Make user operations tenant-aware. (#387)

This makes user operations tenant-aware. I've added some integration tests to ensure that this is working correctly. This is part of the initiative to adding multi-tenancy support (see issue #332).

Author: micahstairs

src/main/java/com/google/firebase/auth/AbstractFirebaseAuth.java

@@ -59,22 +59,13 @@ public abstract class AbstractFirebaseAuth {
   private final Supplier<? extends FirebaseUserManager> userManager;
   private final JsonFactory jsonFactory;
 
-  AbstractFirebaseAuth(
-      final FirebaseApp firebaseApp,
-      Supplier<FirebaseTokenFactory> tokenFactory,
-      Supplier<? extends FirebaseTokenVerifier> idTokenVerifier,
-      Supplier<? extends FirebaseTokenVerifier> cookieVerifier) {
-    this.firebaseApp = checkNotNull(firebaseApp);
-    this.tokenFactory = threadSafeMemoize(tokenFactory);
-    this.idTokenVerifier = threadSafeMemoize(idTokenVerifier);
-    this.cookieVerifier = threadSafeMemoize(cookieVerifier);
-    this.userManager = threadSafeMemoize(new Supplier<FirebaseUserManager>() {
-      @Override
-      public FirebaseUserManager get() {
-        return new FirebaseUserManager(firebaseApp);
-      }
-    });
-    this.jsonFactory = firebaseApp.getOptions().getJsonFactory();
+  AbstractFirebaseAuth(Builder builder) {
+    this.firebaseApp = checkNotNull(builder.firebaseApp);
+    this.tokenFactory = threadSafeMemoize(builder.tokenFactory);
+    this.idTokenVerifier = threadSafeMemoize(builder.idTokenVerifier);
+    this.cookieVerifier = threadSafeMemoize(builder.cookieVerifier);
+    this.userManager = threadSafeMemoize(builder.userManager);
+    this.jsonFactory = builder.firebaseApp.getOptions().getJsonFactory();
   }
 
   /**
@@ -1101,7 +1092,46 @@ final void destroy() {
       destroyed.set(true);
     }
   }
-
+  
   /** Performs any additional required clean up. */
   protected abstract void doDestroy();
+
+  static Builder builder() {
+    return new Builder();
+  }
+
+  static class Builder {
+    protected FirebaseApp firebaseApp;
+    private Supplier<FirebaseTokenFactory> tokenFactory;
+    private Supplier<? extends FirebaseTokenVerifier> idTokenVerifier;
+    private Supplier<? extends FirebaseTokenVerifier> cookieVerifier;
+    private Supplier<FirebaseUserManager> userManager;
+
+    private Builder() {}
+
+    Builder setFirebaseApp(FirebaseApp firebaseApp) {
+      this.firebaseApp = firebaseApp;
+      return this;
+    }
+
+    Builder setTokenFactory(Supplier<FirebaseTokenFactory> tokenFactory) {
+      this.tokenFactory = tokenFactory;
+      return this;
+    }
+
+    Builder setIdTokenVerifier(Supplier<? extends FirebaseTokenVerifier> idTokenVerifier) {
+      this.idTokenVerifier = idTokenVerifier;
+      return this;
+    }
+
+    Builder setCookieVerifier(Supplier<? extends FirebaseTokenVerifier> cookieVerifier) {
+      this.cookieVerifier = cookieVerifier;
+      return this;
+    }
+
+    Builder setUserManager(Supplier<FirebaseUserManager> userManager) {
+      this.userManager = userManager;
+      return this;
+    }
+  }
 }

src/main/java/com/google/firebase/auth/FirebaseAuth.java

@@ -17,10 +17,10 @@
 package com.google.firebase.auth;
 
 import com.google.api.client.util.Clock;
-import com.google.common.annotations.VisibleForTesting;
 import com.google.common.base.Supplier;
 import com.google.firebase.FirebaseApp;
 import com.google.firebase.ImplFirebaseTrampolines;
+import com.google.firebase.auth.AbstractFirebaseAuth.Builder;
 import com.google.firebase.auth.internal.FirebaseTokenFactory;
 import com.google.firebase.internal.FirebaseService;
 import java.util.concurrent.atomic.AtomicBoolean;
@@ -40,12 +40,8 @@ public class FirebaseAuth extends AbstractFirebaseAuth {
   private final Supplier<TenantManager> tenantManager;
   private final AtomicBoolean tenantManagerCreated = new AtomicBoolean(false);
 
-  private FirebaseAuth(final Builder builder) {
-    super(
-        builder.firebaseApp,
-        builder.tokenFactory,
-        builder.idTokenVerifier,
-        builder.cookieVerifier);
+  FirebaseAuth(final Builder builder) {
+    super(builder);
     tenantManager = threadSafeMemoize(new Supplier<TenantManager>() {
       @Override
       public TenantManager get() {
@@ -92,68 +88,37 @@ protected void doDestroy() {
   }
 
   private static FirebaseAuth fromApp(final FirebaseApp app) {
-    return FirebaseAuth.builder()
-        .setFirebaseApp(app)
-        .setTokenFactory(
-            new Supplier<FirebaseTokenFactory>() {
-              @Override
-              public FirebaseTokenFactory get() {
-                return FirebaseTokenUtils.createTokenFactory(app, Clock.SYSTEM);
-              }
+    return new FirebaseAuth(
+        AbstractFirebaseAuth.builder()
+          .setFirebaseApp(app)
+          .setTokenFactory(
+              new Supplier<FirebaseTokenFactory>() {
+                @Override
+                public FirebaseTokenFactory get() {
+                  return FirebaseTokenUtils.createTokenFactory(app, Clock.SYSTEM);
+                }
+              })
+          .setIdTokenVerifier(
+              new Supplier<FirebaseTokenVerifier>() {
+                @Override
+                public FirebaseTokenVerifier get() {
+                  return FirebaseTokenUtils.createIdTokenVerifier(app, Clock.SYSTEM);
+                }
+              })
+          .setCookieVerifier(
+              new Supplier<FirebaseTokenVerifier>() {
+                @Override
+                public FirebaseTokenVerifier get() {
+                  return FirebaseTokenUtils.createSessionCookieVerifier(app, Clock.SYSTEM);
+                }
             })
-        .setIdTokenVerifier(
-            new Supplier<FirebaseTokenVerifier>() {
-              @Override
-              public FirebaseTokenVerifier get() {
-                return FirebaseTokenUtils.createIdTokenVerifier(app, Clock.SYSTEM);
-              }
-            })
-        .setCookieVerifier(
-            new Supplier<FirebaseTokenVerifier>() {
-              @Override
-              public FirebaseTokenVerifier get() {
-                return FirebaseTokenUtils.createSessionCookieVerifier(app, Clock.SYSTEM);
-              }
-            })
-        .build();
-  }
-
-  @VisibleForTesting
-  static Builder builder() {
-    return new Builder();
-  }
-
-  static class Builder {
-    private FirebaseApp firebaseApp;
-    private Supplier<FirebaseTokenFactory> tokenFactory;
-    private Supplier<? extends FirebaseTokenVerifier> idTokenVerifier;
-    private Supplier<? extends FirebaseTokenVerifier> cookieVerifier;
-
-    private Builder() {}
-
-    Builder setFirebaseApp(FirebaseApp firebaseApp) {
-      this.firebaseApp = firebaseApp;
-      return this;
-    }
-
-    Builder setTokenFactory(Supplier<FirebaseTokenFactory> tokenFactory) {
-      this.tokenFactory = tokenFactory;
-      return this;
-    }
-
-    Builder setIdTokenVerifier(Supplier<? extends FirebaseTokenVerifier> idTokenVerifier) {
-      this.idTokenVerifier = idTokenVerifier;
-      return this;
-    }
-
-    Builder setCookieVerifier(Supplier<? extends FirebaseTokenVerifier> cookieVerifier) {
-      this.cookieVerifier = cookieVerifier;
-      return this;
-    }
-
-    FirebaseAuth build() {
-      return new FirebaseAuth(this);
-    }
+          .setUserManager(
+              new Supplier<FirebaseUserManager>() {
+                @Override
+                public FirebaseUserManager get() {
+                  return new FirebaseUserManager(app);
+                }
+              }));
   }
 
   private static class FirebaseAuthService extends FirebaseService<FirebaseAuth> {

src/main/java/com/google/firebase/auth/FirebaseToken.java

@@ -42,6 +42,11 @@ public String getUid() {
     return (String) claims.get("sub");
   }
 
+  /** Returns the tenant ID for the this token. */
+  public String getTenantId() {
+    return (String) claims.get("tenant_id");
+  }
+
   /** Returns the Issuer for the this token. */
   public String getIssuer() {
     return (String) claims.get("iss");
@@ -57,14 +62,14 @@ public String getPicture() {
     return (String) claims.get("picture");
   }
 
-  /** 
+  /**
    * Returns the e-mail address for this user, or {@code null} if it's unavailable.
    */
   public String getEmail() {
     return (String) claims.get("email");
   }
 
-  /** 
+  /**
    * Indicates if the email address returned by {@link #getEmail()} has been verified as good.
    */
   public boolean isEmailVerified() {

src/main/java/com/google/firebase/auth/FirebaseUserManager.java

@@ -115,21 +115,40 @@ class FirebaseUserManager {
    * Creates a new FirebaseUserManager instance.
    *
    * @param app A non-null {@link FirebaseApp}.
+   * @param tenantId The associated tenant ID if the user operations should be tenant-aware,
+   *     otherwise {@code null}
    */
-  FirebaseUserManager(@NonNull FirebaseApp app) {
+  FirebaseUserManager(@NonNull FirebaseApp app, @Nullable String tenantId) {
     checkNotNull(app, "FirebaseApp must not be null");
     String projectId = ImplFirebaseTrampolines.getProjectId(app);
     checkArgument(!Strings.isNullOrEmpty(projectId),
         "Project ID is required to access the auth service. Use a service account credential or "
             + "set the project ID explicitly via FirebaseOptions. Alternatively you can also "
             + "set the project ID via the GOOGLE_CLOUD_PROJECT environment variable.");
-    this.userMgtBaseUrl = String.format(ID_TOOLKIT_URL, "v1", projectId);
+    if (tenantId == null) {
+      this.userMgtBaseUrl = String.format(ID_TOOLKIT_URL, "v1", projectId);
+    } else {
+      checkArgument(!tenantId.isEmpty(), "tenant ID must not be empty");
+      this.userMgtBaseUrl =
+          String.format(ID_TOOLKIT_URL, "v1", projectId) + getTenantUrlSuffix(tenantId);
+    }
     this.tenantMgtBaseUrl = String.format(ID_TOOLKIT_URL, "v2", projectId);
     this.jsonFactory = app.getOptions().getJsonFactory();
     HttpTransport transport = app.getOptions().getHttpTransport();
     this.requestFactory = transport.createRequestFactory(new FirebaseRequestInitializer(app));
   }
 
+  /**
+   * Creates a new FirebaseUserManager instance.
+   *
+   * <p>This convenience constructor is for when user operations should not be tenant-aware.
+   *
+   * @param app A non-null {@link FirebaseApp}.
+   */
+  FirebaseUserManager(@NonNull FirebaseApp app) {
+    this(app, null);
+  }
+
   @VisibleForTesting
   void setInterceptor(HttpResponseInterceptor interceptor) {
     this.interceptor = interceptor;
@@ -230,7 +249,7 @@ UserImportResult importUsers(UserImportRequest request) throws FirebaseAuthExcep
   }
 
   Tenant getTenant(String tenantId) throws FirebaseAuthException {
-    GenericUrl url = new GenericUrl(tenantMgtBaseUrl + "/tenants/" + tenantId);
+    GenericUrl url = new GenericUrl(tenantMgtBaseUrl + getTenantUrlSuffix(tenantId));
     return sendRequest("GET", url, null, Tenant.class);
   }
 
@@ -242,7 +261,7 @@ Tenant createTenant(Tenant.CreateRequest request) throws FirebaseAuthException {
   Tenant updateTenant(Tenant.UpdateRequest request) throws FirebaseAuthException {
     Map<String, Object> properties = request.getProperties();
     checkArgument(!properties.isEmpty(), "tenant update must have at least one property set");
-    GenericUrl url = new GenericUrl(tenantMgtBaseUrl + "/tenants/" + request.getTenantId());
+    GenericUrl url = new GenericUrl(tenantMgtBaseUrl + getTenantUrlSuffix(request.getTenantId()));
     url.put("updateMask", generateMask(properties));
     return sendRequest("PATCH", url, properties, Tenant.class);
   }
@@ -256,7 +275,7 @@ private static String generateMask(Map<String, Object> properties) {
   }
 
   void deleteTenant(String tenantId) throws FirebaseAuthException {
-    GenericUrl url = new GenericUrl(tenantMgtBaseUrl + "/tenants/" + tenantId);
+    GenericUrl url = new GenericUrl(tenantMgtBaseUrl + getTenantUrlSuffix(tenantId));
     sendRequest("DELETE", url, null, GenericJson.class);
   }
 
@@ -312,6 +331,11 @@ String getEmailActionLink(EmailLinkType type, String email,
     throw new FirebaseAuthException(INTERNAL_ERROR, "Failed to create email action link");
   }
 
+  private static String getTenantUrlSuffix(String tenantId) {
+    checkArgument(!Strings.isNullOrEmpty(tenantId));
+    return "/tenants/" + tenantId;
+  }
+
   private <T> T post(String path, Object content, Class<T> clazz) throws FirebaseAuthException {
     checkArgument(!Strings.isNullOrEmpty(path), "path must not be null or empty");
     checkNotNull(content, "content must not be null for POST requests");