@firebase/auth 1.4.0 → 1.5.0-20231120214520

package/dist/rn/{index-afa362da.js → index-4059ee6a.js}

@@ -78,7 +78,7 @@ function _debugErrorMap() {
         _a["invalid-emulator-scheme" /* AuthErrorCode.INVALID_EMULATOR_SCHEME */] = 'Emulator URL must start with a valid scheme (http:// or https://).',
         _a["invalid-api-key" /* AuthErrorCode.INVALID_API_KEY */] = 'Your API key is invalid, please check you have copied it correctly.',
         _a["invalid-cert-hash" /* AuthErrorCode.INVALID_CERT_HASH */] = 'The SHA-1 certificate hash provided is invalid.',
-        _a["invalid-credential" /* AuthErrorCode.INVALID_IDP_RESPONSE */] = 'The supplied auth credential is malformed or has expired.',
+        _a["invalid-credential" /* AuthErrorCode.INVALID_CREDENTIAL */] = 'The supplied auth credential is incorrect, malformed or has expired.',
         _a["invalid-message-payload" /* AuthErrorCode.INVALID_MESSAGE_PAYLOAD */] = 'The email template corresponding to this action contains invalid characters in its message. ' +
             'Please fix by going to the Auth email templates section in the Firebase Console.',
         _a["invalid-multi-factor-session" /* AuthErrorCode.INVALID_MFA_SESSION */] = 'The request does not contain a valid proof of first factor successful sign-in.',
@@ -255,6 +255,7 @@ var AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY = {
     INVALID_EMAIL: 'auth/invalid-email',
     INVALID_EMULATOR_SCHEME: 'auth/invalid-emulator-scheme',
     INVALID_IDP_RESPONSE: 'auth/invalid-credential',
+    INVALID_LOGIN_CREDENTIALS: 'auth/invalid-credential',
     INVALID_MESSAGE_PAYLOAD: 'auth/invalid-message-payload',
     INVALID_MFA_SESSION: 'auth/invalid-multi-factor-session',
     INVALID_OAUTH_CLIENT_ID: 'auth/invalid-oauth-client-id',
@@ -720,12 +721,15 @@ var SERVER_ERROR_MAP = (_a$1 = {},
     _a$1["INVALID_PASSWORD" /* ServerError.INVALID_PASSWORD */] = "wrong-password" /* AuthErrorCode.INVALID_PASSWORD */,
     // This can only happen if the SDK sends a bad request.
     _a$1["MISSING_PASSWORD" /* ServerError.MISSING_PASSWORD */] = "missing-password" /* AuthErrorCode.MISSING_PASSWORD */,
+    // Thrown if Email Enumeration Protection is enabled in the project and the email or password is
+    // invalid.
+    _a$1["INVALID_LOGIN_CREDENTIALS" /* ServerError.INVALID_LOGIN_CREDENTIALS */] = "invalid-credential" /* AuthErrorCode.INVALID_CREDENTIAL */,
     // Sign up with email and password errors.
     _a$1["EMAIL_EXISTS" /* ServerError.EMAIL_EXISTS */] = "email-already-in-use" /* AuthErrorCode.EMAIL_EXISTS */,
     _a$1["PASSWORD_LOGIN_DISABLED" /* ServerError.PASSWORD_LOGIN_DISABLED */] = "operation-not-allowed" /* AuthErrorCode.OPERATION_NOT_ALLOWED */,
     // Verify assertion for sign in with credential errors:
-    _a$1["INVALID_IDP_RESPONSE" /* ServerError.INVALID_IDP_RESPONSE */] = "invalid-credential" /* AuthErrorCode.INVALID_IDP_RESPONSE */,
-    _a$1["INVALID_PENDING_TOKEN" /* ServerError.INVALID_PENDING_TOKEN */] = "invalid-credential" /* AuthErrorCode.INVALID_IDP_RESPONSE */,
+    _a$1["INVALID_IDP_RESPONSE" /* ServerError.INVALID_IDP_RESPONSE */] = "invalid-credential" /* AuthErrorCode.INVALID_CREDENTIAL */,
+    _a$1["INVALID_PENDING_TOKEN" /* ServerError.INVALID_PENDING_TOKEN */] = "invalid-credential" /* AuthErrorCode.INVALID_CREDENTIAL */,
     _a$1["FEDERATED_USER_ID_ALREADY_LINKED" /* ServerError.FEDERATED_USER_ID_ALREADY_LINKED */] = "credential-already-in-use" /* AuthErrorCode.CREDENTIAL_ALREADY_IN_USE */,
     // This can only happen if the SDK sends a bad request.
     _a$1["MISSING_REQ_TYPE" /* ServerError.MISSING_REQ_TYPE */] = "internal-error" /* AuthErrorCode.INTERNAL_ERROR */,
@@ -747,7 +751,7 @@ var SERVER_ERROR_MAP = (_a$1 = {},
     // Phone Auth related errors.
     _a$1["INVALID_CODE" /* ServerError.INVALID_CODE */] = "invalid-verification-code" /* AuthErrorCode.INVALID_CODE */,
     _a$1["INVALID_SESSION_INFO" /* ServerError.INVALID_SESSION_INFO */] = "invalid-verification-id" /* AuthErrorCode.INVALID_SESSION_INFO */,
-    _a$1["INVALID_TEMPORARY_PROOF" /* ServerError.INVALID_TEMPORARY_PROOF */] = "invalid-credential" /* AuthErrorCode.INVALID_IDP_RESPONSE */,
+    _a$1["INVALID_TEMPORARY_PROOF" /* ServerError.INVALID_TEMPORARY_PROOF */] = "invalid-credential" /* AuthErrorCode.INVALID_CREDENTIAL */,
     _a$1["MISSING_SESSION_INFO" /* ServerError.MISSING_SESSION_INFO */] = "missing-verification-id" /* AuthErrorCode.MISSING_SESSION_INFO */,
     _a$1["SESSION_EXPIRED" /* ServerError.SESSION_EXPIRED */] = "code-expired" /* AuthErrorCode.CODE_EXPIRED */,
     // Other action code errors when additional settings passed.
@@ -6512,7 +6516,9 @@ function recachePasswordPolicy(auth) {
     });
 }
 /**
- * Sends a password reset email to the given email address.
+ * Sends a password reset email to the given email address. This method does not throw an error when
+ * there's no user account with the given email address and
+ * [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled.
  *
  * @remarks
  * To complete the password reset, call {@link confirmPasswordReset} with the code supplied in
@@ -6753,6 +6759,8 @@ function createUserWithEmailAndPassword(auth, email, password) {
  *
  * @remarks
  * Fails with an error if the email address and password do not match.
+ * When [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled,
+ * this method fails with "auth/invalid-credential" in case of an invalid email/password.
  *
  * Note: The user's password is NOT the password used to access the user's email account. The
  * email address serves as a unique identifier for the user, and the password is used to access
@@ -6961,7 +6969,9 @@ function createAuthUri(auth, request) {
  * limitations under the License.
  */
 /**
- * Gets the list of possible sign in methods for the given email address.
+ * Gets the list of possible sign in methods for the given email address. This method returns an
+ * empty list when [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled, irrespective of the number of
+ * authentication methods available for the given email.
  *
  * @remarks
  * This is useful to differentiate methods of sign-in for the same provider, eg.
@@ -6972,6 +6982,8 @@ function createAuthUri(auth, request) {
  * @param auth - The {@link Auth} instance.
  * @param email - The user's email address.
  *
+ * Deprecated. Migrating off of this method is recommended as a security best-practice.
+ * Learn more in the Identity Platform documentation for [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection).
  * @public
  */
 function fetchSignInMethodsForEmail(auth, email) {
@@ -7226,6 +7238,9 @@ function updateProfile(user, _a) {
  * @param user - The user.
  * @param newEmail - The new email address.
  *
+ * Throws "auth/operation-not-allowed" error when [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled.
+ * Deprecated - Use {@link verifyBeforeUpdateEmail} instead.
+ *
  * @public
  */
 function updateEmail(user, newEmail) {
@@ -7944,7 +7959,7 @@ function multiFactor(user) {
 }
 
 var name = "@firebase/auth";
-var version = "1.4.0";
+var version = "1.5.0-20231120214520";
 
 /**
  * @license
@@ -9602,4 +9617,4 @@ exports.useDeviceLanguage = useDeviceLanguage;
 exports.validatePassword = validatePassword;
 exports.verifyBeforeUpdateEmail = verifyBeforeUpdateEmail;
 exports.verifyPasswordResetCode = verifyPasswordResetCode;
-//# sourceMappingURL=index-afa362da.js.map
+//# sourceMappingURL=index-4059ee6a.js.map