@firebase/auth 1.1.0 → 1.2.0-20230815211035

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (175) hide show
  1. package/README.md +28 -1
  2. package/dist/auth-public.d.ts +119 -0
  3. package/dist/auth.d.ts +179 -2
  4. package/dist/browser-cjs/{index-0b2238be.js → index-4a6bae3a.js} +566 -278
  5. package/dist/browser-cjs/index-4a6bae3a.js.map +1 -0
  6. package/dist/browser-cjs/index.js +3 -2
  7. package/dist/browser-cjs/index.js.map +1 -1
  8. package/dist/browser-cjs/internal.js +3 -2
  9. package/dist/browser-cjs/internal.js.map +1 -1
  10. package/dist/browser-cjs/src/api/errors.d.ts +2 -1
  11. package/dist/browser-cjs/src/api/index.d.ts +2 -1
  12. package/dist/browser-cjs/src/api/password_policy/get_password_policy.d.ts +48 -0
  13. package/dist/browser-cjs/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  14. package/dist/browser-cjs/src/core/auth/auth_impl.d.ts +8 -2
  15. package/dist/browser-cjs/src/core/auth/password_policy_impl.d.ts +59 -0
  16. package/dist/browser-cjs/src/core/auth/password_policy_impl.test.d.ts +17 -0
  17. package/dist/browser-cjs/src/core/errors.d.ts +3 -1
  18. package/dist/browser-cjs/src/core/index.d.ts +25 -1
  19. package/dist/browser-cjs/src/model/auth.d.ts +7 -2
  20. package/dist/browser-cjs/src/model/password_policy.d.ts +111 -0
  21. package/dist/browser-cjs/src/model/public_types.d.ts +88 -0
  22. package/dist/browser-cjs/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  23. package/dist/browser-cjs/src/platform_node/index.d.ts +1 -0
  24. package/dist/browser-cjs/test/helpers/integration/helpers.d.ts +7 -1
  25. package/dist/browser-cjs/test/integration/flows/password_policy.test.d.ts +17 -0
  26. package/dist/cordova/index.js +2 -2
  27. package/dist/cordova/internal.js +2 -2
  28. package/dist/cordova/{popup_redirect-71c1ff0a.js → popup_redirect-03e63fe8.js} +754 -416
  29. package/dist/cordova/popup_redirect-03e63fe8.js.map +1 -0
  30. package/dist/cordova/src/api/errors.d.ts +2 -1
  31. package/dist/cordova/src/api/index.d.ts +2 -1
  32. package/dist/cordova/src/api/password_policy/get_password_policy.d.ts +48 -0
  33. package/dist/cordova/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  34. package/dist/cordova/src/core/auth/auth_impl.d.ts +8 -2
  35. package/dist/cordova/src/core/auth/password_policy_impl.d.ts +59 -0
  36. package/dist/cordova/src/core/auth/password_policy_impl.test.d.ts +17 -0
  37. package/dist/cordova/src/core/errors.d.ts +3 -1
  38. package/dist/cordova/src/core/index.d.ts +25 -1
  39. package/dist/cordova/src/model/auth.d.ts +7 -2
  40. package/dist/cordova/src/model/password_policy.d.ts +111 -0
  41. package/dist/cordova/src/model/public_types.d.ts +88 -0
  42. package/dist/cordova/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  43. package/dist/cordova/src/platform_node/index.d.ts +1 -0
  44. package/dist/cordova/test/helpers/integration/helpers.d.ts +7 -1
  45. package/dist/cordova/test/integration/flows/password_policy.test.d.ts +17 -0
  46. package/dist/esm2017/{index-e24386e7.js → index-a2ce75d7.js} +566 -279
  47. package/dist/esm2017/index-a2ce75d7.js.map +1 -0
  48. package/dist/esm2017/index.js +2 -2
  49. package/dist/esm2017/internal.js +3 -3
  50. package/dist/esm2017/src/api/errors.d.ts +2 -1
  51. package/dist/esm2017/src/api/index.d.ts +2 -1
  52. package/dist/esm2017/src/api/password_policy/get_password_policy.d.ts +48 -0
  53. package/dist/esm2017/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  54. package/dist/esm2017/src/core/auth/auth_impl.d.ts +8 -2
  55. package/dist/esm2017/src/core/auth/password_policy_impl.d.ts +59 -0
  56. package/dist/esm2017/src/core/auth/password_policy_impl.test.d.ts +17 -0
  57. package/dist/esm2017/src/core/errors.d.ts +3 -1
  58. package/dist/esm2017/src/core/index.d.ts +25 -1
  59. package/dist/esm2017/src/model/auth.d.ts +7 -2
  60. package/dist/esm2017/src/model/password_policy.d.ts +111 -0
  61. package/dist/esm2017/src/model/public_types.d.ts +88 -0
  62. package/dist/esm2017/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  63. package/dist/esm2017/src/platform_node/index.d.ts +1 -0
  64. package/dist/esm2017/test/helpers/integration/helpers.d.ts +7 -1
  65. package/dist/esm2017/test/integration/flows/password_policy.test.d.ts +17 -0
  66. package/dist/esm5/{index-be7bff78.js → index-aeb2d939.js} +754 -416
  67. package/dist/esm5/index-aeb2d939.js.map +1 -0
  68. package/dist/esm5/index.js +1 -1
  69. package/dist/esm5/internal.js +2 -2
  70. package/dist/esm5/src/api/errors.d.ts +2 -1
  71. package/dist/esm5/src/api/index.d.ts +2 -1
  72. package/dist/esm5/src/api/password_policy/get_password_policy.d.ts +48 -0
  73. package/dist/esm5/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  74. package/dist/esm5/src/core/auth/auth_impl.d.ts +8 -2
  75. package/dist/esm5/src/core/auth/password_policy_impl.d.ts +59 -0
  76. package/dist/esm5/src/core/auth/password_policy_impl.test.d.ts +17 -0
  77. package/dist/esm5/src/core/errors.d.ts +3 -1
  78. package/dist/esm5/src/core/index.d.ts +25 -1
  79. package/dist/esm5/src/model/auth.d.ts +7 -2
  80. package/dist/esm5/src/model/password_policy.d.ts +111 -0
  81. package/dist/esm5/src/model/public_types.d.ts +88 -0
  82. package/dist/esm5/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  83. package/dist/esm5/src/platform_node/index.d.ts +1 -0
  84. package/dist/esm5/test/helpers/integration/helpers.d.ts +7 -1
  85. package/dist/esm5/test/integration/flows/password_policy.test.d.ts +17 -0
  86. package/dist/index.webworker.esm5.js +828 -490
  87. package/dist/index.webworker.esm5.js.map +1 -1
  88. package/dist/node/index.js +2 -1
  89. package/dist/node/index.js.map +1 -1
  90. package/dist/node/internal.js +2 -1
  91. package/dist/node/internal.js.map +1 -1
  92. package/dist/node/src/api/errors.d.ts +2 -1
  93. package/dist/node/src/api/index.d.ts +2 -1
  94. package/dist/node/src/api/password_policy/get_password_policy.d.ts +48 -0
  95. package/dist/node/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  96. package/dist/node/src/core/auth/auth_impl.d.ts +8 -2
  97. package/dist/node/src/core/auth/password_policy_impl.d.ts +59 -0
  98. package/dist/node/src/core/auth/password_policy_impl.test.d.ts +17 -0
  99. package/dist/node/src/core/errors.d.ts +3 -1
  100. package/dist/node/src/core/index.d.ts +25 -1
  101. package/dist/node/src/model/auth.d.ts +7 -2
  102. package/dist/node/src/model/password_policy.d.ts +111 -0
  103. package/dist/node/src/model/public_types.d.ts +88 -0
  104. package/dist/node/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  105. package/dist/node/src/platform_node/index.d.ts +1 -0
  106. package/dist/node/test/helpers/integration/helpers.d.ts +7 -1
  107. package/dist/node/test/integration/flows/password_policy.test.d.ts +17 -0
  108. package/dist/node/{totp-8a876b1a.js → totp-59663c77.js} +717 -378
  109. package/dist/node/totp-59663c77.js.map +1 -0
  110. package/dist/node-esm/index.js +1 -1
  111. package/dist/node-esm/internal.js +2 -2
  112. package/dist/node-esm/src/api/errors.d.ts +2 -1
  113. package/dist/node-esm/src/api/index.d.ts +2 -1
  114. package/dist/node-esm/src/api/password_policy/get_password_policy.d.ts +48 -0
  115. package/dist/node-esm/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  116. package/dist/node-esm/src/core/auth/auth_impl.d.ts +8 -2
  117. package/dist/node-esm/src/core/auth/password_policy_impl.d.ts +59 -0
  118. package/dist/node-esm/src/core/auth/password_policy_impl.test.d.ts +17 -0
  119. package/dist/node-esm/src/core/errors.d.ts +3 -1
  120. package/dist/node-esm/src/core/index.d.ts +25 -1
  121. package/dist/node-esm/src/model/auth.d.ts +7 -2
  122. package/dist/node-esm/src/model/password_policy.d.ts +111 -0
  123. package/dist/node-esm/src/model/public_types.d.ts +88 -0
  124. package/dist/node-esm/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  125. package/dist/node-esm/src/platform_node/index.d.ts +1 -0
  126. package/dist/node-esm/test/helpers/integration/helpers.d.ts +7 -1
  127. package/dist/node-esm/test/integration/flows/password_policy.test.d.ts +17 -0
  128. package/dist/node-esm/{totp-04ac595e.js → totp-8ca454e8.js} +554 -267
  129. package/dist/node-esm/totp-8ca454e8.js.map +1 -0
  130. package/dist/rn/index.js +2 -1
  131. package/dist/rn/index.js.map +1 -1
  132. package/dist/rn/internal.js +2 -1
  133. package/dist/rn/internal.js.map +1 -1
  134. package/dist/rn/{phone-2132481b.js → phone-14433b21.js} +734 -395
  135. package/dist/rn/phone-14433b21.js.map +1 -0
  136. package/dist/rn/src/api/errors.d.ts +2 -1
  137. package/dist/rn/src/api/index.d.ts +2 -1
  138. package/dist/rn/src/api/password_policy/get_password_policy.d.ts +48 -0
  139. package/dist/rn/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  140. package/dist/rn/src/core/auth/auth_impl.d.ts +8 -2
  141. package/dist/rn/src/core/auth/password_policy_impl.d.ts +59 -0
  142. package/dist/rn/src/core/auth/password_policy_impl.test.d.ts +17 -0
  143. package/dist/rn/src/core/errors.d.ts +3 -1
  144. package/dist/rn/src/core/index.d.ts +25 -1
  145. package/dist/rn/src/model/auth.d.ts +7 -2
  146. package/dist/rn/src/model/password_policy.d.ts +111 -0
  147. package/dist/rn/src/model/public_types.d.ts +88 -0
  148. package/dist/rn/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  149. package/dist/rn/src/platform_node/index.d.ts +1 -0
  150. package/dist/rn/test/helpers/integration/helpers.d.ts +7 -1
  151. package/dist/rn/test/integration/flows/password_policy.test.d.ts +17 -0
  152. package/dist/src/api/errors.d.ts +2 -1
  153. package/dist/src/api/index.d.ts +2 -1
  154. package/dist/src/api/password_policy/get_password_policy.d.ts +48 -0
  155. package/dist/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  156. package/dist/src/core/auth/auth_impl.d.ts +8 -2
  157. package/dist/src/core/auth/password_policy_impl.d.ts +59 -0
  158. package/dist/src/core/auth/password_policy_impl.test.d.ts +17 -0
  159. package/dist/src/core/errors.d.ts +3 -1
  160. package/dist/src/core/index.d.ts +25 -1
  161. package/dist/src/model/auth.d.ts +7 -2
  162. package/dist/src/model/password_policy.d.ts +111 -0
  163. package/dist/src/model/public_types.d.ts +88 -0
  164. package/dist/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  165. package/dist/src/platform_node/index.d.ts +1 -0
  166. package/dist/test/helpers/integration/helpers.d.ts +7 -1
  167. package/dist/test/integration/flows/password_policy.test.d.ts +17 -0
  168. package/package.json +1 -1
  169. package/dist/browser-cjs/index-0b2238be.js.map +0 -1
  170. package/dist/cordova/popup_redirect-71c1ff0a.js.map +0 -1
  171. package/dist/esm2017/index-e24386e7.js.map +0 -1
  172. package/dist/esm5/index-be7bff78.js.map +0 -1
  173. package/dist/node/totp-8a876b1a.js.map +0 -1
  174. package/dist/node-esm/totp-04ac595e.js.map +0 -1
  175. package/dist/rn/phone-2132481b.js.map +0 -1
@@ -126,6 +126,49 @@ var ActionCodeOperation = {
126
126
  VERIFY_EMAIL: 'VERIFY_EMAIL'
127
127
  };
128
128
 
129
+ /**
130
+ * @license
131
+ * Copyright 2020 Google LLC
132
+ *
133
+ * Licensed under the Apache License, Version 2.0 (the "License");
134
+ * you may not use this file except in compliance with the License.
135
+ * You may obtain a copy of the License at
136
+ *
137
+ * http://www.apache.org/licenses/LICENSE-2.0
138
+ *
139
+ * Unless required by applicable law or agreed to in writing, software
140
+ * distributed under the License is distributed on an "AS IS" BASIS,
141
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
142
+ * See the License for the specific language governing permissions and
143
+ * limitations under the License.
144
+ */
145
+ function isEnterprise(grecaptcha) {
146
+ return (grecaptcha !== undefined &&
147
+ grecaptcha.enterprise !== undefined);
148
+ }
149
+ var RecaptchaConfig = /** @class */ (function () {
150
+ function RecaptchaConfig(response) {
151
+ /**
152
+ * The reCAPTCHA site key.
153
+ */
154
+ this.siteKey = '';
155
+ /**
156
+ * The reCAPTCHA enablement status of the {@link EmailAuthProvider} for the current tenant.
157
+ */
158
+ this.emailPasswordEnabled = false;
159
+ if (response.recaptchaKey === undefined) {
160
+ throw new Error('recaptchaKey undefined');
161
+ }
162
+ // Example response.recaptchaKey: "projects/proj123/keys/sitekey123"
163
+ this.siteKey = response.recaptchaKey.split('/')[3];
164
+ this.emailPasswordEnabled = response.recaptchaEnforcementState.some(function (enforcementState) {
165
+ return enforcementState.provider === 'EMAIL_PASSWORD_PROVIDER' &&
166
+ enforcementState.enforcementState !== 'OFF';
167
+ });
168
+ }
169
+ return RecaptchaConfig;
170
+ }());
171
+
129
172
  /**
130
173
  * @license
131
174
  * Copyright 2020 Google LLC
@@ -298,6 +341,8 @@ function _debugErrorMap() {
298
341
  _a["missing-recaptcha-version" /* AuthErrorCode.MISSING_RECAPTCHA_VERSION */] = 'The reCAPTCHA version is missing when sending request to the backend.',
299
342
  _a["invalid-req-type" /* AuthErrorCode.INVALID_REQ_TYPE */] = 'Invalid request parameters.',
300
343
  _a["invalid-recaptcha-version" /* AuthErrorCode.INVALID_RECAPTCHA_VERSION */] = 'The reCAPTCHA version is invalid when sending request to the backend.',
344
+ _a["unsupported-password-policy-schema-version" /* AuthErrorCode.UNSUPPORTED_PASSWORD_POLICY_SCHEMA_VERSION */] = 'The password policy received from the backend uses a schema version that is not supported by this version of the Firebase SDK.',
345
+ _a["password-does-not-meet-requirements" /* AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */] = 'The password does not meet the requirements.',
301
346
  _a;
302
347
  }
303
348
  function _prodErrorMap() {
@@ -833,6 +878,7 @@ var SERVER_ERROR_MAP = (_a$1 = {},
833
878
  _a$1["USER_NOT_FOUND" /* ServerError.USER_NOT_FOUND */] = "user-token-expired" /* AuthErrorCode.TOKEN_EXPIRED */,
834
879
  // Other errors.
835
880
  _a$1["TOO_MANY_ATTEMPTS_TRY_LATER" /* ServerError.TOO_MANY_ATTEMPTS_TRY_LATER */] = "too-many-requests" /* AuthErrorCode.TOO_MANY_ATTEMPTS_TRY_LATER */,
881
+ _a$1["PASSWORD_DOES_NOT_MEET_REQUIREMENTS" /* ServerError.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */] = "password-does-not-meet-requirements" /* AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */,
836
882
  // Phone Auth related errors.
837
883
  _a$1["INVALID_CODE" /* ServerError.INVALID_CODE */] = "invalid-verification-code" /* AuthErrorCode.INVALID_CODE */,
838
884
  _a$1["INVALID_SESSION_INFO" /* ServerError.INVALID_SESSION_INFO */] = "invalid-verification-id" /* AuthErrorCode.INVALID_SESSION_INFO */,
@@ -1058,6 +1104,30 @@ function _makeTaggedError(auth, code, response) {
1058
1104
  return error;
1059
1105
  }
1060
1106
 
1107
+ /**
1108
+ * @license
1109
+ * Copyright 2020 Google LLC
1110
+ *
1111
+ * Licensed under the Apache License, Version 2.0 (the "License");
1112
+ * you may not use this file except in compliance with the License.
1113
+ * You may obtain a copy of the License at
1114
+ *
1115
+ * http://www.apache.org/licenses/LICENSE-2.0
1116
+ *
1117
+ * Unless required by applicable law or agreed to in writing, software
1118
+ * distributed under the License is distributed on an "AS IS" BASIS,
1119
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1120
+ * See the License for the specific language governing permissions and
1121
+ * limitations under the License.
1122
+ */
1123
+ function getRecaptchaConfig(auth, request) {
1124
+ return tslib.__awaiter(this, void 0, void 0, function () {
1125
+ return tslib.__generator(this, function (_a) {
1126
+ return [2 /*return*/, _performApiRequest(auth, "GET" /* HttpMethod.GET */, "/v2/recaptchaConfig" /* Endpoint.GET_RECAPTCHA_CONFIG */, _addTidIfNecessary(auth, request))];
1127
+ });
1128
+ });
1129
+ }
1130
+
1061
1131
  /**
1062
1132
  * @license
1063
1133
  * Copyright 2020 Google LLC
@@ -2451,7 +2521,7 @@ function _getClientVersion(clientPlatform, frameworks) {
2451
2521
 
2452
2522
  /**
2453
2523
  * @license
2454
- * Copyright 2020 Google LLC
2524
+ * Copyright 2022 Google LLC
2455
2525
  *
2456
2526
  * Licensed under the Apache License, Version 2.0 (the "License");
2457
2527
  * you may not use this file except in compliance with the License.
@@ -2465,17 +2535,97 @@ function _getClientVersion(clientPlatform, frameworks) {
2465
2535
  * See the License for the specific language governing permissions and
2466
2536
  * limitations under the License.
2467
2537
  */
2468
- function getRecaptchaConfig(auth, request) {
2469
- return tslib.__awaiter(this, void 0, void 0, function () {
2470
- return tslib.__generator(this, function (_a) {
2471
- return [2 /*return*/, _performApiRequest(auth, "GET" /* HttpMethod.GET */, "/v2/recaptchaConfig" /* Endpoint.GET_RECAPTCHA_CONFIG */, _addTidIfNecessary(auth, request))];
2538
+ var AuthMiddlewareQueue = /** @class */ (function () {
2539
+ function AuthMiddlewareQueue(auth) {
2540
+ this.auth = auth;
2541
+ this.queue = [];
2542
+ }
2543
+ AuthMiddlewareQueue.prototype.pushCallback = function (callback, onAbort) {
2544
+ var _this = this;
2545
+ // The callback could be sync or async. Wrap it into a
2546
+ // function that is always async.
2547
+ var wrappedCallback = function (user) {
2548
+ return new Promise(function (resolve, reject) {
2549
+ try {
2550
+ var result = callback(user);
2551
+ // Either resolve with existing promise or wrap a non-promise
2552
+ // return value into a promise.
2553
+ resolve(result);
2554
+ }
2555
+ catch (e) {
2556
+ // Sync callback throws.
2557
+ reject(e);
2558
+ }
2559
+ });
2560
+ };
2561
+ // Attach the onAbort if present
2562
+ wrappedCallback.onAbort = onAbort;
2563
+ this.queue.push(wrappedCallback);
2564
+ var index = this.queue.length - 1;
2565
+ return function () {
2566
+ // Unsubscribe. Replace with no-op. Do not remove from array, or it will disturb
2567
+ // indexing of other elements.
2568
+ _this.queue[index] = function () { return Promise.resolve(); };
2569
+ };
2570
+ };
2571
+ AuthMiddlewareQueue.prototype.runMiddleware = function (nextUser) {
2572
+ return tslib.__awaiter(this, void 0, void 0, function () {
2573
+ var onAbortStack, _i, _a, beforeStateCallback, e_1, _b, onAbortStack_1, onAbort;
2574
+ return tslib.__generator(this, function (_c) {
2575
+ switch (_c.label) {
2576
+ case 0:
2577
+ if (this.auth.currentUser === nextUser) {
2578
+ return [2 /*return*/];
2579
+ }
2580
+ onAbortStack = [];
2581
+ _c.label = 1;
2582
+ case 1:
2583
+ _c.trys.push([1, 6, , 7]);
2584
+ _i = 0, _a = this.queue;
2585
+ _c.label = 2;
2586
+ case 2:
2587
+ if (!(_i < _a.length)) return [3 /*break*/, 5];
2588
+ beforeStateCallback = _a[_i];
2589
+ return [4 /*yield*/, beforeStateCallback(nextUser)];
2590
+ case 3:
2591
+ _c.sent();
2592
+ // Only push the onAbort if the callback succeeds
2593
+ if (beforeStateCallback.onAbort) {
2594
+ onAbortStack.push(beforeStateCallback.onAbort);
2595
+ }
2596
+ _c.label = 4;
2597
+ case 4:
2598
+ _i++;
2599
+ return [3 /*break*/, 2];
2600
+ case 5: return [3 /*break*/, 7];
2601
+ case 6:
2602
+ e_1 = _c.sent();
2603
+ // Run all onAbort, with separate try/catch to ignore any errors and
2604
+ // continue
2605
+ onAbortStack.reverse();
2606
+ for (_b = 0, onAbortStack_1 = onAbortStack; _b < onAbortStack_1.length; _b++) {
2607
+ onAbort = onAbortStack_1[_b];
2608
+ try {
2609
+ onAbort();
2610
+ }
2611
+ catch (_) {
2612
+ /* swallow error */
2613
+ }
2614
+ }
2615
+ throw this.auth._errorFactory.create("login-blocked" /* AuthErrorCode.LOGIN_BLOCKED */, {
2616
+ originalMessage: e_1 === null || e_1 === void 0 ? void 0 : e_1.message
2617
+ });
2618
+ case 7: return [2 /*return*/];
2619
+ }
2620
+ });
2472
2621
  });
2473
- });
2474
- }
2622
+ };
2623
+ return AuthMiddlewareQueue;
2624
+ }());
2475
2625
 
2476
2626
  /**
2477
2627
  * @license
2478
- * Copyright 2020 Google LLC
2628
+ * Copyright 2023 Google LLC
2479
2629
  *
2480
2630
  * Licensed under the Apache License, Version 2.0 (the "License");
2481
2631
  * you may not use this file except in compliance with the License.
@@ -2489,36 +2639,25 @@ function getRecaptchaConfig(auth, request) {
2489
2639
  * See the License for the specific language governing permissions and
2490
2640
  * limitations under the License.
2491
2641
  */
2492
- function isEnterprise(grecaptcha) {
2493
- return (grecaptcha !== undefined &&
2494
- grecaptcha.enterprise !== undefined);
2495
- }
2496
- var RecaptchaConfig = /** @class */ (function () {
2497
- function RecaptchaConfig(response) {
2498
- /**
2499
- * The reCAPTCHA site key.
2500
- */
2501
- this.siteKey = '';
2502
- /**
2503
- * The reCAPTCHA enablement status of the {@link EmailAuthProvider} for the current tenant.
2504
- */
2505
- this.emailPasswordEnabled = false;
2506
- if (response.recaptchaKey === undefined) {
2507
- throw new Error('recaptchaKey undefined');
2508
- }
2509
- // Example response.recaptchaKey: "projects/proj123/keys/sitekey123"
2510
- this.siteKey = response.recaptchaKey.split('/')[3];
2511
- this.emailPasswordEnabled = response.recaptchaEnforcementState.some(function (enforcementState) {
2512
- return enforcementState.provider === 'EMAIL_PASSWORD_PROVIDER' &&
2513
- enforcementState.enforcementState !== 'OFF';
2642
+ /**
2643
+ * Fetches the password policy for the currently set tenant or the project if no tenant is set.
2644
+ *
2645
+ * @param auth Auth object.
2646
+ * @param request Password policy request.
2647
+ * @returns Password policy response.
2648
+ */
2649
+ function _getPasswordPolicy(auth, request) {
2650
+ if (request === void 0) { request = {}; }
2651
+ return tslib.__awaiter(this, void 0, void 0, function () {
2652
+ return tslib.__generator(this, function (_a) {
2653
+ return [2 /*return*/, _performApiRequest(auth, "GET" /* HttpMethod.GET */, "/v2/passwordPolicy" /* Endpoint.GET_PASSWORD_POLICY */, _addTidIfNecessary(auth, request))];
2514
2654
  });
2515
- }
2516
- return RecaptchaConfig;
2517
- }());
2655
+ });
2656
+ }
2518
2657
 
2519
2658
  /**
2520
2659
  * @license
2521
- * Copyright 2020 Google LLC
2660
+ * Copyright 2023 Google LLC
2522
2661
  *
2523
2662
  * Licensed under the Apache License, Version 2.0 (the "License");
2524
2663
  * you may not use this file except in compliance with the License.
@@ -2532,286 +2671,138 @@ var RecaptchaConfig = /** @class */ (function () {
2532
2671
  * See the License for the specific language governing permissions and
2533
2672
  * limitations under the License.
2534
2673
  */
2535
- function getScriptParentElement() {
2536
- var _a, _b;
2537
- return (_b = (_a = document.getElementsByTagName('head')) === null || _a === void 0 ? void 0 : _a[0]) !== null && _b !== void 0 ? _b : document;
2538
- }
2539
- function _loadJS(url) {
2540
- // TODO: consider adding timeout support & cancellation
2541
- return new Promise(function (resolve, reject) {
2542
- var el = document.createElement('script');
2543
- el.setAttribute('src', url);
2544
- el.onload = resolve;
2545
- el.onerror = function (e) {
2546
- var error = _createError("internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
2547
- error.customData = e;
2548
- reject(error);
2674
+ // Minimum min password length enforced by the backend, even if no minimum length is set.
2675
+ var MINIMUM_MIN_PASSWORD_LENGTH = 6;
2676
+ /**
2677
+ * Stores password policy requirements and provides password validation against the policy.
2678
+ *
2679
+ * @internal
2680
+ */
2681
+ var PasswordPolicyImpl = /** @class */ (function () {
2682
+ function PasswordPolicyImpl(response) {
2683
+ var _a, _b, _c, _d;
2684
+ // Only include custom strength options defined in the response.
2685
+ var responseOptions = response.customStrengthOptions;
2686
+ this.customStrengthOptions = {};
2687
+ // TODO: Remove once the backend is updated to include the minimum min password length instead of undefined when there is no minimum length set.
2688
+ this.customStrengthOptions.minPasswordLength =
2689
+ (_a = responseOptions.minPasswordLength) !== null && _a !== void 0 ? _a : MINIMUM_MIN_PASSWORD_LENGTH;
2690
+ if (responseOptions.maxPasswordLength) {
2691
+ this.customStrengthOptions.maxPasswordLength =
2692
+ responseOptions.maxPasswordLength;
2693
+ }
2694
+ if (responseOptions.containsLowercaseCharacter !== undefined) {
2695
+ this.customStrengthOptions.containsLowercaseLetter =
2696
+ responseOptions.containsLowercaseCharacter;
2697
+ }
2698
+ if (responseOptions.containsUppercaseCharacter !== undefined) {
2699
+ this.customStrengthOptions.containsUppercaseLetter =
2700
+ responseOptions.containsUppercaseCharacter;
2701
+ }
2702
+ if (responseOptions.containsNumericCharacter !== undefined) {
2703
+ this.customStrengthOptions.containsNumericCharacter =
2704
+ responseOptions.containsNumericCharacter;
2705
+ }
2706
+ if (responseOptions.containsNonAlphanumericCharacter !== undefined) {
2707
+ this.customStrengthOptions.containsNonAlphanumericCharacter =
2708
+ responseOptions.containsNonAlphanumericCharacter;
2709
+ }
2710
+ this.enforcementState = response.enforcementState;
2711
+ if (this.enforcementState === 'ENFORCEMENT_STATE_UNSPECIFIED') {
2712
+ this.enforcementState = 'OFF';
2713
+ }
2714
+ // Use an empty string if no non-alphanumeric characters are specified in the response.
2715
+ this.allowedNonAlphanumericCharacters =
2716
+ (_c = (_b = response.allowedNonAlphanumericCharacters) === null || _b === void 0 ? void 0 : _b.join('')) !== null && _c !== void 0 ? _c : '';
2717
+ this.forceUpgradeOnSignin = (_d = response.forceUpgradeOnSignin) !== null && _d !== void 0 ? _d : false;
2718
+ this.schemaVersion = response.schemaVersion;
2719
+ }
2720
+ PasswordPolicyImpl.prototype.validatePassword = function (password) {
2721
+ var _a, _b, _c, _d, _e, _f;
2722
+ var status = {
2723
+ isValid: true,
2724
+ passwordPolicy: this
2549
2725
  };
2550
- el.type = 'text/javascript';
2551
- el.charset = 'UTF-8';
2552
- getScriptParentElement().appendChild(el);
2553
- });
2554
- }
2555
-
2556
- /* eslint-disable @typescript-eslint/no-require-imports */
2557
- var RECAPTCHA_ENTERPRISE_URL = 'https://www.google.com/recaptcha/enterprise.js?render=';
2558
- var RECAPTCHA_ENTERPRISE_VERIFIER_TYPE = 'recaptcha-enterprise';
2559
- var FAKE_TOKEN = 'NO_RECAPTCHA';
2560
- var RecaptchaEnterpriseVerifier = /** @class */ (function () {
2726
+ // Check the password length and character options.
2727
+ this.validatePasswordLengthOptions(password, status);
2728
+ this.validatePasswordCharacterOptions(password, status);
2729
+ // Combine the status into single isValid property.
2730
+ status.isValid && (status.isValid = (_a = status.meetsMinPasswordLength) !== null && _a !== void 0 ? _a : true);
2731
+ status.isValid && (status.isValid = (_b = status.meetsMaxPasswordLength) !== null && _b !== void 0 ? _b : true);
2732
+ status.isValid && (status.isValid = (_c = status.containsLowercaseLetter) !== null && _c !== void 0 ? _c : true);
2733
+ status.isValid && (status.isValid = (_d = status.containsUppercaseLetter) !== null && _d !== void 0 ? _d : true);
2734
+ status.isValid && (status.isValid = (_e = status.containsNumericCharacter) !== null && _e !== void 0 ? _e : true);
2735
+ status.isValid && (status.isValid = (_f = status.containsNonAlphanumericCharacter) !== null && _f !== void 0 ? _f : true);
2736
+ return status;
2737
+ };
2561
2738
  /**
2739
+ * Validates that the password meets the length options for the policy.
2562
2740
  *
2563
- * @param authExtern - The corresponding Firebase {@link Auth} instance.
2741
+ * @param password Password to validate.
2742
+ * @param status Validation status.
2743
+ */
2744
+ PasswordPolicyImpl.prototype.validatePasswordLengthOptions = function (password, status) {
2745
+ var minPasswordLength = this.customStrengthOptions.minPasswordLength;
2746
+ var maxPasswordLength = this.customStrengthOptions.maxPasswordLength;
2747
+ if (minPasswordLength) {
2748
+ status.meetsMinPasswordLength = password.length >= minPasswordLength;
2749
+ }
2750
+ if (maxPasswordLength) {
2751
+ status.meetsMaxPasswordLength = password.length <= maxPasswordLength;
2752
+ }
2753
+ };
2754
+ /**
2755
+ * Validates that the password meets the character options for the policy.
2564
2756
  *
2757
+ * @param password Password to validate.
2758
+ * @param status Validation status.
2565
2759
  */
2566
- function RecaptchaEnterpriseVerifier(authExtern) {
2567
- /**
2568
- * Identifies the type of application verifier (e.g. "recaptcha-enterprise").
2569
- */
2570
- this.type = RECAPTCHA_ENTERPRISE_VERIFIER_TYPE;
2571
- this.auth = _castAuth(authExtern);
2572
- }
2760
+ PasswordPolicyImpl.prototype.validatePasswordCharacterOptions = function (password, status) {
2761
+ // Assign statuses for requirements even if the password is an empty string.
2762
+ this.updatePasswordCharacterOptionsStatuses(status,
2763
+ /* containsLowercaseCharacter= */ false,
2764
+ /* containsUppercaseCharacter= */ false,
2765
+ /* containsNumericCharacter= */ false,
2766
+ /* containsNonAlphanumericCharacter= */ false);
2767
+ var passwordChar;
2768
+ for (var i = 0; i < password.length; i++) {
2769
+ passwordChar = password.charAt(i);
2770
+ this.updatePasswordCharacterOptionsStatuses(status,
2771
+ /* containsLowercaseCharacter= */ passwordChar >= 'a' &&
2772
+ passwordChar <= 'z',
2773
+ /* containsUppercaseCharacter= */ passwordChar >= 'A' &&
2774
+ passwordChar <= 'Z',
2775
+ /* containsNumericCharacter= */ passwordChar >= '0' &&
2776
+ passwordChar <= '9',
2777
+ /* containsNonAlphanumericCharacter= */ this.allowedNonAlphanumericCharacters.includes(passwordChar));
2778
+ }
2779
+ };
2573
2780
  /**
2574
- * Executes the verification process.
2781
+ * Updates the running validation status with the statuses for the character options.
2782
+ * Expected to be called each time a character is processed to update each option status
2783
+ * based on the current character.
2575
2784
  *
2576
- * @returns A Promise for a token that can be used to assert the validity of a request.
2785
+ * @param status Validation status.
2786
+ * @param containsLowercaseCharacter Whether the character is a lowercase letter.
2787
+ * @param containsUppercaseCharacter Whether the character is an uppercase letter.
2788
+ * @param containsNumericCharacter Whether the character is a numeric character.
2789
+ * @param containsNonAlphanumericCharacter Whether the character is a non-alphanumeric character.
2577
2790
  */
2578
- RecaptchaEnterpriseVerifier.prototype.verify = function (action, forceRefresh) {
2579
- if (action === void 0) { action = 'verify'; }
2580
- if (forceRefresh === void 0) { forceRefresh = false; }
2581
- return tslib.__awaiter(this, void 0, void 0, function () {
2582
- function retrieveSiteKey(auth) {
2583
- return tslib.__awaiter(this, void 0, void 0, function () {
2584
- var _this = this;
2585
- return tslib.__generator(this, function (_a) {
2586
- if (!forceRefresh) {
2587
- if (auth.tenantId == null && auth._agentRecaptchaConfig != null) {
2588
- return [2 /*return*/, auth._agentRecaptchaConfig.siteKey];
2589
- }
2590
- if (auth.tenantId != null &&
2591
- auth._tenantRecaptchaConfigs[auth.tenantId] !== undefined) {
2592
- return [2 /*return*/, auth._tenantRecaptchaConfigs[auth.tenantId].siteKey];
2593
- }
2594
- }
2595
- return [2 /*return*/, new Promise(function (resolve, reject) { return tslib.__awaiter(_this, void 0, void 0, function () {
2596
- return tslib.__generator(this, function (_a) {
2597
- getRecaptchaConfig(auth, {
2598
- clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */,
2599
- version: "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
2600
- })
2601
- .then(function (response) {
2602
- if (response.recaptchaKey === undefined) {
2603
- reject(new Error('recaptcha Enterprise site key undefined'));
2604
- }
2605
- else {
2606
- var config = new RecaptchaConfig(response);
2607
- if (auth.tenantId == null) {
2608
- auth._agentRecaptchaConfig = config;
2609
- }
2610
- else {
2611
- auth._tenantRecaptchaConfigs[auth.tenantId] = config;
2612
- }
2613
- return resolve(config.siteKey);
2614
- }
2615
- })
2616
- .catch(function (error) {
2617
- reject(error);
2618
- });
2619
- return [2 /*return*/];
2620
- });
2621
- }); })];
2622
- });
2623
- });
2624
- }
2625
- function retrieveRecaptchaToken(siteKey, resolve, reject) {
2626
- var grecaptcha = window.grecaptcha;
2627
- if (isEnterprise(grecaptcha)) {
2628
- grecaptcha.enterprise.ready(function () {
2629
- grecaptcha.enterprise
2630
- .execute(siteKey, { action: action })
2631
- .then(function (token) {
2632
- resolve(token);
2633
- })
2634
- .catch(function () {
2635
- resolve(FAKE_TOKEN);
2636
- });
2637
- });
2638
- }
2639
- else {
2640
- reject(Error('No reCAPTCHA enterprise script loaded.'));
2641
- }
2642
- }
2643
- var _this = this;
2644
- return tslib.__generator(this, function (_a) {
2645
- return [2 /*return*/, new Promise(function (resolve, reject) {
2646
- retrieveSiteKey(_this.auth)
2647
- .then(function (siteKey) {
2648
- if (!forceRefresh && isEnterprise(window.grecaptcha)) {
2649
- retrieveRecaptchaToken(siteKey, resolve, reject);
2650
- }
2651
- else {
2652
- if (typeof window === 'undefined') {
2653
- reject(new Error('RecaptchaVerifier is only supported in browser'));
2654
- return;
2655
- }
2656
- _loadJS(RECAPTCHA_ENTERPRISE_URL + siteKey)
2657
- .then(function () {
2658
- retrieveRecaptchaToken(siteKey, resolve, reject);
2659
- })
2660
- .catch(function (error) {
2661
- reject(error);
2662
- });
2663
- }
2664
- })
2665
- .catch(function (error) {
2666
- reject(error);
2667
- });
2668
- })];
2669
- });
2670
- });
2671
- };
2672
- return RecaptchaEnterpriseVerifier;
2673
- }());
2674
- function injectRecaptchaFields(auth, request, action, captchaResp) {
2675
- if (captchaResp === void 0) { captchaResp = false; }
2676
- return tslib.__awaiter(this, void 0, void 0, function () {
2677
- var verifier, captchaResponse, newRequest;
2678
- return tslib.__generator(this, function (_a) {
2679
- switch (_a.label) {
2680
- case 0:
2681
- verifier = new RecaptchaEnterpriseVerifier(auth);
2682
- _a.label = 1;
2683
- case 1:
2684
- _a.trys.push([1, 3, , 5]);
2685
- return [4 /*yield*/, verifier.verify(action)];
2686
- case 2:
2687
- captchaResponse = _a.sent();
2688
- return [3 /*break*/, 5];
2689
- case 3:
2690
- _a.sent();
2691
- return [4 /*yield*/, verifier.verify(action, true)];
2692
- case 4:
2693
- captchaResponse = _a.sent();
2694
- return [3 /*break*/, 5];
2695
- case 5:
2696
- newRequest = tslib.__assign({}, request);
2697
- if (!captchaResp) {
2698
- Object.assign(newRequest, { captchaResponse: captchaResponse });
2699
- }
2700
- else {
2701
- Object.assign(newRequest, { 'captchaResp': captchaResponse });
2702
- }
2703
- Object.assign(newRequest, { 'clientType': "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */ });
2704
- Object.assign(newRequest, {
2705
- 'recaptchaVersion': "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
2706
- });
2707
- return [2 /*return*/, newRequest];
2708
- }
2709
- });
2710
- });
2711
- }
2712
-
2713
- /**
2714
- * @license
2715
- * Copyright 2022 Google LLC
2716
- *
2717
- * Licensed under the Apache License, Version 2.0 (the "License");
2718
- * you may not use this file except in compliance with the License.
2719
- * You may obtain a copy of the License at
2720
- *
2721
- * http://www.apache.org/licenses/LICENSE-2.0
2722
- *
2723
- * Unless required by applicable law or agreed to in writing, software
2724
- * distributed under the License is distributed on an "AS IS" BASIS,
2725
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
2726
- * See the License for the specific language governing permissions and
2727
- * limitations under the License.
2728
- */
2729
- var AuthMiddlewareQueue = /** @class */ (function () {
2730
- function AuthMiddlewareQueue(auth) {
2731
- this.auth = auth;
2732
- this.queue = [];
2733
- }
2734
- AuthMiddlewareQueue.prototype.pushCallback = function (callback, onAbort) {
2735
- var _this = this;
2736
- // The callback could be sync or async. Wrap it into a
2737
- // function that is always async.
2738
- var wrappedCallback = function (user) {
2739
- return new Promise(function (resolve, reject) {
2740
- try {
2741
- var result = callback(user);
2742
- // Either resolve with existing promise or wrap a non-promise
2743
- // return value into a promise.
2744
- resolve(result);
2745
- }
2746
- catch (e) {
2747
- // Sync callback throws.
2748
- reject(e);
2749
- }
2750
- });
2751
- };
2752
- // Attach the onAbort if present
2753
- wrappedCallback.onAbort = onAbort;
2754
- this.queue.push(wrappedCallback);
2755
- var index = this.queue.length - 1;
2756
- return function () {
2757
- // Unsubscribe. Replace with no-op. Do not remove from array, or it will disturb
2758
- // indexing of other elements.
2759
- _this.queue[index] = function () { return Promise.resolve(); };
2760
- };
2761
- };
2762
- AuthMiddlewareQueue.prototype.runMiddleware = function (nextUser) {
2763
- return tslib.__awaiter(this, void 0, void 0, function () {
2764
- var onAbortStack, _i, _a, beforeStateCallback, e_1, _b, onAbortStack_1, onAbort;
2765
- return tslib.__generator(this, function (_c) {
2766
- switch (_c.label) {
2767
- case 0:
2768
- if (this.auth.currentUser === nextUser) {
2769
- return [2 /*return*/];
2770
- }
2771
- onAbortStack = [];
2772
- _c.label = 1;
2773
- case 1:
2774
- _c.trys.push([1, 6, , 7]);
2775
- _i = 0, _a = this.queue;
2776
- _c.label = 2;
2777
- case 2:
2778
- if (!(_i < _a.length)) return [3 /*break*/, 5];
2779
- beforeStateCallback = _a[_i];
2780
- return [4 /*yield*/, beforeStateCallback(nextUser)];
2781
- case 3:
2782
- _c.sent();
2783
- // Only push the onAbort if the callback succeeds
2784
- if (beforeStateCallback.onAbort) {
2785
- onAbortStack.push(beforeStateCallback.onAbort);
2786
- }
2787
- _c.label = 4;
2788
- case 4:
2789
- _i++;
2790
- return [3 /*break*/, 2];
2791
- case 5: return [3 /*break*/, 7];
2792
- case 6:
2793
- e_1 = _c.sent();
2794
- // Run all onAbort, with separate try/catch to ignore any errors and
2795
- // continue
2796
- onAbortStack.reverse();
2797
- for (_b = 0, onAbortStack_1 = onAbortStack; _b < onAbortStack_1.length; _b++) {
2798
- onAbort = onAbortStack_1[_b];
2799
- try {
2800
- onAbort();
2801
- }
2802
- catch (_) {
2803
- /* swallow error */
2804
- }
2805
- }
2806
- throw this.auth._errorFactory.create("login-blocked" /* AuthErrorCode.LOGIN_BLOCKED */, {
2807
- originalMessage: e_1 === null || e_1 === void 0 ? void 0 : e_1.message
2808
- });
2809
- case 7: return [2 /*return*/];
2810
- }
2811
- });
2812
- });
2791
+ PasswordPolicyImpl.prototype.updatePasswordCharacterOptionsStatuses = function (status, containsLowercaseCharacter, containsUppercaseCharacter, containsNumericCharacter, containsNonAlphanumericCharacter) {
2792
+ if (this.customStrengthOptions.containsLowercaseLetter) {
2793
+ status.containsLowercaseLetter || (status.containsLowercaseLetter = containsLowercaseCharacter);
2794
+ }
2795
+ if (this.customStrengthOptions.containsUppercaseLetter) {
2796
+ status.containsUppercaseLetter || (status.containsUppercaseLetter = containsUppercaseCharacter);
2797
+ }
2798
+ if (this.customStrengthOptions.containsNumericCharacter) {
2799
+ status.containsNumericCharacter || (status.containsNumericCharacter = containsNumericCharacter);
2800
+ }
2801
+ if (this.customStrengthOptions.containsNonAlphanumericCharacter) {
2802
+ status.containsNonAlphanumericCharacter || (status.containsNonAlphanumericCharacter = containsNonAlphanumericCharacter);
2803
+ }
2813
2804
  };
2814
- return AuthMiddlewareQueue;
2805
+ return PasswordPolicyImpl;
2815
2806
  }());
2816
2807
 
2817
2808
  /**
@@ -2844,6 +2835,7 @@ var AuthImpl = /** @class */ (function () {
2844
2835
  this.beforeStateQueue = new AuthMiddlewareQueue(this);
2845
2836
  this.redirectUser = null;
2846
2837
  this.isProactiveRefreshEnabled = false;
2838
+ this.EXPECTED_PASSWORD_POLICY_SCHEMA_VERSION = 1;
2847
2839
  // Any network calls will set this to true and prevent subsequent emulator
2848
2840
  // initialization
2849
2841
  this._canInitEmulator = true;
@@ -2854,6 +2846,8 @@ var AuthImpl = /** @class */ (function () {
2854
2846
  this._errorFactory = _DEFAULT_AUTH_ERROR_FACTORY;
2855
2847
  this._agentRecaptchaConfig = null;
2856
2848
  this._tenantRecaptchaConfigs = {};
2849
+ this._projectPasswordPolicy = null;
2850
+ this._tenantPasswordPolicies = {};
2857
2851
  // Tracks the last notified UID for state change listeners to prevent
2858
2852
  // repeated calls to the callbacks. Undefined means it's never been
2859
2853
  // called, whereas null means it's been called with a signed out user
@@ -3183,41 +3177,66 @@ var AuthImpl = /** @class */ (function () {
3183
3177
  });
3184
3178
  }); });
3185
3179
  };
3186
- AuthImpl.prototype.initializeRecaptchaConfig = function () {
3180
+ AuthImpl.prototype._getRecaptchaConfig = function () {
3181
+ if (this.tenantId == null) {
3182
+ return this._agentRecaptchaConfig;
3183
+ }
3184
+ else {
3185
+ return this._tenantRecaptchaConfigs[this.tenantId];
3186
+ }
3187
+ };
3188
+ AuthImpl.prototype.validatePassword = function (password) {
3187
3189
  return tslib.__awaiter(this, void 0, void 0, function () {
3188
- var response, config, verifier;
3190
+ var passwordPolicy;
3189
3191
  return tslib.__generator(this, function (_a) {
3190
3192
  switch (_a.label) {
3191
- case 0: return [4 /*yield*/, getRecaptchaConfig(this, {
3192
- clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */,
3193
- version: "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
3194
- })];
3193
+ case 0:
3194
+ if (!!this._getPasswordPolicyInternal()) return [3 /*break*/, 2];
3195
+ return [4 /*yield*/, this._updatePasswordPolicy()];
3195
3196
  case 1:
3196
- response = _a.sent();
3197
- config = new RecaptchaConfig(response);
3198
- if (this.tenantId == null) {
3199
- this._agentRecaptchaConfig = config;
3200
- }
3201
- else {
3202
- this._tenantRecaptchaConfigs[this.tenantId] = config;
3203
- }
3204
- if (config.emailPasswordEnabled) {
3205
- verifier = new RecaptchaEnterpriseVerifier(this);
3206
- void verifier.verify();
3197
+ _a.sent();
3198
+ _a.label = 2;
3199
+ case 2:
3200
+ passwordPolicy = this._getPasswordPolicyInternal();
3201
+ // Check that the policy schema version is supported by the SDK.
3202
+ // TODO: Update this logic to use a max supported policy schema version once we have multiple schema versions.
3203
+ if (passwordPolicy.schemaVersion !==
3204
+ this.EXPECTED_PASSWORD_POLICY_SCHEMA_VERSION) {
3205
+ return [2 /*return*/, Promise.reject(this._errorFactory.create("unsupported-password-policy-schema-version" /* AuthErrorCode.UNSUPPORTED_PASSWORD_POLICY_SCHEMA_VERSION */, {}))];
3207
3206
  }
3208
- return [2 /*return*/];
3207
+ return [2 /*return*/, passwordPolicy.validatePassword(password)];
3209
3208
  }
3210
3209
  });
3211
3210
  });
3212
3211
  };
3213
- AuthImpl.prototype._getRecaptchaConfig = function () {
3214
- if (this.tenantId == null) {
3215
- return this._agentRecaptchaConfig;
3212
+ AuthImpl.prototype._getPasswordPolicyInternal = function () {
3213
+ if (this.tenantId === null) {
3214
+ return this._projectPasswordPolicy;
3216
3215
  }
3217
3216
  else {
3218
- return this._tenantRecaptchaConfigs[this.tenantId];
3217
+ return this._tenantPasswordPolicies[this.tenantId];
3219
3218
  }
3220
3219
  };
3220
+ AuthImpl.prototype._updatePasswordPolicy = function () {
3221
+ return tslib.__awaiter(this, void 0, void 0, function () {
3222
+ var response, passwordPolicy;
3223
+ return tslib.__generator(this, function (_a) {
3224
+ switch (_a.label) {
3225
+ case 0: return [4 /*yield*/, _getPasswordPolicy(this)];
3226
+ case 1:
3227
+ response = _a.sent();
3228
+ passwordPolicy = new PasswordPolicyImpl(response);
3229
+ if (this.tenantId === null) {
3230
+ this._projectPasswordPolicy = passwordPolicy;
3231
+ }
3232
+ else {
3233
+ this._tenantPasswordPolicies[this.tenantId] = passwordPolicy;
3234
+ }
3235
+ return [2 /*return*/];
3236
+ }
3237
+ });
3238
+ });
3239
+ };
3221
3240
  AuthImpl.prototype._getPersistence = function () {
3222
3241
  return this.assertedPersistence.persistence.type;
3223
3242
  };
@@ -3384,18 +3403,32 @@ var AuthImpl = /** @class */ (function () {
3384
3403
  var cb = typeof nextOrObserver === 'function'
3385
3404
  ? nextOrObserver
3386
3405
  : nextOrObserver.next.bind(nextOrObserver);
3406
+ var isUnsubscribed = false;
3387
3407
  var promise = this._isInitialized
3388
3408
  ? Promise.resolve()
3389
3409
  : this._initializationPromise;
3390
3410
  _assert(promise, this, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
3391
3411
  // The callback needs to be called asynchronously per the spec.
3392
3412
  // eslint-disable-next-line @typescript-eslint/no-floating-promises
3393
- promise.then(function () { return cb(_this.currentUser); });
3413
+ promise.then(function () {
3414
+ if (isUnsubscribed) {
3415
+ return;
3416
+ }
3417
+ cb(_this.currentUser);
3418
+ });
3394
3419
  if (typeof nextOrObserver === 'function') {
3395
- return subscription.addObserver(nextOrObserver, error, completed);
3420
+ var unsubscribe_2 = subscription.addObserver(nextOrObserver, error, completed);
3421
+ return function () {
3422
+ isUnsubscribed = true;
3423
+ unsubscribe_2();
3424
+ };
3396
3425
  }
3397
3426
  else {
3398
- return subscription.addObserver(nextOrObserver);
3427
+ var unsubscribe_3 = subscription.addObserver(nextOrObserver);
3428
+ return function () {
3429
+ isUnsubscribed = true;
3430
+ unsubscribe_3();
3431
+ };
3399
3432
  }
3400
3433
  };
3401
3434
  /**
@@ -3493,54 +3526,277 @@ var AuthImpl = /** @class */ (function () {
3493
3526
  AuthImpl.prototype._getAppCheckToken = function () {
3494
3527
  var _a;
3495
3528
  return tslib.__awaiter(this, void 0, void 0, function () {
3496
- var appCheckTokenResult;
3497
- return tslib.__generator(this, function (_b) {
3498
- switch (_b.label) {
3499
- case 0: return [4 /*yield*/, ((_a = this.appCheckServiceProvider
3500
- .getImmediate({ optional: true })) === null || _a === void 0 ? void 0 : _a.getToken())];
3501
- case 1:
3502
- appCheckTokenResult = _b.sent();
3503
- if (appCheckTokenResult === null || appCheckTokenResult === void 0 ? void 0 : appCheckTokenResult.error) {
3504
- // Context: appCheck.getToken() will never throw even if an error happened.
3505
- // In the error case, a dummy token will be returned along with an error field describing
3506
- // the error. In general, we shouldn't care about the error condition and just use
3507
- // the token (actual or dummy) to send requests.
3508
- _logWarn("Error while retrieving App Check token: ".concat(appCheckTokenResult.error));
3529
+ var appCheckTokenResult;
3530
+ return tslib.__generator(this, function (_b) {
3531
+ switch (_b.label) {
3532
+ case 0: return [4 /*yield*/, ((_a = this.appCheckServiceProvider
3533
+ .getImmediate({ optional: true })) === null || _a === void 0 ? void 0 : _a.getToken())];
3534
+ case 1:
3535
+ appCheckTokenResult = _b.sent();
3536
+ if (appCheckTokenResult === null || appCheckTokenResult === void 0 ? void 0 : appCheckTokenResult.error) {
3537
+ // Context: appCheck.getToken() will never throw even if an error happened.
3538
+ // In the error case, a dummy token will be returned along with an error field describing
3539
+ // the error. In general, we shouldn't care about the error condition and just use
3540
+ // the token (actual or dummy) to send requests.
3541
+ _logWarn("Error while retrieving App Check token: ".concat(appCheckTokenResult.error));
3542
+ }
3543
+ return [2 /*return*/, appCheckTokenResult === null || appCheckTokenResult === void 0 ? void 0 : appCheckTokenResult.token];
3544
+ }
3545
+ });
3546
+ });
3547
+ };
3548
+ return AuthImpl;
3549
+ }());
3550
+ /**
3551
+ * Method to be used to cast down to our private implmentation of Auth.
3552
+ * It will also handle unwrapping from the compat type if necessary
3553
+ *
3554
+ * @param auth Auth object passed in from developer
3555
+ */
3556
+ function _castAuth(auth) {
3557
+ return util.getModularInstance(auth);
3558
+ }
3559
+ /** Helper class to wrap subscriber logic */
3560
+ var Subscription = /** @class */ (function () {
3561
+ function Subscription(auth) {
3562
+ var _this = this;
3563
+ this.auth = auth;
3564
+ this.observer = null;
3565
+ this.addObserver = util.createSubscribe(function (observer) { return (_this.observer = observer); });
3566
+ }
3567
+ Object.defineProperty(Subscription.prototype, "next", {
3568
+ get: function () {
3569
+ _assert(this.observer, this.auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
3570
+ return this.observer.next.bind(this.observer);
3571
+ },
3572
+ enumerable: false,
3573
+ configurable: true
3574
+ });
3575
+ return Subscription;
3576
+ }());
3577
+
3578
+ /**
3579
+ * @license
3580
+ * Copyright 2020 Google LLC
3581
+ *
3582
+ * Licensed under the Apache License, Version 2.0 (the "License");
3583
+ * you may not use this file except in compliance with the License.
3584
+ * You may obtain a copy of the License at
3585
+ *
3586
+ * http://www.apache.org/licenses/LICENSE-2.0
3587
+ *
3588
+ * Unless required by applicable law or agreed to in writing, software
3589
+ * distributed under the License is distributed on an "AS IS" BASIS,
3590
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
3591
+ * See the License for the specific language governing permissions and
3592
+ * limitations under the License.
3593
+ */
3594
+ function getScriptParentElement() {
3595
+ var _a, _b;
3596
+ return (_b = (_a = document.getElementsByTagName('head')) === null || _a === void 0 ? void 0 : _a[0]) !== null && _b !== void 0 ? _b : document;
3597
+ }
3598
+ function _loadJS(url) {
3599
+ // TODO: consider adding timeout support & cancellation
3600
+ return new Promise(function (resolve, reject) {
3601
+ var el = document.createElement('script');
3602
+ el.setAttribute('src', url);
3603
+ el.onload = resolve;
3604
+ el.onerror = function (e) {
3605
+ var error = _createError("internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
3606
+ error.customData = e;
3607
+ reject(error);
3608
+ };
3609
+ el.type = 'text/javascript';
3610
+ el.charset = 'UTF-8';
3611
+ getScriptParentElement().appendChild(el);
3612
+ });
3613
+ }
3614
+
3615
+ /* eslint-disable @typescript-eslint/no-require-imports */
3616
+ var RECAPTCHA_ENTERPRISE_URL = 'https://www.google.com/recaptcha/enterprise.js?render=';
3617
+ var RECAPTCHA_ENTERPRISE_VERIFIER_TYPE = 'recaptcha-enterprise';
3618
+ var FAKE_TOKEN = 'NO_RECAPTCHA';
3619
+ var RecaptchaEnterpriseVerifier = /** @class */ (function () {
3620
+ /**
3621
+ *
3622
+ * @param authExtern - The corresponding Firebase {@link Auth} instance.
3623
+ *
3624
+ */
3625
+ function RecaptchaEnterpriseVerifier(authExtern) {
3626
+ /**
3627
+ * Identifies the type of application verifier (e.g. "recaptcha-enterprise").
3628
+ */
3629
+ this.type = RECAPTCHA_ENTERPRISE_VERIFIER_TYPE;
3630
+ this.auth = _castAuth(authExtern);
3631
+ }
3632
+ /**
3633
+ * Executes the verification process.
3634
+ *
3635
+ * @returns A Promise for a token that can be used to assert the validity of a request.
3636
+ */
3637
+ RecaptchaEnterpriseVerifier.prototype.verify = function (action, forceRefresh) {
3638
+ if (action === void 0) { action = 'verify'; }
3639
+ if (forceRefresh === void 0) { forceRefresh = false; }
3640
+ return tslib.__awaiter(this, void 0, void 0, function () {
3641
+ function retrieveSiteKey(auth) {
3642
+ return tslib.__awaiter(this, void 0, void 0, function () {
3643
+ var _this = this;
3644
+ return tslib.__generator(this, function (_a) {
3645
+ if (!forceRefresh) {
3646
+ if (auth.tenantId == null && auth._agentRecaptchaConfig != null) {
3647
+ return [2 /*return*/, auth._agentRecaptchaConfig.siteKey];
3648
+ }
3649
+ if (auth.tenantId != null &&
3650
+ auth._tenantRecaptchaConfigs[auth.tenantId] !== undefined) {
3651
+ return [2 /*return*/, auth._tenantRecaptchaConfigs[auth.tenantId].siteKey];
3652
+ }
3509
3653
  }
3510
- return [2 /*return*/, appCheckTokenResult === null || appCheckTokenResult === void 0 ? void 0 : appCheckTokenResult.token];
3654
+ return [2 /*return*/, new Promise(function (resolve, reject) { return tslib.__awaiter(_this, void 0, void 0, function () {
3655
+ return tslib.__generator(this, function (_a) {
3656
+ getRecaptchaConfig(auth, {
3657
+ clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */,
3658
+ version: "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
3659
+ })
3660
+ .then(function (response) {
3661
+ if (response.recaptchaKey === undefined) {
3662
+ reject(new Error('recaptcha Enterprise site key undefined'));
3663
+ }
3664
+ else {
3665
+ var config = new RecaptchaConfig(response);
3666
+ if (auth.tenantId == null) {
3667
+ auth._agentRecaptchaConfig = config;
3668
+ }
3669
+ else {
3670
+ auth._tenantRecaptchaConfigs[auth.tenantId] = config;
3671
+ }
3672
+ return resolve(config.siteKey);
3673
+ }
3674
+ })
3675
+ .catch(function (error) {
3676
+ reject(error);
3677
+ });
3678
+ return [2 /*return*/];
3679
+ });
3680
+ }); })];
3681
+ });
3682
+ });
3683
+ }
3684
+ function retrieveRecaptchaToken(siteKey, resolve, reject) {
3685
+ var grecaptcha = window.grecaptcha;
3686
+ if (isEnterprise(grecaptcha)) {
3687
+ grecaptcha.enterprise.ready(function () {
3688
+ grecaptcha.enterprise
3689
+ .execute(siteKey, { action: action })
3690
+ .then(function (token) {
3691
+ resolve(token);
3692
+ })
3693
+ .catch(function () {
3694
+ resolve(FAKE_TOKEN);
3695
+ });
3696
+ });
3697
+ }
3698
+ else {
3699
+ reject(Error('No reCAPTCHA enterprise script loaded.'));
3511
3700
  }
3701
+ }
3702
+ var _this = this;
3703
+ return tslib.__generator(this, function (_a) {
3704
+ return [2 /*return*/, new Promise(function (resolve, reject) {
3705
+ retrieveSiteKey(_this.auth)
3706
+ .then(function (siteKey) {
3707
+ if (!forceRefresh && isEnterprise(window.grecaptcha)) {
3708
+ retrieveRecaptchaToken(siteKey, resolve, reject);
3709
+ }
3710
+ else {
3711
+ if (typeof window === 'undefined') {
3712
+ reject(new Error('RecaptchaVerifier is only supported in browser'));
3713
+ return;
3714
+ }
3715
+ _loadJS(RECAPTCHA_ENTERPRISE_URL + siteKey)
3716
+ .then(function () {
3717
+ retrieveRecaptchaToken(siteKey, resolve, reject);
3718
+ })
3719
+ .catch(function (error) {
3720
+ reject(error);
3721
+ });
3722
+ }
3723
+ })
3724
+ .catch(function (error) {
3725
+ reject(error);
3726
+ });
3727
+ })];
3512
3728
  });
3513
3729
  });
3514
3730
  };
3515
- return AuthImpl;
3731
+ return RecaptchaEnterpriseVerifier;
3516
3732
  }());
3517
- /**
3518
- * Method to be used to cast down to our private implmentation of Auth.
3519
- * It will also handle unwrapping from the compat type if necessary
3520
- *
3521
- * @param auth Auth object passed in from developer
3522
- */
3523
- function _castAuth(auth) {
3524
- return util.getModularInstance(auth);
3733
+ function injectRecaptchaFields(auth, request, action, captchaResp) {
3734
+ if (captchaResp === void 0) { captchaResp = false; }
3735
+ return tslib.__awaiter(this, void 0, void 0, function () {
3736
+ var verifier, captchaResponse, newRequest;
3737
+ return tslib.__generator(this, function (_a) {
3738
+ switch (_a.label) {
3739
+ case 0:
3740
+ verifier = new RecaptchaEnterpriseVerifier(auth);
3741
+ _a.label = 1;
3742
+ case 1:
3743
+ _a.trys.push([1, 3, , 5]);
3744
+ return [4 /*yield*/, verifier.verify(action)];
3745
+ case 2:
3746
+ captchaResponse = _a.sent();
3747
+ return [3 /*break*/, 5];
3748
+ case 3:
3749
+ _a.sent();
3750
+ return [4 /*yield*/, verifier.verify(action, true)];
3751
+ case 4:
3752
+ captchaResponse = _a.sent();
3753
+ return [3 /*break*/, 5];
3754
+ case 5:
3755
+ newRequest = tslib.__assign({}, request);
3756
+ if (!captchaResp) {
3757
+ Object.assign(newRequest, { captchaResponse: captchaResponse });
3758
+ }
3759
+ else {
3760
+ Object.assign(newRequest, { 'captchaResp': captchaResponse });
3761
+ }
3762
+ Object.assign(newRequest, { 'clientType': "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */ });
3763
+ Object.assign(newRequest, {
3764
+ 'recaptchaVersion': "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
3765
+ });
3766
+ return [2 /*return*/, newRequest];
3767
+ }
3768
+ });
3769
+ });
3525
3770
  }
3526
- /** Helper class to wrap subscriber logic */
3527
- var Subscription = /** @class */ (function () {
3528
- function Subscription(auth) {
3529
- var _this = this;
3530
- this.auth = auth;
3531
- this.observer = null;
3532
- this.addObserver = util.createSubscribe(function (observer) { return (_this.observer = observer); });
3533
- }
3534
- Object.defineProperty(Subscription.prototype, "next", {
3535
- get: function () {
3536
- _assert(this.observer, this.auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
3537
- return this.observer.next.bind(this.observer);
3538
- },
3539
- enumerable: false,
3540
- configurable: true
3771
+ function _initializeRecaptchaConfig(auth) {
3772
+ return tslib.__awaiter(this, void 0, void 0, function () {
3773
+ var authInternal, response, config, verifier;
3774
+ return tslib.__generator(this, function (_a) {
3775
+ switch (_a.label) {
3776
+ case 0:
3777
+ authInternal = _castAuth(auth);
3778
+ return [4 /*yield*/, getRecaptchaConfig(authInternal, {
3779
+ clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */,
3780
+ version: "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
3781
+ })];
3782
+ case 1:
3783
+ response = _a.sent();
3784
+ config = new RecaptchaConfig(response);
3785
+ if (authInternal.tenantId == null) {
3786
+ authInternal._agentRecaptchaConfig = config;
3787
+ }
3788
+ else {
3789
+ authInternal._tenantRecaptchaConfigs[authInternal.tenantId] = config;
3790
+ }
3791
+ if (config.emailPasswordEnabled) {
3792
+ verifier = new RecaptchaEnterpriseVerifier(authInternal);
3793
+ void verifier.verify();
3794
+ }
3795
+ return [2 /*return*/];
3796
+ }
3797
+ });
3541
3798
  });
3542
- return Subscription;
3543
- }());
3799
+ }
3544
3800
 
3545
3801
  /**
3546
3802
  * @license
@@ -6193,6 +6449,36 @@ function _setActionCodeSettingsOnRequest(auth, request, actionCodeSettings) {
6193
6449
  * See the License for the specific language governing permissions and
6194
6450
  * limitations under the License.
6195
6451
  */
6452
+ /**
6453
+ * Updates the password policy cached in the {@link Auth} instance if a policy is already
6454
+ * cached for the project or tenant.
6455
+ *
6456
+ * @remarks
6457
+ * We only fetch the password policy if the password did not meet policy requirements and
6458
+ * there is an existing policy cached. A developer must call validatePassword at least
6459
+ * once for the cache to be automatically updated.
6460
+ *
6461
+ * @param auth - The {@link Auth} instance.
6462
+ *
6463
+ * @private
6464
+ */
6465
+ function recachePasswordPolicy(auth) {
6466
+ return tslib.__awaiter(this, void 0, void 0, function () {
6467
+ var authInternal;
6468
+ return tslib.__generator(this, function (_a) {
6469
+ switch (_a.label) {
6470
+ case 0:
6471
+ authInternal = _castAuth(auth);
6472
+ if (!authInternal._getPasswordPolicyInternal()) return [3 /*break*/, 2];
6473
+ return [4 /*yield*/, authInternal._updatePasswordPolicy()];
6474
+ case 1:
6475
+ _a.sent();
6476
+ _a.label = 2;
6477
+ case 2: return [2 /*return*/];
6478
+ }
6479
+ });
6480
+ });
6481
+ }
6196
6482
  /**
6197
6483
  * Sends a password reset email to the given email address.
6198
6484
  *
@@ -6296,12 +6582,22 @@ function sendPasswordResetEmail(auth, email, actionCodeSettings) {
6296
6582
  */
6297
6583
  function confirmPasswordReset(auth, oobCode, newPassword) {
6298
6584
  return tslib.__awaiter(this, void 0, void 0, function () {
6585
+ var _this = this;
6299
6586
  return tslib.__generator(this, function (_a) {
6300
6587
  switch (_a.label) {
6301
6588
  case 0: return [4 /*yield*/, resetPassword(util.getModularInstance(auth), {
6302
6589
  oobCode: oobCode,
6303
6590
  newPassword: newPassword
6304
- })];
6591
+ })
6592
+ .catch(function (error) { return tslib.__awaiter(_this, void 0, void 0, function () {
6593
+ return tslib.__generator(this, function (_a) {
6594
+ if (error.code ===
6595
+ "auth/".concat("password-does-not-meet-requirements" /* AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */)) {
6596
+ void recachePasswordPolicy(auth);
6597
+ }
6598
+ throw error;
6599
+ });
6600
+ }); })];
6305
6601
  case 1:
6306
6602
  _a.sent();
6307
6603
  return [2 /*return*/];
@@ -6457,13 +6753,16 @@ function createUserWithEmailAndPassword(auth, email, password) {
6457
6753
  case 1:
6458
6754
  requestWithRecaptcha = _a.sent();
6459
6755
  return [2 /*return*/, signUp(authInternal, requestWithRecaptcha)];
6460
- case 2: return [2 /*return*/, Promise.reject(error)];
6756
+ case 2: throw error;
6461
6757
  }
6462
6758
  });
6463
6759
  }); });
6464
6760
  _b.label = 3;
6465
6761
  case 3: return [4 /*yield*/, signUpResponse.catch(function (error) {
6466
- return Promise.reject(error);
6762
+ if (error.code === "auth/".concat("password-does-not-meet-requirements" /* AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */)) {
6763
+ void recachePasswordPolicy(auth);
6764
+ }
6765
+ throw error;
6467
6766
  })];
6468
6767
  case 4:
6469
6768
  response = _b.sent();
@@ -6495,7 +6794,15 @@ function createUserWithEmailAndPassword(auth, email, password) {
6495
6794
  * @public
6496
6795
  */
6497
6796
  function signInWithEmailAndPassword(auth, email, password) {
6498
- return signInWithCredential(util.getModularInstance(auth), EmailAuthProvider.credential(email, password));
6797
+ var _this = this;
6798
+ return signInWithCredential(util.getModularInstance(auth), EmailAuthProvider.credential(email, password)).catch(function (error) { return tslib.__awaiter(_this, void 0, void 0, function () {
6799
+ return tslib.__generator(this, function (_a) {
6800
+ if (error.code === "auth/".concat("password-does-not-meet-requirements" /* AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */)) {
6801
+ void recachePasswordPolicy(auth);
6802
+ }
6803
+ throw error;
6804
+ });
6805
+ }); });
6499
6806
  }
6500
6807
 
6501
6808
  /**
@@ -7233,8 +7540,39 @@ function setPersistence(auth, persistence) {
7233
7540
  * @public
7234
7541
  */
7235
7542
  function initializeRecaptchaConfig(auth) {
7236
- var authInternal = _castAuth(auth);
7237
- return authInternal.initializeRecaptchaConfig();
7543
+ return _initializeRecaptchaConfig(auth);
7544
+ }
7545
+ /**
7546
+ * Validates the password against the password policy configured for the project or tenant.
7547
+ *
7548
+ * @remarks
7549
+ * If no tenant ID is set on the `Auth` instance, then this method will use the password
7550
+ * policy configured for the project. Otherwise, this method will use the policy configured
7551
+ * for the tenant. If a password policy has not been configured, then the default policy
7552
+ * configured for all projects will be used.
7553
+ *
7554
+ * If an auth flow fails because a submitted password does not meet the password policy
7555
+ * requirements and this method has previously been called, then this method will use the
7556
+ * most recent policy available when called again.
7557
+ *
7558
+ * @example
7559
+ * ```javascript
7560
+ * validatePassword(auth, 'some-password');
7561
+ * ```
7562
+ *
7563
+ * @param auth The {@link Auth} instance.
7564
+ * @param password The password to validate.
7565
+ *
7566
+ * @public
7567
+ */
7568
+ function validatePassword(auth, password) {
7569
+ return tslib.__awaiter(this, void 0, void 0, function () {
7570
+ var authInternal;
7571
+ return tslib.__generator(this, function (_a) {
7572
+ authInternal = _castAuth(auth);
7573
+ return [2 /*return*/, authInternal.validatePassword(password)];
7574
+ });
7575
+ });
7238
7576
  }
7239
7577
  /**
7240
7578
  * Adds an observer for changes to the signed-in user's ID token.
@@ -7650,7 +7988,7 @@ function multiFactor(user) {
7650
7988
  }
7651
7989
 
7652
7990
  var name = "@firebase/auth";
7653
- var version = "1.1.0";
7991
+ var version = "1.2.0-20230815211035";
7654
7992
 
7655
7993
  /**
7656
7994
  * @license
@@ -8218,6 +8556,7 @@ exports.updatePassword = updatePassword;
8218
8556
  exports.updatePhoneNumber = updatePhoneNumber;
8219
8557
  exports.updateProfile = updateProfile;
8220
8558
  exports.useDeviceLanguage = useDeviceLanguage;
8559
+ exports.validatePassword = validatePassword;
8221
8560
  exports.verifyBeforeUpdateEmail = verifyBeforeUpdateEmail;
8222
8561
  exports.verifyPasswordResetCode = verifyPasswordResetCode;
8223
- //# sourceMappingURL=totp-8a876b1a.js.map
8562
+ //# sourceMappingURL=totp-59663c77.js.map