firebase-tools 15.1.0 → 15.2.0

package/lib/emulator/auth/operations.js

@@ -1,6 +1,9 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.parseBlockingFunctionJwt = exports.setAccountInfoImpl = exports.resetPassword = exports.SESSION_COOKIE_MAX_VALID_DURATION = exports.CUSTOM_TOKEN_AUDIENCE = exports.authOperations = void 0;
+exports.SESSION_COOKIE_MAX_VALID_DURATION = exports.CUSTOM_TOKEN_AUDIENCE = exports.authOperations = void 0;
+exports.resetPassword = resetPassword;
+exports.setAccountInfoImpl = setAccountInfoImpl;
+exports.parseBlockingFunctionJwt = parseBlockingFunctionJwt;
 const url_1 = require("url");
 const jsonwebtoken_1 = require("jsonwebtoken");
 const node_fetch_1 = require("node-fetch");
@@ -106,14 +109,13 @@ const MFA_INELIGIBLE_PROVIDER = new Set([
     state_1.PROVIDER_GAME_CENTER,
 ]);
 async function signUp(state, reqBody, ctx) {
-    var _a, _b, _c, _d;
     (0, errors_1.assert)(!state.disableAuth, "PROJECT_DISABLED");
     let provider;
     const timestamp = new Date();
     let updates = {
         lastLoginAt: timestamp.getTime().toString(),
     };
-    if ((_a = ctx.security) === null || _a === void 0 ? void 0 : _a.Oauth2) {
+    if (ctx.security?.Oauth2) {
         if (reqBody.idToken) {
             (0, errors_1.assert)(!reqBody.localId, "UNEXPECTED_PARAMETER : User ID");
         }
@@ -175,15 +177,15 @@ async function signUp(state, reqBody, ctx) {
     let extraClaims;
     if (!user) {
         updates.createdAt = timestamp.getTime().toString();
-        const localId = (_b = reqBody.localId) !== null && _b !== void 0 ? _b : state.generateLocalId();
-        if (reqBody.email && !((_c = ctx.security) === null || _c === void 0 ? void 0 : _c.Oauth2)) {
-            const userBeforeCreate = Object.assign({ localId }, updates);
+        const localId = reqBody.localId ?? state.generateLocalId();
+        if (reqBody.email && !ctx.security?.Oauth2) {
+            const userBeforeCreate = { localId, ...updates };
             const blockingResponse = await fetchBlockingFunction(state, state_1.BlockingFunctionEvents.BEFORE_CREATE, userBeforeCreate, { signInMethod: "password" });
-            updates = Object.assign(Object.assign({}, updates), blockingResponse.updates);
+            updates = { ...updates, ...blockingResponse.updates };
         }
         user = state.createUserWithLocalId(localId, updates);
         (0, errors_1.assert)(user, "DUPLICATE_LOCAL_ID");
-        if (reqBody.email && !((_d = ctx.security) === null || _d === void 0 ? void 0 : _d.Oauth2)) {
+        if (reqBody.email && !ctx.security?.Oauth2) {
             if (!user.disabled) {
                 const blockingResponse = await fetchBlockingFunction(state, state_1.BlockingFunctionEvents.BEFORE_SIGN_IN, user, { signInMethod: "password" });
                 updates = blockingResponse.updates;
@@ -196,10 +198,15 @@ async function signUp(state, reqBody, ctx) {
     else {
         user = state.updateUserByLocalId(user.localId, updates);
     }
-    return Object.assign({ kind: "identitytoolkit#SignupNewUserResponse", localId: user.localId, displayName: user.displayName, email: user.email }, (provider ? issueTokens(state, user, provider, { extraClaims }) : {}));
+    return {
+        kind: "identitytoolkit#SignupNewUserResponse",
+        localId: user.localId,
+        displayName: user.displayName,
+        email: user.email,
+        ...(provider ? issueTokens(state, user, provider, { extraClaims }) : {}),
+    };
 }
 function lookup(state, reqBody, ctx) {
-    var _a, _b, _c, _d, _e;
     (0, errors_1.assert)(!state.disableAuth, "PROJECT_DISABLED");
     const seenLocalIds = new Set();
     const users = [];
@@ -209,21 +216,21 @@ function lookup(state, reqBody, ctx) {
             seenLocalIds.add(maybeUser.localId);
         }
     }
-    if ((_a = ctx.security) === null || _a === void 0 ? void 0 : _a.Oauth2) {
+    if (ctx.security?.Oauth2) {
         if (reqBody.initialEmail) {
             throw new errors_1.NotImplementedError("Lookup by initialEmail is not implemented.");
         }
-        for (const localId of (_b = reqBody.localId) !== null && _b !== void 0 ? _b : []) {
+        for (const localId of reqBody.localId ?? []) {
             tryAddUser(state.getUserByLocalId(localId));
         }
-        for (const email of (_c = reqBody.email) !== null && _c !== void 0 ? _c : []) {
+        for (const email of reqBody.email ?? []) {
             const canonicalizedEmail = (0, utils_1.canonicalizeEmailAddress)(email);
             tryAddUser(state.getUserByEmail(canonicalizedEmail));
         }
-        for (const phoneNumber of (_d = reqBody.phoneNumber) !== null && _d !== void 0 ? _d : []) {
+        for (const phoneNumber of reqBody.phoneNumber ?? []) {
             tryAddUser(state.getUserByPhoneNumber(phoneNumber));
         }
-        for (const { providerId, rawId } of (_e = reqBody.federatedUserId) !== null && _e !== void 0 ? _e : []) {
+        for (const { providerId, rawId } of reqBody.federatedUserId ?? []) {
             if (!providerId || !rawId) {
                 continue;
             }
@@ -241,9 +248,8 @@ function lookup(state, reqBody, ctx) {
     };
 }
 function batchCreate(state, reqBody) {
-    var _a, _b;
     (0, errors_1.assert)(!state.disableAuth, "PROJECT_DISABLED");
-    (0, errors_1.assert)((_a = reqBody.users) === null || _a === void 0 ? void 0 : _a.length, "MISSING_USER_ACCOUNT");
+    (0, errors_1.assert)(reqBody.users?.length, "MISSING_USER_ACCOUNT");
     if (reqBody.sanityCheck) {
         if (state.oneAccountPerEmail) {
             const existingEmails = new Set();
@@ -256,7 +262,7 @@ function batchCreate(state, reqBody) {
         }
         const existingProviderAccounts = new Set();
         for (const userInfo of reqBody.users) {
-            for (const { providerId, rawId } of (_b = userInfo.providerUserInfo) !== null && _b !== void 0 ? _b : []) {
+            for (const { providerId, rawId } of userInfo.providerUserInfo ?? []) {
                 const key = `${providerId}:${rawId}`;
                 (0, errors_1.assert)(!existingProviderAccounts.has(key), `DUPLICATE_RAW_ID : Provider id(${providerId}), Raw id(${rawId})`);
                 existingProviderAccounts.add(key);
@@ -319,7 +325,7 @@ function batchCreate(state, reqBody) {
                     }
                     const existingUserWithRawId = state.getUserByProviderRawId(providerId, rawId);
                     (0, errors_1.assert)(!existingUserWithRawId || existingUserWithRawId.localId === userInfo.localId, "raw id exists in other account in database");
-                    fields.providerUserInfo.push(Object.assign(Object.assign({}, providerUserInfo), { providerId, rawId }));
+                    fields.providerUserInfo.push({ ...providerUserInfo, providerId, rawId });
                 }
             }
             if (userInfo.phoneNumber) {
@@ -395,9 +401,8 @@ function batchCreate(state, reqBody) {
     };
 }
 function batchDelete(state, reqBody) {
-    var _a;
     const errors = [];
-    const localIds = (_a = reqBody.localIds) !== null && _a !== void 0 ? _a : [];
+    const localIds = reqBody.localIds ?? [];
     (0, errors_1.assert)(localIds.length > 0 && localIds.length <= 1000, "LOCAL_ID_LIST_EXCEEDS_LIMIT");
     for (let index = 0; index < localIds.length; index++) {
         const localId = localIds[index];
@@ -436,7 +441,6 @@ function batchGet(state, reqBody, ctx) {
     };
 }
 function createAuthUri(state, reqBody) {
-    var _a;
     (0, errors_1.assert)(!state.disableAuth, "PROJECT_DISABLED");
     const sessionId = reqBody.sessionId || (0, utils_1.randomId)(27);
     if (reqBody.providerId) {
@@ -454,7 +458,7 @@ function createAuthUri(state, reqBody) {
     if (state.oneAccountPerEmail) {
         if (users.length) {
             registered = true;
-            (_a = users[0].providerUserInfo) === null || _a === void 0 ? void 0 : _a.forEach(({ providerId }) => {
+            users[0].providerUserInfo?.forEach(({ providerId }) => {
                 if (providerId === state_1.PROVIDER_PASSWORD) {
                     allProviders.push(providerId);
                     if (users[0].passwordHash) {
@@ -512,16 +516,20 @@ function createSessionCookie(state, reqBody) {
     const { payload } = parseIdToken(state, reqBody.idToken);
     const issuedAt = (0, utils_1.toUnixTimestamp)(new Date());
     const expiresAt = issuedAt + validDuration;
-    const sessionCookie = (0, jsonwebtoken_1.sign)(Object.assign(Object.assign({}, payload), { iat: issuedAt, exp: expiresAt, iss: `https://session.firebase.google.com/${payload.aud}` }), "fake-secret", {
+    const sessionCookie = (0, jsonwebtoken_1.sign)({
+        ...payload,
+        iat: issuedAt,
+        exp: expiresAt,
+        iss: `https://session.firebase.google.com/${payload.aud}`,
+    }, "fake-secret", {
         algorithm: "none",
     });
     return { sessionCookie };
 }
 function deleteAccount(state, reqBody, ctx) {
-    var _a;
     (0, errors_1.assert)(!state.disableAuth, "PROJECT_DISABLED");
     let user;
-    if ((_a = ctx.security) === null || _a === void 0 ? void 0 : _a.Oauth2) {
+    if (ctx.security?.Oauth2) {
         (0, errors_1.assert)(reqBody.localId, "MISSING_LOCAL_ID");
         const maybeUser = state.getUserByLocalId(reqBody.localId);
         (0, errors_1.assert)(maybeUser, "USER_NOT_FOUND");
@@ -555,9 +563,8 @@ function getRecaptchaParams(state) {
     };
 }
 function queryAccounts(state, reqBody) {
-    var _a;
     (0, errors_1.assert)(!state.disableAuth, "PROJECT_DISABLED");
-    if ((_a = reqBody.expression) === null || _a === void 0 ? void 0 : _a.length) {
+    if (reqBody.expression?.length) {
         throw new errors_1.NotImplementedError("expression is not implemented.");
     }
     if (reqBody.returnUserInfo === false) {
@@ -592,7 +599,6 @@ function queryAccounts(state, reqBody) {
     };
 }
 function resetPassword(state, reqBody) {
-    var _a;
     (0, errors_1.assert)(!state.disableAuth, "PROJECT_DISABLED");
     (0, errors_1.assert)(state.allowPasswordSignup, "PASSWORD_LOGIN_DISABLED");
     (0, errors_1.assert)(reqBody.oobCode, "MISSING_OOB_CODE");
@@ -612,7 +618,7 @@ function resetPassword(state, reqBody) {
             salt,
             passwordUpdatedAt: Date.now(),
             validSince: (0, utils_1.toUnixTimestamp)(new Date()).toString(),
-        }, { deleteProviders: (_a = user.providerUserInfo) === null || _a === void 0 ? void 0 : _a.map((info) => info.providerId) });
+        }, { deleteProviders: user.providerUserInfo?.map((info) => info.providerId) });
     }
     return {
         kind: "identitytoolkit#ResetPasswordResponse",
@@ -621,13 +627,11 @@ function resetPassword(state, reqBody) {
         newEmail: oob.newEmail,
     };
 }
-exports.resetPassword = resetPassword;
 function sendOobCode(state, reqBody, ctx) {
-    var _a;
     (0, errors_1.assert)(!state.disableAuth, "PROJECT_DISABLED");
     (0, errors_1.assert)(reqBody.requestType && reqBody.requestType !== "OOB_REQ_TYPE_UNSPECIFIED", "MISSING_REQ_TYPE");
     if (reqBody.returnOobLink) {
-        (0, errors_1.assert)((_a = ctx.security) === null || _a === void 0 ? void 0 : _a.Oauth2, "INSUFFICIENT_PERMISSION");
+        (0, errors_1.assert)(ctx.security?.Oauth2, "INSUFFICIENT_PERMISSION");
     }
     if (reqBody.continueUrl) {
         (0, errors_1.assert)((0, utils_1.parseAbsoluteUri)(reqBody.continueUrl), "INVALID_CONTINUE_URI : ((expected an absolute URI with valid scheme and host))");
@@ -717,12 +721,11 @@ function sendOobCode(state, reqBody, ctx) {
     }
 }
 function sendVerificationCode(state, reqBody) {
-    var _a;
     (0, errors_1.assert)(!state.disableAuth, "PROJECT_DISABLED");
     (0, errors_1.assert)(state instanceof state_1.AgentProjectState, "UNSUPPORTED_TENANT_OPERATION");
     (0, errors_1.assert)(reqBody.phoneNumber && (0, utils_1.isValidPhoneNumber)(reqBody.phoneNumber), "INVALID_PHONE_NUMBER : Invalid format.");
     const user = state.getUserByPhoneNumber(reqBody.phoneNumber);
-    (0, errors_1.assert)(!((_a = user === null || user === void 0 ? void 0 : user.mfaInfo) === null || _a === void 0 ? void 0 : _a.length), "UNSUPPORTED_FIRST_FACTOR : A phone number cannot be set as a first factor on an SMS based MFA user.");
+    (0, errors_1.assert)(!user?.mfaInfo?.length, "UNSUPPORTED_FIRST_FACTOR : A phone number cannot be set as a first factor on an SMS based MFA user.");
     const { sessionInfo, phoneNumber, code } = state.createVerificationCode(reqBody.phoneNumber);
     emulatorLogger_1.EmulatorLogger.forEmulator(types_1.Emulators.AUTH).log("BULLET", `To verify the phone number ${phoneNumber}, use the code ${code}.`);
     return {
@@ -730,16 +733,14 @@ function sendVerificationCode(state, reqBody) {
     };
 }
 function setAccountInfo(state, reqBody, ctx) {
-    var _a;
     (0, errors_1.assert)(!state.disableAuth, "PROJECT_DISABLED");
     const url = (0, utils_1.authEmulatorUrl)(ctx.req);
     return setAccountInfoImpl(state, reqBody, {
-        privileged: !!((_a = ctx.security) === null || _a === void 0 ? void 0 : _a.Oauth2),
+        privileged: !!ctx.security?.Oauth2,
         emulatorUrl: url,
     });
 }
 function setAccountInfoImpl(state, reqBody, { privileged = false, emulatorUrl = undefined } = {}) {
-    var _a, _b;
     const unimplementedFields = ["provider", "upgradeToFederatedLogin"];
     for (const field of unimplementedFields) {
         if (field in reqBody) {
@@ -895,14 +896,14 @@ function setAccountInfoImpl(state, reqBody, { privileged = false, emulatorUrl =
                     break;
             }
         }
-        if ((_a = reqBody.deleteProvider) === null || _a === void 0 ? void 0 : _a.includes(state_1.PROVIDER_PASSWORD)) {
+        if (reqBody.deleteProvider?.includes(state_1.PROVIDER_PASSWORD)) {
             updates.email = undefined;
             updates.emailVerified = undefined;
             updates.emailLinkSignin = undefined;
             updates.passwordHash = undefined;
             updates.salt = undefined;
         }
-        if ((_b = reqBody.deleteProvider) === null || _b === void 0 ? void 0 : _b.includes(state_1.PROVIDER_PHONE)) {
+        if (reqBody.deleteProvider?.includes(state_1.PROVIDER_PHONE)) {
             updates.phoneNumber = undefined;
         }
     }
@@ -922,9 +923,19 @@ function setAccountInfoImpl(state, reqBody, { privileged = false, emulatorUrl =
         }
         sendOobForEmailReset(state, user.initialEmail, emulatorUrl);
     }
-    return redactPasswordHash(Object.assign({ kind: "identitytoolkit#SetAccountInfoResponse", localId: user.localId, emailVerified: user.emailVerified, providerUserInfo: user.providerUserInfo, email: user.email, displayName: user.displayName, photoUrl: user.photoUrl, newEmail, passwordHash: user.passwordHash }, (updates.validSince && signInProvider ? issueTokens(state, user, signInProvider) : {})));
+    return redactPasswordHash({
+        kind: "identitytoolkit#SetAccountInfoResponse",
+        localId: user.localId,
+        emailVerified: user.emailVerified,
+        providerUserInfo: user.providerUserInfo,
+        email: user.email,
+        displayName: user.displayName,
+        photoUrl: user.photoUrl,
+        newEmail,
+        passwordHash: user.passwordHash,
+        ...(updates.validSince && signInProvider ? issueTokens(state, user, signInProvider) : {}),
+    });
 }
-exports.setAccountInfoImpl = setAccountInfoImpl;
 function sendOobForEmailReset(state, initialEmail, url) {
     const oobRecord = createOobRecord(state, initialEmail, url, {
         requestType: "RECOVER_EMAIL",
@@ -975,7 +986,6 @@ function logOobMessage(oobRecord) {
     }
 }
 function signInWithCustomToken(state, reqBody) {
-    var _a;
     (0, errors_1.assert)(!state.disableAuth, "PROJECT_DISABLED");
     (0, errors_1.assert)(reqBody.token, "MISSING_CUSTOM_TOKEN");
     let payload;
@@ -983,14 +993,14 @@ function signInWithCustomToken(state, reqBody) {
         try {
             payload = JSON.parse(reqBody.token);
         }
-        catch (_b) {
+        catch {
             throw new errors_1.BadRequestError("INVALID_CUSTOM_TOKEN : ((Auth Emulator only accepts strict JSON or JWTs as fake custom tokens.))");
         }
     }
     else {
         const decoded = (0, jsonwebtoken_1.decode)(reqBody.token, { complete: true });
         if (state instanceof state_1.TenantProjectState) {
-            (0, errors_1.assert)((decoded === null || decoded === void 0 ? void 0 : decoded.payload.tenant_id) === state.tenantId, "TENANT_ID_MISMATCH");
+            (0, errors_1.assert)(decoded?.payload.tenant_id === state.tenantId, "TENANT_ID_MISMATCH");
         }
         (0, errors_1.assert)(decoded, "INVALID_CUSTOM_TOKEN : Invalid assertion format");
         if (decoded.header.alg !== "none") {
@@ -1000,7 +1010,7 @@ function signInWithCustomToken(state, reqBody) {
             "Note: Firebase ID Tokens / third-party tokens cannot be used with signInWithCustomToken.))");
         payload = decoded.payload;
     }
-    const localId = (_a = coercePrimitiveToString(payload.uid)) !== null && _a !== void 0 ? _a : coercePrimitiveToString(payload.user_id);
+    const localId = coercePrimitiveToString(payload.uid) ?? coercePrimitiveToString(payload.user_id);
     (0, errors_1.assert)(localId, "MISSING_IDENTIFIER");
     let extraClaims = {};
     if ("claims" in payload) {
@@ -1026,7 +1036,11 @@ function signInWithCustomToken(state, reqBody) {
             throw new Error(`Internal assertion error: trying to create duplicate localId: ${localId}`);
         }
     }
-    return Object.assign({ kind: "identitytoolkit#VerifyCustomTokenResponse", isNewUser }, issueTokens(state, user, state_1.PROVIDER_CUSTOM, { extraClaims }));
+    return {
+        kind: "identitytoolkit#VerifyCustomTokenResponse",
+        isNewUser,
+        ...issueTokens(state, user, state_1.PROVIDER_CUSTOM, { extraClaims }),
+    };
 }
 async function signInWithEmailLink(state, reqBody) {
     (0, errors_1.assert)(!state.disableAuth, "PROJECT_DISABLED");
@@ -1055,9 +1069,9 @@ async function signInWithEmailLink(state, reqBody) {
     if (!user) {
         updates.createdAt = timestamp.getTime().toString();
         const localId = state.generateLocalId();
-        const userBeforeCreate = Object.assign({ localId }, updates);
+        const userBeforeCreate = { localId, ...updates };
         const blockingResponse = await fetchBlockingFunction(state, state_1.BlockingFunctionEvents.BEFORE_CREATE, userBeforeCreate, { signInMethod: "emailLink" });
-        updates = Object.assign(Object.assign({}, updates), blockingResponse.updates);
+        updates = { ...updates, ...blockingResponse.updates };
         user = state.createUserWithLocalId(localId, updates);
         if (!user.disabled && !isMfaEnabled(state, user)) {
             const blockingResponse = await fetchBlockingFunction(state, state_1.BlockingFunctionEvents.BEFORE_SIGN_IN, user, { signInMethod: "emailLink" });
@@ -1072,8 +1086,8 @@ async function signInWithEmailLink(state, reqBody) {
             (0, errors_1.assert)(userFromIdToken.localId === userFromEmail.localId, "EMAIL_EXISTS");
         }
         if (!user.disabled && !isMfaEnabled(state, user)) {
-            const blockingResponse = await fetchBlockingFunction(state, state_1.BlockingFunctionEvents.BEFORE_SIGN_IN, Object.assign(Object.assign({}, user), updates), { signInMethod: "emailLink" });
-            updates = Object.assign(Object.assign({}, updates), blockingResponse.updates);
+            const blockingResponse = await fetchBlockingFunction(state, state_1.BlockingFunctionEvents.BEFORE_SIGN_IN, { ...user, ...updates }, { signInMethod: "emailLink" });
+            updates = { ...updates, ...blockingResponse.updates };
             extraClaims = blockingResponse.extraClaims;
         }
         user = state.updateUserByLocalId(user.localId, updates);
@@ -1086,15 +1100,14 @@ async function signInWithEmailLink(state, reqBody) {
     };
     (0, errors_1.assert)(!user.disabled, "USER_DISABLED");
     if (isMfaEnabled(state, user)) {
-        return Object.assign(Object.assign({}, response), mfaPending(state, user, state_1.PROVIDER_PASSWORD));
+        return { ...response, ...mfaPending(state, user, state_1.PROVIDER_PASSWORD) };
     }
     else {
         user = state.updateUserByLocalId(user.localId, { lastLoginAt: Date.now().toString() });
-        return Object.assign(Object.assign({}, response), issueTokens(state, user, state_1.PROVIDER_PASSWORD, { extraClaims }));
+        return { ...response, ...issueTokens(state, user, state_1.PROVIDER_PASSWORD, { extraClaims }) };
     }
 }
 async function signInWithIdp(state, reqBody) {
-    var _a, _b;
     (0, errors_1.assert)(!state.disableAuth, "PROJECT_DISABLED");
     if (reqBody.returnRefreshToken) {
         throw new errors_1.NotImplementedError("returnRefreshToken is not implemented yet.");
@@ -1103,7 +1116,7 @@ async function signInWithIdp(state, reqBody) {
         throw new errors_1.NotImplementedError("pendingIdToken is not implemented yet.");
     }
     const normalizedUri = getNormalizedUri(reqBody);
-    const providerId = (_a = normalizedUri.searchParams.get("providerId")) === null || _a === void 0 ? void 0 : _a.toLowerCase();
+    const providerId = normalizedUri.searchParams.get("providerId")?.toLowerCase();
     (0, errors_1.assert)(providerId, `INVALID_CREDENTIAL_OR_PROVIDER_ID : Invalid IdP response/credential: ${normalizedUri.toString()}`);
     const oauthIdToken = normalizedUri.searchParams.get("id_token") || undefined;
     const oauthAccessToken = normalizedUri.searchParams.get("access_token") || undefined;
@@ -1128,7 +1141,7 @@ async function signInWithIdp(state, reqBody) {
     let signInAttributes = undefined;
     if (normalizedUri.searchParams.get("SAMLResponse")) {
         samlResponse = JSON.parse(normalizedUri.searchParams.get("SAMLResponse"));
-        signInAttributes = (_b = samlResponse.assertion) === null || _b === void 0 ? void 0 : _b.attributeStatements;
+        signInAttributes = samlResponse.assertion?.attributeStatements;
         (0, errors_1.assert)(samlResponse.assertion, "INVALID_IDP_RESPONSE ((Missing assertion in SAMLResponse.))");
         (0, errors_1.assert)(samlResponse.assertion.subject, "INVALID_IDP_RESPONSE ((Missing assertion.subject in SAMLResponse.))");
         (0, errors_1.assert)(samlResponse.assertion.subject.nameId, "INVALID_IDP_RESPONSE ((Missing assertion.subject.nameId in SAMLResponse.))");
@@ -1185,15 +1198,21 @@ async function signInWithIdp(state, reqBody) {
     };
     if (response.isNewUser) {
         const timestamp = new Date();
-        let updates = Object.assign(Object.assign({}, accountUpdates.fields), { createdAt: timestamp.getTime().toString(), lastLoginAt: timestamp.getTime().toString(), providerUserInfo: [providerUserInfo], tenantId: state instanceof state_1.TenantProjectState ? state.tenantId : undefined });
+        let updates = {
+            ...accountUpdates.fields,
+            createdAt: timestamp.getTime().toString(),
+            lastLoginAt: timestamp.getTime().toString(),
+            providerUserInfo: [providerUserInfo],
+            tenantId: state instanceof state_1.TenantProjectState ? state.tenantId : undefined,
+        };
         const localId = state.generateLocalId();
-        const userBeforeCreate = Object.assign({ localId }, updates);
+        const userBeforeCreate = { localId, ...updates };
         const blockingResponse = await fetchBlockingFunction(state, state_1.BlockingFunctionEvents.BEFORE_CREATE, userBeforeCreate, {
             signInMethod: response.providerId,
             rawUserInfo: response.rawUserInfo,
             signInAttributes: JSON.stringify(signInAttributes),
         }, oauthTokens);
-        updates = Object.assign(Object.assign({}, updates), blockingResponse.updates);
+        updates = { ...updates, ...blockingResponse.updates };
         user = state.createUserWithLocalId(localId, updates);
         response.localId = user.localId;
         if (!user.disabled && !isMfaEnabled(state, user)) {
@@ -1214,15 +1233,15 @@ async function signInWithIdp(state, reqBody) {
         const maybeUser = state.getUserByLocalId(response.localId);
         (0, errors_1.assert)(maybeUser, "USER_NOT_FOUND");
         user = maybeUser;
-        let updates = Object.assign({}, accountUpdates.fields);
+        let updates = { ...accountUpdates.fields };
         if (!user.disabled && !isMfaEnabled(state, user)) {
-            const blockingResponse = await fetchBlockingFunction(state, state_1.BlockingFunctionEvents.BEFORE_SIGN_IN, Object.assign(Object.assign({}, user), updates), {
+            const blockingResponse = await fetchBlockingFunction(state, state_1.BlockingFunctionEvents.BEFORE_SIGN_IN, { ...user, ...updates }, {
                 signInMethod: response.providerId,
                 rawUserInfo: response.rawUserInfo,
                 signInAttributes: JSON.stringify(signInAttributes),
             }, oauthTokens);
             extraClaims = blockingResponse.extraClaims;
-            updates = Object.assign(Object.assign({}, updates), blockingResponse.updates);
+            updates = { ...updates, ...blockingResponse.updates };
         }
         user = state.updateUserByLocalId(response.localId, updates, {
             upsertProviders: [providerUserInfo],
@@ -1235,12 +1254,15 @@ async function signInWithIdp(state, reqBody) {
         response.tenantId = state.tenantId;
     }
     if (isMfaEnabled(state, user)) {
-        return Object.assign(Object.assign({}, response), mfaPending(state, user, providerId));
+        return { ...response, ...mfaPending(state, user, providerId) };
     }
     else {
         user = state.updateUserByLocalId(user.localId, { lastLoginAt: Date.now().toString() });
-        (0, errors_1.assert)(!(user === null || user === void 0 ? void 0 : user.disabled), "USER_DISABLED");
-        return Object.assign(Object.assign({}, response), issueTokens(state, user, providerId, { signInAttributes, extraClaims }));
+        (0, errors_1.assert)(!user?.disabled, "USER_DISABLED");
+        return {
+            ...response,
+            ...issueTokens(state, user, providerId, { signInAttributes, extraClaims }),
+        };
     }
 }
 async function signInWithPassword(state, reqBody) {
@@ -1276,17 +1298,19 @@ async function signInWithPassword(state, reqBody) {
         email,
     };
     if (isMfaEnabled(state, user)) {
-        return Object.assign(Object.assign({}, response), mfaPending(state, user, state_1.PROVIDER_PASSWORD));
+        return { ...response, ...mfaPending(state, user, state_1.PROVIDER_PASSWORD) };
     }
     else {
         const { updates, extraClaims } = await fetchBlockingFunction(state, state_1.BlockingFunctionEvents.BEFORE_SIGN_IN, user, { signInMethod: "password" });
-        user = state.updateUserByLocalId(user.localId, Object.assign(Object.assign({}, updates), { lastLoginAt: Date.now().toString() }));
+        user = state.updateUserByLocalId(user.localId, {
+            ...updates,
+            lastLoginAt: Date.now().toString(),
+        });
         (0, errors_1.assert)(!user.disabled, "USER_DISABLED");
-        return Object.assign(Object.assign({}, response), issueTokens(state, user, state_1.PROVIDER_PASSWORD, { extraClaims }));
+        return { ...response, ...issueTokens(state, user, state_1.PROVIDER_PASSWORD, { extraClaims }) };
     }
 }
 async function signInWithPhoneNumber(state, reqBody) {
-    var _a;
     (0, errors_1.assert)(!state.disableAuth, "PROJECT_DISABLED");
     (0, errors_1.assert)(state instanceof state_1.AgentProjectState, "UNSUPPORTED_TENANT_OPERATION");
     let phoneNumber;
@@ -1306,7 +1330,9 @@ async function signInWithPhoneNumber(state, reqBody) {
     if (userFromPhoneNumber && userFromIdToken) {
         if (userFromPhoneNumber.localId !== userFromIdToken.localId) {
             (0, errors_1.assert)(!reqBody.temporaryProof, "PHONE_NUMBER_EXISTS");
-            return Object.assign({}, state.createTemporaryProof(phoneNumber));
+            return {
+                ...state.createTemporaryProof(phoneNumber),
+            };
         }
     }
     let user = userFromIdToken || userFromPhoneNumber;
@@ -1320,9 +1346,9 @@ async function signInWithPhoneNumber(state, reqBody) {
     if (!user) {
         updates.createdAt = timestamp.getTime().toString();
         const localId = state.generateLocalId();
-        const userBeforeCreate = Object.assign({ localId }, updates);
+        const userBeforeCreate = { localId, ...updates };
         const blockingResponse = await fetchBlockingFunction(state, state_1.BlockingFunctionEvents.BEFORE_CREATE, userBeforeCreate, { signInMethod: "phone" });
-        updates = Object.assign(Object.assign({}, updates), blockingResponse.updates);
+        updates = { ...updates, ...blockingResponse.updates };
         user = state.createUserWithLocalId(localId, updates);
         if (!user.disabled) {
             const blockingResponse = await fetchBlockingFunction(state, state_1.BlockingFunctionEvents.BEFORE_SIGN_IN, user, { signInMethod: "phone" });
@@ -1333,20 +1359,24 @@ async function signInWithPhoneNumber(state, reqBody) {
     }
     else {
         (0, errors_1.assert)(!user.disabled, "USER_DISABLED");
-        (0, errors_1.assert)(!((_a = user.mfaInfo) === null || _a === void 0 ? void 0 : _a.length), "UNSUPPORTED_FIRST_FACTOR : A phone number cannot be set as a first factor on an SMS based MFA user.");
+        (0, errors_1.assert)(!user.mfaInfo?.length, "UNSUPPORTED_FIRST_FACTOR : A phone number cannot be set as a first factor on an SMS based MFA user.");
         if (!user.disabled) {
-            const blockingResponse = await fetchBlockingFunction(state, state_1.BlockingFunctionEvents.BEFORE_SIGN_IN, Object.assign(Object.assign({}, user), updates), { signInMethod: "phone" });
-            updates = Object.assign(Object.assign({}, updates), blockingResponse.updates);
+            const blockingResponse = await fetchBlockingFunction(state, state_1.BlockingFunctionEvents.BEFORE_SIGN_IN, { ...user, ...updates }, { signInMethod: "phone" });
+            updates = { ...updates, ...blockingResponse.updates };
             extraClaims = blockingResponse.extraClaims;
         }
         user = state.updateUserByLocalId(user.localId, updates);
     }
-    (0, errors_1.assert)(!(user === null || user === void 0 ? void 0 : user.disabled), "USER_DISABLED");
+    (0, errors_1.assert)(!user?.disabled, "USER_DISABLED");
     const tokens = issueTokens(state, user, state_1.PROVIDER_PHONE, {
         extraClaims,
     });
-    return Object.assign({ isNewUser,
-        phoneNumber, localId: user.localId }, tokens);
+    return {
+        isNewUser,
+        phoneNumber,
+        localId: user.localId,
+        ...tokens,
+    };
 }
 function grantToken(state, reqBody) {
     (0, errors_1.assert)(reqBody.grantType, "MISSING_GRANT_TYPE");
@@ -1383,12 +1413,11 @@ function getEmulatorProjectConfig(state) {
     };
 }
 function updateEmulatorProjectConfig(state, reqBody, ctx) {
-    var _a, _b;
     const updateMask = [];
-    if (((_a = reqBody.signIn) === null || _a === void 0 ? void 0 : _a.allowDuplicateEmails) != null) {
+    if (reqBody.signIn?.allowDuplicateEmails != null) {
         updateMask.push("signIn.allowDuplicateEmails");
     }
-    if (((_b = reqBody.emailPrivacyConfig) === null || _b === void 0 ? void 0 : _b.enableImprovedEmailPrivacy) != null) {
+    if (reqBody.emailPrivacyConfig?.enableImprovedEmailPrivacy != null) {
         updateMask.push("emailPrivacyConfig.enableImprovedEmailPrivacy");
     }
     ctx.params.query.updateMask = updateMask.join();
@@ -1406,10 +1435,9 @@ function listVerificationCodesInProject(state) {
     };
 }
 function mfaEnrollmentStart(state, reqBody) {
-    var _a, _b;
     (0, errors_1.assert)(!state.disableAuth, "PROJECT_DISABLED");
     (0, errors_1.assert)((state.mfaConfig.state === "ENABLED" || state.mfaConfig.state === "MANDATORY") &&
-        ((_a = state.mfaConfig.enabledProviders) === null || _a === void 0 ? void 0 : _a.includes("PHONE_SMS")), "OPERATION_NOT_ALLOWED : SMS based MFA not enabled.");
+        state.mfaConfig.enabledProviders?.includes("PHONE_SMS"), "OPERATION_NOT_ALLOWED : SMS based MFA not enabled.");
     (0, errors_1.assert)(reqBody.idToken, "MISSING_ID_TOKEN");
     const { user, signInProvider } = parseIdToken(state, reqBody.idToken);
     (0, errors_1.assert)(!MFA_INELIGIBLE_PROVIDER.has(signInProvider), "UNSUPPORTED_FIRST_FACTOR : MFA is not available for the given first factor.");
@@ -1417,7 +1445,7 @@ function mfaEnrollmentStart(state, reqBody) {
     (0, errors_1.assert)(reqBody.phoneEnrollmentInfo, "INVALID_ARGUMENT : ((Missing phoneEnrollmentInfo.))");
     const phoneNumber = reqBody.phoneEnrollmentInfo.phoneNumber;
     (0, errors_1.assert)(phoneNumber && (0, utils_1.isValidPhoneNumber)(phoneNumber), "INVALID_PHONE_NUMBER : Invalid format.");
-    (0, errors_1.assert)(!((_b = user.mfaInfo) === null || _b === void 0 ? void 0 : _b.some((enrollment) => enrollment.unobfuscatedPhoneInfo === phoneNumber)), "SECOND_FACTOR_EXISTS : Phone number already enrolled as second factor for this account.");
+    (0, errors_1.assert)(!user.mfaInfo?.some((enrollment) => enrollment.unobfuscatedPhoneInfo === phoneNumber), "SECOND_FACTOR_EXISTS : Phone number already enrolled as second factor for this account.");
     const { sessionInfo, code } = state.createVerificationCode(phoneNumber);
     emulatorLogger_1.EmulatorLogger.forEmulator(types_1.Emulators.AUTH).log("BULLET", `To enroll MFA with ${phoneNumber}, use the code ${code}.`);
     return {
@@ -1427,10 +1455,9 @@ function mfaEnrollmentStart(state, reqBody) {
     };
 }
 function mfaEnrollmentFinalize(state, reqBody) {
-    var _a, _b;
     (0, errors_1.assert)(!state.disableAuth, "PROJECT_DISABLED");
     (0, errors_1.assert)((state.mfaConfig.state === "ENABLED" || state.mfaConfig.state === "MANDATORY") &&
-        ((_a = state.mfaConfig.enabledProviders) === null || _a === void 0 ? void 0 : _a.includes("PHONE_SMS")), "OPERATION_NOT_ALLOWED : SMS based MFA not enabled.");
+        state.mfaConfig.enabledProviders?.includes("PHONE_SMS"), "OPERATION_NOT_ALLOWED : SMS based MFA not enabled.");
     (0, errors_1.assert)(reqBody.idToken, "MISSING_ID_TOKEN");
     let { user, signInProvider } = parseIdToken(state, reqBody.idToken);
     (0, errors_1.assert)(!MFA_INELIGIBLE_PROVIDER.has(signInProvider), "UNSUPPORTED_FIRST_FACTOR : MFA is not available for the given first factor.");
@@ -1442,7 +1469,7 @@ function mfaEnrollmentFinalize(state, reqBody) {
     (0, errors_1.assert)(code, "MISSING_CODE");
     (0, errors_1.assert)(sessionInfo, "MISSING_SESSION_INFO");
     const phoneNumber = verifyPhoneNumber(state, sessionInfo, code);
-    (0, errors_1.assert)(!((_b = user.mfaInfo) === null || _b === void 0 ? void 0 : _b.some((enrollment) => enrollment.unobfuscatedPhoneInfo === phoneNumber)), "SECOND_FACTOR_EXISTS : Phone number already enrolled as second factor for this account.");
+    (0, errors_1.assert)(!user.mfaInfo?.some((enrollment) => enrollment.unobfuscatedPhoneInfo === phoneNumber), "SECOND_FACTOR_EXISTS : Phone number already enrolled as second factor for this account.");
     const existingFactors = user.mfaInfo || [];
     const existingIds = new Set();
     for (const { mfaEnrollmentId } of existingFactors) {
@@ -1476,17 +1503,18 @@ function mfaEnrollmentWithdraw(state, reqBody) {
     const updatedList = user.mfaInfo.filter((enrollment) => enrollment.mfaEnrollmentId !== reqBody.mfaEnrollmentId);
     (0, errors_1.assert)(updatedList.length < user.mfaInfo.length, "MFA_ENROLLMENT_NOT_FOUND");
     user = state.updateUserByLocalId(user.localId, { mfaInfo: updatedList });
-    return Object.assign({}, issueTokens(state, user, signInProvider));
+    return {
+        ...issueTokens(state, user, signInProvider),
+    };
 }
 function mfaSignInStart(state, reqBody) {
-    var _a, _b;
     (0, errors_1.assert)(!state.disableAuth, "PROJECT_DISABLED");
     (0, errors_1.assert)((state.mfaConfig.state === "ENABLED" || state.mfaConfig.state === "MANDATORY") &&
-        ((_a = state.mfaConfig.enabledProviders) === null || _a === void 0 ? void 0 : _a.includes("PHONE_SMS")), "OPERATION_NOT_ALLOWED : SMS based MFA not enabled.");
+        state.mfaConfig.enabledProviders?.includes("PHONE_SMS"), "OPERATION_NOT_ALLOWED : SMS based MFA not enabled.");
     (0, errors_1.assert)(reqBody.mfaPendingCredential, "MISSING_MFA_PENDING_CREDENTIAL : Request does not have MFA pending credential.");
     (0, errors_1.assert)(reqBody.mfaEnrollmentId, "MISSING_MFA_ENROLLMENT_ID : No second factor identifier is provided.");
     const { user } = parsePendingCredential(state, reqBody.mfaPendingCredential);
-    const enrollment = (_b = user.mfaInfo) === null || _b === void 0 ? void 0 : _b.find((factor) => factor.mfaEnrollmentId === reqBody.mfaEnrollmentId);
+    const enrollment = user.mfaInfo?.find((factor) => factor.mfaEnrollmentId === reqBody.mfaEnrollmentId);
     (0, errors_1.assert)(enrollment, "MFA_ENROLLMENT_NOT_FOUND");
     const phoneNumber = enrollment.unobfuscatedPhoneInfo;
     (0, errors_1.assert)(phoneNumber, "INVALID_ARGUMENT : MFA provider not supported!");
@@ -1499,10 +1527,9 @@ function mfaSignInStart(state, reqBody) {
     };
 }
 async function mfaSignInFinalize(state, reqBody) {
-    var _a, _b;
     (0, errors_1.assert)(!state.disableAuth, "PROJECT_DISABLED");
     (0, errors_1.assert)((state.mfaConfig.state === "ENABLED" || state.mfaConfig.state === "MANDATORY") &&
-        ((_a = state.mfaConfig.enabledProviders) === null || _a === void 0 ? void 0 : _a.includes("PHONE_SMS")), "OPERATION_NOT_ALLOWED : SMS based MFA not enabled.");
+        state.mfaConfig.enabledProviders?.includes("PHONE_SMS"), "OPERATION_NOT_ALLOWED : SMS based MFA not enabled.");
     (0, errors_1.assert)(reqBody.mfaPendingCredential, "MISSING_CREDENTIAL : Please set MFA Pending Credential.");
     (0, errors_1.assert)(reqBody.phoneVerificationInfo, "INVALID_ARGUMENT : MFA provider not supported!");
     if (reqBody.phoneVerificationInfo.androidVerificationProof) {
@@ -1513,7 +1540,7 @@ async function mfaSignInFinalize(state, reqBody) {
     (0, errors_1.assert)(sessionInfo, "MISSING_SESSION_INFO");
     const phoneNumber = verifyPhoneNumber(state, sessionInfo, code);
     let { user, signInProvider } = parsePendingCredential(state, reqBody.mfaPendingCredential);
-    const enrollment = (_b = user.mfaInfo) === null || _b === void 0 ? void 0 : _b.find((enrollment) => {
+    const enrollment = user.mfaInfo?.find((enrollment) => {
         if (enrollment.unobfuscatedPhoneInfo === phoneNumber) {
             return true;
         }
@@ -1524,7 +1551,10 @@ async function mfaSignInFinalize(state, reqBody) {
         return false;
     });
     const { updates, extraClaims } = await fetchBlockingFunction(state, state_1.BlockingFunctionEvents.BEFORE_SIGN_IN, user, { signInMethod: signInProvider, signInSecondFactor: "phone" });
-    user = state.updateUserByLocalId(user.localId, Object.assign(Object.assign({}, updates), { lastLoginAt: Date.now().toString() }));
+    user = state.updateUserByLocalId(user.localId, {
+        ...updates,
+        lastLoginAt: Date.now().toString(),
+    });
     (0, errors_1.assert)(enrollment && enrollment.mfaEnrollmentId, "MFA_ENROLLMENT_NOT_FOUND");
     (0, errors_1.assert)(!user.disabled, "USER_DISABLED");
     const { idToken, refreshToken } = issueTokens(state, user, signInProvider, {
@@ -1541,9 +1571,8 @@ function getConfig(state) {
     return state.config;
 }
 function updateConfig(state, reqBody, ctx) {
-    var _a;
     (0, errors_1.assert)(state instanceof state_1.AgentProjectState, "((Can only update top-level configurations on agent projects.))");
-    for (const event in (_a = reqBody.blockingFunctions) === null || _a === void 0 ? void 0 : _a.triggers) {
+    for (const event in reqBody.blockingFunctions?.triggers) {
         if (Object.prototype.hasOwnProperty.call(reqBody.blockingFunctions.triggers, event)) {
             (0, errors_1.assert)(Object.values(state_1.BlockingFunctionEvents).includes(event), "INVALID_BLOCKING_FUNCTION : ((Event type is invalid.))");
             (0, errors_1.assert)((0, utils_1.parseAbsoluteUri)(reqBody.blockingFunctions.triggers[event].functionUri), "INVALID_BLOCKING_FUNCTION : ((Expected an absolute URI with valid scheme and host.))");
@@ -1625,14 +1654,26 @@ function generateJwt(user, { projectId, signInProvider, expiresInSeconds, extraC
         }
     }
     const customAttributes = JSON.parse(user.customAttributes || "{}");
-    const customPayloadFields = Object.assign(Object.assign(Object.assign({ name: user.displayName, picture: user.photoUrl }, customAttributes), extraClaims), { email: user.email, email_verified: user.emailVerified, phone_number: user.phoneNumber, provider_id: signInProvider === "anonymous" ? signInProvider : undefined, auth_time: (0, utils_1.toUnixTimestamp)(getAuthTime(user)), user_id: user.localId, firebase: {
+    const customPayloadFields = {
+        name: user.displayName,
+        picture: user.photoUrl,
+        ...customAttributes,
+        ...extraClaims,
+        email: user.email,
+        email_verified: user.emailVerified,
+        phone_number: user.phoneNumber,
+        provider_id: signInProvider === "anonymous" ? signInProvider : undefined,
+        auth_time: (0, utils_1.toUnixTimestamp)(getAuthTime(user)),
+        user_id: user.localId,
+        firebase: {
             identities,
             sign_in_provider: signInProvider,
-            second_factor_identifier: secondFactor === null || secondFactor === void 0 ? void 0 : secondFactor.identifier,
-            sign_in_second_factor: secondFactor === null || secondFactor === void 0 ? void 0 : secondFactor.provider,
+            second_factor_identifier: secondFactor?.identifier,
+            sign_in_second_factor: secondFactor?.provider,
             tenant: tenantId,
             sign_in_attributes: signInAttributes,
-        } });
+        },
+    };
     const jwtStr = (0, jsonwebtoken_1.sign)(customPayloadFields, "fake-secret", {
         algorithm: "none",
         expiresIn: expiresInSeconds,
@@ -1676,7 +1717,7 @@ function validateSerializedCustomClaims(claims) {
     try {
         parsed = JSON.parse(claims);
     }
-    catch (_a) {
+    catch {
         throw new errors_1.BadRequestError("INVALID_CLAIMS");
     }
     validateCustomClaims(parsed);
@@ -1708,7 +1749,7 @@ function validateCustomClaims(claims) {
 function newRandomId(length, existingIds) {
     for (let i = 0; i < 10; i++) {
         const id = (0, utils_1.randomId)(length);
-        if (!(existingIds === null || existingIds === void 0 ? void 0 : existingIds.has(id))) {
+        if (!existingIds?.has(id)) {
             return id;
         }
     }
@@ -1721,12 +1762,16 @@ function getMfaEnrollmentsFromRequest(state, request, options) {
     for (const enrollment of request) {
         (0, errors_1.assert)(enrollment.phoneInfo && (0, utils_1.isValidPhoneNumber)(enrollment.phoneInfo), "INVALID_MFA_PHONE_NUMBER : Invalid format.");
         if (!phoneNumbers.has(enrollment.phoneInfo)) {
-            const mfaEnrollmentId = (options === null || options === void 0 ? void 0 : options.generateEnrollmentIds)
+            const mfaEnrollmentId = options?.generateEnrollmentIds
                 ? newRandomId(28, enrollmentIds)
                 : enrollment.mfaEnrollmentId;
             (0, errors_1.assert)(mfaEnrollmentId, "INVALID_MFA_ENROLLMENT_ID : mfaEnrollmentId must be defined.");
             (0, errors_1.assert)(!enrollmentIds.has(mfaEnrollmentId), "DUPLICATE_MFA_ENROLLMENT_ID");
-            enrollments.push(Object.assign(Object.assign({}, enrollment), { mfaEnrollmentId, unobfuscatedPhoneInfo: enrollment.phoneInfo }));
+            enrollments.push({
+                ...enrollment,
+                mfaEnrollmentId,
+                unobfuscatedPhoneInfo: enrollment.phoneInfo,
+            });
             phoneNumbers.add(enrollment.phoneInfo);
             enrollmentIds.add(mfaEnrollmentId);
         }
@@ -1762,7 +1807,7 @@ function parseClaims(idTokenOrJsonClaims) {
         try {
             claims = JSON.parse(idTokenOrJsonClaims);
         }
-        catch (_a) {
+        catch {
             throw new errors_1.BadRequestError(`INVALID_IDP_RESPONSE : Unable to parse id_token: ${idTokenOrJsonClaims} ((Auth Emulator failed to parse fake id_token as strict JSON.))`);
         }
     }
@@ -1778,7 +1823,6 @@ function parseClaims(idTokenOrJsonClaims) {
     return claims;
 }
 function fakeFetchUserInfoFromIdp(providerId, claims, samlResponse) {
-    var _a, _b, _c, _d, _e;
     const rawId = claims.sub;
     const email = claims.email ? (0, utils_1.canonicalizeEmailAddress)(claims.email) : undefined;
     const emailVerified = !!claims.email_verified;
@@ -1818,13 +1862,13 @@ function fakeFetchUserInfoFromIdp(providerId, claims, samlResponse) {
             });
             break;
         }
-        case (_a = providerId.match(/^saml\./)) === null || _a === void 0 ? void 0 : _a.input:
-            const nameId = (_c = (_b = samlResponse === null || samlResponse === void 0 ? void 0 : samlResponse.assertion) === null || _b === void 0 ? void 0 : _b.subject) === null || _c === void 0 ? void 0 : _c.nameId;
+        case providerId.match(/^saml\./)?.input:
+            const nameId = samlResponse?.assertion?.subject?.nameId;
             response.email = nameId && (0, utils_1.isValidEmailAddress)(nameId) ? nameId : response.email;
             response.emailVerified = true;
-            response.rawUserInfo = JSON.stringify((_d = samlResponse === null || samlResponse === void 0 ? void 0 : samlResponse.assertion) === null || _d === void 0 ? void 0 : _d.attributeStatements);
+            response.rawUserInfo = JSON.stringify(samlResponse?.assertion?.attributeStatements);
             break;
-        case (_e = providerId.match(/^oidc\./)) === null || _e === void 0 ? void 0 : _e.input:
+        case providerId.match(/^oidc\./)?.input:
         default:
             response.rawUserInfo = JSON.stringify(claims);
             break;
@@ -1853,7 +1897,7 @@ function handleLinkIdp(state, response, userFromIdToken) {
 function handleIdpSigninEmailNotRequired(response, userMatchingProvider) {
     if (userMatchingProvider) {
         return {
-            response: Object.assign(Object.assign({}, response), { localId: userMatchingProvider.localId }),
+            response: { ...response, localId: userMatchingProvider.localId },
             accountUpdates: {},
         };
     }
@@ -1862,16 +1906,15 @@ function handleIdpSigninEmailNotRequired(response, userMatchingProvider) {
     }
 }
 function handleIdpSigninEmailRequired(response, rawId, userMatchingProvider, userMatchingEmail) {
-    var _a, _b, _c;
     if (userMatchingProvider) {
         return {
-            response: Object.assign(Object.assign({}, response), { localId: userMatchingProvider.localId }),
+            response: { ...response, localId: userMatchingProvider.localId },
             accountUpdates: {},
         };
     }
     else if (userMatchingEmail) {
         if (response.emailVerified) {
-            if ((_a = userMatchingEmail.providerUserInfo) === null || _a === void 0 ? void 0 : _a.some((info) => info.providerId === response.providerId && info.rawId !== rawId)) {
+            if (userMatchingEmail.providerUserInfo?.some((info) => info.providerId === response.providerId && info.rawId !== rawId)) {
                 response.emailRecycled = true;
             }
             response.localId = userMatchingEmail.localId;
@@ -1882,7 +1925,7 @@ function handleIdpSigninEmailRequired(response, rawId, userMatchingProvider, use
                 accountUpdates.fields.passwordHash = undefined;
                 accountUpdates.fields.phoneNumber = undefined;
                 accountUpdates.fields.validSince = (0, utils_1.toUnixTimestamp)(new Date()).toString();
-                accountUpdates.deleteProviders = (_b = userMatchingEmail.providerUserInfo) === null || _b === void 0 ? void 0 : _b.map((info) => info.providerId);
+                accountUpdates.deleteProviders = userMatchingEmail.providerUserInfo?.map((info) => info.providerId);
             }
             accountUpdates.fields.dateOfBirth = response.dateOfBirth;
             accountUpdates.fields.displayName = response.displayName;
@@ -1895,7 +1938,9 @@ function handleIdpSigninEmailRequired(response, rawId, userMatchingProvider, use
         else {
             response.needConfirmation = true;
             response.localId = userMatchingEmail.localId;
-            response.verifiedProvider = (_c = userMatchingEmail.providerUserInfo) === null || _c === void 0 ? void 0 : _c.map((info) => info.providerId).filter((id) => id !== state_1.PROVIDER_PASSWORD && id !== state_1.PROVIDER_PHONE);
+            response.verifiedProvider = userMatchingEmail.providerUserInfo
+                ?.map((info) => info.providerId)
+                .filter((id) => id !== state_1.PROVIDER_PASSWORD && id !== state_1.PROVIDER_PHONE);
             return { response, accountUpdates: {} };
         }
     }
@@ -1918,7 +1963,7 @@ function handleIdpSignUp(response, options) {
         accountUpdates.fields.emailVerified = response.emailVerified;
     }
     return {
-        response: Object.assign(Object.assign({}, response), { isNewUser: true }),
+        response: { ...response, isNewUser: true },
         accountUpdates,
     };
 }
@@ -1967,7 +2012,7 @@ function parsePendingCredential(state, pendingCredential) {
         const json = Buffer.from(pendingCredential, "base64").toString("utf8");
         pendingCredentialPayload = JSON.parse(json);
     }
-    catch (_a) {
+    catch {
         (0, errors_1.assert)(false, "((Invalid phoneVerificationInfo.mfaPendingCredential.))");
     }
     (0, errors_1.assert)(pendingCredentialPayload._AuthEmulatorMfaPendingCredential, "((Invalid phoneVerificationInfo.mfaPendingCredential.))");
@@ -1981,11 +2026,10 @@ function parsePendingCredential(state, pendingCredential) {
     return { user, signInProvider };
 }
 function createTenant(state, reqBody) {
-    var _a, _b, _c, _d, _e;
     if (!(state instanceof state_1.AgentProjectState)) {
         throw new errors_1.InternalError("INTERNAL_ERROR : Can only create tenant in agent project", "INTERNAL");
     }
-    const mfaConfig = (_a = reqBody.mfaConfig) !== null && _a !== void 0 ? _a : {};
+    const mfaConfig = reqBody.mfaConfig ?? {};
     if (!("state" in mfaConfig)) {
         mfaConfig.state = "DISABLED";
     }
@@ -1994,10 +2038,10 @@ function createTenant(state, reqBody) {
     }
     const tenant = {
         displayName: reqBody.displayName,
-        allowPasswordSignup: (_b = reqBody.allowPasswordSignup) !== null && _b !== void 0 ? _b : false,
-        enableEmailLinkSignin: (_c = reqBody.enableEmailLinkSignin) !== null && _c !== void 0 ? _c : false,
-        enableAnonymousUser: (_d = reqBody.enableAnonymousUser) !== null && _d !== void 0 ? _d : false,
-        disableAuth: (_e = reqBody.disableAuth) !== null && _e !== void 0 ? _e : false,
+        allowPasswordSignup: reqBody.allowPasswordSignup ?? false,
+        enableEmailLinkSignin: reqBody.enableEmailLinkSignin ?? false,
+        enableAnonymousUser: reqBody.enableAnonymousUser ?? false,
+        disableAuth: reqBody.disableAuth ?? false,
         mfaConfig: mfaConfig,
         tenantId: "",
     };
@@ -2031,9 +2075,8 @@ function updateTenant(state, reqBody, ctx) {
     return state.updateTenant(reqBody, ctx.params.query.updateMask);
 }
 function isMfaEnabled(state, user) {
-    var _a;
     return ((state.mfaConfig.state === "ENABLED" || state.mfaConfig.state === "MANDATORY") &&
-        ((_a = user.mfaInfo) === null || _a === void 0 ? void 0 : _a.length));
+        user.mfaInfo?.length);
 }
 async function fetchBlockingFunction(state, event, user, options = {}, oauthTokens = {}, timeoutMs = 60000) {
     const url = state.getBlockingFunctionUri(event);
@@ -2121,7 +2164,7 @@ function processBlockingFunctionResponse(event, response) {
                     try {
                         extraClaims = userRecord.sessionClaims;
                     }
-                    catch (_a) {
+                    catch {
                         throw new errors_1.BadRequestError("BLOCKING_FUNCTION_ERROR_RESPONSE : ((Response has malformed session claims.))");
                     }
                     break;
@@ -2228,4 +2271,3 @@ function parseBlockingFunctionJwt(jwt) {
     (0, errors_1.assert)(decoded.user_record, "((Invalid blocking function jwt, missing `user_record` claim.))");
     return decoded;
 }
-exports.parseBlockingFunctionJwt = parseBlockingFunctionJwt;