npm - @firebase/auth - Versions diffs - 1.4.0-20231107192534 → 1.4.0-canary.0d29adc97 - Mend

@firebase/auth 1.4.0-20231107192534 → 1.4.0-canary.0d29adc97

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (80) hide show

package/dist/auth-public.d.ts +14 -2
package/dist/auth.d.ts +15 -3
package/dist/browser-cjs/{index-dfd6ff50.js → index-cb1a91bb.js} +23 -8
package/dist/browser-cjs/index-cb1a91bb.js.map +1 -0
package/dist/browser-cjs/index.js +1 -1
package/dist/browser-cjs/internal.js +1 -1
package/dist/browser-cjs/src/api/errors.d.ts +1 -0
package/dist/browser-cjs/src/core/errors.d.ts +2 -1
package/dist/browser-cjs/src/core/strategies/email.d.ts +5 -1
package/dist/browser-cjs/src/core/strategies/email_and_password.d.ts +5 -1
package/dist/browser-cjs/src/core/user/account_info.d.ts +3 -0
package/dist/cordova/index.js +2 -2
package/dist/cordova/internal.js +2 -2
package/dist/cordova/{popup_redirect-b8968cb1.js → popup_redirect-12c64509.js} +23 -8
package/dist/cordova/popup_redirect-12c64509.js.map +1 -0
package/dist/cordova/src/api/errors.d.ts +1 -0
package/dist/cordova/src/core/errors.d.ts +2 -1
package/dist/cordova/src/core/strategies/email.d.ts +5 -1
package/dist/cordova/src/core/strategies/email_and_password.d.ts +5 -1
package/dist/cordova/src/core/user/account_info.d.ts +3 -0
package/dist/esm2017/{index-ae3ae6d8.js → index-ef3c8a49.js} +23 -8
package/dist/esm2017/index-ef3c8a49.js.map +1 -0
package/dist/esm2017/index.js +1 -1
package/dist/esm2017/internal.js +2 -2
package/dist/esm2017/src/api/errors.d.ts +1 -0
package/dist/esm2017/src/core/errors.d.ts +2 -1
package/dist/esm2017/src/core/strategies/email.d.ts +5 -1
package/dist/esm2017/src/core/strategies/email_and_password.d.ts +5 -1
package/dist/esm2017/src/core/user/account_info.d.ts +3 -0
package/dist/esm5/{index-7f85f824.js → index-c2f98f6e.js} +23 -8
package/dist/esm5/index-c2f98f6e.js.map +1 -0
package/dist/esm5/index.js +1 -1
package/dist/esm5/internal.js +2 -2
package/dist/esm5/src/api/errors.d.ts +1 -0
package/dist/esm5/src/core/errors.d.ts +2 -1
package/dist/esm5/src/core/strategies/email.d.ts +5 -1
package/dist/esm5/src/core/strategies/email_and_password.d.ts +5 -1
package/dist/esm5/src/core/user/account_info.d.ts +3 -0
package/dist/index.webworker.esm5.js +22 -7
package/dist/index.webworker.esm5.js.map +1 -1
package/dist/node/index.js +2 -2
package/dist/node/internal.js +2 -2
package/dist/node/src/api/errors.d.ts +1 -0
package/dist/node/src/core/errors.d.ts +2 -1
package/dist/node/src/core/strategies/email.d.ts +5 -1
package/dist/node/src/core/strategies/email_and_password.d.ts +5 -1
package/dist/node/src/core/user/account_info.d.ts +3 -0
package/dist/node/{totp-e17814fd.js → totp-2ab16b8b.js} +25 -30
package/dist/node/totp-2ab16b8b.js.map +1 -0
package/dist/node-esm/index.js +2 -2
package/dist/node-esm/internal.js +3 -3
package/dist/node-esm/src/api/errors.d.ts +1 -0
package/dist/node-esm/src/core/errors.d.ts +2 -1
package/dist/node-esm/src/core/strategies/email.d.ts +5 -1
package/dist/node-esm/src/core/strategies/email_and_password.d.ts +5 -1
package/dist/node-esm/src/core/user/account_info.d.ts +3 -0
package/dist/node-esm/{totp-2585fcd6.js → totp-a0c83e98.js} +25 -10
package/dist/node-esm/totp-a0c83e98.js.map +1 -0
package/dist/rn/{index-5104bca5.js → index-948ff209.js} +23 -8
package/dist/rn/index-948ff209.js.map +1 -0
package/dist/rn/index.js +1 -1
package/dist/rn/internal.js +1 -1
package/dist/rn/src/api/errors.d.ts +1 -0
package/dist/rn/src/core/errors.d.ts +2 -1
package/dist/rn/src/core/strategies/email.d.ts +5 -1
package/dist/rn/src/core/strategies/email_and_password.d.ts +5 -1
package/dist/rn/src/core/user/account_info.d.ts +3 -0
package/dist/src/api/errors.d.ts +1 -0
package/dist/src/core/errors.d.ts +2 -1
package/dist/src/core/strategies/email.d.ts +5 -1
package/dist/src/core/strategies/email_and_password.d.ts +5 -1
package/dist/src/core/user/account_info.d.ts +3 -0
package/package.json +7 -7
package/dist/browser-cjs/index-dfd6ff50.js.map +0 -1
package/dist/cordova/popup_redirect-b8968cb1.js.map +0 -1
package/dist/esm2017/index-ae3ae6d8.js.map +0 -1
package/dist/esm5/index-7f85f824.js.map +0 -1
package/dist/node/totp-e17814fd.js.map +0 -1
package/dist/node-esm/totp-2585fcd6.js.map +0 -1
package/dist/rn/index-5104bca5.js.map +0 -1

package/dist/auth-public.d.ts CHANGED Viewed

@@ -534,6 +534,7 @@ export declare const AuthErrorCodes: {
     readonly INVALID_EMAIL: "auth/invalid-email";
     readonly INVALID_EMULATOR_SCHEME: "auth/invalid-emulator-scheme";
     readonly INVALID_IDP_RESPONSE: "auth/invalid-credential";
+    readonly INVALID_LOGIN_CREDENTIALS: "auth/invalid-credential";
     readonly INVALID_MESSAGE_PAYLOAD: "auth/invalid-message-payload";
     readonly INVALID_MFA_SESSION: "auth/invalid-multi-factor-session";
     readonly INVALID_OAUTH_CLIENT_ID: "auth/invalid-oauth-client-id";
@@ -1224,7 +1225,9 @@ declare abstract class FederatedAuthProvider implements AuthProvider {
 }
 /**
- * Gets the list of possible sign in methods for the given email address.
+ * Gets the list of possible sign in methods for the given email address. This method returns an
+ * empty list when [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled, irrespective of the number of
+ * authentication methods available for the given email.
  *
  * @remarks
  * This is useful to differentiate methods of sign-in for the same provider, eg.
@@ -1235,6 +1238,8 @@ declare abstract class FederatedAuthProvider implements AuthProvider {
  * @param auth - The {@link Auth} instance.
  * @param email - The user's email address.
  *
+ * Deprecated. Migrating off of this method is recommended as a security best-practice.
+ * Learn more in the Identity Platform documentation for [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection).
  * @public
  */
 export declare function fetchSignInMethodsForEmail(auth: Auth, email: string): Promise<string[]>;
@@ -3027,7 +3032,9 @@ export declare class SAMLAuthProvider extends FederatedAuthProvider {
 export declare function sendEmailVerification(user: User, actionCodeSettings?: ActionCodeSettings | null): Promise<void>;
 /**
- * Sends a password reset email to the given email address.
+ * Sends a password reset email to the given email address. This method does not throw an error when
+ * there's no user account with the given email address and
+ * [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled.
  *
  * @remarks
  * To complete the password reset, call {@link confirmPasswordReset} with the code supplied in
@@ -3196,6 +3203,8 @@ export declare function signInWithCustomToken(auth: Auth, customToken: string):
  *
  * @remarks
  * Fails with an error if the email address and password do not match.
+ * When [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled,
+ * this method fails with "auth/invalid-credential" in case of an invalid email/password.
  *
  * Note: The user's password is NOT the password used to access the user's email account. The
  * email address serves as a unique identifier for the user, and the password is used to access
@@ -3620,6 +3629,9 @@ export declare function updateCurrentUser(auth: Auth, user: User | null): Promis
  * @param user - The user.
  * @param newEmail - The new email address.
  *
+ * Throws "auth/operation-not-allowed" error when [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled.
+ * Deprecated - Use {@link verifyBeforeUpdateEmail} instead.
+ *
  * @public
  */
 export declare function updateEmail(user: User, newEmail: string): Promise<void>;

package/dist/auth.d.ts CHANGED Viewed

@@ -554,7 +554,7 @@ declare const enum AuthErrorCode {
     INVALID_DYNAMIC_LINK_DOMAIN = "invalid-dynamic-link-domain",
     INVALID_EMAIL = "invalid-email",
     INVALID_EMULATOR_SCHEME = "invalid-emulator-scheme",
-    INVALID_IDP_RESPONSE = "invalid-credential",
+    INVALID_CREDENTIAL = "invalid-credential",
     INVALID_MESSAGE_PAYLOAD = "invalid-message-payload",
     INVALID_MFA_SESSION = "invalid-multi-factor-session",
     INVALID_OAUTH_CLIENT_ID = "invalid-oauth-client-id",
@@ -676,6 +676,7 @@ export declare const AuthErrorCodes: {
     readonly INVALID_EMAIL: "auth/invalid-email";
     readonly INVALID_EMULATOR_SCHEME: "auth/invalid-emulator-scheme";
     readonly INVALID_IDP_RESPONSE: "auth/invalid-credential";
+    readonly INVALID_LOGIN_CREDENTIALS: "auth/invalid-credential";
     readonly INVALID_MESSAGE_PAYLOAD: "auth/invalid-message-payload";
     readonly INVALID_MFA_SESSION: "auth/invalid-multi-factor-session";
     readonly INVALID_OAUTH_CLIENT_ID: "auth/invalid-oauth-client-id";
@@ -1513,7 +1514,9 @@ declare abstract class FederatedAuthProvider implements AuthProvider {
 }
 /**
- * Gets the list of possible sign in methods for the given email address.
+ * Gets the list of possible sign in methods for the given email address. This method returns an
+ * empty list when [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled, irrespective of the number of
+ * authentication methods available for the given email.
  *
  * @remarks
  * This is useful to differentiate methods of sign-in for the same provider, eg.
@@ -1524,6 +1527,8 @@ declare abstract class FederatedAuthProvider implements AuthProvider {
  * @param auth - The {@link Auth} instance.
  * @param email - The user's email address.
  *
+ * Deprecated. Migrating off of this method is recommended as a security best-practice.
+ * Learn more in the Identity Platform documentation for [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection).
  * @public
  */
 export declare function fetchSignInMethodsForEmail(auth: Auth, email: string): Promise<string[]>;
@@ -3500,7 +3505,9 @@ export declare class SAMLAuthProvider extends FederatedAuthProvider {
 export declare function sendEmailVerification(user: User, actionCodeSettings?: ActionCodeSettings | null): Promise<void>;
 /**
- * Sends a password reset email to the given email address.
+ * Sends a password reset email to the given email address. This method does not throw an error when
+ * there's no user account with the given email address and
+ * [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled.
  *
  * @remarks
  * To complete the password reset, call {@link confirmPasswordReset} with the code supplied in
@@ -3669,6 +3676,8 @@ export declare function signInWithCustomToken(auth: Auth, customToken: string):
  *
  * @remarks
  * Fails with an error if the email address and password do not match.
+ * When [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled,
+ * this method fails with "auth/invalid-credential" in case of an invalid email/password.
  *
  * Note: The user's password is NOT the password used to access the user's email account. The
  * email address serves as a unique identifier for the user, and the password is used to access
@@ -4145,6 +4154,9 @@ export declare function updateCurrentUser(auth: Auth, user: User | null): Promis
  * @param user - The user.
  * @param newEmail - The new email address.
  *
+ * Throws "auth/operation-not-allowed" error when [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled.
+ * Deprecated - Use {@link verifyBeforeUpdateEmail} instead.
+ *
  * @public
  */
 export declare function updateEmail(user: User, newEmail: string): Promise<void>;

package/dist/browser-cjs/{index-dfd6ff50.js → index-cb1a91bb.js} RENAMED Viewed

@@ -176,7 +176,7 @@ function _debugErrorMap() {
         ["invalid-emulator-scheme" /* AuthErrorCode.INVALID_EMULATOR_SCHEME */]: 'Emulator URL must start with a valid scheme (http:// or https://).',
         ["invalid-api-key" /* AuthErrorCode.INVALID_API_KEY */]: 'Your API key is invalid, please check you have copied it correctly.',
         ["invalid-cert-hash" /* AuthErrorCode.INVALID_CERT_HASH */]: 'The SHA-1 certificate hash provided is invalid.',
-        ["invalid-credential" /* AuthErrorCode.INVALID_IDP_RESPONSE */]: 'The supplied auth credential is malformed or has expired.',
+        ["invalid-credential" /* AuthErrorCode.INVALID_CREDENTIAL */]: 'The supplied auth credential is incorrect, malformed or has expired.',
         ["invalid-message-payload" /* AuthErrorCode.INVALID_MESSAGE_PAYLOAD */]: 'The email template corresponding to this action contains invalid characters in its message. ' +
             'Please fix by going to the Auth email templates section in the Firebase Console.',
         ["invalid-multi-factor-session" /* AuthErrorCode.INVALID_MFA_SESSION */]: 'The request does not contain a valid proof of first factor successful sign-in.',
@@ -352,6 +352,7 @@ const AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY = {
     INVALID_EMAIL: 'auth/invalid-email',
     INVALID_EMULATOR_SCHEME: 'auth/invalid-emulator-scheme',
     INVALID_IDP_RESPONSE: 'auth/invalid-credential',
+    INVALID_LOGIN_CREDENTIALS: 'auth/invalid-credential',
     INVALID_MESSAGE_PAYLOAD: 'auth/invalid-message-payload',
     INVALID_MFA_SESSION: 'auth/invalid-multi-factor-session',
     INVALID_OAUTH_CLIENT_ID: 'auth/invalid-oauth-client-id',
@@ -786,12 +787,15 @@ const SERVER_ERROR_MAP = {
     ["INVALID_PASSWORD" /* ServerError.INVALID_PASSWORD */]: "wrong-password" /* AuthErrorCode.INVALID_PASSWORD */,
     // This can only happen if the SDK sends a bad request.
     ["MISSING_PASSWORD" /* ServerError.MISSING_PASSWORD */]: "missing-password" /* AuthErrorCode.MISSING_PASSWORD */,
+    // Thrown if Email Enumeration Protection is enabled in the project and the email or password is
+    // invalid.
+    ["INVALID_LOGIN_CREDENTIALS" /* ServerError.INVALID_LOGIN_CREDENTIALS */]: "invalid-credential" /* AuthErrorCode.INVALID_CREDENTIAL */,
     // Sign up with email and password errors.
     ["EMAIL_EXISTS" /* ServerError.EMAIL_EXISTS */]: "email-already-in-use" /* AuthErrorCode.EMAIL_EXISTS */,
     ["PASSWORD_LOGIN_DISABLED" /* ServerError.PASSWORD_LOGIN_DISABLED */]: "operation-not-allowed" /* AuthErrorCode.OPERATION_NOT_ALLOWED */,
     // Verify assertion for sign in with credential errors:
-    ["INVALID_IDP_RESPONSE" /* ServerError.INVALID_IDP_RESPONSE */]: "invalid-credential" /* AuthErrorCode.INVALID_IDP_RESPONSE */,
-    ["INVALID_PENDING_TOKEN" /* ServerError.INVALID_PENDING_TOKEN */]: "invalid-credential" /* AuthErrorCode.INVALID_IDP_RESPONSE */,
+    ["INVALID_IDP_RESPONSE" /* ServerError.INVALID_IDP_RESPONSE */]: "invalid-credential" /* AuthErrorCode.INVALID_CREDENTIAL */,
+    ["INVALID_PENDING_TOKEN" /* ServerError.INVALID_PENDING_TOKEN */]: "invalid-credential" /* AuthErrorCode.INVALID_CREDENTIAL */,
     ["FEDERATED_USER_ID_ALREADY_LINKED" /* ServerError.FEDERATED_USER_ID_ALREADY_LINKED */]: "credential-already-in-use" /* AuthErrorCode.CREDENTIAL_ALREADY_IN_USE */,
     // This can only happen if the SDK sends a bad request.
     ["MISSING_REQ_TYPE" /* ServerError.MISSING_REQ_TYPE */]: "internal-error" /* AuthErrorCode.INTERNAL_ERROR */,
@@ -813,7 +817,7 @@ const SERVER_ERROR_MAP = {
     // Phone Auth related errors.
     ["INVALID_CODE" /* ServerError.INVALID_CODE */]: "invalid-verification-code" /* AuthErrorCode.INVALID_CODE */,
     ["INVALID_SESSION_INFO" /* ServerError.INVALID_SESSION_INFO */]: "invalid-verification-id" /* AuthErrorCode.INVALID_SESSION_INFO */,
-    ["INVALID_TEMPORARY_PROOF" /* ServerError.INVALID_TEMPORARY_PROOF */]: "invalid-credential" /* AuthErrorCode.INVALID_IDP_RESPONSE */,
+    ["INVALID_TEMPORARY_PROOF" /* ServerError.INVALID_TEMPORARY_PROOF */]: "invalid-credential" /* AuthErrorCode.INVALID_CREDENTIAL */,
     ["MISSING_SESSION_INFO" /* ServerError.MISSING_SESSION_INFO */]: "missing-verification-id" /* AuthErrorCode.MISSING_SESSION_INFO */,
     ["SESSION_EXPIRED" /* ServerError.SESSION_EXPIRED */]: "code-expired" /* AuthErrorCode.CODE_EXPIRED */,
     // Other action code errors when additional settings passed.
@@ -5623,7 +5627,9 @@ async function recachePasswordPolicy(auth) {
     }
 }
 /**
- * Sends a password reset email to the given email address.
+ * Sends a password reset email to the given email address. This method does not throw an error when
+ * there's no user account with the given email address and
+ * [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled.
  *
  * @remarks
  * To complete the password reset, call {@link confirmPasswordReset} with the code supplied in
@@ -5807,6 +5813,8 @@ async function createUserWithEmailAndPassword(auth, email, password) {
  *
  * @remarks
  * Fails with an error if the email address and password do not match.
+ * When [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled,
+ * this method fails with "auth/invalid-credential" in case of an invalid email/password.
  *
  * Note: The user's password is NOT the password used to access the user's email account. The
  * email address serves as a unique identifier for the user, and the password is used to access
@@ -5992,7 +6000,9 @@ async function createAuthUri(auth, request) {
  * limitations under the License.
  */
 /**
- * Gets the list of possible sign in methods for the given email address.
+ * Gets the list of possible sign in methods for the given email address. This method returns an
+ * empty list when [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled, irrespective of the number of
+ * authentication methods available for the given email.
  *
  * @remarks
  * This is useful to differentiate methods of sign-in for the same provider, eg.
@@ -6003,6 +6013,8 @@ async function createAuthUri(auth, request) {
  * @param auth - The {@link Auth} instance.
  * @param email - The user's email address.
  *
+ * Deprecated. Migrating off of this method is recommended as a security best-practice.
+ * Learn more in the Identity Platform documentation for [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection).
  * @public
  */
 async function fetchSignInMethodsForEmail(auth, email) {
@@ -6196,6 +6208,9 @@ async function updateProfile(user, { displayName, photoURL: photoUrl }) {
  * @param user - The user.
  * @param newEmail - The new email address.
  *
+ * Throws "auth/operation-not-allowed" error when [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled.
+ * Deprecated - Use {@link verifyBeforeUpdateEmail} instead.
+ *
  * @public
  */
 function updateEmail(user, newEmail) {
@@ -10267,7 +10282,7 @@ function _isEmptyString(input) {
 }
 var name = "@firebase/auth";
-var version = "1.4.0-20231107192534";
+var version = "1.4.0-canary.0d29adc97";
 /**
  * @license
@@ -10594,4 +10609,4 @@ exports.useDeviceLanguage = useDeviceLanguage;
 exports.validatePassword = validatePassword;
 exports.verifyBeforeUpdateEmail = verifyBeforeUpdateEmail;
 exports.verifyPasswordResetCode = verifyPasswordResetCode;
-//# sourceMappingURL=index-dfd6ff50.js.map
+//# sourceMappingURL=index-cb1a91bb.js.map