@firebase/auth 1.1.0 → 1.2.0-20230815211035

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (175) hide show
  1. package/README.md +28 -1
  2. package/dist/auth-public.d.ts +119 -0
  3. package/dist/auth.d.ts +179 -2
  4. package/dist/browser-cjs/{index-0b2238be.js → index-4a6bae3a.js} +566 -278
  5. package/dist/browser-cjs/index-4a6bae3a.js.map +1 -0
  6. package/dist/browser-cjs/index.js +3 -2
  7. package/dist/browser-cjs/index.js.map +1 -1
  8. package/dist/browser-cjs/internal.js +3 -2
  9. package/dist/browser-cjs/internal.js.map +1 -1
  10. package/dist/browser-cjs/src/api/errors.d.ts +2 -1
  11. package/dist/browser-cjs/src/api/index.d.ts +2 -1
  12. package/dist/browser-cjs/src/api/password_policy/get_password_policy.d.ts +48 -0
  13. package/dist/browser-cjs/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  14. package/dist/browser-cjs/src/core/auth/auth_impl.d.ts +8 -2
  15. package/dist/browser-cjs/src/core/auth/password_policy_impl.d.ts +59 -0
  16. package/dist/browser-cjs/src/core/auth/password_policy_impl.test.d.ts +17 -0
  17. package/dist/browser-cjs/src/core/errors.d.ts +3 -1
  18. package/dist/browser-cjs/src/core/index.d.ts +25 -1
  19. package/dist/browser-cjs/src/model/auth.d.ts +7 -2
  20. package/dist/browser-cjs/src/model/password_policy.d.ts +111 -0
  21. package/dist/browser-cjs/src/model/public_types.d.ts +88 -0
  22. package/dist/browser-cjs/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  23. package/dist/browser-cjs/src/platform_node/index.d.ts +1 -0
  24. package/dist/browser-cjs/test/helpers/integration/helpers.d.ts +7 -1
  25. package/dist/browser-cjs/test/integration/flows/password_policy.test.d.ts +17 -0
  26. package/dist/cordova/index.js +2 -2
  27. package/dist/cordova/internal.js +2 -2
  28. package/dist/cordova/{popup_redirect-71c1ff0a.js → popup_redirect-03e63fe8.js} +754 -416
  29. package/dist/cordova/popup_redirect-03e63fe8.js.map +1 -0
  30. package/dist/cordova/src/api/errors.d.ts +2 -1
  31. package/dist/cordova/src/api/index.d.ts +2 -1
  32. package/dist/cordova/src/api/password_policy/get_password_policy.d.ts +48 -0
  33. package/dist/cordova/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  34. package/dist/cordova/src/core/auth/auth_impl.d.ts +8 -2
  35. package/dist/cordova/src/core/auth/password_policy_impl.d.ts +59 -0
  36. package/dist/cordova/src/core/auth/password_policy_impl.test.d.ts +17 -0
  37. package/dist/cordova/src/core/errors.d.ts +3 -1
  38. package/dist/cordova/src/core/index.d.ts +25 -1
  39. package/dist/cordova/src/model/auth.d.ts +7 -2
  40. package/dist/cordova/src/model/password_policy.d.ts +111 -0
  41. package/dist/cordova/src/model/public_types.d.ts +88 -0
  42. package/dist/cordova/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  43. package/dist/cordova/src/platform_node/index.d.ts +1 -0
  44. package/dist/cordova/test/helpers/integration/helpers.d.ts +7 -1
  45. package/dist/cordova/test/integration/flows/password_policy.test.d.ts +17 -0
  46. package/dist/esm2017/{index-e24386e7.js → index-a2ce75d7.js} +566 -279
  47. package/dist/esm2017/index-a2ce75d7.js.map +1 -0
  48. package/dist/esm2017/index.js +2 -2
  49. package/dist/esm2017/internal.js +3 -3
  50. package/dist/esm2017/src/api/errors.d.ts +2 -1
  51. package/dist/esm2017/src/api/index.d.ts +2 -1
  52. package/dist/esm2017/src/api/password_policy/get_password_policy.d.ts +48 -0
  53. package/dist/esm2017/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  54. package/dist/esm2017/src/core/auth/auth_impl.d.ts +8 -2
  55. package/dist/esm2017/src/core/auth/password_policy_impl.d.ts +59 -0
  56. package/dist/esm2017/src/core/auth/password_policy_impl.test.d.ts +17 -0
  57. package/dist/esm2017/src/core/errors.d.ts +3 -1
  58. package/dist/esm2017/src/core/index.d.ts +25 -1
  59. package/dist/esm2017/src/model/auth.d.ts +7 -2
  60. package/dist/esm2017/src/model/password_policy.d.ts +111 -0
  61. package/dist/esm2017/src/model/public_types.d.ts +88 -0
  62. package/dist/esm2017/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  63. package/dist/esm2017/src/platform_node/index.d.ts +1 -0
  64. package/dist/esm2017/test/helpers/integration/helpers.d.ts +7 -1
  65. package/dist/esm2017/test/integration/flows/password_policy.test.d.ts +17 -0
  66. package/dist/esm5/{index-be7bff78.js → index-aeb2d939.js} +754 -416
  67. package/dist/esm5/index-aeb2d939.js.map +1 -0
  68. package/dist/esm5/index.js +1 -1
  69. package/dist/esm5/internal.js +2 -2
  70. package/dist/esm5/src/api/errors.d.ts +2 -1
  71. package/dist/esm5/src/api/index.d.ts +2 -1
  72. package/dist/esm5/src/api/password_policy/get_password_policy.d.ts +48 -0
  73. package/dist/esm5/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  74. package/dist/esm5/src/core/auth/auth_impl.d.ts +8 -2
  75. package/dist/esm5/src/core/auth/password_policy_impl.d.ts +59 -0
  76. package/dist/esm5/src/core/auth/password_policy_impl.test.d.ts +17 -0
  77. package/dist/esm5/src/core/errors.d.ts +3 -1
  78. package/dist/esm5/src/core/index.d.ts +25 -1
  79. package/dist/esm5/src/model/auth.d.ts +7 -2
  80. package/dist/esm5/src/model/password_policy.d.ts +111 -0
  81. package/dist/esm5/src/model/public_types.d.ts +88 -0
  82. package/dist/esm5/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  83. package/dist/esm5/src/platform_node/index.d.ts +1 -0
  84. package/dist/esm5/test/helpers/integration/helpers.d.ts +7 -1
  85. package/dist/esm5/test/integration/flows/password_policy.test.d.ts +17 -0
  86. package/dist/index.webworker.esm5.js +828 -490
  87. package/dist/index.webworker.esm5.js.map +1 -1
  88. package/dist/node/index.js +2 -1
  89. package/dist/node/index.js.map +1 -1
  90. package/dist/node/internal.js +2 -1
  91. package/dist/node/internal.js.map +1 -1
  92. package/dist/node/src/api/errors.d.ts +2 -1
  93. package/dist/node/src/api/index.d.ts +2 -1
  94. package/dist/node/src/api/password_policy/get_password_policy.d.ts +48 -0
  95. package/dist/node/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  96. package/dist/node/src/core/auth/auth_impl.d.ts +8 -2
  97. package/dist/node/src/core/auth/password_policy_impl.d.ts +59 -0
  98. package/dist/node/src/core/auth/password_policy_impl.test.d.ts +17 -0
  99. package/dist/node/src/core/errors.d.ts +3 -1
  100. package/dist/node/src/core/index.d.ts +25 -1
  101. package/dist/node/src/model/auth.d.ts +7 -2
  102. package/dist/node/src/model/password_policy.d.ts +111 -0
  103. package/dist/node/src/model/public_types.d.ts +88 -0
  104. package/dist/node/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  105. package/dist/node/src/platform_node/index.d.ts +1 -0
  106. package/dist/node/test/helpers/integration/helpers.d.ts +7 -1
  107. package/dist/node/test/integration/flows/password_policy.test.d.ts +17 -0
  108. package/dist/node/{totp-8a876b1a.js → totp-59663c77.js} +717 -378
  109. package/dist/node/totp-59663c77.js.map +1 -0
  110. package/dist/node-esm/index.js +1 -1
  111. package/dist/node-esm/internal.js +2 -2
  112. package/dist/node-esm/src/api/errors.d.ts +2 -1
  113. package/dist/node-esm/src/api/index.d.ts +2 -1
  114. package/dist/node-esm/src/api/password_policy/get_password_policy.d.ts +48 -0
  115. package/dist/node-esm/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  116. package/dist/node-esm/src/core/auth/auth_impl.d.ts +8 -2
  117. package/dist/node-esm/src/core/auth/password_policy_impl.d.ts +59 -0
  118. package/dist/node-esm/src/core/auth/password_policy_impl.test.d.ts +17 -0
  119. package/dist/node-esm/src/core/errors.d.ts +3 -1
  120. package/dist/node-esm/src/core/index.d.ts +25 -1
  121. package/dist/node-esm/src/model/auth.d.ts +7 -2
  122. package/dist/node-esm/src/model/password_policy.d.ts +111 -0
  123. package/dist/node-esm/src/model/public_types.d.ts +88 -0
  124. package/dist/node-esm/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  125. package/dist/node-esm/src/platform_node/index.d.ts +1 -0
  126. package/dist/node-esm/test/helpers/integration/helpers.d.ts +7 -1
  127. package/dist/node-esm/test/integration/flows/password_policy.test.d.ts +17 -0
  128. package/dist/node-esm/{totp-04ac595e.js → totp-8ca454e8.js} +554 -267
  129. package/dist/node-esm/totp-8ca454e8.js.map +1 -0
  130. package/dist/rn/index.js +2 -1
  131. package/dist/rn/index.js.map +1 -1
  132. package/dist/rn/internal.js +2 -1
  133. package/dist/rn/internal.js.map +1 -1
  134. package/dist/rn/{phone-2132481b.js → phone-14433b21.js} +734 -395
  135. package/dist/rn/phone-14433b21.js.map +1 -0
  136. package/dist/rn/src/api/errors.d.ts +2 -1
  137. package/dist/rn/src/api/index.d.ts +2 -1
  138. package/dist/rn/src/api/password_policy/get_password_policy.d.ts +48 -0
  139. package/dist/rn/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  140. package/dist/rn/src/core/auth/auth_impl.d.ts +8 -2
  141. package/dist/rn/src/core/auth/password_policy_impl.d.ts +59 -0
  142. package/dist/rn/src/core/auth/password_policy_impl.test.d.ts +17 -0
  143. package/dist/rn/src/core/errors.d.ts +3 -1
  144. package/dist/rn/src/core/index.d.ts +25 -1
  145. package/dist/rn/src/model/auth.d.ts +7 -2
  146. package/dist/rn/src/model/password_policy.d.ts +111 -0
  147. package/dist/rn/src/model/public_types.d.ts +88 -0
  148. package/dist/rn/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  149. package/dist/rn/src/platform_node/index.d.ts +1 -0
  150. package/dist/rn/test/helpers/integration/helpers.d.ts +7 -1
  151. package/dist/rn/test/integration/flows/password_policy.test.d.ts +17 -0
  152. package/dist/src/api/errors.d.ts +2 -1
  153. package/dist/src/api/index.d.ts +2 -1
  154. package/dist/src/api/password_policy/get_password_policy.d.ts +48 -0
  155. package/dist/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  156. package/dist/src/core/auth/auth_impl.d.ts +8 -2
  157. package/dist/src/core/auth/password_policy_impl.d.ts +59 -0
  158. package/dist/src/core/auth/password_policy_impl.test.d.ts +17 -0
  159. package/dist/src/core/errors.d.ts +3 -1
  160. package/dist/src/core/index.d.ts +25 -1
  161. package/dist/src/model/auth.d.ts +7 -2
  162. package/dist/src/model/password_policy.d.ts +111 -0
  163. package/dist/src/model/public_types.d.ts +88 -0
  164. package/dist/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  165. package/dist/src/platform_node/index.d.ts +1 -0
  166. package/dist/test/helpers/integration/helpers.d.ts +7 -1
  167. package/dist/test/integration/flows/password_policy.test.d.ts +17 -0
  168. package/package.json +1 -1
  169. package/dist/browser-cjs/index-0b2238be.js.map +0 -1
  170. package/dist/cordova/popup_redirect-71c1ff0a.js.map +0 -1
  171. package/dist/esm2017/index-e24386e7.js.map +0 -1
  172. package/dist/esm5/index-be7bff78.js.map +0 -1
  173. package/dist/node/totp-8a876b1a.js.map +0 -1
  174. package/dist/node-esm/totp-04ac595e.js.map +0 -1
  175. package/dist/rn/phone-2132481b.js.map +0 -1
@@ -1,7 +1,7 @@
1
1
  import { ErrorFactory, isBrowserExtension, isMobileCordova, isReactNative, FirebaseError, querystring, getModularInstance, base64Decode, getUA, isIE, createSubscribe, deepEqual, querystringDecode, extractQuerystring, isEmpty, getExperimentalSetting, getDefaultEmulatorHost } from '@firebase/util';
2
2
  import { SDK_VERSION, _getProvider, _registerComponent, registerVersion, getApp } from '@firebase/app';
3
- import { __rest } from 'tslib';
4
3
  import { Logger, LogLevel } from '@firebase/logger';
4
+ import { __rest } from 'tslib';
5
5
  import { Component } from '@firebase/component';
6
6
 
7
7
  /**
@@ -103,6 +103,50 @@ const ActionCodeOperation = {
103
103
  VERIFY_EMAIL: 'VERIFY_EMAIL'
104
104
  };
105
105
 
106
+ /**
107
+ * @license
108
+ * Copyright 2020 Google LLC
109
+ *
110
+ * Licensed under the Apache License, Version 2.0 (the "License");
111
+ * you may not use this file except in compliance with the License.
112
+ * You may obtain a copy of the License at
113
+ *
114
+ * http://www.apache.org/licenses/LICENSE-2.0
115
+ *
116
+ * Unless required by applicable law or agreed to in writing, software
117
+ * distributed under the License is distributed on an "AS IS" BASIS,
118
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
119
+ * See the License for the specific language governing permissions and
120
+ * limitations under the License.
121
+ */
122
+ function isV2(grecaptcha) {
123
+ return (grecaptcha !== undefined &&
124
+ grecaptcha.getResponse !== undefined);
125
+ }
126
+ function isEnterprise(grecaptcha) {
127
+ return (grecaptcha !== undefined &&
128
+ grecaptcha.enterprise !== undefined);
129
+ }
130
+ class RecaptchaConfig {
131
+ constructor(response) {
132
+ /**
133
+ * The reCAPTCHA site key.
134
+ */
135
+ this.siteKey = '';
136
+ /**
137
+ * The reCAPTCHA enablement status of the {@link EmailAuthProvider} for the current tenant.
138
+ */
139
+ this.emailPasswordEnabled = false;
140
+ if (response.recaptchaKey === undefined) {
141
+ throw new Error('recaptchaKey undefined');
142
+ }
143
+ // Example response.recaptchaKey: "projects/proj123/keys/sitekey123"
144
+ this.siteKey = response.recaptchaKey.split('/')[3];
145
+ this.emailPasswordEnabled = response.recaptchaEnforcementState.some(enforcementState => enforcementState.provider === 'EMAIL_PASSWORD_PROVIDER' &&
146
+ enforcementState.enforcementState !== 'OFF');
147
+ }
148
+ }
149
+
106
150
  /**
107
151
  * @license
108
152
  * Copyright 2020 Google LLC
@@ -273,7 +317,9 @@ function _debugErrorMap() {
273
317
  ["missing-client-type" /* AuthErrorCode.MISSING_CLIENT_TYPE */]: 'The reCAPTCHA client type is missing when sending request to the backend.',
274
318
  ["missing-recaptcha-version" /* AuthErrorCode.MISSING_RECAPTCHA_VERSION */]: 'The reCAPTCHA version is missing when sending request to the backend.',
275
319
  ["invalid-req-type" /* AuthErrorCode.INVALID_REQ_TYPE */]: 'Invalid request parameters.',
276
- ["invalid-recaptcha-version" /* AuthErrorCode.INVALID_RECAPTCHA_VERSION */]: 'The reCAPTCHA version is invalid when sending request to the backend.'
320
+ ["invalid-recaptcha-version" /* AuthErrorCode.INVALID_RECAPTCHA_VERSION */]: 'The reCAPTCHA version is invalid when sending request to the backend.',
321
+ ["unsupported-password-policy-schema-version" /* AuthErrorCode.UNSUPPORTED_PASSWORD_POLICY_SCHEMA_VERSION */]: 'The password policy received from the backend uses a schema version that is not supported by this version of the Firebase SDK.',
322
+ ["password-does-not-meet-requirements" /* AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */]: 'The password does not meet the requirements.'
277
323
  };
278
324
  }
279
325
  function _prodErrorMap() {
@@ -787,6 +833,7 @@ const SERVER_ERROR_MAP = {
787
833
  ["USER_NOT_FOUND" /* ServerError.USER_NOT_FOUND */]: "user-token-expired" /* AuthErrorCode.TOKEN_EXPIRED */,
788
834
  // Other errors.
789
835
  ["TOO_MANY_ATTEMPTS_TRY_LATER" /* ServerError.TOO_MANY_ATTEMPTS_TRY_LATER */]: "too-many-requests" /* AuthErrorCode.TOO_MANY_ATTEMPTS_TRY_LATER */,
836
+ ["PASSWORD_DOES_NOT_MEET_REQUIREMENTS" /* ServerError.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */]: "password-does-not-meet-requirements" /* AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */,
790
837
  // Phone Auth related errors.
791
838
  ["INVALID_CODE" /* ServerError.INVALID_CODE */]: "invalid-verification-code" /* AuthErrorCode.INVALID_CODE */,
792
839
  ["INVALID_SESSION_INFO" /* ServerError.INVALID_SESSION_INFO */]: "invalid-verification-id" /* AuthErrorCode.INVALID_SESSION_INFO */,
@@ -971,6 +1018,29 @@ function _makeTaggedError(auth, code, response) {
971
1018
  return error;
972
1019
  }
973
1020
 
1021
+ /**
1022
+ * @license
1023
+ * Copyright 2020 Google LLC
1024
+ *
1025
+ * Licensed under the Apache License, Version 2.0 (the "License");
1026
+ * you may not use this file except in compliance with the License.
1027
+ * You may obtain a copy of the License at
1028
+ *
1029
+ * http://www.apache.org/licenses/LICENSE-2.0
1030
+ *
1031
+ * Unless required by applicable law or agreed to in writing, software
1032
+ * distributed under the License is distributed on an "AS IS" BASIS,
1033
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1034
+ * See the License for the specific language governing permissions and
1035
+ * limitations under the License.
1036
+ */
1037
+ async function getRecaptchaParams(auth) {
1038
+ return ((await _performApiRequest(auth, "GET" /* HttpMethod.GET */, "/v1/recaptchaParams" /* Endpoint.GET_RECAPTCHA_PARAM */)).recaptchaSiteKey || '');
1039
+ }
1040
+ async function getRecaptchaConfig(auth, request) {
1041
+ return _performApiRequest(auth, "GET" /* HttpMethod.GET */, "/v2/recaptchaConfig" /* Endpoint.GET_RECAPTCHA_CONFIG */, _addTidIfNecessary(auth, request));
1042
+ }
1043
+
974
1044
  /**
975
1045
  * @license
976
1046
  * Copyright 2020 Google LLC
@@ -2093,7 +2163,7 @@ function _getClientVersion(clientPlatform, frameworks = []) {
2093
2163
 
2094
2164
  /**
2095
2165
  * @license
2096
- * Copyright 2020 Google LLC
2166
+ * Copyright 2022 Google LLC
2097
2167
  *
2098
2168
  * Licensed under the Apache License, Version 2.0 (the "License");
2099
2169
  * you may not use this file except in compliance with the License.
@@ -2107,16 +2177,74 @@ function _getClientVersion(clientPlatform, frameworks = []) {
2107
2177
  * See the License for the specific language governing permissions and
2108
2178
  * limitations under the License.
2109
2179
  */
2110
- async function getRecaptchaParams(auth) {
2111
- return ((await _performApiRequest(auth, "GET" /* HttpMethod.GET */, "/v1/recaptchaParams" /* Endpoint.GET_RECAPTCHA_PARAM */)).recaptchaSiteKey || '');
2112
- }
2113
- async function getRecaptchaConfig(auth, request) {
2114
- return _performApiRequest(auth, "GET" /* HttpMethod.GET */, "/v2/recaptchaConfig" /* Endpoint.GET_RECAPTCHA_CONFIG */, _addTidIfNecessary(auth, request));
2180
+ class AuthMiddlewareQueue {
2181
+ constructor(auth) {
2182
+ this.auth = auth;
2183
+ this.queue = [];
2184
+ }
2185
+ pushCallback(callback, onAbort) {
2186
+ // The callback could be sync or async. Wrap it into a
2187
+ // function that is always async.
2188
+ const wrappedCallback = (user) => new Promise((resolve, reject) => {
2189
+ try {
2190
+ const result = callback(user);
2191
+ // Either resolve with existing promise or wrap a non-promise
2192
+ // return value into a promise.
2193
+ resolve(result);
2194
+ }
2195
+ catch (e) {
2196
+ // Sync callback throws.
2197
+ reject(e);
2198
+ }
2199
+ });
2200
+ // Attach the onAbort if present
2201
+ wrappedCallback.onAbort = onAbort;
2202
+ this.queue.push(wrappedCallback);
2203
+ const index = this.queue.length - 1;
2204
+ return () => {
2205
+ // Unsubscribe. Replace with no-op. Do not remove from array, or it will disturb
2206
+ // indexing of other elements.
2207
+ this.queue[index] = () => Promise.resolve();
2208
+ };
2209
+ }
2210
+ async runMiddleware(nextUser) {
2211
+ if (this.auth.currentUser === nextUser) {
2212
+ return;
2213
+ }
2214
+ // While running the middleware, build a temporary stack of onAbort
2215
+ // callbacks to call if one middleware callback rejects.
2216
+ const onAbortStack = [];
2217
+ try {
2218
+ for (const beforeStateCallback of this.queue) {
2219
+ await beforeStateCallback(nextUser);
2220
+ // Only push the onAbort if the callback succeeds
2221
+ if (beforeStateCallback.onAbort) {
2222
+ onAbortStack.push(beforeStateCallback.onAbort);
2223
+ }
2224
+ }
2225
+ }
2226
+ catch (e) {
2227
+ // Run all onAbort, with separate try/catch to ignore any errors and
2228
+ // continue
2229
+ onAbortStack.reverse();
2230
+ for (const onAbort of onAbortStack) {
2231
+ try {
2232
+ onAbort();
2233
+ }
2234
+ catch (_) {
2235
+ /* swallow error */
2236
+ }
2237
+ }
2238
+ throw this.auth._errorFactory.create("login-blocked" /* AuthErrorCode.LOGIN_BLOCKED */, {
2239
+ originalMessage: e === null || e === void 0 ? void 0 : e.message
2240
+ });
2241
+ }
2242
+ }
2115
2243
  }
2116
2244
 
2117
2245
  /**
2118
2246
  * @license
2119
- * Copyright 2020 Google LLC
2247
+ * Copyright 2023 Google LLC
2120
2248
  *
2121
2249
  * Licensed under the Apache License, Version 2.0 (the "License");
2122
2250
  * you may not use this file except in compliance with the License.
@@ -2130,37 +2258,20 @@ async function getRecaptchaConfig(auth, request) {
2130
2258
  * See the License for the specific language governing permissions and
2131
2259
  * limitations under the License.
2132
2260
  */
2133
- function isV2(grecaptcha) {
2134
- return (grecaptcha !== undefined &&
2135
- grecaptcha.getResponse !== undefined);
2136
- }
2137
- function isEnterprise(grecaptcha) {
2138
- return (grecaptcha !== undefined &&
2139
- grecaptcha.enterprise !== undefined);
2140
- }
2141
- class RecaptchaConfig {
2142
- constructor(response) {
2143
- /**
2144
- * The reCAPTCHA site key.
2145
- */
2146
- this.siteKey = '';
2147
- /**
2148
- * The reCAPTCHA enablement status of the {@link EmailAuthProvider} for the current tenant.
2149
- */
2150
- this.emailPasswordEnabled = false;
2151
- if (response.recaptchaKey === undefined) {
2152
- throw new Error('recaptchaKey undefined');
2153
- }
2154
- // Example response.recaptchaKey: "projects/proj123/keys/sitekey123"
2155
- this.siteKey = response.recaptchaKey.split('/')[3];
2156
- this.emailPasswordEnabled = response.recaptchaEnforcementState.some(enforcementState => enforcementState.provider === 'EMAIL_PASSWORD_PROVIDER' &&
2157
- enforcementState.enforcementState !== 'OFF');
2158
- }
2261
+ /**
2262
+ * Fetches the password policy for the currently set tenant or the project if no tenant is set.
2263
+ *
2264
+ * @param auth Auth object.
2265
+ * @param request Password policy request.
2266
+ * @returns Password policy response.
2267
+ */
2268
+ async function _getPasswordPolicy(auth, request = {}) {
2269
+ return _performApiRequest(auth, "GET" /* HttpMethod.GET */, "/v2/passwordPolicy" /* Endpoint.GET_PASSWORD_POLICY */, _addTidIfNecessary(auth, request));
2159
2270
  }
2160
2271
 
2161
2272
  /**
2162
2273
  * @license
2163
- * Copyright 2020 Google LLC
2274
+ * Copyright 2023 Google LLC
2164
2275
  *
2165
2276
  * Licensed under the Apache License, Version 2.0 (the "License");
2166
2277
  * you may not use this file except in compliance with the License.
@@ -2174,232 +2285,135 @@ class RecaptchaConfig {
2174
2285
  * See the License for the specific language governing permissions and
2175
2286
  * limitations under the License.
2176
2287
  */
2177
- function getScriptParentElement() {
2178
- var _a, _b;
2179
- return (_b = (_a = document.getElementsByTagName('head')) === null || _a === void 0 ? void 0 : _a[0]) !== null && _b !== void 0 ? _b : document;
2180
- }
2181
- function _loadJS(url) {
2182
- // TODO: consider adding timeout support & cancellation
2183
- return new Promise((resolve, reject) => {
2184
- const el = document.createElement('script');
2185
- el.setAttribute('src', url);
2186
- el.onload = resolve;
2187
- el.onerror = e => {
2188
- const error = _createError("internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
2189
- error.customData = e;
2190
- reject(error);
2288
+ // Minimum min password length enforced by the backend, even if no minimum length is set.
2289
+ const MINIMUM_MIN_PASSWORD_LENGTH = 6;
2290
+ /**
2291
+ * Stores password policy requirements and provides password validation against the policy.
2292
+ *
2293
+ * @internal
2294
+ */
2295
+ class PasswordPolicyImpl {
2296
+ constructor(response) {
2297
+ var _a, _b, _c, _d;
2298
+ // Only include custom strength options defined in the response.
2299
+ const responseOptions = response.customStrengthOptions;
2300
+ this.customStrengthOptions = {};
2301
+ // TODO: Remove once the backend is updated to include the minimum min password length instead of undefined when there is no minimum length set.
2302
+ this.customStrengthOptions.minPasswordLength =
2303
+ (_a = responseOptions.minPasswordLength) !== null && _a !== void 0 ? _a : MINIMUM_MIN_PASSWORD_LENGTH;
2304
+ if (responseOptions.maxPasswordLength) {
2305
+ this.customStrengthOptions.maxPasswordLength =
2306
+ responseOptions.maxPasswordLength;
2307
+ }
2308
+ if (responseOptions.containsLowercaseCharacter !== undefined) {
2309
+ this.customStrengthOptions.containsLowercaseLetter =
2310
+ responseOptions.containsLowercaseCharacter;
2311
+ }
2312
+ if (responseOptions.containsUppercaseCharacter !== undefined) {
2313
+ this.customStrengthOptions.containsUppercaseLetter =
2314
+ responseOptions.containsUppercaseCharacter;
2315
+ }
2316
+ if (responseOptions.containsNumericCharacter !== undefined) {
2317
+ this.customStrengthOptions.containsNumericCharacter =
2318
+ responseOptions.containsNumericCharacter;
2319
+ }
2320
+ if (responseOptions.containsNonAlphanumericCharacter !== undefined) {
2321
+ this.customStrengthOptions.containsNonAlphanumericCharacter =
2322
+ responseOptions.containsNonAlphanumericCharacter;
2323
+ }
2324
+ this.enforcementState = response.enforcementState;
2325
+ if (this.enforcementState === 'ENFORCEMENT_STATE_UNSPECIFIED') {
2326
+ this.enforcementState = 'OFF';
2327
+ }
2328
+ // Use an empty string if no non-alphanumeric characters are specified in the response.
2329
+ this.allowedNonAlphanumericCharacters =
2330
+ (_c = (_b = response.allowedNonAlphanumericCharacters) === null || _b === void 0 ? void 0 : _b.join('')) !== null && _c !== void 0 ? _c : '';
2331
+ this.forceUpgradeOnSignin = (_d = response.forceUpgradeOnSignin) !== null && _d !== void 0 ? _d : false;
2332
+ this.schemaVersion = response.schemaVersion;
2333
+ }
2334
+ validatePassword(password) {
2335
+ var _a, _b, _c, _d, _e, _f;
2336
+ const status = {
2337
+ isValid: true,
2338
+ passwordPolicy: this
2191
2339
  };
2192
- el.type = 'text/javascript';
2193
- el.charset = 'UTF-8';
2194
- getScriptParentElement().appendChild(el);
2195
- });
2196
- }
2197
- function _generateCallbackName(prefix) {
2198
- return `__${prefix}${Math.floor(Math.random() * 1000000)}`;
2199
- }
2200
-
2201
- /* eslint-disable @typescript-eslint/no-require-imports */
2202
- const RECAPTCHA_ENTERPRISE_URL = 'https://www.google.com/recaptcha/enterprise.js?render=';
2203
- const RECAPTCHA_ENTERPRISE_VERIFIER_TYPE = 'recaptcha-enterprise';
2204
- const FAKE_TOKEN = 'NO_RECAPTCHA';
2205
- class RecaptchaEnterpriseVerifier {
2206
- /**
2207
- *
2208
- * @param authExtern - The corresponding Firebase {@link Auth} instance.
2209
- *
2210
- */
2211
- constructor(authExtern) {
2212
- /**
2213
- * Identifies the type of application verifier (e.g. "recaptcha-enterprise").
2214
- */
2215
- this.type = RECAPTCHA_ENTERPRISE_VERIFIER_TYPE;
2216
- this.auth = _castAuth(authExtern);
2340
+ // Check the password length and character options.
2341
+ this.validatePasswordLengthOptions(password, status);
2342
+ this.validatePasswordCharacterOptions(password, status);
2343
+ // Combine the status into single isValid property.
2344
+ status.isValid && (status.isValid = (_a = status.meetsMinPasswordLength) !== null && _a !== void 0 ? _a : true);
2345
+ status.isValid && (status.isValid = (_b = status.meetsMaxPasswordLength) !== null && _b !== void 0 ? _b : true);
2346
+ status.isValid && (status.isValid = (_c = status.containsLowercaseLetter) !== null && _c !== void 0 ? _c : true);
2347
+ status.isValid && (status.isValid = (_d = status.containsUppercaseLetter) !== null && _d !== void 0 ? _d : true);
2348
+ status.isValid && (status.isValid = (_e = status.containsNumericCharacter) !== null && _e !== void 0 ? _e : true);
2349
+ status.isValid && (status.isValid = (_f = status.containsNonAlphanumericCharacter) !== null && _f !== void 0 ? _f : true);
2350
+ return status;
2217
2351
  }
2218
2352
  /**
2219
- * Executes the verification process.
2353
+ * Validates that the password meets the length options for the policy.
2220
2354
  *
2221
- * @returns A Promise for a token that can be used to assert the validity of a request.
2355
+ * @param password Password to validate.
2356
+ * @param status Validation status.
2222
2357
  */
2223
- async verify(action = 'verify', forceRefresh = false) {
2224
- async function retrieveSiteKey(auth) {
2225
- if (!forceRefresh) {
2226
- if (auth.tenantId == null && auth._agentRecaptchaConfig != null) {
2227
- return auth._agentRecaptchaConfig.siteKey;
2228
- }
2229
- if (auth.tenantId != null &&
2230
- auth._tenantRecaptchaConfigs[auth.tenantId] !== undefined) {
2231
- return auth._tenantRecaptchaConfigs[auth.tenantId].siteKey;
2232
- }
2233
- }
2234
- return new Promise(async (resolve, reject) => {
2235
- getRecaptchaConfig(auth, {
2236
- clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */,
2237
- version: "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
2238
- })
2239
- .then(response => {
2240
- if (response.recaptchaKey === undefined) {
2241
- reject(new Error('recaptcha Enterprise site key undefined'));
2242
- }
2243
- else {
2244
- const config = new RecaptchaConfig(response);
2245
- if (auth.tenantId == null) {
2246
- auth._agentRecaptchaConfig = config;
2247
- }
2248
- else {
2249
- auth._tenantRecaptchaConfigs[auth.tenantId] = config;
2250
- }
2251
- return resolve(config.siteKey);
2252
- }
2253
- })
2254
- .catch(error => {
2255
- reject(error);
2256
- });
2257
- });
2358
+ validatePasswordLengthOptions(password, status) {
2359
+ const minPasswordLength = this.customStrengthOptions.minPasswordLength;
2360
+ const maxPasswordLength = this.customStrengthOptions.maxPasswordLength;
2361
+ if (minPasswordLength) {
2362
+ status.meetsMinPasswordLength = password.length >= minPasswordLength;
2258
2363
  }
2259
- function retrieveRecaptchaToken(siteKey, resolve, reject) {
2260
- const grecaptcha = window.grecaptcha;
2261
- if (isEnterprise(grecaptcha)) {
2262
- grecaptcha.enterprise.ready(() => {
2263
- grecaptcha.enterprise
2264
- .execute(siteKey, { action })
2265
- .then(token => {
2266
- resolve(token);
2267
- })
2268
- .catch(() => {
2269
- resolve(FAKE_TOKEN);
2270
- });
2271
- });
2272
- }
2273
- else {
2274
- reject(Error('No reCAPTCHA enterprise script loaded.'));
2275
- }
2364
+ if (maxPasswordLength) {
2365
+ status.meetsMaxPasswordLength = password.length <= maxPasswordLength;
2276
2366
  }
2277
- return new Promise((resolve, reject) => {
2278
- retrieveSiteKey(this.auth)
2279
- .then(siteKey => {
2280
- if (!forceRefresh && isEnterprise(window.grecaptcha)) {
2281
- retrieveRecaptchaToken(siteKey, resolve, reject);
2282
- }
2283
- else {
2284
- if (typeof window === 'undefined') {
2285
- reject(new Error('RecaptchaVerifier is only supported in browser'));
2286
- return;
2287
- }
2288
- _loadJS(RECAPTCHA_ENTERPRISE_URL + siteKey)
2289
- .then(() => {
2290
- retrieveRecaptchaToken(siteKey, resolve, reject);
2291
- })
2292
- .catch(error => {
2293
- reject(error);
2294
- });
2295
- }
2296
- })
2297
- .catch(error => {
2298
- reject(error);
2299
- });
2300
- });
2301
- }
2302
- }
2303
- async function injectRecaptchaFields(auth, request, action, captchaResp = false) {
2304
- const verifier = new RecaptchaEnterpriseVerifier(auth);
2305
- let captchaResponse;
2306
- try {
2307
- captchaResponse = await verifier.verify(action);
2308
- }
2309
- catch (error) {
2310
- captchaResponse = await verifier.verify(action, true);
2311
- }
2312
- const newRequest = Object.assign({}, request);
2313
- if (!captchaResp) {
2314
- Object.assign(newRequest, { captchaResponse });
2315
- }
2316
- else {
2317
- Object.assign(newRequest, { 'captchaResp': captchaResponse });
2318
- }
2319
- Object.assign(newRequest, { 'clientType': "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */ });
2320
- Object.assign(newRequest, {
2321
- 'recaptchaVersion': "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
2322
- });
2323
- return newRequest;
2324
- }
2325
-
2326
- /**
2327
- * @license
2328
- * Copyright 2022 Google LLC
2329
- *
2330
- * Licensed under the Apache License, Version 2.0 (the "License");
2331
- * you may not use this file except in compliance with the License.
2332
- * You may obtain a copy of the License at
2333
- *
2334
- * http://www.apache.org/licenses/LICENSE-2.0
2335
- *
2336
- * Unless required by applicable law or agreed to in writing, software
2337
- * distributed under the License is distributed on an "AS IS" BASIS,
2338
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
2339
- * See the License for the specific language governing permissions and
2340
- * limitations under the License.
2341
- */
2342
- class AuthMiddlewareQueue {
2343
- constructor(auth) {
2344
- this.auth = auth;
2345
- this.queue = [];
2346
- }
2347
- pushCallback(callback, onAbort) {
2348
- // The callback could be sync or async. Wrap it into a
2349
- // function that is always async.
2350
- const wrappedCallback = (user) => new Promise((resolve, reject) => {
2351
- try {
2352
- const result = callback(user);
2353
- // Either resolve with existing promise or wrap a non-promise
2354
- // return value into a promise.
2355
- resolve(result);
2356
- }
2357
- catch (e) {
2358
- // Sync callback throws.
2359
- reject(e);
2360
- }
2361
- });
2362
- // Attach the onAbort if present
2363
- wrappedCallback.onAbort = onAbort;
2364
- this.queue.push(wrappedCallback);
2365
- const index = this.queue.length - 1;
2366
- return () => {
2367
- // Unsubscribe. Replace with no-op. Do not remove from array, or it will disturb
2368
- // indexing of other elements.
2369
- this.queue[index] = () => Promise.resolve();
2370
- };
2371
2367
  }
2372
- async runMiddleware(nextUser) {
2373
- if (this.auth.currentUser === nextUser) {
2374
- return;
2368
+ /**
2369
+ * Validates that the password meets the character options for the policy.
2370
+ *
2371
+ * @param password Password to validate.
2372
+ * @param status Validation status.
2373
+ */
2374
+ validatePasswordCharacterOptions(password, status) {
2375
+ // Assign statuses for requirements even if the password is an empty string.
2376
+ this.updatePasswordCharacterOptionsStatuses(status,
2377
+ /* containsLowercaseCharacter= */ false,
2378
+ /* containsUppercaseCharacter= */ false,
2379
+ /* containsNumericCharacter= */ false,
2380
+ /* containsNonAlphanumericCharacter= */ false);
2381
+ let passwordChar;
2382
+ for (let i = 0; i < password.length; i++) {
2383
+ passwordChar = password.charAt(i);
2384
+ this.updatePasswordCharacterOptionsStatuses(status,
2385
+ /* containsLowercaseCharacter= */ passwordChar >= 'a' &&
2386
+ passwordChar <= 'z',
2387
+ /* containsUppercaseCharacter= */ passwordChar >= 'A' &&
2388
+ passwordChar <= 'Z',
2389
+ /* containsNumericCharacter= */ passwordChar >= '0' &&
2390
+ passwordChar <= '9',
2391
+ /* containsNonAlphanumericCharacter= */ this.allowedNonAlphanumericCharacters.includes(passwordChar));
2375
2392
  }
2376
- // While running the middleware, build a temporary stack of onAbort
2377
- // callbacks to call if one middleware callback rejects.
2378
- const onAbortStack = [];
2379
- try {
2380
- for (const beforeStateCallback of this.queue) {
2381
- await beforeStateCallback(nextUser);
2382
- // Only push the onAbort if the callback succeeds
2383
- if (beforeStateCallback.onAbort) {
2384
- onAbortStack.push(beforeStateCallback.onAbort);
2385
- }
2386
- }
2393
+ }
2394
+ /**
2395
+ * Updates the running validation status with the statuses for the character options.
2396
+ * Expected to be called each time a character is processed to update each option status
2397
+ * based on the current character.
2398
+ *
2399
+ * @param status Validation status.
2400
+ * @param containsLowercaseCharacter Whether the character is a lowercase letter.
2401
+ * @param containsUppercaseCharacter Whether the character is an uppercase letter.
2402
+ * @param containsNumericCharacter Whether the character is a numeric character.
2403
+ * @param containsNonAlphanumericCharacter Whether the character is a non-alphanumeric character.
2404
+ */
2405
+ updatePasswordCharacterOptionsStatuses(status, containsLowercaseCharacter, containsUppercaseCharacter, containsNumericCharacter, containsNonAlphanumericCharacter) {
2406
+ if (this.customStrengthOptions.containsLowercaseLetter) {
2407
+ status.containsLowercaseLetter || (status.containsLowercaseLetter = containsLowercaseCharacter);
2387
2408
  }
2388
- catch (e) {
2389
- // Run all onAbort, with separate try/catch to ignore any errors and
2390
- // continue
2391
- onAbortStack.reverse();
2392
- for (const onAbort of onAbortStack) {
2393
- try {
2394
- onAbort();
2395
- }
2396
- catch (_) {
2397
- /* swallow error */
2398
- }
2399
- }
2400
- throw this.auth._errorFactory.create("login-blocked" /* AuthErrorCode.LOGIN_BLOCKED */, {
2401
- originalMessage: e === null || e === void 0 ? void 0 : e.message
2402
- });
2409
+ if (this.customStrengthOptions.containsUppercaseLetter) {
2410
+ status.containsUppercaseLetter || (status.containsUppercaseLetter = containsUppercaseCharacter);
2411
+ }
2412
+ if (this.customStrengthOptions.containsNumericCharacter) {
2413
+ status.containsNumericCharacter || (status.containsNumericCharacter = containsNumericCharacter);
2414
+ }
2415
+ if (this.customStrengthOptions.containsNonAlphanumericCharacter) {
2416
+ status.containsNonAlphanumericCharacter || (status.containsNonAlphanumericCharacter = containsNonAlphanumericCharacter);
2403
2417
  }
2404
2418
  }
2405
2419
  }
@@ -2434,6 +2448,7 @@ class AuthImpl {
2434
2448
  this.beforeStateQueue = new AuthMiddlewareQueue(this);
2435
2449
  this.redirectUser = null;
2436
2450
  this.isProactiveRefreshEnabled = false;
2451
+ this.EXPECTED_PASSWORD_POLICY_SCHEMA_VERSION = 1;
2437
2452
  // Any network calls will set this to true and prevent subsequent emulator
2438
2453
  // initialization
2439
2454
  this._canInitEmulator = true;
@@ -2444,6 +2459,8 @@ class AuthImpl {
2444
2459
  this._errorFactory = _DEFAULT_AUTH_ERROR_FACTORY;
2445
2460
  this._agentRecaptchaConfig = null;
2446
2461
  this._tenantRecaptchaConfigs = {};
2462
+ this._projectPasswordPolicy = null;
2463
+ this._tenantPasswordPolicies = {};
2447
2464
  // Tracks the last notified UID for state change listeners to prevent
2448
2465
  // repeated calls to the callbacks. Undefined means it's never been
2449
2466
  // called, whereas null means it's been called with a signed out user
@@ -2663,29 +2680,44 @@ class AuthImpl {
2663
2680
  await this.assertedPersistence.setPersistence(_getInstance(persistence));
2664
2681
  });
2665
2682
  }
2666
- async initializeRecaptchaConfig() {
2667
- const response = await getRecaptchaConfig(this, {
2668
- clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */,
2669
- version: "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
2670
- });
2671
- const config = new RecaptchaConfig(response);
2683
+ _getRecaptchaConfig() {
2672
2684
  if (this.tenantId == null) {
2673
- this._agentRecaptchaConfig = config;
2685
+ return this._agentRecaptchaConfig;
2674
2686
  }
2675
2687
  else {
2676
- this._tenantRecaptchaConfigs[this.tenantId] = config;
2688
+ return this._tenantRecaptchaConfigs[this.tenantId];
2677
2689
  }
2678
- if (config.emailPasswordEnabled) {
2679
- const verifier = new RecaptchaEnterpriseVerifier(this);
2680
- void verifier.verify();
2690
+ }
2691
+ async validatePassword(password) {
2692
+ if (!this._getPasswordPolicyInternal()) {
2693
+ await this._updatePasswordPolicy();
2694
+ }
2695
+ // Password policy will be defined after fetching.
2696
+ const passwordPolicy = this._getPasswordPolicyInternal();
2697
+ // Check that the policy schema version is supported by the SDK.
2698
+ // TODO: Update this logic to use a max supported policy schema version once we have multiple schema versions.
2699
+ if (passwordPolicy.schemaVersion !==
2700
+ this.EXPECTED_PASSWORD_POLICY_SCHEMA_VERSION) {
2701
+ return Promise.reject(this._errorFactory.create("unsupported-password-policy-schema-version" /* AuthErrorCode.UNSUPPORTED_PASSWORD_POLICY_SCHEMA_VERSION */, {}));
2681
2702
  }
2703
+ return passwordPolicy.validatePassword(password);
2682
2704
  }
2683
- _getRecaptchaConfig() {
2684
- if (this.tenantId == null) {
2685
- return this._agentRecaptchaConfig;
2705
+ _getPasswordPolicyInternal() {
2706
+ if (this.tenantId === null) {
2707
+ return this._projectPasswordPolicy;
2686
2708
  }
2687
2709
  else {
2688
- return this._tenantRecaptchaConfigs[this.tenantId];
2710
+ return this._tenantPasswordPolicies[this.tenantId];
2711
+ }
2712
+ }
2713
+ async _updatePasswordPolicy() {
2714
+ const response = await _getPasswordPolicy(this);
2715
+ const passwordPolicy = new PasswordPolicyImpl(response);
2716
+ if (this.tenantId === null) {
2717
+ this._projectPasswordPolicy = passwordPolicy;
2718
+ }
2719
+ else {
2720
+ this._tenantPasswordPolicies[this.tenantId] = passwordPolicy;
2689
2721
  }
2690
2722
  }
2691
2723
  _getPersistence() {
@@ -2806,18 +2838,32 @@ class AuthImpl {
2806
2838
  const cb = typeof nextOrObserver === 'function'
2807
2839
  ? nextOrObserver
2808
2840
  : nextOrObserver.next.bind(nextOrObserver);
2841
+ let isUnsubscribed = false;
2809
2842
  const promise = this._isInitialized
2810
2843
  ? Promise.resolve()
2811
2844
  : this._initializationPromise;
2812
2845
  _assert(promise, this, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
2813
2846
  // The callback needs to be called asynchronously per the spec.
2814
2847
  // eslint-disable-next-line @typescript-eslint/no-floating-promises
2815
- promise.then(() => cb(this.currentUser));
2848
+ promise.then(() => {
2849
+ if (isUnsubscribed) {
2850
+ return;
2851
+ }
2852
+ cb(this.currentUser);
2853
+ });
2816
2854
  if (typeof nextOrObserver === 'function') {
2817
- return subscription.addObserver(nextOrObserver, error, completed);
2855
+ const unsubscribe = subscription.addObserver(nextOrObserver, error, completed);
2856
+ return () => {
2857
+ isUnsubscribed = true;
2858
+ unsubscribe();
2859
+ };
2818
2860
  }
2819
2861
  else {
2820
- return subscription.addObserver(nextOrObserver);
2862
+ const unsubscribe = subscription.addObserver(nextOrObserver);
2863
+ return () => {
2864
+ isUnsubscribed = true;
2865
+ unsubscribe();
2866
+ };
2821
2867
  }
2822
2868
  }
2823
2869
  /**
@@ -2923,6 +2969,189 @@ class Subscription {
2923
2969
  }
2924
2970
  }
2925
2971
 
2972
+ /**
2973
+ * @license
2974
+ * Copyright 2020 Google LLC
2975
+ *
2976
+ * Licensed under the Apache License, Version 2.0 (the "License");
2977
+ * you may not use this file except in compliance with the License.
2978
+ * You may obtain a copy of the License at
2979
+ *
2980
+ * http://www.apache.org/licenses/LICENSE-2.0
2981
+ *
2982
+ * Unless required by applicable law or agreed to in writing, software
2983
+ * distributed under the License is distributed on an "AS IS" BASIS,
2984
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
2985
+ * See the License for the specific language governing permissions and
2986
+ * limitations under the License.
2987
+ */
2988
+ function getScriptParentElement() {
2989
+ var _a, _b;
2990
+ return (_b = (_a = document.getElementsByTagName('head')) === null || _a === void 0 ? void 0 : _a[0]) !== null && _b !== void 0 ? _b : document;
2991
+ }
2992
+ function _loadJS(url) {
2993
+ // TODO: consider adding timeout support & cancellation
2994
+ return new Promise((resolve, reject) => {
2995
+ const el = document.createElement('script');
2996
+ el.setAttribute('src', url);
2997
+ el.onload = resolve;
2998
+ el.onerror = e => {
2999
+ const error = _createError("internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
3000
+ error.customData = e;
3001
+ reject(error);
3002
+ };
3003
+ el.type = 'text/javascript';
3004
+ el.charset = 'UTF-8';
3005
+ getScriptParentElement().appendChild(el);
3006
+ });
3007
+ }
3008
+ function _generateCallbackName(prefix) {
3009
+ return `__${prefix}${Math.floor(Math.random() * 1000000)}`;
3010
+ }
3011
+
3012
+ /* eslint-disable @typescript-eslint/no-require-imports */
3013
+ const RECAPTCHA_ENTERPRISE_URL = 'https://www.google.com/recaptcha/enterprise.js?render=';
3014
+ const RECAPTCHA_ENTERPRISE_VERIFIER_TYPE = 'recaptcha-enterprise';
3015
+ const FAKE_TOKEN = 'NO_RECAPTCHA';
3016
+ class RecaptchaEnterpriseVerifier {
3017
+ /**
3018
+ *
3019
+ * @param authExtern - The corresponding Firebase {@link Auth} instance.
3020
+ *
3021
+ */
3022
+ constructor(authExtern) {
3023
+ /**
3024
+ * Identifies the type of application verifier (e.g. "recaptcha-enterprise").
3025
+ */
3026
+ this.type = RECAPTCHA_ENTERPRISE_VERIFIER_TYPE;
3027
+ this.auth = _castAuth(authExtern);
3028
+ }
3029
+ /**
3030
+ * Executes the verification process.
3031
+ *
3032
+ * @returns A Promise for a token that can be used to assert the validity of a request.
3033
+ */
3034
+ async verify(action = 'verify', forceRefresh = false) {
3035
+ async function retrieveSiteKey(auth) {
3036
+ if (!forceRefresh) {
3037
+ if (auth.tenantId == null && auth._agentRecaptchaConfig != null) {
3038
+ return auth._agentRecaptchaConfig.siteKey;
3039
+ }
3040
+ if (auth.tenantId != null &&
3041
+ auth._tenantRecaptchaConfigs[auth.tenantId] !== undefined) {
3042
+ return auth._tenantRecaptchaConfigs[auth.tenantId].siteKey;
3043
+ }
3044
+ }
3045
+ return new Promise(async (resolve, reject) => {
3046
+ getRecaptchaConfig(auth, {
3047
+ clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */,
3048
+ version: "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
3049
+ })
3050
+ .then(response => {
3051
+ if (response.recaptchaKey === undefined) {
3052
+ reject(new Error('recaptcha Enterprise site key undefined'));
3053
+ }
3054
+ else {
3055
+ const config = new RecaptchaConfig(response);
3056
+ if (auth.tenantId == null) {
3057
+ auth._agentRecaptchaConfig = config;
3058
+ }
3059
+ else {
3060
+ auth._tenantRecaptchaConfigs[auth.tenantId] = config;
3061
+ }
3062
+ return resolve(config.siteKey);
3063
+ }
3064
+ })
3065
+ .catch(error => {
3066
+ reject(error);
3067
+ });
3068
+ });
3069
+ }
3070
+ function retrieveRecaptchaToken(siteKey, resolve, reject) {
3071
+ const grecaptcha = window.grecaptcha;
3072
+ if (isEnterprise(grecaptcha)) {
3073
+ grecaptcha.enterprise.ready(() => {
3074
+ grecaptcha.enterprise
3075
+ .execute(siteKey, { action })
3076
+ .then(token => {
3077
+ resolve(token);
3078
+ })
3079
+ .catch(() => {
3080
+ resolve(FAKE_TOKEN);
3081
+ });
3082
+ });
3083
+ }
3084
+ else {
3085
+ reject(Error('No reCAPTCHA enterprise script loaded.'));
3086
+ }
3087
+ }
3088
+ return new Promise((resolve, reject) => {
3089
+ retrieveSiteKey(this.auth)
3090
+ .then(siteKey => {
3091
+ if (!forceRefresh && isEnterprise(window.grecaptcha)) {
3092
+ retrieveRecaptchaToken(siteKey, resolve, reject);
3093
+ }
3094
+ else {
3095
+ if (typeof window === 'undefined') {
3096
+ reject(new Error('RecaptchaVerifier is only supported in browser'));
3097
+ return;
3098
+ }
3099
+ _loadJS(RECAPTCHA_ENTERPRISE_URL + siteKey)
3100
+ .then(() => {
3101
+ retrieveRecaptchaToken(siteKey, resolve, reject);
3102
+ })
3103
+ .catch(error => {
3104
+ reject(error);
3105
+ });
3106
+ }
3107
+ })
3108
+ .catch(error => {
3109
+ reject(error);
3110
+ });
3111
+ });
3112
+ }
3113
+ }
3114
+ async function injectRecaptchaFields(auth, request, action, captchaResp = false) {
3115
+ const verifier = new RecaptchaEnterpriseVerifier(auth);
3116
+ let captchaResponse;
3117
+ try {
3118
+ captchaResponse = await verifier.verify(action);
3119
+ }
3120
+ catch (error) {
3121
+ captchaResponse = await verifier.verify(action, true);
3122
+ }
3123
+ const newRequest = Object.assign({}, request);
3124
+ if (!captchaResp) {
3125
+ Object.assign(newRequest, { captchaResponse });
3126
+ }
3127
+ else {
3128
+ Object.assign(newRequest, { 'captchaResp': captchaResponse });
3129
+ }
3130
+ Object.assign(newRequest, { 'clientType': "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */ });
3131
+ Object.assign(newRequest, {
3132
+ 'recaptchaVersion': "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
3133
+ });
3134
+ return newRequest;
3135
+ }
3136
+ async function _initializeRecaptchaConfig(auth) {
3137
+ const authInternal = _castAuth(auth);
3138
+ const response = await getRecaptchaConfig(authInternal, {
3139
+ clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */,
3140
+ version: "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
3141
+ });
3142
+ const config = new RecaptchaConfig(response);
3143
+ if (authInternal.tenantId == null) {
3144
+ authInternal._agentRecaptchaConfig = config;
3145
+ }
3146
+ else {
3147
+ authInternal._tenantRecaptchaConfigs[authInternal.tenantId] = config;
3148
+ }
3149
+ if (config.emailPasswordEnabled) {
3150
+ const verifier = new RecaptchaEnterpriseVerifier(authInternal);
3151
+ void verifier.verify();
3152
+ }
3153
+ }
3154
+
2926
3155
  /**
2927
3156
  * @license
2928
3157
  * Copyright 2020 Google LLC
@@ -5280,6 +5509,25 @@ function _setActionCodeSettingsOnRequest(auth, request, actionCodeSettings) {
5280
5509
  * See the License for the specific language governing permissions and
5281
5510
  * limitations under the License.
5282
5511
  */
5512
+ /**
5513
+ * Updates the password policy cached in the {@link Auth} instance if a policy is already
5514
+ * cached for the project or tenant.
5515
+ *
5516
+ * @remarks
5517
+ * We only fetch the password policy if the password did not meet policy requirements and
5518
+ * there is an existing policy cached. A developer must call validatePassword at least
5519
+ * once for the cache to be automatically updated.
5520
+ *
5521
+ * @param auth - The {@link Auth} instance.
5522
+ *
5523
+ * @private
5524
+ */
5525
+ async function recachePasswordPolicy(auth) {
5526
+ const authInternal = _castAuth(auth);
5527
+ if (authInternal._getPasswordPolicyInternal()) {
5528
+ await authInternal._updatePasswordPolicy();
5529
+ }
5530
+ }
5283
5531
  /**
5284
5532
  * Sends a password reset email to the given email address.
5285
5533
  *
@@ -5360,6 +5608,13 @@ async function confirmPasswordReset(auth, oobCode, newPassword) {
5360
5608
  await resetPassword(getModularInstance(auth), {
5361
5609
  oobCode,
5362
5610
  newPassword
5611
+ })
5612
+ .catch(async (error) => {
5613
+ if (error.code ===
5614
+ `auth/${"password-does-not-meet-requirements" /* AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */}`) {
5615
+ void recachePasswordPolicy(auth);
5616
+ }
5617
+ throw error;
5363
5618
  });
5364
5619
  // Do not return the email.
5365
5620
  }
@@ -5478,13 +5733,14 @@ async function createUserWithEmailAndPassword(auth, email, password) {
5478
5733
  const requestWithRecaptcha = await injectRecaptchaFields(authInternal, request, "signUpPassword" /* RecaptchaActionName.SIGN_UP_PASSWORD */);
5479
5734
  return signUp(authInternal, requestWithRecaptcha);
5480
5735
  }
5481
- else {
5482
- return Promise.reject(error);
5483
- }
5736
+ throw error;
5484
5737
  });
5485
5738
  }
5486
5739
  const response = await signUpResponse.catch(error => {
5487
- return Promise.reject(error);
5740
+ if (error.code === `auth/${"password-does-not-meet-requirements" /* AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */}`) {
5741
+ void recachePasswordPolicy(auth);
5742
+ }
5743
+ throw error;
5488
5744
  });
5489
5745
  const userCredential = await UserCredentialImpl._fromIdTokenResponse(authInternal, "signIn" /* OperationType.SIGN_IN */, response);
5490
5746
  await authInternal._updateCurrentUser(userCredential.user);
@@ -5507,7 +5763,12 @@ async function createUserWithEmailAndPassword(auth, email, password) {
5507
5763
  * @public
5508
5764
  */
5509
5765
  function signInWithEmailAndPassword(auth, email, password) {
5510
- return signInWithCredential(getModularInstance(auth), EmailAuthProvider.credential(email, password));
5766
+ return signInWithCredential(getModularInstance(auth), EmailAuthProvider.credential(email, password)).catch(async (error) => {
5767
+ if (error.code === `auth/${"password-does-not-meet-requirements" /* AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */}`) {
5768
+ void recachePasswordPolicy(auth);
5769
+ }
5770
+ throw error;
5771
+ });
5511
5772
  }
5512
5773
 
5513
5774
  /**
@@ -6122,8 +6383,34 @@ function setPersistence(auth, persistence) {
6122
6383
  * @public
6123
6384
  */
6124
6385
  function initializeRecaptchaConfig(auth) {
6386
+ return _initializeRecaptchaConfig(auth);
6387
+ }
6388
+ /**
6389
+ * Validates the password against the password policy configured for the project or tenant.
6390
+ *
6391
+ * @remarks
6392
+ * If no tenant ID is set on the `Auth` instance, then this method will use the password
6393
+ * policy configured for the project. Otherwise, this method will use the policy configured
6394
+ * for the tenant. If a password policy has not been configured, then the default policy
6395
+ * configured for all projects will be used.
6396
+ *
6397
+ * If an auth flow fails because a submitted password does not meet the password policy
6398
+ * requirements and this method has previously been called, then this method will use the
6399
+ * most recent policy available when called again.
6400
+ *
6401
+ * @example
6402
+ * ```javascript
6403
+ * validatePassword(auth, 'some-password');
6404
+ * ```
6405
+ *
6406
+ * @param auth The {@link Auth} instance.
6407
+ * @param password The password to validate.
6408
+ *
6409
+ * @public
6410
+ */
6411
+ async function validatePassword(auth, password) {
6125
6412
  const authInternal = _castAuth(auth);
6126
- return authInternal.initializeRecaptchaConfig();
6413
+ return authInternal.validatePassword(password);
6127
6414
  }
6128
6415
  /**
6129
6416
  * Adds an observer for changes to the signed-in user's ID token.
@@ -9931,7 +10218,7 @@ function _isEmptyString(input) {
9931
10218
  }
9932
10219
 
9933
10220
  var name = "@firebase/auth";
9934
- var version = "1.1.0";
10221
+ var version = "1.2.0-20230815211035";
9935
10222
 
9936
10223
  /**
9937
10224
  * @license
@@ -10151,5 +10438,5 @@ function getAuth(app = getApp()) {
10151
10438
  }
10152
10439
  registerAuth("Browser" /* ClientPlatform.BROWSER */);
10153
10440
 
10154
- export { signInWithCredential as $, ActionCodeOperation as A, signOut as B, deleteUser as C, debugErrorMap as D, prodErrorMap as E, FactorId as F, AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY as G, initializeAuth as H, connectAuthEmulator as I, AuthCredential as J, EmailAuthCredential as K, OAuthCredential as L, PhoneAuthCredential as M, inMemoryPersistence as N, OperationType as O, PhoneAuthProvider as P, EmailAuthProvider as Q, RecaptchaVerifier as R, SignInMethod as S, TotpMultiFactorGenerator as T, FacebookAuthProvider as U, GoogleAuthProvider as V, GithubAuthProvider as W, OAuthProvider as X, SAMLAuthProvider as Y, TwitterAuthProvider as Z, signInAnonymously as _, browserSessionPersistence as a, linkWithCredential as a0, reauthenticateWithCredential as a1, signInWithCustomToken as a2, sendPasswordResetEmail as a3, confirmPasswordReset as a4, applyActionCode as a5, checkActionCode as a6, verifyPasswordResetCode as a7, createUserWithEmailAndPassword as a8, signInWithEmailAndPassword as a9, _assert as aA, AuthEventManager as aB, _getInstance as aC, _persistenceKeyName as aD, _getRedirectResult as aE, _overrideRedirectResult as aF, _clearRedirectOutcomes as aG, _castAuth as aH, UserImpl as aI, AuthImpl as aJ, _getClientVersion as aK, _generateEventId as aL, AuthPopup as aM, FetchProvider as aN, SAMLAuthCredential as aO, sendSignInLinkToEmail as aa, isSignInWithEmailLink as ab, signInWithEmailLink as ac, fetchSignInMethodsForEmail as ad, sendEmailVerification as ae, verifyBeforeUpdateEmail as af, ActionCodeURL as ag, parseActionCodeURL as ah, updateProfile as ai, updateEmail as aj, updatePassword as ak, getIdToken as al, getIdTokenResult as am, unlink as an, getAdditionalUserInfo as ao, reload as ap, getMultiFactorResolver as aq, multiFactor as ar, debugAssert as as, _isIOS as at, _isAndroid as au, _fail as av, _getRedirectUrl as aw, _getProjectConfig as ax, _isIOS7Or8 as ay, _createError as az, browserLocalPersistence as b, signInWithPopup as c, linkWithPopup as d, reauthenticateWithPopup as e, signInWithRedirect as f, linkWithRedirect as g, reauthenticateWithRedirect as h, indexedDBLocalPersistence as i, getRedirectResult as j, browserPopupRedirectResolver as k, linkWithPhoneNumber as l, PhoneMultiFactorGenerator as m, TotpSecret as n, getAuth as o, ProviderId as p, setPersistence as q, reauthenticateWithPhoneNumber as r, signInWithPhoneNumber as s, initializeRecaptchaConfig as t, updatePhoneNumber as u, onIdTokenChanged as v, beforeAuthStateChanged as w, onAuthStateChanged as x, useDeviceLanguage as y, updateCurrentUser as z };
10155
- //# sourceMappingURL=index-e24386e7.js.map
10441
+ export { signInAnonymously as $, ActionCodeOperation as A, updateCurrentUser as B, signOut as C, deleteUser as D, debugErrorMap as E, FactorId as F, prodErrorMap as G, AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY as H, initializeAuth as I, connectAuthEmulator as J, AuthCredential as K, EmailAuthCredential as L, OAuthCredential as M, PhoneAuthCredential as N, OperationType as O, PhoneAuthProvider as P, inMemoryPersistence as Q, RecaptchaVerifier as R, SignInMethod as S, TotpMultiFactorGenerator as T, EmailAuthProvider as U, FacebookAuthProvider as V, GoogleAuthProvider as W, GithubAuthProvider as X, OAuthProvider as Y, SAMLAuthProvider as Z, TwitterAuthProvider as _, browserSessionPersistence as a, signInWithCredential as a0, linkWithCredential as a1, reauthenticateWithCredential as a2, signInWithCustomToken as a3, sendPasswordResetEmail as a4, confirmPasswordReset as a5, applyActionCode as a6, checkActionCode as a7, verifyPasswordResetCode as a8, createUserWithEmailAndPassword as a9, _createError as aA, _assert as aB, AuthEventManager as aC, _getInstance as aD, _persistenceKeyName as aE, _getRedirectResult as aF, _overrideRedirectResult as aG, _clearRedirectOutcomes as aH, _castAuth as aI, UserImpl as aJ, AuthImpl as aK, _getClientVersion as aL, _generateEventId as aM, AuthPopup as aN, FetchProvider as aO, SAMLAuthCredential as aP, signInWithEmailAndPassword as aa, sendSignInLinkToEmail as ab, isSignInWithEmailLink as ac, signInWithEmailLink as ad, fetchSignInMethodsForEmail as ae, sendEmailVerification as af, verifyBeforeUpdateEmail as ag, ActionCodeURL as ah, parseActionCodeURL as ai, updateProfile as aj, updateEmail as ak, updatePassword as al, getIdToken as am, getIdTokenResult as an, unlink as ao, getAdditionalUserInfo as ap, reload as aq, getMultiFactorResolver as ar, multiFactor as as, debugAssert as at, _isIOS as au, _isAndroid as av, _fail as aw, _getRedirectUrl as ax, _getProjectConfig as ay, _isIOS7Or8 as az, browserLocalPersistence as b, signInWithPopup as c, linkWithPopup as d, reauthenticateWithPopup as e, signInWithRedirect as f, linkWithRedirect as g, reauthenticateWithRedirect as h, indexedDBLocalPersistence as i, getRedirectResult as j, browserPopupRedirectResolver as k, linkWithPhoneNumber as l, PhoneMultiFactorGenerator as m, TotpSecret as n, getAuth as o, ProviderId as p, setPersistence as q, reauthenticateWithPhoneNumber as r, signInWithPhoneNumber as s, initializeRecaptchaConfig as t, updatePhoneNumber as u, validatePassword as v, onIdTokenChanged as w, beforeAuthStateChanged as x, onAuthStateChanged as y, useDeviceLanguage as z };
10442
+ //# sourceMappingURL=index-a2ce75d7.js.map