firebase-admin 11.7.0 → 11.9.0

package/lib/auth/auth-config.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.7.0 */
+/*! firebase-admin v11.9.0 */
 "use strict";
 /*!
  * Copyright 2018 Google Inc.
@@ -16,7 +16,7 @@
  * limitations under the License.
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.RecaptchaAuthConfig = exports.SmsRegionsAuthConfig = exports.OIDCConfig = exports.SAMLConfig = exports.EmailSignInConfig = exports.validateTestPhoneNumbers = exports.MultiFactorAuthConfig = exports.MAXIMUM_TEST_PHONE_NUMBERS = void 0;
+exports.PasswordPolicyAuthConfig = exports.RecaptchaAuthConfig = exports.SmsRegionsAuthConfig = exports.OIDCConfig = exports.SAMLConfig = exports.EmailSignInConfig = exports.validateTestPhoneNumbers = exports.MultiFactorAuthConfig = exports.MAXIMUM_TEST_PHONE_NUMBERS = void 0;
 const validator = require("../utils/validator");
 const deep_copy_1 = require("../utils/deep-copy");
 const error_1 = require("../utils/error");
@@ -644,7 +644,7 @@ class OIDCConfig {
             const allKeys = Object.keys(options.responseType).length;
             const enabledCount = Object.values(options.responseType).filter(Boolean).length;
             // Only one of OAuth response types can be set to true.
-            if (allKeys > 1 && enabledCount != 1) {
+            if (allKeys > 1 && enabledCount !== 1) {
                 throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_OAUTH_RESPONSETYPE, 'Only exactly one OAuth responseType should be set to true.');
             }
         }
@@ -799,7 +799,7 @@ class RecaptchaAuthConfig {
                 RecaptchaAuthConfig.validateManagedRule(managedRule);
             });
         }
-        if (typeof options.useAccountDefender != 'undefined') {
+        if (typeof options.useAccountDefender !== 'undefined') {
             if (!validator.isBoolean(options.useAccountDefender)) {
                 throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_CONFIG, '"RecaptchaConfig.useAccountDefender" must be a boolean value".');
             }
@@ -856,3 +856,193 @@ class RecaptchaAuthConfig {
     }
 }
 exports.RecaptchaAuthConfig = RecaptchaAuthConfig;
+/**
+ * Defines the password policy config class used to convert client side PasswordPolicyConfig
+ * to a format that is understood by the Auth server.
+ *
+ * @internal
+ */
+class PasswordPolicyAuthConfig {
+    /**
+     * Static method to convert a client side request to a PasswordPolicyAuthServerConfig.
+     * Throws an error if validation fails.
+     *
+     * @param options - The options object to convert to a server request.
+     * @returns The resulting server request.
+     * @internal
+     */
+    static buildServerRequest(options) {
+        const request = {};
+        PasswordPolicyAuthConfig.validate(options);
+        if (Object.prototype.hasOwnProperty.call(options, 'enforcementState')) {
+            request.passwordPolicyEnforcementState = options.enforcementState;
+        }
+        request.forceUpgradeOnSignin = false;
+        if (Object.prototype.hasOwnProperty.call(options, 'forceUpgradeOnSignin')) {
+            request.forceUpgradeOnSignin = options.forceUpgradeOnSignin;
+        }
+        const constraintsRequest = {
+            containsUppercaseCharacter: false,
+            containsLowercaseCharacter: false,
+            containsNonAlphanumericCharacter: false,
+            containsNumericCharacter: false,
+            minPasswordLength: 6,
+            maxPasswordLength: 4096,
+        };
+        request.passwordPolicyVersions = [];
+        if (Object.prototype.hasOwnProperty.call(options, 'constraints')) {
+            if (options) {
+                if (options.constraints?.requireUppercase !== undefined) {
+                    constraintsRequest.containsUppercaseCharacter = options.constraints.requireUppercase;
+                }
+                if (options.constraints?.requireLowercase !== undefined) {
+                    constraintsRequest.containsLowercaseCharacter = options.constraints.requireLowercase;
+                }
+                if (options.constraints?.requireNonAlphanumeric !== undefined) {
+                    constraintsRequest.containsNonAlphanumericCharacter = options.constraints.requireNonAlphanumeric;
+                }
+                if (options.constraints?.requireNumeric !== undefined) {
+                    constraintsRequest.containsNumericCharacter = options.constraints.requireNumeric;
+                }
+                if (options.constraints?.minLength !== undefined) {
+                    constraintsRequest.minPasswordLength = options.constraints.minLength;
+                }
+                if (options.constraints?.maxLength !== undefined) {
+                    constraintsRequest.maxPasswordLength = options.constraints.maxLength;
+                }
+            }
+        }
+        request.passwordPolicyVersions.push({ customStrengthOptions: constraintsRequest });
+        return request;
+    }
+    /**
+     * Validates the PasswordPolicyConfig options object. Throws an error on failure.
+     *
+     * @param options - The options object to validate.
+     * @internal
+     */
+    static validate(options) {
+        const validKeys = {
+            enforcementState: true,
+            forceUpgradeOnSignin: true,
+            constraints: true,
+        };
+        if (!validator.isNonNullObject(options)) {
+            throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_CONFIG, '"PasswordPolicyConfig" must be a non-null object.');
+        }
+        // Check for unsupported top level attributes.
+        for (const key in options) {
+            if (!(key in validKeys)) {
+                throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_CONFIG, `"${key}" is not a valid PasswordPolicyConfig parameter.`);
+            }
+        }
+        // Validate content.
+        if (typeof options.enforcementState === 'undefined' ||
+            !(options.enforcementState === 'ENFORCE' ||
+                options.enforcementState === 'OFF')) {
+            throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_CONFIG, '"PasswordPolicyConfig.enforcementState" must be either "ENFORCE" or "OFF".');
+        }
+        if (typeof options.forceUpgradeOnSignin !== 'undefined') {
+            if (!validator.isBoolean(options.forceUpgradeOnSignin)) {
+                throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_CONFIG, '"PasswordPolicyConfig.forceUpgradeOnSignin" must be a boolean.');
+            }
+        }
+        if (typeof options.constraints !== 'undefined') {
+            if (options.enforcementState === 'ENFORCE' && !validator.isNonNullObject(options.constraints)) {
+                throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_CONFIG, '"PasswordPolicyConfig.constraints" must be a non-empty object.');
+            }
+            const validCharKeys = {
+                requireUppercase: true,
+                requireLowercase: true,
+                requireNumeric: true,
+                requireNonAlphanumeric: true,
+                minLength: true,
+                maxLength: true,
+            };
+            // Check for unsupported  attributes.
+            for (const key in options.constraints) {
+                if (!(key in validCharKeys)) {
+                    throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_CONFIG, `"${key}" is not a valid PasswordPolicyConfig.constraints parameter.`);
+                }
+            }
+            if (typeof options.constraints.requireUppercase !== undefined &&
+                !validator.isBoolean(options.constraints.requireUppercase)) {
+                throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_CONFIG, '"PasswordPolicyConfig.constraints.requireUppercase" must be a boolean.');
+            }
+            if (typeof options.constraints.requireLowercase !== undefined &&
+                !validator.isBoolean(options.constraints.requireLowercase)) {
+                throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_CONFIG, '"PasswordPolicyConfig.constraints.requireLowercase" must be a boolean.');
+            }
+            if (typeof options.constraints.requireNonAlphanumeric !== undefined &&
+                !validator.isBoolean(options.constraints.requireNonAlphanumeric)) {
+                throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_CONFIG, '"PasswordPolicyConfig.constraints.requireNonAlphanumeric"' +
+                    ' must be a boolean.');
+            }
+            if (typeof options.constraints.requireNumeric !== undefined &&
+                !validator.isBoolean(options.constraints.requireNumeric)) {
+                throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_CONFIG, '"PasswordPolicyConfig.constraints.requireNumeric" must be a boolean.');
+            }
+            if (!validator.isNumber(options.constraints.minLength)) {
+                throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_CONFIG, '"PasswordPolicyConfig.constraints.minLength" must be a number.');
+            }
+            if (!validator.isNumber(options.constraints.maxLength)) {
+                throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_CONFIG, '"PasswordPolicyConfig.constraints.maxLength" must be a number.');
+            }
+            if (options.constraints.minLength === undefined) {
+                options.constraints.minLength = 6;
+            }
+            else {
+                if (!(options.constraints.minLength >= 6
+                    && options.constraints.minLength <= 30)) {
+                    throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_CONFIG, '"PasswordPolicyConfig.constraints.minLength"' +
+                        ' must be an integer between 6 and 30, inclusive.');
+                }
+            }
+            if (options.constraints.maxLength === undefined) {
+                options.constraints.maxLength = 4096;
+            }
+            else {
+                if (!(options.constraints.maxLength >= options.constraints.minLength &&
+                    options.constraints.maxLength <= 4096)) {
+                    throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_CONFIG, '"PasswordPolicyConfig.constraints.maxLength"' +
+                        ' must be greater than or equal to minLength and at max 4096.');
+                }
+            }
+        }
+        else {
+            if (options.enforcementState === 'ENFORCE') {
+                throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_CONFIG, '"PasswordPolicyConfig.constraints" must be defined.');
+            }
+        }
+    }
+    /**
+     * The PasswordPolicyAuthConfig constructor.
+     *
+     * @param response - The server side response used to initialize the
+     *     PasswordPolicyAuthConfig object.
+     * @constructor
+     * @internal
+     */
+    constructor(response) {
+        if (typeof response.passwordPolicyEnforcementState === 'undefined') {
+            throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INTERNAL_ERROR, 'INTERNAL ASSERT FAILED: Invalid password policy configuration response');
+        }
+        this.enforcementState = response.passwordPolicyEnforcementState;
+        let constraintsResponse = {};
+        if (typeof response.passwordPolicyVersions !== 'undefined') {
+            (response.passwordPolicyVersions || []).forEach((policyVersion) => {
+                constraintsResponse = {
+                    requireLowercase: policyVersion.customStrengthOptions?.containsLowercaseCharacter,
+                    requireUppercase: policyVersion.customStrengthOptions?.containsUppercaseCharacter,
+                    requireNonAlphanumeric: policyVersion.customStrengthOptions?.containsNonAlphanumericCharacter,
+                    requireNumeric: policyVersion.customStrengthOptions?.containsNumericCharacter,
+                    minLength: policyVersion.customStrengthOptions?.minPasswordLength,
+                    maxLength: policyVersion.customStrengthOptions?.maxPasswordLength,
+                };
+            });
+        }
+        this.constraints = constraintsResponse;
+        this.forceUpgradeOnSignin = response.forceUpgradeOnSignin ? true : false;
+    }
+}
+exports.PasswordPolicyAuthConfig = PasswordPolicyAuthConfig;

package/lib/auth/auth-namespace.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.7.0 */
+/*! firebase-admin v11.9.0 */
 /*!
  * Copyright 2021 Google Inc.
  *

package/lib/auth/auth-namespace.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.7.0 */
+/*! firebase-admin v11.9.0 */
 "use strict";
 /*!
  * Copyright 2021 Google Inc.

package/lib/auth/auth.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.7.0 */
+/*! firebase-admin v11.9.0 */
 /*!
  * @license
  * Copyright 2017 Google Inc.

package/lib/auth/auth.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.7.0 */
+/*! firebase-admin v11.9.0 */
 "use strict";
 /*!
  * @license

package/lib/auth/base-auth.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.7.0 */
+/*! firebase-admin v11.9.0 */
 /*!
  * Copyright 2021 Google Inc.
  *

package/lib/auth/base-auth.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.7.0 */
+/*! firebase-admin v11.9.0 */
 "use strict";
 /*!
  * Copyright 2021 Google Inc.

package/lib/auth/identifier.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.7.0 */
+/*! firebase-admin v11.9.0 */
 /*!
  * Copyright 2020 Google Inc.
  *

package/lib/auth/identifier.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.7.0 */
+/*! firebase-admin v11.9.0 */
 "use strict";
 /*!
  * Copyright 2020 Google Inc.

package/lib/auth/index.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.7.0 */
+/*! firebase-admin v11.9.0 */
 /*!
  * Copyright 2020 Google Inc.
  *
@@ -45,7 +45,7 @@ import { Auth } from './auth';
 export declare function getAuth(app?: App): Auth;
 export { ActionCodeSettings } from './action-code-settings-builder';
 export { Auth, } from './auth';
-export { AllowByDefault, AllowByDefaultWrap, AllowlistOnly, AllowlistOnlyWrap, AuthFactorType, AuthProviderConfig, AuthProviderConfigFilter, BaseAuthProviderConfig, BaseCreateMultiFactorInfoRequest, BaseUpdateMultiFactorInfoRequest, CreateMultiFactorInfoRequest, CreatePhoneMultiFactorInfoRequest, CreateRequest, EmailSignInProviderConfig, ListProviderConfigResults, MultiFactorConfig, MultiFactorConfigState, MultiFactorCreateSettings, MultiFactorUpdateSettings, MultiFactorProviderConfig, OAuthResponseType, OIDCAuthProviderConfig, OIDCUpdateAuthProviderRequest, RecaptchaAction, RecaptchaConfig, RecaptchaKey, RecaptchaKeyClientType, RecaptchaManagedRule, RecaptchaProviderEnforcementState, SAMLAuthProviderConfig, SAMLUpdateAuthProviderRequest, SmsRegionConfig, UserProvider, UpdateAuthProviderRequest, UpdateMultiFactorInfoRequest, UpdatePhoneMultiFactorInfoRequest, UpdateRequest, TotpMultiFactorProviderConfig, } from './auth-config';
+export { AllowByDefault, AllowByDefaultWrap, AllowlistOnly, AllowlistOnlyWrap, AuthFactorType, AuthProviderConfig, AuthProviderConfigFilter, BaseAuthProviderConfig, BaseCreateMultiFactorInfoRequest, BaseUpdateMultiFactorInfoRequest, CreateMultiFactorInfoRequest, CreatePhoneMultiFactorInfoRequest, CreateRequest, EmailSignInProviderConfig, ListProviderConfigResults, MultiFactorConfig, MultiFactorConfigState, MultiFactorCreateSettings, MultiFactorUpdateSettings, MultiFactorProviderConfig, OAuthResponseType, OIDCAuthProviderConfig, OIDCUpdateAuthProviderRequest, RecaptchaAction, RecaptchaConfig, RecaptchaKey, RecaptchaKeyClientType, RecaptchaManagedRule, RecaptchaProviderEnforcementState, SAMLAuthProviderConfig, SAMLUpdateAuthProviderRequest, SmsRegionConfig, UserProvider, UpdateAuthProviderRequest, UpdateMultiFactorInfoRequest, UpdatePhoneMultiFactorInfoRequest, UpdateRequest, TotpMultiFactorProviderConfig, PasswordPolicyConfig, PasswordPolicyEnforcementState, CustomStrengthOptionsConfig, } from './auth-config';
 export { BaseAuth, DeleteUsersResult, GetUsersResult, ListUsersResult, SessionCookieOptions, } from './base-auth';
 export { EmailIdentifier, PhoneIdentifier, ProviderIdentifier, UidIdentifier, UserIdentifier, } from './identifier';
 export { CreateTenantRequest, Tenant, UpdateTenantRequest, } from './tenant';

package/lib/auth/index.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.7.0 */
+/*! firebase-admin v11.9.0 */
 "use strict";
 /*!
  * Copyright 2020 Google Inc.

package/lib/auth/project-config-manager.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.7.0 */
+/*! firebase-admin v11.9.0 */
 import { ProjectConfig, UpdateProjectConfigRequest } from './project-config';
 /**
  * Manages (gets and updates) the current project config.

package/lib/auth/project-config-manager.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.7.0 */
+/*! firebase-admin v11.9.0 */
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.ProjectConfigManager = void 0;

package/lib/auth/project-config.d.ts

@@ -1,5 +1,5 @@
-/*! firebase-admin v11.7.0 */
-import { SmsRegionConfig, MultiFactorConfig, MultiFactorAuthServerConfig, RecaptchaConfig } from './auth-config';
+/*! firebase-admin v11.9.0 */
+import { SmsRegionConfig, MultiFactorConfig, MultiFactorAuthServerConfig, RecaptchaConfig, PasswordPolicyAuthServerConfig, PasswordPolicyConfig } from './auth-config';
 /**
  * Interface representing the properties to update on the provided project config.
  */
@@ -19,6 +19,10 @@ export interface UpdateProjectConfigRequest {
      * {@link https://cloud.google.com/terms/service-terms | Term of Service}.
      */
     recaptchaConfig?: RecaptchaConfig;
+    /**
+     * The password policy configuration to update on the project
+     */
+    passwordPolicyConfig?: PasswordPolicyConfig;
 }
 /**
  * Response received when getting or updating the project config.
@@ -27,6 +31,7 @@ export interface ProjectConfigServerResponse {
     smsRegionConfig?: SmsRegionConfig;
     mfa?: MultiFactorAuthServerConfig;
     recaptchaConfig?: RecaptchaConfig;
+    passwordPolicyConfig?: PasswordPolicyAuthServerConfig;
 }
 /**
  * Request to update the project config.
@@ -35,6 +40,7 @@ export interface ProjectConfigClientRequest {
     smsRegionConfig?: SmsRegionConfig;
     mfa?: MultiFactorAuthServerConfig;
     recaptchaConfig?: RecaptchaConfig;
+    passwordPolicyConfig?: PasswordPolicyAuthServerConfig;
 }
 /**
 * Represents a project configuration.
@@ -62,6 +68,10 @@ export declare class ProjectConfig {
      * The multi-factor auth configuration.
      */
     get multiFactorConfig(): MultiFactorConfig | undefined;
+    /**
+     * The password policy configuration for the project
+     */
+    readonly passwordPolicyConfig?: PasswordPolicyConfig;
     /**
      * Validates a project config options object. Throws an error on failure.
      *

package/lib/auth/project-config.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.7.0 */
+/*! firebase-admin v11.9.0 */
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.ProjectConfig = void 0;
@@ -44,6 +44,7 @@ class ProjectConfig {
             smsRegionConfig: true,
             multiFactorConfig: true,
             recaptchaConfig: true,
+            passwordPolicyConfig: true,
         };
         // Check for unsupported top level attributes.
         for (const key in request) {
@@ -63,6 +64,10 @@ class ProjectConfig {
         if (typeof request.recaptchaConfig !== 'undefined') {
             auth_config_1.RecaptchaAuthConfig.validate(request.recaptchaConfig);
         }
+        // Validate Password policy Config if provided
+        if (typeof request.passwordPolicyConfig !== 'undefined') {
+            auth_config_1.PasswordPolicyAuthConfig.validate(request.passwordPolicyConfig);
+        }
     }
     /**
      * Build the corresponding server request for a UpdateProjectConfigRequest object.
@@ -73,15 +78,19 @@ class ProjectConfig {
      */
     static buildServerRequest(configOptions) {
         ProjectConfig.validate(configOptions);
-        const request = configOptions;
-        if (configOptions.multiFactorConfig !== undefined) {
+        const request = {};
+        if (typeof configOptions.smsRegionConfig !== 'undefined') {
+            request.smsRegionConfig = configOptions.smsRegionConfig;
+        }
+        if (typeof configOptions.multiFactorConfig !== 'undefined') {
             request.mfa = auth_config_1.MultiFactorAuthConfig.buildServerRequest(configOptions.multiFactorConfig);
         }
-        // Backend API returns "mfa" in case of project config and "mfaConfig" in case of tenant config.
-        // The SDK exposes it as multiFactorConfig always. 
-        // See https://cloud.google.com/identity-platform/docs/reference/rest/v2/projects.tenants#resource:-tenant 
-        // and https://cloud.google.com/identity-platform/docs/reference/rest/v2/Config
-        delete request.multiFactorConfig;
+        if (typeof configOptions.recaptchaConfig !== 'undefined') {
+            request.recaptchaConfig = configOptions.recaptchaConfig;
+        }
+        if (typeof configOptions.passwordPolicyConfig !== 'undefined') {
+            request.passwordPolicyConfig = auth_config_1.PasswordPolicyAuthConfig.buildServerRequest(configOptions.passwordPolicyConfig);
+        }
         return request;
     }
     /**
@@ -109,6 +118,9 @@ class ProjectConfig {
         if (typeof response.recaptchaConfig !== 'undefined') {
             this.recaptchaConfig_ = new auth_config_1.RecaptchaAuthConfig(response.recaptchaConfig);
         }
+        if (typeof response.passwordPolicyConfig !== 'undefined') {
+            this.passwordPolicyConfig = new auth_config_1.PasswordPolicyAuthConfig(response.passwordPolicyConfig);
+        }
     }
     /**
      * Returns a JSON-serializable representation of this object.
@@ -121,6 +133,7 @@ class ProjectConfig {
             smsRegionConfig: (0, deep_copy_1.deepCopy)(this.smsRegionConfig),
             multiFactorConfig: (0, deep_copy_1.deepCopy)(this.multiFactorConfig),
             recaptchaConfig: this.recaptchaConfig_?.toJSON(),
+            passwordPolicyConfig: (0, deep_copy_1.deepCopy)(this.passwordPolicyConfig),
         };
         if (typeof json.smsRegionConfig === 'undefined') {
             delete json.smsRegionConfig;
@@ -131,6 +144,9 @@ class ProjectConfig {
         if (typeof json.recaptchaConfig === 'undefined') {
             delete json.recaptchaConfig;
         }
+        if (typeof json.passwordPolicyConfig === 'undefined') {
+            delete json.passwordPolicyConfig;
+        }
         return json;
     }
 }

package/lib/auth/tenant-manager.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.7.0 */
+/*! firebase-admin v11.9.0 */
 /*!
  * Copyright 2019 Google Inc.
  *

package/lib/auth/tenant-manager.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.7.0 */
+/*! firebase-admin v11.9.0 */
 "use strict";
 /*!
  * Copyright 2019 Google Inc.

package/lib/auth/tenant.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.7.0 */
+/*! firebase-admin v11.9.0 */
 /*!
  * Copyright 2019 Google Inc.
  *
@@ -14,7 +14,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-import { EmailSignInConfigServerRequest, MultiFactorAuthServerConfig, MultiFactorConfig, EmailSignInProviderConfig, SmsRegionConfig, RecaptchaConfig } from './auth-config';
+import { EmailSignInConfigServerRequest, MultiFactorAuthServerConfig, MultiFactorConfig, EmailSignInProviderConfig, SmsRegionConfig, RecaptchaConfig, PasswordPolicyConfig, PasswordPolicyAuthServerConfig } from './auth-config';
 /**
  * Interface representing the properties to update on the provided tenant.
  */
@@ -53,6 +53,10 @@ export interface UpdateTenantRequest {
      * {@link https://cloud.google.com/terms/service-terms | Term of Service}.
      */
     recaptchaConfig?: RecaptchaConfig;
+    /**
+     * The password policy configuration for the tenant
+     */
+    passwordPolicyConfig?: PasswordPolicyConfig;
 }
 /**
  * Interface representing the properties to set on a new tenant.
@@ -68,6 +72,7 @@ export interface TenantOptionsServerRequest extends EmailSignInConfigServerReque
     };
     smsRegionConfig?: SmsRegionConfig;
     recaptchaConfig?: RecaptchaConfig;
+    passwordPolicyConfig?: PasswordPolicyAuthServerConfig;
 }
 /** The tenant server response interface. */
 export interface TenantServerResponse {
@@ -82,6 +87,7 @@ export interface TenantServerResponse {
     };
     smsRegionConfig?: SmsRegionConfig;
     recaptchaConfig?: RecaptchaConfig;
+    passwordPolicyConfig?: PasswordPolicyAuthServerConfig;
 }
 /**
  * Represents a tenant configuration.
@@ -134,6 +140,10 @@ export declare class Tenant {
      * This is based on the calling code of the destination phone number.
      */
     readonly smsRegionConfig?: SmsRegionConfig;
+    /**
+     * The password policy configuration for the tenant
+     */
+    readonly passwordPolicyConfig?: PasswordPolicyConfig;
     /**
      * Validates a tenant options object. Throws an error on failure.
      *

package/lib/auth/tenant.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.7.0 */
+/*! firebase-admin v11.9.0 */
 "use strict";
 /*!
  * Copyright 2019 Google Inc.
@@ -76,6 +76,9 @@ class Tenant {
         if (typeof tenantOptions.recaptchaConfig !== 'undefined') {
             request.recaptchaConfig = tenantOptions.recaptchaConfig;
         }
+        if (typeof tenantOptions.passwordPolicyConfig !== 'undefined') {
+            request.passwordPolicyConfig = auth_config_1.PasswordPolicyAuthConfig.buildServerRequest(tenantOptions.passwordPolicyConfig);
+        }
         return request;
     }
     /**
@@ -109,6 +112,7 @@ class Tenant {
             testPhoneNumbers: true,
             smsRegionConfig: true,
             recaptchaConfig: true,
+            passwordPolicyConfig: true,
         };
         const label = createRequest ? 'CreateTenantRequest' : 'UpdateTenantRequest';
         if (!validator.isNonNullObject(request)) {
@@ -145,13 +149,18 @@ class Tenant {
             auth_config_1.MultiFactorAuthConfig.buildServerRequest(request.multiFactorConfig);
         }
         // Validate SMS Regions Config if provided.
-        if (typeof request.smsRegionConfig != 'undefined') {
+        if (typeof request.smsRegionConfig !== 'undefined') {
             auth_config_1.SmsRegionsAuthConfig.validate(request.smsRegionConfig);
         }
         // Validate reCAPTCHAConfig type if provided.
         if (typeof request.recaptchaConfig !== 'undefined') {
             auth_config_1.RecaptchaAuthConfig.validate(request.recaptchaConfig);
         }
+        // Validate passwordPolicyConfig type if provided.
+        if (typeof request.passwordPolicyConfig !== 'undefined') {
+            // This will throw an error if invalid.
+            auth_config_1.PasswordPolicyAuthConfig.buildServerRequest(request.passwordPolicyConfig);
+        }
     }
     /**
      * The Tenant object constructor.
@@ -189,6 +198,9 @@ class Tenant {
         if (typeof response.recaptchaConfig !== 'undefined') {
             this.recaptchaConfig_ = new auth_config_1.RecaptchaAuthConfig(response.recaptchaConfig);
         }
+        if (typeof response.passwordPolicyConfig !== 'undefined') {
+            this.passwordPolicyConfig = new auth_config_1.PasswordPolicyAuthConfig(response.passwordPolicyConfig);
+        }
     }
     /**
      * The email sign in provider configuration.
@@ -223,6 +235,7 @@ class Tenant {
             testPhoneNumbers: this.testPhoneNumbers,
             smsRegionConfig: (0, deep_copy_1.deepCopy)(this.smsRegionConfig),
             recaptchaConfig: this.recaptchaConfig_?.toJSON(),
+            passwordPolicyConfig: (0, deep_copy_1.deepCopy)(this.passwordPolicyConfig),
         };
         if (typeof json.multiFactorConfig === 'undefined') {
             delete json.multiFactorConfig;
@@ -236,6 +249,9 @@ class Tenant {
         if (typeof json.recaptchaConfig === 'undefined') {
             delete json.recaptchaConfig;
         }
+        if (typeof json.passwordPolicyConfig === 'undefined') {
+            delete json.passwordPolicyConfig;
+        }
         return json;
     }
 }

package/lib/auth/token-generator.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.7.0 */
+/*! firebase-admin v11.9.0 */
 /*!
  * @license
  * Copyright 2017 Google Inc.

package/lib/auth/token-generator.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.7.0 */
+/*! firebase-admin v11.9.0 */
 "use strict";
 /*!
  * @license

package/lib/auth/token-verifier.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.7.0 */
+/*! firebase-admin v11.9.0 */
 /*!
  * Copyright 2018 Google Inc.
  *

package/lib/auth/token-verifier.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.7.0 */
+/*! firebase-admin v11.9.0 */
 "use strict";
 /*!
  * Copyright 2018 Google Inc.
@@ -165,7 +165,7 @@ class FirebaseTokenVerifier {
     safeDecode(jwtToken) {
         return (0, jwt_1.decodeJwt)(jwtToken)
             .catch((err) => {
-            if (err.code == jwt_1.JwtErrorCode.INVALID_ARGUMENT) {
+            if (err.code === jwt_1.JwtErrorCode.INVALID_ARGUMENT) {
                 const verifyJwtTokenDocsMessage = ` See ${this.tokenInfo.url} ` +
                     `for details on how to retrieve ${this.shortNameArticle} ${this.tokenInfo.shortName}.`;
                 const errorMessage = `Decoding ${this.tokenInfo.jwtName} failed. Make sure you passed ` +

package/lib/auth/user-import-builder.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.7.0 */
+/*! firebase-admin v11.9.0 */
 /*!
  * Copyright 2018 Google Inc.
  *

package/lib/auth/user-import-builder.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.7.0 */
+/*! firebase-admin v11.9.0 */
 "use strict";
 /*!
  * Copyright 2018 Google Inc.

package/lib/auth/user-record.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.7.0 */
+/*! firebase-admin v11.9.0 */
 /*!
  * @license
  * Copyright 2017 Google Inc.

package/lib/auth/user-record.js

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.7.0 */
+/*! firebase-admin v11.9.0 */
 "use strict";
 /*!
  * @license

package/lib/credential/index.d.ts

@@ -1,4 +1,4 @@
-/*! firebase-admin v11.7.0 */
+/*! firebase-admin v11.9.0 */
 /*!
  * Copyright 2020 Google Inc.
  *