@firebase/auth 1.6.2 → 1.7.0-canary.42fcdfe4c

package/dist/node/{totp-7d693c11.js → totp-fbe187a4.js}

@@ -1,8 +1,8 @@
 'use strict';
 
 var tslib = require('tslib');
-var util = require('@firebase/util');
 var app = require('@firebase/app');
+var util = require('@firebase/util');
 var component = require('@firebase/component');
 var undici = require('undici');
 var logger = require('@firebase/logger');
@@ -502,6 +502,9 @@ function _errorWithCustomMessage(auth, code, message) {
         appName: auth.name
     });
 }
+function _serverAppCurrentUserOperationNotSupportedError(auth) {
+    return _errorWithCustomMessage(auth, "operation-not-supported-in-this-environment" /* AuthErrorCode.OPERATION_NOT_SUPPORTED */, 'Operations that alter the current user are not supported in conjunction with FirebaseServerApp');
+}
 function createErrorInternal(authOrCode) {
     var _a;
     var rest = [];
@@ -1765,16 +1768,21 @@ var StsTokenManager = /** @class */ (function () {
             : _tokenExpiresIn(response.idToken);
         this.updateTokensAndExpiration(response.idToken, response.refreshToken, expiresIn);
     };
+    StsTokenManager.prototype.updateFromIdToken = function (idToken) {
+        _assert(idToken.length !== 0, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
+        var expiresIn = _tokenExpiresIn(idToken);
+        this.updateTokensAndExpiration(idToken, null, expiresIn);
+    };
     StsTokenManager.prototype.getToken = function (auth, forceRefresh) {
         if (forceRefresh === void 0) { forceRefresh = false; }
         return tslib.__awaiter(this, void 0, void 0, function () {
             return tslib.__generator(this, function (_a) {
                 switch (_a.label) {
                     case 0:
-                        _assert(!this.accessToken || this.refreshToken, auth, "user-token-expired" /* AuthErrorCode.TOKEN_EXPIRED */);
                         if (!forceRefresh && this.accessToken && !this.isExpired) {
                             return [2 /*return*/, this.accessToken];
                         }
+                        _assert(this.refreshToken, auth, "user-token-expired" /* AuthErrorCode.TOKEN_EXPIRED */);
                         if (!this.refreshToken) return [3 /*break*/, 2];
                         return [4 /*yield*/, this.refresh(auth, this.refreshToken)];
                     case 1:
@@ -1998,7 +2006,11 @@ var UserImpl = /** @class */ (function () {
             var idToken;
             return tslib.__generator(this, function (_a) {
                 switch (_a.label) {
-                    case 0: return [4 /*yield*/, this.getIdToken()];
+                    case 0:
+                        if (app._isFirebaseServerApp(this.auth.app)) {
+                            return [2 /*return*/, Promise.reject(_serverAppCurrentUserOperationNotSupportedError(this.auth))];
+                        }
+                        return [4 /*yield*/, this.getIdToken()];
                     case 1:
                         idToken = _a.sent();
                         return [4 /*yield*/, _logoutIfInvalidated(this, deleteAccount(this.auth, { idToken: idToken }))];
@@ -2103,6 +2115,47 @@ var UserImpl = /** @class */ (function () {
             });
         });
     };
+    /**
+     * Initialize a User from an idToken server response
+     * @param auth
+     * @param idTokenResponse
+     */
+    UserImpl._fromGetAccountInfoResponse = function (auth, response, idToken) {
+        return tslib.__awaiter(this, void 0, void 0, function () {
+            var coreAccount, providerData, isAnonymous, stsTokenManager, user, updates;
+            return tslib.__generator(this, function (_a) {
+                coreAccount = response.users[0];
+                _assert(coreAccount.localId !== undefined, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
+                providerData = coreAccount.providerUserInfo !== undefined
+                    ? extractProviderData(coreAccount.providerUserInfo)
+                    : [];
+                isAnonymous = !(coreAccount.email && coreAccount.passwordHash) && !(providerData === null || providerData === void 0 ? void 0 : providerData.length);
+                stsTokenManager = new StsTokenManager();
+                stsTokenManager.updateFromIdToken(idToken);
+                user = new UserImpl({
+                    uid: coreAccount.localId,
+                    auth: auth,
+                    stsTokenManager: stsTokenManager,
+                    isAnonymous: isAnonymous
+                });
+                updates = {
+                    uid: coreAccount.localId,
+                    displayName: coreAccount.displayName || null,
+                    photoURL: coreAccount.photoUrl || null,
+                    email: coreAccount.email || null,
+                    emailVerified: coreAccount.emailVerified || false,
+                    phoneNumber: coreAccount.phoneNumber || null,
+                    tenantId: coreAccount.tenantId || null,
+                    providerData: providerData,
+                    metadata: new UserMetadata(coreAccount.createdAt, coreAccount.lastLoginAt),
+                    isAnonymous: !(coreAccount.email && coreAccount.passwordHash) &&
+                        !(providerData === null || providerData === void 0 ? void 0 : providerData.length)
+                };
+                Object.assign(user, updates);
+                return [2 /*return*/, user];
+            });
+        });
+    };
     return UserImpl;
 }());
 
@@ -2999,13 +3052,59 @@ var AuthImpl = /** @class */ (function () {
             });
         });
     };
+    AuthImpl.prototype.initializeCurrentUserFromIdToken = function (idToken) {
+        return tslib.__awaiter(this, void 0, void 0, function () {
+            var response, user, err_1;
+            return tslib.__generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0:
+                        _a.trys.push([0, 4, , 6]);
+                        return [4 /*yield*/, getAccountInfo(this, { idToken: idToken })];
+                    case 1:
+                        response = _a.sent();
+                        return [4 /*yield*/, UserImpl._fromGetAccountInfoResponse(this, response, idToken)];
+                    case 2:
+                        user = _a.sent();
+                        return [4 /*yield*/, this.directlySetCurrentUser(user)];
+                    case 3:
+                        _a.sent();
+                        return [3 /*break*/, 6];
+                    case 4:
+                        err_1 = _a.sent();
+                        console.warn('FirebaseServerApp could not login user with provided authIdToken: ', err_1);
+                        return [4 /*yield*/, this.directlySetCurrentUser(null)];
+                    case 5:
+                        _a.sent();
+                        return [3 /*break*/, 6];
+                    case 6: return [2 /*return*/];
+                }
+            });
+        });
+    };
     AuthImpl.prototype.initializeCurrentUser = function (popupRedirectResolver) {
         var _a;
         return tslib.__awaiter(this, void 0, void 0, function () {
-            var previouslyStoredUser, futureCurrentUser, needsTocheckMiddleware, redirectUserEventId, storedUserEventId, result, e_2;
+            var idToken_1, previouslyStoredUser, futureCurrentUser, needsTocheckMiddleware, redirectUserEventId, storedUserEventId, result, e_2;
+            var _this = this;
             return tslib.__generator(this, function (_b) {
                 switch (_b.label) {
-                    case 0: return [4 /*yield*/, this.assertedPersistence.getCurrentUser()];
+                    case 0:
+                        if (app._isFirebaseServerApp(this.app)) {
+                            idToken_1 = this.app.settings.authIdToken;
+                            if (idToken_1) {
+                                // Start the auth operation in the next tick to allow a moment for the customer's app to
+                                // attach an emulator, if desired.
+                                return [2 /*return*/, new Promise(function (resolve) {
+                                        setTimeout(function () {
+                                            return _this.initializeCurrentUserFromIdToken(idToken_1).then(resolve, resolve);
+                                        });
+                                    })];
+                            }
+                            else {
+                                return [2 /*return*/, this.directlySetCurrentUser(null)];
+                            }
+                        }
+                        return [4 /*yield*/, this.assertedPersistence.getCurrentUser()];
                     case 1:
                         previouslyStoredUser = (_b.sent());
                         futureCurrentUser = previouslyStoredUser;
@@ -3147,6 +3246,9 @@ var AuthImpl = /** @class */ (function () {
         return tslib.__awaiter(this, void 0, void 0, function () {
             var user;
             return tslib.__generator(this, function (_a) {
+                if (app._isFirebaseServerApp(this.app)) {
+                    return [2 /*return*/, Promise.reject(_serverAppCurrentUserOperationNotSupportedError(this))];
+                }
                 user = userExtern
                     ? util.getModularInstance(userExtern)
                     : null;
@@ -3194,9 +3296,12 @@ var AuthImpl = /** @class */ (function () {
         return tslib.__awaiter(this, void 0, void 0, function () {
             return tslib.__generator(this, function (_a) {
                 switch (_a.label) {
-                    case 0: 
-                    // Run first, to block _setRedirectUser() if any callbacks fail.
-                    return [4 /*yield*/, this.beforeStateQueue.runMiddleware(null)];
+                    case 0:
+                        if (app._isFirebaseServerApp(this.app)) {
+                            return [2 /*return*/, Promise.reject(_serverAppCurrentUserOperationNotSupportedError(this))];
+                        }
+                        // Run first, to block _setRedirectUser() if any callbacks fail.
+                        return [4 /*yield*/, this.beforeStateQueue.runMiddleware(null)];
                     case 1:
                         // Run first, to block _setRedirectUser() if any callbacks fail.
                         _a.sent();
@@ -3215,6 +3320,9 @@ var AuthImpl = /** @class */ (function () {
     };
     AuthImpl.prototype.setPersistence = function (persistence) {
         var _this = this;
+        if (app._isFirebaseServerApp(this.app)) {
+            return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(this));
+        }
         return this.queue(function () { return tslib.__awaiter(_this, void 0, void 0, function () {
             return tslib.__generator(this, function (_a) {
                 switch (_a.label) {
@@ -5983,6 +6091,9 @@ function providerIdForResponse(response) {
  * If there is already an anonymous user signed in, that user will be returned; otherwise, a
  * new anonymous user identity will be created and returned.
  *
+ * This method is not supported by {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * @param auth - The {@link Auth} instance.
  *
  * @public
@@ -5994,6 +6105,9 @@ function signInAnonymously(auth) {
         return tslib.__generator(this, function (_b) {
             switch (_b.label) {
                 case 0:
+                    if (app._isFirebaseServerApp(auth.app)) {
+                        return [2 /*return*/, Promise.reject(_serverAppCurrentUserOperationNotSupportedError(auth))];
+                    }
                     authInternal = _castAuth(auth);
                     return [4 /*yield*/, authInternal._initializationPromise];
                 case 1:
@@ -6225,6 +6339,9 @@ function _reauthenticate(user, credential, bypassAuthState) {
             switch (_a.label) {
                 case 0:
                     auth = user.auth;
+                    if (app._isFirebaseServerApp(auth.app)) {
+                        return [2 /*return*/, Promise.reject(_serverAppCurrentUserOperationNotSupportedError(auth))];
+                    }
                     operationType = "reauthenticate" /* OperationType.REAUTHENTICATE */;
                     _a.label = 1;
                 case 1:
@@ -6274,6 +6391,9 @@ function _signInWithCredential(auth, credential, bypassAuthState) {
         return tslib.__generator(this, function (_a) {
             switch (_a.label) {
                 case 0:
+                    if (app._isFirebaseServerApp(auth.app)) {
+                        return [2 /*return*/, Promise.reject(_serverAppCurrentUserOperationNotSupportedError(auth))];
+                    }
                     operationType = "signIn" /* OperationType.SIGN_IN */;
                     return [4 /*yield*/, _processCredentialSavingMfaContextIfNecessary(auth, operationType, credential)];
                 case 1:
@@ -6297,6 +6417,9 @@ function _signInWithCredential(auth, credential, bypassAuthState) {
  * @remarks
  * An {@link AuthProvider} can be used to generate the credential.
  *
+ * This method is not supported by {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * @param auth - The {@link Auth} instance.
  * @param credential - The auth credential.
  *
@@ -6343,6 +6466,9 @@ function linkWithCredential(user, credential) {
  * attempts. This method can be used to recover from a `CREDENTIAL_TOO_OLD_LOGIN_AGAIN` error
  * or a `TOKEN_EXPIRED` error.
  *
+ * This method is not supported on any {@link User} signed in by {@link Auth} instances
+ * created with a {@link @firebase/app#FirebaseServerApp}.
+ *
  * @param user - The user.
  * @param credential - The auth credential.
  *
@@ -6407,6 +6533,9 @@ function signInWithCustomToken$1(auth, request) {
  *
  * Fails with an error if the token is invalid, expired, or not accepted by the Firebase Auth service.
  *
+ * This method is not supported by {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * @param auth - The {@link Auth} instance.
  * @param customToken - The custom token to sign in with.
  *
@@ -6418,6 +6547,9 @@ function signInWithCustomToken(auth, customToken) {
         return tslib.__generator(this, function (_a) {
             switch (_a.label) {
                 case 0:
+                    if (app._isFirebaseServerApp(auth.app)) {
+                        return [2 /*return*/, Promise.reject(_serverAppCurrentUserOperationNotSupportedError(auth))];
+                    }
                     authInternal = _castAuth(auth);
                     return [4 /*yield*/, signInWithCustomToken$1(authInternal, {
                             token: customToken,
@@ -6774,6 +6906,9 @@ function verifyPasswordResetCode(auth, code) {
  *
  * User account creation can fail if the account already exists or the password is invalid.
  *
+ * This method is not supported on {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * Note: The email address acts as a unique identifier for the user and enables an email-based
  * password reset. This function will create a new user account and set the initial user password.
  *
@@ -6789,6 +6924,9 @@ function createUserWithEmailAndPassword(auth, email, password) {
         return tslib.__generator(this, function (_a) {
             switch (_a.label) {
                 case 0:
+                    if (app._isFirebaseServerApp(auth.app)) {
+                        return [2 /*return*/, Promise.reject(_serverAppCurrentUserOperationNotSupportedError(auth))];
+                    }
                     authInternal = _castAuth(auth);
                     request = {
                         returnSecureToken: true,
@@ -6824,10 +6962,14 @@ function createUserWithEmailAndPassword(auth, email, password) {
  * When [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled,
  * this method fails with "auth/invalid-credential" in case of an invalid email/password.
  *
+ * This method is not supported on {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * Note: The user's password is NOT the password used to access the user's email account. The
  * email address serves as a unique identifier for the user, and the password is used to access
  * the user's account in your Firebase project. See also: {@link createUserWithEmailAndPassword}.
  *
+ *
  * @param auth - The {@link Auth} instance.
  * @param email - The users email address.
  * @param password - The users password.
@@ -6836,6 +6978,9 @@ function createUserWithEmailAndPassword(auth, email, password) {
  */
 function signInWithEmailAndPassword(auth, email, password) {
     var _this = this;
+    if (app._isFirebaseServerApp(auth.app)) {
+        return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(auth));
+    }
     return signInWithCredential(util.getModularInstance(auth), EmailAuthProvider.credential(email, password)).catch(function (error) { return tslib.__awaiter(_this, void 0, void 0, function () {
         return tslib.__generator(this, function (_a) {
             if (error.code === "auth/".concat("password-does-not-meet-requirements" /* AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */)) {
@@ -6947,6 +7092,9 @@ function isSignInWithEmailLink(auth, emailLink) {
  *
  * Fails with an error if the email address is invalid or OTP in email link expires.
  *
+ * This method is not supported by {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * Note: Confirm the link is a sign-in email link before calling this method firebase.auth.Auth.isSignInWithEmailLink.
  *
  * @example
@@ -6970,6 +7118,7 @@ function isSignInWithEmailLink(auth, emailLink) {
  * }
  * ```
  *
+ *
  * @param auth - The {@link Auth} instance.
  * @param email - The user's email address.
  * @param emailLink - The link sent to the user's email address.
@@ -6980,6 +7129,9 @@ function signInWithEmailLink(auth, email, emailLink) {
     return tslib.__awaiter(this, void 0, void 0, function () {
         var authModular, credential;
         return tslib.__generator(this, function (_a) {
+            if (app._isFirebaseServerApp(auth.app)) {
+                return [2 /*return*/, Promise.reject(_serverAppCurrentUserOperationNotSupportedError(auth))];
+            }
             authModular = util.getModularInstance(auth);
             credential = EmailAuthProvider.credentialWithLink(email, emailLink || _getCurrentUrl());
             // Check if the tenant ID in the email link matches the tenant ID on Auth
@@ -7293,6 +7445,9 @@ function updateProfile(user, _a) {
  * An email will be sent to the original email address (if it was set) that allows to revoke the
  * email address change, in order to protect them from account hijacking.
  *
+ * This method is not supported on any {@link User} signed in by {@link Auth} instances
+ * created with a {@link @firebase/app#FirebaseServerApp}.
+ *
  * Important: this is a security sensitive operation that requires the user to have recently signed
  * in. If this requirement isn't met, ask the user to authenticate again and then call
  * {@link reauthenticateWithCredential}.
@@ -7306,7 +7461,11 @@ function updateProfile(user, _a) {
  * @public
  */
 function updateEmail(user, newEmail) {
-    return updateEmailOrPassword(util.getModularInstance(user), newEmail, null);
+    var userInternal = util.getModularInstance(user);
+    if (app._isFirebaseServerApp(userInternal.auth.app)) {
+        return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(userInternal.auth));
+    }
+    return updateEmailOrPassword(userInternal, newEmail, null);
 }
 /**
  * Updates the user's password.
@@ -7511,7 +7670,8 @@ function getAdditionalUserInfo(userCredential) {
  * remembered or not. It also makes it easier to never persist the `Auth` state for applications
  * that are shared by other users or have sensitive data.
  *
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or with {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
  *
  * @example
  * ```javascript
@@ -7662,6 +7822,9 @@ function useDeviceLanguage(auth) {
  * The operation fails with an error if the user to be updated belongs to a different Firebase
  * project.
  *
+ * This method is not supported by {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * @param auth - The {@link Auth} instance.
  * @param user - The new {@link User}.
  *
@@ -7673,6 +7836,10 @@ function updateCurrentUser(auth, user) {
 /**
  * Signs out the current user.
  *
+ * @remarks
+ * This method is not supported by {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * @param auth - The {@link Auth} instance.
  *
  * @public
@@ -8015,7 +8182,7 @@ function multiFactor(user) {
 }
 
 var name = "@firebase/auth";
-var version = "1.6.2";
+var version = "1.7.0-canary.42fcdfe4c";
 
 /**
  * @license
@@ -8525,6 +8692,7 @@ exports._link = _link;
 exports._performApiRequest = _performApiRequest;
 exports._persistenceKeyName = _persistenceKeyName;
 exports._reauthenticate = _reauthenticate;
+exports._serverAppCurrentUserOperationNotSupportedError = _serverAppCurrentUserOperationNotSupportedError;
 exports._signInWithCredential = _signInWithCredential;
 exports.applyActionCode = applyActionCode;
 exports.beforeAuthStateChanged = beforeAuthStateChanged;
@@ -8589,4 +8757,4 @@ exports.useDeviceLanguage = useDeviceLanguage;
 exports.validatePassword = validatePassword;
 exports.verifyBeforeUpdateEmail = verifyBeforeUpdateEmail;
 exports.verifyPasswordResetCode = verifyPasswordResetCode;
-//# sourceMappingURL=totp-7d693c11.js.map
+//# sourceMappingURL=totp-fbe187a4.js.map