Enable 'structNullChecks' ts compiler option.

In the majority of cases, I simply turned stuff like this:

```
function fname(param: T) {
  if (!param) throw Error("invalid param; must not be nullish");
  ...
}
```

into this:

```
function fname(param: T|null|undefined) {
  if (!param) throw Error("invalid param; must not be nullish");
  ...
}
```

A more sensible approach would be eliminate the possibility of
null/undef and eliminate the checks too, but that's a bit more involved
and this patch is already enormous. But I think these sorts of
improvements could be taken advantage of opportunistically as the code
is worked on in the future.

Author: rsgowman

package-lock.json

@@ -67,6 +67,7 @@
   "devDependencies": {
     "@firebase/app": "^0.4.10",
     "@firebase/auth": "^0.11.3",
+    "@firebase/auth-types": "^0.8.2",
     "@types/bcrypt": "^2.0.0",
     "@types/chai": "^3.4.34",
     "@types/chai-as-promised": "0.0.29",

package.json

@@ -63,7 +63,7 @@ export class ActionCodeSettingsBuilder {
    *     object used to initiliaze this server request builder.
    * @constructor
    */
-  constructor(actionCodeSettings: ActionCodeSettings) {
+  constructor(actionCodeSettings?: ActionCodeSettings) {
     if (!validator.isNonNullObject(actionCodeSettings)) {
       throw new FirebaseAuthError(
         AuthClientErrorCode.INVALID_ARGUMENT,

src/auth/action-code-settings-builder.ts

@@ -97,7 +97,7 @@ class AuthResourceUrlBuilder {
    * @param {string} version The endpoint API version.
    * @constructor
    */
-  constructor(protected projectId: string, protected version: string = 'v1') {
+  constructor(protected projectId: string | null, protected version: string = 'v1') {
     this.urlFormat = FIREBASE_AUTH_BASE_URL_FORMAT;
   }
 
@@ -132,7 +132,7 @@ class TenantAwareAuthResourceUrlBuilder extends AuthResourceUrlBuilder {
    * @param {string} tenantId The tenant ID.
    * @constructor
    */
-  constructor(protected projectId: string, protected version: string, protected tenantId: string) {
+  constructor(protected projectId: string | null, protected version: string, protected tenantId: string) {
     super(projectId, version);
     this.urlFormat = FIREBASE_AUTH_TENANT_URL_FORMAT;
   }
@@ -683,7 +683,7 @@ const LIST_INBOUND_SAML_CONFIGS = new ApiSettings('/inboundSamlConfigs', 'GET')
  * Class that provides the mechanism to send requests to the Firebase Auth backend endpoints.
  */
 export abstract class AbstractAuthRequestHandler {
-  protected readonly projectId: string;
+  protected readonly projectId: string | null;
   protected readonly httpClient: AuthorizedHttpClient;
   private authUrlBuilder: AuthResourceUrlBuilder;
   private projectConfigUrlBuilder: AuthResourceUrlBuilder;
@@ -693,7 +693,7 @@ export abstract class AbstractAuthRequestHandler {
    * @return {string|null} The error code if present; null otherwise.
    */
   private static getErrorCode(response: any): string | null {
-    return (validator.isNonNullObject(response) && response.error && (response.error as any).message) || null;
+    return (validator.isNonNullObject(response) && (response as any).error && (response as any).error.message) || null;
   }
 
   /**
@@ -844,7 +844,7 @@ export abstract class AbstractAuthRequestHandler {
     }
     // If no remaining user in request after client side processing, there is no need
     // to send the request to the server.
-    if (request.users.length === 0) {
+    if (!request.users || request.users.length === 0) {
       return Promise.resolve(userImportBuilder.buildResponse([]));
     }
     return this.invokeRequestHandler(this.getAuthUrlBuilder(), FIREBASE_AUTH_UPLOAD_ACCOUNT, request)
@@ -881,7 +881,7 @@ export abstract class AbstractAuthRequestHandler {
    * @return {Promise<string>} A promise that resolves when the operation completes
    *     with the user id that was edited.
    */
-  public setCustomUserClaims(uid: string, customUserClaims: object): Promise<string> {
+  public setCustomUserClaims(uid: string, customUserClaims: object | null): Promise<string> {
     // Validate user UID.
     if (!validator.isUid(uid)) {
       return Promise.reject(new FirebaseAuthError(AuthClientErrorCode.INVALID_UID));
@@ -1059,7 +1059,7 @@ export abstract class AbstractAuthRequestHandler {
    * @param {string} email The email of the user the link is being sent to.
    * @param {ActionCodeSettings=} actionCodeSettings The optional action code setings which defines whether
    *     the link is to be handled by a mobile app and the additional state information to be passed in the
-   *     deep link, etc.
+   *     deep link, etc. Required when requestType == 'EMAIL_SIGNIN'
    * @return {Promise<string>} A promise that resolves with the email action link.
    */
   public getEmailActionLink(
@@ -1156,7 +1156,7 @@ export abstract class AbstractAuthRequestHandler {
     // Construct backend request.
     let request;
     try {
-      request = OIDCConfig.buildServerRequest(options);
+      request = OIDCConfig.buildServerRequest(options) || {};
     } catch (e) {
       return Promise.reject(e);
     }
@@ -1278,7 +1278,7 @@ export abstract class AbstractAuthRequestHandler {
     // Construct backend request.
     let request;
     try {
-      request = SAMLConfig.buildServerRequest(options);
+      request = SAMLConfig.buildServerRequest(options) || {};
     } catch (e) {
       return Promise.reject(e);
     }
@@ -1311,7 +1311,7 @@ export abstract class AbstractAuthRequestHandler {
     // Construct backend request.
     let request: SAMLConfigServerRequest;
     try {
-      request = SAMLConfig.buildServerRequest(options, true);
+      request = SAMLConfig.buildServerRequest(options, true) || {};
     } catch (e) {
       return Promise.reject(e);
     }
@@ -1366,6 +1366,14 @@ export abstract class AbstractAuthRequestHandler {
         if (err instanceof HttpError) {
           const error = err.response.data;
           const errorCode = AbstractAuthRequestHandler.getErrorCode(error);
+          if (!errorCode) {
+            throw new FirebaseAuthError(
+              AuthClientErrorCode.INTERNAL_ERROR,
+              'Error returned from server: ' + error + '. Additionally, an ' +
+              'internal error occurred while attempting to extract the ' +
+              'errorcode from the error.',
+            );
+          }
           throw FirebaseAuthError.fromServerError(errorCode, /* message */ undefined, error);
         }
         throw err;

src/auth/auth-api-request.ts

@@ -193,7 +193,7 @@ export class EmailSignInConfig implements EmailSignInProviderConfig {
    *
    * @param {any} options The options object to validate.
    */
-  private static validate(options: {[key: string]: any}) {
+  private static validate(options: EmailSignInProviderConfig) {
     // TODO: Validate the request.
     const validKeys = {
       enabled: true,
@@ -306,7 +306,7 @@ export class SAMLConfig implements SAMLAuthProviderConfig {
       };
       if (options.x509Certificates) {
         for (const cert of (options.x509Certificates || [])) {
-          request.idpConfig.idpCertificates.push({x509Certificate: cert});
+          request.idpConfig!.idpCertificates!.push({x509Certificate: cert});
         }
       }
     }
@@ -467,15 +467,26 @@ export class SAMLConfig implements SAMLAuthProviderConfig {
   constructor(response: SAMLConfigServerResponse) {
     if (!response ||
         !response.idpConfig ||
+        !response.idpConfig.idpEntityId ||
+        !response.idpConfig.ssoUrl ||
         !response.spConfig ||
+        !response.spConfig.spEntityId ||
         !response.name ||
         !(validator.isString(response.name) &&
           SAMLConfig.getProviderIdFromResourceName(response.name))) {
       throw new FirebaseAuthError(
         AuthClientErrorCode.INTERNAL_ERROR,
         'INTERNAL ASSERT FAILED: Invalid SAML configuration response');
     }
-    this.providerId = SAMLConfig.getProviderIdFromResourceName(response.name);
+
+    const providerId = SAMLConfig.getProviderIdFromResourceName(response.name);
+    if (!providerId) {
+      throw new FirebaseAuthError(
+        AuthClientErrorCode.INTERNAL_ERROR,
+        'INTERNAL ASSERT FAILED: Invalid SAML configuration response');
+    }
+    this.providerId = providerId;
+
     // RP config.
     this.rpEntityId = response.spConfig.spEntityId;
     this.callbackURL = response.spConfig.callbackUri;
@@ -663,7 +674,15 @@ export class OIDCConfig implements OIDCAuthProviderConfig {
         AuthClientErrorCode.INTERNAL_ERROR,
         'INTERNAL ASSERT FAILED: Invalid OIDC configuration response');
     }
-    this.providerId = OIDCConfig.getProviderIdFromResourceName(response.name);
+
+    const providerId = OIDCConfig.getProviderIdFromResourceName(response.name);
+    if (!providerId) {
+      throw new FirebaseAuthError(
+        AuthClientErrorCode.INTERNAL_ERROR,
+        'INTERNAL ASSERT FAILED: Invalid SAML configuration response');
+    }
+    this.providerId = providerId;
+
     this.clientId = response.clientId;
     this.issuer = response.issuer;
     // When enabled is undefined, it takes its default value of false.

src/auth/auth-config.ts

@@ -104,7 +104,7 @@ export class BaseAuth<T extends AbstractAuthRequestHandler> {
    *     minting.
    * @constructor
    */
-  constructor(protected readonly projectId: string,
+  constructor(protected readonly projectId: string | null,
               protected readonly authRequestHandler: T,
               cryptoSigner: CryptoSigner) {
     this.tokenGenerator = new FirebaseTokenGenerator(cryptoSigner);
@@ -731,7 +731,7 @@ export class Auth extends BaseAuth<AuthRequestHandler> implements FirebaseServic
    * @param {FirebaseApp} app The project ID for an app.
    * @return {string} The FirebaseApp's project ID.
    */
-  private static getProjectId(app: FirebaseApp): string {
+  private static getProjectId(app: FirebaseApp): string | null {
     if (typeof app !== 'object' || app === null || !('options' in app)) {
       throw new FirebaseAuthError(
         AuthClientErrorCode.INVALID_ARGUMENT,

src/auth/auth.ts

@@ -19,7 +19,7 @@ import fs = require('fs');
 import os = require('os');
 import path = require('path');
 
-import {AppErrorCodes, FirebaseAppError} from '../utils/error';
+import {AppErrorCodes, FirebaseAppError, FirebaseAuthError, AuthClientErrorCode} from '../utils/error';
 import {HttpClient, HttpRequestConfig, HttpError, HttpResponse} from '../utils/api-request';
 import {Agent} from 'http';
 
@@ -69,7 +69,7 @@ export class RefreshToken {
    * Tries to load a RefreshToken from a path. If the path is not present, returns null.
    * Throws if data at the path is invalid.
    */
-  public static fromPath(filePath: string): RefreshToken {
+  public static fromPath(filePath: string): RefreshToken | null {
     let jsonString: string;
 
     try {
@@ -224,7 +224,7 @@ function getDetailFromResponse(response: HttpResponse): string {
     }
     return detail;
   }
-  return response.text;
+  return response.text || 'Missing Error Payload';
 }
 
 /**
@@ -234,7 +234,7 @@ export class CertCredential implements FirebaseCredential {
 
   private readonly certificate: Certificate;
   private readonly httpClient: HttpClient;
-  private readonly httpAgent: Agent;
+  private readonly httpAgent?: Agent;
 
   constructor(serviceAccountPathOrObject: string | object, httpAgent?: Agent) {
     this.certificate = (typeof serviceAccountPathOrObject === 'string') ?
@@ -306,8 +306,8 @@ export interface FirebaseCredential extends Credential {
  * @param {Credential} credential A Credential instance.
  * @return {Certificate} A Certificate instance or null.
  */
-export function tryGetCertificate(credential: Credential): Certificate | null {
-  if (isFirebaseCredential(credential)) {
+export function tryGetCertificate(credential?: Credential): Certificate | null {
+  if (credential && isFirebaseCredential(credential)) {
     return credential.getCertificate();
   }
 
@@ -325,11 +325,22 @@ export class RefreshTokenCredential implements Credential {
 
   private readonly refreshToken: RefreshToken;
   private readonly httpClient: HttpClient;
-  private readonly httpAgent: Agent;
+  private readonly httpAgent?: Agent;
 
   constructor(refreshTokenPathOrObject: string | object, httpAgent?: Agent) {
-    this.refreshToken = (typeof refreshTokenPathOrObject === 'string') ?
-      RefreshToken.fromPath(refreshTokenPathOrObject) : new RefreshToken(refreshTokenPathOrObject);
+    if (typeof refreshTokenPathOrObject === 'string') {
+      const refreshTokenOrNull = RefreshToken.fromPath(refreshTokenPathOrObject);
+      if (!refreshTokenOrNull) {
+        throw new FirebaseAuthError(
+          AuthClientErrorCode.NOT_FOUND,
+          'The file refered to by the refreshTokenPathOrObject parameter (' +
+          refreshTokenPathOrObject + ') was not found.',
+        );
+      }
+      this.refreshToken = refreshTokenOrNull;
+    } else {
+      this.refreshToken = new RefreshToken(refreshTokenPathOrObject);
+    }
     this.httpClient = new HttpClient();
     this.httpAgent = httpAgent;
   }
@@ -362,7 +373,7 @@ export class RefreshTokenCredential implements Credential {
 export class MetadataServiceCredential implements Credential {
 
   private readonly httpClient = new HttpClient();
-  private readonly httpAgent: Agent;
+  private readonly httpAgent?: Agent;
 
   constructor(httpAgent?: Agent) {
     this.httpAgent = httpAgent;
@@ -396,10 +407,12 @@ export class ApplicationDefaultCredential implements FirebaseCredential {
     }
 
     // It is OK to not have this file. If it is present, it must be valid.
-    const refreshToken = RefreshToken.fromPath(GCLOUD_CREDENTIAL_PATH);
-    if (refreshToken) {
-      this.credential_ = new RefreshTokenCredential(refreshToken, httpAgent);
-      return;
+    if (GCLOUD_CREDENTIAL_PATH) {
+      const refreshToken = RefreshToken.fromPath(GCLOUD_CREDENTIAL_PATH);
+      if (refreshToken) {
+        this.credential_ = new RefreshTokenCredential(refreshToken, httpAgent);
+        return;
+      }
     }
 
     this.credential_ = new MetadataServiceCredential(httpAgent);
@@ -409,7 +422,7 @@ export class ApplicationDefaultCredential implements FirebaseCredential {
     return this.credential_.getAccessToken();
   }
 
-  public getCertificate(): Certificate {
+  public getCertificate(): Certificate | null {
     return tryGetCertificate(this.credential_);
   }
 

src/auth/credential.ts

@@ -117,17 +117,17 @@ export class Tenant {
       }
     }
     // Validate displayName type if provided.
-    if (typeof request.displayName !== 'undefined' &&
-        !validator.isNonEmptyString(request.displayName)) {
+    if (typeof (request as any).displayName !== 'undefined' &&
+        !validator.isNonEmptyString((request as any).displayName)) {
       throw new FirebaseAuthError(
         AuthClientErrorCode.INVALID_ARGUMENT,
         `"${label}.displayName" must be a valid non-empty string.`,
       );
     }
     // Validate emailSignInConfig type if provided.
-    if (typeof request.emailSignInConfig !== 'undefined') {
+    if (typeof (request as any).emailSignInConfig !== 'undefined') {
       // This will throw an error if invalid.
-      EmailSignInConfig.buildServerRequest(request.emailSignInConfig);
+      EmailSignInConfig.buildServerRequest((request as any).emailSignInConfig);
     }
   }