firebase-tools 9.22.0 → 10.0.0

package/lib/deploy/functions/eventTypes.js

@@ -0,0 +1,10 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PUBSUB_V2_EVENT = exports.STORAGE_V2_EVENTS = void 0;
+exports.STORAGE_V2_EVENTS = [
+    "google.cloud.storage.object.v1.finalized",
+    "google.cloud.storage.object.v1.archived",
+    "google.cloud.storage.object.v1.deleted",
+    "google.cloud.storage.object.v1.metadataUpdated",
+];
+exports.PUBSUB_V2_EVENT = "google.cloud.pubsub.topic.v1.messagePublished";

package/lib/deploy/functions/prepare.js

@@ -19,12 +19,20 @@ const validate = require("./validate");
 const utils = require("../../utils");
 const logger_1 = require("../../logger");
 const triggerRegionHelper_1 = require("./triggerRegionHelper");
+const checkIam_1 = require("./checkIam");
 function hasUserConfig(config) {
     return Object.keys(config).length > 1;
 }
 function hasDotenv(opts) {
     return previews_1.previews.dotenv && functionsEnv.hasUserEnvs(opts);
 }
+async function maybeEnableAR(projectId) {
+    if (previews_1.previews.artifactregistry) {
+        return ensureApiEnabled.check(projectId, "artifactregistry.googleapis.com", "functions", true);
+    }
+    await ensureApiEnabled.ensure(projectId, "artifactregistry.googleapis.com", "functions");
+    return true;
+}
 async function prepare(context, options, payload) {
     if (!options.config.src.functions) {
         return;
@@ -39,8 +47,10 @@ async function prepare(context, options, payload) {
         ensureApiEnabled.ensure(projectId, "cloudfunctions.googleapis.com", "functions"),
         ensureApiEnabled.check(projectId, "runtimeconfig.googleapis.com", "runtimeconfig", true),
         ensureCloudBuildEnabled_1.ensureCloudBuildEnabled(projectId),
+        maybeEnableAR(projectId),
     ]);
     context.runtimeConfigEnabled = checkAPIsEnabled[1];
+    context.artifactRegistryEnabled = checkAPIsEnabled[3];
     const firebaseConfig = await functionsConfig.getFirebaseConfig(options);
     context.firebaseConfig = firebaseConfig;
     const runtimeConfig = await prepareFunctionsUpload_1.getFunctionsConfig(context);
@@ -103,8 +113,9 @@ async function prepare(context, options, payload) {
         return functionsDeployHelper_1.functionMatchesAnyGroup(endpoint, context.filters);
     });
     const haveBackend = await backend.existingBackend(context);
+    await checkIam_1.ensureServiceAgentRoles(projectId, wantBackend, haveBackend);
     inferDetailsFromExisting(wantBackend, haveBackend, usedDotenv);
-    await triggerRegionHelper_1.lookupMissingTriggerRegions(wantBackend);
+    await triggerRegionHelper_1.ensureTriggerRegions(wantBackend);
     await prompts_1.promptForFailurePolicies(options, matchingBackend, haveBackend);
     await prompts_1.promptForMinInstances(options, matchingBackend, haveBackend);
     await backend.checkAvailability(context, wantBackend);

package/lib/deploy/functions/release/fabricator.js

@@ -124,7 +124,9 @@ class Fabricator {
         await this.setTrigger(endpoint);
     }
     async updateEndpoint(update, scraper) {
-        update.endpoint.labels = Object.assign(Object.assign({}, update.endpoint.labels), deploymentTool.labels());
+        if (update.deleteAndRecreate || update.endpoint.platform !== "gcfv2") {
+            update.endpoint.labels = Object.assign(Object.assign({}, update.endpoint.labels), deploymentTool.labels());
+        }
         if (update.deleteAndRecreate) {
             await this.deleteEndpoint(update.deleteAndRecreate);
             await this.createEndpoint(update.endpoint, scraper);
@@ -157,6 +159,9 @@ class Fabricator {
             throw new Error("Precondition failed");
         }
         const apiFunction = gcf.functionFromEndpoint(endpoint, this.sourceUrl);
+        if (apiFunction.httpsTrigger) {
+            apiFunction.httpsTrigger.securityLevel = "SECURE_ALWAYS";
+        }
         apiFunction.sourceToken = await scraper.tokenPromise();
         const resultFunction = await this.functionExecutor
             .run(async () => {

package/lib/deploy/functions/release/index.js

@@ -37,7 +37,7 @@ async function release(context, options, payload) {
     const fab = new fabricator.Fabricator({
         functionExecutor,
         executor: new executor.QueueExecutor({}),
-        sourceUrl: context.uploadUrl,
+        sourceUrl: context.sourceUrl,
         storage: context.storage,
         appEngineLocation: functionsConfig_1.getAppEngineLocation(context.firebaseConfig),
     });
@@ -49,7 +49,11 @@ async function release(context, options, payload) {
     const deletedEndpoints = Object.values(plan)
         .map((r) => r.endpointsToDelete)
         .reduce(functional_1.reduceFlat, []);
-    await containerCleaner.cleanupBuildImages(haveEndpoints, deletedEndpoints);
+    const opts = {};
+    if (!context.artifactRegistryEnabled) {
+        opts.ar = new containerCleaner.NoopArtifactRegistryCleaner();
+    }
+    await containerCleaner.cleanupBuildImages(haveEndpoints, deletedEndpoints, opts);
     const allErrors = summary.results.filter((r) => r.error).map((r) => r.error);
     if (allErrors.length) {
         const opts = allErrors.length == 1 ? { original: allErrors[0] } : { children: allErrors };

package/lib/deploy/functions/release/reporter.js

@@ -29,8 +29,10 @@ async function logAndTrackDeployStats(summary) {
     let totalSuccesses = 0;
     let totalAborts = 0;
     const reports = [];
+    const regions = new Set();
     for (const result of summary.results) {
         const tag = triggerTag(result.endpoint);
+        regions.add(result.endpoint.region);
         totalTime += result.durationMs;
         if (!result.error) {
             totalSuccesses++;
@@ -45,6 +47,8 @@ async function logAndTrackDeployStats(summary) {
             reports.push(track.track("function_deploy_failure", tag, result.durationMs));
         }
     }
+    const regionCountTag = regions.size < 5 ? regions.size.toString() : ">=5";
+    reports.push(track.track("functions_region_count", regionCountTag, 1));
     const gcfv1 = summary.results.find((r) => r.endpoint.platform === "gcfv1");
     const gcfv2 = summary.results.find((r) => r.endpoint.platform === "gcfv2");
     const tag = gcfv1 && gcfv2 ? "v1+v2" : gcfv1 ? "v1" : "v2";

package/lib/deploy/functions/runtimes/node/parseRuntimeAndValidateSDK.js

@@ -18,7 +18,7 @@ const ENGINE_RUNTIMES = {
 const ENGINE_RUNTIMES_NAMES = Object.values(ENGINE_RUNTIMES);
 exports.RUNTIME_NOT_SET = "`runtime` field is required but was not found in firebase.json.\n" +
     "To fix this, add the following lines to the `functions` section of your firebase.json:\n" +
-    '"runtime": "nodejs14"\n';
+    '"runtime": "nodejs16"\n';
 exports.UNSUPPORTED_NODE_VERSION_FIREBASE_JSON_MSG = clc.bold(`functions.runtime value is unsupported. ` +
     `Valid choices are: ${clc.bold("nodejs{10|12|14|16}")}.`);
 exports.UNSUPPORTED_NODE_VERSION_PACKAGE_JSON_MSG = clc.bold(`package.json in functions directory has an engines field which is unsupported. ` +

package/lib/deploy/functions/runtimes/node/parseTriggers.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.addResourcesToBackend = exports.discoverBackend = exports.useStrategy = exports.GCS_EVENTS = void 0;
+exports.addResourcesToBackend = exports.discoverBackend = exports.useStrategy = void 0;
 const path = require("path");
 const _ = require("lodash");
 const child_process_1 = require("child_process");
@@ -9,13 +9,8 @@ const logger_1 = require("../../../../logger");
 const backend = require("../../backend");
 const api = require("../../../../api");
 const proto = require("../../../../gcp/proto");
+const eventTypes_1 = require("../../eventTypes");
 const TRIGGER_PARSER = path.resolve(__dirname, "./triggerParser.js");
-exports.GCS_EVENTS = new Set([
-    "google.cloud.storage.object.v1.finalized",
-    "google.cloud.storage.object.v1.archived",
-    "google.cloud.storage.object.v1.deleted",
-    "google.cloud.storage.object.v1.metadataUpdated",
-]);
 function removeInspectOptions(options) {
     return options.filter((opt) => !opt.startsWith("--inspect"));
 }
@@ -64,7 +59,6 @@ async function discoverBackend(projectId, sourceDir, runtime, configValues, envs
 }
 exports.discoverBackend = discoverBackend;
 function addResourcesToBackend(projectId, runtime, annotation, want) {
-    var _a;
     Object.freeze(annotation);
     for (const region of annotation.regions || [api.functionsDefaultRegion]) {
         let triggered;
@@ -99,7 +93,7 @@ function addResourcesToBackend(projectId, runtime, annotation, want) {
                     retry: !!annotation.failurePolicy,
                 },
             };
-            if (exports.GCS_EVENTS.has(((_a = annotation.eventTrigger) === null || _a === void 0 ? void 0 : _a.eventType) || "")) {
+            if (eventTypes_1.STORAGE_V2_EVENTS.find((event) => { var _a; return event === (((_a = annotation.eventTrigger) === null || _a === void 0 ? void 0 : _a.eventType) || ""); })) {
                 triggered.eventTrigger.eventFilters = {
                     bucket: annotation.eventTrigger.resource,
                 };

package/lib/deploy/functions/services/index.js

@@ -0,0 +1,38 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.serviceForEndpoint = exports.EVENT_SERVICE_MAPPING = exports.StorageService = exports.PubSubService = exports.NoOpService = void 0;
+const backend = require("../backend");
+const storage_1 = require("./storage");
+const noop = () => Promise.resolve();
+exports.NoOpService = {
+    name: "noop",
+    api: "",
+    requiredProjectBindings: undefined,
+    ensureTriggerRegion: noop,
+};
+exports.PubSubService = {
+    name: "pubsub",
+    api: "pubsub.googleapis.com",
+    requiredProjectBindings: undefined,
+    ensureTriggerRegion: noop,
+};
+exports.StorageService = {
+    name: "storage",
+    api: "storage.googleapis.com",
+    requiredProjectBindings: storage_1.obtainStorageBindings,
+    ensureTriggerRegion: storage_1.ensureStorageTriggerRegion,
+};
+exports.EVENT_SERVICE_MAPPING = {
+    "google.cloud.pubsub.topic.v1.messagePublished": exports.PubSubService,
+    "google.cloud.storage.object.v1.finalized": exports.StorageService,
+    "google.cloud.storage.object.v1.archived": exports.StorageService,
+    "google.cloud.storage.object.v1.deleted": exports.StorageService,
+    "google.cloud.storage.object.v1.metadataUpdated": exports.StorageService,
+};
+function serviceForEndpoint(endpoint) {
+    if (!backend.isEventTriggered(endpoint)) {
+        return exports.NoOpService;
+    }
+    return exports.EVENT_SERVICE_MAPPING[endpoint.eventTrigger.eventType] || exports.NoOpService;
+}
+exports.serviceForEndpoint = serviceForEndpoint;

package/lib/deploy/functions/services/storage.js

@@ -0,0 +1,43 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ensureStorageTriggerRegion = exports.obtainStorageBindings = void 0;
+const storage = require("../../../gcp/storage");
+const logger_1 = require("../../../logger");
+const error_1 = require("../../../error");
+const location_1 = require("../../../gcp/location");
+const PUBSUB_PUBLISHER_ROLE = "roles/pubsub.publisher";
+async function obtainStorageBindings(projectId, existingPolicy) {
+    const storageResponse = await storage.getServiceAccount(projectId);
+    const storageServiceAgent = `serviceAccount:${storageResponse.email_address}`;
+    let pubsubBinding = existingPolicy.bindings.find((b) => b.role === PUBSUB_PUBLISHER_ROLE);
+    if (!pubsubBinding) {
+        pubsubBinding = {
+            role: PUBSUB_PUBLISHER_ROLE,
+            members: [],
+        };
+    }
+    if (!pubsubBinding.members.find((m) => m === storageServiceAgent)) {
+        pubsubBinding.members.push(storageServiceAgent);
+    }
+    return [pubsubBinding];
+}
+exports.obtainStorageBindings = obtainStorageBindings;
+async function ensureStorageTriggerRegion(endpoint, eventTrigger) {
+    if (!eventTrigger.region) {
+        logger_1.logger.debug("Looking up bucket region for the storage event trigger");
+        try {
+            const bucket = await storage.getBucket(eventTrigger.eventFilters.bucket);
+            eventTrigger.region = bucket.location.toLowerCase();
+            logger_1.logger.debug("Setting the event trigger region to", eventTrigger.region, ".");
+        }
+        catch (err) {
+            throw new error_1.FirebaseError("Can't find the storage bucket region", { original: err });
+        }
+    }
+    if (endpoint.region !== eventTrigger.region &&
+        eventTrigger.region !== "us-central1" &&
+        !location_1.regionInLocation(endpoint.region, eventTrigger.region)) {
+        throw new error_1.FirebaseError(`A function in region ${endpoint.region} cannot listen to a bucket in region ${eventTrigger.region}`);
+    }
+}
+exports.ensureStorageTriggerRegion = ensureStorageTriggerRegion;

package/lib/deploy/functions/triggerRegionHelper.js

@@ -1,40 +1,16 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.lookupMissingTriggerRegions = void 0;
+exports.ensureTriggerRegions = void 0;
 const backend = require("./backend");
-const storage = require("../../gcp/storage");
-const error_1 = require("../../error");
-const logger_1 = require("../../logger");
-const noop = () => Promise.resolve();
-const LOOKUP_BY_EVENT_TYPE = {
-    "google.cloud.pubsub.topic.v1.messagePublished": noop,
-    "google.cloud.storage.object.v1.finalized": lookupBucketRegion,
-    "google.cloud.storage.object.v1.archived": lookupBucketRegion,
-    "google.cloud.storage.object.v1.deleted": lookupBucketRegion,
-    "google.cloud.storage.object.v1.metadataUpdated": lookupBucketRegion,
-};
-async function lookupMissingTriggerRegions(want) {
+const services_1 = require("./services");
+async function ensureTriggerRegions(want) {
     const regionLookups = [];
     for (const ep of backend.allEndpoints(want)) {
-        if (ep.platform === "gcfv1" || !backend.isEventTriggered(ep) || ep.eventTrigger.region) {
+        if (ep.platform === "gcfv1" || !backend.isEventTriggered(ep)) {
             continue;
         }
-        const lookup = LOOKUP_BY_EVENT_TYPE[ep.eventTrigger.eventType];
-        if (!lookup) {
-            logger_1.logger.debug("Don't know how to look up trigger region for event type", ep.eventTrigger.eventType, ". Deploy will fail unless this event type is global");
-            continue;
-        }
-        regionLookups.push(lookup(ep));
+        regionLookups.push(services_1.serviceForEndpoint(ep).ensureTriggerRegion(ep, ep.eventTrigger));
     }
     await Promise.all(regionLookups);
 }
-exports.lookupMissingTriggerRegions = lookupMissingTriggerRegions;
-async function lookupBucketRegion(endpoint) {
-    try {
-        const bucket = await storage.getBucket(endpoint.eventTrigger.eventFilters.bucket);
-        endpoint.eventTrigger.region = bucket.location.toLowerCase();
-    }
-    catch (err) {
-        throw new error_1.FirebaseError("Can't find the storage bucket region", { original: err });
-    }
-}
+exports.ensureTriggerRegions = ensureTriggerRegions;

package/lib/deploy/index.js

@@ -38,6 +38,7 @@ var deploy = function (targetNames, options, customContext = {}) {
     var deploys = [];
     var releases = [];
     var postdeploys = [];
+    var startTime = Date.now();
     for (var i = 0; i < targetNames.length; i++) {
         var targetName = targetNames[i];
         var target = TARGETS[targetName];
@@ -75,8 +76,15 @@ var deploy = function (targetNames, options, customContext = {}) {
     })
         .then(function () {
         if (_.has(options, "config.notes.databaseRules")) {
-            track("Rules Deploy", options.config.notes.databaseRules);
+            return track("Rules Deploy", options.config.notes.databaseRules);
         }
+        return;
+    })
+        .then(function () {
+        const duration = Date.now() - startTime;
+        return track("Product Deploy", [...targetNames].sort().join(","), duration);
+    })
+        .then(function () {
         logger.info();
         utils.logSuccess(clc.underline.bold("Deploy complete!"));
         logger.info();

package/lib/emulator/auth/handlers.js

@@ -178,7 +178,7 @@ function registerHandlers(app, getProjectStateByApiKey) {
             : `
             <span class="mdc-list-item__graphic material-icons" aria-hidden=true>person</span>`}
           <span class="mdc-list-item__text"><span class="mdc-list-item__primary-text">${info.displayName || "(No display name)"}</span>
-          <span class="mdc-list-item__secondary-text fallback-secondary-text">${info.email || ""}</span>
+          <span class="mdc-list-item__secondary-text fallback-secondary-text" id="reuse-email">${info.email || ""}</span>
       </li>`)
             .join("\n");
         res.end(widget_ui_1.WIDGET_UI.replace(widget_ui_1.PROVIDERS_LIST_PLACEHOLDER, options));

package/lib/emulator/auth/operations.js

@@ -1010,7 +1010,7 @@ function signInWithEmailLink(state, reqBody) {
     }
 }
 function signInWithIdp(state, reqBody) {
-    var _a, _b;
+    var _a, _b, _c;
     errors_1.assert(!state.disableAuth, "PROJECT_DISABLED");
     errors_1.assert(state.usageMode !== state_1.UsageMode.PASSTHROUGH, "UNSUPPORTED_PASSTHROUGH_OPERATION");
     if (reqBody.returnRefreshToken) {
@@ -1041,7 +1041,16 @@ function signInWithIdp(state, reqBody) {
             throw new errors_1.NotImplementedError("The Auth Emulator only supports sign-in with credentials (id_token required).");
         }
     }
-    let { response, rawId } = fakeFetchUserInfoFromIdp(providerId, claims);
+    let samlResponse;
+    let signInAttributes = undefined;
+    if (normalizedUri.searchParams.get("SAMLResponse")) {
+        samlResponse = JSON.parse(normalizedUri.searchParams.get("SAMLResponse"));
+        signInAttributes = (_b = samlResponse.assertion) === null || _b === void 0 ? void 0 : _b.attributeStatements;
+        errors_1.assert(samlResponse.assertion, "INVALID_IDP_RESPONSE ((Missing assertion in SAMLResponse.))");
+        errors_1.assert(samlResponse.assertion.subject, "INVALID_IDP_RESPONSE ((Missing assertion.subject in SAMLResponse.))");
+        errors_1.assert(samlResponse.assertion.subject.nameId, "INVALID_IDP_RESPONSE ((Missing assertion.subject.nameId in SAMLResponse.))");
+    }
+    let { response, rawId } = fakeFetchUserInfoFromIdp(providerId, claims, samlResponse);
     response.oauthAccessToken =
         oauthAccessToken || `FirebaseAuthEmulatorFakeAccessToken_${providerId}`;
     response.oauthIdToken = oauthIdToken;
@@ -1101,12 +1110,12 @@ function signInWithIdp(state, reqBody) {
     if (state instanceof state_1.TenantProjectState) {
         response.tenantId = state.tenantId;
     }
-    if ((state.mfaConfig.state === "ENABLED" || state.mfaConfig.state === "MANDATORY") && ((_b = user.mfaInfo) === null || _b === void 0 ? void 0 : _b.length)) {
+    if ((state.mfaConfig.state === "ENABLED" || state.mfaConfig.state === "MANDATORY") && ((_c = user.mfaInfo) === null || _c === void 0 ? void 0 : _c.length)) {
         return Object.assign(Object.assign({}, response), mfaPending(state, user, providerId));
     }
     else {
         user = state.updateUserByLocalId(user.localId, { lastLoginAt: Date.now().toString() });
-        return Object.assign(Object.assign({}, response), issueTokens(state, user, providerId));
+        return Object.assign(Object.assign({}, response), issueTokens(state, user, providerId, { signInAttributes }));
     }
 }
 function signInWithPassword(state, reqBody) {
@@ -1391,7 +1400,7 @@ function redactPasswordHash(user) {
 function hashPassword(password, salt) {
     return `fakeHash:salt=${salt}:password=${password}`;
 }
-function issueTokens(state, user, signInProvider, { extraClaims, secondFactor, } = {}) {
+function issueTokens(state, user, signInProvider, { extraClaims, secondFactor, signInAttributes, } = {}) {
     user = state.updateUserByLocalId(user.localId, { lastRefreshAt: new Date().toISOString() });
     const usageMode = state.usageMode === state_1.UsageMode.PASSTHROUGH ? "passthrough" : undefined;
     const tenantId = state instanceof state_1.TenantProjectState ? state.tenantId : undefined;
@@ -1404,6 +1413,7 @@ function issueTokens(state, user, signInProvider, { extraClaims, secondFactor, }
         secondFactor,
         usageMode,
         tenantId,
+        signInAttributes,
     });
     const refreshToken = state.usageMode === state_1.UsageMode.DEFAULT
         ? state.createRefreshTokenFor(user, signInProvider, {
@@ -1435,7 +1445,7 @@ function parseIdToken(state, idToken) {
     const signInProvider = decoded.payload.firebase.sign_in_provider;
     return { user, signInProvider, payload: decoded.payload };
 }
-function generateJwt(user, { projectId, signInProvider, expiresInSeconds, extraClaims = {}, secondFactor, usageMode, tenantId, }) {
+function generateJwt(user, { projectId, signInProvider, expiresInSeconds, extraClaims = {}, secondFactor, usageMode, tenantId, signInAttributes, }) {
     const identities = {};
     if (user.email) {
         identities["email"] = [user.email];
@@ -1459,6 +1469,7 @@ function generateJwt(user, { projectId, signInProvider, expiresInSeconds, extraC
             sign_in_second_factor: secondFactor === null || secondFactor === void 0 ? void 0 : secondFactor.provider,
             usage_mode: usageMode,
             tenant: tenantId,
+            sign_in_attributes: signInAttributes,
         } });
     const jwtStr = jsonwebtoken_1.sign(customPayloadFields, "", {
         algorithm: "none",
@@ -1603,7 +1614,8 @@ function parseClaims(idTokenOrJsonClaims) {
     errors_1.assert(typeof claims.sub === "string", 'INVALID_IDP_RESPONSE : ((The "sub" field must be a string.))');
     return claims;
 }
-function fakeFetchUserInfoFromIdp(providerId, claims) {
+function fakeFetchUserInfoFromIdp(providerId, claims, samlResponse) {
+    var _a, _b, _c, _d, _e;
     const rawId = claims.sub;
     const email = claims.email ? utils_1.canonicalizeEmailAddress(claims.email) : undefined;
     const emailVerified = !!claims.email_verified;
@@ -1620,7 +1632,7 @@ function fakeFetchUserInfoFromIdp(providerId, claims) {
         emailVerified,
         photoUrl,
     };
-    let federatedId;
+    let federatedId = rawId;
     switch (providerId) {
         case "google.com": {
             federatedId = `https://accounts.google.com/${rawId}`;
@@ -1643,8 +1655,14 @@ function fakeFetchUserInfoFromIdp(providerId, claims) {
             });
             break;
         }
+        case (_a = providerId.match(/^saml\./)) === null || _a === void 0 ? void 0 : _a.input:
+            const nameId = (_c = (_b = samlResponse === null || samlResponse === void 0 ? void 0 : samlResponse.assertion) === null || _b === void 0 ? void 0 : _b.subject) === null || _c === void 0 ? void 0 : _c.nameId;
+            response.email = nameId && utils_1.isValidEmailAddress(nameId) ? nameId : response.email;
+            response.emailVerified = true;
+            response.rawUserInfo = JSON.stringify((_d = samlResponse === null || samlResponse === void 0 ? void 0 : samlResponse.assertion) === null || _d === void 0 ? void 0 : _d.attributeStatements);
+            break;
+        case (_e = providerId.match(/^oidc\./)) === null || _e === void 0 ? void 0 : _e.input:
         default:
-            federatedId = rawId;
             response.rawUserInfo = JSON.stringify(claims);
             break;
     }

package/lib/emulator/auth/widget_ui.js

@@ -33,6 +33,7 @@ var firebaseAppId = query.get('appId');
 var apn = query.get('apn');
 var ibi = query.get('ibi');
 var appIdentifier = apn || ibi;
+var isSamlProvider = !!providerId.match(/^saml\./);
 assert(
   appName || clientId || firebaseAppId || appIdentifier,
   'Missing one of appName / clientId / appId / apn / ibi query params.'
@@ -157,21 +158,34 @@ var reuseAccountEls = document.querySelectorAll('.js-reuse-account');
 if (reuseAccountEls.length) {
   [].forEach.call(reuseAccountEls, function (el) {
     var urlEncodedIdToken = el.dataset.idToken;
+    const decoded = JSON.parse(decodeURIComponent(urlEncodedIdToken));
     el.addEventListener('click', function (e) {
       e.preventDefault();
-      finishWithUser(urlEncodedIdToken);
+      finishWithUser(urlEncodedIdToken, decoded.email);
     });
   });
 } else {
   document.querySelector('.js-accounts-help-text').textContent = "No " + formattedProviderId + " accounts exist in the Auth Emulator.";
 }
 
-function finishWithUser(urlEncodedIdToken) {
+function finishWithUser(urlEncodedIdToken, email) {
   // Use widget URL, but replace all query parameters (no apiKey etc.).
   var url = window.location.href.split('?')[0];
   // Avoid URLSearchParams for browser compatibility.
   url += '?providerId=' + encodeURIComponent(providerId);
   url += '&id_token=' + urlEncodedIdToken;
+
+  // Save reasonable defaults for SAML providers
+  if (isSamlProvider) {
+    url += '&SAMLResponse=' + encodeURIComponent(JSON.stringify({
+      assertion: {
+        subject: {
+          nameId: email,
+        },
+      },
+    }));
+  }
+
   saveAuthEvent({
     type: authType,
     eventId: eventId,
@@ -220,7 +234,7 @@ document.getElementById('main-form').addEventListener('submit', function(e) {
     if (screenName) claims.screenName = screenName;
     if (photoUrl) claims.photoUrl = photoUrl;
 
-    finishWithUser(createFakeClaims(claims));
+    finishWithUser(createFakeClaims(claims), claims.email);
   }
 });
 

package/lib/emulator/functionsEmulator.js

@@ -29,6 +29,7 @@ const defaultCredentials_1 = require("../defaultCredentials");
 const adminSdkConfig_1 = require("./adminSdkConfig");
 const functionsEnv = require("../functions/env");
 const types_2 = require("./events/types");
+const validate_1 = require("../deploy/functions/validate");
 const EVENT_INVOKE = "functions:invoke";
 const DATABASE_PATH_PATTERN = new RegExp("^projects/[^/]+/instances/([^/]+)/refs(/.*)$");
 class FunctionsEmulator {
@@ -138,6 +139,9 @@ class FunctionsEmulator {
             else {
                 triggerKey = `${this.args.projectId}:${proto.eventType}`;
             }
+            if (proto.data.bucket) {
+                triggerKey += `:${proto.data.bucket}`;
+            }
             const triggers = this.multicastTriggers[triggerKey] || [];
             triggers.forEach((triggerId) => {
                 this.workQueue.submit(() => {
@@ -247,6 +251,13 @@ class FunctionsEmulator {
             return !anyEnabledMatch;
         });
         for (const definition of toSetup) {
+            try {
+                validate_1.functionIdsAreValid([definition]);
+            }
+            catch (e) {
+                this.logger.logLabeled("WARN", `functions[${definition.id}]`, `Invalid function id: ${e.message}`);
+                continue;
+            }
             let added = false;
             let url = undefined;
             if (definition.httpsTrigger) {
@@ -396,7 +407,10 @@ class FunctionsEmulator {
     }
     addStorageTrigger(projectId, key, eventTrigger) {
         logger_1.logger.debug(`addStorageTrigger`, JSON.stringify({ eventTrigger }));
-        const eventTriggerId = `${projectId}:${eventTrigger.eventType}`;
+        const bucket = eventTrigger.resource.startsWith("projects/_/buckets/")
+            ? eventTrigger.resource.split("/")[3]
+            : eventTrigger.resource;
+        const eventTriggerId = `${projectId}:${eventTrigger.eventType}:${bucket}`;
         const triggers = this.multicastTriggers[eventTriggerId] || [];
         triggers.push(key);
         this.multicastTriggers[eventTriggerId] = triggers;

package/lib/emulator/functionsEmulatorRuntime.js

@@ -135,7 +135,7 @@ async function assertResolveDeveloperNodeModule(frb, name) {
 async function verifyDeveloperNodeModules(frb) {
     const modBundles = [
         { name: "firebase-admin", isDev: false, minVersion: "8.9.0" },
-        { name: "firebase-functions", isDev: false, minVersion: "3.3.0" },
+        { name: "firebase-functions", isDev: false, minVersion: "3.13.1" },
     ];
     for (const modBundle of modBundles) {
         const resolution = await resolveDeveloperNodeModule(frb, modBundle.name);

package/lib/emulator/functionsEmulatorShared.js

@@ -55,6 +55,7 @@ function emulatedFunctionsByRegion(definitions) {
             defDeepCopy.regions = [region];
             defDeepCopy.region = region;
             defDeepCopy.id = `${region}-${defDeepCopy.name}`;
+            defDeepCopy.platform = defDeepCopy.platform || "gcfv1";
             regionDefinitions.push(defDeepCopy);
         }
     }