strapi-plugin-firebase-authentication 1.2.4 → 1.3.2

package/dist/server/index.mjs

@@ -298,6 +298,16 @@ const attributes$1 = {
   emailVerificationEmailSubject: {
     type: "string",
     "default": "Verify Your Email"
+  },
+  includeCredentialsInPasswordResetLink: {
+    type: "boolean",
+    "default": false,
+    description: "Include Firebase custom token in password reset links for auto-login"
+  },
+  includeCredentialsInVerificationLink: {
+    type: "boolean",
+    "default": false,
+    description: "Include Firebase custom token in email verification links for auto-login"
   }
 };
 const firebaseAuthenticationConfiguration = {
@@ -28962,6 +28972,29 @@ const firebaseController = {
       }
       throw error2;
     }
+  },
+  /**
+   * Check password - validates a password against the authenticated user's Firebase account
+   * POST /api/firebase-authentication/checkPassword
+   * Authenticated endpoint - requires valid JWT (enforced by is-authenticated policy)
+   *
+   * @param ctx - Koa context with { password } in body
+   * @returns { valid: true } or { valid: false }
+   */
+  async checkPassword(ctx) {
+    strapi.log.debug("checkPassword endpoint called");
+    try {
+      const { password } = ctx.request.body || {};
+      const user = ctx.state.user;
+      if (!password) {
+        throw new ValidationError$1("Password is required");
+      }
+      const result = await strapi.plugin(pluginName).service("firebaseService").checkPassword(user, password);
+      ctx.body = result;
+    } catch (error2) {
+      strapi.log.error("checkPassword controller error:", error2);
+      throw error2;
+    }
   }
 };
 const STRAPI_DESTINATION = "strapi";
@@ -29164,7 +29197,9 @@ const settingsController = {
         magicLinkEmailSubject = "Sign in to Your Application",
         magicLinkExpiryHours = 1,
         emailVerificationUrl = "http://localhost:3000/verify-email",
-        emailVerificationEmailSubject = "Verify Your Email"
+        emailVerificationEmailSubject = "Verify Your Email",
+        includeCredentialsInPasswordResetLink = false,
+        includeCredentialsInVerificationLink = false
       } = requestBody;
       const existingConfig = await strapi.db.query("plugin::firebase-authentication.firebase-authentication-configuration").findOne({ where: {} });
       let result;
@@ -29180,7 +29215,9 @@ const settingsController = {
             magicLinkEmailSubject,
             magicLinkExpiryHours,
             emailVerificationUrl,
-            emailVerificationEmailSubject
+            emailVerificationEmailSubject,
+            includeCredentialsInPasswordResetLink,
+            includeCredentialsInVerificationLink
           }
         });
       } else {
@@ -29196,7 +29233,9 @@ const settingsController = {
             magicLinkEmailSubject,
             magicLinkExpiryHours,
             emailVerificationUrl,
-            emailVerificationEmailSubject
+            emailVerificationEmailSubject,
+            includeCredentialsInPasswordResetLink,
+            includeCredentialsInVerificationLink
           }
         });
       }
@@ -29210,7 +29249,9 @@ const settingsController = {
         magicLinkEmailSubject: result.magicLinkEmailSubject,
         magicLinkExpiryHours: result.magicLinkExpiryHours,
         emailVerificationUrl: result.emailVerificationUrl,
-        emailVerificationEmailSubject: result.emailVerificationEmailSubject
+        emailVerificationEmailSubject: result.emailVerificationEmailSubject,
+        includeCredentialsInPasswordResetLink: result.includeCredentialsInPasswordResetLink,
+        includeCredentialsInVerificationLink: result.includeCredentialsInVerificationLink
       };
     } catch (error2) {
       throw new ApplicationError$2("Error saving password configuration", {
@@ -29434,6 +29475,14 @@ const contentApi = {
         // Public endpoint - token provides authentication
         policies: []
       }
+    },
+    {
+      method: "POST",
+      path: "/checkPassword",
+      handler: "firebaseController.checkPassword",
+      config: {
+        policies: ["plugin::firebase-authentication.is-authenticated"]
+      }
     }
   ]
 };
@@ -29557,7 +29606,10 @@ const settingsService = ({ strapi: strapi2 }) => {
           magicLinkExpiryHours: configObject.magicLinkExpiryHours || 1,
           // Include email verification configuration fields
           emailVerificationUrl: configObject.emailVerificationUrl || "http://localhost:3000/verify-email",
-          emailVerificationEmailSubject: configObject.emailVerificationEmailSubject || "Verify Your Email"
+          emailVerificationEmailSubject: configObject.emailVerificationEmailSubject || "Verify Your Email",
+          // Include credentials in link settings
+          includeCredentialsInPasswordResetLink: configObject.includeCredentialsInPasswordResetLink || false,
+          includeCredentialsInVerificationLink: configObject.includeCredentialsInVerificationLink || false
         };
       } catch (error2) {
         strapi2.log.error(`Firebase config error: ${error2.message}`);
@@ -29602,7 +29654,9 @@ const settingsService = ({ strapi: strapi2 }) => {
           magicLinkEmailSubject = "Sign in to Your Application",
           magicLinkExpiryHours = 1,
           emailVerificationUrl = "http://localhost:3000/verify-email",
-          emailVerificationEmailSubject = "Verify Your Email"
+          emailVerificationEmailSubject = "Verify Your Email",
+          includeCredentialsInPasswordResetLink = false,
+          includeCredentialsInVerificationLink = false
         } = requestBody;
         if (!requestBody) throw new ValidationError3(ERROR_MESSAGES.MISSING_DATA);
         try {
@@ -29640,7 +29694,9 @@ const settingsService = ({ strapi: strapi2 }) => {
               magicLinkEmailSubject,
               magicLinkExpiryHours,
               emailVerificationUrl,
-              emailVerificationEmailSubject
+              emailVerificationEmailSubject,
+              includeCredentialsInPasswordResetLink,
+              includeCredentialsInVerificationLink
             }
           });
         } else {
@@ -29658,7 +29714,9 @@ const settingsService = ({ strapi: strapi2 }) => {
               magicLinkEmailSubject,
               magicLinkExpiryHours,
               emailVerificationUrl,
-              emailVerificationEmailSubject
+              emailVerificationEmailSubject,
+              includeCredentialsInPasswordResetLink,
+              includeCredentialsInVerificationLink
             }
           });
         }
@@ -29695,6 +29753,8 @@ const settingsService = ({ strapi: strapi2 }) => {
         res.magicLinkExpiryHours = res.magicLinkExpiryHours || magicLinkExpiryHours;
         res.emailVerificationUrl = res.emailVerificationUrl || emailVerificationUrl;
         res.emailVerificationEmailSubject = res.emailVerificationEmailSubject || emailVerificationEmailSubject;
+        res.includeCredentialsInPasswordResetLink = res.includeCredentialsInPasswordResetLink ?? includeCredentialsInPasswordResetLink;
+        res.includeCredentialsInVerificationLink = res.includeCredentialsInVerificationLink ?? includeCredentialsInVerificationLink;
         return res;
       } catch (error2) {
         strapi2.log.error("=== FIREBASE CONFIG SAVE ERROR ===");
@@ -30895,7 +30955,16 @@ const firebaseService = ({ strapi: strapi2 }) => ({
       );
       const tokenService2 = strapi2.plugin("firebase-authentication").service("tokenService");
       const token = await tokenService2.generateResetToken(firebaseData.documentId);
-      const resetLink = `${resetUrl}?token=${token}`;
+      let resetLink = `${resetUrl}?token=${token}`;
+      if (config2?.includeCredentialsInPasswordResetLink) {
+        try {
+          const customToken = await strapi2.firebase.auth().createCustomToken(firebaseUser.uid);
+          resetLink = `${resetLink}&fjwt=${customToken}`;
+          strapi2.log.info(`[forgotPassword] Added Firebase custom token to reset link`);
+        } catch (tokenError) {
+          strapi2.log.warn(`[forgotPassword] Could not generate custom token: ${tokenError.message}`);
+        }
+      }
       strapi2.log.info(`✅ [forgotPassword] Custom reset link generated for ${email2}`);
       strapi2.log.info(`[forgotPassword] Attempting to send password reset email to: ${email2}`);
       await strapi2.plugin("firebase-authentication").service("emailService").sendPasswordResetEmail(firebaseUser, resetLink);
@@ -31120,7 +31189,16 @@ const firebaseService = ({ strapi: strapi2 }) => ({
       );
       const tokenService2 = strapi2.plugin("firebase-authentication").service("tokenService");
       const token = await tokenService2.generateVerificationToken(firebaseData.documentId, email2);
-      const verificationLink = `${verificationUrl}?token=${token}`;
+      let verificationLink = `${verificationUrl}?token=${token}`;
+      if (config2?.includeCredentialsInVerificationLink) {
+        try {
+          const customToken = await strapi2.firebase.auth().createCustomToken(firebaseUser.uid);
+          verificationLink = `${verificationLink}&fjwt=${customToken}`;
+          strapi2.log.info(`[sendVerificationEmail] Added Firebase custom token to verification link`);
+        } catch (tokenError) {
+          strapi2.log.warn(`[sendVerificationEmail] Could not generate custom token: ${tokenError.message}`);
+        }
+      }
       strapi2.log.info(`✅ [sendVerificationEmail] Verification link generated for ${email2}`);
       strapi2.log.info(`[sendVerificationEmail] Attempting to send verification email to: ${email2}`);
       await strapi2.plugin("firebase-authentication").service("emailService").sendVerificationEmail(firebaseUser, verificationLink);
@@ -31232,6 +31310,54 @@ const firebaseService = ({ strapi: strapi2 }) => ({
       }
       throw new ApplicationError$2("Failed to verify email. Please try again.");
     }
+  },
+  /**
+   * Check if a password is valid for the authenticated user
+   * Uses Firebase Identity Toolkit API to verify the password
+   *
+   * @param user - Authenticated user from ctx.state.user
+   * @param password - Password to check
+   * @returns { valid: true } or { valid: false }
+   */
+  async checkPassword(user, password) {
+    if (!user || !user.email) {
+      throw new ValidationError$1("User email is required");
+    }
+    const config2 = await strapi2.plugin("firebase-authentication").service("settingsService").getFirebaseConfigJson();
+    if (!config2 || !config2.firebaseWebApiKey) {
+      throw new ApplicationError$2(
+        "Password verification is not available. Web API Key is not configured.\n\nTo enable password verification:\n1. Go to Firebase Console > Project Settings > General\n2. Copy your Web API Key\n3. Add it in Strapi Admin > Settings > Firebase Authentication > Optional Settings"
+      );
+    }
+    try {
+      const response = await fetch(
+        `https://identitytoolkit.googleapis.com/v1/accounts:signInWithPassword?key=${config2.firebaseWebApiKey}`,
+        {
+          method: "POST",
+          headers: {
+            "Content-Type": "application/json"
+          },
+          body: JSON.stringify({
+            email: user.email,
+            password,
+            returnSecureToken: false
+          })
+        }
+      );
+      const data = await response.json();
+      if (!response.ok) {
+        const errorMessage = data.error?.message || "Authentication failed";
+        strapi2.log.debug(`checkPassword: password invalid for user ${user.email}: ${errorMessage}`);
+        if (errorMessage === "INVALID_PASSWORD" || errorMessage === "INVALID_LOGIN_CREDENTIALS" || errorMessage.includes("INVALID")) {
+          return { valid: false };
+        }
+        return { valid: false };
+      }
+      return { valid: true };
+    } catch (error2) {
+      strapi2.log.error("checkPassword error:", error2);
+      throw new ApplicationError$2("Failed to verify password");
+    }
   }
 });
 const passwordResetTemplate = {

package/dist/server/src/content-types/index.d.ts

@@ -75,6 +75,16 @@ declare const _default: {
                     type: string;
                     default: string;
                 };
+                includeCredentialsInPasswordResetLink: {
+                    type: string;
+                    default: boolean;
+                    description: string;
+                };
+                includeCredentialsInVerificationLink: {
+                    type: string;
+                    default: boolean;
+                    description: string;
+                };
             };
         };
     };

package/dist/server/src/controllers/firebaseController.d.ts

@@ -58,5 +58,14 @@ declare const firebaseController: {
      * @returns { success: true, message: "Email verified successfully" }
      */
     verifyEmail(ctx: Context): Promise<Context>;
+    /**
+     * Check password - validates a password against the authenticated user's Firebase account
+     * POST /api/firebase-authentication/checkPassword
+     * Authenticated endpoint - requires valid JWT (enforced by is-authenticated policy)
+     *
+     * @param ctx - Koa context with { password } in body
+     * @returns { valid: true } or { valid: false }
+     */
+    checkPassword(ctx: Context): Promise<void>;
 };
 export default firebaseController;

package/dist/server/src/controllers/index.d.ts

@@ -10,6 +10,7 @@ declare const _default: {
         resetPasswordWithToken(ctx: import("koa").Context): Promise<void>;
         sendVerificationEmail(ctx: import("koa").Context): Promise<void>;
         verifyEmail(ctx: import("koa").Context): Promise<import("koa").Context>;
+        checkPassword(ctx: import("koa").Context): Promise<void>;
     };
     userController: {
         list: (ctx: import("koa").Context | import("koa").DefaultContext) => Promise<void>;

package/dist/server/src/index.d.ts

@@ -31,6 +31,7 @@ declare const _default: {
             resetPasswordWithToken(ctx: import("koa").Context): Promise<void>;
             sendVerificationEmail(ctx: import("koa").Context): Promise<void>;
             verifyEmail(ctx: import("koa").Context): Promise<import("koa").Context>;
+            checkPassword(ctx: import("koa").Context): Promise<void>;
         };
         userController: {
             list: (ctx: import("koa").Context | import("koa").DefaultContext) => Promise<void>;
@@ -106,6 +107,8 @@ declare const _default: {
                 magicLinkExpiryHours: any;
                 emailVerificationUrl: any;
                 emailVerificationEmailSubject: any;
+                includeCredentialsInPasswordResetLink: any;
+                includeCredentialsInVerificationLink: any;
             }>;
             setFirebaseConfigJson(requestBody: any): Promise<any>;
             delFirebaseConfigJson: () => Promise<any>;
@@ -208,6 +211,9 @@ declare const _default: {
                 success: boolean;
                 message: string;
             }>;
+            checkPassword(user: any, password: string): Promise<{
+                valid: boolean;
+            }>;
         };
         templateService: ({ strapi }: {
             strapi: any;
@@ -344,6 +350,16 @@ declare const _default: {
                         type: string;
                         default: string;
                     };
+                    includeCredentialsInPasswordResetLink: {
+                        type: string;
+                        default: boolean;
+                        description: string;
+                    };
+                    includeCredentialsInVerificationLink: {
+                        type: string;
+                        default: boolean;
+                        description: string;
+                    };
                 };
             };
         };

package/dist/server/src/services/firebaseService.d.ts

@@ -131,5 +131,16 @@ declare const _default: ({ strapi }: {
         success: boolean;
         message: string;
     }>;
+    /**
+     * Check if a password is valid for the authenticated user
+     * Uses Firebase Identity Toolkit API to verify the password
+     *
+     * @param user - Authenticated user from ctx.state.user
+     * @param password - Password to check
+     * @returns { valid: true } or { valid: false }
+     */
+    checkPassword(user: any, password: string): Promise<{
+        valid: boolean;
+    }>;
 };
 export default _default;

package/dist/server/src/services/index.d.ts

@@ -17,6 +17,8 @@ declare const _default: {
             magicLinkExpiryHours: any;
             emailVerificationUrl: any;
             emailVerificationEmailSubject: any;
+            includeCredentialsInPasswordResetLink: any;
+            includeCredentialsInVerificationLink: any;
         }>;
         setFirebaseConfigJson(requestBody: any): Promise<any>;
         delFirebaseConfigJson: () => Promise<any>;
@@ -119,6 +121,9 @@ declare const _default: {
             success: boolean;
             message: string;
         }>;
+        checkPassword(user: any, password: string): Promise<{
+            valid: boolean;
+        }>;
     };
     templateService: ({ strapi }: {
         strapi: any;

package/dist/server/src/services/settingsService.d.ts

@@ -31,6 +31,8 @@ declare const _default: ({ strapi }: {
         magicLinkExpiryHours: any;
         emailVerificationUrl: any;
         emailVerificationEmailSubject: any;
+        includeCredentialsInPasswordResetLink: any;
+        includeCredentialsInVerificationLink: any;
     }>;
     /**
      * Stores and encrypts Firebase configuration including Web API key and password reset settings

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "strapi-plugin-firebase-authentication",
-  "version": "1.2.4",
+  "version": "1.3.2",
   "description": "Allows easy integration between clients utilizing Firebase for authentication and Strapi",
   "license": "MIT",
   "repository": {