@firebase/auth 1.7.9 → 1.8.0

package/dist/web-extension-cjs/src/api/account_management/mfa.d.ts

@@ -14,6 +14,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+import { RecaptchaClientType, RecaptchaVersion } from '../index';
 import { SignInWithPhoneNumberRequest } from '../authentication/sms';
 import { FinalizeMfaResponse } from '../authentication/mfa';
 import { AuthInternal } from '../../model/auth';
@@ -44,7 +45,10 @@ export interface StartPhoneMfaEnrollmentRequest {
     idToken: string;
     phoneEnrollmentInfo: {
         phoneNumber: string;
-        recaptchaToken: string;
+        recaptchaToken?: string;
+        captchaResponse?: string;
+        clientType?: RecaptchaClientType;
+        recaptchaVersion?: RecaptchaVersion;
     };
     tenantId?: string;
 }

package/dist/web-extension-cjs/src/api/authentication/mfa.d.ts

@@ -14,6 +14,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+import { RecaptchaClientType, RecaptchaVersion } from '../index';
 import { Auth } from '../../model/public_types';
 import { IdTokenResponse } from '../../model/id_token';
 import { MfaEnrollment } from '../account_management/mfa';
@@ -34,7 +35,10 @@ export interface StartPhoneMfaSignInRequest {
     mfaPendingCredential: string;
     mfaEnrollmentId: string;
     phoneSignInInfo: {
-        recaptchaToken: string;
+        recaptchaToken?: string;
+        captchaResponse?: string;
+        clientType?: RecaptchaClientType;
+        recaptchaVersion?: RecaptchaVersion;
     };
     tenantId?: string;
 }

package/dist/web-extension-cjs/src/api/authentication/sms.d.ts

@@ -14,12 +14,16 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+import { RecaptchaClientType, RecaptchaVersion } from '../index';
 import { IdTokenResponse } from '../../model/id_token';
 import { Auth } from '../../model/public_types';
 export interface SendPhoneVerificationCodeRequest {
     phoneNumber: string;
-    recaptchaToken: string;
+    recaptchaToken?: string;
     tenantId?: string;
+    captchaResponse?: string;
+    clientType?: RecaptchaClientType;
+    recaptchaVersion?: RecaptchaVersion;
 }
 export interface SendPhoneVerificationCodeResponse {
     sessionInfo: string;

package/dist/web-extension-cjs/src/api/index.d.ts

@@ -69,7 +69,10 @@ export declare const enum RecaptchaVersion {
 export declare const enum RecaptchaActionName {
     SIGN_IN_WITH_PASSWORD = "signInWithPassword",
     GET_OOB_CODE = "getOobCode",
-    SIGN_UP_PASSWORD = "signUpPassword"
+    SIGN_UP_PASSWORD = "signUpPassword",
+    SEND_VERIFICATION_CODE = "sendVerificationCode",
+    MFA_SMS_ENROLLMENT = "mfaSmsEnrollment",
+    MFA_SMS_SIGNIN = "mfaSmsSignIn"
 }
 export declare const enum EnforcementState {
     ENFORCE = "ENFORCE",
@@ -77,8 +80,9 @@ export declare const enum EnforcementState {
     OFF = "OFF",
     ENFORCEMENT_STATE_UNSPECIFIED = "ENFORCEMENT_STATE_UNSPECIFIED"
 }
-export declare const enum RecaptchaProvider {
-    EMAIL_PASSWORD_PROVIDER = "EMAIL_PASSWORD_PROVIDER"
+export declare const enum RecaptchaAuthProvider {
+    EMAIL_PASSWORD_PROVIDER = "EMAIL_PASSWORD_PROVIDER",
+    PHONE_PROVIDER = "PHONE_PROVIDER"
 }
 export declare const DEFAULT_API_TIMEOUT_MS: Delay;
 export declare function _addTidIfNecessary<T extends {

package/dist/web-extension-cjs/src/platform_browser/providers/phone.d.ts

@@ -74,14 +74,16 @@ export declare class PhoneAuthProvider {
      *
      * @param phoneInfoOptions - The user's {@link PhoneInfoOptions}. The phone number should be in
      * E.164 format (e.g. +16505550101).
-     * @param applicationVerifier - For abuse prevention, this method also requires a
-     * {@link ApplicationVerifier}. This SDK includes a reCAPTCHA-based implementation,
-     * {@link RecaptchaVerifier}.
+     * @param applicationVerifier - An {@link ApplicationVerifier}, which prevents
+     * requests from unauthorized clients. This SDK includes an implementation
+     * based on reCAPTCHA v2, {@link RecaptchaVerifier}. If you've enabled
+     * reCAPTCHA Enterprise bot protection in Enforce mode, this parameter is
+     * optional; in all other configurations, the parameter is required.
      *
      * @returns A Promise for a verification ID that can be passed to
-     * {@link PhoneAuthProvider.credential} to identify this flow..
+     * {@link PhoneAuthProvider.credential} to identify this flow.
      */
-    verifyPhoneNumber(phoneOptions: PhoneInfoOptions | string, applicationVerifier: ApplicationVerifier): Promise<string>;
+    verifyPhoneNumber(phoneOptions: PhoneInfoOptions | string, applicationVerifier?: ApplicationVerifier): Promise<string>;
     /**
      * Creates a phone auth credential, given the verification ID from
      * {@link PhoneAuthProvider.verifyPhoneNumber} and the code that was sent to the user's

package/dist/web-extension-cjs/src/platform_browser/recaptcha/recaptcha.d.ts

@@ -68,4 +68,11 @@ export declare class RecaptchaConfig {
      * @returns Whether or not reCAPTCHA Enterprise protection is enabled for the given provider.
      */
     isProviderEnabled(providerStr: string): boolean;
+    /**
+     * Returns true if reCAPTCHA Enterprise protection is enabled in at least one provider, otherwise
+     * returns false.
+     *
+     * @returns Whether or not reCAPTCHA Enterprise protection is enabled for at least one provider.
+     */
+    isAnyProviderEnabled(): boolean;
 }

package/dist/web-extension-cjs/src/platform_browser/recaptcha/recaptcha_enterprise_verifier.d.ts

@@ -14,7 +14,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-import { RecaptchaActionName } from '../../api';
+import { RecaptchaActionName, RecaptchaAuthProvider } from '../../api';
 import { Auth } from '../../model/public_types';
 import { AuthInternal } from '../../model/auth';
 export declare const RECAPTCHA_ENTERPRISE_VERIFIER_TYPE = "recaptcha-enterprise";
@@ -38,8 +38,8 @@ export declare class RecaptchaEnterpriseVerifier {
      */
     verify(action?: string, forceRefresh?: boolean): Promise<string>;
 }
-export declare function injectRecaptchaFields<T>(auth: AuthInternal, request: T, action: RecaptchaActionName, captchaResp?: boolean): Promise<T>;
-declare type ActionMethod<TRequest, TResponse> = (auth: Auth, request: TRequest) => Promise<TResponse>;
-export declare function handleRecaptchaFlow<TRequest, TResponse>(authInstance: AuthInternal, request: TRequest, actionName: RecaptchaActionName, actionMethod: ActionMethod<TRequest, TResponse>): Promise<TResponse>;
+export declare function injectRecaptchaFields<T>(auth: AuthInternal, request: T, action: RecaptchaActionName, isCaptchaResp?: boolean, isFakeToken?: boolean): Promise<T>;
+declare type ActionMethod<TRequest, TResponse> = (auth: AuthInternal, request: TRequest) => Promise<TResponse>;
+export declare function handleRecaptchaFlow<TRequest, TResponse>(authInstance: AuthInternal, request: TRequest, actionName: RecaptchaActionName, actionMethod: ActionMethod<TRequest, TResponse>, recaptchaAuthProvider: RecaptchaAuthProvider): Promise<TResponse>;
 export declare function _initializeRecaptchaConfig(auth: Auth): Promise<void>;
 export {};

package/dist/web-extension-cjs/src/platform_browser/strategies/phone.d.ts

@@ -27,12 +27,15 @@ import { AuthInternal } from '../../model/auth';
  * provides the code sent to their phone, call {@link ConfirmationResult.confirm}
  * with the code to sign the user in.
  *
- * For abuse prevention, this method also requires a {@link ApplicationVerifier}.
- * This SDK includes a reCAPTCHA-based implementation, {@link RecaptchaVerifier}.
+ * For abuse prevention, this method requires a {@link ApplicationVerifier}.
+ * This SDK includes an implementation based on reCAPTCHA v2, {@link RecaptchaVerifier}.
  * This function can work on other platforms that do not support the
  * {@link RecaptchaVerifier} (like React Native), but you need to use a
  * third-party {@link ApplicationVerifier} implementation.
  *
+ * If you've enabled project-level reCAPTCHA Enterprise bot protection in
+ * Enforce mode, you can omit the {@link ApplicationVerifier}.
+ *
  * This method does not work in a Node.js environment or with {@link Auth} instances created with a
  * {@link @firebase/app#FirebaseServerApp}.
  *
@@ -51,7 +54,7 @@ import { AuthInternal } from '../../model/auth';
  *
  * @public
  */
-export declare function signInWithPhoneNumber(auth: Auth, phoneNumber: string, appVerifier: ApplicationVerifier): Promise<ConfirmationResult>;
+export declare function signInWithPhoneNumber(auth: Auth, phoneNumber: string, appVerifier?: ApplicationVerifier): Promise<ConfirmationResult>;
 /**
  * Links the user account with the given phone number.
  *
@@ -64,7 +67,7 @@ export declare function signInWithPhoneNumber(auth: Auth, phoneNumber: string, a
  *
  * @public
  */
-export declare function linkWithPhoneNumber(user: User, phoneNumber: string, appVerifier: ApplicationVerifier): Promise<ConfirmationResult>;
+export declare function linkWithPhoneNumber(user: User, phoneNumber: string, appVerifier?: ApplicationVerifier): Promise<ConfirmationResult>;
 /**
  * Re-authenticates a user using a fresh phone credential.
  *
@@ -80,12 +83,12 @@ export declare function linkWithPhoneNumber(user: User, phoneNumber: string, app
  *
  * @public
  */
-export declare function reauthenticateWithPhoneNumber(user: User, phoneNumber: string, appVerifier: ApplicationVerifier): Promise<ConfirmationResult>;
+export declare function reauthenticateWithPhoneNumber(user: User, phoneNumber: string, appVerifier?: ApplicationVerifier): Promise<ConfirmationResult>;
 /**
  * Returns a verification ID to be used in conjunction with the SMS code that is sent.
  *
  */
-export declare function _verifyPhoneNumber(auth: AuthInternal, options: PhoneInfoOptions | string, verifier: ApplicationVerifierInternal): Promise<string>;
+export declare function _verifyPhoneNumber(auth: AuthInternal, options: PhoneInfoOptions | string, verifier?: ApplicationVerifierInternal): Promise<string>;
 /**
  * Updates the user's phone number.
  *
@@ -110,3 +113,4 @@ export declare function _verifyPhoneNumber(auth: AuthInternal, options: PhoneInf
  * @public
  */
 export declare function updatePhoneNumber(user: User, credential: PhoneAuthCredential): Promise<void>;
+export declare function injectRecaptchaV2Token<T>(auth: AuthInternal, request: T, recaptchaV2Verifier: ApplicationVerifierInternal): Promise<T>;

package/dist/web-extension-cjs/test/integration/flows/recaptcha_enterprise.test.d.ts

@@ -0,0 +1,17 @@
+/**
+ * @license
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+export {};

package/dist/web-extension-esm2017/auth-web-extension-public.d.ts

@@ -2283,6 +2283,13 @@ declare class RecaptchaConfig {
      * @returns Whether or not reCAPTCHA Enterprise protection is enabled for the given provider.
      */
     isProviderEnabled(providerStr: string): boolean;
+    /**
+     * Returns true if reCAPTCHA Enterprise protection is enabled in at least one provider, otherwise
+     * returns false.
+     *
+     * @returns Whether or not reCAPTCHA Enterprise protection is enabled for at least one provider.
+     */
+    isAnyProviderEnabled(): boolean;
 }
 
 declare interface RecaptchaEnforcementProviderState {

package/dist/web-extension-esm2017/auth-web-extension.d.ts

@@ -2743,6 +2743,13 @@ declare class RecaptchaConfig {
      * @returns Whether or not reCAPTCHA Enterprise protection is enabled for the given provider.
      */
     isProviderEnabled(providerStr: string): boolean;
+    /**
+     * Returns true if reCAPTCHA Enterprise protection is enabled in at least one provider, otherwise
+     * returns false.
+     *
+     * @returns Whether or not reCAPTCHA Enterprise protection is enabled for at least one provider.
+     */
+    isAnyProviderEnabled(): boolean;
 }
 
 declare interface RecaptchaEnforcementProviderState {

package/dist/web-extension-esm2017/index.js

@@ -1,5 +1,5 @@
-import { r as registerAuth, i as initializeAuth, a as indexedDBLocalPersistence, c as connectAuthEmulator } from './register-428f8789.js';
-export { Y as ActionCodeURL, m as AuthCredential, A as AuthErrorCodes, E as EmailAuthCredential, q as EmailAuthProvider, F as FacebookAuthProvider, t as GithubAuthProvider, G as GoogleAuthProvider, O as OAuthCredential, w as OAuthProvider, P as PhoneAuthCredential, S as SAMLAuthProvider, T as TotpMultiFactorGenerator, b as TotpSecret, x as TwitterAuthProvider, J as applyActionCode, e as beforeAuthStateChanged, K as checkActionCode, I as confirmPasswordReset, c as connectAuthEmulator, M as createUserWithEmailAndPassword, l as debugErrorMap, k as deleteUser, V as fetchSignInMethodsForEmail, a4 as getAdditionalUserInfo, a1 as getIdToken, a2 as getIdTokenResult, a6 as getMultiFactorResolver, n as inMemoryPersistence, a as indexedDBLocalPersistence, i as initializeAuth, d as initializeRecaptchaConfig, R as isSignInWithEmailLink, B as linkWithCredential, a7 as multiFactor, f as onAuthStateChanged, o as onIdTokenChanged, Z as parseActionCodeURL, p as prodErrorMap, C as reauthenticateWithCredential, a5 as reload, j as revokeAccessToken, W as sendEmailVerification, H as sendPasswordResetEmail, Q as sendSignInLinkToEmail, s as setPersistence, y as signInAnonymously, z as signInWithCredential, D as signInWithCustomToken, N as signInWithEmailAndPassword, U as signInWithEmailLink, h as signOut, a3 as unlink, g as updateCurrentUser, $ as updateEmail, a0 as updatePassword, _ as updateProfile, u as useDeviceLanguage, v as validatePassword, X as verifyBeforeUpdateEmail, L as verifyPasswordResetCode } from './register-428f8789.js';
+import { r as registerAuth, i as initializeAuth, a as indexedDBLocalPersistence, c as connectAuthEmulator } from './register-77f1d56a.js';
+export { Y as ActionCodeURL, m as AuthCredential, A as AuthErrorCodes, E as EmailAuthCredential, q as EmailAuthProvider, F as FacebookAuthProvider, t as GithubAuthProvider, G as GoogleAuthProvider, O as OAuthCredential, w as OAuthProvider, P as PhoneAuthCredential, S as SAMLAuthProvider, T as TotpMultiFactorGenerator, b as TotpSecret, x as TwitterAuthProvider, J as applyActionCode, e as beforeAuthStateChanged, K as checkActionCode, I as confirmPasswordReset, c as connectAuthEmulator, M as createUserWithEmailAndPassword, l as debugErrorMap, k as deleteUser, V as fetchSignInMethodsForEmail, a4 as getAdditionalUserInfo, a1 as getIdToken, a2 as getIdTokenResult, a6 as getMultiFactorResolver, n as inMemoryPersistence, a as indexedDBLocalPersistence, i as initializeAuth, d as initializeRecaptchaConfig, R as isSignInWithEmailLink, B as linkWithCredential, a7 as multiFactor, f as onAuthStateChanged, o as onIdTokenChanged, Z as parseActionCodeURL, p as prodErrorMap, C as reauthenticateWithCredential, a5 as reload, j as revokeAccessToken, W as sendEmailVerification, H as sendPasswordResetEmail, Q as sendSignInLinkToEmail, s as setPersistence, y as signInAnonymously, z as signInWithCredential, D as signInWithCustomToken, N as signInWithEmailAndPassword, U as signInWithEmailLink, h as signOut, a3 as unlink, g as updateCurrentUser, $ as updateEmail, a0 as updatePassword, _ as updateProfile, u as useDeviceLanguage, v as validatePassword, X as verifyBeforeUpdateEmail, L as verifyPasswordResetCode } from './register-77f1d56a.js';
 import { _getProvider, getApp } from '@firebase/app';
 import { getDefaultEmulatorHost } from '@firebase/util';
 import 'tslib';

package/dist/web-extension-esm2017/internal.js

@@ -1,5 +1,5 @@
-import { a8 as STORAGE_AVAILABLE_KEY, a9 as _isMobileBrowser, aa as _isIE10, ab as _assert, ac as Delay, ad as _window, ae as isV2, af as _createError, ag as _recaptchaV2ScriptUrl, ah as _loadJS, ai as _generateCallbackName, aj as _castAuth, ak as _isHttpOrHttps, al as _isWorker, am as getRecaptchaParams, an as _serverAppCurrentUserOperationNotSupportedError, z as signInWithCredential, ao as _assertLinkedStatus, B as linkWithCredential, C as reauthenticateWithCredential, ap as startEnrollPhoneMfa, aq as startSignInPhoneMfa, ar as sendPhoneVerificationCode, as as _link$1, P as PhoneAuthCredential, at as _getInstance, au as _signInWithCredential, av as _reauthenticate, m as AuthCredential, aw as signInWithIdp, ax as _fail, ay as debugAssert, az as _assertInstanceOf, aA as _generateEventId, aB as FederatedAuthProvider, aC as _persistenceKeyName, aD as _performApiRequest, aE as _getCurrentUrl, aF as _gapiScriptUrl, aG as _emulatorUrl, aH as _isChromeIOS, aI as _isFirefox, aJ as _isIOSStandalone, aK as BaseOAuthProvider, aL as _setWindowLocation, aM as _isSafari, aN as _isIOS, aO as MultiFactorAssertionImpl, aP as finalizeEnrollPhoneMfa, aQ as finalizeSignInPhoneMfa, r as registerAuth, i as initializeAuth, a as indexedDBLocalPersistence, e as beforeAuthStateChanged, o as onIdTokenChanged, c as connectAuthEmulator, aR as _setExternalJSProvider, aS as _isAndroid, aT as _isIOS7Or8 } from './register-428f8789.js';
-export { Y as ActionCodeURL, m as AuthCredential, A as AuthErrorCodes, aV as AuthImpl, E as EmailAuthCredential, q as EmailAuthProvider, F as FacebookAuthProvider, aX as FetchProvider, t as GithubAuthProvider, G as GoogleAuthProvider, O as OAuthCredential, w as OAuthProvider, P as PhoneAuthCredential, aY as SAMLAuthCredential, S as SAMLAuthProvider, T as TotpMultiFactorGenerator, b as TotpSecret, x as TwitterAuthProvider, aU as UserImpl, ab as _assert, aj as _castAuth, ax as _fail, aA as _generateEventId, aW as _getClientVersion, at as _getInstance, aC as _persistenceKeyName, J as applyActionCode, e as beforeAuthStateChanged, K as checkActionCode, I as confirmPasswordReset, c as connectAuthEmulator, M as createUserWithEmailAndPassword, l as debugErrorMap, k as deleteUser, V as fetchSignInMethodsForEmail, a4 as getAdditionalUserInfo, a1 as getIdToken, a2 as getIdTokenResult, a6 as getMultiFactorResolver, n as inMemoryPersistence, a as indexedDBLocalPersistence, i as initializeAuth, d as initializeRecaptchaConfig, R as isSignInWithEmailLink, B as linkWithCredential, a7 as multiFactor, f as onAuthStateChanged, o as onIdTokenChanged, Z as parseActionCodeURL, p as prodErrorMap, C as reauthenticateWithCredential, a5 as reload, j as revokeAccessToken, W as sendEmailVerification, H as sendPasswordResetEmail, Q as sendSignInLinkToEmail, s as setPersistence, y as signInAnonymously, z as signInWithCredential, D as signInWithCustomToken, N as signInWithEmailAndPassword, U as signInWithEmailLink, h as signOut, a3 as unlink, g as updateCurrentUser, $ as updateEmail, a0 as updatePassword, _ as updateProfile, u as useDeviceLanguage, v as validatePassword, X as verifyBeforeUpdateEmail, L as verifyPasswordResetCode } from './register-428f8789.js';
+import { a8 as STORAGE_AVAILABLE_KEY, a9 as _isMobileBrowser, aa as _isIE10, ab as Delay, ac as _window, ad as _assert, ae as isV2, af as _createError, ag as _recaptchaV2ScriptUrl, ah as _loadJS, ai as MockReCaptcha, aj as _generateCallbackName, ak as _castAuth, al as _isHttpOrHttps, am as _isWorker, an as getRecaptchaParams, ao as _serverAppCurrentUserOperationNotSupportedError, z as signInWithCredential, ap as _assertLinkedStatus, B as linkWithCredential, C as reauthenticateWithCredential, aq as _initializeRecaptchaConfig, ar as FAKE_TOKEN, as as startEnrollPhoneMfa, at as handleRecaptchaFlow, au as startSignInPhoneMfa, av as sendPhoneVerificationCode, aw as _link$1, P as PhoneAuthCredential, ax as _getInstance, ay as _signInWithCredential, az as _reauthenticate, m as AuthCredential, aA as signInWithIdp, aB as _fail, aC as debugAssert, aD as _assertInstanceOf, aE as _generateEventId, aF as FederatedAuthProvider, aG as _persistenceKeyName, aH as _performApiRequest, aI as _getCurrentUrl, aJ as _gapiScriptUrl, aK as _emulatorUrl, aL as _isChromeIOS, aM as _isFirefox, aN as _isIOSStandalone, aO as BaseOAuthProvider, aP as _setWindowLocation, aQ as _isSafari, aR as _isIOS, aS as MultiFactorAssertionImpl, aT as finalizeEnrollPhoneMfa, aU as finalizeSignInPhoneMfa, r as registerAuth, i as initializeAuth, a as indexedDBLocalPersistence, e as beforeAuthStateChanged, o as onIdTokenChanged, c as connectAuthEmulator, aV as _setExternalJSProvider, aW as _isAndroid, aX as _isIOS7Or8 } from './register-77f1d56a.js';
+export { Y as ActionCodeURL, m as AuthCredential, A as AuthErrorCodes, aZ as AuthImpl, E as EmailAuthCredential, q as EmailAuthProvider, F as FacebookAuthProvider, a$ as FetchProvider, t as GithubAuthProvider, G as GoogleAuthProvider, O as OAuthCredential, w as OAuthProvider, P as PhoneAuthCredential, b0 as SAMLAuthCredential, S as SAMLAuthProvider, T as TotpMultiFactorGenerator, b as TotpSecret, x as TwitterAuthProvider, aY as UserImpl, ad as _assert, ak as _castAuth, aB as _fail, aE as _generateEventId, a_ as _getClientVersion, ax as _getInstance, aG as _persistenceKeyName, J as applyActionCode, e as beforeAuthStateChanged, K as checkActionCode, I as confirmPasswordReset, c as connectAuthEmulator, M as createUserWithEmailAndPassword, l as debugErrorMap, k as deleteUser, V as fetchSignInMethodsForEmail, a4 as getAdditionalUserInfo, a1 as getIdToken, a2 as getIdTokenResult, a6 as getMultiFactorResolver, n as inMemoryPersistence, a as indexedDBLocalPersistence, i as initializeAuth, d as initializeRecaptchaConfig, R as isSignInWithEmailLink, B as linkWithCredential, a7 as multiFactor, f as onAuthStateChanged, o as onIdTokenChanged, Z as parseActionCodeURL, p as prodErrorMap, C as reauthenticateWithCredential, a5 as reload, j as revokeAccessToken, W as sendEmailVerification, H as sendPasswordResetEmail, Q as sendSignInLinkToEmail, s as setPersistence, y as signInAnonymously, z as signInWithCredential, D as signInWithCustomToken, N as signInWithEmailAndPassword, U as signInWithEmailLink, h as signOut, a3 as unlink, g as updateCurrentUser, $ as updateEmail, a0 as updatePassword, _ as updateProfile, u as useDeviceLanguage, v as validatePassword, X as verifyBeforeUpdateEmail, L as verifyPasswordResetCode } from './register-77f1d56a.js';
 import { querystring, getModularInstance, getUA, isEmpty, getExperimentalSetting, getDefaultEmulatorHost, querystringDecode } from '@firebase/util';
 import { _isFirebaseServerApp, SDK_VERSION, _getProvider, getApp } from '@firebase/app';
 import 'tslib';
@@ -379,134 +379,6 @@ BrowserSessionPersistence.type = 'SESSION';
  */
 const browserSessionPersistence = BrowserSessionPersistence;
 
-/**
- * @license
- * Copyright 2020 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-const _SOLVE_TIME_MS = 500;
-const _EXPIRATION_TIME_MS = 60000;
-const _WIDGET_ID_START = 1000000000000;
-class MockReCaptcha {
-    constructor(auth) {
-        this.auth = auth;
-        this.counter = _WIDGET_ID_START;
-        this._widgets = new Map();
-    }
-    render(container, parameters) {
-        const id = this.counter;
-        this._widgets.set(id, new MockWidget(container, this.auth.name, parameters || {}));
-        this.counter++;
-        return id;
-    }
-    reset(optWidgetId) {
-        var _a;
-        const id = optWidgetId || _WIDGET_ID_START;
-        void ((_a = this._widgets.get(id)) === null || _a === void 0 ? void 0 : _a.delete());
-        this._widgets.delete(id);
-    }
-    getResponse(optWidgetId) {
-        var _a;
-        const id = optWidgetId || _WIDGET_ID_START;
-        return ((_a = this._widgets.get(id)) === null || _a === void 0 ? void 0 : _a.getResponse()) || '';
-    }
-    async execute(optWidgetId) {
-        var _a;
-        const id = optWidgetId || _WIDGET_ID_START;
-        void ((_a = this._widgets.get(id)) === null || _a === void 0 ? void 0 : _a.execute());
-        return '';
-    }
-}
-class MockWidget {
-    constructor(containerOrId, appName, params) {
-        this.params = params;
-        this.timerId = null;
-        this.deleted = false;
-        this.responseToken = null;
-        this.clickHandler = () => {
-            this.execute();
-        };
-        const container = typeof containerOrId === 'string'
-            ? document.getElementById(containerOrId)
-            : containerOrId;
-        _assert(container, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */, { appName });
-        this.container = container;
-        this.isVisible = this.params.size !== 'invisible';
-        if (this.isVisible) {
-            this.execute();
-        }
-        else {
-            this.container.addEventListener('click', this.clickHandler);
-        }
-    }
-    getResponse() {
-        this.checkIfDeleted();
-        return this.responseToken;
-    }
-    delete() {
-        this.checkIfDeleted();
-        this.deleted = true;
-        if (this.timerId) {
-            clearTimeout(this.timerId);
-            this.timerId = null;
-        }
-        this.container.removeEventListener('click', this.clickHandler);
-    }
-    execute() {
-        this.checkIfDeleted();
-        if (this.timerId) {
-            return;
-        }
-        this.timerId = window.setTimeout(() => {
-            this.responseToken = generateRandomAlphaNumericString(50);
-            const { callback, 'expired-callback': expiredCallback } = this.params;
-            if (callback) {
-                try {
-                    callback(this.responseToken);
-                }
-                catch (e) { }
-            }
-            this.timerId = window.setTimeout(() => {
-                this.timerId = null;
-                this.responseToken = null;
-                if (expiredCallback) {
-                    try {
-                        expiredCallback();
-                    }
-                    catch (e) { }
-                }
-                if (this.isVisible) {
-                    this.execute();
-                }
-            }, _EXPIRATION_TIME_MS);
-        }, _SOLVE_TIME_MS);
-    }
-    checkIfDeleted() {
-        if (this.deleted) {
-            throw new Error('reCAPTCHA mock was already deleted!');
-        }
-    }
-}
-function generateRandomAlphaNumericString(len) {
-    const chars = [];
-    const allowedChars = '1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
-    for (let i = 0; i < len; i++) {
-        chars.push(allowedChars.charAt(Math.floor(Math.random() * allowedChars.length)));
-    }
-    return chars.join('');
-}
-
 /**
  * @license
  * Copyright 2020 Google LLC
@@ -861,12 +733,15 @@ class ConfirmationResultImpl {
  * provides the code sent to their phone, call {@link ConfirmationResult.confirm}
  * with the code to sign the user in.
  *
- * For abuse prevention, this method also requires a {@link ApplicationVerifier}.
- * This SDK includes a reCAPTCHA-based implementation, {@link RecaptchaVerifier}.
+ * For abuse prevention, this method requires a {@link ApplicationVerifier}.
+ * This SDK includes an implementation based on reCAPTCHA v2, {@link RecaptchaVerifier}.
  * This function can work on other platforms that do not support the
  * {@link RecaptchaVerifier} (like React Native), but you need to use a
  * third-party {@link ApplicationVerifier} implementation.
  *
+ * If you've enabled project-level reCAPTCHA Enterprise bot protection in
+ * Enforce mode, you can omit the {@link ApplicationVerifier}.
+ *
  * This method does not work in a Node.js environment or with {@link Auth} instances created with a
  * {@link @firebase/app#FirebaseServerApp}.
  *
@@ -940,10 +815,19 @@ async function reauthenticateWithPhoneNumber(user, phoneNumber, appVerifier) {
  */
 async function _verifyPhoneNumber(auth, options, verifier) {
     var _a;
-    const recaptchaToken = await verifier.verify();
+    if (!auth._getRecaptchaConfig()) {
+        try {
+            await _initializeRecaptchaConfig(auth);
+        }
+        catch (error) {
+            // If an error occurs while fetching the config, there is no way to know the enablement state
+            // of Phone provider, so we proceed with recaptcha V2 verification.
+            // The error is likely "recaptchaKey undefined", as reCAPTCHA Enterprise is not
+            // enabled for any provider.
+            console.log('Failed to initialize reCAPTCHA Enterprise config. Triggering the reCAPTCHA v2 verification.');
+        }
+    }
     try {
-        _assert(typeof recaptchaToken === 'string', auth, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */);
-        _assert(verifier.type === RECAPTCHA_VERIFIER_TYPE, auth, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */);
         let phoneInfoOptions;
         if (typeof options === 'string') {
             phoneInfoOptions = {
@@ -957,12 +841,25 @@ async function _verifyPhoneNumber(auth, options, verifier) {
             const session = phoneInfoOptions.session;
             if ('phoneNumber' in phoneInfoOptions) {
                 _assert(session.type === "enroll" /* MultiFactorSessionType.ENROLL */, auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */);
-                const response = await startEnrollPhoneMfa(auth, {
+                const startPhoneMfaEnrollmentRequest = {
                     idToken: session.credential,
                     phoneEnrollmentInfo: {
                         phoneNumber: phoneInfoOptions.phoneNumber,
-                        recaptchaToken
+                        clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */
+                    }
+                };
+                const startEnrollPhoneMfaActionCallback = async (authInstance, request) => {
+                    // If reCAPTCHA Enterprise token is FAKE_TOKEN, fetch reCAPTCHA v2 token and inject into request.
+                    if (request.phoneEnrollmentInfo.captchaResponse === FAKE_TOKEN) {
+                        _assert((verifier === null || verifier === void 0 ? void 0 : verifier.type) === RECAPTCHA_VERIFIER_TYPE, authInstance, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */);
+                        const requestWithRecaptchaV2 = await injectRecaptchaV2Token(authInstance, request, verifier);
+                        return startEnrollPhoneMfa(authInstance, requestWithRecaptchaV2);
                     }
+                    return startEnrollPhoneMfa(authInstance, request);
+                };
+                const startPhoneMfaEnrollmentResponse = handleRecaptchaFlow(auth, startPhoneMfaEnrollmentRequest, "mfaSmsEnrollment" /* RecaptchaActionName.MFA_SMS_ENROLLMENT */, startEnrollPhoneMfaActionCallback, "PHONE_PROVIDER" /* RecaptchaAuthProvider.PHONE_PROVIDER */);
+                const response = await startPhoneMfaEnrollmentResponse.catch(error => {
+                    return Promise.reject(error);
                 });
                 return response.phoneSessionInfo.sessionInfo;
             }
@@ -971,26 +868,52 @@ async function _verifyPhoneNumber(auth, options, verifier) {
                 const mfaEnrollmentId = ((_a = phoneInfoOptions.multiFactorHint) === null || _a === void 0 ? void 0 : _a.uid) ||
                     phoneInfoOptions.multiFactorUid;
                 _assert(mfaEnrollmentId, auth, "missing-multi-factor-info" /* AuthErrorCode.MISSING_MFA_INFO */);
-                const response = await startSignInPhoneMfa(auth, {
+                const startPhoneMfaSignInRequest = {
                     mfaPendingCredential: session.credential,
                     mfaEnrollmentId,
                     phoneSignInInfo: {
-                        recaptchaToken
+                        clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */
+                    }
+                };
+                const startSignInPhoneMfaActionCallback = async (authInstance, request) => {
+                    // If reCAPTCHA Enterprise token is FAKE_TOKEN, fetch reCAPTCHA v2 token and inject into request.
+                    if (request.phoneSignInInfo.captchaResponse === FAKE_TOKEN) {
+                        _assert((verifier === null || verifier === void 0 ? void 0 : verifier.type) === RECAPTCHA_VERIFIER_TYPE, authInstance, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */);
+                        const requestWithRecaptchaV2 = await injectRecaptchaV2Token(authInstance, request, verifier);
+                        return startSignInPhoneMfa(authInstance, requestWithRecaptchaV2);
                     }
+                    return startSignInPhoneMfa(authInstance, request);
+                };
+                const startPhoneMfaSignInResponse = handleRecaptchaFlow(auth, startPhoneMfaSignInRequest, "mfaSmsSignIn" /* RecaptchaActionName.MFA_SMS_SIGNIN */, startSignInPhoneMfaActionCallback, "PHONE_PROVIDER" /* RecaptchaAuthProvider.PHONE_PROVIDER */);
+                const response = await startPhoneMfaSignInResponse.catch(error => {
+                    return Promise.reject(error);
                 });
                 return response.phoneResponseInfo.sessionInfo;
             }
         }
         else {
-            const { sessionInfo } = await sendPhoneVerificationCode(auth, {
+            const sendPhoneVerificationCodeRequest = {
                 phoneNumber: phoneInfoOptions.phoneNumber,
-                recaptchaToken
+                clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */
+            };
+            const sendPhoneVerificationCodeActionCallback = async (authInstance, request) => {
+                // If reCAPTCHA Enterprise token is FAKE_TOKEN, fetch reCAPTCHA v2 token and inject into request.
+                if (request.captchaResponse === FAKE_TOKEN) {
+                    _assert((verifier === null || verifier === void 0 ? void 0 : verifier.type) === RECAPTCHA_VERIFIER_TYPE, authInstance, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */);
+                    const requestWithRecaptchaV2 = await injectRecaptchaV2Token(authInstance, request, verifier);
+                    return sendPhoneVerificationCode(authInstance, requestWithRecaptchaV2);
+                }
+                return sendPhoneVerificationCode(authInstance, request);
+            };
+            const sendPhoneVerificationCodeResponse = handleRecaptchaFlow(auth, sendPhoneVerificationCodeRequest, "sendVerificationCode" /* RecaptchaActionName.SEND_VERIFICATION_CODE */, sendPhoneVerificationCodeActionCallback, "PHONE_PROVIDER" /* RecaptchaAuthProvider.PHONE_PROVIDER */);
+            const response = await sendPhoneVerificationCodeResponse.catch(error => {
+                return Promise.reject(error);
             });
-            return sessionInfo;
+            return response.sessionInfo;
         }
     }
     finally {
-        verifier._reset();
+        verifier === null || verifier === void 0 ? void 0 : verifier._reset();
     }
 }
 /**
@@ -1022,6 +945,49 @@ async function updatePhoneNumber(user, credential) {
         return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(userInternal.auth));
     }
     await _link$1(userInternal, credential);
+}
+// Helper function that fetches and injects a reCAPTCHA v2 token into the request.
+async function injectRecaptchaV2Token(auth, request, recaptchaV2Verifier) {
+    _assert(recaptchaV2Verifier.type === RECAPTCHA_VERIFIER_TYPE, auth, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */);
+    const recaptchaV2Token = await recaptchaV2Verifier.verify();
+    _assert(typeof recaptchaV2Token === 'string', auth, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */);
+    const newRequest = Object.assign({}, request);
+    if ('phoneEnrollmentInfo' in newRequest) {
+        const phoneNumber = newRequest.phoneEnrollmentInfo.phoneNumber;
+        const captchaResponse = newRequest.phoneEnrollmentInfo.captchaResponse;
+        const clientType = newRequest
+            .phoneEnrollmentInfo.clientType;
+        const recaptchaVersion = newRequest.phoneEnrollmentInfo.recaptchaVersion;
+        Object.assign(newRequest, {
+            'phoneEnrollmentInfo': {
+                phoneNumber,
+                recaptchaToken: recaptchaV2Token,
+                captchaResponse,
+                clientType,
+                recaptchaVersion
+            }
+        });
+        return newRequest;
+    }
+    else if ('phoneSignInInfo' in newRequest) {
+        const captchaResponse = newRequest.phoneSignInInfo.captchaResponse;
+        const clientType = newRequest
+            .phoneSignInInfo.clientType;
+        const recaptchaVersion = newRequest.phoneSignInInfo.recaptchaVersion;
+        Object.assign(newRequest, {
+            'phoneSignInInfo': {
+                recaptchaToken: recaptchaV2Token,
+                captchaResponse,
+                clientType,
+                recaptchaVersion
+            }
+        });
+        return newRequest;
+    }
+    else {
+        Object.assign(newRequest, { 'recaptchaToken': recaptchaV2Token });
+        return newRequest;
+    }
 }
 
 /**
@@ -1093,12 +1059,14 @@ class PhoneAuthProvider {
      *
      * @param phoneInfoOptions - The user's {@link PhoneInfoOptions}. The phone number should be in
      * E.164 format (e.g. +16505550101).
-     * @param applicationVerifier - For abuse prevention, this method also requires a
-     * {@link ApplicationVerifier}. This SDK includes a reCAPTCHA-based implementation,
-     * {@link RecaptchaVerifier}.
+     * @param applicationVerifier - An {@link ApplicationVerifier}, which prevents
+     * requests from unauthorized clients. This SDK includes an implementation
+     * based on reCAPTCHA v2, {@link RecaptchaVerifier}. If you've enabled
+     * reCAPTCHA Enterprise bot protection in Enforce mode, this parameter is
+     * optional; in all other configurations, the parameter is required.
      *
      * @returns A Promise for a verification ID that can be passed to
-     * {@link PhoneAuthProvider.credential} to identify this flow..
+     * {@link PhoneAuthProvider.credential} to identify this flow.
      */
     verifyPhoneNumber(phoneOptions, applicationVerifier) {
         return _verifyPhoneNumber(this.auth, phoneOptions, getModularInstance(applicationVerifier));