@firebase/auth 1.1.0 → 1.2.0-canary.78d2738c2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (175) hide show
  1. package/README.md +28 -1
  2. package/dist/auth-public.d.ts +119 -0
  3. package/dist/auth.d.ts +179 -2
  4. package/dist/browser-cjs/{index-0b2238be.js → index-86319583.js} +566 -278
  5. package/dist/browser-cjs/index-86319583.js.map +1 -0
  6. package/dist/browser-cjs/index.js +3 -2
  7. package/dist/browser-cjs/index.js.map +1 -1
  8. package/dist/browser-cjs/internal.js +3 -2
  9. package/dist/browser-cjs/internal.js.map +1 -1
  10. package/dist/browser-cjs/src/api/errors.d.ts +2 -1
  11. package/dist/browser-cjs/src/api/index.d.ts +2 -1
  12. package/dist/browser-cjs/src/api/password_policy/get_password_policy.d.ts +48 -0
  13. package/dist/browser-cjs/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  14. package/dist/browser-cjs/src/core/auth/auth_impl.d.ts +8 -2
  15. package/dist/browser-cjs/src/core/auth/password_policy_impl.d.ts +59 -0
  16. package/dist/browser-cjs/src/core/auth/password_policy_impl.test.d.ts +17 -0
  17. package/dist/browser-cjs/src/core/errors.d.ts +3 -1
  18. package/dist/browser-cjs/src/core/index.d.ts +25 -1
  19. package/dist/browser-cjs/src/model/auth.d.ts +7 -2
  20. package/dist/browser-cjs/src/model/password_policy.d.ts +111 -0
  21. package/dist/browser-cjs/src/model/public_types.d.ts +88 -0
  22. package/dist/browser-cjs/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  23. package/dist/browser-cjs/src/platform_node/index.d.ts +1 -0
  24. package/dist/browser-cjs/test/helpers/integration/helpers.d.ts +7 -1
  25. package/dist/browser-cjs/test/integration/flows/password_policy.test.d.ts +17 -0
  26. package/dist/cordova/index.js +2 -2
  27. package/dist/cordova/internal.js +2 -2
  28. package/dist/cordova/{popup_redirect-71c1ff0a.js → popup_redirect-4fa20060.js} +754 -416
  29. package/dist/cordova/popup_redirect-4fa20060.js.map +1 -0
  30. package/dist/cordova/src/api/errors.d.ts +2 -1
  31. package/dist/cordova/src/api/index.d.ts +2 -1
  32. package/dist/cordova/src/api/password_policy/get_password_policy.d.ts +48 -0
  33. package/dist/cordova/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  34. package/dist/cordova/src/core/auth/auth_impl.d.ts +8 -2
  35. package/dist/cordova/src/core/auth/password_policy_impl.d.ts +59 -0
  36. package/dist/cordova/src/core/auth/password_policy_impl.test.d.ts +17 -0
  37. package/dist/cordova/src/core/errors.d.ts +3 -1
  38. package/dist/cordova/src/core/index.d.ts +25 -1
  39. package/dist/cordova/src/model/auth.d.ts +7 -2
  40. package/dist/cordova/src/model/password_policy.d.ts +111 -0
  41. package/dist/cordova/src/model/public_types.d.ts +88 -0
  42. package/dist/cordova/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  43. package/dist/cordova/src/platform_node/index.d.ts +1 -0
  44. package/dist/cordova/test/helpers/integration/helpers.d.ts +7 -1
  45. package/dist/cordova/test/integration/flows/password_policy.test.d.ts +17 -0
  46. package/dist/esm2017/{index-e24386e7.js → index-0a61cd84.js} +566 -279
  47. package/dist/esm2017/index-0a61cd84.js.map +1 -0
  48. package/dist/esm2017/index.js +2 -2
  49. package/dist/esm2017/internal.js +3 -3
  50. package/dist/esm2017/src/api/errors.d.ts +2 -1
  51. package/dist/esm2017/src/api/index.d.ts +2 -1
  52. package/dist/esm2017/src/api/password_policy/get_password_policy.d.ts +48 -0
  53. package/dist/esm2017/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  54. package/dist/esm2017/src/core/auth/auth_impl.d.ts +8 -2
  55. package/dist/esm2017/src/core/auth/password_policy_impl.d.ts +59 -0
  56. package/dist/esm2017/src/core/auth/password_policy_impl.test.d.ts +17 -0
  57. package/dist/esm2017/src/core/errors.d.ts +3 -1
  58. package/dist/esm2017/src/core/index.d.ts +25 -1
  59. package/dist/esm2017/src/model/auth.d.ts +7 -2
  60. package/dist/esm2017/src/model/password_policy.d.ts +111 -0
  61. package/dist/esm2017/src/model/public_types.d.ts +88 -0
  62. package/dist/esm2017/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  63. package/dist/esm2017/src/platform_node/index.d.ts +1 -0
  64. package/dist/esm2017/test/helpers/integration/helpers.d.ts +7 -1
  65. package/dist/esm2017/test/integration/flows/password_policy.test.d.ts +17 -0
  66. package/dist/esm5/{index-be7bff78.js → index-e3004618.js} +754 -416
  67. package/dist/esm5/index-e3004618.js.map +1 -0
  68. package/dist/esm5/index.js +1 -1
  69. package/dist/esm5/internal.js +2 -2
  70. package/dist/esm5/src/api/errors.d.ts +2 -1
  71. package/dist/esm5/src/api/index.d.ts +2 -1
  72. package/dist/esm5/src/api/password_policy/get_password_policy.d.ts +48 -0
  73. package/dist/esm5/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  74. package/dist/esm5/src/core/auth/auth_impl.d.ts +8 -2
  75. package/dist/esm5/src/core/auth/password_policy_impl.d.ts +59 -0
  76. package/dist/esm5/src/core/auth/password_policy_impl.test.d.ts +17 -0
  77. package/dist/esm5/src/core/errors.d.ts +3 -1
  78. package/dist/esm5/src/core/index.d.ts +25 -1
  79. package/dist/esm5/src/model/auth.d.ts +7 -2
  80. package/dist/esm5/src/model/password_policy.d.ts +111 -0
  81. package/dist/esm5/src/model/public_types.d.ts +88 -0
  82. package/dist/esm5/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  83. package/dist/esm5/src/platform_node/index.d.ts +1 -0
  84. package/dist/esm5/test/helpers/integration/helpers.d.ts +7 -1
  85. package/dist/esm5/test/integration/flows/password_policy.test.d.ts +17 -0
  86. package/dist/index.webworker.esm5.js +828 -490
  87. package/dist/index.webworker.esm5.js.map +1 -1
  88. package/dist/node/index.js +2 -1
  89. package/dist/node/index.js.map +1 -1
  90. package/dist/node/internal.js +2 -1
  91. package/dist/node/internal.js.map +1 -1
  92. package/dist/node/src/api/errors.d.ts +2 -1
  93. package/dist/node/src/api/index.d.ts +2 -1
  94. package/dist/node/src/api/password_policy/get_password_policy.d.ts +48 -0
  95. package/dist/node/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  96. package/dist/node/src/core/auth/auth_impl.d.ts +8 -2
  97. package/dist/node/src/core/auth/password_policy_impl.d.ts +59 -0
  98. package/dist/node/src/core/auth/password_policy_impl.test.d.ts +17 -0
  99. package/dist/node/src/core/errors.d.ts +3 -1
  100. package/dist/node/src/core/index.d.ts +25 -1
  101. package/dist/node/src/model/auth.d.ts +7 -2
  102. package/dist/node/src/model/password_policy.d.ts +111 -0
  103. package/dist/node/src/model/public_types.d.ts +88 -0
  104. package/dist/node/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  105. package/dist/node/src/platform_node/index.d.ts +1 -0
  106. package/dist/node/test/helpers/integration/helpers.d.ts +7 -1
  107. package/dist/node/test/integration/flows/password_policy.test.d.ts +17 -0
  108. package/dist/node/{totp-8a876b1a.js → totp-6f13b95f.js} +717 -378
  109. package/dist/node/totp-6f13b95f.js.map +1 -0
  110. package/dist/node-esm/index.js +1 -1
  111. package/dist/node-esm/internal.js +2 -2
  112. package/dist/node-esm/src/api/errors.d.ts +2 -1
  113. package/dist/node-esm/src/api/index.d.ts +2 -1
  114. package/dist/node-esm/src/api/password_policy/get_password_policy.d.ts +48 -0
  115. package/dist/node-esm/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  116. package/dist/node-esm/src/core/auth/auth_impl.d.ts +8 -2
  117. package/dist/node-esm/src/core/auth/password_policy_impl.d.ts +59 -0
  118. package/dist/node-esm/src/core/auth/password_policy_impl.test.d.ts +17 -0
  119. package/dist/node-esm/src/core/errors.d.ts +3 -1
  120. package/dist/node-esm/src/core/index.d.ts +25 -1
  121. package/dist/node-esm/src/model/auth.d.ts +7 -2
  122. package/dist/node-esm/src/model/password_policy.d.ts +111 -0
  123. package/dist/node-esm/src/model/public_types.d.ts +88 -0
  124. package/dist/node-esm/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  125. package/dist/node-esm/src/platform_node/index.d.ts +1 -0
  126. package/dist/node-esm/test/helpers/integration/helpers.d.ts +7 -1
  127. package/dist/node-esm/test/integration/flows/password_policy.test.d.ts +17 -0
  128. package/dist/node-esm/{totp-04ac595e.js → totp-3d18bd9e.js} +554 -267
  129. package/dist/node-esm/totp-3d18bd9e.js.map +1 -0
  130. package/dist/rn/index.js +2 -1
  131. package/dist/rn/index.js.map +1 -1
  132. package/dist/rn/internal.js +2 -1
  133. package/dist/rn/internal.js.map +1 -1
  134. package/dist/rn/{phone-2132481b.js → phone-e617de09.js} +734 -395
  135. package/dist/rn/phone-e617de09.js.map +1 -0
  136. package/dist/rn/src/api/errors.d.ts +2 -1
  137. package/dist/rn/src/api/index.d.ts +2 -1
  138. package/dist/rn/src/api/password_policy/get_password_policy.d.ts +48 -0
  139. package/dist/rn/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  140. package/dist/rn/src/core/auth/auth_impl.d.ts +8 -2
  141. package/dist/rn/src/core/auth/password_policy_impl.d.ts +59 -0
  142. package/dist/rn/src/core/auth/password_policy_impl.test.d.ts +17 -0
  143. package/dist/rn/src/core/errors.d.ts +3 -1
  144. package/dist/rn/src/core/index.d.ts +25 -1
  145. package/dist/rn/src/model/auth.d.ts +7 -2
  146. package/dist/rn/src/model/password_policy.d.ts +111 -0
  147. package/dist/rn/src/model/public_types.d.ts +88 -0
  148. package/dist/rn/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  149. package/dist/rn/src/platform_node/index.d.ts +1 -0
  150. package/dist/rn/test/helpers/integration/helpers.d.ts +7 -1
  151. package/dist/rn/test/integration/flows/password_policy.test.d.ts +17 -0
  152. package/dist/src/api/errors.d.ts +2 -1
  153. package/dist/src/api/index.d.ts +2 -1
  154. package/dist/src/api/password_policy/get_password_policy.d.ts +48 -0
  155. package/dist/src/api/password_policy/get_password_policy.test.d.ts +17 -0
  156. package/dist/src/core/auth/auth_impl.d.ts +8 -2
  157. package/dist/src/core/auth/password_policy_impl.d.ts +59 -0
  158. package/dist/src/core/auth/password_policy_impl.test.d.ts +17 -0
  159. package/dist/src/core/errors.d.ts +3 -1
  160. package/dist/src/core/index.d.ts +25 -1
  161. package/dist/src/model/auth.d.ts +7 -2
  162. package/dist/src/model/password_policy.d.ts +111 -0
  163. package/dist/src/model/public_types.d.ts +88 -0
  164. package/dist/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts +1 -0
  165. package/dist/src/platform_node/index.d.ts +1 -0
  166. package/dist/test/helpers/integration/helpers.d.ts +7 -1
  167. package/dist/test/integration/flows/password_policy.test.d.ts +17 -0
  168. package/package.json +6 -6
  169. package/dist/browser-cjs/index-0b2238be.js.map +0 -1
  170. package/dist/cordova/popup_redirect-71c1ff0a.js.map +0 -1
  171. package/dist/esm2017/index-e24386e7.js.map +0 -1
  172. package/dist/esm5/index-be7bff78.js.map +0 -1
  173. package/dist/node/totp-8a876b1a.js.map +0 -1
  174. package/dist/node-esm/totp-04ac595e.js.map +0 -1
  175. package/dist/rn/phone-2132481b.js.map +0 -1
@@ -6,6 +6,53 @@ var app = require('@firebase/app');
6
6
  var component = require('@firebase/component');
7
7
  var logger = require('@firebase/logger');
8
8
 
9
+ /**
10
+ * @license
11
+ * Copyright 2020 Google LLC
12
+ *
13
+ * Licensed under the Apache License, Version 2.0 (the "License");
14
+ * you may not use this file except in compliance with the License.
15
+ * You may obtain a copy of the License at
16
+ *
17
+ * http://www.apache.org/licenses/LICENSE-2.0
18
+ *
19
+ * Unless required by applicable law or agreed to in writing, software
20
+ * distributed under the License is distributed on an "AS IS" BASIS,
21
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
22
+ * See the License for the specific language governing permissions and
23
+ * limitations under the License.
24
+ */
25
+ function isV2(grecaptcha) {
26
+ return (grecaptcha !== undefined &&
27
+ grecaptcha.getResponse !== undefined);
28
+ }
29
+ function isEnterprise(grecaptcha) {
30
+ return (grecaptcha !== undefined &&
31
+ grecaptcha.enterprise !== undefined);
32
+ }
33
+ var RecaptchaConfig = /** @class */ (function () {
34
+ function RecaptchaConfig(response) {
35
+ /**
36
+ * The reCAPTCHA site key.
37
+ */
38
+ this.siteKey = '';
39
+ /**
40
+ * The reCAPTCHA enablement status of the {@link EmailAuthProvider} for the current tenant.
41
+ */
42
+ this.emailPasswordEnabled = false;
43
+ if (response.recaptchaKey === undefined) {
44
+ throw new Error('recaptchaKey undefined');
45
+ }
46
+ // Example response.recaptchaKey: "projects/proj123/keys/sitekey123"
47
+ this.siteKey = response.recaptchaKey.split('/')[3];
48
+ this.emailPasswordEnabled = response.recaptchaEnforcementState.some(function (enforcementState) {
49
+ return enforcementState.provider === 'EMAIL_PASSWORD_PROVIDER' &&
50
+ enforcementState.enforcementState !== 'OFF';
51
+ });
52
+ }
53
+ return RecaptchaConfig;
54
+ }());
55
+
9
56
  /**
10
57
  * @license
11
58
  * Copyright 2020 Google LLC
@@ -178,6 +225,8 @@ function _debugErrorMap() {
178
225
  _a["missing-recaptcha-version" /* AuthErrorCode.MISSING_RECAPTCHA_VERSION */] = 'The reCAPTCHA version is missing when sending request to the backend.',
179
226
  _a["invalid-req-type" /* AuthErrorCode.INVALID_REQ_TYPE */] = 'Invalid request parameters.',
180
227
  _a["invalid-recaptcha-version" /* AuthErrorCode.INVALID_RECAPTCHA_VERSION */] = 'The reCAPTCHA version is invalid when sending request to the backend.',
228
+ _a["unsupported-password-policy-schema-version" /* AuthErrorCode.UNSUPPORTED_PASSWORD_POLICY_SCHEMA_VERSION */] = 'The password policy received from the backend uses a schema version that is not supported by this version of the Firebase SDK.',
229
+ _a["password-does-not-meet-requirements" /* AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */] = 'The password does not meet the requirements.',
181
230
  _a;
182
231
  }
183
232
  function _prodErrorMap() {
@@ -723,6 +772,7 @@ var SERVER_ERROR_MAP = (_a$1 = {},
723
772
  _a$1["USER_NOT_FOUND" /* ServerError.USER_NOT_FOUND */] = "user-token-expired" /* AuthErrorCode.TOKEN_EXPIRED */,
724
773
  // Other errors.
725
774
  _a$1["TOO_MANY_ATTEMPTS_TRY_LATER" /* ServerError.TOO_MANY_ATTEMPTS_TRY_LATER */] = "too-many-requests" /* AuthErrorCode.TOO_MANY_ATTEMPTS_TRY_LATER */,
775
+ _a$1["PASSWORD_DOES_NOT_MEET_REQUIREMENTS" /* ServerError.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */] = "password-does-not-meet-requirements" /* AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */,
726
776
  // Phone Auth related errors.
727
777
  _a$1["INVALID_CODE" /* ServerError.INVALID_CODE */] = "invalid-verification-code" /* AuthErrorCode.INVALID_CODE */,
728
778
  _a$1["INVALID_SESSION_INFO" /* ServerError.INVALID_SESSION_INFO */] = "invalid-verification-id" /* AuthErrorCode.INVALID_SESSION_INFO */,
@@ -948,6 +998,40 @@ function _makeTaggedError(auth, code, response) {
948
998
  return error;
949
999
  }
950
1000
 
1001
+ /**
1002
+ * @license
1003
+ * Copyright 2020 Google LLC
1004
+ *
1005
+ * Licensed under the Apache License, Version 2.0 (the "License");
1006
+ * you may not use this file except in compliance with the License.
1007
+ * You may obtain a copy of the License at
1008
+ *
1009
+ * http://www.apache.org/licenses/LICENSE-2.0
1010
+ *
1011
+ * Unless required by applicable law or agreed to in writing, software
1012
+ * distributed under the License is distributed on an "AS IS" BASIS,
1013
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
1014
+ * See the License for the specific language governing permissions and
1015
+ * limitations under the License.
1016
+ */
1017
+ function getRecaptchaParams(auth) {
1018
+ return tslib.__awaiter(this, void 0, void 0, function () {
1019
+ return tslib.__generator(this, function (_a) {
1020
+ switch (_a.label) {
1021
+ case 0: return [4 /*yield*/, _performApiRequest(auth, "GET" /* HttpMethod.GET */, "/v1/recaptchaParams" /* Endpoint.GET_RECAPTCHA_PARAM */)];
1022
+ case 1: return [2 /*return*/, ((_a.sent()).recaptchaSiteKey || '')];
1023
+ }
1024
+ });
1025
+ });
1026
+ }
1027
+ function getRecaptchaConfig(auth, request) {
1028
+ return tslib.__awaiter(this, void 0, void 0, function () {
1029
+ return tslib.__generator(this, function (_a) {
1030
+ return [2 /*return*/, _performApiRequest(auth, "GET" /* HttpMethod.GET */, "/v2/recaptchaConfig" /* Endpoint.GET_RECAPTCHA_CONFIG */, _addTidIfNecessary(auth, request))];
1031
+ });
1032
+ });
1033
+ }
1034
+
951
1035
  /**
952
1036
  * @license
953
1037
  * Copyright 2020 Google LLC
@@ -2346,7 +2430,7 @@ function _getClientVersion(clientPlatform, frameworks) {
2346
2430
 
2347
2431
  /**
2348
2432
  * @license
2349
- * Copyright 2020 Google LLC
2433
+ * Copyright 2022 Google LLC
2350
2434
  *
2351
2435
  * Licensed under the Apache License, Version 2.0 (the "License");
2352
2436
  * you may not use this file except in compliance with the License.
@@ -2360,27 +2444,97 @@ function _getClientVersion(clientPlatform, frameworks) {
2360
2444
  * See the License for the specific language governing permissions and
2361
2445
  * limitations under the License.
2362
2446
  */
2363
- function getRecaptchaParams(auth) {
2364
- return tslib.__awaiter(this, void 0, void 0, function () {
2365
- return tslib.__generator(this, function (_a) {
2366
- switch (_a.label) {
2367
- case 0: return [4 /*yield*/, _performApiRequest(auth, "GET" /* HttpMethod.GET */, "/v1/recaptchaParams" /* Endpoint.GET_RECAPTCHA_PARAM */)];
2368
- case 1: return [2 /*return*/, ((_a.sent()).recaptchaSiteKey || '')];
2369
- }
2370
- });
2371
- });
2372
- }
2373
- function getRecaptchaConfig(auth, request) {
2374
- return tslib.__awaiter(this, void 0, void 0, function () {
2375
- return tslib.__generator(this, function (_a) {
2376
- return [2 /*return*/, _performApiRequest(auth, "GET" /* HttpMethod.GET */, "/v2/recaptchaConfig" /* Endpoint.GET_RECAPTCHA_CONFIG */, _addTidIfNecessary(auth, request))];
2447
+ var AuthMiddlewareQueue = /** @class */ (function () {
2448
+ function AuthMiddlewareQueue(auth) {
2449
+ this.auth = auth;
2450
+ this.queue = [];
2451
+ }
2452
+ AuthMiddlewareQueue.prototype.pushCallback = function (callback, onAbort) {
2453
+ var _this = this;
2454
+ // The callback could be sync or async. Wrap it into a
2455
+ // function that is always async.
2456
+ var wrappedCallback = function (user) {
2457
+ return new Promise(function (resolve, reject) {
2458
+ try {
2459
+ var result = callback(user);
2460
+ // Either resolve with existing promise or wrap a non-promise
2461
+ // return value into a promise.
2462
+ resolve(result);
2463
+ }
2464
+ catch (e) {
2465
+ // Sync callback throws.
2466
+ reject(e);
2467
+ }
2468
+ });
2469
+ };
2470
+ // Attach the onAbort if present
2471
+ wrappedCallback.onAbort = onAbort;
2472
+ this.queue.push(wrappedCallback);
2473
+ var index = this.queue.length - 1;
2474
+ return function () {
2475
+ // Unsubscribe. Replace with no-op. Do not remove from array, or it will disturb
2476
+ // indexing of other elements.
2477
+ _this.queue[index] = function () { return Promise.resolve(); };
2478
+ };
2479
+ };
2480
+ AuthMiddlewareQueue.prototype.runMiddleware = function (nextUser) {
2481
+ return tslib.__awaiter(this, void 0, void 0, function () {
2482
+ var onAbortStack, _i, _a, beforeStateCallback, e_1, _b, onAbortStack_1, onAbort;
2483
+ return tslib.__generator(this, function (_c) {
2484
+ switch (_c.label) {
2485
+ case 0:
2486
+ if (this.auth.currentUser === nextUser) {
2487
+ return [2 /*return*/];
2488
+ }
2489
+ onAbortStack = [];
2490
+ _c.label = 1;
2491
+ case 1:
2492
+ _c.trys.push([1, 6, , 7]);
2493
+ _i = 0, _a = this.queue;
2494
+ _c.label = 2;
2495
+ case 2:
2496
+ if (!(_i < _a.length)) return [3 /*break*/, 5];
2497
+ beforeStateCallback = _a[_i];
2498
+ return [4 /*yield*/, beforeStateCallback(nextUser)];
2499
+ case 3:
2500
+ _c.sent();
2501
+ // Only push the onAbort if the callback succeeds
2502
+ if (beforeStateCallback.onAbort) {
2503
+ onAbortStack.push(beforeStateCallback.onAbort);
2504
+ }
2505
+ _c.label = 4;
2506
+ case 4:
2507
+ _i++;
2508
+ return [3 /*break*/, 2];
2509
+ case 5: return [3 /*break*/, 7];
2510
+ case 6:
2511
+ e_1 = _c.sent();
2512
+ // Run all onAbort, with separate try/catch to ignore any errors and
2513
+ // continue
2514
+ onAbortStack.reverse();
2515
+ for (_b = 0, onAbortStack_1 = onAbortStack; _b < onAbortStack_1.length; _b++) {
2516
+ onAbort = onAbortStack_1[_b];
2517
+ try {
2518
+ onAbort();
2519
+ }
2520
+ catch (_) {
2521
+ /* swallow error */
2522
+ }
2523
+ }
2524
+ throw this.auth._errorFactory.create("login-blocked" /* AuthErrorCode.LOGIN_BLOCKED */, {
2525
+ originalMessage: e_1 === null || e_1 === void 0 ? void 0 : e_1.message
2526
+ });
2527
+ case 7: return [2 /*return*/];
2528
+ }
2529
+ });
2377
2530
  });
2378
- });
2379
- }
2531
+ };
2532
+ return AuthMiddlewareQueue;
2533
+ }());
2380
2534
 
2381
2535
  /**
2382
2536
  * @license
2383
- * Copyright 2020 Google LLC
2537
+ * Copyright 2023 Google LLC
2384
2538
  *
2385
2539
  * Licensed under the Apache License, Version 2.0 (the "License");
2386
2540
  * you may not use this file except in compliance with the License.
@@ -2394,40 +2548,25 @@ function getRecaptchaConfig(auth, request) {
2394
2548
  * See the License for the specific language governing permissions and
2395
2549
  * limitations under the License.
2396
2550
  */
2397
- function isV2(grecaptcha) {
2398
- return (grecaptcha !== undefined &&
2399
- grecaptcha.getResponse !== undefined);
2400
- }
2401
- function isEnterprise(grecaptcha) {
2402
- return (grecaptcha !== undefined &&
2403
- grecaptcha.enterprise !== undefined);
2404
- }
2405
- var RecaptchaConfig = /** @class */ (function () {
2406
- function RecaptchaConfig(response) {
2407
- /**
2408
- * The reCAPTCHA site key.
2409
- */
2410
- this.siteKey = '';
2411
- /**
2412
- * The reCAPTCHA enablement status of the {@link EmailAuthProvider} for the current tenant.
2413
- */
2414
- this.emailPasswordEnabled = false;
2415
- if (response.recaptchaKey === undefined) {
2416
- throw new Error('recaptchaKey undefined');
2417
- }
2418
- // Example response.recaptchaKey: "projects/proj123/keys/sitekey123"
2419
- this.siteKey = response.recaptchaKey.split('/')[3];
2420
- this.emailPasswordEnabled = response.recaptchaEnforcementState.some(function (enforcementState) {
2421
- return enforcementState.provider === 'EMAIL_PASSWORD_PROVIDER' &&
2422
- enforcementState.enforcementState !== 'OFF';
2551
+ /**
2552
+ * Fetches the password policy for the currently set tenant or the project if no tenant is set.
2553
+ *
2554
+ * @param auth Auth object.
2555
+ * @param request Password policy request.
2556
+ * @returns Password policy response.
2557
+ */
2558
+ function _getPasswordPolicy(auth, request) {
2559
+ if (request === void 0) { request = {}; }
2560
+ return tslib.__awaiter(this, void 0, void 0, function () {
2561
+ return tslib.__generator(this, function (_a) {
2562
+ return [2 /*return*/, _performApiRequest(auth, "GET" /* HttpMethod.GET */, "/v2/passwordPolicy" /* Endpoint.GET_PASSWORD_POLICY */, _addTidIfNecessary(auth, request))];
2423
2563
  });
2424
- }
2425
- return RecaptchaConfig;
2426
- }());
2564
+ });
2565
+ }
2427
2566
 
2428
2567
  /**
2429
2568
  * @license
2430
- * Copyright 2020 Google LLC
2569
+ * Copyright 2023 Google LLC
2431
2570
  *
2432
2571
  * Licensed under the Apache License, Version 2.0 (the "License");
2433
2572
  * you may not use this file except in compliance with the License.
@@ -2441,289 +2580,138 @@ var RecaptchaConfig = /** @class */ (function () {
2441
2580
  * See the License for the specific language governing permissions and
2442
2581
  * limitations under the License.
2443
2582
  */
2444
- function getScriptParentElement() {
2445
- var _a, _b;
2446
- return (_b = (_a = document.getElementsByTagName('head')) === null || _a === void 0 ? void 0 : _a[0]) !== null && _b !== void 0 ? _b : document;
2447
- }
2448
- function _loadJS(url) {
2449
- // TODO: consider adding timeout support & cancellation
2450
- return new Promise(function (resolve, reject) {
2451
- var el = document.createElement('script');
2452
- el.setAttribute('src', url);
2453
- el.onload = resolve;
2454
- el.onerror = function (e) {
2455
- var error = _createError("internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
2456
- error.customData = e;
2457
- reject(error);
2583
+ // Minimum min password length enforced by the backend, even if no minimum length is set.
2584
+ var MINIMUM_MIN_PASSWORD_LENGTH = 6;
2585
+ /**
2586
+ * Stores password policy requirements and provides password validation against the policy.
2587
+ *
2588
+ * @internal
2589
+ */
2590
+ var PasswordPolicyImpl = /** @class */ (function () {
2591
+ function PasswordPolicyImpl(response) {
2592
+ var _a, _b, _c, _d;
2593
+ // Only include custom strength options defined in the response.
2594
+ var responseOptions = response.customStrengthOptions;
2595
+ this.customStrengthOptions = {};
2596
+ // TODO: Remove once the backend is updated to include the minimum min password length instead of undefined when there is no minimum length set.
2597
+ this.customStrengthOptions.minPasswordLength =
2598
+ (_a = responseOptions.minPasswordLength) !== null && _a !== void 0 ? _a : MINIMUM_MIN_PASSWORD_LENGTH;
2599
+ if (responseOptions.maxPasswordLength) {
2600
+ this.customStrengthOptions.maxPasswordLength =
2601
+ responseOptions.maxPasswordLength;
2602
+ }
2603
+ if (responseOptions.containsLowercaseCharacter !== undefined) {
2604
+ this.customStrengthOptions.containsLowercaseLetter =
2605
+ responseOptions.containsLowercaseCharacter;
2606
+ }
2607
+ if (responseOptions.containsUppercaseCharacter !== undefined) {
2608
+ this.customStrengthOptions.containsUppercaseLetter =
2609
+ responseOptions.containsUppercaseCharacter;
2610
+ }
2611
+ if (responseOptions.containsNumericCharacter !== undefined) {
2612
+ this.customStrengthOptions.containsNumericCharacter =
2613
+ responseOptions.containsNumericCharacter;
2614
+ }
2615
+ if (responseOptions.containsNonAlphanumericCharacter !== undefined) {
2616
+ this.customStrengthOptions.containsNonAlphanumericCharacter =
2617
+ responseOptions.containsNonAlphanumericCharacter;
2618
+ }
2619
+ this.enforcementState = response.enforcementState;
2620
+ if (this.enforcementState === 'ENFORCEMENT_STATE_UNSPECIFIED') {
2621
+ this.enforcementState = 'OFF';
2622
+ }
2623
+ // Use an empty string if no non-alphanumeric characters are specified in the response.
2624
+ this.allowedNonAlphanumericCharacters =
2625
+ (_c = (_b = response.allowedNonAlphanumericCharacters) === null || _b === void 0 ? void 0 : _b.join('')) !== null && _c !== void 0 ? _c : '';
2626
+ this.forceUpgradeOnSignin = (_d = response.forceUpgradeOnSignin) !== null && _d !== void 0 ? _d : false;
2627
+ this.schemaVersion = response.schemaVersion;
2628
+ }
2629
+ PasswordPolicyImpl.prototype.validatePassword = function (password) {
2630
+ var _a, _b, _c, _d, _e, _f;
2631
+ var status = {
2632
+ isValid: true,
2633
+ passwordPolicy: this
2458
2634
  };
2459
- el.type = 'text/javascript';
2460
- el.charset = 'UTF-8';
2461
- getScriptParentElement().appendChild(el);
2462
- });
2463
- }
2464
- function _generateCallbackName(prefix) {
2465
- return "__".concat(prefix).concat(Math.floor(Math.random() * 1000000));
2466
- }
2467
-
2468
- /* eslint-disable @typescript-eslint/no-require-imports */
2469
- var RECAPTCHA_ENTERPRISE_URL = 'https://www.google.com/recaptcha/enterprise.js?render=';
2470
- var RECAPTCHA_ENTERPRISE_VERIFIER_TYPE = 'recaptcha-enterprise';
2471
- var FAKE_TOKEN = 'NO_RECAPTCHA';
2472
- var RecaptchaEnterpriseVerifier = /** @class */ (function () {
2635
+ // Check the password length and character options.
2636
+ this.validatePasswordLengthOptions(password, status);
2637
+ this.validatePasswordCharacterOptions(password, status);
2638
+ // Combine the status into single isValid property.
2639
+ status.isValid && (status.isValid = (_a = status.meetsMinPasswordLength) !== null && _a !== void 0 ? _a : true);
2640
+ status.isValid && (status.isValid = (_b = status.meetsMaxPasswordLength) !== null && _b !== void 0 ? _b : true);
2641
+ status.isValid && (status.isValid = (_c = status.containsLowercaseLetter) !== null && _c !== void 0 ? _c : true);
2642
+ status.isValid && (status.isValid = (_d = status.containsUppercaseLetter) !== null && _d !== void 0 ? _d : true);
2643
+ status.isValid && (status.isValid = (_e = status.containsNumericCharacter) !== null && _e !== void 0 ? _e : true);
2644
+ status.isValid && (status.isValid = (_f = status.containsNonAlphanumericCharacter) !== null && _f !== void 0 ? _f : true);
2645
+ return status;
2646
+ };
2473
2647
  /**
2648
+ * Validates that the password meets the length options for the policy.
2474
2649
  *
2475
- * @param authExtern - The corresponding Firebase {@link Auth} instance.
2476
- *
2650
+ * @param password Password to validate.
2651
+ * @param status Validation status.
2477
2652
  */
2478
- function RecaptchaEnterpriseVerifier(authExtern) {
2479
- /**
2480
- * Identifies the type of application verifier (e.g. "recaptcha-enterprise").
2481
- */
2482
- this.type = RECAPTCHA_ENTERPRISE_VERIFIER_TYPE;
2483
- this.auth = _castAuth(authExtern);
2484
- }
2653
+ PasswordPolicyImpl.prototype.validatePasswordLengthOptions = function (password, status) {
2654
+ var minPasswordLength = this.customStrengthOptions.minPasswordLength;
2655
+ var maxPasswordLength = this.customStrengthOptions.maxPasswordLength;
2656
+ if (minPasswordLength) {
2657
+ status.meetsMinPasswordLength = password.length >= minPasswordLength;
2658
+ }
2659
+ if (maxPasswordLength) {
2660
+ status.meetsMaxPasswordLength = password.length <= maxPasswordLength;
2661
+ }
2662
+ };
2485
2663
  /**
2486
- * Executes the verification process.
2664
+ * Validates that the password meets the character options for the policy.
2487
2665
  *
2488
- * @returns A Promise for a token that can be used to assert the validity of a request.
2666
+ * @param password Password to validate.
2667
+ * @param status Validation status.
2489
2668
  */
2490
- RecaptchaEnterpriseVerifier.prototype.verify = function (action, forceRefresh) {
2491
- if (action === void 0) { action = 'verify'; }
2492
- if (forceRefresh === void 0) { forceRefresh = false; }
2493
- return tslib.__awaiter(this, void 0, void 0, function () {
2494
- function retrieveSiteKey(auth) {
2495
- return tslib.__awaiter(this, void 0, void 0, function () {
2496
- var _this = this;
2497
- return tslib.__generator(this, function (_a) {
2498
- if (!forceRefresh) {
2499
- if (auth.tenantId == null && auth._agentRecaptchaConfig != null) {
2500
- return [2 /*return*/, auth._agentRecaptchaConfig.siteKey];
2501
- }
2502
- if (auth.tenantId != null &&
2503
- auth._tenantRecaptchaConfigs[auth.tenantId] !== undefined) {
2504
- return [2 /*return*/, auth._tenantRecaptchaConfigs[auth.tenantId].siteKey];
2505
- }
2506
- }
2507
- return [2 /*return*/, new Promise(function (resolve, reject) { return tslib.__awaiter(_this, void 0, void 0, function () {
2508
- return tslib.__generator(this, function (_a) {
2509
- getRecaptchaConfig(auth, {
2510
- clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */,
2511
- version: "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
2512
- })
2513
- .then(function (response) {
2514
- if (response.recaptchaKey === undefined) {
2515
- reject(new Error('recaptcha Enterprise site key undefined'));
2516
- }
2517
- else {
2518
- var config = new RecaptchaConfig(response);
2519
- if (auth.tenantId == null) {
2520
- auth._agentRecaptchaConfig = config;
2521
- }
2522
- else {
2523
- auth._tenantRecaptchaConfigs[auth.tenantId] = config;
2524
- }
2525
- return resolve(config.siteKey);
2526
- }
2527
- })
2528
- .catch(function (error) {
2529
- reject(error);
2530
- });
2531
- return [2 /*return*/];
2532
- });
2533
- }); })];
2534
- });
2535
- });
2536
- }
2537
- function retrieveRecaptchaToken(siteKey, resolve, reject) {
2538
- var grecaptcha = window.grecaptcha;
2539
- if (isEnterprise(grecaptcha)) {
2540
- grecaptcha.enterprise.ready(function () {
2541
- grecaptcha.enterprise
2542
- .execute(siteKey, { action: action })
2543
- .then(function (token) {
2544
- resolve(token);
2545
- })
2546
- .catch(function () {
2547
- resolve(FAKE_TOKEN);
2548
- });
2549
- });
2550
- }
2551
- else {
2552
- reject(Error('No reCAPTCHA enterprise script loaded.'));
2553
- }
2554
- }
2555
- var _this = this;
2556
- return tslib.__generator(this, function (_a) {
2557
- return [2 /*return*/, new Promise(function (resolve, reject) {
2558
- retrieveSiteKey(_this.auth)
2559
- .then(function (siteKey) {
2560
- if (!forceRefresh && isEnterprise(window.grecaptcha)) {
2561
- retrieveRecaptchaToken(siteKey, resolve, reject);
2562
- }
2563
- else {
2564
- if (typeof window === 'undefined') {
2565
- reject(new Error('RecaptchaVerifier is only supported in browser'));
2566
- return;
2567
- }
2568
- _loadJS(RECAPTCHA_ENTERPRISE_URL + siteKey)
2569
- .then(function () {
2570
- retrieveRecaptchaToken(siteKey, resolve, reject);
2571
- })
2572
- .catch(function (error) {
2573
- reject(error);
2574
- });
2575
- }
2576
- })
2577
- .catch(function (error) {
2578
- reject(error);
2579
- });
2580
- })];
2581
- });
2582
- });
2583
- };
2584
- return RecaptchaEnterpriseVerifier;
2585
- }());
2586
- function injectRecaptchaFields(auth, request, action, captchaResp) {
2587
- if (captchaResp === void 0) { captchaResp = false; }
2588
- return tslib.__awaiter(this, void 0, void 0, function () {
2589
- var verifier, captchaResponse, newRequest;
2590
- return tslib.__generator(this, function (_a) {
2591
- switch (_a.label) {
2592
- case 0:
2593
- verifier = new RecaptchaEnterpriseVerifier(auth);
2594
- _a.label = 1;
2595
- case 1:
2596
- _a.trys.push([1, 3, , 5]);
2597
- return [4 /*yield*/, verifier.verify(action)];
2598
- case 2:
2599
- captchaResponse = _a.sent();
2600
- return [3 /*break*/, 5];
2601
- case 3:
2602
- _a.sent();
2603
- return [4 /*yield*/, verifier.verify(action, true)];
2604
- case 4:
2605
- captchaResponse = _a.sent();
2606
- return [3 /*break*/, 5];
2607
- case 5:
2608
- newRequest = tslib.__assign({}, request);
2609
- if (!captchaResp) {
2610
- Object.assign(newRequest, { captchaResponse: captchaResponse });
2611
- }
2612
- else {
2613
- Object.assign(newRequest, { 'captchaResp': captchaResponse });
2614
- }
2615
- Object.assign(newRequest, { 'clientType': "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */ });
2616
- Object.assign(newRequest, {
2617
- 'recaptchaVersion': "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
2618
- });
2619
- return [2 /*return*/, newRequest];
2620
- }
2621
- });
2622
- });
2623
- }
2624
-
2625
- /**
2626
- * @license
2627
- * Copyright 2022 Google LLC
2628
- *
2629
- * Licensed under the Apache License, Version 2.0 (the "License");
2630
- * you may not use this file except in compliance with the License.
2631
- * You may obtain a copy of the License at
2632
- *
2633
- * http://www.apache.org/licenses/LICENSE-2.0
2634
- *
2635
- * Unless required by applicable law or agreed to in writing, software
2636
- * distributed under the License is distributed on an "AS IS" BASIS,
2637
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
2638
- * See the License for the specific language governing permissions and
2639
- * limitations under the License.
2640
- */
2641
- var AuthMiddlewareQueue = /** @class */ (function () {
2642
- function AuthMiddlewareQueue(auth) {
2643
- this.auth = auth;
2644
- this.queue = [];
2645
- }
2646
- AuthMiddlewareQueue.prototype.pushCallback = function (callback, onAbort) {
2647
- var _this = this;
2648
- // The callback could be sync or async. Wrap it into a
2649
- // function that is always async.
2650
- var wrappedCallback = function (user) {
2651
- return new Promise(function (resolve, reject) {
2652
- try {
2653
- var result = callback(user);
2654
- // Either resolve with existing promise or wrap a non-promise
2655
- // return value into a promise.
2656
- resolve(result);
2657
- }
2658
- catch (e) {
2659
- // Sync callback throws.
2660
- reject(e);
2661
- }
2662
- });
2663
- };
2664
- // Attach the onAbort if present
2665
- wrappedCallback.onAbort = onAbort;
2666
- this.queue.push(wrappedCallback);
2667
- var index = this.queue.length - 1;
2668
- return function () {
2669
- // Unsubscribe. Replace with no-op. Do not remove from array, or it will disturb
2670
- // indexing of other elements.
2671
- _this.queue[index] = function () { return Promise.resolve(); };
2672
- };
2669
+ PasswordPolicyImpl.prototype.validatePasswordCharacterOptions = function (password, status) {
2670
+ // Assign statuses for requirements even if the password is an empty string.
2671
+ this.updatePasswordCharacterOptionsStatuses(status,
2672
+ /* containsLowercaseCharacter= */ false,
2673
+ /* containsUppercaseCharacter= */ false,
2674
+ /* containsNumericCharacter= */ false,
2675
+ /* containsNonAlphanumericCharacter= */ false);
2676
+ var passwordChar;
2677
+ for (var i = 0; i < password.length; i++) {
2678
+ passwordChar = password.charAt(i);
2679
+ this.updatePasswordCharacterOptionsStatuses(status,
2680
+ /* containsLowercaseCharacter= */ passwordChar >= 'a' &&
2681
+ passwordChar <= 'z',
2682
+ /* containsUppercaseCharacter= */ passwordChar >= 'A' &&
2683
+ passwordChar <= 'Z',
2684
+ /* containsNumericCharacter= */ passwordChar >= '0' &&
2685
+ passwordChar <= '9',
2686
+ /* containsNonAlphanumericCharacter= */ this.allowedNonAlphanumericCharacters.includes(passwordChar));
2687
+ }
2673
2688
  };
2674
- AuthMiddlewareQueue.prototype.runMiddleware = function (nextUser) {
2675
- return tslib.__awaiter(this, void 0, void 0, function () {
2676
- var onAbortStack, _i, _a, beforeStateCallback, e_1, _b, onAbortStack_1, onAbort;
2677
- return tslib.__generator(this, function (_c) {
2678
- switch (_c.label) {
2679
- case 0:
2680
- if (this.auth.currentUser === nextUser) {
2681
- return [2 /*return*/];
2682
- }
2683
- onAbortStack = [];
2684
- _c.label = 1;
2685
- case 1:
2686
- _c.trys.push([1, 6, , 7]);
2687
- _i = 0, _a = this.queue;
2688
- _c.label = 2;
2689
- case 2:
2690
- if (!(_i < _a.length)) return [3 /*break*/, 5];
2691
- beforeStateCallback = _a[_i];
2692
- return [4 /*yield*/, beforeStateCallback(nextUser)];
2693
- case 3:
2694
- _c.sent();
2695
- // Only push the onAbort if the callback succeeds
2696
- if (beforeStateCallback.onAbort) {
2697
- onAbortStack.push(beforeStateCallback.onAbort);
2698
- }
2699
- _c.label = 4;
2700
- case 4:
2701
- _i++;
2702
- return [3 /*break*/, 2];
2703
- case 5: return [3 /*break*/, 7];
2704
- case 6:
2705
- e_1 = _c.sent();
2706
- // Run all onAbort, with separate try/catch to ignore any errors and
2707
- // continue
2708
- onAbortStack.reverse();
2709
- for (_b = 0, onAbortStack_1 = onAbortStack; _b < onAbortStack_1.length; _b++) {
2710
- onAbort = onAbortStack_1[_b];
2711
- try {
2712
- onAbort();
2713
- }
2714
- catch (_) {
2715
- /* swallow error */
2716
- }
2717
- }
2718
- throw this.auth._errorFactory.create("login-blocked" /* AuthErrorCode.LOGIN_BLOCKED */, {
2719
- originalMessage: e_1 === null || e_1 === void 0 ? void 0 : e_1.message
2720
- });
2721
- case 7: return [2 /*return*/];
2722
- }
2723
- });
2724
- });
2689
+ /**
2690
+ * Updates the running validation status with the statuses for the character options.
2691
+ * Expected to be called each time a character is processed to update each option status
2692
+ * based on the current character.
2693
+ *
2694
+ * @param status Validation status.
2695
+ * @param containsLowercaseCharacter Whether the character is a lowercase letter.
2696
+ * @param containsUppercaseCharacter Whether the character is an uppercase letter.
2697
+ * @param containsNumericCharacter Whether the character is a numeric character.
2698
+ * @param containsNonAlphanumericCharacter Whether the character is a non-alphanumeric character.
2699
+ */
2700
+ PasswordPolicyImpl.prototype.updatePasswordCharacterOptionsStatuses = function (status, containsLowercaseCharacter, containsUppercaseCharacter, containsNumericCharacter, containsNonAlphanumericCharacter) {
2701
+ if (this.customStrengthOptions.containsLowercaseLetter) {
2702
+ status.containsLowercaseLetter || (status.containsLowercaseLetter = containsLowercaseCharacter);
2703
+ }
2704
+ if (this.customStrengthOptions.containsUppercaseLetter) {
2705
+ status.containsUppercaseLetter || (status.containsUppercaseLetter = containsUppercaseCharacter);
2706
+ }
2707
+ if (this.customStrengthOptions.containsNumericCharacter) {
2708
+ status.containsNumericCharacter || (status.containsNumericCharacter = containsNumericCharacter);
2709
+ }
2710
+ if (this.customStrengthOptions.containsNonAlphanumericCharacter) {
2711
+ status.containsNonAlphanumericCharacter || (status.containsNonAlphanumericCharacter = containsNonAlphanumericCharacter);
2712
+ }
2725
2713
  };
2726
- return AuthMiddlewareQueue;
2714
+ return PasswordPolicyImpl;
2727
2715
  }());
2728
2716
 
2729
2717
  /**
@@ -2756,6 +2744,7 @@ var AuthImpl = /** @class */ (function () {
2756
2744
  this.beforeStateQueue = new AuthMiddlewareQueue(this);
2757
2745
  this.redirectUser = null;
2758
2746
  this.isProactiveRefreshEnabled = false;
2747
+ this.EXPECTED_PASSWORD_POLICY_SCHEMA_VERSION = 1;
2759
2748
  // Any network calls will set this to true and prevent subsequent emulator
2760
2749
  // initialization
2761
2750
  this._canInitEmulator = true;
@@ -2766,6 +2755,8 @@ var AuthImpl = /** @class */ (function () {
2766
2755
  this._errorFactory = _DEFAULT_AUTH_ERROR_FACTORY;
2767
2756
  this._agentRecaptchaConfig = null;
2768
2757
  this._tenantRecaptchaConfigs = {};
2758
+ this._projectPasswordPolicy = null;
2759
+ this._tenantPasswordPolicies = {};
2769
2760
  // Tracks the last notified UID for state change listeners to prevent
2770
2761
  // repeated calls to the callbacks. Undefined means it's never been
2771
2762
  // called, whereas null means it's been called with a signed out user
@@ -3095,41 +3086,66 @@ var AuthImpl = /** @class */ (function () {
3095
3086
  });
3096
3087
  }); });
3097
3088
  };
3098
- AuthImpl.prototype.initializeRecaptchaConfig = function () {
3089
+ AuthImpl.prototype._getRecaptchaConfig = function () {
3090
+ if (this.tenantId == null) {
3091
+ return this._agentRecaptchaConfig;
3092
+ }
3093
+ else {
3094
+ return this._tenantRecaptchaConfigs[this.tenantId];
3095
+ }
3096
+ };
3097
+ AuthImpl.prototype.validatePassword = function (password) {
3099
3098
  return tslib.__awaiter(this, void 0, void 0, function () {
3100
- var response, config, verifier;
3099
+ var passwordPolicy;
3101
3100
  return tslib.__generator(this, function (_a) {
3102
3101
  switch (_a.label) {
3103
- case 0: return [4 /*yield*/, getRecaptchaConfig(this, {
3104
- clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */,
3105
- version: "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
3106
- })];
3102
+ case 0:
3103
+ if (!!this._getPasswordPolicyInternal()) return [3 /*break*/, 2];
3104
+ return [4 /*yield*/, this._updatePasswordPolicy()];
3107
3105
  case 1:
3108
- response = _a.sent();
3109
- config = new RecaptchaConfig(response);
3110
- if (this.tenantId == null) {
3111
- this._agentRecaptchaConfig = config;
3112
- }
3113
- else {
3114
- this._tenantRecaptchaConfigs[this.tenantId] = config;
3115
- }
3116
- if (config.emailPasswordEnabled) {
3117
- verifier = new RecaptchaEnterpriseVerifier(this);
3118
- void verifier.verify();
3106
+ _a.sent();
3107
+ _a.label = 2;
3108
+ case 2:
3109
+ passwordPolicy = this._getPasswordPolicyInternal();
3110
+ // Check that the policy schema version is supported by the SDK.
3111
+ // TODO: Update this logic to use a max supported policy schema version once we have multiple schema versions.
3112
+ if (passwordPolicy.schemaVersion !==
3113
+ this.EXPECTED_PASSWORD_POLICY_SCHEMA_VERSION) {
3114
+ return [2 /*return*/, Promise.reject(this._errorFactory.create("unsupported-password-policy-schema-version" /* AuthErrorCode.UNSUPPORTED_PASSWORD_POLICY_SCHEMA_VERSION */, {}))];
3119
3115
  }
3120
- return [2 /*return*/];
3116
+ return [2 /*return*/, passwordPolicy.validatePassword(password)];
3121
3117
  }
3122
3118
  });
3123
3119
  });
3124
3120
  };
3125
- AuthImpl.prototype._getRecaptchaConfig = function () {
3126
- if (this.tenantId == null) {
3127
- return this._agentRecaptchaConfig;
3121
+ AuthImpl.prototype._getPasswordPolicyInternal = function () {
3122
+ if (this.tenantId === null) {
3123
+ return this._projectPasswordPolicy;
3128
3124
  }
3129
3125
  else {
3130
- return this._tenantRecaptchaConfigs[this.tenantId];
3126
+ return this._tenantPasswordPolicies[this.tenantId];
3131
3127
  }
3132
3128
  };
3129
+ AuthImpl.prototype._updatePasswordPolicy = function () {
3130
+ return tslib.__awaiter(this, void 0, void 0, function () {
3131
+ var response, passwordPolicy;
3132
+ return tslib.__generator(this, function (_a) {
3133
+ switch (_a.label) {
3134
+ case 0: return [4 /*yield*/, _getPasswordPolicy(this)];
3135
+ case 1:
3136
+ response = _a.sent();
3137
+ passwordPolicy = new PasswordPolicyImpl(response);
3138
+ if (this.tenantId === null) {
3139
+ this._projectPasswordPolicy = passwordPolicy;
3140
+ }
3141
+ else {
3142
+ this._tenantPasswordPolicies[this.tenantId] = passwordPolicy;
3143
+ }
3144
+ return [2 /*return*/];
3145
+ }
3146
+ });
3147
+ });
3148
+ };
3133
3149
  AuthImpl.prototype._getPersistence = function () {
3134
3150
  return this.assertedPersistence.persistence.type;
3135
3151
  };
@@ -3296,18 +3312,32 @@ var AuthImpl = /** @class */ (function () {
3296
3312
  var cb = typeof nextOrObserver === 'function'
3297
3313
  ? nextOrObserver
3298
3314
  : nextOrObserver.next.bind(nextOrObserver);
3315
+ var isUnsubscribed = false;
3299
3316
  var promise = this._isInitialized
3300
3317
  ? Promise.resolve()
3301
3318
  : this._initializationPromise;
3302
3319
  _assert(promise, this, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
3303
3320
  // The callback needs to be called asynchronously per the spec.
3304
3321
  // eslint-disable-next-line @typescript-eslint/no-floating-promises
3305
- promise.then(function () { return cb(_this.currentUser); });
3322
+ promise.then(function () {
3323
+ if (isUnsubscribed) {
3324
+ return;
3325
+ }
3326
+ cb(_this.currentUser);
3327
+ });
3306
3328
  if (typeof nextOrObserver === 'function') {
3307
- return subscription.addObserver(nextOrObserver, error, completed);
3329
+ var unsubscribe_2 = subscription.addObserver(nextOrObserver, error, completed);
3330
+ return function () {
3331
+ isUnsubscribed = true;
3332
+ unsubscribe_2();
3333
+ };
3308
3334
  }
3309
3335
  else {
3310
- return subscription.addObserver(nextOrObserver);
3336
+ var unsubscribe_3 = subscription.addObserver(nextOrObserver);
3337
+ return function () {
3338
+ isUnsubscribed = true;
3339
+ unsubscribe_3();
3340
+ };
3311
3341
  }
3312
3342
  };
3313
3343
  /**
@@ -3405,54 +3435,280 @@ var AuthImpl = /** @class */ (function () {
3405
3435
  AuthImpl.prototype._getAppCheckToken = function () {
3406
3436
  var _a;
3407
3437
  return tslib.__awaiter(this, void 0, void 0, function () {
3408
- var appCheckTokenResult;
3409
- return tslib.__generator(this, function (_b) {
3410
- switch (_b.label) {
3411
- case 0: return [4 /*yield*/, ((_a = this.appCheckServiceProvider
3412
- .getImmediate({ optional: true })) === null || _a === void 0 ? void 0 : _a.getToken())];
3413
- case 1:
3414
- appCheckTokenResult = _b.sent();
3415
- if (appCheckTokenResult === null || appCheckTokenResult === void 0 ? void 0 : appCheckTokenResult.error) {
3416
- // Context: appCheck.getToken() will never throw even if an error happened.
3417
- // In the error case, a dummy token will be returned along with an error field describing
3418
- // the error. In general, we shouldn't care about the error condition and just use
3419
- // the token (actual or dummy) to send requests.
3420
- _logWarn("Error while retrieving App Check token: ".concat(appCheckTokenResult.error));
3438
+ var appCheckTokenResult;
3439
+ return tslib.__generator(this, function (_b) {
3440
+ switch (_b.label) {
3441
+ case 0: return [4 /*yield*/, ((_a = this.appCheckServiceProvider
3442
+ .getImmediate({ optional: true })) === null || _a === void 0 ? void 0 : _a.getToken())];
3443
+ case 1:
3444
+ appCheckTokenResult = _b.sent();
3445
+ if (appCheckTokenResult === null || appCheckTokenResult === void 0 ? void 0 : appCheckTokenResult.error) {
3446
+ // Context: appCheck.getToken() will never throw even if an error happened.
3447
+ // In the error case, a dummy token will be returned along with an error field describing
3448
+ // the error. In general, we shouldn't care about the error condition and just use
3449
+ // the token (actual or dummy) to send requests.
3450
+ _logWarn("Error while retrieving App Check token: ".concat(appCheckTokenResult.error));
3451
+ }
3452
+ return [2 /*return*/, appCheckTokenResult === null || appCheckTokenResult === void 0 ? void 0 : appCheckTokenResult.token];
3453
+ }
3454
+ });
3455
+ });
3456
+ };
3457
+ return AuthImpl;
3458
+ }());
3459
+ /**
3460
+ * Method to be used to cast down to our private implmentation of Auth.
3461
+ * It will also handle unwrapping from the compat type if necessary
3462
+ *
3463
+ * @param auth Auth object passed in from developer
3464
+ */
3465
+ function _castAuth(auth) {
3466
+ return util.getModularInstance(auth);
3467
+ }
3468
+ /** Helper class to wrap subscriber logic */
3469
+ var Subscription = /** @class */ (function () {
3470
+ function Subscription(auth) {
3471
+ var _this = this;
3472
+ this.auth = auth;
3473
+ this.observer = null;
3474
+ this.addObserver = util.createSubscribe(function (observer) { return (_this.observer = observer); });
3475
+ }
3476
+ Object.defineProperty(Subscription.prototype, "next", {
3477
+ get: function () {
3478
+ _assert(this.observer, this.auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
3479
+ return this.observer.next.bind(this.observer);
3480
+ },
3481
+ enumerable: false,
3482
+ configurable: true
3483
+ });
3484
+ return Subscription;
3485
+ }());
3486
+
3487
+ /**
3488
+ * @license
3489
+ * Copyright 2020 Google LLC
3490
+ *
3491
+ * Licensed under the Apache License, Version 2.0 (the "License");
3492
+ * you may not use this file except in compliance with the License.
3493
+ * You may obtain a copy of the License at
3494
+ *
3495
+ * http://www.apache.org/licenses/LICENSE-2.0
3496
+ *
3497
+ * Unless required by applicable law or agreed to in writing, software
3498
+ * distributed under the License is distributed on an "AS IS" BASIS,
3499
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
3500
+ * See the License for the specific language governing permissions and
3501
+ * limitations under the License.
3502
+ */
3503
+ function getScriptParentElement() {
3504
+ var _a, _b;
3505
+ return (_b = (_a = document.getElementsByTagName('head')) === null || _a === void 0 ? void 0 : _a[0]) !== null && _b !== void 0 ? _b : document;
3506
+ }
3507
+ function _loadJS(url) {
3508
+ // TODO: consider adding timeout support & cancellation
3509
+ return new Promise(function (resolve, reject) {
3510
+ var el = document.createElement('script');
3511
+ el.setAttribute('src', url);
3512
+ el.onload = resolve;
3513
+ el.onerror = function (e) {
3514
+ var error = _createError("internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
3515
+ error.customData = e;
3516
+ reject(error);
3517
+ };
3518
+ el.type = 'text/javascript';
3519
+ el.charset = 'UTF-8';
3520
+ getScriptParentElement().appendChild(el);
3521
+ });
3522
+ }
3523
+ function _generateCallbackName(prefix) {
3524
+ return "__".concat(prefix).concat(Math.floor(Math.random() * 1000000));
3525
+ }
3526
+
3527
+ /* eslint-disable @typescript-eslint/no-require-imports */
3528
+ var RECAPTCHA_ENTERPRISE_URL = 'https://www.google.com/recaptcha/enterprise.js?render=';
3529
+ var RECAPTCHA_ENTERPRISE_VERIFIER_TYPE = 'recaptcha-enterprise';
3530
+ var FAKE_TOKEN = 'NO_RECAPTCHA';
3531
+ var RecaptchaEnterpriseVerifier = /** @class */ (function () {
3532
+ /**
3533
+ *
3534
+ * @param authExtern - The corresponding Firebase {@link Auth} instance.
3535
+ *
3536
+ */
3537
+ function RecaptchaEnterpriseVerifier(authExtern) {
3538
+ /**
3539
+ * Identifies the type of application verifier (e.g. "recaptcha-enterprise").
3540
+ */
3541
+ this.type = RECAPTCHA_ENTERPRISE_VERIFIER_TYPE;
3542
+ this.auth = _castAuth(authExtern);
3543
+ }
3544
+ /**
3545
+ * Executes the verification process.
3546
+ *
3547
+ * @returns A Promise for a token that can be used to assert the validity of a request.
3548
+ */
3549
+ RecaptchaEnterpriseVerifier.prototype.verify = function (action, forceRefresh) {
3550
+ if (action === void 0) { action = 'verify'; }
3551
+ if (forceRefresh === void 0) { forceRefresh = false; }
3552
+ return tslib.__awaiter(this, void 0, void 0, function () {
3553
+ function retrieveSiteKey(auth) {
3554
+ return tslib.__awaiter(this, void 0, void 0, function () {
3555
+ var _this = this;
3556
+ return tslib.__generator(this, function (_a) {
3557
+ if (!forceRefresh) {
3558
+ if (auth.tenantId == null && auth._agentRecaptchaConfig != null) {
3559
+ return [2 /*return*/, auth._agentRecaptchaConfig.siteKey];
3560
+ }
3561
+ if (auth.tenantId != null &&
3562
+ auth._tenantRecaptchaConfigs[auth.tenantId] !== undefined) {
3563
+ return [2 /*return*/, auth._tenantRecaptchaConfigs[auth.tenantId].siteKey];
3564
+ }
3421
3565
  }
3422
- return [2 /*return*/, appCheckTokenResult === null || appCheckTokenResult === void 0 ? void 0 : appCheckTokenResult.token];
3566
+ return [2 /*return*/, new Promise(function (resolve, reject) { return tslib.__awaiter(_this, void 0, void 0, function () {
3567
+ return tslib.__generator(this, function (_a) {
3568
+ getRecaptchaConfig(auth, {
3569
+ clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */,
3570
+ version: "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
3571
+ })
3572
+ .then(function (response) {
3573
+ if (response.recaptchaKey === undefined) {
3574
+ reject(new Error('recaptcha Enterprise site key undefined'));
3575
+ }
3576
+ else {
3577
+ var config = new RecaptchaConfig(response);
3578
+ if (auth.tenantId == null) {
3579
+ auth._agentRecaptchaConfig = config;
3580
+ }
3581
+ else {
3582
+ auth._tenantRecaptchaConfigs[auth.tenantId] = config;
3583
+ }
3584
+ return resolve(config.siteKey);
3585
+ }
3586
+ })
3587
+ .catch(function (error) {
3588
+ reject(error);
3589
+ });
3590
+ return [2 /*return*/];
3591
+ });
3592
+ }); })];
3593
+ });
3594
+ });
3595
+ }
3596
+ function retrieveRecaptchaToken(siteKey, resolve, reject) {
3597
+ var grecaptcha = window.grecaptcha;
3598
+ if (isEnterprise(grecaptcha)) {
3599
+ grecaptcha.enterprise.ready(function () {
3600
+ grecaptcha.enterprise
3601
+ .execute(siteKey, { action: action })
3602
+ .then(function (token) {
3603
+ resolve(token);
3604
+ })
3605
+ .catch(function () {
3606
+ resolve(FAKE_TOKEN);
3607
+ });
3608
+ });
3609
+ }
3610
+ else {
3611
+ reject(Error('No reCAPTCHA enterprise script loaded.'));
3423
3612
  }
3613
+ }
3614
+ var _this = this;
3615
+ return tslib.__generator(this, function (_a) {
3616
+ return [2 /*return*/, new Promise(function (resolve, reject) {
3617
+ retrieveSiteKey(_this.auth)
3618
+ .then(function (siteKey) {
3619
+ if (!forceRefresh && isEnterprise(window.grecaptcha)) {
3620
+ retrieveRecaptchaToken(siteKey, resolve, reject);
3621
+ }
3622
+ else {
3623
+ if (typeof window === 'undefined') {
3624
+ reject(new Error('RecaptchaVerifier is only supported in browser'));
3625
+ return;
3626
+ }
3627
+ _loadJS(RECAPTCHA_ENTERPRISE_URL + siteKey)
3628
+ .then(function () {
3629
+ retrieveRecaptchaToken(siteKey, resolve, reject);
3630
+ })
3631
+ .catch(function (error) {
3632
+ reject(error);
3633
+ });
3634
+ }
3635
+ })
3636
+ .catch(function (error) {
3637
+ reject(error);
3638
+ });
3639
+ })];
3424
3640
  });
3425
3641
  });
3426
3642
  };
3427
- return AuthImpl;
3643
+ return RecaptchaEnterpriseVerifier;
3428
3644
  }());
3429
- /**
3430
- * Method to be used to cast down to our private implmentation of Auth.
3431
- * It will also handle unwrapping from the compat type if necessary
3432
- *
3433
- * @param auth Auth object passed in from developer
3434
- */
3435
- function _castAuth(auth) {
3436
- return util.getModularInstance(auth);
3645
+ function injectRecaptchaFields(auth, request, action, captchaResp) {
3646
+ if (captchaResp === void 0) { captchaResp = false; }
3647
+ return tslib.__awaiter(this, void 0, void 0, function () {
3648
+ var verifier, captchaResponse, newRequest;
3649
+ return tslib.__generator(this, function (_a) {
3650
+ switch (_a.label) {
3651
+ case 0:
3652
+ verifier = new RecaptchaEnterpriseVerifier(auth);
3653
+ _a.label = 1;
3654
+ case 1:
3655
+ _a.trys.push([1, 3, , 5]);
3656
+ return [4 /*yield*/, verifier.verify(action)];
3657
+ case 2:
3658
+ captchaResponse = _a.sent();
3659
+ return [3 /*break*/, 5];
3660
+ case 3:
3661
+ _a.sent();
3662
+ return [4 /*yield*/, verifier.verify(action, true)];
3663
+ case 4:
3664
+ captchaResponse = _a.sent();
3665
+ return [3 /*break*/, 5];
3666
+ case 5:
3667
+ newRequest = tslib.__assign({}, request);
3668
+ if (!captchaResp) {
3669
+ Object.assign(newRequest, { captchaResponse: captchaResponse });
3670
+ }
3671
+ else {
3672
+ Object.assign(newRequest, { 'captchaResp': captchaResponse });
3673
+ }
3674
+ Object.assign(newRequest, { 'clientType': "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */ });
3675
+ Object.assign(newRequest, {
3676
+ 'recaptchaVersion': "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
3677
+ });
3678
+ return [2 /*return*/, newRequest];
3679
+ }
3680
+ });
3681
+ });
3437
3682
  }
3438
- /** Helper class to wrap subscriber logic */
3439
- var Subscription = /** @class */ (function () {
3440
- function Subscription(auth) {
3441
- var _this = this;
3442
- this.auth = auth;
3443
- this.observer = null;
3444
- this.addObserver = util.createSubscribe(function (observer) { return (_this.observer = observer); });
3445
- }
3446
- Object.defineProperty(Subscription.prototype, "next", {
3447
- get: function () {
3448
- _assert(this.observer, this.auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
3449
- return this.observer.next.bind(this.observer);
3450
- },
3451
- enumerable: false,
3452
- configurable: true
3683
+ function _initializeRecaptchaConfig(auth) {
3684
+ return tslib.__awaiter(this, void 0, void 0, function () {
3685
+ var authInternal, response, config, verifier;
3686
+ return tslib.__generator(this, function (_a) {
3687
+ switch (_a.label) {
3688
+ case 0:
3689
+ authInternal = _castAuth(auth);
3690
+ return [4 /*yield*/, getRecaptchaConfig(authInternal, {
3691
+ clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */,
3692
+ version: "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */
3693
+ })];
3694
+ case 1:
3695
+ response = _a.sent();
3696
+ config = new RecaptchaConfig(response);
3697
+ if (authInternal.tenantId == null) {
3698
+ authInternal._agentRecaptchaConfig = config;
3699
+ }
3700
+ else {
3701
+ authInternal._tenantRecaptchaConfigs[authInternal.tenantId] = config;
3702
+ }
3703
+ if (config.emailPasswordEnabled) {
3704
+ verifier = new RecaptchaEnterpriseVerifier(authInternal);
3705
+ void verifier.verify();
3706
+ }
3707
+ return [2 /*return*/];
3708
+ }
3709
+ });
3453
3710
  });
3454
- return Subscription;
3455
- }());
3711
+ }
3456
3712
 
3457
3713
  /**
3458
3714
  * @license
@@ -6112,6 +6368,36 @@ function _setActionCodeSettingsOnRequest(auth, request, actionCodeSettings) {
6112
6368
  * See the License for the specific language governing permissions and
6113
6369
  * limitations under the License.
6114
6370
  */
6371
+ /**
6372
+ * Updates the password policy cached in the {@link Auth} instance if a policy is already
6373
+ * cached for the project or tenant.
6374
+ *
6375
+ * @remarks
6376
+ * We only fetch the password policy if the password did not meet policy requirements and
6377
+ * there is an existing policy cached. A developer must call validatePassword at least
6378
+ * once for the cache to be automatically updated.
6379
+ *
6380
+ * @param auth - The {@link Auth} instance.
6381
+ *
6382
+ * @private
6383
+ */
6384
+ function recachePasswordPolicy(auth) {
6385
+ return tslib.__awaiter(this, void 0, void 0, function () {
6386
+ var authInternal;
6387
+ return tslib.__generator(this, function (_a) {
6388
+ switch (_a.label) {
6389
+ case 0:
6390
+ authInternal = _castAuth(auth);
6391
+ if (!authInternal._getPasswordPolicyInternal()) return [3 /*break*/, 2];
6392
+ return [4 /*yield*/, authInternal._updatePasswordPolicy()];
6393
+ case 1:
6394
+ _a.sent();
6395
+ _a.label = 2;
6396
+ case 2: return [2 /*return*/];
6397
+ }
6398
+ });
6399
+ });
6400
+ }
6115
6401
  /**
6116
6402
  * Sends a password reset email to the given email address.
6117
6403
  *
@@ -6215,12 +6501,22 @@ function sendPasswordResetEmail(auth, email, actionCodeSettings) {
6215
6501
  */
6216
6502
  function confirmPasswordReset(auth, oobCode, newPassword) {
6217
6503
  return tslib.__awaiter(this, void 0, void 0, function () {
6504
+ var _this = this;
6218
6505
  return tslib.__generator(this, function (_a) {
6219
6506
  switch (_a.label) {
6220
6507
  case 0: return [4 /*yield*/, resetPassword(util.getModularInstance(auth), {
6221
6508
  oobCode: oobCode,
6222
6509
  newPassword: newPassword
6223
- })];
6510
+ })
6511
+ .catch(function (error) { return tslib.__awaiter(_this, void 0, void 0, function () {
6512
+ return tslib.__generator(this, function (_a) {
6513
+ if (error.code ===
6514
+ "auth/".concat("password-does-not-meet-requirements" /* AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */)) {
6515
+ void recachePasswordPolicy(auth);
6516
+ }
6517
+ throw error;
6518
+ });
6519
+ }); })];
6224
6520
  case 1:
6225
6521
  _a.sent();
6226
6522
  return [2 /*return*/];
@@ -6376,13 +6672,16 @@ function createUserWithEmailAndPassword(auth, email, password) {
6376
6672
  case 1:
6377
6673
  requestWithRecaptcha = _a.sent();
6378
6674
  return [2 /*return*/, signUp(authInternal, requestWithRecaptcha)];
6379
- case 2: return [2 /*return*/, Promise.reject(error)];
6675
+ case 2: throw error;
6380
6676
  }
6381
6677
  });
6382
6678
  }); });
6383
6679
  _b.label = 3;
6384
6680
  case 3: return [4 /*yield*/, signUpResponse.catch(function (error) {
6385
- return Promise.reject(error);
6681
+ if (error.code === "auth/".concat("password-does-not-meet-requirements" /* AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */)) {
6682
+ void recachePasswordPolicy(auth);
6683
+ }
6684
+ throw error;
6386
6685
  })];
6387
6686
  case 4:
6388
6687
  response = _b.sent();
@@ -6414,7 +6713,15 @@ function createUserWithEmailAndPassword(auth, email, password) {
6414
6713
  * @public
6415
6714
  */
6416
6715
  function signInWithEmailAndPassword(auth, email, password) {
6417
- return signInWithCredential(util.getModularInstance(auth), EmailAuthProvider.credential(email, password));
6716
+ var _this = this;
6717
+ return signInWithCredential(util.getModularInstance(auth), EmailAuthProvider.credential(email, password)).catch(function (error) { return tslib.__awaiter(_this, void 0, void 0, function () {
6718
+ return tslib.__generator(this, function (_a) {
6719
+ if (error.code === "auth/".concat("password-does-not-meet-requirements" /* AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */)) {
6720
+ void recachePasswordPolicy(auth);
6721
+ }
6722
+ throw error;
6723
+ });
6724
+ }); });
6418
6725
  }
6419
6726
 
6420
6727
  /**
@@ -7152,8 +7459,39 @@ function setPersistence(auth, persistence) {
7152
7459
  * @public
7153
7460
  */
7154
7461
  function initializeRecaptchaConfig(auth) {
7155
- var authInternal = _castAuth(auth);
7156
- return authInternal.initializeRecaptchaConfig();
7462
+ return _initializeRecaptchaConfig(auth);
7463
+ }
7464
+ /**
7465
+ * Validates the password against the password policy configured for the project or tenant.
7466
+ *
7467
+ * @remarks
7468
+ * If no tenant ID is set on the `Auth` instance, then this method will use the password
7469
+ * policy configured for the project. Otherwise, this method will use the policy configured
7470
+ * for the tenant. If a password policy has not been configured, then the default policy
7471
+ * configured for all projects will be used.
7472
+ *
7473
+ * If an auth flow fails because a submitted password does not meet the password policy
7474
+ * requirements and this method has previously been called, then this method will use the
7475
+ * most recent policy available when called again.
7476
+ *
7477
+ * @example
7478
+ * ```javascript
7479
+ * validatePassword(auth, 'some-password');
7480
+ * ```
7481
+ *
7482
+ * @param auth The {@link Auth} instance.
7483
+ * @param password The password to validate.
7484
+ *
7485
+ * @public
7486
+ */
7487
+ function validatePassword(auth, password) {
7488
+ return tslib.__awaiter(this, void 0, void 0, function () {
7489
+ var authInternal;
7490
+ return tslib.__generator(this, function (_a) {
7491
+ authInternal = _castAuth(auth);
7492
+ return [2 /*return*/, authInternal.validatePassword(password)];
7493
+ });
7494
+ });
7157
7495
  }
7158
7496
  /**
7159
7497
  * Adds an observer for changes to the signed-in user's ID token.
@@ -7575,7 +7913,7 @@ function multiFactor(user) {
7575
7913
  }
7576
7914
 
7577
7915
  var name = "@firebase/auth";
7578
- var version = "1.1.0";
7916
+ var version = "1.2.0-canary.78d2738c2";
7579
7917
 
7580
7918
  /**
7581
7919
  * @license
@@ -9056,6 +9394,7 @@ exports.updatePassword = updatePassword;
9056
9394
  exports.updatePhoneNumber = updatePhoneNumber;
9057
9395
  exports.updateProfile = updateProfile;
9058
9396
  exports.useDeviceLanguage = useDeviceLanguage;
9397
+ exports.validatePassword = validatePassword;
9059
9398
  exports.verifyBeforeUpdateEmail = verifyBeforeUpdateEmail;
9060
9399
  exports.verifyPasswordResetCode = verifyPasswordResetCode;
9061
- //# sourceMappingURL=phone-2132481b.js.map
9400
+ //# sourceMappingURL=phone-e617de09.js.map