firebase-tools 10.9.2 → 11.1.0

package/lib/emulator/auth/apiSpec.js

@@ -4799,8 +4799,8 @@ exports.default = {
             GoogleCloudIdentitytoolkitV1SetAccountInfoResponse: {
                 description: "Response message for SetAccountInfo",
                 properties: {
-                    displayName: { type: "string" },
-                    email: { type: "string" },
+                    displayName: { description: "The account's display name.", type: "string" },
+                    email: { description: "The account's email address.", type: "string" },
                     emailVerified: {
                         description: "Whether the account's email has been verified.",
                         type: "boolean",
@@ -4820,8 +4820,14 @@ exports.default = {
                         description: "The new email that has been set on the user's account attributes.",
                         type: "string",
                     },
-                    passwordHash: { type: "string" },
-                    photoUrl: { type: "string" },
+                    passwordHash: {
+                        description: "Deprecated. No actual password hash is currently returned.",
+                        type: "string",
+                    },
+                    photoUrl: {
+                        description: "The user's photo URL for the account's profile photo.",
+                        type: "string",
+                    },
                     providerUserInfo: {
                         description: "The linked Identity Providers on the account.",
                         items: { $ref: "#/components/schemas/GoogleCloudIdentitytoolkitV1ProviderUserInfo" },
@@ -5705,28 +5711,6 @@ exports.default = {
                 },
                 type: "object",
             },
-            GoogleCloudIdentitytoolkitAdminV2AllowByDefault: {
-                description: "Defines a policy of allowing every region by default and adding disallowed regions to a disallow list.",
-                properties: {
-                    disallowedRegions: {
-                        description: "Two letter unicode region codes to disallow as defined by https://cldr.unicode.org/ The full list of these region codes is here: https://github.com/unicode-cldr/cldr-localenames-full/blob/master/main/en/territories.json",
-                        items: { type: "string" },
-                        type: "array",
-                    },
-                },
-                type: "object",
-            },
-            GoogleCloudIdentitytoolkitAdminV2AllowlistOnly: {
-                description: "Defines a policy of only allowing regions by explicitly adding them to an allowlist.",
-                properties: {
-                    allowedRegions: {
-                        description: "Two letter unicode region codes to allow as defined by https://cldr.unicode.org/ The full list of these region codes is here: https://github.com/unicode-cldr/cldr-localenames-full/blob/master/main/en/territories.json",
-                        items: { type: "string" },
-                        type: "array",
-                    },
-                },
-                type: "object",
-            },
             GoogleCloudIdentitytoolkitAdminV2Anonymous: {
                 description: "Configuration options related to authenticating an anonymous user.",
                 properties: {
@@ -6337,18 +6321,6 @@ exports.default = {
                 },
                 type: "object",
             },
-            GoogleCloudIdentitytoolkitAdminV2SmsRegionConfig: {
-                description: "Configures the regions where users are allowed to send verification SMS for the project or tenant. This is based on the calling code of the destination phone number.",
-                properties: {
-                    allowByDefault: {
-                        $ref: "#/components/schemas/GoogleCloudIdentitytoolkitAdminV2AllowByDefault",
-                    },
-                    allowlistOnly: {
-                        $ref: "#/components/schemas/GoogleCloudIdentitytoolkitAdminV2AllowlistOnly",
-                    },
-                },
-                type: "object",
-            },
             GoogleCloudIdentitytoolkitAdminV2SmsTemplate: {
                 description: "The template to use when sending an SMS.",
                 properties: {
@@ -6458,9 +6430,6 @@ exports.default = {
                         readOnly: true,
                         type: "string",
                     },
-                    smsRegionConfig: {
-                        $ref: "#/components/schemas/GoogleCloudIdentitytoolkitAdminV2SmsRegionConfig",
-                    },
                     testPhoneNumbers: {
                         additionalProperties: { type: "string" },
                         description: "A map of pairs that can be used for MFA. The phone number should be in E.164 format (https://www.itu.int/rec/T-REC-E.164/) and a maximum of 10 pairs can be added (error will be thrown once exceeded).",
@@ -6708,7 +6677,7 @@ exports.default = {
                 type: "object",
             },
             GoogleIamV1AuditConfig: {
-                description: 'Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.',
+                description: 'Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts `jose@example.com` from DATA_READ logging, and `aliya@example.com` from DATA_WRITE logging.',
                 properties: {
                     auditLogConfigs: {
                         description: "The configuration for logging of each type of permission.",
@@ -6743,7 +6712,7 @@ exports.default = {
                 properties: {
                     condition: { $ref: "#/components/schemas/GoogleTypeExpr" },
                     members: {
-                        description: "Specifies the principals requesting access for a Cloud Platform resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. ",
+                        description: "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. ",
                         items: { type: "string" },
                         type: "array",
                     },
@@ -6812,7 +6781,7 @@ exports.default = {
                 description: "Request message for `TestIamPermissions` method.",
                 properties: {
                     permissions: {
-                        description: "The set of permissions to check for the `resource`. Permissions with wildcards (such as '*' or 'storage.*') are not allowed. For more information see [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).",
+                        description: "The set of permissions to check for the `resource`. Permissions with wildcards (such as `*` or `storage.*`) are not allowed. For more information see [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).",
                         items: { type: "string" },
                         type: "array",
                     },
@@ -6831,7 +6800,7 @@ exports.default = {
                 type: "object",
             },
             GoogleProtobufEmpty: {
-                description: "A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for `Empty` is empty JSON object `{}`.",
+                description: "A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); }",
                 properties: {},
                 type: "object",
             },
@@ -6905,7 +6874,6 @@ exports.default = {
                 description: "Emulator-specific configuration.",
                 properties: {
                     signIn: { properties: { allowDuplicateEmails: { type: "boolean" } }, type: "object" },
-                    usageMode: { enum: ["USAGE_MODE_UNSPECIFIED", "DEFAULT", "PASSTHROUGH"], type: "string" },
                 },
             },
             EmulatorV1ProjectsOobCodes: {

package/lib/emulator/auth/operations.js

@@ -105,7 +105,6 @@ const MFA_INELIGIBLE_PROVIDER = new Set([
 function signUp(state, reqBody, ctx) {
     var _a;
     (0, errors_1.assert)(!state.disableAuth, "PROJECT_DISABLED");
-    (0, errors_1.assert)(state.usageMode !== state_1.UsageMode.PASSTHROUGH, "UNSUPPORTED_PASSTHROUGH_OPERATION");
     let provider;
     const updates = {
         lastLoginAt: Date.now().toString(),
@@ -227,7 +226,6 @@ function lookup(state, reqBody, ctx) {
 function batchCreate(state, reqBody) {
     var _a, _b;
     (0, errors_1.assert)(!state.disableAuth, "PROJECT_DISABLED");
-    (0, errors_1.assert)(state.usageMode !== state_1.UsageMode.PASSTHROUGH, "UNSUPPORTED_PASSTHROUGH_OPERATION");
     (0, errors_1.assert)((_a = reqBody.users) === null || _a === void 0 ? void 0 : _a.length, "MISSING_USER_ACCOUNT");
     if (reqBody.sanityCheck) {
         if (state.oneAccountPerEmail) {
@@ -423,7 +421,6 @@ function batchGet(state, reqBody, ctx) {
 function createAuthUri(state, reqBody) {
     var _a;
     (0, errors_1.assert)(!state.disableAuth, "PROJECT_DISABLED");
-    (0, errors_1.assert)(state.usageMode !== state_1.UsageMode.PASSTHROUGH, "UNSUPPORTED_PASSTHROUGH_OPERATION");
     const sessionId = reqBody.sessionId || (0, utils_1.randomId)(27);
     if (reqBody.providerId) {
         throw new errors_1.NotImplementedError("Sign-in with IDP is not yet supported.");
@@ -483,7 +480,6 @@ function createAuthUri(state, reqBody) {
 const SESSION_COOKIE_MIN_VALID_DURATION = 5 * 60;
 exports.SESSION_COOKIE_MAX_VALID_DURATION = 14 * 24 * 60 * 60;
 function createSessionCookie(state, reqBody, ctx) {
-    (0, errors_1.assert)(state.usageMode !== state_1.UsageMode.PASSTHROUGH, "UNSUPPORTED_PASSTHROUGH_OPERATION");
     (0, errors_1.assert)(reqBody.idToken, "MISSING_ID_TOKEN");
     const validDuration = Number(reqBody.validDuration) || exports.SESSION_COOKIE_MAX_VALID_DURATION;
     (0, errors_1.assert)(validDuration >= SESSION_COOKIE_MIN_VALID_DURATION &&
@@ -573,7 +569,6 @@ function queryAccounts(state, reqBody) {
 function resetPassword(state, reqBody) {
     var _a;
     (0, errors_1.assert)(!state.disableAuth, "PROJECT_DISABLED");
-    (0, errors_1.assert)(state.usageMode !== state_1.UsageMode.PASSTHROUGH, "UNSUPPORTED_PASSTHROUGH_OPERATION");
     (0, errors_1.assert)(state.allowPasswordSignup, "PASSWORD_LOGIN_DISABLED");
     (0, errors_1.assert)(reqBody.oobCode, "MISSING_OOB_CODE");
     const oob = state.validateOobCode(reqBody.oobCode);
@@ -604,7 +599,6 @@ exports.resetPassword = resetPassword;
 function sendOobCode(state, reqBody, ctx) {
     var _a;
     (0, errors_1.assert)(!state.disableAuth, "PROJECT_DISABLED");
-    (0, errors_1.assert)(state.usageMode !== state_1.UsageMode.PASSTHROUGH, "UNSUPPORTED_PASSTHROUGH_OPERATION");
     (0, errors_1.assert)(reqBody.requestType && reqBody.requestType !== "OOB_REQ_TYPE_UNSPECIFIED", "MISSING_REQ_TYPE");
     if (reqBody.returnOobLink) {
         (0, errors_1.assert)((_a = ctx.security) === null || _a === void 0 ? void 0 : _a.Oauth2, "INSUFFICIENT_PERMISSION");
@@ -673,7 +667,6 @@ function sendVerificationCode(state, reqBody) {
     var _a;
     (0, errors_1.assert)(!state.disableAuth, "PROJECT_DISABLED");
     (0, errors_1.assert)(state instanceof state_1.AgentProjectState, "UNSUPPORTED_TENANT_OPERATION");
-    (0, errors_1.assert)(state.usageMode !== state_1.UsageMode.PASSTHROUGH, "UNSUPPORTED_PASSTHROUGH_OPERATION");
     (0, errors_1.assert)(reqBody.phoneNumber && (0, utils_1.isValidPhoneNumber)(reqBody.phoneNumber), "INVALID_PHONE_NUMBER : Invalid format.");
     const user = state.getUserByPhoneNumber(reqBody.phoneNumber);
     (0, errors_1.assert)(!((_a = user === null || user === void 0 ? void 0 : user.mfaInfo) === null || _a === void 0 ? void 0 : _a.length), "UNSUPPORTED_FIRST_FACTOR : A phone number cannot be set as a first factor on an SMS based MFA user.");
@@ -686,7 +679,6 @@ function sendVerificationCode(state, reqBody) {
 function setAccountInfo(state, reqBody, ctx) {
     var _a;
     (0, errors_1.assert)(!state.disableAuth, "PROJECT_DISABLED");
-    (0, errors_1.assert)(state.usageMode !== state_1.UsageMode.PASSTHROUGH, "UNSUPPORTED_PASSTHROUGH_OPERATION");
     const url = (0, utils_1.authEmulatorUrl)(ctx.req);
     return setAccountInfoImpl(state, reqBody, {
         privileged: !!((_a = ctx.security) === null || _a === void 0 ? void 0 : _a.Oauth2),
@@ -943,7 +935,7 @@ function signInWithCustomToken(state, reqBody) {
         extraClaims = payload.claims;
     }
     let user = state.getUserByLocalId(localId);
-    const isNewUser = state.usageMode === state_1.UsageMode.PASSTHROUGH ? false : !user;
+    const isNewUser = !user;
     const updates = {
         customAuth: true,
         lastLoginAt: Date.now().toString(),
@@ -965,7 +957,6 @@ function signInWithEmailLink(state, reqBody) {
     var _a;
     (0, errors_1.assert)(!state.disableAuth, "PROJECT_DISABLED");
     (0, errors_1.assert)(state.enableEmailLinkSignin, "OPERATION_NOT_ALLOWED");
-    (0, errors_1.assert)(state.usageMode !== state_1.UsageMode.PASSTHROUGH, "UNSUPPORTED_PASSTHROUGH_OPERATION");
     const userFromIdToken = reqBody.idToken ? parseIdToken(state, reqBody.idToken).user : undefined;
     (0, errors_1.assert)(reqBody.email, "MISSING_EMAIL");
     const email = (0, utils_1.canonicalizeEmailAddress)(reqBody.email);
@@ -1015,7 +1006,6 @@ function signInWithEmailLink(state, reqBody) {
 function signInWithIdp(state, reqBody) {
     var _a, _b, _c;
     (0, errors_1.assert)(!state.disableAuth, "PROJECT_DISABLED");
-    (0, errors_1.assert)(state.usageMode !== state_1.UsageMode.PASSTHROUGH, "UNSUPPORTED_PASSTHROUGH_OPERATION");
     if (reqBody.returnRefreshToken) {
         throw new errors_1.NotImplementedError("returnRefreshToken is not implemented yet.");
     }
@@ -1126,7 +1116,6 @@ function signInWithPassword(state, reqBody) {
     var _a;
     (0, errors_1.assert)(!state.disableAuth, "PROJECT_DISABLED");
     (0, errors_1.assert)(state.allowPasswordSignup, "PASSWORD_LOGIN_DISABLED");
-    (0, errors_1.assert)(state.usageMode !== state_1.UsageMode.PASSTHROUGH, "UNSUPPORTED_PASSTHROUGH_OPERATION");
     (0, errors_1.assert)(reqBody.email, "MISSING_EMAIL");
     (0, errors_1.assert)(reqBody.password, "MISSING_PASSWORD");
     if (reqBody.captchaResponse || reqBody.captchaChallenge) {
@@ -1160,7 +1149,6 @@ function signInWithPhoneNumber(state, reqBody) {
     var _a;
     (0, errors_1.assert)(!state.disableAuth, "PROJECT_DISABLED");
     (0, errors_1.assert)(state instanceof state_1.AgentProjectState, "UNSUPPORTED_TENANT_OPERATION");
-    (0, errors_1.assert)(state.usageMode !== state_1.UsageMode.PASSTHROUGH, "UNSUPPORTED_PASSTHROUGH_OPERATION");
     let phoneNumber;
     if (reqBody.temporaryProof) {
         (0, errors_1.assert)(reqBody.phoneNumber, "MISSING_PHONE_NUMBER");
@@ -1205,7 +1193,6 @@ function signInWithPhoneNumber(state, reqBody) {
         phoneNumber, localId: user.localId }, tokens);
 }
 function grantToken(state, reqBody) {
-    (0, errors_1.assert)(state.usageMode !== state_1.UsageMode.PASSTHROUGH, "UNSUPPORTED_PASSTHROUGH_OPERATION");
     (0, errors_1.assert)(reqBody.grantType, "MISSING_GRANT_TYPE");
     (0, errors_1.assert)(reqBody.grantType === "refresh_token", "INVALID_GRANT_TYPE");
     (0, errors_1.assert)(reqBody.refreshToken, "MISSING_REFRESH_TOKEN");
@@ -1234,7 +1221,6 @@ function getEmulatorProjectConfig(state) {
         signIn: {
             allowDuplicateEmails: !state.oneAccountPerEmail,
         },
-        usageMode: state.usageMode,
     };
 }
 function updateEmulatorProjectConfig(state, reqBody, ctx) {
@@ -1243,9 +1229,6 @@ function updateEmulatorProjectConfig(state, reqBody, ctx) {
     if (((_a = reqBody.signIn) === null || _a === void 0 ? void 0 : _a.allowDuplicateEmails) != null) {
         updateMask.push("signIn.allowDuplicateEmails");
     }
-    if (reqBody.usageMode) {
-        updateMask.push("usageMode");
-    }
     ctx.params.query.updateMask = updateMask.join();
     updateConfig(state, reqBody, ctx);
     return getEmulatorProjectConfig(state);
@@ -1414,7 +1397,6 @@ function hashPassword(password, salt) {
 }
 function issueTokens(state, user, signInProvider, { extraClaims, secondFactor, signInAttributes, } = {}) {
     user = state.updateUserByLocalId(user.localId, { lastRefreshAt: new Date().toISOString() });
-    const usageMode = state.usageMode === state_1.UsageMode.PASSTHROUGH ? "passthrough" : undefined;
     const tenantId = state instanceof state_1.TenantProjectState ? state.tenantId : undefined;
     const expiresInSeconds = 60 * 60;
     const idToken = generateJwt(user, {
@@ -1423,16 +1405,13 @@ function issueTokens(state, user, signInProvider, { extraClaims, secondFactor, s
         expiresInSeconds,
         extraClaims,
         secondFactor,
-        usageMode,
         tenantId,
         signInAttributes,
     });
-    const refreshToken = state.usageMode === state_1.UsageMode.DEFAULT
-        ? state.createRefreshTokenFor(user, signInProvider, {
-            extraClaims,
-            secondFactor,
-        })
-        : undefined;
+    const refreshToken = state.createRefreshTokenFor(user, signInProvider, {
+        extraClaims,
+        secondFactor,
+    });
     return {
         idToken,
         refreshToken,
@@ -1440,7 +1419,6 @@ function issueTokens(state, user, signInProvider, { extraClaims, secondFactor, s
     };
 }
 function parseIdToken(state, idToken) {
-    (0, errors_1.assert)(state.usageMode !== state_1.UsageMode.PASSTHROUGH, "UNSUPPORTED_PASSTHROUGH_OPERATION");
     const decoded = (0, jsonwebtoken_1.decode)(idToken, { complete: true });
     (0, errors_1.assert)(decoded, "INVALID_ID_TOKEN");
     if (decoded.header.alg !== "none") {
@@ -1457,7 +1435,7 @@ function parseIdToken(state, idToken) {
     const signInProvider = decoded.payload.firebase.sign_in_provider;
     return { user, signInProvider, payload: decoded.payload };
 }
-function generateJwt(user, { projectId, signInProvider, expiresInSeconds, extraClaims = {}, secondFactor, usageMode, tenantId, signInAttributes, }) {
+function generateJwt(user, { projectId, signInProvider, expiresInSeconds, extraClaims = {}, secondFactor, tenantId, signInAttributes, }) {
     const identities = {};
     if (user.email) {
         identities["email"] = [user.email];
@@ -1479,7 +1457,6 @@ function generateJwt(user, { projectId, signInProvider, expiresInSeconds, extraC
             sign_in_provider: signInProvider,
             second_factor_identifier: secondFactor === null || secondFactor === void 0 ? void 0 : secondFactor.identifier,
             sign_in_second_factor: secondFactor === null || secondFactor === void 0 ? void 0 : secondFactor.provider,
-            usage_mode: usageMode,
             tenant: tenantId,
             sign_in_attributes: signInAttributes,
         } });

package/lib/emulator/auth/state.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.decodeRefreshToken = exports.encodeRefreshToken = exports.BlockingFunctionEvents = exports.UsageMode = exports.TenantProjectState = exports.AgentProjectState = exports.ProjectState = exports.SIGNIN_METHOD_EMAIL_LINK = exports.PROVIDER_GAME_CENTER = exports.PROVIDER_CUSTOM = exports.PROVIDER_ANONYMOUS = exports.PROVIDER_PHONE = exports.PROVIDER_PASSWORD = void 0;
+exports.decodeRefreshToken = exports.encodeRefreshToken = exports.BlockingFunctionEvents = exports.TenantProjectState = exports.AgentProjectState = exports.ProjectState = exports.SIGNIN_METHOD_EMAIL_LINK = exports.PROVIDER_GAME_CENTER = exports.PROVIDER_CUSTOM = exports.PROVIDER_ANONYMOUS = exports.PROVIDER_PHONE = exports.PROVIDER_PASSWORD = void 0;
 const utils_1 = require("./utils");
 const cloudFunctions_1 = require("./cloudFunctions");
 const errors_1 = require("./errors");
@@ -412,7 +412,6 @@ class AgentProjectState extends ProjectState {
         this._authCloudFunction = new cloudFunctions_1.AuthCloudFunction(this.projectId);
         this._config = {
             signIn: { allowDuplicateEmails: false },
-            usageMode: UsageMode.DEFAULT,
             blockingFunctions: {},
         };
     }
@@ -425,12 +424,6 @@ class AgentProjectState extends ProjectState {
     set oneAccountPerEmail(oneAccountPerEmail) {
         this._config.signIn.allowDuplicateEmails = !oneAccountPerEmail;
     }
-    get usageMode() {
-        return this._config.usageMode;
-    }
-    set usageMode(usageMode) {
-        this._config.usageMode = usageMode;
-    }
     get allowPasswordSignup() {
         return true;
     }
@@ -456,17 +449,10 @@ class AgentProjectState extends ProjectState {
         this._config.blockingFunctions = blockingFunctions;
     }
     updateConfig(update, updateMask) {
-        var _a, _b, _c, _d;
-        if (update.usageMode) {
-            (0, errors_1.assert)(update.usageMode !== UsageMode.USAGE_MODE_UNSPECIFIED, "INVALID_USAGE_MODE: ((Invalid usage mode provided.))");
-            if (update.usageMode === UsageMode.PASSTHROUGH) {
-                (0, errors_1.assert)(this.getUserCount() === 0, "USERS_STILL_EXIST: ((Users are present, unable to set passthrough mode.))");
-            }
-        }
+        var _a, _b, _c;
         if (!updateMask) {
             this.oneAccountPerEmail = (_b = !((_a = update.signIn) === null || _a === void 0 ? void 0 : _a.allowDuplicateEmails)) !== null && _b !== void 0 ? _b : true;
             this.blockingFunctionsConfig = (_c = update.blockingFunctions) !== null && _c !== void 0 ? _c : {};
-            this.usageMode = (_d = update.usageMode) !== null && _d !== void 0 ? _d : UsageMode.DEFAULT;
             return this.config;
         }
         return applyMask(updateMask, this.config, update);
@@ -542,9 +528,6 @@ class TenantProjectState extends ProjectState {
     get authCloudFunction() {
         return this.parentProject.authCloudFunction;
     }
-    get usageMode() {
-        return this.parentProject.usageMode;
-    }
     get tenantConfig() {
         return this._tenantConfig;
     }
@@ -592,12 +575,6 @@ class TenantProjectState extends ProjectState {
     }
 }
 exports.TenantProjectState = TenantProjectState;
-var UsageMode;
-(function (UsageMode) {
-    UsageMode["USAGE_MODE_UNSPECIFIED"] = "USAGE_MODE_UNSPECIFIED";
-    UsageMode["DEFAULT"] = "DEFAULT";
-    UsageMode["PASSTHROUGH"] = "PASSTHROUGH";
-})(UsageMode = exports.UsageMode || (exports.UsageMode = {}));
 var BlockingFunctionEvents;
 (function (BlockingFunctionEvents) {
     BlockingFunctionEvents["BEFORE_CREATE"] = "beforeCreate";

package/lib/emulator/commandUtils.js

@@ -371,5 +371,5 @@ async function checkJavaSupported() {
     });
 }
 exports.checkJavaSupported = checkJavaSupported;
-exports.JAVA_DEPRECATION_WARNING = "Support for Java version <= 10 will be dropped soon in firebase-tools@11. " +
+exports.JAVA_DEPRECATION_WARNING = "firebase-tools no longer supports Java version before 11. " +
     "Please upgrade to Java version 11 or above to continue using the emulators.";

package/lib/emulator/controller.js

@@ -219,8 +219,8 @@ async function startAll(options, showUI = true) {
     const deprecationNotices = [];
     if (targets.some(downloadableEmulators_1.requiresJava)) {
         if (!(await commandUtils.checkJavaSupported())) {
-            utils.logLabeledWarning("emulators", commandUtils_1.JAVA_DEPRECATION_WARNING, "warn");
-            deprecationNotices.push(commandUtils_1.JAVA_DEPRECATION_WARNING);
+            utils.logLabeledError("emulators", commandUtils_1.JAVA_DEPRECATION_WARNING, "warn");
+            throw new error_1.FirebaseError(commandUtils_1.JAVA_DEPRECATION_WARNING);
         }
     }
     const hubLogger = emulatorLogger_1.EmulatorLogger.forEmulator(types_1.Emulators.HUB);
@@ -246,7 +246,7 @@ async function startAll(options, showUI = true) {
     }
     if (previews_1.previews.frameworkawareness) {
         const config = options.config.get("hosting");
-        if (Array.isArray(config) ? config.some((it) => it.source) : config.source) {
+        if (Array.isArray(config) ? config.some((it) => it.source) : config === null || config === void 0 ? void 0 : config.source) {
             await (0, frameworks_1.prepareFrameworks)(targets, options, options);
         }
     }

package/lib/emulator/databaseEmulator.js

@@ -6,14 +6,14 @@ const clc = require("cli-color");
 const fs = require("fs");
 const path = require("path");
 const http = require("http");
-const api = require("../api");
 const downloadableEmulators = require("./downloadableEmulators");
 const types_1 = require("../emulator/types");
 const constants_1 = require("./constants");
 const registry_1 = require("./registry");
 const emulatorLogger_1 = require("./emulatorLogger");
 const error_1 = require("../error");
-const parseBoltRules = require("../parseBoltRules");
+const parseBoltRules_1 = require("../parseBoltRules");
+const apiv2_1 = require("../apiv2");
 class DatabaseEmulator {
     constructor(args) {
         this.args = args;
@@ -125,15 +125,17 @@ class DatabaseEmulator {
         var _a;
         const rulesExt = path.extname(rulesPath);
         const content = rulesExt === ".bolt"
-            ? parseBoltRules(rulesPath).toString()
+            ? (0, parseBoltRules_1.parseBoltRules)(rulesPath).toString()
             : fs.readFileSync(rulesPath, "utf8");
         const info = this.getInfo();
         try {
-            await api.request("PUT", `/.settings/rules.json?ns=${instance}`, {
-                origin: `http://${registry_1.EmulatorRegistry.getInfoHostString(info)}`,
+            const client = new apiv2_1.Client({
+                urlPrefix: `http://${registry_1.EmulatorRegistry.getInfoHostString(info)}`,
+                auth: false,
+            });
+            await client.put(`/.settings/rules.json`, content, {
                 headers: { Authorization: "Bearer owner" },
-                data: content,
-                json: false,
+                queryParams: { ns: instance },
             });
         }
         catch (e) {

package/lib/emulator/downloadableEmulators.js

@@ -18,13 +18,13 @@ const EMULATOR_INSTANCE_KILL_TIMEOUT = 4000;
 const CACHE_DIR = process.env.FIREBASE_EMULATORS_PATH || path.join(os.homedir(), ".cache", "firebase", "emulators");
 exports.DownloadDetails = {
     database: {
-        downloadPath: path.join(CACHE_DIR, "firebase-database-emulator-v4.7.3.jar"),
-        version: "4.7.3",
+        downloadPath: path.join(CACHE_DIR, "firebase-database-emulator-v4.8.0.jar"),
+        version: "4.8.0",
         opts: {
             cacheDir: CACHE_DIR,
-            remoteUrl: "https://storage.googleapis.com/firebase-preview-drop/emulator/firebase-database-emulator-v4.7.3.jar",
-            expectedSize: 28862098,
-            expectedChecksum: "8f696f24ee89c937a789498a0c0e4899",
+            remoteUrl: "https://storage.googleapis.com/firebase-preview-drop/emulator/firebase-database-emulator-v4.8.0.jar",
+            expectedSize: 33676395,
+            expectedChecksum: "e5ae0085d9c88ed14b0bd9c25fe62916",
             namePrefix: "firebase-database-emulator",
         },
     },
@@ -164,7 +164,7 @@ const Commands = {
     },
     ui: {
         binary: "node",
-        args: [getExecPath(types_1.Emulators.UI)],
+        args: ["--dns-result-order=ipv4first", getExecPath(types_1.Emulators.UI)],
         optionalArgs: [],
         joinArgs: false,
     },

package/lib/emulator/extensionsEmulator.js

@@ -6,7 +6,7 @@ const os = require("os");
 const path = require("path");
 const clc = require("cli-color");
 const Table = require("cli-table");
-const child_process_1 = require("child_process");
+const spawn = require("cross-spawn");
 const planner = require("../deploy/extensions/planner");
 const error_1 = require("../error");
 const refs_1 = require("../extensions/refs");
@@ -110,16 +110,20 @@ class ExtensionsEmulator {
         return true;
     }
     installAndBuildSourceCode(sourceCodePath) {
-        const npmInstall = (0, child_process_1.spawnSync)("npm", ["--prefix", `/${sourceCodePath}/functions/`, "install"], {
+        this.logger.logLabeled("DEBUG", "Extensions", `Running "npm install" for ${sourceCodePath}`);
+        const npmInstall = spawn.sync("npm", ["--prefix", `/${sourceCodePath}/functions/`, "install"], {
             encoding: "utf8",
         });
         if (npmInstall.error) {
             throw npmInstall.error;
         }
-        const npmRunGCPBuild = (0, child_process_1.spawnSync)("npm", ["--prefix", `/${sourceCodePath}/functions/`, "run", "gcp-build"], { encoding: "utf8" });
+        this.logger.logLabeled("DEBUG", "Extensions", `Finished "npm install" for ${sourceCodePath}`);
+        this.logger.logLabeled("DEBUG", "Extensions", `Running "npm run gcp-build" for ${sourceCodePath}`);
+        const npmRunGCPBuild = spawn.sync("npm", ["--prefix", `/${sourceCodePath}/functions/`, "run", "gcp-build"], { encoding: "utf8" });
         if (npmRunGCPBuild.error) {
             throw npmRunGCPBuild.error;
         }
+        this.logger.logLabeled("DEBUG", "Extensions", `Finished "npm run gcp-build" for ${sourceCodePath}`);
     }
     async getExtensionBackends() {
         await this.readManifest();

package/lib/emulator/firestoreEmulator.js

@@ -5,12 +5,12 @@ const chokidar = require("chokidar");
 const fs = require("fs");
 const clc = require("cli-color");
 const path = require("path");
-const api = require("../api");
 const utils = require("../utils");
 const downloadableEmulators = require("./downloadableEmulators");
 const types_1 = require("../emulator/types");
 const registry_1 = require("./registry");
 const constants_1 = require("./constants");
+const apiv2_1 = require("../apiv2");
 class FirestoreEmulator {
     constructor(args) {
         this.args = args;
@@ -65,7 +65,7 @@ class FirestoreEmulator {
     getName() {
         return types_1.Emulators.FIRESTORE;
     }
-    updateRules(content) {
+    async updateRules(content) {
         const projectId = this.args.projectId;
         const info = this.getInfo();
         const body = {
@@ -79,17 +79,15 @@ class FirestoreEmulator {
                 ],
             },
         };
-        return api
-            .request("PUT", `/emulator/v1/projects/${projectId}:securityRules`, {
-            origin: `http://${registry_1.EmulatorRegistry.getInfoHostString(info)}`,
-            data: body,
-        })
-            .then((res) => {
-            if (res.body && res.body.issues) {
-                return res.body.issues;
-            }
-            return [];
+        const client = new apiv2_1.Client({
+            urlPrefix: `http://${registry_1.EmulatorRegistry.getInfoHostString(info)}`,
+            auth: false,
         });
+        const res = await client.put(`/emulator/v1/projects/${projectId}:securityRules`, body);
+        if (res.body && Array.isArray(res.body.issues)) {
+            return res.body.issues;
+        }
+        return [];
     }
     prettyPrintRulesIssue(filePath, issue) {
         const relativePath = path.relative(process.cwd(), filePath);