npm - @firebase/auth - Versions diffs - 1.6.2 → 1.7.0-canary.42fcdfe4c - Mend

@firebase/auth 1.6.2 → 1.7.0-canary.42fcdfe4c

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (236) hide show

package/dist/test/helpers/integration/helpers.d.ts CHANGED Viewed

@@ -14,9 +14,11 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+import { FirebaseServerApp } from '@firebase/app';
 import { Auth } from '@firebase/auth';
 export declare function randomEmail(): string;
 export declare function getTestInstance(requireEmulator?: boolean): Auth;
+export declare function getTestInstanceForServerApp(serverApp: FirebaseServerApp): Auth;
 export declare function cleanUpTestInstance(auth: Auth): Promise<void>;
 export declare function getTotpCode(sharedSecretKey: string, periodSec: number, verificationCodeLength: number, timestamp: Date): string;
 export declare const email = "totpuser-donotdelete@test.com";

package/dist/test/integration/flows/firebaseserverapp.test.d.ts ADDED Viewed

@@ -0,0 +1,17 @@
+/**
+ * @license
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+export {};

package/dist/web-extension-cjs/index.js CHANGED Viewed

@@ -2,7 +2,7 @@
 Object.defineProperty(exports, '__esModule', { value: true });
-var register = require('./register-9438f377.js');
+var register = require('./register-4ce22251.js');
 var app = require('@firebase/app');
 var util = require('@firebase/util');
 require('tslib');

package/dist/web-extension-cjs/internal.js CHANGED Viewed

@@ -2,10 +2,10 @@
 Object.defineProperty(exports, '__esModule', { value: true });
-var register = require('./register-9438f377.js');
+var register = require('./register-4ce22251.js');
 var util = require('@firebase/util');
-require('tslib');
 var app = require('@firebase/app');
+require('tslib');
 require('@firebase/component');
 require('@firebase/logger');
@@ -897,7 +897,8 @@ class ConfirmationResultImpl {
  * {@link RecaptchaVerifier} (like React Native), but you need to use a
  * third-party {@link ApplicationVerifier} implementation.
  *
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or with {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
  *
  * @example
  * ```javascript
@@ -915,6 +916,9 @@ class ConfirmationResultImpl {
  * @public
  */
 async function signInWithPhoneNumber(auth, phoneNumber, appVerifier) {
+    if (app._isFirebaseServerApp(auth.app)) {
+        return Promise.reject(register._serverAppCurrentUserOperationNotSupportedError(auth));
+    }
     const authInternal = register._castAuth(auth);
     const verificationId = await _verifyPhoneNumber(authInternal, phoneNumber, util.getModularInstance(appVerifier));
     return new ConfirmationResultImpl(verificationId, cred => register.signInWithCredential(authInternal, cred));
@@ -943,7 +947,8 @@ async function linkWithPhoneNumber(user, phoneNumber, appVerifier) {
  * @remarks
  * Use before operations such as {@link updatePassword} that require tokens from recent sign-in attempts.
  *
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or on any {@link User} signed in by
+ * {@link Auth} instances created with a {@link @firebase/app#FirebaseServerApp}.
  *
  * @param user - The user.
  * @param phoneNumber - The user's phone number in E.164 format (e.g. +16505550101).
@@ -953,6 +958,9 @@ async function linkWithPhoneNumber(user, phoneNumber, appVerifier) {
  */
 async function reauthenticateWithPhoneNumber(user, phoneNumber, appVerifier) {
     const userInternal = util.getModularInstance(user);
+    if (app._isFirebaseServerApp(userInternal.auth.app)) {
+        return Promise.reject(register._serverAppCurrentUserOperationNotSupportedError(userInternal.auth));
+    }
     const verificationId = await _verifyPhoneNumber(userInternal.auth, phoneNumber, util.getModularInstance(appVerifier));
     return new ConfirmationResultImpl(verificationId, cred => register.reauthenticateWithCredential(userInternal, cred));
 }
@@ -1019,7 +1027,8 @@ async function _verifyPhoneNumber(auth, options, verifier) {
  * Updates the user's phone number.
  *
  * @remarks
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or on any {@link User} signed in by
+ * {@link Auth} instances created with a {@link @firebase/app#FirebaseServerApp}.
  *
  * @example
  * ```
@@ -1038,7 +1047,11 @@ async function _verifyPhoneNumber(auth, options, verifier) {
  * @public
  */
 async function updatePhoneNumber(user, credential) {
-    await register._link(util.getModularInstance(user), credential);
+    const userInternal = util.getModularInstance(user);
+    if (app._isFirebaseServerApp(userInternal.auth.app)) {
+        return Promise.reject(register._serverAppCurrentUserOperationNotSupportedError(userInternal.auth));
+    }
+    await register._link(userInternal, credential);
 }
 /**
@@ -1424,7 +1437,8 @@ const _POLL_WINDOW_CLOSE_TIMEOUT = new register.Delay(2000, 10000);
  * If succeeds, returns the signed in user along with the provider's credential. If sign in was
  * unsuccessful, returns an error object containing additional information about the error.
  *
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or with {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
  *
  * @example
  * ```javascript
@@ -1448,6 +1462,9 @@ const _POLL_WINDOW_CLOSE_TIMEOUT = new register.Delay(2000, 10000);
  * @public
  */
 async function signInWithPopup(auth, provider, resolver) {
+    if (app._isFirebaseServerApp(auth.app)) {
+        return Promise.reject(register._createError(auth, "operation-not-supported-in-this-environment" /* AuthErrorCode.OPERATION_NOT_SUPPORTED */));
+    }
     const authInternal = register._castAuth(auth);
     register._assertInstanceOf(auth, provider, register.FederatedAuthProvider);
     const resolverInternal = _withDefaultResolver(authInternal, resolver);
@@ -1462,7 +1479,8 @@ async function signInWithPopup(auth, provider, resolver) {
  * If the reauthentication is successful, the returned result will contain the user and the
  * provider's credential.
  *
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or on any {@link User} signed in by
+ * {@link Auth} instances created with a {@link @firebase/app#FirebaseServerApp}.
  *
  * @example
  * ```javascript
@@ -1483,6 +1501,9 @@ async function signInWithPopup(auth, provider, resolver) {
  */
 async function reauthenticateWithPopup(user, provider, resolver) {
     const userInternal = util.getModularInstance(user);
+    if (app._isFirebaseServerApp(userInternal.auth.app)) {
+        return Promise.reject(register._createError(userInternal.auth, "operation-not-supported-in-this-environment" /* AuthErrorCode.OPERATION_NOT_SUPPORTED */));
+    }
     register._assertInstanceOf(userInternal.auth, provider, register.FederatedAuthProvider);
     const resolverInternal = _withDefaultResolver(userInternal.auth, resolver);
     const action = new PopupOperation(userInternal.auth, "reauthViaPopup" /* AuthEventType.REAUTH_VIA_POPUP */, provider, resolverInternal, userInternal);
@@ -1734,7 +1755,8 @@ function pendingRedirectKey(auth) {
  * Follow the {@link https://firebase.google.com/docs/auth/web/redirect-best-practices
  * | best practices} when using {@link signInWithRedirect}.
  *
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or with {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
  *
  * @example
  * ```javascript
@@ -1773,6 +1795,9 @@ function signInWithRedirect(auth, provider, resolver) {
     return _signInWithRedirect(auth, provider, resolver);
 }
 async function _signInWithRedirect(auth, provider, resolver) {
+    if (app._isFirebaseServerApp(auth.app)) {
+        return Promise.reject(register._serverAppCurrentUserOperationNotSupportedError(auth));
+    }
     const authInternal = register._castAuth(auth);
     register._assertInstanceOf(auth, provider, register.FederatedAuthProvider);
     // Wait for auth initialization to complete, this will process pending redirects and clear the
@@ -1790,7 +1815,8 @@ async function _signInWithRedirect(auth, provider, resolver) {
  * Follow the {@link https://firebase.google.com/docs/auth/web/redirect-best-practices
  * | best practices} when using {@link reauthenticateWithRedirect}.
  *
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or with {@link Auth} instances
+ * created with a {@link @firebase/app#FirebaseServerApp}.
  *
  * @example
  * ```javascript
@@ -1823,6 +1849,9 @@ function reauthenticateWithRedirect(user, provider, resolver) {
 async function _reauthenticateWithRedirect(user, provider, resolver) {
     const userInternal = util.getModularInstance(user);
     register._assertInstanceOf(userInternal.auth, provider, register.FederatedAuthProvider);
+    if (app._isFirebaseServerApp(userInternal.auth.app)) {
+        return Promise.reject(register._serverAppCurrentUserOperationNotSupportedError(userInternal.auth));
+    }
     // Wait for auth initialization to complete, this will process pending redirects and clear the
     // PENDING_REDIRECT_KEY in persistence. This should be completed before starting a new
     // redirect and creating a PENDING_REDIRECT_KEY entry.
@@ -1840,7 +1869,8 @@ async function _reauthenticateWithRedirect(user, provider, resolver) {
  * Follow the {@link https://firebase.google.com/docs/auth/web/redirect-best-practices
  * | best practices} when using {@link linkWithRedirect}.
  *
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or with {@link Auth} instances
+ * created with a {@link @firebase/app#FirebaseServerApp}.
  *
  * @example
  * ```javascript
@@ -1887,7 +1917,8 @@ async function _linkWithRedirect(user, provider, resolver) {
  * If sign-in succeeded, returns the signed in user. If sign-in was unsuccessful, fails with an
  * error. If no redirect operation was called, returns `null`.
  *
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or with {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
  *
  * @example
  * ```javascript
@@ -1925,6 +1956,9 @@ async function getRedirectResult(auth, resolver) {
     return _getRedirectResult(auth, resolver, false);
 }
 async function _getRedirectResult(auth, resolverExtern, bypassAuthState = false) {
+    if (app._isFirebaseServerApp(auth.app)) {
+        return Promise.reject(register._serverAppCurrentUserOperationNotSupportedError(auth));
+    }
     const authInternal = register._castAuth(auth);
     const resolver = _withDefaultResolver(authInternal, resolverExtern);
     const action = new RedirectAction(authInternal, resolver, bypassAuthState);
@@ -2751,12 +2785,17 @@ function getAuth(app$1 = app.getApp()) {
         ]
     });
     const authTokenSyncPath = util.getExperimentalSetting('authTokenSyncURL');
-    // Don't allow urls (XSS possibility), only paths on the same domain
-    // (starting with a single '/')
-    if (authTokenSyncPath && authTokenSyncPath.match(/^\/[^\/].*/)) {
-        const mintCookie = mintCookieFactory(authTokenSyncPath);
-        register.beforeAuthStateChanged(auth, mintCookie, () => mintCookie(auth.currentUser));
-        register.onIdTokenChanged(auth, user => mintCookie(user));
+    // Only do the Cookie exchange in a secure context
+    if (authTokenSyncPath &&
+        typeof isSecureContext === 'boolean' &&
+        isSecureContext) {
+        // Don't allow urls (XSS possibility), only paths on the same domain
+        const authTokenSyncUrl = new URL(authTokenSyncPath, location.origin);
+        if (location.origin === authTokenSyncUrl.origin) {
+            const mintCookie = mintCookieFactory(authTokenSyncUrl.toString());
+            register.beforeAuthStateChanged(auth, mintCookie, () => mintCookie(auth.currentUser));
+            register.onIdTokenChanged(auth, user => mintCookie(user));
+        }
     }
     const authEmulatorHost = util.getDefaultEmulatorHost('auth');
     if (authEmulatorHost) {