Move createSessionCookie and verifySessionCookie back to FirebaseAuth.

micahstairs · micahstairs · commit c90a7d5e53b2 · 2020-04-22T21:47:51.000-04:00
diff --git a/src/main/java/com/google/firebase/auth/AbstractFirebaseAuth.java b/src/main/java/com/google/firebase/auth/AbstractFirebaseAuth.java
@@ -180,132 +180,6 @@ public String execute() throws FirebaseAuthException {
     };
   }
 
-  /**
-   * Creates a new Firebase session cookie from the given ID token and options. The returned JWT can
-   * be set as a server-side session cookie with a custom cookie policy.
-   *
-   * @param idToken The Firebase ID token to exchange for a session cookie.
-   * @param options Additional options required to create the cookie.
-   * @return A Firebase session cookie string.
-   * @throws IllegalArgumentException If the ID token is null or empty, or if options is null.
-   * @throws FirebaseAuthException If an error occurs while generating the session cookie.
-   */
-  public String createSessionCookie(@NonNull String idToken, @NonNull SessionCookieOptions options)
-      throws FirebaseAuthException {
-    return createSessionCookieOp(idToken, options).call();
-  }
-
-  /**
-   * Similar to {@link #createSessionCookie(String, SessionCookieOptions)} but performs the
-   * operation asynchronously.
-   *
-   * @param idToken The Firebase ID token to exchange for a session cookie.
-   * @param options Additional options required to create the cookie.
-   * @return An {@code ApiFuture} which will complete successfully with a session cookie string. If
-   *     an error occurs while generating the cookie or if the specified ID token is invalid, the
-   *     future throws a {@link FirebaseAuthException}.
-   * @throws IllegalArgumentException If the ID token is null or empty, or if options is null.
-   */
-  public ApiFuture<String> createSessionCookieAsync(
-      @NonNull String idToken, @NonNull SessionCookieOptions options) {
-    return createSessionCookieOp(idToken, options).callAsync(firebaseApp);
-  }
-
-  private CallableOperation<String, FirebaseAuthException> createSessionCookieOp(
-      final String idToken, final SessionCookieOptions options) {
-    checkNotDestroyed();
-    checkArgument(!Strings.isNullOrEmpty(idToken), "idToken must not be null or empty");
-    checkNotNull(options, "options must not be null");
-    final FirebaseUserManager userManager = getUserManager();
-    return new CallableOperation<String, FirebaseAuthException>() {
-      @Override
-      protected String execute() throws FirebaseAuthException {
-        return userManager.createSessionCookie(idToken, options);
-      }
-    };
-  }
-
-  /**
-   * Parses and verifies a Firebase session cookie.
-   *
-   * <p>If verified successfully, returns a parsed version of the cookie from which the UID and the
-   * other claims can be read. If the cookie is invalid, throws a {@link FirebaseAuthException}.
-   *
-   * <p>This method does not check whether the cookie has been revoked. See {@link
-   * #verifySessionCookie(String, boolean)}.
-   *
-   * @param cookie A Firebase session cookie string to verify and parse.
-   * @return A {@link FirebaseToken} representing the verified and decoded cookie.
-   */
-  public FirebaseToken verifySessionCookie(String cookie) throws FirebaseAuthException {
-    return verifySessionCookie(cookie, false);
-  }
-
-  /**
-   * Parses and verifies a Firebase session cookie.
-   *
-   * <p>If {@code checkRevoked} is true, additionally verifies that the cookie has not been revoked.
-   *
-   * <p>If verified successfully, returns a parsed version of the cookie from which the UID and the
-   * other claims can be read. If the cookie is invalid or has been revoked while {@code
-   * checkRevoked} is true, throws a {@link FirebaseAuthException}.
-   *
-   * @param cookie A Firebase session cookie string to verify and parse.
-   * @param checkRevoked A boolean indicating whether to check if the cookie was explicitly revoked.
-   * @return A {@link FirebaseToken} representing the verified and decoded cookie.
-   */
-  public FirebaseToken verifySessionCookie(String cookie, boolean checkRevoked)
-      throws FirebaseAuthException {
-    return verifySessionCookieOp(cookie, checkRevoked).call();
-  }
-
-  /**
-   * Similar to {@link #verifySessionCookie(String)} but performs the operation asynchronously.
-   *
-   * @param cookie A Firebase session cookie string to verify and parse.
-   * @return An {@code ApiFuture} which will complete successfully with the parsed cookie, or
-   *     unsuccessfully with the failure Exception.
-   */
-  public ApiFuture<FirebaseToken> verifySessionCookieAsync(String cookie) {
-    return verifySessionCookieAsync(cookie, false);
-  }
-
-  /**
-   * Similar to {@link #verifySessionCookie(String, boolean)} but performs the operation
-   * asynchronously.
-   *
-   * @param cookie A Firebase session cookie string to verify and parse.
-   * @param checkRevoked A boolean indicating whether to check if the cookie was explicitly revoked.
-   * @return An {@code ApiFuture} which will complete successfully with the parsed cookie, or
-   *     unsuccessfully with the failure Exception.
-   */
-  public ApiFuture<FirebaseToken> verifySessionCookieAsync(String cookie, boolean checkRevoked) {
-    return verifySessionCookieOp(cookie, checkRevoked).callAsync(firebaseApp);
-  }
-
-  private CallableOperation<FirebaseToken, FirebaseAuthException> verifySessionCookieOp(
-      final String cookie, final boolean checkRevoked) {
-    checkNotDestroyed();
-    checkArgument(!Strings.isNullOrEmpty(cookie), "Session cookie must not be null or empty");
-    final FirebaseTokenVerifier sessionCookieVerifier = getSessionCookieVerifier(checkRevoked);
-    return new CallableOperation<FirebaseToken, FirebaseAuthException>() {
-      @Override
-      public FirebaseToken execute() throws FirebaseAuthException {
-        return sessionCookieVerifier.verifyToken(cookie);
-      }
-    };
-  }
-
-  @VisibleForTesting
-  FirebaseTokenVerifier getSessionCookieVerifier(boolean checkRevoked) {
-    FirebaseTokenVerifier verifier = cookieVerifier.get();
-    if (checkRevoked) {
-      FirebaseUserManager userManager = getUserManager();
-      verifier = RevocationCheckDecorator.decorateSessionCookieVerifier(verifier, userManager);
-    }
-    return verifier;
-  }
-
   /**
    * Parses and verifies a Firebase ID Token.
    *
@@ -1043,6 +917,14 @@ public ApiFuture<String> generateSignInWithEmailLinkAsync(
         .callAsync(firebaseApp);
   }
 
+  FirebaseApp getFirebaseApp() {
+    return this.firebaseApp;
+  }
+
+  FirebaseTokenVerifier getCookieVerifier() {
+    return this.cookieVerifier.get();
+  }
+
   FirebaseUserManager getUserManager() {
     return this.userManager.get();
   }
@@ -1077,7 +959,7 @@ public T get() {
         });
   }
 
-  private void checkNotDestroyed() {
+  void checkNotDestroyed() {
     synchronized (lock) {
       checkState(
           !destroyed.get(),
diff --git a/src/main/java/com/google/firebase/auth/FirebaseAuth.java b/src/main/java/com/google/firebase/auth/FirebaseAuth.java
@@ -16,13 +16,21 @@
 
 package com.google.firebase.auth;
 
+import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.base.Preconditions.checkNotNull;
+
 import com.google.api.client.util.Clock;
+import com.google.api.core.ApiFuture;
+import com.google.common.annotations.VisibleForTesting;
+import com.google.common.base.Strings;
 import com.google.common.base.Supplier;
 import com.google.firebase.FirebaseApp;
 import com.google.firebase.ImplFirebaseTrampolines;
 import com.google.firebase.auth.AbstractFirebaseAuth.Builder;
 import com.google.firebase.auth.internal.FirebaseTokenFactory;
+import com.google.firebase.internal.CallableOperation;
 import com.google.firebase.internal.FirebaseService;
+import com.google.firebase.internal.NonNull;
 import java.util.concurrent.atomic.AtomicBoolean;
 
 /**
@@ -79,6 +87,132 @@ public static synchronized FirebaseAuth getInstance(FirebaseApp app) {
     return service.getInstance();
   }
 
+  /**
+   * Creates a new Firebase session cookie from the given ID token and options. The returned JWT can
+   * be set as a server-side session cookie with a custom cookie policy.
+   *
+   * @param idToken The Firebase ID token to exchange for a session cookie.
+   * @param options Additional options required to create the cookie.
+   * @return A Firebase session cookie string.
+   * @throws IllegalArgumentException If the ID token is null or empty, or if options is null.
+   * @throws FirebaseAuthException If an error occurs while generating the session cookie.
+   */
+  public String createSessionCookie(@NonNull String idToken, @NonNull SessionCookieOptions options)
+      throws FirebaseAuthException {
+    return createSessionCookieOp(idToken, options).call();
+  }
+
+  /**
+   * Similar to {@link #createSessionCookie(String, SessionCookieOptions)} but performs the
+   * operation asynchronously.
+   *
+   * @param idToken The Firebase ID token to exchange for a session cookie.
+   * @param options Additional options required to create the cookie.
+   * @return An {@code ApiFuture} which will complete successfully with a session cookie string. If
+   *     an error occurs while generating the cookie or if the specified ID token is invalid, the
+   *     future throws a {@link FirebaseAuthException}.
+   * @throws IllegalArgumentException If the ID token is null or empty, or if options is null.
+   */
+  public ApiFuture<String> createSessionCookieAsync(
+      @NonNull String idToken, @NonNull SessionCookieOptions options) {
+    return createSessionCookieOp(idToken, options).callAsync(getFirebaseApp());
+  }
+
+  private CallableOperation<String, FirebaseAuthException> createSessionCookieOp(
+      final String idToken, final SessionCookieOptions options) {
+    checkNotDestroyed();
+    checkArgument(!Strings.isNullOrEmpty(idToken), "idToken must not be null or empty");
+    checkNotNull(options, "options must not be null");
+    final FirebaseUserManager userManager = getUserManager();
+    return new CallableOperation<String, FirebaseAuthException>() {
+      @Override
+      protected String execute() throws FirebaseAuthException {
+        return userManager.createSessionCookie(idToken, options);
+      }
+    };
+  }
+
+  /**
+   * Parses and verifies a Firebase session cookie.
+   *
+   * <p>If verified successfully, returns a parsed version of the cookie from which the UID and the
+   * other claims can be read. If the cookie is invalid, throws a {@link FirebaseAuthException}.
+   *
+   * <p>This method does not check whether the cookie has been revoked. See {@link
+   * #verifySessionCookie(String, boolean)}.
+   *
+   * @param cookie A Firebase session cookie string to verify and parse.
+   * @return A {@link FirebaseToken} representing the verified and decoded cookie.
+   */
+  public FirebaseToken verifySessionCookie(String cookie) throws FirebaseAuthException {
+    return verifySessionCookie(cookie, false);
+  }
+
+  /**
+   * Parses and verifies a Firebase session cookie.
+   *
+   * <p>If {@code checkRevoked} is true, additionally verifies that the cookie has not been revoked.
+   *
+   * <p>If verified successfully, returns a parsed version of the cookie from which the UID and the
+   * other claims can be read. If the cookie is invalid or has been revoked while {@code
+   * checkRevoked} is true, throws a {@link FirebaseAuthException}.
+   *
+   * @param cookie A Firebase session cookie string to verify and parse.
+   * @param checkRevoked A boolean indicating whether to check if the cookie was explicitly revoked.
+   * @return A {@link FirebaseToken} representing the verified and decoded cookie.
+   */
+  public FirebaseToken verifySessionCookie(String cookie, boolean checkRevoked)
+      throws FirebaseAuthException {
+    return verifySessionCookieOp(cookie, checkRevoked).call();
+  }
+
+  /**
+   * Similar to {@link #verifySessionCookie(String)} but performs the operation asynchronously.
+   *
+   * @param cookie A Firebase session cookie string to verify and parse.
+   * @return An {@code ApiFuture} which will complete successfully with the parsed cookie, or
+   *     unsuccessfully with the failure Exception.
+   */
+  public ApiFuture<FirebaseToken> verifySessionCookieAsync(String cookie) {
+    return verifySessionCookieAsync(cookie, false);
+  }
+
+  /**
+   * Similar to {@link #verifySessionCookie(String, boolean)} but performs the operation
+   * asynchronously.
+   *
+   * @param cookie A Firebase session cookie string to verify and parse.
+   * @param checkRevoked A boolean indicating whether to check if the cookie was explicitly revoked.
+   * @return An {@code ApiFuture} which will complete successfully with the parsed cookie, or
+   *     unsuccessfully with the failure Exception.
+   */
+  public ApiFuture<FirebaseToken> verifySessionCookieAsync(String cookie, boolean checkRevoked) {
+    return verifySessionCookieOp(cookie, checkRevoked).callAsync(getFirebaseApp());
+  }
+
+  protected CallableOperation<FirebaseToken, FirebaseAuthException> verifySessionCookieOp(
+      final String cookie, final boolean checkRevoked) {
+    checkNotDestroyed();
+    checkArgument(!Strings.isNullOrEmpty(cookie), "Session cookie must not be null or empty");
+    final FirebaseTokenVerifier sessionCookieVerifier = getSessionCookieVerifier(checkRevoked);
+    return new CallableOperation<FirebaseToken, FirebaseAuthException>() {
+      @Override
+      public FirebaseToken execute() throws FirebaseAuthException {
+        return sessionCookieVerifier.verifyToken(cookie);
+      }
+    };
+  }
+
+  @VisibleForTesting
+  FirebaseTokenVerifier getSessionCookieVerifier(boolean checkRevoked) {
+    FirebaseTokenVerifier verifier = getCookieVerifier();
+    if (checkRevoked) {
+      FirebaseUserManager userManager = getUserManager();
+      verifier = RevocationCheckDecorator.decorateSessionCookieVerifier(verifier, userManager);
+    }
+    return verifier;
+  }
+
   @Override
   protected void doDestroy() {
     // Only destroy the tenant manager if it has been created.
