firebase-admin 11.4.1 → 11.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/app/core.d.ts +1 -1
- package/lib/app/core.js +1 -1
- package/lib/app/credential-factory.d.ts +1 -1
- package/lib/app/credential-factory.js +1 -1
- package/lib/app/credential-internal.d.ts +23 -1
- package/lib/app/credential-internal.js +100 -10
- package/lib/app/credential.d.ts +1 -1
- package/lib/app/credential.js +1 -1
- package/lib/app/firebase-app.d.ts +1 -1
- package/lib/app/firebase-app.js +1 -1
- package/lib/app/firebase-namespace.d.ts +1 -1
- package/lib/app/firebase-namespace.js +1 -1
- package/lib/app/index.d.ts +1 -1
- package/lib/app/index.js +1 -1
- package/lib/app/lifecycle.d.ts +1 -1
- package/lib/app/lifecycle.js +1 -1
- package/lib/app-check/app-check-api-client-internal.d.ts +1 -1
- package/lib/app-check/app-check-api-client-internal.js +1 -1
- package/lib/app-check/app-check-api.d.ts +1 -1
- package/lib/app-check/app-check-api.js +1 -1
- package/lib/app-check/app-check-namespace.d.ts +1 -1
- package/lib/app-check/app-check-namespace.js +1 -1
- package/lib/app-check/app-check.d.ts +1 -1
- package/lib/app-check/app-check.js +1 -1
- package/lib/app-check/index.d.ts +1 -1
- package/lib/app-check/index.js +1 -1
- package/lib/app-check/token-generator.d.ts +1 -1
- package/lib/app-check/token-generator.js +1 -1
- package/lib/app-check/token-verifier.d.ts +1 -1
- package/lib/app-check/token-verifier.js +1 -1
- package/lib/auth/action-code-settings-builder.d.ts +1 -1
- package/lib/auth/action-code-settings-builder.js +1 -1
- package/lib/auth/auth-api-request.d.ts +1 -1
- package/lib/auth/auth-api-request.js +1 -1
- package/lib/auth/auth-config.d.ts +23 -13
- package/lib/auth/auth-config.js +65 -2
- package/lib/auth/auth-namespace.d.ts +1 -1
- package/lib/auth/auth-namespace.js +1 -1
- package/lib/auth/auth.d.ts +1 -1
- package/lib/auth/auth.js +1 -1
- package/lib/auth/base-auth.d.ts +1 -1
- package/lib/auth/base-auth.js +1 -1
- package/lib/auth/identifier.d.ts +1 -1
- package/lib/auth/identifier.js +1 -1
- package/lib/auth/index.d.ts +2 -2
- package/lib/auth/index.js +1 -1
- package/lib/auth/project-config-manager.d.ts +1 -1
- package/lib/auth/project-config-manager.js +1 -1
- package/lib/auth/project-config.d.ts +16 -2
- package/lib/auth/project-config.js +31 -2
- package/lib/auth/tenant-manager.d.ts +1 -1
- package/lib/auth/tenant-manager.js +1 -1
- package/lib/auth/tenant.d.ts +1 -1
- package/lib/auth/tenant.js +1 -1
- package/lib/auth/token-generator.d.ts +1 -1
- package/lib/auth/token-generator.js +1 -1
- package/lib/auth/token-verifier.d.ts +1 -1
- package/lib/auth/token-verifier.js +1 -1
- package/lib/auth/user-import-builder.d.ts +1 -1
- package/lib/auth/user-import-builder.js +1 -1
- package/lib/auth/user-record.d.ts +1 -1
- package/lib/auth/user-record.js +1 -1
- package/lib/credential/index.d.ts +1 -1
- package/lib/credential/index.js +1 -1
- package/lib/database/database-namespace.d.ts +1 -1
- package/lib/database/database-namespace.js +1 -1
- package/lib/database/database.d.ts +1 -1
- package/lib/database/database.js +1 -1
- package/lib/database/index.d.ts +1 -1
- package/lib/database/index.js +1 -1
- package/lib/default-namespace.d.ts +1 -1
- package/lib/default-namespace.js +1 -1
- package/lib/eventarc/cloudevent.d.ts +1 -1
- package/lib/eventarc/cloudevent.js +1 -1
- package/lib/eventarc/eventarc-client-internal.d.ts +1 -1
- package/lib/eventarc/eventarc-client-internal.js +1 -1
- package/lib/eventarc/eventarc-utils.d.ts +1 -1
- package/lib/eventarc/eventarc-utils.js +1 -1
- package/lib/eventarc/eventarc.d.ts +1 -1
- package/lib/eventarc/eventarc.js +1 -1
- package/lib/eventarc/index.d.ts +1 -1
- package/lib/eventarc/index.js +1 -1
- package/lib/extensions/extensions-api-client-internal.d.ts +1 -1
- package/lib/extensions/extensions-api-client-internal.js +1 -1
- package/lib/extensions/extensions-api.d.ts +1 -1
- package/lib/extensions/extensions-api.js +1 -1
- package/lib/extensions/extensions.d.ts +1 -1
- package/lib/extensions/extensions.js +1 -1
- package/lib/extensions/index.d.ts +1 -1
- package/lib/extensions/index.js +1 -1
- package/lib/firebase-namespace-api.d.ts +1 -1
- package/lib/firebase-namespace-api.js +1 -1
- package/lib/firestore/firestore-internal.d.ts +3 -2
- package/lib/firestore/firestore-internal.js +28 -22
- package/lib/firestore/firestore-namespace.d.ts +1 -1
- package/lib/firestore/firestore-namespace.js +1 -1
- package/lib/firestore/index.d.ts +1 -1
- package/lib/firestore/index.js +2 -2
- package/lib/functions/functions-api-client-internal.d.ts +1 -1
- package/lib/functions/functions-api-client-internal.js +1 -1
- package/lib/functions/functions-api.d.ts +1 -1
- package/lib/functions/functions-api.js +1 -1
- package/lib/functions/functions.d.ts +1 -1
- package/lib/functions/functions.js +1 -1
- package/lib/functions/index.d.ts +1 -1
- package/lib/functions/index.js +1 -1
- package/lib/index.d.ts +1 -1
- package/lib/index.js +1 -1
- package/lib/installations/index.d.ts +1 -1
- package/lib/installations/index.js +1 -1
- package/lib/installations/installations-namespace.d.ts +1 -1
- package/lib/installations/installations-namespace.js +1 -1
- package/lib/installations/installations-request-handler.d.ts +1 -1
- package/lib/installations/installations-request-handler.js +1 -1
- package/lib/installations/installations.d.ts +1 -1
- package/lib/installations/installations.js +1 -1
- package/lib/instance-id/index.d.ts +1 -1
- package/lib/instance-id/index.js +1 -1
- package/lib/instance-id/instance-id-namespace.d.ts +1 -1
- package/lib/instance-id/instance-id-namespace.js +1 -1
- package/lib/instance-id/instance-id.d.ts +1 -1
- package/lib/instance-id/instance-id.js +1 -1
- package/lib/machine-learning/index.d.ts +1 -1
- package/lib/machine-learning/index.js +1 -1
- package/lib/machine-learning/machine-learning-api-client.d.ts +1 -1
- package/lib/machine-learning/machine-learning-api-client.js +1 -1
- package/lib/machine-learning/machine-learning-namespace.d.ts +1 -1
- package/lib/machine-learning/machine-learning-namespace.js +1 -1
- package/lib/machine-learning/machine-learning-utils.d.ts +1 -1
- package/lib/machine-learning/machine-learning-utils.js +1 -1
- package/lib/machine-learning/machine-learning.d.ts +1 -1
- package/lib/machine-learning/machine-learning.js +1 -1
- package/lib/messaging/batch-request-internal.d.ts +1 -1
- package/lib/messaging/batch-request-internal.js +1 -1
- package/lib/messaging/index.d.ts +1 -1
- package/lib/messaging/index.js +1 -1
- package/lib/messaging/messaging-api-request-internal.d.ts +1 -1
- package/lib/messaging/messaging-api-request-internal.js +1 -1
- package/lib/messaging/messaging-api.d.ts +10 -1
- package/lib/messaging/messaging-api.js +1 -1
- package/lib/messaging/messaging-errors-internal.d.ts +1 -1
- package/lib/messaging/messaging-errors-internal.js +1 -1
- package/lib/messaging/messaging-internal.d.ts +1 -1
- package/lib/messaging/messaging-internal.js +1 -1
- package/lib/messaging/messaging-namespace.d.ts +1 -1
- package/lib/messaging/messaging-namespace.js +1 -1
- package/lib/messaging/messaging.d.ts +5 -1
- package/lib/messaging/messaging.js +5 -1
- package/lib/project-management/android-app.d.ts +1 -1
- package/lib/project-management/android-app.js +1 -1
- package/lib/project-management/app-metadata.d.ts +1 -1
- package/lib/project-management/app-metadata.js +1 -1
- package/lib/project-management/index.d.ts +1 -1
- package/lib/project-management/index.js +1 -1
- package/lib/project-management/ios-app.d.ts +1 -1
- package/lib/project-management/ios-app.js +1 -1
- package/lib/project-management/project-management-api-request-internal.d.ts +1 -1
- package/lib/project-management/project-management-api-request-internal.js +1 -1
- package/lib/project-management/project-management-namespace.d.ts +1 -1
- package/lib/project-management/project-management-namespace.js +1 -1
- package/lib/project-management/project-management.d.ts +1 -1
- package/lib/project-management/project-management.js +1 -1
- package/lib/remote-config/index.d.ts +1 -1
- package/lib/remote-config/index.js +1 -1
- package/lib/remote-config/remote-config-api-client-internal.d.ts +1 -1
- package/lib/remote-config/remote-config-api-client-internal.js +1 -1
- package/lib/remote-config/remote-config-api.d.ts +1 -1
- package/lib/remote-config/remote-config-api.js +1 -1
- package/lib/remote-config/remote-config-namespace.d.ts +1 -1
- package/lib/remote-config/remote-config-namespace.js +1 -1
- package/lib/remote-config/remote-config.d.ts +1 -1
- package/lib/remote-config/remote-config.js +1 -1
- package/lib/security-rules/index.d.ts +1 -1
- package/lib/security-rules/index.js +1 -1
- package/lib/security-rules/security-rules-api-client-internal.d.ts +1 -1
- package/lib/security-rules/security-rules-api-client-internal.js +1 -1
- package/lib/security-rules/security-rules-internal.d.ts +1 -1
- package/lib/security-rules/security-rules-internal.js +1 -1
- package/lib/security-rules/security-rules-namespace.d.ts +1 -1
- package/lib/security-rules/security-rules-namespace.js +1 -1
- package/lib/security-rules/security-rules.d.ts +1 -1
- package/lib/security-rules/security-rules.js +1 -1
- package/lib/storage/index.d.ts +1 -1
- package/lib/storage/index.js +1 -1
- package/lib/storage/storage-namespace.d.ts +1 -1
- package/lib/storage/storage-namespace.js +1 -1
- package/lib/storage/storage.d.ts +1 -1
- package/lib/storage/storage.js +1 -1
- package/lib/utils/api-request.d.ts +1 -1
- package/lib/utils/api-request.js +1 -1
- package/lib/utils/crypto-signer.d.ts +1 -1
- package/lib/utils/crypto-signer.js +1 -1
- package/lib/utils/deep-copy.d.ts +1 -1
- package/lib/utils/deep-copy.js +1 -1
- package/lib/utils/error.d.ts +1 -1
- package/lib/utils/error.js +1 -1
- package/lib/utils/index.d.ts +1 -1
- package/lib/utils/index.js +1 -1
- package/lib/utils/jwt.d.ts +1 -1
- package/lib/utils/jwt.js +1 -1
- package/lib/utils/validator.d.ts +1 -1
- package/lib/utils/validator.js +1 -1
- package/package.json +9 -9
package/lib/app/core.d.ts
CHANGED
package/lib/app/core.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
/*! firebase-admin v11.
|
|
1
|
+
/*! firebase-admin v11.6.0 */
|
|
2
2
|
/*!
|
|
3
3
|
* @license
|
|
4
4
|
* Copyright 2020 Google Inc.
|
|
@@ -86,6 +86,28 @@ export declare class RefreshTokenCredential implements Credential {
|
|
|
86
86
|
constructor(refreshTokenPathOrObject: string | object, httpAgent?: Agent | undefined, implicit?: boolean);
|
|
87
87
|
getAccessToken(): Promise<GoogleOAuthAccessToken>;
|
|
88
88
|
}
|
|
89
|
+
/**
|
|
90
|
+
* Implementation of Credential that uses impersonated service account.
|
|
91
|
+
*/
|
|
92
|
+
export declare class ImpersonatedServiceAccountCredential implements Credential {
|
|
93
|
+
private readonly httpAgent?;
|
|
94
|
+
readonly implicit: boolean;
|
|
95
|
+
private readonly impersonatedServiceAccount;
|
|
96
|
+
private readonly httpClient;
|
|
97
|
+
/**
|
|
98
|
+
* Creates a new ImpersonatedServiceAccountCredential from the given parameters.
|
|
99
|
+
*
|
|
100
|
+
* @param impersonatedServiceAccountPathOrObject - Impersonated Service account json object or
|
|
101
|
+
* path to a service account json file.
|
|
102
|
+
* @param httpAgent - Optional http.Agent to use when calling the remote token server.
|
|
103
|
+
* @param implicit - An optional boolean indicating whether this credential was implicitly
|
|
104
|
+
* discovered from the environment, as opposed to being explicitly specified by the developer.
|
|
105
|
+
*
|
|
106
|
+
* @constructor
|
|
107
|
+
*/
|
|
108
|
+
constructor(impersonatedServiceAccountPathOrObject: string | object, httpAgent?: Agent | undefined, implicit?: boolean);
|
|
109
|
+
getAccessToken(): Promise<GoogleOAuthAccessToken>;
|
|
110
|
+
}
|
|
89
111
|
/**
|
|
90
112
|
* Checks if the given credential was loaded via the application default credentials mechanism. This
|
|
91
113
|
* includes all ComputeEngineCredential instances, and the ServiceAccountCredential and RefreshTokenCredential
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
/*! firebase-admin v11.
|
|
1
|
+
/*! firebase-admin v11.6.0 */
|
|
2
2
|
"use strict";
|
|
3
3
|
/*!
|
|
4
4
|
* @license
|
|
@@ -17,7 +17,7 @@
|
|
|
17
17
|
* limitations under the License.
|
|
18
18
|
*/
|
|
19
19
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
20
|
-
exports.getApplicationDefault = exports.isApplicationDefault = exports.RefreshTokenCredential = exports.ComputeEngineCredential = exports.ServiceAccountCredential = void 0;
|
|
20
|
+
exports.getApplicationDefault = exports.isApplicationDefault = exports.ImpersonatedServiceAccountCredential = exports.RefreshTokenCredential = exports.ComputeEngineCredential = exports.ServiceAccountCredential = void 0;
|
|
21
21
|
const fs = require("fs");
|
|
22
22
|
const os = require("os");
|
|
23
23
|
const path = require("path");
|
|
@@ -297,6 +297,90 @@ class RefreshToken {
|
|
|
297
297
|
}
|
|
298
298
|
}
|
|
299
299
|
}
|
|
300
|
+
/**
|
|
301
|
+
* Implementation of Credential that uses impersonated service account.
|
|
302
|
+
*/
|
|
303
|
+
class ImpersonatedServiceAccountCredential {
|
|
304
|
+
/**
|
|
305
|
+
* Creates a new ImpersonatedServiceAccountCredential from the given parameters.
|
|
306
|
+
*
|
|
307
|
+
* @param impersonatedServiceAccountPathOrObject - Impersonated Service account json object or
|
|
308
|
+
* path to a service account json file.
|
|
309
|
+
* @param httpAgent - Optional http.Agent to use when calling the remote token server.
|
|
310
|
+
* @param implicit - An optional boolean indicating whether this credential was implicitly
|
|
311
|
+
* discovered from the environment, as opposed to being explicitly specified by the developer.
|
|
312
|
+
*
|
|
313
|
+
* @constructor
|
|
314
|
+
*/
|
|
315
|
+
constructor(impersonatedServiceAccountPathOrObject, httpAgent, implicit = false) {
|
|
316
|
+
this.httpAgent = httpAgent;
|
|
317
|
+
this.implicit = implicit;
|
|
318
|
+
this.impersonatedServiceAccount = (typeof impersonatedServiceAccountPathOrObject === 'string') ?
|
|
319
|
+
ImpersonatedServiceAccount.fromPath(impersonatedServiceAccountPathOrObject)
|
|
320
|
+
: new ImpersonatedServiceAccount(impersonatedServiceAccountPathOrObject);
|
|
321
|
+
this.httpClient = new api_request_1.HttpClient();
|
|
322
|
+
}
|
|
323
|
+
getAccessToken() {
|
|
324
|
+
const postData = 'client_id=' + this.impersonatedServiceAccount.clientId + '&' +
|
|
325
|
+
'client_secret=' + this.impersonatedServiceAccount.clientSecret + '&' +
|
|
326
|
+
'refresh_token=' + this.impersonatedServiceAccount.refreshToken + '&' +
|
|
327
|
+
'grant_type=refresh_token';
|
|
328
|
+
const request = {
|
|
329
|
+
method: 'POST',
|
|
330
|
+
url: `https://${REFRESH_TOKEN_HOST}${REFRESH_TOKEN_PATH}`,
|
|
331
|
+
headers: {
|
|
332
|
+
'Content-Type': 'application/x-www-form-urlencoded',
|
|
333
|
+
},
|
|
334
|
+
data: postData,
|
|
335
|
+
httpAgent: this.httpAgent,
|
|
336
|
+
};
|
|
337
|
+
return requestAccessToken(this.httpClient, request);
|
|
338
|
+
}
|
|
339
|
+
}
|
|
340
|
+
exports.ImpersonatedServiceAccountCredential = ImpersonatedServiceAccountCredential;
|
|
341
|
+
/**
|
|
342
|
+
* A struct containing the properties necessary to use impersonated service account JSON credentials.
|
|
343
|
+
*/
|
|
344
|
+
class ImpersonatedServiceAccount {
|
|
345
|
+
constructor(json) {
|
|
346
|
+
const sourceCredentials = json['source_credentials'];
|
|
347
|
+
if (sourceCredentials) {
|
|
348
|
+
copyAttr(this, sourceCredentials, 'clientId', 'client_id');
|
|
349
|
+
copyAttr(this, sourceCredentials, 'clientSecret', 'client_secret');
|
|
350
|
+
copyAttr(this, sourceCredentials, 'refreshToken', 'refresh_token');
|
|
351
|
+
copyAttr(this, sourceCredentials, 'type', 'type');
|
|
352
|
+
}
|
|
353
|
+
let errorMessage;
|
|
354
|
+
if (!util.isNonEmptyString(this.clientId)) {
|
|
355
|
+
errorMessage = 'Impersonated Service Account must contain a "source_credentials.client_id" property.';
|
|
356
|
+
}
|
|
357
|
+
else if (!util.isNonEmptyString(this.clientSecret)) {
|
|
358
|
+
errorMessage = 'Impersonated Service Account must contain a "source_credentials.client_secret" property.';
|
|
359
|
+
}
|
|
360
|
+
else if (!util.isNonEmptyString(this.refreshToken)) {
|
|
361
|
+
errorMessage = 'Impersonated Service Account must contain a "source_credentials.refresh_token" property.';
|
|
362
|
+
}
|
|
363
|
+
else if (!util.isNonEmptyString(this.type)) {
|
|
364
|
+
errorMessage = 'Impersonated Service Account must contain a "source_credentials.type" property.';
|
|
365
|
+
}
|
|
366
|
+
if (typeof errorMessage !== 'undefined') {
|
|
367
|
+
throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_CREDENTIAL, errorMessage);
|
|
368
|
+
}
|
|
369
|
+
}
|
|
370
|
+
/*
|
|
371
|
+
* Tries to load a ImpersonatedServiceAccount from a path. Throws if the path doesn't exist or the
|
|
372
|
+
* data at the path is invalid.
|
|
373
|
+
*/
|
|
374
|
+
static fromPath(filePath) {
|
|
375
|
+
try {
|
|
376
|
+
return new ImpersonatedServiceAccount(JSON.parse(fs.readFileSync(filePath, 'utf8')));
|
|
377
|
+
}
|
|
378
|
+
catch (error) {
|
|
379
|
+
// Throw a nicely formed error message if the file contents cannot be parsed
|
|
380
|
+
throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_CREDENTIAL, 'Failed to parse impersonated service account file: ' + error);
|
|
381
|
+
}
|
|
382
|
+
}
|
|
383
|
+
}
|
|
300
384
|
/**
|
|
301
385
|
* Checks if the given credential was loaded via the application default credentials mechanism. This
|
|
302
386
|
* includes all ComputeEngineCredential instances, and the ServiceAccountCredential and RefreshTokenCredential
|
|
@@ -308,19 +392,19 @@ class RefreshToken {
|
|
|
308
392
|
function isApplicationDefault(credential) {
|
|
309
393
|
return credential instanceof ComputeEngineCredential ||
|
|
310
394
|
(credential instanceof ServiceAccountCredential && credential.implicit) ||
|
|
311
|
-
(credential instanceof RefreshTokenCredential && credential.implicit)
|
|
395
|
+
(credential instanceof RefreshTokenCredential && credential.implicit) ||
|
|
396
|
+
(credential instanceof ImpersonatedServiceAccountCredential && credential.implicit);
|
|
312
397
|
}
|
|
313
398
|
exports.isApplicationDefault = isApplicationDefault;
|
|
314
399
|
function getApplicationDefault(httpAgent) {
|
|
315
400
|
if (process.env.GOOGLE_APPLICATION_CREDENTIALS) {
|
|
316
|
-
return credentialFromFile(process.env.GOOGLE_APPLICATION_CREDENTIALS, httpAgent);
|
|
401
|
+
return credentialFromFile(process.env.GOOGLE_APPLICATION_CREDENTIALS, httpAgent, false);
|
|
317
402
|
}
|
|
318
403
|
// It is OK to not have this file. If it is present, it must be valid.
|
|
319
404
|
if (GCLOUD_CREDENTIAL_PATH) {
|
|
320
|
-
const
|
|
321
|
-
if (
|
|
322
|
-
return
|
|
323
|
-
}
|
|
405
|
+
const credential = credentialFromFile(GCLOUD_CREDENTIAL_PATH, httpAgent, true);
|
|
406
|
+
if (credential)
|
|
407
|
+
return credential;
|
|
324
408
|
}
|
|
325
409
|
return new ComputeEngineCredential(httpAgent);
|
|
326
410
|
}
|
|
@@ -392,9 +476,12 @@ function getDetailFromResponse(response) {
|
|
|
392
476
|
}
|
|
393
477
|
return response.text || 'Missing error payload';
|
|
394
478
|
}
|
|
395
|
-
function credentialFromFile(filePath, httpAgent) {
|
|
396
|
-
const credentialsFile = readCredentialFile(filePath);
|
|
479
|
+
function credentialFromFile(filePath, httpAgent, ignoreMissing) {
|
|
480
|
+
const credentialsFile = readCredentialFile(filePath, ignoreMissing);
|
|
397
481
|
if (typeof credentialsFile !== 'object' || credentialsFile === null) {
|
|
482
|
+
if (ignoreMissing) {
|
|
483
|
+
return null;
|
|
484
|
+
}
|
|
398
485
|
throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_CREDENTIAL, 'Failed to parse contents of the credentials file as an object');
|
|
399
486
|
}
|
|
400
487
|
if (credentialsFile.type === 'service_account') {
|
|
@@ -403,6 +490,9 @@ function credentialFromFile(filePath, httpAgent) {
|
|
|
403
490
|
if (credentialsFile.type === 'authorized_user') {
|
|
404
491
|
return new RefreshTokenCredential(credentialsFile, httpAgent, true);
|
|
405
492
|
}
|
|
493
|
+
if (credentialsFile.type === 'impersonated_service_account') {
|
|
494
|
+
return new ImpersonatedServiceAccountCredential(credentialsFile, httpAgent, true);
|
|
495
|
+
}
|
|
406
496
|
throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_CREDENTIAL, 'Invalid contents in the credentials file');
|
|
407
497
|
}
|
|
408
498
|
function readCredentialFile(filePath, ignoreMissing) {
|
package/lib/app/credential.d.ts
CHANGED
package/lib/app/credential.js
CHANGED
package/lib/app/firebase-app.js
CHANGED
package/lib/app/index.d.ts
CHANGED
package/lib/app/index.js
CHANGED
package/lib/app/lifecycle.d.ts
CHANGED
package/lib/app/lifecycle.js
CHANGED
package/lib/app-check/index.d.ts
CHANGED
package/lib/app-check/index.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
/*! firebase-admin v11.
|
|
1
|
+
/*! firebase-admin v11.6.0 */
|
|
2
2
|
/*!
|
|
3
3
|
* Copyright 2018 Google Inc.
|
|
4
4
|
*
|
|
@@ -386,6 +386,7 @@ declare type AuthFactorServerType = 'PHONE_SMS';
|
|
|
386
386
|
export interface MultiFactorAuthServerConfig {
|
|
387
387
|
state?: MultiFactorConfigState;
|
|
388
388
|
enabledProviders?: AuthFactorServerType[];
|
|
389
|
+
providerConfigs?: MultiFactorProviderConfig[];
|
|
389
390
|
}
|
|
390
391
|
/**
|
|
391
392
|
* Identifies a second factor type.
|
|
@@ -410,22 +411,31 @@ export interface MultiFactorConfig {
|
|
|
410
411
|
* Currently only ‘phone’ is supported.
|
|
411
412
|
*/
|
|
412
413
|
factorIds?: AuthFactorType[];
|
|
414
|
+
/**
|
|
415
|
+
* A list of multi-factor provider configurations.
|
|
416
|
+
* MFA providers (except phone) indicate whether they're enabled through this field. */
|
|
417
|
+
providerConfigs?: MultiFactorProviderConfig[];
|
|
418
|
+
}
|
|
419
|
+
/**
|
|
420
|
+
* Interface representing a multi-factor auth provider configuration.
|
|
421
|
+
* This interface is used for second factor auth providers other than SMS.
|
|
422
|
+
* Currently, only TOTP is supported.
|
|
423
|
+
*/ export interface MultiFactorProviderConfig {
|
|
424
|
+
/**
|
|
425
|
+
* Indicates whether this multi-factor provider is enabled or disabled. */
|
|
426
|
+
state: MultiFactorConfigState;
|
|
427
|
+
/**
|
|
428
|
+
* TOTP multi-factor provider config. */
|
|
429
|
+
totpProviderConfig?: TotpMultiFactorProviderConfig;
|
|
413
430
|
}
|
|
414
431
|
/**
|
|
415
|
-
*
|
|
416
|
-
* to a format that is understood by the Auth server.
|
|
432
|
+
* Interface representing configuration settings for TOTP second factor auth.
|
|
417
433
|
*/
|
|
418
|
-
export
|
|
419
|
-
readonly state: MultiFactorConfigState;
|
|
420
|
-
readonly factorIds: AuthFactorType[];
|
|
434
|
+
export interface TotpMultiFactorProviderConfig {
|
|
421
435
|
/**
|
|
422
|
-
|
|
423
|
-
|
|
424
|
-
|
|
425
|
-
*/
|
|
426
|
-
private static validate;
|
|
427
|
-
/** @returns The plain object representation of the multi-factor config instance. */
|
|
428
|
-
toJSON(): object;
|
|
436
|
+
* The allowed number of adjacent intervals that will be used for verification
|
|
437
|
+
* to compensate for clock skew. */
|
|
438
|
+
adjacentIntervals?: number;
|
|
429
439
|
}
|
|
430
440
|
/**
|
|
431
441
|
* Validates the provided map of test phone number / code pairs.
|
package/lib/auth/auth-config.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
/*! firebase-admin v11.
|
|
1
|
+
/*! firebase-admin v11.6.0 */
|
|
2
2
|
"use strict";
|
|
3
3
|
/*!
|
|
4
4
|
* Copyright 2018 Google Inc.
|
|
@@ -35,6 +35,8 @@ const AUTH_FACTOR_SERVER_TO_CLIENT_TYPE = Object.keys(AUTH_FACTOR_CLIENT_TO_SERV
|
|
|
35
35
|
/**
|
|
36
36
|
* Defines the multi-factor config class used to convert client side MultiFactorConfig
|
|
37
37
|
* to a format that is understood by the Auth server.
|
|
38
|
+
*
|
|
39
|
+
* @internal
|
|
38
40
|
*/
|
|
39
41
|
class MultiFactorAuthConfig {
|
|
40
42
|
/**
|
|
@@ -58,6 +60,18 @@ class MultiFactorAuthConfig {
|
|
|
58
60
|
this.factorIds.push(AUTH_FACTOR_SERVER_TO_CLIENT_TYPE[enabledProvider]);
|
|
59
61
|
}
|
|
60
62
|
});
|
|
63
|
+
this.providerConfigs = [];
|
|
64
|
+
(response.providerConfigs || []).forEach((providerConfig) => {
|
|
65
|
+
if (typeof providerConfig !== 'undefined') {
|
|
66
|
+
if (typeof providerConfig.state === 'undefined' ||
|
|
67
|
+
typeof providerConfig.totpProviderConfig === 'undefined' ||
|
|
68
|
+
(typeof providerConfig.totpProviderConfig.adjacentIntervals !== 'undefined' &&
|
|
69
|
+
typeof providerConfig.totpProviderConfig.adjacentIntervals !== 'number')) {
|
|
70
|
+
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INTERNAL_ERROR, 'INTERNAL ASSERT FAILED: Invalid multi-factor configuration response');
|
|
71
|
+
}
|
|
72
|
+
this.providerConfigs.push(providerConfig);
|
|
73
|
+
}
|
|
74
|
+
});
|
|
61
75
|
}
|
|
62
76
|
/**
|
|
63
77
|
* Static method to convert a client side request to a MultiFactorAuthServerConfig.
|
|
@@ -85,6 +99,9 @@ class MultiFactorAuthConfig {
|
|
|
85
99
|
request.enabledProviders = [];
|
|
86
100
|
}
|
|
87
101
|
}
|
|
102
|
+
if (Object.prototype.hasOwnProperty.call(options, 'providerConfigs')) {
|
|
103
|
+
request.providerConfigs = options.providerConfigs;
|
|
104
|
+
}
|
|
88
105
|
return request;
|
|
89
106
|
}
|
|
90
107
|
/**
|
|
@@ -96,6 +113,7 @@ class MultiFactorAuthConfig {
|
|
|
96
113
|
const validKeys = {
|
|
97
114
|
state: true,
|
|
98
115
|
factorIds: true,
|
|
116
|
+
providerConfigs: true,
|
|
99
117
|
};
|
|
100
118
|
if (!validator.isNonNullObject(options)) {
|
|
101
119
|
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_CONFIG, '"MultiFactorConfig" must be a non-null object.');
|
|
@@ -123,12 +141,57 @@ class MultiFactorAuthConfig {
|
|
|
123
141
|
}
|
|
124
142
|
});
|
|
125
143
|
}
|
|
144
|
+
if (typeof options.providerConfigs !== 'undefined') {
|
|
145
|
+
if (!validator.isArray(options.providerConfigs)) {
|
|
146
|
+
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_CONFIG, '"MultiFactorConfig.providerConfigs" must be an array of valid "MultiFactorProviderConfig."');
|
|
147
|
+
}
|
|
148
|
+
//Validate content of array.
|
|
149
|
+
options.providerConfigs.forEach((multiFactorProviderConfig) => {
|
|
150
|
+
if (typeof multiFactorProviderConfig === 'undefined' || !validator.isObject(multiFactorProviderConfig)) {
|
|
151
|
+
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_CONFIG, `"${multiFactorProviderConfig}" is not a valid "MultiFactorProviderConfig" type.`);
|
|
152
|
+
}
|
|
153
|
+
const validProviderConfigKeys = {
|
|
154
|
+
state: true,
|
|
155
|
+
totpProviderConfig: true,
|
|
156
|
+
};
|
|
157
|
+
for (const key in multiFactorProviderConfig) {
|
|
158
|
+
if (!(key in validProviderConfigKeys)) {
|
|
159
|
+
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_CONFIG, `"${key}" is not a valid ProviderConfig parameter.`);
|
|
160
|
+
}
|
|
161
|
+
}
|
|
162
|
+
if (typeof multiFactorProviderConfig.state === 'undefined' ||
|
|
163
|
+
(multiFactorProviderConfig.state !== 'ENABLED' &&
|
|
164
|
+
multiFactorProviderConfig.state !== 'DISABLED')) {
|
|
165
|
+
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_CONFIG, '"MultiFactorConfig.providerConfigs.state" must be either "ENABLED" or "DISABLED".');
|
|
166
|
+
}
|
|
167
|
+
// Since TOTP is the only provider config available right now, not defining it will lead into an error
|
|
168
|
+
if (typeof multiFactorProviderConfig.totpProviderConfig === 'undefined') {
|
|
169
|
+
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_CONFIG, '"MultiFactorConfig.providerConfigs.totpProviderConfig" must be defined.');
|
|
170
|
+
}
|
|
171
|
+
const validTotpProviderConfigKeys = {
|
|
172
|
+
adjacentIntervals: true,
|
|
173
|
+
};
|
|
174
|
+
for (const key in multiFactorProviderConfig.totpProviderConfig) {
|
|
175
|
+
if (!(key in validTotpProviderConfigKeys)) {
|
|
176
|
+
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_CONFIG, `"${key}" is not a valid TotpProviderConfig parameter.`);
|
|
177
|
+
}
|
|
178
|
+
}
|
|
179
|
+
const adjIntervals = multiFactorProviderConfig.totpProviderConfig.adjacentIntervals;
|
|
180
|
+
if (typeof adjIntervals !== 'undefined' &&
|
|
181
|
+
(!Number.isInteger(adjIntervals) || adjIntervals < 0 || adjIntervals > 10)) {
|
|
182
|
+
throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, '"MultiFactorConfig.providerConfigs.totpProviderConfig.adjacentIntervals" must' +
|
|
183
|
+
' be a valid number between 0 and 10 (both inclusive).');
|
|
184
|
+
}
|
|
185
|
+
});
|
|
186
|
+
}
|
|
126
187
|
}
|
|
127
|
-
/**
|
|
188
|
+
/** Converts MultiFactorConfig to JSON object
|
|
189
|
+
* @returns The plain object representation of the multi-factor config instance. */
|
|
128
190
|
toJSON() {
|
|
129
191
|
return {
|
|
130
192
|
state: this.state,
|
|
131
193
|
factorIds: this.factorIds,
|
|
194
|
+
providerConfigs: this.providerConfigs,
|
|
132
195
|
};
|
|
133
196
|
}
|
|
134
197
|
}
|
package/lib/auth/auth.d.ts
CHANGED
package/lib/auth/auth.js
CHANGED
package/lib/auth/base-auth.d.ts
CHANGED
package/lib/auth/base-auth.js
CHANGED
package/lib/auth/identifier.d.ts
CHANGED
package/lib/auth/identifier.js
CHANGED