@react-native-firebase/auth 24.1.1 → 25.0.0

package/lib/password-policy/{PasswordPolicyImpl.js → PasswordPolicyImpl.ts}

@@ -15,6 +15,13 @@
  *
  */
 
+import type {
+  PasswordPolicyCustomStrengthOptionsInternal,
+  PasswordPolicyInternal,
+  PasswordPolicyResponseInternal,
+  PasswordValidationStatusInternal,
+} from '../types/internal';
+
 // Minimum min password length enforced by the backend, even if no minimum length is set.
 const MINIMUM_MIN_PASSWORD_LENGTH = 6;
 
@@ -23,14 +30,20 @@ const MINIMUM_MIN_PASSWORD_LENGTH = 6;
  *
  * @internal
  */
-export class PasswordPolicyImpl {
-  constructor(response) {
+export class PasswordPolicyImpl implements PasswordPolicyInternal {
+  customStrengthOptions: PasswordPolicyCustomStrengthOptionsInternal;
+  allowedNonAlphanumericCharacters: string;
+  enforcementState: string;
+  forceUpgradeOnSignin: boolean;
+  schemaVersion: number;
+
+  constructor(response: PasswordPolicyResponseInternal) {
     // Only include custom strength options defined in the response.
-    const responseOptions = response.customStrengthOptions;
+    const responseOptions = response.customStrengthOptions ?? {};
     this.customStrengthOptions = {};
     this.customStrengthOptions.minPasswordLength =
       responseOptions.minPasswordLength ?? MINIMUM_MIN_PASSWORD_LENGTH;
-    if (responseOptions.maxPasswordLength) {
+    if (responseOptions.maxPasswordLength !== undefined) {
       this.customStrengthOptions.maxPasswordLength = responseOptions.maxPasswordLength;
     }
     if (responseOptions.containsLowercaseCharacter !== undefined) {
@@ -53,7 +66,7 @@ export class PasswordPolicyImpl {
     this.enforcementState =
       response.enforcementState === 'ENFORCEMENT_STATE_UNSPECIFIED'
         ? 'OFF'
-        : response.enforcementState;
+        : (response.enforcementState ?? 'OFF');
 
     // Use an empty string if no non-alphanumeric characters are specified in the response.
     this.allowedNonAlphanumericCharacters =
@@ -63,8 +76,8 @@ export class PasswordPolicyImpl {
     this.schemaVersion = response.schemaVersion;
   }
 
-  validatePassword(password) {
-    const status = {
+  validatePassword(password: string): PasswordValidationStatusInternal {
+    const status: PasswordValidationStatusInternal = {
       isValid: true,
       passwordPolicy: this,
     };
@@ -82,18 +95,24 @@ export class PasswordPolicyImpl {
     return status;
   }
 
-  validatePasswordLengthOptions(password, status) {
+  private validatePasswordLengthOptions(
+    password: string,
+    status: PasswordValidationStatusInternal,
+  ): void {
     const minPasswordLength = this.customStrengthOptions.minPasswordLength;
     const maxPasswordLength = this.customStrengthOptions.maxPasswordLength;
-    if (minPasswordLength) {
+    if (minPasswordLength !== undefined) {
       status.meetsMinPasswordLength = password.length >= minPasswordLength;
     }
-    if (maxPasswordLength) {
+    if (maxPasswordLength !== undefined) {
       status.meetsMaxPasswordLength = password.length <= maxPasswordLength;
     }
   }
 
-  validatePasswordCharacterOptions(password, status) {
+  private validatePasswordCharacterOptions(
+    password: string,
+    status: PasswordValidationStatusInternal,
+  ): void {
     this.updatePasswordCharacterOptionsStatuses(status, false, false, false, false);
 
     for (let i = 0; i < password.length; i++) {
@@ -108,13 +127,13 @@ export class PasswordPolicyImpl {
     }
   }
 
-  updatePasswordCharacterOptionsStatuses(
-    status,
-    containsLowercaseCharacter,
-    containsUppercaseCharacter,
-    containsNumericCharacter,
-    containsNonAlphanumericCharacter,
-  ) {
+  private updatePasswordCharacterOptionsStatuses(
+    status: PasswordValidationStatusInternal,
+    containsLowercaseCharacter: boolean,
+    containsUppercaseCharacter: boolean,
+    containsNumericCharacter: boolean,
+    containsNonAlphanumericCharacter: boolean,
+  ): void {
     if (this.customStrengthOptions.containsLowercaseLetter) {
       status.containsLowercaseLetter ||= containsLowercaseCharacter;
     }
@@ -129,4 +148,3 @@ export class PasswordPolicyImpl {
     }
   }
 }
-export default PasswordPolicyImpl;

package/lib/password-policy/PasswordPolicyMixin.ts

@@ -0,0 +1,83 @@
+/*
+ * Copyright (c) 2016-present Invertase Limited & Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this library except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+import { fetchPasswordPolicy } from './passwordPolicyApi';
+import { PasswordPolicyImpl } from './PasswordPolicyImpl';
+import type {
+  PasswordPolicyHostInternal,
+  PasswordPolicyInternal,
+  PasswordPolicyMixinInternal,
+  PasswordValidationStatusInternal,
+} from '../types/internal';
+
+const EXPECTED_PASSWORD_POLICY_SCHEMA_VERSION = 1;
+
+type PasswordPolicyMixinTarget = PasswordPolicyHostInternal & PasswordPolicyMixinInternal;
+type PasswordPolicyMixinShape = PasswordPolicyMixinInternal & ThisType<PasswordPolicyMixinTarget>;
+
+/**
+ * Password policy mixin - provides password policy caching and validation.
+ * Expects the target object to have: _tenantId, _projectPasswordPolicy,
+ * _tenantPasswordPolicies, and app.options.apiKey
+ */
+export const PasswordPolicyMixin: PasswordPolicyMixinShape = {
+  _getPasswordPolicyInternal(): PasswordPolicyInternal | null {
+    if (this._tenantId === null) {
+      return this._projectPasswordPolicy;
+    }
+    return this._tenantPasswordPolicies[this._tenantId] ?? null;
+  },
+
+  async _updatePasswordPolicy(): Promise<void> {
+    const response = await fetchPasswordPolicy(this);
+    const passwordPolicy = new PasswordPolicyImpl(response);
+    if (this._tenantId === null) {
+      this._projectPasswordPolicy = passwordPolicy;
+    } else {
+      this._tenantPasswordPolicies[this._tenantId] = passwordPolicy;
+    }
+  },
+
+  async _recachePasswordPolicy(): Promise<void> {
+    if (this._getPasswordPolicyInternal()) {
+      await this._updatePasswordPolicy();
+    }
+  },
+
+  async validatePassword(password: string): Promise<PasswordValidationStatusInternal> {
+    let passwordPolicy = this._getPasswordPolicyInternal();
+
+    if (!passwordPolicy) {
+      await this._updatePasswordPolicy();
+      passwordPolicy = this._getPasswordPolicyInternal();
+    }
+
+    if (!passwordPolicy) {
+      throw new Error(
+        'firebase.auth().validatePassword(*) Failed to load password policy for validation.',
+      );
+    }
+
+    if (passwordPolicy.schemaVersion !== EXPECTED_PASSWORD_POLICY_SCHEMA_VERSION) {
+      throw new Error(
+        'auth/unsupported-password-policy-schema-version: The password policy received from the backend uses a schema version that is not supported by this version of the SDK.',
+      );
+    }
+
+    return passwordPolicy.validatePassword(password);
+  },
+};

package/lib/password-policy/passwordPolicyApi.ts

@@ -0,0 +1,60 @@
+/*
+ * Copyright (c) 2016-present Invertase Limited & Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this library except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+import type { PasswordPolicyHostInternal, PasswordPolicyResponseInternal } from '../types/internal';
+
+function getErrorMessage(error: unknown): string {
+  if (error instanceof Error) {
+    return error.message;
+  }
+
+  return String(error);
+}
+
+/**
+ * Performs an API request to Firebase Console to get password policy json.
+ *
+ * @param {Object} auth - The authentication instance
+ * @returns {Promise<Response>} A promise that resolves to the API response.
+ * @throws {Error} Throws an error if the request fails or encounters an issue.
+ */
+export async function fetchPasswordPolicy(
+  auth: PasswordPolicyHostInternal,
+): Promise<PasswordPolicyResponseInternal> {
+  let response: Response;
+
+  try {
+    // Identity toolkit API endpoint for password policy. Ensure this is enabled on Google cloud.
+    const baseURL = 'https://identitytoolkit.googleapis.com/v2/passwordPolicy?key=';
+    const apiKey = auth.app.options.apiKey;
+
+    response = await fetch(`${baseURL}${apiKey}`);
+  } catch (error) {
+    throw new Error(
+      `firebase.auth().validatePassword(*) Failed to fetch password policy: ${getErrorMessage(error)}`,
+    );
+  }
+
+  if (!response.ok) {
+    const errorDetails = await response.text();
+    throw new Error(
+      `firebase.auth().validatePassword(*) failed to fetch password policy from Firebase Console: ${response.statusText}. Details: ${errorDetails}`,
+    );
+  }
+
+  return (await response.json()) as PasswordPolicyResponseInternal;
+}

package/lib/providers/AppleAuthProvider.ts

@@ -0,0 +1,44 @@
+/*
+ * Copyright (c) 2016-present Invertase Limited & Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this library except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+import { AuthCredential } from '../credentials';
+import type { AuthCredential as AuthCredentialType } from '../types/auth';
+
+const providerId = 'apple.com' as const;
+
+/**
+ * @deprecated Use {@link OAuthProvider} with provider ID `apple.com` instead.
+ *
+ * @example
+ * ```js
+ * const provider = new OAuthProvider('apple.com');
+ * const credential = provider.credential({ idToken, rawNonce });
+ * ```
+ */
+export default class AppleAuthProvider {
+  constructor() {
+    throw new Error('`new AppleAuthProvider()` is not supported on the native Firebase SDKs.');
+  }
+
+  static get PROVIDER_ID() {
+    return providerId;
+  }
+
+  static credential(token: string, secret?: string): AuthCredentialType {
+    return new AuthCredential(providerId, providerId, token, secret ?? '');
+  }
+}

package/lib/providers/EmailAuthProvider.ts

@@ -0,0 +1,42 @@
+/*
+ * Copyright (c) 2016-present Invertase Limited & Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this library except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+import { createEmailAuthCredential } from '../credentials';
+import type { EmailAuthCredential } from '../types/auth';
+
+const linkProviderId = 'emailLink' as const;
+const passwordProviderId = 'password' as const;
+
+export default class EmailAuthProvider {
+  static readonly EMAIL_LINK_SIGN_IN_METHOD: 'emailLink' = linkProviderId;
+  static readonly EMAIL_PASSWORD_SIGN_IN_METHOD: 'password' = passwordProviderId;
+  static readonly PROVIDER_ID: 'password' = passwordProviderId;
+
+  readonly providerId = passwordProviderId;
+
+  constructor() {
+    throw new Error('`new EmailAuthProvider()` is not supported on the native Firebase SDKs.');
+  }
+
+  static credential(email: string, password: string): EmailAuthCredential {
+    return createEmailAuthCredential(email, password, passwordProviderId);
+  }
+
+  static credentialWithLink(email: string, emailLink: string): EmailAuthCredential {
+    return createEmailAuthCredential(email, emailLink, linkProviderId);
+  }
+}

package/lib/providers/FacebookAuthProvider.ts

@@ -0,0 +1,58 @@
+/*
+ * Copyright (c) 2016-present Invertase Limited & Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this library except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+import { OAuthCredential } from '../credentials';
+import type { AuthError, UserCredential } from '../types/auth';
+
+// Keep the SDK helper signature name while mapping to RNFB's native auth error type.
+type FirebaseError = AuthError;
+
+const providerId = 'facebook.com' as const;
+
+export default class FacebookAuthProvider {
+  static readonly FACEBOOK_SIGN_IN_METHOD: 'facebook.com' = providerId;
+  static readonly PROVIDER_ID: 'facebook.com' = providerId;
+
+  constructor() {
+    throw new Error('`new FacebookAuthProvider()` is not supported on the native Firebase SDKs.');
+  }
+
+  /**
+   * @remarks Optional `secret` for Facebook limited-login nonce behaviour (matches firebase-js-sdk).
+   */
+  static credential(token: string): OAuthCredential;
+  static credential(token: string, secret: string): OAuthCredential;
+  static credential(token: string, secret?: string): OAuthCredential {
+    const nonce = secret ?? '';
+    return new OAuthCredential(providerId, {
+      accessToken: token,
+      rawNonce: nonce || undefined,
+      bridgeToken: token,
+      bridgeSecret: nonce,
+    });
+  }
+
+  /** @remarks Always returns `null` on React Native Firebase. */
+  static credentialFromResult(_userCredential: UserCredential): OAuthCredential | null {
+    return null;
+  }
+
+  /** @remarks Always returns `null` on React Native Firebase. */
+  static credentialFromError(_error: FirebaseError): OAuthCredential | null {
+    return null;
+  }
+}

package/lib/providers/GithubAuthProvider.ts

@@ -0,0 +1,51 @@
+/*
+ * Copyright (c) 2016-present Invertase Limited & Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this library except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+import { OAuthCredential } from '../credentials';
+import type { AuthError, UserCredential } from '../types/auth';
+
+// Keep the SDK helper signature name while mapping to RNFB's native auth error type.
+type FirebaseError = AuthError;
+
+const providerId = 'github.com' as const;
+
+export default class GithubAuthProvider {
+  static readonly GITHUB_SIGN_IN_METHOD: 'github.com' = providerId;
+  static readonly PROVIDER_ID: 'github.com' = providerId;
+
+  constructor() {
+    throw new Error('`new GithubAuthProvider()` is not supported on the native Firebase SDKs.');
+  }
+
+  static credential(token: string): OAuthCredential {
+    return new OAuthCredential(providerId, {
+      accessToken: token,
+      bridgeToken: token,
+      bridgeSecret: '',
+    });
+  }
+
+  /** @remarks Always returns `null` on React Native Firebase. */
+  static credentialFromResult(_userCredential: UserCredential): OAuthCredential | null {
+    return null;
+  }
+
+  /** @remarks Always returns `null` on React Native Firebase. */
+  static credentialFromError(_error: FirebaseError): OAuthCredential | null {
+    return null;
+  }
+}

package/lib/providers/GoogleAuthProvider.ts

@@ -0,0 +1,60 @@
+/*
+ * Copyright (c) 2016-present Invertase Limited & Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this library except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+import { OAuthCredential } from '../credentials';
+import type { AuthError, UserCredential } from '../types/auth';
+
+// Keep the SDK helper signature name while mapping to RNFB's native auth error type.
+type FirebaseError = AuthError;
+
+const providerId = 'google.com' as const;
+
+export default class GoogleAuthProvider {
+  static readonly GOOGLE_SIGN_IN_METHOD: 'google.com' = providerId;
+  static readonly PROVIDER_ID: 'google.com' = providerId;
+
+  constructor() {
+    throw new Error('`new GoogleAuthProvider()` is not supported on the native Firebase SDKs.');
+  }
+
+  static credential(idToken?: string | null, accessToken?: string | null): OAuthCredential {
+    if (idToken == null && accessToken == null) {
+      throw new Error('At least one of ID token and access token must be non-null');
+    }
+
+    return new OAuthCredential(providerId, {
+      idToken: idToken ?? undefined,
+      accessToken: accessToken ?? undefined,
+    });
+  }
+
+  /**
+   * @remarks Always returns `null` on React Native Firebase. Credentials are not extractable from
+   * native provider sign-in results.
+   */
+  static credentialFromResult(_userCredential: UserCredential): OAuthCredential | null {
+    return null;
+  }
+
+  /**
+   * @remarks Always returns `null` on React Native Firebase. Credentials are not extractable from
+   * native provider errors.
+   */
+  static credentialFromError(_error: FirebaseError): OAuthCredential | null {
+    return null;
+  }
+}

package/lib/providers/OAuthProvider.ts

@@ -0,0 +1,150 @@
+/*
+ * Copyright (c) 2016-present Invertase Limited & Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this library except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+import { OAuthCredential } from '../credentials';
+import type {
+  AuthCredential,
+  AuthError,
+  CustomParameters,
+  OAuthCredentialOptions,
+  UserCredential,
+} from '../types/auth';
+
+type OAuthCredentialJSON = OAuthCredentialOptions & {
+  providerId?: string;
+  nonce?: string;
+};
+
+type ParsedOAuthCredentialJSON = OAuthCredentialOptions & {
+  providerId: string;
+  nonce?: string;
+};
+
+function parseOAuthCredentialJSON(json: object | string): ParsedOAuthCredentialJSON {
+  let parsed: object;
+
+  if (typeof json === 'string') {
+    try {
+      parsed = JSON.parse(json);
+    } catch {
+      throw new Error(
+        "firebase.auth.OAuthProvider.credentialFromJSON(*) expected 'json' to be a valid JSON string.",
+      );
+    }
+  } else {
+    if (json === null || Array.isArray(json)) {
+      throw new Error(
+        "firebase.auth.OAuthProvider.credentialFromJSON(*) expected 'json' to be an object or string.",
+      );
+    }
+    parsed = json;
+  }
+
+  const credential = parsed as OAuthCredentialJSON;
+  if (typeof credential.providerId !== 'string') {
+    throw new Error(
+      "firebase.auth.OAuthProvider.credentialFromJSON(*) expected 'providerId' to be a string value.",
+    );
+  }
+
+  return credential as ParsedOAuthCredentialJSON;
+}
+
+// Keep the SDK helper signature name while mapping to RNFB's native auth error type.
+type FirebaseError = AuthError;
+
+export default class OAuthProvider {
+  /** @internal */
+  private providerId: string;
+  /** @internal */
+  private customParameters: CustomParameters = {};
+  /** @internal */
+  private scopes: string[] = [];
+
+  constructor(providerId: string) {
+    this.providerId = providerId;
+  }
+
+  /** @internal */
+  static credential(idToken: string, accessToken?: string): AuthCredential {
+    return new OAuthProvider('oauth').credential({
+      idToken,
+      accessToken,
+    });
+  }
+
+  static credentialFromJSON(json: object | string): OAuthCredential {
+    const credential = parseOAuthCredentialJSON(json);
+
+    return new OAuthProvider(credential.providerId).credential({
+      idToken: credential.idToken,
+      accessToken: credential.accessToken,
+      rawNonce: credential.rawNonce ?? credential.nonce,
+    });
+  }
+
+  /** @remarks Always returns `null` on React Native Firebase. */
+  static credentialFromResult(_userCredential: UserCredential): OAuthCredential | null {
+    return null;
+  }
+
+  /** @remarks Always returns `null` on React Native Firebase. */
+  static credentialFromError(_error: FirebaseError): OAuthCredential | null {
+    return null;
+  }
+
+  credential(params: OAuthCredentialOptions): OAuthCredential {
+    return new OAuthCredential(this.providerId, {
+      idToken: params.idToken,
+      accessToken: params.accessToken,
+      rawNonce: params.rawNonce,
+    });
+  }
+
+  get PROVIDER_ID() {
+    return this.providerId;
+  }
+
+  setCustomParameters(customOAuthParameters: CustomParameters): OAuthProvider {
+    this.customParameters = customOAuthParameters;
+    return this;
+  }
+
+  getCustomParameters(): CustomParameters {
+    return this.customParameters;
+  }
+
+  addScope(scope: string): OAuthProvider {
+    if (!this.scopes.includes(scope)) {
+      this.scopes.push(scope);
+    }
+    return this;
+  }
+
+  getScopes(): string[] {
+    return [...this.scopes];
+  }
+
+  /** @internal */
+  toObject(): { providerId: string; scopes: string[]; customParameters: CustomParameters } {
+    return {
+      providerId: this.providerId,
+      scopes: this.scopes,
+      customParameters: this.customParameters,
+    };
+  }
+}