@react-native-firebase/auth 21.12.3 → 21.13.0

package/CHANGELOG.md

@@ -3,6 +3,12 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## [21.13.0](https://github.com/invertase/react-native-firebase/compare/v21.12.3...v21.13.0) (2025-03-31)
+
+### Features
+
+- **auth:** validatePassword method implementation ([#8400](https://github.com/invertase/react-native-firebase/issues/8400)) ([1ec33f5](https://github.com/invertase/react-native-firebase/commit/1ec33f5020664fe32aa8132a170a83ec865aa95d))
+
 ## [21.12.3](https://github.com/invertase/react-native-firebase/compare/v21.12.2...v21.12.3) (2025-03-26)
 
 **Note:** Version bump only for package @react-native-firebase/auth

package/lib/modular/index.d.ts

@@ -690,10 +690,85 @@ export function getAdditionalUserInfo(
 export function getCustomAuthDomain(auth: Auth): Promise<string>;
 
 /**
- * Various Providers.
+ * Validates the password against the password policy configured for the project or tenant.
+ *
+ * @remarks
+ * If no tenant ID is set on the `Auth` instance, then this method will use the password
+ * policy configured for the project. Otherwise, this method will use the policy configured
+ * for the tenant. If a password policy has not been configured, then the default policy
+ * configured for all projects will be used.
+ *
+ * If an auth flow fails because a submitted password does not meet the password policy
+ * requirements and this method has previously been called, then this method will use the
+ * most recent policy available when called again.
+ *
+ * When using this method, ensure you have the Identity Toolkit enabled on the
+ * Google Cloud Platform with the API Key for your application permitted to use it.
+ *
+ * @example
+ * ``` js
+ * import { getAuth, validatePassword } from "firebase/auth";
+ *
+ * const status = await validatePassword(getAuth(), passwordFromUser);
+ * if (!status.isValid) {
+ * // Password could not be validated. Use the status to show what
+ * // requirements are met and which are missing.
  *
+ * // If a criterion is undefined, it is not required by policy. If the
+ * // criterion is defined but false, it is required but not fulfilled by
+ * // the given password. For example:
+ *   const needsLowerCase = status.containsLowercaseLetter !== true;
+ * }
+ * ```
  *
+ * @param auth The {@link Auth} instance.
+ * @param password The password to validate.
+ *
+ * @public
  */
+export function validatePassword(auth: Auth, password: string): Promise<PasswordValidationStatus>;
+
+/**
+ * A structure indicating which password policy requirements were met or violated and what the
+ * requirements are.
+ *
+ * @public
+ */
+export interface PasswordValidationStatus {
+  /**
+   * Whether the password meets all requirements.
+   */
+  readonly isValid: boolean;
+  /**
+   * Whether the password meets the minimum password length, or undefined if not required.
+   */
+  readonly meetsMinPasswordLength?: boolean;
+  /**
+   * Whether the password meets the maximum password length, or undefined if not required.
+   */
+  readonly meetsMaxPasswordLength?: boolean;
+  /**
+   * Whether the password contains a lowercase letter, or undefined if not required.
+   */
+  readonly containsLowercaseLetter?: boolean;
+  /**
+   * Whether the password contains an uppercase letter, or undefined if not required.
+   */
+  readonly containsUppercaseLetter?: boolean;
+  /**
+   * Whether the password contains a numeric character, or undefined if not required.
+   */
+  readonly containsNumericCharacter?: boolean;
+  /**
+   * Whether the password contains a non-alphanumeric character, or undefined if not required.
+   */
+  readonly containsNonAlphanumericCharacter?: boolean;
+  /**
+   * The policy used to validate the password.
+   */
+  readonly passwordPolicy: PasswordPolicy;
+}
+
 export {
   AppleAuthProvider,
   EmailAuthProvider,

package/lib/modular/index.js

@@ -16,6 +16,8 @@
  */
 
 import { getApp } from '@react-native-firebase/app';
+import { fetchPasswordPolicy } from '../password-policy/passwordPolicyApi';
+import { PasswordPolicyImpl } from '../password-policy/PasswordPolicyImpl';
 import FacebookAuthProvider from '../providers/FacebookAuthProvider';
 export { FacebookAuthProvider };
 
@@ -353,17 +355,6 @@ export function useDeviceLanguage(auth) {
   throw new Error('useDeviceLanguage is unsupported by the native Firebase SDKs');
 }
 
-/**
- * Validates the password against the password policy configured for the project or tenant.
- *
- * @param auth - The Auth instance.
- * @param password - The password to validate.
- *
- */
-export function validatePassword(auth, password) {
-  throw new Error('validatePassword is only supported on Web');
-} //TO DO: ADD support.
-
 /**
  * Sets the current language to the default device/browser preference.
  * @param {Auth} auth - The Auth instance.
@@ -614,3 +605,23 @@ export function getAdditionalUserInfo(userCredential) {
 export function getCustomAuthDomain(auth) {
   return auth.getCustomAuthDomain();
 }
+
+/**
+ * Returns a password validation status
+ * @param {Auth} auth - The Auth instance.
+ * @param {string} password - The password to validate.
+ * @returns {Promise<PasswordValidationStatus>}
+ */
+export async function validatePassword(auth, password) {
+  if (password === null || password === undefined) {
+    throw new Error(
+      "firebase.auth().validatePassword(*) expected 'password' to be a non-null or a defined value.",
+    );
+  }
+  let passwordPolicy = await fetchPasswordPolicy(auth);
+
+  const passwordPolicyImpl = await new PasswordPolicyImpl(passwordPolicy);
+  let status = passwordPolicyImpl.validatePassword(password);
+
+  return status;
+}

package/lib/password-policy/PasswordPolicyImpl.js

@@ -0,0 +1,132 @@
+/*
+ * Copyright (c) 2016-present Invertase Limited & Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this library except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Minimum min password length enforced by the backend, even if no minimum length is set.
+const MINIMUM_MIN_PASSWORD_LENGTH = 6;
+
+/**
+ * Stores password policy requirements and provides password validation against the policy.
+ *
+ * @internal
+ */
+export class PasswordPolicyImpl {
+  constructor(response) {
+    // Only include custom strength options defined in the response.
+    const responseOptions = response.customStrengthOptions;
+    this.customStrengthOptions = {};
+    this.customStrengthOptions.minPasswordLength =
+      responseOptions.minPasswordLength ?? MINIMUM_MIN_PASSWORD_LENGTH;
+    if (responseOptions.maxPasswordLength) {
+      this.customStrengthOptions.maxPasswordLength = responseOptions.maxPasswordLength;
+    }
+    if (responseOptions.containsLowercaseCharacter !== undefined) {
+      this.customStrengthOptions.containsLowercaseLetter =
+        responseOptions.containsLowercaseCharacter;
+    }
+    if (responseOptions.containsUppercaseCharacter !== undefined) {
+      this.customStrengthOptions.containsUppercaseLetter =
+        responseOptions.containsUppercaseCharacter;
+    }
+    if (responseOptions.containsNumericCharacter !== undefined) {
+      this.customStrengthOptions.containsNumericCharacter =
+        responseOptions.containsNumericCharacter;
+    }
+    if (responseOptions.containsNonAlphanumericCharacter !== undefined) {
+      this.customStrengthOptions.containsNonAlphanumericCharacter =
+        responseOptions.containsNonAlphanumericCharacter;
+    }
+
+    this.enforcementState =
+      response.enforcementState === 'ENFORCEMENT_STATE_UNSPECIFIED'
+        ? 'OFF'
+        : response.enforcementState;
+
+    // Use an empty string if no non-alphanumeric characters are specified in the response.
+    this.allowedNonAlphanumericCharacters =
+      response.allowedNonAlphanumericCharacters?.join('') ?? '';
+
+    this.forceUpgradeOnSignin = response.forceUpgradeOnSignin ?? false;
+    this.schemaVersion = response.schemaVersion;
+  }
+
+  validatePassword(password) {
+    const status = {
+      isValid: true,
+      passwordPolicy: this,
+    };
+
+    this.validatePasswordLengthOptions(password, status);
+    this.validatePasswordCharacterOptions(password, status);
+
+    status.isValid &&= status.meetsMinPasswordLength ?? true;
+    status.isValid &&= status.meetsMaxPasswordLength ?? true;
+    status.isValid &&= status.containsLowercaseLetter ?? true;
+    status.isValid &&= status.containsUppercaseLetter ?? true;
+    status.isValid &&= status.containsNumericCharacter ?? true;
+    status.isValid &&= status.containsNonAlphanumericCharacter ?? true;
+
+    return status;
+  }
+
+  validatePasswordLengthOptions(password, status) {
+    const minPasswordLength = this.customStrengthOptions.minPasswordLength;
+    const maxPasswordLength = this.customStrengthOptions.maxPasswordLength;
+    if (minPasswordLength) {
+      status.meetsMinPasswordLength = password.length >= minPasswordLength;
+    }
+    if (maxPasswordLength) {
+      status.meetsMaxPasswordLength = password.length <= maxPasswordLength;
+    }
+  }
+
+  validatePasswordCharacterOptions(password, status) {
+    this.updatePasswordCharacterOptionsStatuses(status, false, false, false, false);
+
+    for (let i = 0; i < password.length; i++) {
+      const passwordChar = password.charAt(i);
+      this.updatePasswordCharacterOptionsStatuses(
+        status,
+        passwordChar >= 'a' && passwordChar <= 'z',
+        passwordChar >= 'A' && passwordChar <= 'Z',
+        passwordChar >= '0' && passwordChar <= '9',
+        this.allowedNonAlphanumericCharacters.includes(passwordChar),
+      );
+    }
+  }
+
+  updatePasswordCharacterOptionsStatuses(
+    status,
+    containsLowercaseCharacter,
+    containsUppercaseCharacter,
+    containsNumericCharacter,
+    containsNonAlphanumericCharacter,
+  ) {
+    if (this.customStrengthOptions.containsLowercaseLetter) {
+      status.containsLowercaseLetter ||= containsLowercaseCharacter;
+    }
+    if (this.customStrengthOptions.containsUppercaseLetter) {
+      status.containsUppercaseLetter ||= containsUppercaseCharacter;
+    }
+    if (this.customStrengthOptions.containsNumericCharacter) {
+      status.containsNumericCharacter ||= containsNumericCharacter;
+    }
+    if (this.customStrengthOptions.containsNonAlphanumericCharacter) {
+      status.containsNonAlphanumericCharacter ||= containsNonAlphanumericCharacter;
+    }
+  }
+}
+export default PasswordPolicyImpl;

package/lib/password-policy/passwordPolicyApi.js

@@ -0,0 +1,55 @@
+/*
+ * Copyright (c) 2016-present Invertase Limited & Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this library except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+/**
+ * Performs an API request to Firebase Console to get password policy json.
+ *
+ * @param {Object} auth - The authentication instance
+ * @returns {Promise<Response>} A promise that resolves to the API response.
+ * @throws {Error} Throws an error if the request fails or encounters an issue.
+ */
+export async function fetchPasswordPolicy(auth) {
+  let schemaVersion = 1;
+
+  try {
+    // Identity toolkit API endpoint for password policy. Ensure this is enabled on Google cloud.
+    const baseURL = 'https://identitytoolkit.googleapis.com/v2/passwordPolicy?key=';
+    const apiKey = auth.app.options.apiKey;
+
+    const response = await fetch(`${baseURL}${apiKey}`);
+    if (!response.ok) {
+      const errorDetails = await response.text();
+      throw new Error(
+        `firebase.auth().validatePassword(*) failed to fetch password policy from Firebase Console: ${response.statusText}. Details: ${errorDetails}`,
+      );
+    }
+    const passwordPolicy = await response.json();
+
+    if (passwordPolicy.schemaVersion !== schemaVersion) {
+      throw new Error(
+        `Password policy schema version mismatch. Expected: ${schemaVersion}, received: ${passwordPolicy.schemaVersion}`,
+      );
+    }
+    return passwordPolicy;
+  } catch (error) {
+    throw new Error(
+      `firebase.auth().validatePassword(*) Failed to fetch password policy: ${error.message}`,
+    );
+  }
+}
+
+module.exports = { fetchPasswordPolicy };

package/lib/version.js

@@ -1,2 +1,2 @@
 // Generated by genversion.
-module.exports = '21.12.3';
+module.exports = '21.13.0';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@react-native-firebase/auth",
-  "version": "21.12.3",
+  "version": "21.13.0",
   "author": "Invertase <oss@invertase.io> (http://invertase.io)",
   "description": "React Native Firebase - The authentication module provides an easy-to-use API to integrate an authentication workflow into new and existing applications. React Native Firebase provides access to all Firebase authentication methods and identity providers.",
   "main": "lib/index.js",
@@ -27,7 +27,7 @@
     "plist": "^3.1.0"
   },
   "peerDependencies": {
-    "@react-native-firebase/app": "21.12.3",
+    "@react-native-firebase/app": "21.13.0",
     "expo": ">=47.0.0"
   },
   "devDependencies": {
@@ -42,5 +42,5 @@
   "publishConfig": {
     "access": "public"
   },
-  "gitHead": "ea8aeec70b59b191d42bc753d1353c6f705b3e4b"
+  "gitHead": "d4d02d15431a0be091a7417833e0180479f5e788"
 }