firebase-admin 11.5.0 → 11.7.0

package/lib/app/core.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.5.0 */
+/*! firebase-admin v11.7.0 */
 /*!
  * @license
  * Copyright 2021 Google Inc.

package/lib/app/core.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.5.0 */
+/*! firebase-admin v11.7.0 */
 "use strict";
 /*!
  * @license

package/lib/app/credential-factory.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.5.0 */
+/*! firebase-admin v11.7.0 */
 /*!
  * @license
  * Copyright 2021 Google Inc.

package/lib/app/credential-factory.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.5.0 */
+/*! firebase-admin v11.7.0 */
 "use strict";
 /*!
  * @license

package/lib/app/credential-internal.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.5.0 */
+/*! firebase-admin v11.7.0 */
 /*!
  * @license
  * Copyright 2020 Google Inc.

package/lib/app/credential-internal.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.5.0 */
+/*! firebase-admin v11.7.0 */
 "use strict";
 /*!
  * @license
@@ -115,6 +115,15 @@ exports.ServiceAccountCredential = ServiceAccountCredential;
  * A struct containing the properties necessary to use service account JSON credentials.
  */
 class ServiceAccount {
+    static fromPath(filePath) {
+        try {
+            return new ServiceAccount(JSON.parse(fs.readFileSync(filePath, 'utf8')));
+        }
+        catch (error) {
+            // Throw a nicely formed error message if the file contents cannot be parsed
+            throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_CREDENTIAL, 'Failed to parse service account json file: ' + error);
+        }
+    }
     constructor(json) {
         if (!util.isNonNullObject(json)) {
             throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_CREDENTIAL, 'Service account must be an object.');
@@ -144,15 +153,6 @@ class ServiceAccount {
             throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_CREDENTIAL, 'Failed to parse private key: ' + error);
         }
     }
-    static fromPath(filePath) {
-        try {
-            return new ServiceAccount(JSON.parse(fs.readFileSync(filePath, 'utf8')));
-        }
-        catch (error) {
-            // Throw a nicely formed error message if the file contents cannot be parsed
-            throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_CREDENTIAL, 'Failed to parse service account json file: ' + error);
-        }
-    }
 }
 /**
  * Implementation of Credential that gets access tokens from the metadata service available
@@ -261,6 +261,19 @@ class RefreshTokenCredential {
 }
 exports.RefreshTokenCredential = RefreshTokenCredential;
 class RefreshToken {
+    /*
+     * Tries to load a RefreshToken from a path. Throws if the path doesn't exist or the
+     * data at the path is invalid.
+     */
+    static fromPath(filePath) {
+        try {
+            return new RefreshToken(JSON.parse(fs.readFileSync(filePath, 'utf8')));
+        }
+        catch (error) {
+            // Throw a nicely formed error message if the file contents cannot be parsed
+            throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_CREDENTIAL, 'Failed to parse refresh token file: ' + error);
+        }
+    }
     constructor(json) {
         copyAttr(this, json, 'clientId', 'client_id');
         copyAttr(this, json, 'clientSecret', 'client_secret');
@@ -283,19 +296,6 @@ class RefreshToken {
             throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_CREDENTIAL, errorMessage);
         }
     }
-    /*
-     * Tries to load a RefreshToken from a path. Throws if the path doesn't exist or the
-     * data at the path is invalid.
-     */
-    static fromPath(filePath) {
-        try {
-            return new RefreshToken(JSON.parse(fs.readFileSync(filePath, 'utf8')));
-        }
-        catch (error) {
-            // Throw a nicely formed error message if the file contents cannot be parsed
-            throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_CREDENTIAL, 'Failed to parse refresh token file: ' + error);
-        }
-    }
 }
 /**
  * Implementation of Credential that uses impersonated service account.
@@ -342,6 +342,19 @@ exports.ImpersonatedServiceAccountCredential = ImpersonatedServiceAccountCredent
  * A struct containing the properties necessary to use impersonated service account JSON credentials.
  */
 class ImpersonatedServiceAccount {
+    /*
+     * Tries to load a ImpersonatedServiceAccount from a path. Throws if the path doesn't exist or the
+     * data at the path is invalid.
+     */
+    static fromPath(filePath) {
+        try {
+            return new ImpersonatedServiceAccount(JSON.parse(fs.readFileSync(filePath, 'utf8')));
+        }
+        catch (error) {
+            // Throw a nicely formed error message if the file contents cannot be parsed
+            throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_CREDENTIAL, 'Failed to parse impersonated service account file: ' + error);
+        }
+    }
     constructor(json) {
         const sourceCredentials = json['source_credentials'];
         if (sourceCredentials) {
@@ -367,19 +380,6 @@ class ImpersonatedServiceAccount {
             throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_CREDENTIAL, errorMessage);
         }
     }
-    /*
-     * Tries to load a ImpersonatedServiceAccount from a path. Throws if the path doesn't exist or the
-     * data at the path is invalid.
-     */
-    static fromPath(filePath) {
-        try {
-            return new ImpersonatedServiceAccount(JSON.parse(fs.readFileSync(filePath, 'utf8')));
-        }
-        catch (error) {
-            // Throw a nicely formed error message if the file contents cannot be parsed
-            throw new error_1.FirebaseAppError(error_1.AppErrorCodes.INVALID_CREDENTIAL, 'Failed to parse impersonated service account file: ' + error);
-        }
-    }
 }
 /**
  * Checks if the given credential was loaded via the application default credentials mechanism. This

package/lib/app/credential.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.5.0 */
+/*! firebase-admin v11.7.0 */
 /*!
  * @license
  * Copyright 2021 Google Inc.

package/lib/app/credential.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.5.0 */
+/*! firebase-admin v11.7.0 */
 "use strict";
 /*!
  * @license

package/lib/app/firebase-app.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.5.0 */
+/*! firebase-admin v11.7.0 */
 /*!
  * @license
  * Copyright 2017 Google Inc.

package/lib/app/firebase-app.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.5.0 */
+/*! firebase-admin v11.7.0 */
 "use strict";
 /*!
  * @license

package/lib/app/firebase-namespace.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.5.0 */
+/*! firebase-admin v11.7.0 */
 /*!
  * @license
  * Copyright 2017 Google Inc.

package/lib/app/firebase-namespace.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.5.0 */
+/*! firebase-admin v11.7.0 */
 "use strict";
 /*!
  * @license

package/lib/app/index.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.5.0 */
+/*! firebase-admin v11.7.0 */
 /*!
  * @license
  * Copyright 2021 Google Inc.

package/lib/app/index.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.5.0 */
+/*! firebase-admin v11.7.0 */
 "use strict";
 /*!
  * @license

package/lib/app/lifecycle.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.5.0 */
+/*! firebase-admin v11.7.0 */
 /*!
  * @license
  * Copyright 2021 Google Inc.

package/lib/app/lifecycle.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.5.0 */
+/*! firebase-admin v11.7.0 */
 "use strict";
 /*!
  * @license

package/lib/app-check/app-check-api-client-internal.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.5.0 */
+/*! firebase-admin v11.7.0 */
 /*!
  * @license
  * Copyright 2021 Google Inc.
@@ -19,7 +19,7 @@ import { PrefixedFirebaseError } from '../utils/error';
 export declare const APP_CHECK_ERROR_CODE_MAPPING: {
     [key: string]: AppCheckErrorCode;
 };
-export declare type AppCheckErrorCode = 'aborted' | 'invalid-argument' | 'invalid-credential' | 'internal-error' | 'permission-denied' | 'unauthenticated' | 'not-found' | 'app-check-token-expired' | 'unknown-error';
+export type AppCheckErrorCode = 'aborted' | 'invalid-argument' | 'invalid-credential' | 'internal-error' | 'permission-denied' | 'unauthenticated' | 'not-found' | 'app-check-token-expired' | 'unknown-error';
 /**
  * Firebase App Check error code structure. This extends PrefixedFirebaseError.
  *

package/lib/app-check/app-check-api-client-internal.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.5.0 */
+/*! firebase-admin v11.7.0 */
 "use strict";
 /*!
  * @license

package/lib/app-check/app-check-api.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.5.0 */
+/*! firebase-admin v11.7.0 */
 /*!
  * @license
  * Copyright 2021 Google Inc.

package/lib/app-check/app-check-api.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.5.0 */
+/*! firebase-admin v11.7.0 */
 "use strict";
 /*!
  * @license

package/lib/app-check/app-check-namespace.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.5.0 */
+/*! firebase-admin v11.7.0 */
 /*!
  * Copyright 2021 Google Inc.
  *

package/lib/app-check/app-check-namespace.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.5.0 */
+/*! firebase-admin v11.7.0 */
 "use strict";
 /*!
  * Copyright 2021 Google Inc.

package/lib/app-check/app-check.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.5.0 */
+/*! firebase-admin v11.7.0 */
 /*!
  * @license
  * Copyright 2021 Google Inc.

package/lib/app-check/app-check.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.5.0 */
+/*! firebase-admin v11.7.0 */
 "use strict";
 /*!
  * @license

package/lib/app-check/index.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.5.0 */
+/*! firebase-admin v11.7.0 */
 /*!
  * @license
  * Copyright 2021 Google Inc.

package/lib/app-check/index.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.5.0 */
+/*! firebase-admin v11.7.0 */
 "use strict";
 /*!
  * @license

package/lib/app-check/token-generator.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.5.0 */
+/*! firebase-admin v11.7.0 */
 /*!
  * @license
  * Copyright 2021 Google Inc.

package/lib/app-check/token-generator.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.5.0 */
+/*! firebase-admin v11.7.0 */
 "use strict";
 /*!
  * @license

package/lib/app-check/token-verifier.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.5.0 */
+/*! firebase-admin v11.7.0 */
 /*!
  * Copyright 2021 Google Inc.
  *

package/lib/app-check/token-verifier.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.5.0 */
+/*! firebase-admin v11.7.0 */
 "use strict";
 /*!
  * Copyright 2021 Google Inc.

package/lib/auth/action-code-settings-builder.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.5.0 */
+/*! firebase-admin v11.7.0 */
 /*!
  * Copyright 2018 Google Inc.
  *

package/lib/auth/action-code-settings-builder.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.5.0 */
+/*! firebase-admin v11.7.0 */
 "use strict";
 /*!
  * Copyright 2018 Google Inc.

package/lib/auth/auth-api-request.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.5.0 */
+/*! firebase-admin v11.7.0 */
 /*!
  * @license
  * Copyright 2017 Google Inc.

package/lib/auth/auth-api-request.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.5.0 */
+/*! firebase-admin v11.7.0 */
 "use strict";
 /*!
  * @license
@@ -813,17 +813,6 @@ const LIST_INBOUND_SAML_CONFIGS = new api_request_1.ApiSettings('/inboundSamlCon
  * @internal
  */
 class AbstractAuthRequestHandler {
-    /**
-     * @param app - The app used to fetch access tokens to sign API requests.
-     * @constructor
-     */
-    constructor(app) {
-        this.app = app;
-        if (typeof app !== 'object' || app === null || !('options' in app)) {
-            throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, 'First argument passed to admin.auth() must be a valid Firebase app instance.');
-        }
-        this.httpClient = new AuthHttpClient(app);
-    }
     /**
      * @param response - The response to check for errors.
      * @returns The error code if present; null otherwise.
@@ -868,6 +857,17 @@ class AbstractAuthRequestHandler {
             : request.federatedUserId = [federatedUserId];
         return request;
     }
+    /**
+     * @param app - The app used to fetch access tokens to sign API requests.
+     * @constructor
+     */
+    constructor(app) {
+        this.app = app;
+        if (typeof app !== 'object' || app === null || !('options' in app)) {
+            throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ARGUMENT, 'First argument passed to admin.auth() must be a valid Firebase app instance.');
+        }
+        this.httpClient = new AuthHttpClient(app);
+    }
     /**
      * Creates a new Firebase session cookie with the specified duration that can be used for
      * session management (set as a server side session cookie with custom cookie policy).

package/lib/auth/auth-config.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.5.0 */
+/*! firebase-admin v11.7.0 */
 /*!
  * Copyright 2018 Google Inc.
  *
@@ -42,7 +42,7 @@ export interface CreatePhoneMultiFactorInfoRequest extends BaseCreateMultiFactor
  * Type representing the properties of a user-enrolled second factor
  * for a `CreateRequest`.
  */
-export declare type CreateMultiFactorInfoRequest = CreatePhoneMultiFactorInfoRequest;
+export type CreateMultiFactorInfoRequest = CreatePhoneMultiFactorInfoRequest;
 /**
  * Interface representing common properties of a user-enrolled second factor
  * for an `UpdateRequest`.
@@ -80,7 +80,7 @@ export interface UpdatePhoneMultiFactorInfoRequest extends BaseUpdateMultiFactor
  * Type representing the properties of a user-enrolled second factor
  * for an `UpdateRequest`.
  */
-export declare type UpdateMultiFactorInfoRequest = UpdatePhoneMultiFactorInfoRequest;
+export type UpdateMultiFactorInfoRequest = UpdatePhoneMultiFactorInfoRequest;
 /**
  * The multi-factor related user settings for create operations.
  */
@@ -316,7 +316,7 @@ export interface OIDCUpdateAuthProviderRequest {
      */
     responseType?: OAuthResponseType;
 }
-export declare type UpdateAuthProviderRequest = SAMLUpdateAuthProviderRequest | OIDCUpdateAuthProviderRequest;
+export type UpdateAuthProviderRequest = SAMLUpdateAuthProviderRequest | OIDCUpdateAuthProviderRequest;
 /** A maximum of 10 test phone number / code pairs can be configured. */
 export declare const MAXIMUM_TEST_PHONE_NUMBERS = 10;
 /** The server side SAML configuration request interface. */
@@ -381,20 +381,21 @@ export interface EmailSignInConfigServerRequest {
     enableEmailLinkSignin?: boolean;
 }
 /** Identifies the server side second factor type. */
-declare type AuthFactorServerType = 'PHONE_SMS';
+type AuthFactorServerType = 'PHONE_SMS';
 /** Server side multi-factor configuration. */
 export interface MultiFactorAuthServerConfig {
     state?: MultiFactorConfigState;
     enabledProviders?: AuthFactorServerType[];
+    providerConfigs?: MultiFactorProviderConfig[];
 }
 /**
  * Identifies a second factor type.
  */
-export declare type AuthFactorType = 'phone';
+export type AuthFactorType = 'phone';
 /**
  * Identifies a multi-factor configuration state.
  */
-export declare type MultiFactorConfigState = 'ENABLED' | 'DISABLED';
+export type MultiFactorConfigState = 'ENABLED' | 'DISABLED';
 /**
  * Interface representing a multi-factor configuration.
  * This can be used to define whether multi-factor authentication is enabled
@@ -410,22 +411,31 @@ export interface MultiFactorConfig {
      * Currently only ‘phone’ is supported.
      */
     factorIds?: AuthFactorType[];
+    /**
+     * A list of multi-factor provider configurations.
+     * MFA providers (except phone) indicate whether they're enabled through this field.   */
+    providerConfigs?: MultiFactorProviderConfig[];
+}
+/**
+ * Interface representing a multi-factor auth provider configuration.
+ * This interface is used for second factor auth providers other than SMS.
+ * Currently, only TOTP is supported.
+ */ export interface MultiFactorProviderConfig {
+    /**
+     * Indicates whether this multi-factor provider is enabled or disabled.    */
+    state: MultiFactorConfigState;
+    /**
+     * TOTP multi-factor provider config.   */
+    totpProviderConfig?: TotpMultiFactorProviderConfig;
 }
 /**
- * Defines the multi-factor config class used to convert client side MultiFactorConfig
- * to a format that is understood by the Auth server.
+ * Interface representing configuration settings for TOTP second factor auth.
  */
-export declare class MultiFactorAuthConfig implements MultiFactorConfig {
-    readonly state: MultiFactorConfigState;
-    readonly factorIds: AuthFactorType[];
+export interface TotpMultiFactorProviderConfig {
     /**
-     * Validates the MultiFactorConfig options object. Throws an error on failure.
-     *
-     * @param options - The options object to validate.
-     */
-    private static validate;
-    /** @returns The plain object representation of the multi-factor config instance. */
-    toJSON(): object;
+      *  The allowed number of adjacent intervals that will be used for verification
+      *  to compensate for clock skew.   */
+    adjacentIntervals?: number;
 }
 /**
  * Validates the provided map of test phone number / code pairs.
@@ -571,13 +581,13 @@ export interface OIDCAuthProviderConfig extends BaseAuthProviderConfig {
  * The Auth provider configuration type.
  * {@link BaseAuth.createProviderConfig}.
  */
-export declare type AuthProviderConfig = SAMLAuthProviderConfig | OIDCAuthProviderConfig;
+export type AuthProviderConfig = SAMLAuthProviderConfig | OIDCAuthProviderConfig;
 /**
  * The request interface for updating a SMS Region Config.
  * Configures the regions where users are allowed to send verification SMS.
  * This is based on the calling code of the destination phone number.
  */
-export declare type SmsRegionConfig = AllowByDefaultWrap | AllowlistOnlyWrap;
+export type SmsRegionConfig = AllowByDefaultWrap | AllowlistOnlyWrap;
 /**
  * Mutual exclusive SMS Region Config of AllowByDefault interface
  */
@@ -627,4 +637,93 @@ export interface AllowlistOnly {
    */
     allowedRegions: string[];
 }
+/**
+* Enforcement state of reCAPTCHA protection.
+*   - 'OFF': Unenforced.
+*   - 'AUDIT': Create assessment but don't enforce the result.
+*   - 'ENFORCE': Create assessment and enforce the result.
+*/
+export type RecaptchaProviderEnforcementState = 'OFF' | 'AUDIT' | 'ENFORCE';
+/**
+* The actions to take for reCAPTCHA-protected requests.
+*   - 'BLOCK': The reCAPTCHA-protected request will be blocked.
+*/
+export type RecaptchaAction = 'BLOCK';
+/**
+ * The config for a reCAPTCHA action rule.
+ */
+export interface RecaptchaManagedRule {
+    /**
+     * The action will be enforced if the reCAPTCHA score of a request is larger than endScore.
+     */
+    endScore: number;
+    /**
+    * The action for reCAPTCHA-protected requests.
+    */
+    action?: RecaptchaAction;
+}
+/**
+ * The key's platform type.
+ */
+export type RecaptchaKeyClientType = 'WEB' | 'IOS' | 'ANDROID';
+/**
+ * The reCAPTCHA key config.
+ */
+export interface RecaptchaKey {
+    /**
+     * The key's client platform type.
+     */
+    type?: RecaptchaKeyClientType;
+    /**
+     * The reCAPTCHA site key.
+     */
+    key: string;
+}
+/**
+ * The request interface for updating a reCAPTCHA Config.
+ * By enabling reCAPTCHA Enterprise Integration you are
+ * agreeing to reCAPTCHA Enterprise
+ * {@link https://cloud.google.com/terms/service-terms | Term of Service}.
+ */
+export interface RecaptchaConfig {
+    /**
+    * The enforcement state of the email password provider.
+    */
+    emailPasswordEnforcementState?: RecaptchaProviderEnforcementState;
+    /**
+     *  The reCAPTCHA managed rules.
+     */
+    managedRules?: RecaptchaManagedRule[];
+    /**
+     * The reCAPTCHA keys.
+     */
+    recaptchaKeys?: RecaptchaKey[];
+    /**
+     * Whether to use account defender for reCAPTCHA assessment.
+     * The default value is false.
+     */
+    useAccountDefender?: boolean;
+}
+export declare class RecaptchaAuthConfig implements RecaptchaConfig {
+    readonly emailPasswordEnforcementState?: RecaptchaProviderEnforcementState;
+    readonly managedRules?: RecaptchaManagedRule[];
+    readonly recaptchaKeys?: RecaptchaKey[];
+    readonly useAccountDefender?: boolean;
+    constructor(recaptchaConfig: RecaptchaConfig);
+    /**
+     * Validates the RecaptchaConfig options object. Throws an error on failure.
+     * @param options - The options object to validate.
+     */
+    static validate(options: RecaptchaConfig): void;
+    /**
+     * Validate each element in ManagedRule array
+     * @param options - The options object to validate.
+     */
+    private static validateManagedRule;
+    /**
+     * Returns a JSON-serializable representation of this object.
+     * @returns The JSON-serializable object representation of the ReCaptcha config instance
+     */
+    toJSON(): object;
+}
 export {};