });
3656
+ }
3657
+ else {
3658
+ Object.assign(newRequest, { 'captchaResp': captchaResponse });
3659
+ }
3660
+ Object.assign(newRequest, { 'clientType': "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */ });
3661
+ Object.assign(newRequest, {
3662
+ 'recaptchaVersion': "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
3663
+ });
3664
+ return [2 /*return*/, newRequest];
3665
+ }
3666
+ });
3667
+ });
3437
3668
  }
3438
- /** Helper class to wrap subscriber logic */
3439
- var Subscription = /** @class */ (function () {
3440
- function Subscription(auth) {
3441
- var _this = this;
3442
- this.auth = auth;
3443
- this.observer = null;
3444
- this.addObserver = util.createSubscribe(function (observer) { return (_this.observer = observer); });
3445
- }
3446
- Object.defineProperty(Subscription.prototype, "next", {
3447
- get: function () {
3448
- _assert(this.observer, this.auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
3449
- return this.observer.next.bind(this.observer);
3450
- },
3451
- enumerable: false,
3452
- configurable: true
3669
+ function _initializeRecaptchaConfig(auth) {
3670
+ return tslib.__awaiter(this, void 0, void 0, function () {
3671
+ var authInternal, response, config, verifier;
3672
+ return tslib.__generator(this, function (_a) {
3673
+ switch (_a.label) {
3674
+ case 0:
3675
+ authInternal = _castAuth(auth);
3676
+ return [4 /*yield*/, getRecaptchaConfig(authInternal, {
3677
+ clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */,
3678
+ version: "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
3679
+ })];
3680
+ case 1:
3681
+ response = _a.sent();
3682
+ config = new RecaptchaConfig(response);
3683
+ if (authInternal.tenantId == null) {
3684
+ authInternal._agentRecaptchaConfig = config;
3685
+ }
3686
+ else {
3687
+ authInternal._tenantRecaptchaConfigs[authInternal.tenantId] = config;
3688
+ }
3689
+ if (config.emailPasswordEnabled) {
3690
+ verifier = new RecaptchaEnterpriseVerifier(authInternal);
3691
+ void verifier.verify();
3692
+ }
3693
+ return [2 /*return*/];
3694
+ }
3695
+ });
3453
3696
  });
3454
- return Subscription;
3455
- }());
3697
+ }
3456
3698
 
3457
3699
  /**
3458
3700
  * @license
@@ -6112,6 +6354,36 @@ function _setActionCodeSettingsOnRequest(auth, request, actionCodeSettings) {
6112
6354
  * See the License for the specific language governing permissions and
6113
6355
  * limitations under the License.
6114
6356
  */
6357
+ /**
6358
+ * Updates the password policy cached in the {@link Auth} instance if a policy is already
6359
+ * cached for the project or tenant.
6360
+ *
6361
+ * @remarks
6362
+ * We only fetch the password policy if the password did not meet policy requirements and
6363
+ * there is an existing policy cached. A developer must call validatePassword at least
6364
+ * once for the cache to be automatically updated.
6365
+ *
6366
+ * @param auth - The {@link Auth} instance.
6367
+ *
6368
+ * @private
6369
+ */
6370
+ function recachePasswordPolicy(auth) {
6371
+ return tslib.__awaiter(this, void 0, void 0, function () {
6372
+ var authInternal;
6373
+ return tslib.__generator(this, function (_a) {
6374
+ switch (_a.label) {
6375
+ case 0:
6376
+ authInternal = _castAuth(auth);
6377
+ if (!authInternal._getPasswordPolicyInternal()) return [3 /*break*/, 2];
6378
+ return [4 /*yield*/, authInternal._updatePasswordPolicy()];
6379
+ case 1:
6380
+ _a.sent();
6381
+ _a.label = 2;
6382
+ case 2: return [2 /*return*/];
6383
+ }
6384
+ });
6385
+ });
6386
+ }
6115
6387
  /**
6116
6388
  * Sends a password reset email to the given email address.
6117
6389
  *
@@ -6215,12 +6487,22 @@ function sendPasswordResetEmail(auth, email, actionCodeSettings) {
6215
6487
  */
6216
6488
  function confirmPasswordReset(auth, oobCode, newPassword) {
6217
6489
  return tslib.__awaiter(this, void 0, void 0, function () {
6490
+ var _this = this;
6218
6491
  return tslib.__generator(this, function (_a) {
6219
6492
  switch (_a.label) {
6220
6493
  case 0: return [4 /*yield*/, resetPassword(util.getModularInstance(auth), {
6221
6494
  oobCode: oobCode,
6222
6495
  newPassword: newPassword
6223
- })];
6496
+ })
6497
+ .catch(function (error) { return tslib.__awaiter(_this, void 0, void 0, function () {
6498
+ return tslib.__generator(this, function (_a) {
6499
+ if (error.code ===
6500
+ "auth/".concat("password-does-not-meet-requirements" /* AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */)) {
6501
+ void recachePasswordPolicy(auth);
6502
+ }
6503
+ throw error;
6504
+ });
6505
+ }); })];
6224
6506
  case 1:
6225
6507
  _a.sent();
6226
6508
  return [2 /*return*/];
@@ -6376,13 +6658,16 @@ function createUserWithEmailAndPassword(auth, email, password) {
6376
6658
  case 1:
6377
6659
  requestWithRecaptcha = _a.sent();
6378
6660
  return [2 /*return*/, signUp(authInternal, requestWithRecaptcha)];
6379
- case 2: return [2 /*return*/, Promise.reject(error)];
6661
+ case 2: throw error;
6380
6662
  }
6381
6663
  });
6382
6664
  }); });
6383
6665
  _b.label = 3;
6384
6666
  case 3: return [4 /*yield*/, signUpResponse.catch(function (error) {
6385
- return Promise.reject(error);
6667
+ if (error.code === "auth/".concat("password-does-not-meet-requirements" /* AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */)) {
6668
+ void recachePasswordPolicy(auth);
6669
+ }
6670
+ throw error;
6386
6671
  })];
6387
6672
  case 4:
6388
6673
  response = _b.sent();
@@ -6414,7 +6699,15 @@ function createUserWithEmailAndPassword(auth, email, password) {
6414
6699
  * @public
6415
6700
  */
6416
6701
  function signInWithEmailAndPassword(auth, email, password) {
6417
- return signInWithCredential(util.getModularInstance(auth), EmailAuthProvider.credential(email, password));
6702
+ var _this = this;
6703
+ return signInWithCredential(util.getModularInstance(auth), EmailAuthProvider.credential(email, password)).catch(function (error) { return tslib.__awaiter(_this, void 0, void 0, function () {
6704
+ return tslib.__generator(this, function (_a) {
6705
+ if (error.code === "auth/".concat("password-does-not-meet-requirements" /* AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */)) {
6706
+ void recachePasswordPolicy(auth);
6707
+ }
6708
+ throw error;
6709
+ });
6710
+ }); });
6418
6711
  }
6419
6712
 
6420
6713
  /**
@@ -7152,8 +7445,39 @@ function setPersistence(auth, persistence) {
7152
7445
  * @public
7153
7446
  */
7154
7447
  function initializeRecaptchaConfig(auth) {
7155
- var authInternal = _castAuth(auth);
7156
- return authInternal.initializeRecaptchaConfig();
7448
+ return _initializeRecaptchaConfig(auth);
7449
+ }
7450
+ /**
7451
+ * Validates the password against the password policy configured for the project or tenant.
7452
+ *
7453
+ * @remarks
7454
+ * If no tenant ID is set on the `Auth` instance, then this method will use the password
7455
+ * policy configured for the project. Otherwise, this method will use the policy configured
7456
+ * for the tenant. If a password policy has not been configured, then the default policy
7457
+ * configured for all projects will be used.
7458
+ *
7459
+ * If an auth flow fails because a submitted password does not meet the password policy
7460
+ * requirements and this method has previously been called, then this method will use the
7461
+ * most recent policy available when called again.
7462
+ *
7463
+ * @example
7464
+ * ```javascript
7465
+ * validatePassword(auth, 'some-password');
7466
+ * ```
7467
+ *
7468
+ * @param auth The {@link Auth} instance.
7469
+ * @param password The password to validate.
7470
+ *
7471
+ * @public
7472
+ */
7473
+ function validatePassword(auth, password) {
7474
+ return tslib.__awaiter(this, void 0, void 0, function () {
7475
+ var authInternal;
7476
+ return tslib.__generator(this, function (_a) {
7477
+ authInternal = _castAuth(auth);
7478
+ return [2 /*return*/, authInternal.validatePassword(password)];
7479
+ });
7480
+ });
7157
7481
  }
7158
7482
  /**
7159
7483
  * Adds an observer for changes to the signed-in user's ID token.
@@ -7575,7 +7899,7 @@ function multiFactor(user) {
7575
7899
  }
7576
7900
 
7577
7901
  var name = "@firebase/auth";
7578
- var version = "1.1.0-canary.e201e5390";
7902
+ var version = "1.1.0-canary.f497a400a";
7579
7903
 
7580
7904
  /**
7581
7905
  * @license
@@ -9056,6 +9380,7 @@ exports.updatePassword = updatePassword;
9056
9380
  exports.updatePhoneNumber = updatePhoneNumber;
9057
9381
  exports.updateProfile = updateProfile;
9058
9382
  exports.useDeviceLanguage = useDeviceLanguage;
9383
+ exports.validatePassword = validatePassword;
9059
9384
  exports.verifyBeforeUpdateEmail = verifyBeforeUpdateEmail;
9060
9385
  exports.verifyPasswordResetCode = verifyPasswordResetCode;
9061
- //# sourceMappingURL=phone-a11d12b4.js.map
9386
+ //# sourceMappingURL=phone-87fdb2ba.js.map