@firebase/auth 1.6.2 → 1.7.0-canary.42fcdfe4c

package/dist/web-extension-cjs/{register-9438f377.js → register-4ce22251.js}

@@ -1,7 +1,7 @@
 'use strict';
 
-var util = require('@firebase/util');
 var app = require('@firebase/app');
+var util = require('@firebase/util');
 var tslib = require('tslib');
 var component = require('@firebase/component');
 var logger = require('@firebase/logger');
@@ -383,6 +383,9 @@ function _errorWithCustomMessage(auth, code, message) {
         appName: auth.name
     });
 }
+function _serverAppCurrentUserOperationNotSupportedError(auth) {
+    return _errorWithCustomMessage(auth, "operation-not-supported-in-this-environment" /* AuthErrorCode.OPERATION_NOT_SUPPORTED */, 'Operations that alter the current user are not supported in conjunction with FirebaseServerApp');
+}
 function _assertInstanceOf(auth, object, instance) {
     const constructorInstance = instance;
     if (!(object instanceof constructorInstance)) {
@@ -1491,11 +1494,16 @@ class StsTokenManager {
             : _tokenExpiresIn(response.idToken);
         this.updateTokensAndExpiration(response.idToken, response.refreshToken, expiresIn);
     }
+    updateFromIdToken(idToken) {
+        _assert(idToken.length !== 0, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
+        const expiresIn = _tokenExpiresIn(idToken);
+        this.updateTokensAndExpiration(idToken, null, expiresIn);
+    }
     async getToken(auth, forceRefresh = false) {
-        _assert(!this.accessToken || this.refreshToken, auth, "user-token-expired" /* AuthErrorCode.TOKEN_EXPIRED */);
         if (!forceRefresh && this.accessToken && !this.isExpired) {
             return this.accessToken;
         }
+        _assert(this.refreshToken, auth, "user-token-expired" /* AuthErrorCode.TOKEN_EXPIRED */);
         if (this.refreshToken) {
             await this.refresh(auth, this.refreshToken);
             return this.accessToken;
@@ -1675,6 +1683,9 @@ class UserImpl {
         }
     }
     async delete() {
+        if (app._isFirebaseServerApp(this.auth.app)) {
+            return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(this.auth));
+        }
         const idToken = await this.getIdToken();
         await _logoutIfInvalidated(this, deleteAccount(this.auth, { idToken }));
         this.stsTokenManager.clearRefreshToken();
@@ -1758,6 +1769,44 @@ class UserImpl {
         await _reloadWithoutSaving(user);
         return user;
     }
+    /**
+     * Initialize a User from an idToken server response
+     * @param auth
+     * @param idTokenResponse
+     */
+    static async _fromGetAccountInfoResponse(auth, response, idToken) {
+        const coreAccount = response.users[0];
+        _assert(coreAccount.localId !== undefined, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
+        const providerData = coreAccount.providerUserInfo !== undefined
+            ? extractProviderData(coreAccount.providerUserInfo)
+            : [];
+        const isAnonymous = !(coreAccount.email && coreAccount.passwordHash) && !(providerData === null || providerData === void 0 ? void 0 : providerData.length);
+        const stsTokenManager = new StsTokenManager();
+        stsTokenManager.updateFromIdToken(idToken);
+        // Initialize the Firebase Auth user.
+        const user = new UserImpl({
+            uid: coreAccount.localId,
+            auth,
+            stsTokenManager,
+            isAnonymous
+        });
+        // update the user with data from the GetAccountInfo response.
+        const updates = {
+            uid: coreAccount.localId,
+            displayName: coreAccount.displayName || null,
+            photoURL: coreAccount.photoUrl || null,
+            email: coreAccount.email || null,
+            emailVerified: coreAccount.emailVerified || false,
+            phoneNumber: coreAccount.phoneNumber || null,
+            tenantId: coreAccount.tenantId || null,
+            providerData,
+            metadata: new UserMetadata(coreAccount.createdAt, coreAccount.lastLoginAt),
+            isAnonymous: !(coreAccount.email && coreAccount.passwordHash) &&
+                !(providerData === null || providerData === void 0 ? void 0 : providerData.length)
+        };
+        Object.assign(user, updates);
+        return user;
+    }
 }
 
 /**
@@ -2501,8 +2550,32 @@ class AuthImpl {
         // Skip blocking callbacks, they should not apply to a change in another tab.
         await this._updateCurrentUser(user, /* skipBeforeStateCallbacks */ true);
     }
+    async initializeCurrentUserFromIdToken(idToken) {
+        try {
+            const response = await getAccountInfo(this, { idToken });
+            const user = await UserImpl._fromGetAccountInfoResponse(this, response, idToken);
+            await this.directlySetCurrentUser(user);
+        }
+        catch (err) {
+            console.warn('FirebaseServerApp could not login user with provided authIdToken: ', err);
+            await this.directlySetCurrentUser(null);
+        }
+    }
     async initializeCurrentUser(popupRedirectResolver) {
         var _a;
+        if (app._isFirebaseServerApp(this.app)) {
+            const idToken = this.app.settings.authIdToken;
+            if (idToken) {
+                // Start the auth operation in the next tick to allow a moment for the customer's app to
+                // attach an emulator, if desired.
+                return new Promise(resolve => {
+                    setTimeout(() => this.initializeCurrentUserFromIdToken(idToken).then(resolve, resolve));
+                });
+            }
+            else {
+                return this.directlySetCurrentUser(null);
+            }
+        }
         // First check to see if we have a pending redirect event.
         const previouslyStoredUser = (await this.assertedPersistence.getCurrentUser());
         let futureCurrentUser = previouslyStoredUser;
@@ -2608,6 +2681,9 @@ class AuthImpl {
         this._deleted = true;
     }
     async updateCurrentUser(userExtern) {
+        if (app._isFirebaseServerApp(this.app)) {
+            return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(this));
+        }
         // The public updateCurrentUser method needs to make a copy of the user,
         // and also check that the project matches
         const user = userExtern
@@ -2634,6 +2710,9 @@ class AuthImpl {
         });
     }
     async signOut() {
+        if (app._isFirebaseServerApp(this.app)) {
+            return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(this));
+        }
         // Run first, to block _setRedirectUser() if any callbacks fail.
         await this.beforeStateQueue.runMiddleware(null);
         // Clear the redirect user when signOut is called
@@ -2645,6 +2724,9 @@ class AuthImpl {
         return this._updateCurrentUser(null, /* skipBeforeStateCallbacks */ true);
     }
     setPersistence(persistence) {
+        if (app._isFirebaseServerApp(this.app)) {
+            return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(this));
+        }
         return this.queue(async () => {
             await this.assertedPersistence.setPersistence(_getInstance(persistence));
         });
@@ -5090,12 +5172,18 @@ function providerIdForResponse(response) {
  * If there is already an anonymous user signed in, that user will be returned; otherwise, a
  * new anonymous user identity will be created and returned.
  *
+ * This method is not supported by {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * @param auth - The {@link Auth} instance.
  *
  * @public
  */
 async function signInAnonymously(auth) {
     var _a;
+    if (app._isFirebaseServerApp(auth.app)) {
+        return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(auth));
+    }
     const authInternal = _castAuth(auth);
     await authInternal._initializationPromise;
     if ((_a = authInternal.currentUser) === null || _a === void 0 ? void 0 : _a.isAnonymous) {
@@ -5256,6 +5344,9 @@ async function _assertLinkedStatus(expected, user, provider) {
  */
 async function _reauthenticate(user, credential, bypassAuthState = false) {
     const { auth } = user;
+    if (app._isFirebaseServerApp(auth.app)) {
+        return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(auth));
+    }
     const operationType = "reauthenticate" /* OperationType.REAUTHENTICATE */;
     try {
         const response = await _logoutIfInvalidated(user, _processCredentialSavingMfaContextIfNecessary(auth, operationType, credential, user), bypassAuthState);
@@ -5292,6 +5383,9 @@ async function _reauthenticate(user, credential, bypassAuthState = false) {
  * limitations under the License.
  */
 async function _signInWithCredential(auth, credential, bypassAuthState = false) {
+    if (app._isFirebaseServerApp(auth.app)) {
+        return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(auth));
+    }
     const operationType = "signIn" /* OperationType.SIGN_IN */;
     const response = await _processCredentialSavingMfaContextIfNecessary(auth, operationType, credential);
     const userCredential = await UserCredentialImpl._fromIdTokenResponse(auth, operationType, response);
@@ -5306,6 +5400,9 @@ async function _signInWithCredential(auth, credential, bypassAuthState = false)
  * @remarks
  * An {@link AuthProvider} can be used to generate the credential.
  *
+ * This method is not supported by {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * @param auth - The {@link Auth} instance.
  * @param credential - The auth credential.
  *
@@ -5338,6 +5435,9 @@ async function linkWithCredential(user, credential) {
  * attempts. This method can be used to recover from a `CREDENTIAL_TOO_OLD_LOGIN_AGAIN` error
  * or a `TOKEN_EXPIRED` error.
  *
+ * This method is not supported on any {@link User} signed in by {@link Auth} instances
+ * created with a {@link @firebase/app#FirebaseServerApp}.
+ *
  * @param user - The user.
  * @param credential - The auth credential.
  *
@@ -5394,12 +5494,18 @@ async function signInWithCustomToken$1(auth, request) {
  *
  * Fails with an error if the token is invalid, expired, or not accepted by the Firebase Auth service.
  *
+ * This method is not supported by {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * @param auth - The {@link Auth} instance.
  * @param customToken - The custom token to sign in with.
  *
  * @public
  */
 async function signInWithCustomToken(auth, customToken) {
+    if (app._isFirebaseServerApp(auth.app)) {
+        return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(auth));
+    }
     const authInternal = _castAuth(auth);
     const response = await signInWithCustomToken$1(authInternal, {
         token: customToken,
@@ -5687,6 +5793,9 @@ async function verifyPasswordResetCode(auth, code) {
  *
  * User account creation can fail if the account already exists or the password is invalid.
  *
+ * This method is not supported on {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * Note: The email address acts as a unique identifier for the user and enables an email-based
  * password reset. This function will create a new user account and set the initial user password.
  *
@@ -5697,6 +5806,9 @@ async function verifyPasswordResetCode(auth, code) {
  * @public
  */
 async function createUserWithEmailAndPassword(auth, email, password) {
+    if (app._isFirebaseServerApp(auth.app)) {
+        return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(auth));
+    }
     const authInternal = _castAuth(auth);
     const request = {
         returnSecureToken: true,
@@ -5723,10 +5835,14 @@ async function createUserWithEmailAndPassword(auth, email, password) {
  * When [Email Enumeration Protection](https://cloud.google.com/identity-platform/docs/admin/email-enumeration-protection) is enabled,
  * this method fails with "auth/invalid-credential" in case of an invalid email/password.
  *
+ * This method is not supported on {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * Note: The user's password is NOT the password used to access the user's email account. The
  * email address serves as a unique identifier for the user, and the password is used to access
  * the user's account in your Firebase project. See also: {@link createUserWithEmailAndPassword}.
  *
+ *
  * @param auth - The {@link Auth} instance.
  * @param email - The users email address.
  * @param password - The users password.
@@ -5734,6 +5850,9 @@ async function createUserWithEmailAndPassword(auth, email, password) {
  * @public
  */
 function signInWithEmailAndPassword(auth, email, password) {
+    if (app._isFirebaseServerApp(auth.app)) {
+        return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(auth));
+    }
     return signInWithCredential(util.getModularInstance(auth), EmailAuthProvider.credential(email, password)).catch(async (error) => {
         if (error.code === `auth/${"password-does-not-meet-requirements" /* AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */}`) {
             void recachePasswordPolicy(auth);
@@ -5832,6 +5951,9 @@ function isSignInWithEmailLink(auth, emailLink) {
  *
  * Fails with an error if the email address is invalid or OTP in email link expires.
  *
+ * This method is not supported by {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * Note: Confirm the link is a sign-in email link before calling this method firebase.auth.Auth.isSignInWithEmailLink.
  *
  * @example
@@ -5855,6 +5977,7 @@ function isSignInWithEmailLink(auth, emailLink) {
  * }
  * ```
  *
+ *
  * @param auth - The {@link Auth} instance.
  * @param email - The user's email address.
  * @param emailLink - The link sent to the user's email address.
@@ -5862,6 +5985,9 @@ function isSignInWithEmailLink(auth, emailLink) {
  * @public
  */
 async function signInWithEmailLink(auth, email, emailLink) {
+    if (app._isFirebaseServerApp(auth.app)) {
+        return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(auth));
+    }
     const authModular = util.getModularInstance(auth);
     const credential = EmailAuthProvider.credentialWithLink(email, emailLink || _getCurrentUrl());
     // Check if the tenant ID in the email link matches the tenant ID on Auth
@@ -6108,6 +6234,9 @@ async function updateProfile(user, { displayName, photoURL: photoUrl }) {
  * An email will be sent to the original email address (if it was set) that allows to revoke the
  * email address change, in order to protect them from account hijacking.
  *
+ * This method is not supported on any {@link User} signed in by {@link Auth} instances
+ * created with a {@link @firebase/app#FirebaseServerApp}.
+ *
  * Important: this is a security sensitive operation that requires the user to have recently signed
  * in. If this requirement isn't met, ask the user to authenticate again and then call
  * {@link reauthenticateWithCredential}.
@@ -6121,7 +6250,11 @@ async function updateProfile(user, { displayName, photoURL: photoUrl }) {
  * @public
  */
 function updateEmail(user, newEmail) {
-    return updateEmailOrPassword(util.getModularInstance(user), newEmail, null);
+    const userInternal = util.getModularInstance(user);
+    if (app._isFirebaseServerApp(userInternal.auth.app)) {
+        return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(userInternal.auth));
+    }
+    return updateEmailOrPassword(userInternal, newEmail, null);
 }
 /**
  * Updates the user's password.
@@ -6298,7 +6431,8 @@ function getAdditionalUserInfo(userCredential) {
  * remembered or not. It also makes it easier to never persist the `Auth` state for applications
  * that are shared by other users or have sensitive data.
  *
- * This method does not work in a Node.js environment.
+ * This method does not work in a Node.js environment or with {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
  *
  * @example
  * ```javascript
@@ -6444,6 +6578,9 @@ function useDeviceLanguage(auth) {
  * The operation fails with an error if the user to be updated belongs to a different Firebase
  * project.
  *
+ * This method is not supported by {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * @param auth - The {@link Auth} instance.
  * @param user - The new {@link User}.
  *
@@ -6455,6 +6592,10 @@ function updateCurrentUser(auth, user) {
 /**
  * Signs out the current user.
  *
+ * @remarks
+ * This method is not supported by {@link Auth} instances created with a
+ * {@link @firebase/app#FirebaseServerApp}.
+ *
  * @param auth - The {@link Auth} instance.
  *
  * @public
@@ -7610,7 +7751,7 @@ function _isEmptyString(input) {
 }
 
 var name = "@firebase/auth";
-var version = "1.6.2";
+var version = "1.7.0-canary.42fcdfe4c";
 
 /**
  * @license
@@ -7811,6 +7952,7 @@ exports._performApiRequest = _performApiRequest;
 exports._persistenceKeyName = _persistenceKeyName;
 exports._reauthenticate = _reauthenticate;
 exports._recaptchaV2ScriptUrl = _recaptchaV2ScriptUrl;
+exports._serverAppCurrentUserOperationNotSupportedError = _serverAppCurrentUserOperationNotSupportedError;
 exports._setExternalJSProvider = _setExternalJSProvider;
 exports._setWindowLocation = _setWindowLocation;
 exports._signInWithCredential = _signInWithCredential;
@@ -7871,4 +8013,4 @@ exports.useDeviceLanguage = useDeviceLanguage;
 exports.validatePassword = validatePassword;
 exports.verifyBeforeUpdateEmail = verifyBeforeUpdateEmail;
 exports.verifyPasswordResetCode = verifyPasswordResetCode;
-//# sourceMappingURL=register-9438f377.js.map
+//# sourceMappingURL=register-4ce22251.js.map