@firebase/auth 1.1.0 → 1.2.0-20230815211035

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (175) hide show
  1. package/README.md +28 -1
  2. package/dist/auth-public.d.ts +119 -0
  3. package/dist/auth.d.ts +179 -2
  4. package/dist/browser-cjs/{index-0b2238be.js → index-4a6bae3a.js} +566 -278
  5. package/dist/browser-cjs/index-4a6bae3a.js.map +1 -0
  6. package/dist/browser-cjs/index.js +3 -2
  7. package/dist/browser-cjs/index.js.map +1 -1
  8. package/dist/browser-cjs/internal.js +3 -2
  9. package/dist/browser-cjs/internal.js.map +1 -1
  10. package/dist/browser-cjs/src/api/errors.d.ts +2 -1
  11. package/dist/browser-cjs/src/api/index.d.ts +2 -1
  12. package/dist/browser-cjs/src/api/password_policy/get_password_policy.d.ts +48 -0
  13. package/dist/browser-cjs/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  14. package/dist/browser-cjs/src/core/auth/auth_impl.d.ts +8 -2
  15. package/dist/browser-cjs/src/core/auth/password_policy_impl.d.ts +59 -0
  16. package/dist/browser-cjs/src/core/auth/password_policy_impl.test.d.ts +17 -0
  17. package/dist/browser-cjs/src/core/errors.d.ts +3 -1
  18. package/dist/browser-cjs/src/core/index.d.ts +25 -1
  19. package/dist/browser-cjs/src/model/auth.d.ts +7 -2
  20. package/dist/browser-cjs/src/model/password_policy.d.ts +111 -0
  21. package/dist/browser-cjs/src/model/public_types.d.ts +88 -0
  22. package/dist/browser-cjs/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  23. package/dist/browser-cjs/src/platform_node/index.d.ts +1 -0
  24. package/dist/browser-cjs/test/helpers/integration/helpers.d.ts +7 -1
  25. package/dist/browser-cjs/test/integration/flows/password_policy.test.d.ts +17 -0
  26. package/dist/cordova/index.js +2 -2
  27. package/dist/cordova/internal.js +2 -2
  28. package/dist/cordova/{popup_redirect-71c1ff0a.js → popup_redirect-03e63fe8.js} +754 -416
  29. package/dist/cordova/popup_redirect-03e63fe8.js.map +1 -0
  30. package/dist/cordova/src/api/errors.d.ts +2 -1
  31. package/dist/cordova/src/api/index.d.ts +2 -1
  32. package/dist/cordova/src/api/password_policy/get_password_policy.d.ts +48 -0
  33. package/dist/cordova/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  34. package/dist/cordova/src/core/auth/auth_impl.d.ts +8 -2
  35. package/dist/cordova/src/core/auth/password_policy_impl.d.ts +59 -0
  36. package/dist/cordova/src/core/auth/password_policy_impl.test.d.ts +17 -0
  37. package/dist/cordova/src/core/errors.d.ts +3 -1
  38. package/dist/cordova/src/core/index.d.ts +25 -1
  39. package/dist/cordova/src/model/auth.d.ts +7 -2
  40. package/dist/cordova/src/model/password_policy.d.ts +111 -0
  41. package/dist/cordova/src/model/public_types.d.ts +88 -0
  42. package/dist/cordova/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  43. package/dist/cordova/src/platform_node/index.d.ts +1 -0
  44. package/dist/cordova/test/helpers/integration/helpers.d.ts +7 -1
  45. package/dist/cordova/test/integration/flows/password_policy.test.d.ts +17 -0
  46. package/dist/esm2017/{index-e24386e7.js → index-a2ce75d7.js} +566 -279
  47. package/dist/esm2017/index-a2ce75d7.js.map +1 -0
  48. package/dist/esm2017/index.js +2 -2
  49. package/dist/esm2017/internal.js +3 -3
  50. package/dist/esm2017/src/api/errors.d.ts +2 -1
  51. package/dist/esm2017/src/api/index.d.ts +2 -1
  52. package/dist/esm2017/src/api/password_policy/get_password_policy.d.ts +48 -0
  53. package/dist/esm2017/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  54. package/dist/esm2017/src/core/auth/auth_impl.d.ts +8 -2
  55. package/dist/esm2017/src/core/auth/password_policy_impl.d.ts +59 -0
  56. package/dist/esm2017/src/core/auth/password_policy_impl.test.d.ts +17 -0
  57. package/dist/esm2017/src/core/errors.d.ts +3 -1
  58. package/dist/esm2017/src/core/index.d.ts +25 -1
  59. package/dist/esm2017/src/model/auth.d.ts +7 -2
  60. package/dist/esm2017/src/model/password_policy.d.ts +111 -0
  61. package/dist/esm2017/src/model/public_types.d.ts +88 -0
  62. package/dist/esm2017/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  63. package/dist/esm2017/src/platform_node/index.d.ts +1 -0
  64. package/dist/esm2017/test/helpers/integration/helpers.d.ts +7 -1
  65. package/dist/esm2017/test/integration/flows/password_policy.test.d.ts +17 -0
  66. package/dist/esm5/{index-be7bff78.js → index-aeb2d939.js} +754 -416
  67. package/dist/esm5/index-aeb2d939.js.map +1 -0
  68. package/dist/esm5/index.js +1 -1
  69. package/dist/esm5/internal.js +2 -2
  70. package/dist/esm5/src/api/errors.d.ts +2 -1
  71. package/dist/esm5/src/api/index.d.ts +2 -1
  72. package/dist/esm5/src/api/password_policy/get_password_policy.d.ts +48 -0
  73. package/dist/esm5/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  74. package/dist/esm5/src/core/auth/auth_impl.d.ts +8 -2
  75. package/dist/esm5/src/core/auth/password_policy_impl.d.ts +59 -0
  76. package/dist/esm5/src/core/auth/password_policy_impl.test.d.ts +17 -0
  77. package/dist/esm5/src/core/errors.d.ts +3 -1
  78. package/dist/esm5/src/core/index.d.ts +25 -1
  79. package/dist/esm5/src/model/auth.d.ts +7 -2
  80. package/dist/esm5/src/model/password_policy.d.ts +111 -0
  81. package/dist/esm5/src/model/public_types.d.ts +88 -0
  82. package/dist/esm5/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  83. package/dist/esm5/src/platform_node/index.d.ts +1 -0
  84. package/dist/esm5/test/helpers/integration/helpers.d.ts +7 -1
  85. package/dist/esm5/test/integration/flows/password_policy.test.d.ts +17 -0
  86. package/dist/index.webworker.esm5.js +828 -490
  87. package/dist/index.webworker.esm5.js.map +1 -1
  88. package/dist/node/index.js +2 -1
  89. package/dist/node/index.js.map +1 -1
  90. package/dist/node/internal.js +2 -1
  91. package/dist/node/internal.js.map +1 -1
  92. package/dist/node/src/api/errors.d.ts +2 -1
  93. package/dist/node/src/api/index.d.ts +2 -1
  94. package/dist/node/src/api/password_policy/get_password_policy.d.ts +48 -0
  95. package/dist/node/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  96. package/dist/node/src/core/auth/auth_impl.d.ts +8 -2
  97. package/dist/node/src/core/auth/password_policy_impl.d.ts +59 -0
  98. package/dist/node/src/core/auth/password_policy_impl.test.d.ts +17 -0
  99. package/dist/node/src/core/errors.d.ts +3 -1
  100. package/dist/node/src/core/index.d.ts +25 -1
  101. package/dist/node/src/model/auth.d.ts +7 -2
  102. package/dist/node/src/model/password_policy.d.ts +111 -0
  103. package/dist/node/src/model/public_types.d.ts +88 -0
  104. package/dist/node/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  105. package/dist/node/src/platform_node/index.d.ts +1 -0
  106. package/dist/node/test/helpers/integration/helpers.d.ts +7 -1
  107. package/dist/node/test/integration/flows/password_policy.test.d.ts +17 -0
  108. package/dist/node/{totp-8a876b1a.js → totp-59663c77.js} +717 -378
  109. package/dist/node/totp-59663c77.js.map +1 -0
  110. package/dist/node-esm/index.js +1 -1
  111. package/dist/node-esm/internal.js +2 -2
  112. package/dist/node-esm/src/api/errors.d.ts +2 -1
  113. package/dist/node-esm/src/api/index.d.ts +2 -1
  114. package/dist/node-esm/src/api/password_policy/get_password_policy.d.ts +48 -0
  115. package/dist/node-esm/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  116. package/dist/node-esm/src/core/auth/auth_impl.d.ts +8 -2
  117. package/dist/node-esm/src/core/auth/password_policy_impl.d.ts +59 -0
  118. package/dist/node-esm/src/core/auth/password_policy_impl.test.d.ts +17 -0
  119. package/dist/node-esm/src/core/errors.d.ts +3 -1
  120. package/dist/node-esm/src/core/index.d.ts +25 -1
  121. package/dist/node-esm/src/model/auth.d.ts +7 -2
  122. package/dist/node-esm/src/model/password_policy.d.ts +111 -0
  123. package/dist/node-esm/src/model/public_types.d.ts +88 -0
  124. package/dist/node-esm/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  125. package/dist/node-esm/src/platform_node/index.d.ts +1 -0
  126. package/dist/node-esm/test/helpers/integration/helpers.d.ts +7 -1
  127. package/dist/node-esm/test/integration/flows/password_policy.test.d.ts +17 -0
  128. package/dist/node-esm/{totp-04ac595e.js → totp-8ca454e8.js} +554 -267
  129. package/dist/node-esm/totp-8ca454e8.js.map +1 -0
  130. package/dist/rn/index.js +2 -1
  131. package/dist/rn/index.js.map +1 -1
  132. package/dist/rn/internal.js +2 -1
  133. package/dist/rn/internal.js.map +1 -1
  134. package/dist/rn/{phone-2132481b.js → phone-14433b21.js} +734 -395
  135. package/dist/rn/phone-14433b21.js.map +1 -0
  136. package/dist/rn/src/api/errors.d.ts +2 -1
  137. package/dist/rn/src/api/index.d.ts +2 -1
  138. package/dist/rn/src/api/password_policy/get_password_policy.d.ts +48 -0
  139. package/dist/rn/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  140. package/dist/rn/src/core/auth/auth_impl.d.ts +8 -2
  141. package/dist/rn/src/core/auth/password_policy_impl.d.ts +59 -0
  142. package/dist/rn/src/core/auth/password_policy_impl.test.d.ts +17 -0
  143. package/dist/rn/src/core/errors.d.ts +3 -1
  144. package/dist/rn/src/core/index.d.ts +25 -1
  145. package/dist/rn/src/model/auth.d.ts +7 -2
  146. package/dist/rn/src/model/password_policy.d.ts +111 -0
  147. package/dist/rn/src/model/public_types.d.ts +88 -0
  148. package/dist/rn/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  149. package/dist/rn/src/platform_node/index.d.ts +1 -0
  150. package/dist/rn/test/helpers/integration/helpers.d.ts +7 -1
  151. package/dist/rn/test/integration/flows/password_policy.test.d.ts +17 -0
  152. package/dist/src/api/errors.d.ts +2 -1
  153. package/dist/src/api/index.d.ts +2 -1
  154. package/dist/src/api/password_policy/get_password_policy.d.ts +48 -0
  155. package/dist/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  156. package/dist/src/core/auth/auth_impl.d.ts +8 -2
  157. package/dist/src/core/auth/password_policy_impl.d.ts +59 -0
  158. package/dist/src/core/auth/password_policy_impl.test.d.ts +17 -0
  159. package/dist/src/core/errors.d.ts +3 -1
  160. package/dist/src/core/index.d.ts +25 -1
  161. package/dist/src/model/auth.d.ts +7 -2
  162. package/dist/src/model/password_policy.d.ts +111 -0
  163. package/dist/src/model/public_types.d.ts +88 -0
  164. package/dist/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  165. package/dist/src/platform_node/index.d.ts +1 -0
  166. package/dist/test/helpers/integration/helpers.d.ts +7 -1
  167. package/dist/test/integration/flows/password_policy.test.d.ts +17 -0
  168. package/package.json +1 -1
  169. package/dist/browser-cjs/index-0b2238be.js.map +0 -1
  170. package/dist/cordova/popup_redirect-71c1ff0a.js.map +0 -1
  171. package/dist/esm2017/index-e24386e7.js.map +0 -1
  172. package/dist/esm5/index-be7bff78.js.map +0 -1
  173. package/dist/node/totp-8a876b1a.js.map +0 -1
  174. package/dist/node-esm/totp-04ac595e.js.map +0 -1
  175. package/dist/rn/phone-2132481b.js.map +0 -1
@@ -103,6 +103,53 @@ var ActionCodeOperation = {
103
103
  VERIFY_EMAIL: 'VERIFY_EMAIL'
104
104
  };
105
105
 
106
+ /**
107
+ * @license
108
+ * Copyright 2020 Google LLC
109
+ *
110
+ * Licensed under the Apache License, Version 2.0 (the "License");
111
+ * you may not use this file except in compliance with the License.
112
+ * You may obtain a copy of the License at
113
+ *
114
+ * http://www.apache.org/licenses/LICENSE-2.0
115
+ *
116
+ * Unless required by applicable law or agreed to in writing, software
117
+ * distributed under the License is distributed on an "AS IS" BASIS,
118
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
119
+ * See the License for the specific language governing permissions and
120
+ * limitations under the License.
121
+ */
122
+ function isV2(grecaptcha) {
123
+ return (grecaptcha !== undefined &&
124
+ grecaptcha.getResponse !== undefined);
125
+ }
126
+ function isEnterprise(grecaptcha) {
127
+ return (grecaptcha !== undefined &&
128
+ grecaptcha.enterprise !== undefined);
129
+ }
130
+ var RecaptchaConfig = /** @class */ (function () {
131
+ function RecaptchaConfig(response) {
132
+ /**
133
+ * The reCAPTCHA site key.
134
+ */
135
+ this.siteKey = '';
136
+ /**
137
+ * The reCAPTCHA enablement status of the {@link EmailAuthProvider} for the current tenant.
138
+ */
139
+ this.emailPasswordEnabled = false;
140
+ if (response.recaptchaKey === undefined) {
141
+ throw new Error('recaptchaKey undefined');
142
+ }
143
+ // Example response.recaptchaKey: "projects/proj123/keys/sitekey123"
144
+ this.siteKey = response.recaptchaKey.split('/')[3];
145
+ this.emailPasswordEnabled = response.recaptchaEnforcementState.some(function (enforcementState) {
146
+ return enforcementState.provider === 'EMAIL_PASSWORD_PROVIDER' &&
147
+ enforcementState.enforcementState !== 'OFF';
148
+ });
149
+ }
150
+ return RecaptchaConfig;
151
+ }());
152
+
106
153
  /**
107
154
  * @license
108
155
  * Copyright 2020 Google LLC
@@ -275,6 +322,8 @@ function _debugErrorMap() {
275
322
  _a["missing-recaptcha-version" /* AuthErrorCode.MISSING_RECAPTCHA_VERSION */] = 'The reCAPTCHA version is missing when sending request to the backend.',
276
323
  _a["invalid-req-type" /* AuthErrorCode.INVALID_REQ_TYPE */] = 'Invalid request parameters.',
277
324
  _a["invalid-recaptcha-version" /* AuthErrorCode.INVALID_RECAPTCHA_VERSION */] = 'The reCAPTCHA version is invalid when sending request to the backend.',
325
+ _a["unsupported-password-policy-schema-version" /* AuthErrorCode.UNSUPPORTED_PASSWORD_POLICY_SCHEMA_VERSION */] = 'The password policy received from the backend uses a schema version that is not supported by this version of the Firebase SDK.',
326
+ _a["password-does-not-meet-requirements" /* AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */] = 'The password does not meet the requirements.',
278
327
  _a;
279
328
  }
280
329
  function _prodErrorMap() {
@@ -820,6 +869,7 @@ var SERVER_ERROR_MAP = (_a$1 = {},
820
869
  _a$1["USER_NOT_FOUND" /* ServerError.USER_NOT_FOUND */] = "user-token-expired" /* AuthErrorCode.TOKEN_EXPIRED */,
821
870
  // Other errors.
822
871
  _a$1["TOO_MANY_ATTEMPTS_TRY_LATER" /* ServerError.TOO_MANY_ATTEMPTS_TRY_LATER */] = "too-many-requests" /* AuthErrorCode.TOO_MANY_ATTEMPTS_TRY_LATER */,
872
+ _a$1["PASSWORD_DOES_NOT_MEET_REQUIREMENTS" /* ServerError.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */] = "password-does-not-meet-requirements" /* AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */,
823
873
  // Phone Auth related errors.
824
874
  _a$1["INVALID_CODE" /* ServerError.INVALID_CODE */] = "invalid-verification-code" /* AuthErrorCode.INVALID_CODE */,
825
875
  _a$1["INVALID_SESSION_INFO" /* ServerError.INVALID_SESSION_INFO */] = "invalid-verification-id" /* AuthErrorCode.INVALID_SESSION_INFO */,
@@ -1045,6 +1095,40 @@ function _makeTaggedError(auth, code, response) {
1045
1095
  return error;
1046
1096
  }
1047
1097
 
1098
+ /**
1099
+ * @license
1100
+ * Copyright 2020 Google LLC
1101
+ *
1102
+ * Licensed under the Apache License, Version 2.0 (the "License");
1103
+ * you may not use this file except in compliance with the License.
1104
+ * You may obtain a copy of the License at
1105
+ *
1106
+ * http://www.apache.org/licenses/LICENSE-2.0
1107
+ *
1108
+ * Unless required by applicable law or agreed to in writing, software
1109
+ * distributed under the License is distributed on an "AS IS" BASIS,
1110
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1111
+ * See the License for the specific language governing permissions and
1112
+ * limitations under the License.
1113
+ */
1114
+ function getRecaptchaParams(auth) {
1115
+ return __awaiter(this, void 0, void 0, function () {
1116
+ return __generator(this, function (_a) {
1117
+ switch (_a.label) {
1118
+ case 0: return [4 /*yield*/, _performApiRequest(auth, "GET" /* HttpMethod.GET */, "/v1/recaptchaParams" /* Endpoint.GET_RECAPTCHA_PARAM */)];
1119
+ case 1: return [2 /*return*/, ((_a.sent()).recaptchaSiteKey || '')];
1120
+ }
1121
+ });
1122
+ });
1123
+ }
1124
+ function getRecaptchaConfig(auth, request) {
1125
+ return __awaiter(this, void 0, void 0, function () {
1126
+ return __generator(this, function (_a) {
1127
+ return [2 /*return*/, _performApiRequest(auth, "GET" /* HttpMethod.GET */, "/v2/recaptchaConfig" /* Endpoint.GET_RECAPTCHA_CONFIG */, _addTidIfNecessary(auth, request))];
1128
+ });
1129
+ });
1130
+ }
1131
+
1048
1132
  /**
1049
1133
  * @license
1050
1134
  * Copyright 2020 Google LLC
@@ -2443,7 +2527,7 @@ function _getClientVersion(clientPlatform, frameworks) {
2443
2527
 
2444
2528
  /**
2445
2529
  * @license
2446
- * Copyright 2020 Google LLC
2530
+ * Copyright 2022 Google LLC
2447
2531
  *
2448
2532
  * Licensed under the Apache License, Version 2.0 (the "License");
2449
2533
  * you may not use this file except in compliance with the License.
@@ -2457,27 +2541,129 @@ function _getClientVersion(clientPlatform, frameworks) {
2457
2541
  * See the License for the specific language governing permissions and
2458
2542
  * limitations under the License.
2459
2543
  */
2460
- function getRecaptchaParams(auth) {
2461
- return __awaiter(this, void 0, void 0, function () {
2462
- return __generator(this, function (_a) {
2463
- switch (_a.label) {
2464
- case 0: return [4 /*yield*/, _performApiRequest(auth, "GET" /* HttpMethod.GET */, "/v1/recaptchaParams" /* Endpoint.GET_RECAPTCHA_PARAM */)];
2465
- case 1: return [2 /*return*/, ((_a.sent()).recaptchaSiteKey || '')];
2466
- }
2544
+ var AuthMiddlewareQueue = /** @class */ (function () {
2545
+ function AuthMiddlewareQueue(auth) {
2546
+ this.auth = auth;
2547
+ this.queue = [];
2548
+ }
2549
+ AuthMiddlewareQueue.prototype.pushCallback = function (callback, onAbort) {
2550
+ var _this = this;
2551
+ // The callback could be sync or async. Wrap it into a
2552
+ // function that is always async.
2553
+ var wrappedCallback = function (user) {
2554
+ return new Promise(function (resolve, reject) {
2555
+ try {
2556
+ var result = callback(user);
2557
+ // Either resolve with existing promise or wrap a non-promise
2558
+ // return value into a promise.
2559
+ resolve(result);
2560
+ }
2561
+ catch (e) {
2562
+ // Sync callback throws.
2563
+ reject(e);
2564
+ }
2565
+ });
2566
+ };
2567
+ // Attach the onAbort if present
2568
+ wrappedCallback.onAbort = onAbort;
2569
+ this.queue.push(wrappedCallback);
2570
+ var index = this.queue.length - 1;
2571
+ return function () {
2572
+ // Unsubscribe. Replace with no-op. Do not remove from array, or it will disturb
2573
+ // indexing of other elements.
2574
+ _this.queue[index] = function () { return Promise.resolve(); };
2575
+ };
2576
+ };
2577
+ AuthMiddlewareQueue.prototype.runMiddleware = function (nextUser) {
2578
+ return __awaiter(this, void 0, void 0, function () {
2579
+ var onAbortStack, _i, _a, beforeStateCallback, e_1, _b, onAbortStack_1, onAbort;
2580
+ return __generator(this, function (_c) {
2581
+ switch (_c.label) {
2582
+ case 0:
2583
+ if (this.auth.currentUser === nextUser) {
2584
+ return [2 /*return*/];
2585
+ }
2586
+ onAbortStack = [];
2587
+ _c.label = 1;
2588
+ case 1:
2589
+ _c.trys.push([1, 6, , 7]);
2590
+ _i = 0, _a = this.queue;
2591
+ _c.label = 2;
2592
+ case 2:
2593
+ if (!(_i < _a.length)) return [3 /*break*/, 5];
2594
+ beforeStateCallback = _a[_i];
2595
+ return [4 /*yield*/, beforeStateCallback(nextUser)];
2596
+ case 3:
2597
+ _c.sent();
2598
+ // Only push the onAbort if the callback succeeds
2599
+ if (beforeStateCallback.onAbort) {
2600
+ onAbortStack.push(beforeStateCallback.onAbort);
2601
+ }
2602
+ _c.label = 4;
2603
+ case 4:
2604
+ _i++;
2605
+ return [3 /*break*/, 2];
2606
+ case 5: return [3 /*break*/, 7];
2607
+ case 6:
2608
+ e_1 = _c.sent();
2609
+ // Run all onAbort, with separate try/catch to ignore any errors and
2610
+ // continue
2611
+ onAbortStack.reverse();
2612
+ for (_b = 0, onAbortStack_1 = onAbortStack; _b < onAbortStack_1.length; _b++) {
2613
+ onAbort = onAbortStack_1[_b];
2614
+ try {
2615
+ onAbort();
2616
+ }
2617
+ catch (_) {
2618
+ /* swallow error */
2619
+ }
2620
+ }
2621
+ throw this.auth._errorFactory.create("login-blocked" /* AuthErrorCode.LOGIN_BLOCKED */, {
2622
+ originalMessage: e_1 === null || e_1 === void 0 ? void 0 : e_1.message
2623
+ });
2624
+ case 7: return [2 /*return*/];
2625
+ }
2626
+ });
2467
2627
  });
2468
- });
2469
- }
2470
- function getRecaptchaConfig(auth, request) {
2628
+ };
2629
+ return AuthMiddlewareQueue;
2630
+ }());
2631
+
2632
+ /**
2633
+ * @license
2634
+ * Copyright 2023 Google LLC
2635
+ *
2636
+ * Licensed under the Apache License, Version 2.0 (the "License");
2637
+ * you may not use this file except in compliance with the License.
2638
+ * You may obtain a copy of the License at
2639
+ *
2640
+ * http://www.apache.org/licenses/LICENSE-2.0
2641
+ *
2642
+ * Unless required by applicable law or agreed to in writing, software
2643
+ * distributed under the License is distributed on an "AS IS" BASIS,
2644
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
2645
+ * See the License for the specific language governing permissions and
2646
+ * limitations under the License.
2647
+ */
2648
+ /**
2649
+ * Fetches the password policy for the currently set tenant or the project if no tenant is set.
2650
+ *
2651
+ * @param auth Auth object.
2652
+ * @param request Password policy request.
2653
+ * @returns Password policy response.
2654
+ */
2655
+ function _getPasswordPolicy(auth, request) {
2656
+ if (request === void 0) { request = {}; }
2471
2657
  return __awaiter(this, void 0, void 0, function () {
2472
2658
  return __generator(this, function (_a) {
2473
- return [2 /*return*/, _performApiRequest(auth, "GET" /* HttpMethod.GET */, "/v2/recaptchaConfig" /* Endpoint.GET_RECAPTCHA_CONFIG */, _addTidIfNecessary(auth, request))];
2659
+ return [2 /*return*/, _performApiRequest(auth, "GET" /* HttpMethod.GET */, "/v2/passwordPolicy" /* Endpoint.GET_PASSWORD_POLICY */, _addTidIfNecessary(auth, request))];
2474
2660
  });
2475
2661
  });
2476
2662
  }
2477
2663
 
2478
2664
  /**
2479
2665
  * @license
2480
- * Copyright 2020 Google LLC
2666
+ * Copyright 2023 Google LLC
2481
2667
  *
2482
2668
  * Licensed under the Apache License, Version 2.0 (the "License");
2483
2669
  * you may not use this file except in compliance with the License.
@@ -2491,336 +2677,138 @@ function getRecaptchaConfig(auth, request) {
2491
2677
  * See the License for the specific language governing permissions and
2492
2678
  * limitations under the License.
2493
2679
  */
2494
- function isV2(grecaptcha) {
2495
- return (grecaptcha !== undefined &&
2496
- grecaptcha.getResponse !== undefined);
2497
- }
2498
- function isEnterprise(grecaptcha) {
2499
- return (grecaptcha !== undefined &&
2500
- grecaptcha.enterprise !== undefined);
2501
- }
2502
- var RecaptchaConfig = /** @class */ (function () {
2503
- function RecaptchaConfig(response) {
2504
- /**
2505
- * The reCAPTCHA site key.
2506
- */
2507
- this.siteKey = '';
2508
- /**
2509
- * The reCAPTCHA enablement status of the {@link EmailAuthProvider} for the current tenant.
2510
- */
2511
- this.emailPasswordEnabled = false;
2512
- if (response.recaptchaKey === undefined) {
2513
- throw new Error('recaptchaKey undefined');
2680
+ // Minimum min password length enforced by the backend, even if no minimum length is set.
2681
+ var MINIMUM_MIN_PASSWORD_LENGTH = 6;
2682
+ /**
2683
+ * Stores password policy requirements and provides password validation against the policy.
2684
+ *
2685
+ * @internal
2686
+ */
2687
+ var PasswordPolicyImpl = /** @class */ (function () {
2688
+ function PasswordPolicyImpl(response) {
2689
+ var _a, _b, _c, _d;
2690
+ // Only include custom strength options defined in the response.
2691
+ var responseOptions = response.customStrengthOptions;
2692
+ this.customStrengthOptions = {};
2693
+ // TODO: Remove once the backend is updated to include the minimum min password length instead of undefined when there is no minimum length set.
2694
+ this.customStrengthOptions.minPasswordLength =
2695
+ (_a = responseOptions.minPasswordLength) !== null && _a !== void 0 ? _a : MINIMUM_MIN_PASSWORD_LENGTH;
2696
+ if (responseOptions.maxPasswordLength) {
2697
+ this.customStrengthOptions.maxPasswordLength =
2698
+ responseOptions.maxPasswordLength;
2699
+ }
2700
+ if (responseOptions.containsLowercaseCharacter !== undefined) {
2701
+ this.customStrengthOptions.containsLowercaseLetter =
2702
+ responseOptions.containsLowercaseCharacter;
2703
+ }
2704
+ if (responseOptions.containsUppercaseCharacter !== undefined) {
2705
+ this.customStrengthOptions.containsUppercaseLetter =
2706
+ responseOptions.containsUppercaseCharacter;
2707
+ }
2708
+ if (responseOptions.containsNumericCharacter !== undefined) {
2709
+ this.customStrengthOptions.containsNumericCharacter =
2710
+ responseOptions.containsNumericCharacter;
2711
+ }
2712
+ if (responseOptions.containsNonAlphanumericCharacter !== undefined) {
2713
+ this.customStrengthOptions.containsNonAlphanumericCharacter =
2714
+ responseOptions.containsNonAlphanumericCharacter;
2715
+ }
2716
+ this.enforcementState = response.enforcementState;
2717
+ if (this.enforcementState === 'ENFORCEMENT_STATE_UNSPECIFIED') {
2718
+ this.enforcementState = 'OFF';
2719
+ }
2720
+ // Use an empty string if no non-alphanumeric characters are specified in the response.
2721
+ this.allowedNonAlphanumericCharacters =
2722
+ (_c = (_b = response.allowedNonAlphanumericCharacters) === null || _b === void 0 ? void 0 : _b.join('')) !== null && _c !== void 0 ? _c : '';
2723
+ this.forceUpgradeOnSignin = (_d = response.forceUpgradeOnSignin) !== null && _d !== void 0 ? _d : false;
2724
+ this.schemaVersion = response.schemaVersion;
2725
+ }
2726
+ PasswordPolicyImpl.prototype.validatePassword = function (password) {
2727
+ var _a, _b, _c, _d, _e, _f;
2728
+ var status = {
2729
+ isValid: true,
2730
+ passwordPolicy: this
2731
+ };
2732
+ // Check the password length and character options.
2733
+ this.validatePasswordLengthOptions(password, status);
2734
+ this.validatePasswordCharacterOptions(password, status);
2735
+ // Combine the status into single isValid property.
2736
+ status.isValid && (status.isValid = (_a = status.meetsMinPasswordLength) !== null && _a !== void 0 ? _a : true);
2737
+ status.isValid && (status.isValid = (_b = status.meetsMaxPasswordLength) !== null && _b !== void 0 ? _b : true);
2738
+ status.isValid && (status.isValid = (_c = status.containsLowercaseLetter) !== null && _c !== void 0 ? _c : true);
2739
+ status.isValid && (status.isValid = (_d = status.containsUppercaseLetter) !== null && _d !== void 0 ? _d : true);
2740
+ status.isValid && (status.isValid = (_e = status.containsNumericCharacter) !== null && _e !== void 0 ? _e : true);
2741
+ status.isValid && (status.isValid = (_f = status.containsNonAlphanumericCharacter) !== null && _f !== void 0 ? _f : true);
2742
+ return status;
2743
+ };
2744
+ /**
2745
+ * Validates that the password meets the length options for the policy.
2746
+ *
2747
+ * @param password Password to validate.
2748
+ * @param status Validation status.
2749
+ */
2750
+ PasswordPolicyImpl.prototype.validatePasswordLengthOptions = function (password, status) {
2751
+ var minPasswordLength = this.customStrengthOptions.minPasswordLength;
2752
+ var maxPasswordLength = this.customStrengthOptions.maxPasswordLength;
2753
+ if (minPasswordLength) {
2754
+ status.meetsMinPasswordLength = password.length >= minPasswordLength;
2514
2755
  }
2515
- // Example response.recaptchaKey: "projects/proj123/keys/sitekey123"
2516
- this.siteKey = response.recaptchaKey.split('/')[3];
2517
- this.emailPasswordEnabled = response.recaptchaEnforcementState.some(function (enforcementState) {
2518
- return enforcementState.provider === 'EMAIL_PASSWORD_PROVIDER' &&
2519
- enforcementState.enforcementState !== 'OFF';
2520
- });
2521
- }
2522
- return RecaptchaConfig;
2523
- }());
2524
-
2525
- /**
2526
- * @license
2527
- * Copyright 2020 Google LLC
2528
- *
2529
- * Licensed under the Apache License, Version 2.0 (the "License");
2530
- * you may not use this file except in compliance with the License.
2531
- * You may obtain a copy of the License at
2532
- *
2533
- * http://www.apache.org/licenses/LICENSE-2.0
2534
- *
2535
- * Unless required by applicable law or agreed to in writing, software
2536
- * distributed under the License is distributed on an "AS IS" BASIS,
2537
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
2538
- * See the License for the specific language governing permissions and
2539
- * limitations under the License.
2540
- */
2541
- function getScriptParentElement() {
2542
- var _a, _b;
2543
- return (_b = (_a = document.getElementsByTagName('head')) === null || _a === void 0 ? void 0 : _a[0]) !== null && _b !== void 0 ? _b : document;
2544
- }
2545
- function _loadJS(url) {
2546
- // TODO: consider adding timeout support & cancellation
2547
- return new Promise(function (resolve, reject) {
2548
- var el = document.createElement('script');
2549
- el.setAttribute('src', url);
2550
- el.onload = resolve;
2551
- el.onerror = function (e) {
2552
- var error = _createError("internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
2553
- error.customData = e;
2554
- reject(error);
2555
- };
2556
- el.type = 'text/javascript';
2557
- el.charset = 'UTF-8';
2558
- getScriptParentElement().appendChild(el);
2559
- });
2560
- }
2561
- function _generateCallbackName(prefix) {
2562
- return "__".concat(prefix).concat(Math.floor(Math.random() * 1000000));
2563
- }
2564
-
2565
- /* eslint-disable @typescript-eslint/no-require-imports */
2566
- var RECAPTCHA_ENTERPRISE_URL = 'https://www.google.com/recaptcha/enterprise.js?render=';
2567
- var RECAPTCHA_ENTERPRISE_VERIFIER_TYPE = 'recaptcha-enterprise';
2568
- var FAKE_TOKEN = 'NO_RECAPTCHA';
2569
- var RecaptchaEnterpriseVerifier = /** @class */ (function () {
2570
- /**
2571
- *
2572
- * @param authExtern - The corresponding Firebase {@link Auth} instance.
2573
- *
2574
- */
2575
- function RecaptchaEnterpriseVerifier(authExtern) {
2576
- /**
2577
- * Identifies the type of application verifier (e.g. "recaptcha-enterprise").
2578
- */
2579
- this.type = RECAPTCHA_ENTERPRISE_VERIFIER_TYPE;
2580
- this.auth = _castAuth(authExtern);
2581
- }
2582
- /**
2583
- * Executes the verification process.
2584
- *
2585
- * @returns A Promise for a token that can be used to assert the validity of a request.
2586
- */
2587
- RecaptchaEnterpriseVerifier.prototype.verify = function (action, forceRefresh) {
2588
- if (action === void 0) { action = 'verify'; }
2589
- if (forceRefresh === void 0) { forceRefresh = false; }
2590
- return __awaiter(this, void 0, void 0, function () {
2591
- function retrieveSiteKey(auth) {
2592
- return __awaiter(this, void 0, void 0, function () {
2593
- var _this = this;
2594
- return __generator(this, function (_a) {
2595
- if (!forceRefresh) {
2596
- if (auth.tenantId == null && auth._agentRecaptchaConfig != null) {
2597
- return [2 /*return*/, auth._agentRecaptchaConfig.siteKey];
2598
- }
2599
- if (auth.tenantId != null &&
2600
- auth._tenantRecaptchaConfigs[auth.tenantId] !== undefined) {
2601
- return [2 /*return*/, auth._tenantRecaptchaConfigs[auth.tenantId].siteKey];
2602
- }
2603
- }
2604
- return [2 /*return*/, new Promise(function (resolve, reject) { return __awaiter(_this, void 0, void 0, function () {
2605
- return __generator(this, function (_a) {
2606
- getRecaptchaConfig(auth, {
2607
- clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */,
2608
- version: "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
2609
- })
2610
- .then(function (response) {
2611
- if (response.recaptchaKey === undefined) {
2612
- reject(new Error('recaptcha Enterprise site key undefined'));
2613
- }
2614
- else {
2615
- var config = new RecaptchaConfig(response);
2616
- if (auth.tenantId == null) {
2617
- auth._agentRecaptchaConfig = config;
2618
- }
2619
- else {
2620
- auth._tenantRecaptchaConfigs[auth.tenantId] = config;
2621
- }
2622
- return resolve(config.siteKey);
2623
- }
2624
- })
2625
- .catch(function (error) {
2626
- reject(error);
2627
- });
2628
- return [2 /*return*/];
2629
- });
2630
- }); })];
2631
- });
2632
- });
2633
- }
2634
- function retrieveRecaptchaToken(siteKey, resolve, reject) {
2635
- var grecaptcha = window.grecaptcha;
2636
- if (isEnterprise(grecaptcha)) {
2637
- grecaptcha.enterprise.ready(function () {
2638
- grecaptcha.enterprise
2639
- .execute(siteKey, { action: action })
2640
- .then(function (token) {
2641
- resolve(token);
2642
- })
2643
- .catch(function () {
2644
- resolve(FAKE_TOKEN);
2645
- });
2646
- });
2647
- }
2648
- else {
2649
- reject(Error('No reCAPTCHA enterprise script loaded.'));
2650
- }
2651
- }
2652
- var _this = this;
2653
- return __generator(this, function (_a) {
2654
- return [2 /*return*/, new Promise(function (resolve, reject) {
2655
- retrieveSiteKey(_this.auth)
2656
- .then(function (siteKey) {
2657
- if (!forceRefresh && isEnterprise(window.grecaptcha)) {
2658
- retrieveRecaptchaToken(siteKey, resolve, reject);
2659
- }
2660
- else {
2661
- if (typeof window === 'undefined') {
2662
- reject(new Error('RecaptchaVerifier is only supported in browser'));
2663
- return;
2664
- }
2665
- _loadJS(RECAPTCHA_ENTERPRISE_URL + siteKey)
2666
- .then(function () {
2667
- retrieveRecaptchaToken(siteKey, resolve, reject);
2668
- })
2669
- .catch(function (error) {
2670
- reject(error);
2671
- });
2672
- }
2673
- })
2674
- .catch(function (error) {
2675
- reject(error);
2676
- });
2677
- })];
2678
- });
2679
- });
2680
- };
2681
- return RecaptchaEnterpriseVerifier;
2682
- }());
2683
- function injectRecaptchaFields(auth, request, action, captchaResp) {
2684
- if (captchaResp === void 0) { captchaResp = false; }
2685
- return __awaiter(this, void 0, void 0, function () {
2686
- var verifier, captchaResponse, newRequest;
2687
- return __generator(this, function (_a) {
2688
- switch (_a.label) {
2689
- case 0:
2690
- verifier = new RecaptchaEnterpriseVerifier(auth);
2691
- _a.label = 1;
2692
- case 1:
2693
- _a.trys.push([1, 3, , 5]);
2694
- return [4 /*yield*/, verifier.verify(action)];
2695
- case 2:
2696
- captchaResponse = _a.sent();
2697
- return [3 /*break*/, 5];
2698
- case 3:
2699
- _a.sent();
2700
- return [4 /*yield*/, verifier.verify(action, true)];
2701
- case 4:
2702
- captchaResponse = _a.sent();
2703
- return [3 /*break*/, 5];
2704
- case 5:
2705
- newRequest = __assign({}, request);
2706
- if (!captchaResp) {
2707
- Object.assign(newRequest, { captchaResponse: captchaResponse });
2708
- }
2709
- else {
2710
- Object.assign(newRequest, { 'captchaResp': captchaResponse });
2711
- }
2712
- Object.assign(newRequest, { 'clientType': "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */ });
2713
- Object.assign(newRequest, {
2714
- 'recaptchaVersion': "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
2715
- });
2716
- return [2 /*return*/, newRequest];
2717
- }
2718
- });
2719
- });
2720
- }
2721
-
2722
- /**
2723
- * @license
2724
- * Copyright 2022 Google LLC
2725
- *
2726
- * Licensed under the Apache License, Version 2.0 (the "License");
2727
- * you may not use this file except in compliance with the License.
2728
- * You may obtain a copy of the License at
2729
- *
2730
- * http://www.apache.org/licenses/LICENSE-2.0
2731
- *
2732
- * Unless required by applicable law or agreed to in writing, software
2733
- * distributed under the License is distributed on an "AS IS" BASIS,
2734
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
2735
- * See the License for the specific language governing permissions and
2736
- * limitations under the License.
2737
- */
2738
- var AuthMiddlewareQueue = /** @class */ (function () {
2739
- function AuthMiddlewareQueue(auth) {
2740
- this.auth = auth;
2741
- this.queue = [];
2742
- }
2743
- AuthMiddlewareQueue.prototype.pushCallback = function (callback, onAbort) {
2744
- var _this = this;
2745
- // The callback could be sync or async. Wrap it into a
2746
- // function that is always async.
2747
- var wrappedCallback = function (user) {
2748
- return new Promise(function (resolve, reject) {
2749
- try {
2750
- var result = callback(user);
2751
- // Either resolve with existing promise or wrap a non-promise
2752
- // return value into a promise.
2753
- resolve(result);
2754
- }
2755
- catch (e) {
2756
- // Sync callback throws.
2757
- reject(e);
2758
- }
2759
- });
2760
- };
2761
- // Attach the onAbort if present
2762
- wrappedCallback.onAbort = onAbort;
2763
- this.queue.push(wrappedCallback);
2764
- var index = this.queue.length - 1;
2765
- return function () {
2766
- // Unsubscribe. Replace with no-op. Do not remove from array, or it will disturb
2767
- // indexing of other elements.
2768
- _this.queue[index] = function () { return Promise.resolve(); };
2769
- };
2770
- };
2771
- AuthMiddlewareQueue.prototype.runMiddleware = function (nextUser) {
2772
- return __awaiter(this, void 0, void 0, function () {
2773
- var onAbortStack, _i, _a, beforeStateCallback, e_1, _b, onAbortStack_1, onAbort;
2774
- return __generator(this, function (_c) {
2775
- switch (_c.label) {
2776
- case 0:
2777
- if (this.auth.currentUser === nextUser) {
2778
- return [2 /*return*/];
2779
- }
2780
- onAbortStack = [];
2781
- _c.label = 1;
2782
- case 1:
2783
- _c.trys.push([1, 6, , 7]);
2784
- _i = 0, _a = this.queue;
2785
- _c.label = 2;
2786
- case 2:
2787
- if (!(_i < _a.length)) return [3 /*break*/, 5];
2788
- beforeStateCallback = _a[_i];
2789
- return [4 /*yield*/, beforeStateCallback(nextUser)];
2790
- case 3:
2791
- _c.sent();
2792
- // Only push the onAbort if the callback succeeds
2793
- if (beforeStateCallback.onAbort) {
2794
- onAbortStack.push(beforeStateCallback.onAbort);
2795
- }
2796
- _c.label = 4;
2797
- case 4:
2798
- _i++;
2799
- return [3 /*break*/, 2];
2800
- case 5: return [3 /*break*/, 7];
2801
- case 6:
2802
- e_1 = _c.sent();
2803
- // Run all onAbort, with separate try/catch to ignore any errors and
2804
- // continue
2805
- onAbortStack.reverse();
2806
- for (_b = 0, onAbortStack_1 = onAbortStack; _b < onAbortStack_1.length; _b++) {
2807
- onAbort = onAbortStack_1[_b];
2808
- try {
2809
- onAbort();
2810
- }
2811
- catch (_) {
2812
- /* swallow error */
2813
- }
2814
- }
2815
- throw this.auth._errorFactory.create("login-blocked" /* AuthErrorCode.LOGIN_BLOCKED */, {
2816
- originalMessage: e_1 === null || e_1 === void 0 ? void 0 : e_1.message
2817
- });
2818
- case 7: return [2 /*return*/];
2819
- }
2820
- });
2821
- });
2822
- };
2823
- return AuthMiddlewareQueue;
2756
+ if (maxPasswordLength) {
2757
+ status.meetsMaxPasswordLength = password.length <= maxPasswordLength;
2758
+ }
2759
+ };
2760
+ /**
2761
+ * Validates that the password meets the character options for the policy.
2762
+ *
2763
+ * @param password Password to validate.
2764
+ * @param status Validation status.
2765
+ */
2766
+ PasswordPolicyImpl.prototype.validatePasswordCharacterOptions = function (password, status) {
2767
+ // Assign statuses for requirements even if the password is an empty string.
2768
+ this.updatePasswordCharacterOptionsStatuses(status,
2769
+ /* containsLowercaseCharacter= */ false,
2770
+ /* containsUppercaseCharacter= */ false,
2771
+ /* containsNumericCharacter= */ false,
2772
+ /* containsNonAlphanumericCharacter= */ false);
2773
+ var passwordChar;
2774
+ for (var i = 0; i < password.length; i++) {
2775
+ passwordChar = password.charAt(i);
2776
+ this.updatePasswordCharacterOptionsStatuses(status,
2777
+ /* containsLowercaseCharacter= */ passwordChar >= 'a' &&
2778
+ passwordChar <= 'z',
2779
+ /* containsUppercaseCharacter= */ passwordChar >= 'A' &&
2780
+ passwordChar <= 'Z',
2781
+ /* containsNumericCharacter= */ passwordChar >= '0' &&
2782
+ passwordChar <= '9',
2783
+ /* containsNonAlphanumericCharacter= */ this.allowedNonAlphanumericCharacters.includes(passwordChar));
2784
+ }
2785
+ };
2786
+ /**
2787
+ * Updates the running validation status with the statuses for the character options.
2788
+ * Expected to be called each time a character is processed to update each option status
2789
+ * based on the current character.
2790
+ *
2791
+ * @param status Validation status.
2792
+ * @param containsLowercaseCharacter Whether the character is a lowercase letter.
2793
+ * @param containsUppercaseCharacter Whether the character is an uppercase letter.
2794
+ * @param containsNumericCharacter Whether the character is a numeric character.
2795
+ * @param containsNonAlphanumericCharacter Whether the character is a non-alphanumeric character.
2796
+ */
2797
+ PasswordPolicyImpl.prototype.updatePasswordCharacterOptionsStatuses = function (status, containsLowercaseCharacter, containsUppercaseCharacter, containsNumericCharacter, containsNonAlphanumericCharacter) {
2798
+ if (this.customStrengthOptions.containsLowercaseLetter) {
2799
+ status.containsLowercaseLetter || (status.containsLowercaseLetter = containsLowercaseCharacter);
2800
+ }
2801
+ if (this.customStrengthOptions.containsUppercaseLetter) {
2802
+ status.containsUppercaseLetter || (status.containsUppercaseLetter = containsUppercaseCharacter);
2803
+ }
2804
+ if (this.customStrengthOptions.containsNumericCharacter) {
2805
+ status.containsNumericCharacter || (status.containsNumericCharacter = containsNumericCharacter);
2806
+ }
2807
+ if (this.customStrengthOptions.containsNonAlphanumericCharacter) {
2808
+ status.containsNonAlphanumericCharacter || (status.containsNonAlphanumericCharacter = containsNonAlphanumericCharacter);
2809
+ }
2810
+ };
2811
+ return PasswordPolicyImpl;
2824
2812
  }());
2825
2813
 
2826
2814
  /**
@@ -2853,6 +2841,7 @@ var AuthImpl = /** @class */ (function () {
2853
2841
  this.beforeStateQueue = new AuthMiddlewareQueue(this);
2854
2842
  this.redirectUser = null;
2855
2843
  this.isProactiveRefreshEnabled = false;
2844
+ this.EXPECTED_PASSWORD_POLICY_SCHEMA_VERSION = 1;
2856
2845
  // Any network calls will set this to true and prevent subsequent emulator
2857
2846
  // initialization
2858
2847
  this._canInitEmulator = true;
@@ -2863,6 +2852,8 @@ var AuthImpl = /** @class */ (function () {
2863
2852
  this._errorFactory = _DEFAULT_AUTH_ERROR_FACTORY;
2864
2853
  this._agentRecaptchaConfig = null;
2865
2854
  this._tenantRecaptchaConfigs = {};
2855
+ this._projectPasswordPolicy = null;
2856
+ this._tenantPasswordPolicies = {};
2866
2857
  // Tracks the last notified UID for state change listeners to prevent
2867
2858
  // repeated calls to the callbacks. Undefined means it's never been
2868
2859
  // called, whereas null means it's been called with a signed out user
@@ -3192,41 +3183,66 @@ var AuthImpl = /** @class */ (function () {
3192
3183
  });
3193
3184
  }); });
3194
3185
  };
3195
- AuthImpl.prototype.initializeRecaptchaConfig = function () {
3186
+ AuthImpl.prototype._getRecaptchaConfig = function () {
3187
+ if (this.tenantId == null) {
3188
+ return this._agentRecaptchaConfig;
3189
+ }
3190
+ else {
3191
+ return this._tenantRecaptchaConfigs[this.tenantId];
3192
+ }
3193
+ };
3194
+ AuthImpl.prototype.validatePassword = function (password) {
3196
3195
  return __awaiter(this, void 0, void 0, function () {
3197
- var response, config, verifier;
3196
+ var passwordPolicy;
3198
3197
  return __generator(this, function (_a) {
3199
3198
  switch (_a.label) {
3200
- case 0: return [4 /*yield*/, getRecaptchaConfig(this, {
3201
- clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */,
3202
- version: "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
3203
- })];
3199
+ case 0:
3200
+ if (!!this._getPasswordPolicyInternal()) return [3 /*break*/, 2];
3201
+ return [4 /*yield*/, this._updatePasswordPolicy()];
3204
3202
  case 1:
3205
- response = _a.sent();
3206
- config = new RecaptchaConfig(response);
3207
- if (this.tenantId == null) {
3208
- this._agentRecaptchaConfig = config;
3209
- }
3210
- else {
3211
- this._tenantRecaptchaConfigs[this.tenantId] = config;
3212
- }
3213
- if (config.emailPasswordEnabled) {
3214
- verifier = new RecaptchaEnterpriseVerifier(this);
3215
- void verifier.verify();
3203
+ _a.sent();
3204
+ _a.label = 2;
3205
+ case 2:
3206
+ passwordPolicy = this._getPasswordPolicyInternal();
3207
+ // Check that the policy schema version is supported by the SDK.
3208
+ // TODO: Update this logic to use a max supported policy schema version once we have multiple schema versions.
3209
+ if (passwordPolicy.schemaVersion !==
3210
+ this.EXPECTED_PASSWORD_POLICY_SCHEMA_VERSION) {
3211
+ return [2 /*return*/, Promise.reject(this._errorFactory.create("unsupported-password-policy-schema-version" /* AuthErrorCode.UNSUPPORTED_PASSWORD_POLICY_SCHEMA_VERSION */, {}))];
3216
3212
  }
3217
- return [2 /*return*/];
3213
+ return [2 /*return*/, passwordPolicy.validatePassword(password)];
3218
3214
  }
3219
3215
  });
3220
3216
  });
3221
3217
  };
3222
- AuthImpl.prototype._getRecaptchaConfig = function () {
3223
- if (this.tenantId == null) {
3224
- return this._agentRecaptchaConfig;
3218
+ AuthImpl.prototype._getPasswordPolicyInternal = function () {
3219
+ if (this.tenantId === null) {
3220
+ return this._projectPasswordPolicy;
3225
3221
  }
3226
3222
  else {
3227
- return this._tenantRecaptchaConfigs[this.tenantId];
3223
+ return this._tenantPasswordPolicies[this.tenantId];
3228
3224
  }
3229
3225
  };
3226
+ AuthImpl.prototype._updatePasswordPolicy = function () {
3227
+ return __awaiter(this, void 0, void 0, function () {
3228
+ var response, passwordPolicy;
3229
+ return __generator(this, function (_a) {
3230
+ switch (_a.label) {
3231
+ case 0: return [4 /*yield*/, _getPasswordPolicy(this)];
3232
+ case 1:
3233
+ response = _a.sent();
3234
+ passwordPolicy = new PasswordPolicyImpl(response);
3235
+ if (this.tenantId === null) {
3236
+ this._projectPasswordPolicy = passwordPolicy;
3237
+ }
3238
+ else {
3239
+ this._tenantPasswordPolicies[this.tenantId] = passwordPolicy;
3240
+ }
3241
+ return [2 /*return*/];
3242
+ }
3243
+ });
3244
+ });
3245
+ };
3230
3246
  AuthImpl.prototype._getPersistence = function () {
3231
3247
  return this.assertedPersistence.persistence.type;
3232
3248
  };
@@ -3393,18 +3409,32 @@ var AuthImpl = /** @class */ (function () {
3393
3409
  var cb = typeof nextOrObserver === 'function'
3394
3410
  ? nextOrObserver
3395
3411
  : nextOrObserver.next.bind(nextOrObserver);
3412
+ var isUnsubscribed = false;
3396
3413
  var promise = this._isInitialized
3397
3414
  ? Promise.resolve()
3398
3415
  : this._initializationPromise;
3399
3416
  _assert(promise, this, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
3400
3417
  // The callback needs to be called asynchronously per the spec.
3401
3418
  // eslint-disable-next-line @typescript-eslint/no-floating-promises
3402
- promise.then(function () { return cb(_this.currentUser); });
3419
+ promise.then(function () {
3420
+ if (isUnsubscribed) {
3421
+ return;
3422
+ }
3423
+ cb(_this.currentUser);
3424
+ });
3403
3425
  if (typeof nextOrObserver === 'function') {
3404
- return subscription.addObserver(nextOrObserver, error, completed);
3426
+ var unsubscribe_2 = subscription.addObserver(nextOrObserver, error, completed);
3427
+ return function () {
3428
+ isUnsubscribed = true;
3429
+ unsubscribe_2();
3430
+ };
3405
3431
  }
3406
3432
  else {
3407
- return subscription.addObserver(nextOrObserver);
3433
+ var unsubscribe_3 = subscription.addObserver(nextOrObserver);
3434
+ return function () {
3435
+ isUnsubscribed = true;
3436
+ unsubscribe_3();
3437
+ };
3408
3438
  }
3409
3439
  };
3410
3440
  /**
@@ -3502,54 +3532,280 @@ var AuthImpl = /** @class */ (function () {
3502
3532
  AuthImpl.prototype._getAppCheckToken = function () {
3503
3533
  var _a;
3504
3534
  return __awaiter(this, void 0, void 0, function () {
3505
- var appCheckTokenResult;
3506
- return __generator(this, function (_b) {
3507
- switch (_b.label) {
3508
- case 0: return [4 /*yield*/, ((_a = this.appCheckServiceProvider
3509
- .getImmediate({ optional: true })) === null || _a === void 0 ? void 0 : _a.getToken())];
3510
- case 1:
3511
- appCheckTokenResult = _b.sent();
3512
- if (appCheckTokenResult === null || appCheckTokenResult === void 0 ? void 0 : appCheckTokenResult.error) {
3513
- // Context: appCheck.getToken() will never throw even if an error happened.
3514
- // In the error case, a dummy token will be returned along with an error field describing
3515
- // the error. In general, we shouldn't care about the error condition and just use
3516
- // the token (actual or dummy) to send requests.
3517
- _logWarn("Error while retrieving App Check token: ".concat(appCheckTokenResult.error));
3535
+ var appCheckTokenResult;
3536
+ return __generator(this, function (_b) {
3537
+ switch (_b.label) {
3538
+ case 0: return [4 /*yield*/, ((_a = this.appCheckServiceProvider
3539
+ .getImmediate({ optional: true })) === null || _a === void 0 ? void 0 : _a.getToken())];
3540
+ case 1:
3541
+ appCheckTokenResult = _b.sent();
3542
+ if (appCheckTokenResult === null || appCheckTokenResult === void 0 ? void 0 : appCheckTokenResult.error) {
3543
+ // Context: appCheck.getToken() will never throw even if an error happened.
3544
+ // In the error case, a dummy token will be returned along with an error field describing
3545
+ // the error. In general, we shouldn't care about the error condition and just use
3546
+ // the token (actual or dummy) to send requests.
3547
+ _logWarn("Error while retrieving App Check token: ".concat(appCheckTokenResult.error));
3548
+ }
3549
+ return [2 /*return*/, appCheckTokenResult === null || appCheckTokenResult === void 0 ? void 0 : appCheckTokenResult.token];
3550
+ }
3551
+ });
3552
+ });
3553
+ };
3554
+ return AuthImpl;
3555
+ }());
3556
+ /**
3557
+ * Method to be used to cast down to our private implmentation of Auth.
3558
+ * It will also handle unwrapping from the compat type if necessary
3559
+ *
3560
+ * @param auth Auth object passed in from developer
3561
+ */
3562
+ function _castAuth(auth) {
3563
+ return getModularInstance(auth);
3564
+ }
3565
+ /** Helper class to wrap subscriber logic */
3566
+ var Subscription = /** @class */ (function () {
3567
+ function Subscription(auth) {
3568
+ var _this = this;
3569
+ this.auth = auth;
3570
+ this.observer = null;
3571
+ this.addObserver = createSubscribe(function (observer) { return (_this.observer = observer); });
3572
+ }
3573
+ Object.defineProperty(Subscription.prototype, "next", {
3574
+ get: function () {
3575
+ _assert(this.observer, this.auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
3576
+ return this.observer.next.bind(this.observer);
3577
+ },
3578
+ enumerable: false,
3579
+ configurable: true
3580
+ });
3581
+ return Subscription;
3582
+ }());
3583
+
3584
+ /**
3585
+ * @license
3586
+ * Copyright 2020 Google LLC
3587
+ *
3588
+ * Licensed under the Apache License, Version 2.0 (the "License");
3589
+ * you may not use this file except in compliance with the License.
3590
+ * You may obtain a copy of the License at
3591
+ *
3592
+ * http://www.apache.org/licenses/LICENSE-2.0
3593
+ *
3594
+ * Unless required by applicable law or agreed to in writing, software
3595
+ * distributed under the License is distributed on an "AS IS" BASIS,
3596
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
3597
+ * See the License for the specific language governing permissions and
3598
+ * limitations under the License.
3599
+ */
3600
+ function getScriptParentElement() {
3601
+ var _a, _b;
3602
+ return (_b = (_a = document.getElementsByTagName('head')) === null || _a === void 0 ? void 0 : _a[0]) !== null && _b !== void 0 ? _b : document;
3603
+ }
3604
+ function _loadJS(url) {
3605
+ // TODO: consider adding timeout support & cancellation
3606
+ return new Promise(function (resolve, reject) {
3607
+ var el = document.createElement('script');
3608
+ el.setAttribute('src', url);
3609
+ el.onload = resolve;
3610
+ el.onerror = function (e) {
3611
+ var error = _createError("internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
3612
+ error.customData = e;
3613
+ reject(error);
3614
+ };
3615
+ el.type = 'text/javascript';
3616
+ el.charset = 'UTF-8';
3617
+ getScriptParentElement().appendChild(el);
3618
+ });
3619
+ }
3620
+ function _generateCallbackName(prefix) {
3621
+ return "__".concat(prefix).concat(Math.floor(Math.random() * 1000000));
3622
+ }
3623
+
3624
+ /* eslint-disable @typescript-eslint/no-require-imports */
3625
+ var RECAPTCHA_ENTERPRISE_URL = 'https://www.google.com/recaptcha/enterprise.js?render=';
3626
+ var RECAPTCHA_ENTERPRISE_VERIFIER_TYPE = 'recaptcha-enterprise';
3627
+ var FAKE_TOKEN = 'NO_RECAPTCHA';
3628
+ var RecaptchaEnterpriseVerifier = /** @class */ (function () {
3629
+ /**
3630
+ *
3631
+ * @param authExtern - The corresponding Firebase {@link Auth} instance.
3632
+ *
3633
+ */
3634
+ function RecaptchaEnterpriseVerifier(authExtern) {
3635
+ /**
3636
+ * Identifies the type of application verifier (e.g. "recaptcha-enterprise").
3637
+ */
3638
+ this.type = RECAPTCHA_ENTERPRISE_VERIFIER_TYPE;
3639
+ this.auth = _castAuth(authExtern);
3640
+ }
3641
+ /**
3642
+ * Executes the verification process.
3643
+ *
3644
+ * @returns A Promise for a token that can be used to assert the validity of a request.
3645
+ */
3646
+ RecaptchaEnterpriseVerifier.prototype.verify = function (action, forceRefresh) {
3647
+ if (action === void 0) { action = 'verify'; }
3648
+ if (forceRefresh === void 0) { forceRefresh = false; }
3649
+ return __awaiter(this, void 0, void 0, function () {
3650
+ function retrieveSiteKey(auth) {
3651
+ return __awaiter(this, void 0, void 0, function () {
3652
+ var _this = this;
3653
+ return __generator(this, function (_a) {
3654
+ if (!forceRefresh) {
3655
+ if (auth.tenantId == null && auth._agentRecaptchaConfig != null) {
3656
+ return [2 /*return*/, auth._agentRecaptchaConfig.siteKey];
3657
+ }
3658
+ if (auth.tenantId != null &&
3659
+ auth._tenantRecaptchaConfigs[auth.tenantId] !== undefined) {
3660
+ return [2 /*return*/, auth._tenantRecaptchaConfigs[auth.tenantId].siteKey];
3661
+ }
3518
3662
  }
3519
- return [2 /*return*/, appCheckTokenResult === null || appCheckTokenResult === void 0 ? void 0 : appCheckTokenResult.token];
3663
+ return [2 /*return*/, new Promise(function (resolve, reject) { return __awaiter(_this, void 0, void 0, function () {
3664
+ return __generator(this, function (_a) {
3665
+ getRecaptchaConfig(auth, {
3666
+ clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */,
3667
+ version: "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
3668
+ })
3669
+ .then(function (response) {
3670
+ if (response.recaptchaKey === undefined) {
3671
+ reject(new Error('recaptcha Enterprise site key undefined'));
3672
+ }
3673
+ else {
3674
+ var config = new RecaptchaConfig(response);
3675
+ if (auth.tenantId == null) {
3676
+ auth._agentRecaptchaConfig = config;
3677
+ }
3678
+ else {
3679
+ auth._tenantRecaptchaConfigs[auth.tenantId] = config;
3680
+ }
3681
+ return resolve(config.siteKey);
3682
+ }
3683
+ })
3684
+ .catch(function (error) {
3685
+ reject(error);
3686
+ });
3687
+ return [2 /*return*/];
3688
+ });
3689
+ }); })];
3690
+ });
3691
+ });
3692
+ }
3693
+ function retrieveRecaptchaToken(siteKey, resolve, reject) {
3694
+ var grecaptcha = window.grecaptcha;
3695
+ if (isEnterprise(grecaptcha)) {
3696
+ grecaptcha.enterprise.ready(function () {
3697
+ grecaptcha.enterprise
3698
+ .execute(siteKey, { action: action })
3699
+ .then(function (token) {
3700
+ resolve(token);
3701
+ })
3702
+ .catch(function () {
3703
+ resolve(FAKE_TOKEN);
3704
+ });
3705
+ });
3520
3706
  }
3707
+ else {
3708
+ reject(Error('No reCAPTCHA enterprise script loaded.'));
3709
+ }
3710
+ }
3711
+ var _this = this;
3712
+ return __generator(this, function (_a) {
3713
+ return [2 /*return*/, new Promise(function (resolve, reject) {
3714
+ retrieveSiteKey(_this.auth)
3715
+ .then(function (siteKey) {
3716
+ if (!forceRefresh && isEnterprise(window.grecaptcha)) {
3717
+ retrieveRecaptchaToken(siteKey, resolve, reject);
3718
+ }
3719
+ else {
3720
+ if (typeof window === 'undefined') {
3721
+ reject(new Error('RecaptchaVerifier is only supported in browser'));
3722
+ return;
3723
+ }
3724
+ _loadJS(RECAPTCHA_ENTERPRISE_URL + siteKey)
3725
+ .then(function () {
3726
+ retrieveRecaptchaToken(siteKey, resolve, reject);
3727
+ })
3728
+ .catch(function (error) {
3729
+ reject(error);
3730
+ });
3731
+ }
3732
+ })
3733
+ .catch(function (error) {
3734
+ reject(error);
3735
+ });
3736
+ })];
3521
3737
  });
3522
3738
  });
3523
3739
  };
3524
- return AuthImpl;
3740
+ return RecaptchaEnterpriseVerifier;
3525
3741
  }());
3526
- /**
3527
- * Method to be used to cast down to our private implmentation of Auth.
3528
- * It will also handle unwrapping from the compat type if necessary
3529
- *
3530
- * @param auth Auth object passed in from developer
3531
- */
3532
- function _castAuth(auth) {
3533
- return getModularInstance(auth);
3742
+ function injectRecaptchaFields(auth, request, action, captchaResp) {
3743
+ if (captchaResp === void 0) { captchaResp = false; }
3744
+ return __awaiter(this, void 0, void 0, function () {
3745
+ var verifier, captchaResponse, newRequest;
3746
+ return __generator(this, function (_a) {
3747
+ switch (_a.label) {
3748
+ case 0:
3749
+ verifier = new RecaptchaEnterpriseVerifier(auth);
3750
+ _a.label = 1;
3751
+ case 1:
3752
+ _a.trys.push([1, 3, , 5]);
3753
+ return [4 /*yield*/, verifier.verify(action)];
3754
+ case 2:
3755
+ captchaResponse = _a.sent();
3756
+ return [3 /*break*/, 5];
3757
+ case 3:
3758
+ _a.sent();
3759
+ return [4 /*yield*/, verifier.verify(action, true)];
3760
+ case 4:
3761
+ captchaResponse = _a.sent();
3762
+ return [3 /*break*/, 5];
3763
+ case 5:
3764
+ newRequest = __assign({}, request);
3765
+ if (!captchaResp) {
3766
+ Object.assign(newRequest, { captchaResponse: captchaResponse });
3767
+ }
3768
+ else {
3769
+ Object.assign(newRequest, { 'captchaResp': captchaResponse });
3770
+ }
3771
+ Object.assign(newRequest, { 'clientType': "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */ });
3772
+ Object.assign(newRequest, {
3773
+ 'recaptchaVersion': "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
3774
+ });
3775
+ return [2 /*return*/, newRequest];
3776
+ }
3777
+ });
3778
+ });
3534
3779
  }
3535
- /** Helper class to wrap subscriber logic */
3536
- var Subscription = /** @class */ (function () {
3537
- function Subscription(auth) {
3538
- var _this = this;
3539
- this.auth = auth;
3540
- this.observer = null;
3541
- this.addObserver = createSubscribe(function (observer) { return (_this.observer = observer); });
3542
- }
3543
- Object.defineProperty(Subscription.prototype, "next", {
3544
- get: function () {
3545
- _assert(this.observer, this.auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
3546
- return this.observer.next.bind(this.observer);
3547
- },
3548
- enumerable: false,
3549
- configurable: true
3780
+ function _initializeRecaptchaConfig(auth) {
3781
+ return __awaiter(this, void 0, void 0, function () {
3782
+ var authInternal, response, config, verifier;
3783
+ return __generator(this, function (_a) {
3784
+ switch (_a.label) {
3785
+ case 0:
3786
+ authInternal = _castAuth(auth);
3787
+ return [4 /*yield*/, getRecaptchaConfig(authInternal, {
3788
+ clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */,
3789
+ version: "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
3790
+ })];
3791
+ case 1:
3792
+ response = _a.sent();
3793
+ config = new RecaptchaConfig(response);
3794
+ if (authInternal.tenantId == null) {
3795
+ authInternal._agentRecaptchaConfig = config;
3796
+ }
3797
+ else {
3798
+ authInternal._tenantRecaptchaConfigs[authInternal.tenantId] = config;
3799
+ }
3800
+ if (config.emailPasswordEnabled) {
3801
+ verifier = new RecaptchaEnterpriseVerifier(authInternal);
3802
+ void verifier.verify();
3803
+ }
3804
+ return [2 /*return*/];
3805
+ }
3806
+ });
3550
3807
  });
3551
- return Subscription;
3552
- }());
3808
+ }
3553
3809
 
3554
3810
  /**
3555
3811
  * @license
@@ -6209,6 +6465,36 @@ function _setActionCodeSettingsOnRequest(auth, request, actionCodeSettings) {
6209
6465
  * See the License for the specific language governing permissions and
6210
6466
  * limitations under the License.
6211
6467
  */
6468
+ /**
6469
+ * Updates the password policy cached in the {@link Auth} instance if a policy is already
6470
+ * cached for the project or tenant.
6471
+ *
6472
+ * @remarks
6473
+ * We only fetch the password policy if the password did not meet policy requirements and
6474
+ * there is an existing policy cached. A developer must call validatePassword at least
6475
+ * once for the cache to be automatically updated.
6476
+ *
6477
+ * @param auth - The {@link Auth} instance.
6478
+ *
6479
+ * @private
6480
+ */
6481
+ function recachePasswordPolicy(auth) {
6482
+ return __awaiter(this, void 0, void 0, function () {
6483
+ var authInternal;
6484
+ return __generator(this, function (_a) {
6485
+ switch (_a.label) {
6486
+ case 0:
6487
+ authInternal = _castAuth(auth);
6488
+ if (!authInternal._getPasswordPolicyInternal()) return [3 /*break*/, 2];
6489
+ return [4 /*yield*/, authInternal._updatePasswordPolicy()];
6490
+ case 1:
6491
+ _a.sent();
6492
+ _a.label = 2;
6493
+ case 2: return [2 /*return*/];
6494
+ }
6495
+ });
6496
+ });
6497
+ }
6212
6498
  /**
6213
6499
  * Sends a password reset email to the given email address.
6214
6500
  *
@@ -6312,12 +6598,22 @@ function sendPasswordResetEmail(auth, email, actionCodeSettings) {
6312
6598
  */
6313
6599
  function confirmPasswordReset(auth, oobCode, newPassword) {
6314
6600
  return __awaiter(this, void 0, void 0, function () {
6601
+ var _this = this;
6315
6602
  return __generator(this, function (_a) {
6316
6603
  switch (_a.label) {
6317
6604
  case 0: return [4 /*yield*/, resetPassword(getModularInstance(auth), {
6318
6605
  oobCode: oobCode,
6319
6606
  newPassword: newPassword
6320
- })];
6607
+ })
6608
+ .catch(function (error) { return __awaiter(_this, void 0, void 0, function () {
6609
+ return __generator(this, function (_a) {
6610
+ if (error.code ===
6611
+ "auth/".concat("password-does-not-meet-requirements" /* AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */)) {
6612
+ void recachePasswordPolicy(auth);
6613
+ }
6614
+ throw error;
6615
+ });
6616
+ }); })];
6321
6617
  case 1:
6322
6618
  _a.sent();
6323
6619
  return [2 /*return*/];
@@ -6473,13 +6769,16 @@ function createUserWithEmailAndPassword(auth, email, password) {
6473
6769
  case 1:
6474
6770
  requestWithRecaptcha = _a.sent();
6475
6771
  return [2 /*return*/, signUp(authInternal, requestWithRecaptcha)];
6476
- case 2: return [2 /*return*/, Promise.reject(error)];
6772
+ case 2: throw error;
6477
6773
  }
6478
6774
  });
6479
6775
  }); });
6480
6776
  _b.label = 3;
6481
6777
  case 3: return [4 /*yield*/, signUpResponse.catch(function (error) {
6482
- return Promise.reject(error);
6778
+ if (error.code === "auth/".concat("password-does-not-meet-requirements" /* AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */)) {
6779
+ void recachePasswordPolicy(auth);
6780
+ }
6781
+ throw error;
6483
6782
  })];
6484
6783
  case 4:
6485
6784
  response = _b.sent();
@@ -6511,7 +6810,15 @@ function createUserWithEmailAndPassword(auth, email, password) {
6511
6810
  * @public
6512
6811
  */
6513
6812
  function signInWithEmailAndPassword(auth, email, password) {
6514
- return signInWithCredential(getModularInstance(auth), EmailAuthProvider.credential(email, password));
6813
+ var _this = this;
6814
+ return signInWithCredential(getModularInstance(auth), EmailAuthProvider.credential(email, password)).catch(function (error) { return __awaiter(_this, void 0, void 0, function () {
6815
+ return __generator(this, function (_a) {
6816
+ if (error.code === "auth/".concat("password-does-not-meet-requirements" /* AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */)) {
6817
+ void recachePasswordPolicy(auth);
6818
+ }
6819
+ throw error;
6820
+ });
6821
+ }); });
6515
6822
  }
6516
6823
 
6517
6824
  /**
@@ -7249,8 +7556,39 @@ function setPersistence(auth, persistence) {
7249
7556
  * @public
7250
7557
  */
7251
7558
  function initializeRecaptchaConfig(auth) {
7252
- var authInternal = _castAuth(auth);
7253
- return authInternal.initializeRecaptchaConfig();
7559
+ return _initializeRecaptchaConfig(auth);
7560
+ }
7561
+ /**
7562
+ * Validates the password against the password policy configured for the project or tenant.
7563
+ *
7564
+ * @remarks
7565
+ * If no tenant ID is set on the `Auth` instance, then this method will use the password
7566
+ * policy configured for the project. Otherwise, this method will use the policy configured
7567
+ * for the tenant. If a password policy has not been configured, then the default policy
7568
+ * configured for all projects will be used.
7569
+ *
7570
+ * If an auth flow fails because a submitted password does not meet the password policy
7571
+ * requirements and this method has previously been called, then this method will use the
7572
+ * most recent policy available when called again.
7573
+ *
7574
+ * @example
7575
+ * ```javascript
7576
+ * validatePassword(auth, 'some-password');
7577
+ * ```
7578
+ *
7579
+ * @param auth The {@link Auth} instance.
7580
+ * @param password The password to validate.
7581
+ *
7582
+ * @public
7583
+ */
7584
+ function validatePassword(auth, password) {
7585
+ return __awaiter(this, void 0, void 0, function () {
7586
+ var authInternal;
7587
+ return __generator(this, function (_a) {
7588
+ authInternal = _castAuth(auth);
7589
+ return [2 /*return*/, authInternal.validatePassword(password)];
7590
+ });
7591
+ });
7254
7592
  }
7255
7593
  /**
7256
7594
  * Adds an observer for changes to the signed-in user's ID token.
@@ -11876,7 +12214,7 @@ function _isEmptyString(input) {
11876
12214
  }
11877
12215
 
11878
12216
  var name = "@firebase/auth";
11879
- var version = "1.1.0";
12217
+ var version = "1.2.0-20230815211035";
11880
12218
 
11881
12219
  /**
11882
12220
  * @license
@@ -12128,5 +12466,5 @@ function getAuth(app) {
12128
12466
  }
12129
12467
  registerAuth("Browser" /* ClientPlatform.BROWSER */);
12130
12468
 
12131
- export { signInWithCredential as $, ActionCodeOperation as A, signOut as B, deleteUser as C, debugErrorMap as D, prodErrorMap as E, FactorId as F, AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY as G, initializeAuth as H, connectAuthEmulator as I, AuthCredential as J, EmailAuthCredential as K, OAuthCredential as L, PhoneAuthCredential as M, inMemoryPersistence as N, OperationType as O, PhoneAuthProvider as P, EmailAuthProvider as Q, RecaptchaVerifier as R, SignInMethod as S, TotpMultiFactorGenerator as T, FacebookAuthProvider as U, GoogleAuthProvider as V, GithubAuthProvider as W, OAuthProvider as X, SAMLAuthProvider as Y, TwitterAuthProvider as Z, signInAnonymously as _, browserSessionPersistence as a, linkWithCredential as a0, reauthenticateWithCredential as a1, signInWithCustomToken as a2, sendPasswordResetEmail as a3, confirmPasswordReset as a4, applyActionCode as a5, checkActionCode as a6, verifyPasswordResetCode as a7, createUserWithEmailAndPassword as a8, signInWithEmailAndPassword as a9, _createError as aA, AuthEventManager as aB, _getInstance as aC, _persistenceKeyName as aD, _clearRedirectOutcomes as aE, _getRedirectResult as aF, _overrideRedirectResult as aG, _castAuth as aH, UserImpl as aI, AuthImpl as aJ, _getClientVersion as aK, _generateEventId as aL, AuthPopup as aM, FetchProvider as aN, SAMLAuthCredential as aO, sendSignInLinkToEmail as aa, isSignInWithEmailLink as ab, signInWithEmailLink as ac, fetchSignInMethodsForEmail as ad, sendEmailVerification as ae, verifyBeforeUpdateEmail as af, ActionCodeURL as ag, parseActionCodeURL as ah, updateProfile as ai, updateEmail as aj, updatePassword as ak, getIdToken as al, getIdTokenResult as am, unlink as an, getAdditionalUserInfo as ao, reload as ap, getMultiFactorResolver as aq, multiFactor as ar, _isIOS as as, _isAndroid as at, _fail as au, _getRedirectUrl as av, debugAssert as aw, _getProjectConfig as ax, _isIOS7Or8 as ay, _assert as az, browserLocalPersistence as b, signInWithPopup as c, linkWithPopup as d, reauthenticateWithPopup as e, signInWithRedirect as f, linkWithRedirect as g, reauthenticateWithRedirect as h, indexedDBLocalPersistence as i, getRedirectResult as j, browserPopupRedirectResolver as k, linkWithPhoneNumber as l, PhoneMultiFactorGenerator as m, TotpSecret as n, getAuth as o, ProviderId as p, setPersistence as q, reauthenticateWithPhoneNumber as r, signInWithPhoneNumber as s, initializeRecaptchaConfig as t, updatePhoneNumber as u, onIdTokenChanged as v, beforeAuthStateChanged as w, onAuthStateChanged as x, useDeviceLanguage as y, updateCurrentUser as z };
12132
- //# sourceMappingURL=index-be7bff78.js.map
12469
+ export { signInAnonymously as $, ActionCodeOperation as A, updateCurrentUser as B, signOut as C, deleteUser as D, debugErrorMap as E, FactorId as F, prodErrorMap as G, AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY as H, initializeAuth as I, connectAuthEmulator as J, AuthCredential as K, EmailAuthCredential as L, OAuthCredential as M, PhoneAuthCredential as N, OperationType as O, PhoneAuthProvider as P, inMemoryPersistence as Q, RecaptchaVerifier as R, SignInMethod as S, TotpMultiFactorGenerator as T, EmailAuthProvider as U, FacebookAuthProvider as V, GoogleAuthProvider as W, GithubAuthProvider as X, OAuthProvider as Y, SAMLAuthProvider as Z, TwitterAuthProvider as _, browserSessionPersistence as a, signInWithCredential as a0, linkWithCredential as a1, reauthenticateWithCredential as a2, signInWithCustomToken as a3, sendPasswordResetEmail as a4, confirmPasswordReset as a5, applyActionCode as a6, checkActionCode as a7, verifyPasswordResetCode as a8, createUserWithEmailAndPassword as a9, _assert as aA, _createError as aB, AuthEventManager as aC, _getInstance as aD, _persistenceKeyName as aE, _clearRedirectOutcomes as aF, _getRedirectResult as aG, _overrideRedirectResult as aH, _castAuth as aI, UserImpl as aJ, AuthImpl as aK, _getClientVersion as aL, _generateEventId as aM, AuthPopup as aN, FetchProvider as aO, SAMLAuthCredential as aP, signInWithEmailAndPassword as aa, sendSignInLinkToEmail as ab, isSignInWithEmailLink as ac, signInWithEmailLink as ad, fetchSignInMethodsForEmail as ae, sendEmailVerification as af, verifyBeforeUpdateEmail as ag, ActionCodeURL as ah, parseActionCodeURL as ai, updateProfile as aj, updateEmail as ak, updatePassword as al, getIdToken as am, getIdTokenResult as an, unlink as ao, getAdditionalUserInfo as ap, reload as aq, getMultiFactorResolver as ar, multiFactor as as, _isIOS as at, _isAndroid as au, _fail as av, _getRedirectUrl as aw, debugAssert as ax, _getProjectConfig as ay, _isIOS7Or8 as az, browserLocalPersistence as b, signInWithPopup as c, linkWithPopup as d, reauthenticateWithPopup as e, signInWithRedirect as f, linkWithRedirect as g, reauthenticateWithRedirect as h, indexedDBLocalPersistence as i, getRedirectResult as j, browserPopupRedirectResolver as k, linkWithPhoneNumber as l, PhoneMultiFactorGenerator as m, TotpSecret as n, getAuth as o, ProviderId as p, setPersistence as q, reauthenticateWithPhoneNumber as r, signInWithPhoneNumber as s, initializeRecaptchaConfig as t, updatePhoneNumber as u, validatePassword as v, onIdTokenChanged as w, beforeAuthStateChanged as x, onAuthStateChanged as y, useDeviceLanguage as z };
12470
+ //# sourceMappingURL=index-aeb2d939.js.map