firebase
diff --git a/‎integration/browserify/package.json
Lines changed: 1 addition & 1 deletion b/‎integration/browserify/package.json
Lines changed: 1 addition & 1 deletion
diff --git a/‎integration/firebase-typings/package.json
Lines changed: 1 addition & 1 deletion b/‎integration/firebase-typings/package.json
Lines changed: 1 addition & 1 deletion
diff --git a/‎integration/messaging/package.json
Lines changed: 1 addition & 1 deletion b/‎integration/messaging/package.json
Lines changed: 1 addition & 1 deletion
diff --git a/‎integration/typescript/package.json
Lines changed: 1 addition & 1 deletion b/‎integration/typescript/package.json
Lines changed: 1 addition & 1 deletion
diff --git a/‎integration/webpack/package.json
Lines changed: 1 addition & 1 deletion b/‎integration/webpack/package.json
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/app-types/package.json
Lines changed: 1 addition & 1 deletion b/‎packages/app-types/package.json
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/app/package.json
Lines changed: 3 additions & 3 deletions b/‎packages/app/package.json
Lines changed: 3 additions & 3 deletions
diff --git a/‎packages/auth-types/package.json
Lines changed: 1 addition & 1 deletion b/‎packages/auth-types/package.json
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/auth/package.json
Lines changed: 2 additions & 2 deletions b/‎packages/auth/package.json
Lines changed: 2 additions & 2 deletions
diff --git a/‎packages/auth/src/authevent.js
Lines changed: 17 additions & 0 deletions b/‎packages/auth/src/authevent.js
Lines changed: 17 additions & 0 deletions
diff --git a/‎packages/auth/src/autheventmanager.js
Lines changed: 64 additions & 0 deletions b/‎packages/auth/src/autheventmanager.js
Lines changed: 64 additions & 0 deletions
diff --git a/‎packages/auth/test/authevent_test.js
Lines changed: 10 additions & 0 deletions b/‎packages/auth/test/authevent_test.js
Lines changed: 10 additions & 0 deletions
diff --git a/‎packages/auth/test/autheventmanager_test.js
Lines changed: 74 additions & 0 deletions b/‎packages/auth/test/autheventmanager_test.js
Lines changed: 74 additions & 0 deletions
diff --git a/‎packages/auth/test/authuser_test.js
Lines changed: 14 additions & 2 deletions b/‎packages/auth/test/authuser_test.js
Lines changed: 14 additions & 2 deletions
@@ -7,7 +7,7 @@
     "test": "karma start --single-run"
   },
   "dependencies": {
-    "firebase": "5.9.4"
+    "firebase": "5.10.0"
   },
   "devDependencies": {
     "@babel/core": "7.4.3",
 
@@ -6,7 +6,7 @@
     "test": "tsc index.ts --outDir dist"
   },
   "dependencies": {
-    "firebase": "5.9.4"
+    "firebase": "5.10.0"
   },
   "devDependencies": {
     "typescript": "3.4.3"
 
@@ -8,7 +8,7 @@
     "test:manual": "mocha --exit"
   },
   "dependencies": {
-    "firebase": "5.9.4"
+    "firebase": "5.10.0"
   },
   "devDependencies": {
     "chai": "4.2.0",
 
@@ -6,7 +6,7 @@
     "test": "karma start --single-run"
   },
   "dependencies": {
-    "firebase": "5.9.4"
+    "firebase": "5.10.0"
   },
   "devDependencies": {
     "@babel/core": "7.4.3",
 
@@ -7,7 +7,7 @@
     "test": "karma start --single-run"
   },
   "dependencies": {
-    "firebase": "5.9.4"
+    "firebase": "5.10.0"
   },
   "devDependencies": {
     "@babel/core": "7.4.3",
 
@@ -1,6 +1,6 @@
 {
   "name": "@firebase/app-types",
-  "version": "0.3.8",
+  "version": "0.3.9",
   "description": "@firebase/app Types",
   "author": "Firebase <[email protected]> (https://firebase.google.com/)",
   "license": "Apache-2.0",
 
@@ -1,6 +1,6 @@
 {
   "name": "@firebase/app",
-  "version": "0.3.15",
+  "version": "0.3.16",
   "description": "The primary entrypoint to the Firebase JS SDK",
   "author": "Firebase <[email protected]> (https://firebase.google.com/)",
   "main": "dist/index.node.cjs.js",
@@ -21,8 +21,8 @@
   },
   "license": "Apache-2.0",
   "dependencies": {
-    "@firebase/app-types": "0.3.8",
-    "@firebase/util": "0.2.12",
+    "@firebase/app-types": "0.3.9",
+    "@firebase/util": "0.2.13",
     "tslib": "1.9.3",
     "dom-storage": "2.1.0",
     "xmlhttprequest": "1.8.0"
 
@@ -1,6 +1,6 @@
 {
   "name": "@firebase/auth-types",
-  "version": "0.5.6",
+  "version": "0.6.0",
   "description": "@firebase/auth Types",
   "author": "Firebase <[email protected]> (https://firebase.google.com/)",
   "license": "Apache-2.0",
 
@@ -1,6 +1,6 @@
 {
   "name": "@firebase/auth",
-  "version": "0.9.8",
+  "version": "0.10.0",
   "main": "dist/auth.js",
   "module": "dist/auth.esm.js",
   "description": "Javascript library for Firebase Auth SDK",
@@ -19,7 +19,7 @@
   },
   "license": "Apache-2.0",
   "dependencies": {
-    "@firebase/auth-types": "0.5.6"
+    "@firebase/auth-types": "0.6.0"
   },
   "devDependencies": {
     "del": "4.1.0",
 
@@ -118,6 +118,23 @@ fireauth.AuthEvent.prototype.getEventId = function() {
 };
 
 
+/** @return {string} The event unique identifier. */
+fireauth.AuthEvent.prototype.getUid = function() {
+  var components = [];
+  components.push(this.type_);
+  if (this.eventId_) {
+    components.push(this.eventId_);
+  }
+  if (this.sessionId_) {
+    components.push(this.sessionId_);
+  }
+  if (this.tenantId_) {
+    components.push(this.tenantId_);
+  }
+  return components.join('-');
+};
+
+
 /** @return {?string} The url response of Auth event. */
 fireauth.AuthEvent.prototype.getUrlResponse = function() {
   return this.urlResponse_;
 
@@ -50,6 +50,12 @@ goog.require('goog.array');
  * @constructor
  */
 fireauth.AuthEventManager = function(authDomain, apiKey, appName) {
+  /**
+   * @private {!Object<string, boolean>} The map of processed auth event IDs.
+   */
+  this.processedEvents_ = {};
+  /** @private {number} The last saved processed event time in milliseconds. */
+  this.lastProcessedEventTime_ = 0;
   /** @private {string} The Auth domain. */
   this.authDomain_ = authDomain;
   /** @private {string} The browser API key. */
@@ -111,6 +117,14 @@ fireauth.AuthEventManager = function(authDomain, apiKey, appName) {
 };
 
 
+/**
+ * @const {number} The number of milliseconds since the last processed
+ *     event before the event duplication cache is cleared. This is currently
+ *     10 minutes.
+ */
+fireauth.AuthEventManager.EVENT_DUPLICATION_CACHE_DURATION = 10 * 60 * 1000;
+
+
 /**
  * @return {!fireauth.RedirectAuthEventProcessor} The redirect event processor.
  */
@@ -167,6 +181,7 @@ fireauth.AuthEventManager.prototype.reset = function() {
       fireauth.AuthEventManager.instantiateOAuthSignInHandler(
           this.authDomain_, this.apiKey_, this.appName_,
           firebase.SDK_VERSION || null);
+  this.processedEvents_ = {};
 };
 
 
@@ -341,6 +356,48 @@ fireauth.AuthEventManager.prototype.unsubscribe = function(handler) {
 };
 
 
+/**
+ * @param {?fireauth.AuthEvent} authEvent External Auth event to check.
+ * @return {boolean} Whether the event was previously processed.
+ * @private
+ */
+fireauth.AuthEventManager.prototype.hasProcessedAuthEvent_ =
+    function(authEvent) {
+  // Prevent duplicate event tracker from growing too large.
+  if (goog.now() - this.lastProcessedEventTime_ >=
+      fireauth.AuthEventManager.EVENT_DUPLICATION_CACHE_DURATION) {
+    this.processedEvents_ = {};
+    this.lastProcessedEventTime_ = 0;
+  }
+  if (authEvent && authEvent.getUid() &&
+      this.processedEvents_.hasOwnProperty(authEvent.getUid())) {
+    // If event is already processed, ignore it.
+    return true;
+  }
+  return false;
+};
+
+
+/**
+ * Saves the provided event uid to prevent processing duplication.
+ * @param {?fireauth.AuthEvent} authEvent External Auth event to track in
+ *     processed list of events.
+ * @private
+ */
+fireauth.AuthEventManager.prototype.saveProcessedAuthEvent_ =
+    function(authEvent) {
+  if (authEvent &&
+      (authEvent.getSessionId() || authEvent.getEventId())) {
+    // Save processed event ID. We keep the cache for 10 minutes to prevent it
+    // from growing too large.
+    this.processedEvents_[
+        /** @type {string} */ (authEvent.getUid())] = true;
+    // Save last processing time.
+    this.lastProcessedEventTime_ = goog.now();
+  }
+};
+
+
 /**
  * Handles external Auth event detected by the OAuth sign-in handler.
  * @param {?fireauth.AuthEvent} authEvent External Auth event detected by
@@ -356,6 +413,10 @@ fireauth.AuthEventManager.prototype.handleAuthEvent_ = function(authEvent) {
   if (!authEvent) {
     throw new fireauth.AuthError(fireauth.authenum.Error.INVALID_AUTH_EVENT);
   }
+  if (this.hasProcessedAuthEvent_(authEvent)) {
+    // If event is already processed, ignore it.
+    return false;
+  }
   // Initialize event processed status to false. When set to false, the event is
   // not clear to delete in the OAuth helper iframe as the owner of this event
   // could be a user in another tab.
@@ -368,6 +429,9 @@ fireauth.AuthEventManager.prototype.handleAuthEvent_ = function(authEvent) {
       var eventManager = this.typeToManager_[authEvent.getType()];
       if (eventManager) {
         eventManager.processAuthEvent(authEvent, potentialHandler);
+        // Prevent events with event IDs or session IDs from duplicate
+        // processing.
+        this.saveProcessedAuthEvent_(authEvent);
       }
       // Event has been processed, free to clear in OAuth helper.
       processed = true;
 
@@ -214,6 +214,14 @@ function testAuthEvent_error() {
 
 
 function testAuthEvent() {
+  var unknownEvent = new fireauth.AuthEvent(
+      fireauth.AuthEvent.Type.UNKNOWN,
+      null,
+      null,
+      null,
+      new fireauth.AuthError(fireauth.authenum.Error.INTERNAL_ERROR));
+  assertEquals('unknown', unknownEvent.getUid());
+
   assertEquals(
       fireauth.AuthEvent.Type.SIGN_IN_VIA_POPUP,
       authEvent.getType());
@@ -225,6 +233,7 @@ function testAuthEvent() {
   assertNull(authEvent.getEventId());
   assertNull(authEvent.getError());
   assertFalse(authEvent.hasError());
+  assertEquals('signInViaPopup-SESSION_ID', authEvent.getUid());
 
   assertEquals(
       fireauth.AuthEvent.Type.SIGN_IN_VIA_REDIRECT,
@@ -235,6 +244,7 @@ function testAuthEvent() {
       authEvent2.getError());
   assertTrue(authEvent2.hasError());
   assertNull(authEvent2.getPostBody());
+  assertEquals('signInViaRedirect-12345678', authEvent2.getUid());
 }
 
 
 
@@ -723,6 +723,7 @@ function testAuthEventManager_subscribeAndUnsubscribe() {
 
 function testAuthEventManager_testEventToProcessor() {
   var recordedHandler;
+  clock = new goog.testing.MockClock(true);
   asyncTestCase.waitForSignals(1);
   // This test is not environment specific.
   stubs.replace(
@@ -738,6 +739,9 @@ function testAuthEventManager_testEventToProcessor() {
             recordedHandler = handler;
             asyncTestCase.signal();
           },
+          'removeAuthEventListener': function(handler) {
+            recordedHandler = null;
+          },
           'initializeAndWait': function() { return goog.Promise.resolve(); },
           'shouldBeInitializedEarly': function() {
             return false;
@@ -917,6 +921,76 @@ function testAuthEventManager_testEventToProcessor() {
       3,
       fireauth.PopupAuthEventProcessor.prototype.processAuthEvent.
           getCallCount());
+
+  // Duplicate events with event IDs or session IDs should be ignored.
+  assertFalse(recordedHandler(signInViaPopupEvent));
+  assertFalse(recordedHandler(signInViaRedirectEvent));
+  assertFalse(recordedHandler(linkViaPopupEvent));
+  assertFalse(recordedHandler(linkViaRedirectEvent));
+  assertFalse(recordedHandler(reauthViaPopupEvent));
+  assertFalse(recordedHandler(reauthViaRedirectEvent));
+  assertEquals(
+      4,
+      fireauth.RedirectAuthEventProcessor.prototype.processAuthEvent.
+          getCallCount());
+  assertEquals(
+      3,
+      fireauth.PopupAuthEventProcessor.prototype.processAuthEvent.
+          getCallCount());
+  // Unknown events are allowed to be duplicated.
+  assertTrue(recordedHandler(unknownEvent));
+  assertEquals(
+      5,
+      fireauth.RedirectAuthEventProcessor.prototype.processAuthEvent.
+          getCallCount());
+  assertEquals(
+      3,
+      fireauth.PopupAuthEventProcessor.prototype.processAuthEvent.
+          getCallCount());
+
+  // Reset should clear processed events.
+  manager.reset();
+  manager.initialize();
+  assertTrue(recordedHandler(signInViaPopupEvent));
+  assertEquals(
+      5,
+      fireauth.RedirectAuthEventProcessor.prototype.processAuthEvent.
+          getCallCount());
+  assertEquals(
+      4,
+      fireauth.PopupAuthEventProcessor.prototype.processAuthEvent.
+          getCallCount());
+  assertFalse(recordedHandler(signInViaPopupEvent));
+
+  // Simulate 1 millisecond before cachebuster triggers.
+  clock.tick(fireauth.AuthEventManager.EVENT_DUPLICATION_CACHE_DURATION - 1);
+  // Event uid should still be saved.
+  assertFalse(recordedHandler(signInViaPopupEvent));
+  // Simulate one more millisecond to clear cache.
+  clock.tick(1);
+  // Event uid should be cleared.
+  assertTrue(recordedHandler(signInViaPopupEvent));
+  // This should be cached until next time cache is cleared.
+  clock.tick(fireauth.AuthEventManager.EVENT_DUPLICATION_CACHE_DURATION - 1);
+  assertFalse(recordedHandler(signInViaPopupEvent));
+  clock.tick(1);
+  assertTrue(recordedHandler(signInViaPopupEvent));
+
+  // Halfway through timeout duration.
+  clock.tick(fireauth.AuthEventManager.EVENT_DUPLICATION_CACHE_DURATION / 2);
+  // Trigger second event.
+  assertTrue(recordedHandler(linkViaPopupEvent));
+  // Halfway through timeout.
+  clock.tick(fireauth.AuthEventManager.EVENT_DUPLICATION_CACHE_DURATION / 2);
+  // Both events still cached (second event should reset the counter).
+  assertFalse(recordedHandler(signInViaPopupEvent));
+  assertFalse(recordedHandler(linkViaPopupEvent));
+  // Trigger timeout (half timeout duration).
+  clock.tick(fireauth.AuthEventManager.EVENT_DUPLICATION_CACHE_DURATION / 2);
+  // Cache should be cleared from both events (full timeout duration from last
+  // event).
+  assertTrue(recordedHandler(signInViaPopupEvent));
+  assertTrue(recordedHandler(linkViaPopupEvent));
 }
 
 
 
@@ -8784,12 +8784,18 @@ function testUser_linkWithPopup_timeout() {
             actualOnInit();
             return goog.Promise.resolve();
           });
+  oAuthSignInHandlerInstance.startPopupTimeout(
+      ignoreArgument, ignoreArgument, ignoreArgument)
+      .$does(function(popupWin, onError, delay) {
+        // Do nothing on first call to simulate timeout.
+        return new goog.Promise(function(resolve, reject) {});
+      }).$once();
   oAuthSignInHandlerInstance.startPopupTimeout(
       ignoreArgument, ignoreArgument, ignoreArgument)
       .$does(function(popupWin, onError, delay) {
         recordedHandler(expectedAuthEvent);
         return new goog.Promise(function(resolve, reject) {});
-      }).$times(2);
+      }).$once();
   mockControl.$replayAll();
   // Set the backend user info with no linked providers.
   stubs.replace(
@@ -8962,12 +8968,18 @@ function testUser_reauthenticateWithPopup_timeout() {
           });
   oAuthSignInHandlerInstance.shouldBeInitializedEarly().$returns(false);
   oAuthSignInHandlerInstance.hasVolatileStorage().$returns(false);
+  oAuthSignInHandlerInstance.startPopupTimeout(
+      ignoreArgument, ignoreArgument, ignoreArgument)
+      .$does(function(popupWin, onError, delay) {
+        // Do nothing on first call to simulate timeout.
+        return new goog.Promise(function(resolve, reject) {});
+      }).$once();
   oAuthSignInHandlerInstance.startPopupTimeout(
       ignoreArgument, ignoreArgument, ignoreArgument)
       .$does(function(popupWin, onError, delay) {
         recordedHandler(expectedAuthEvent);
         return new goog.Promise(function(resolve, reject) {});
-      }).$times(2);
+      }).$once();
   mockControl.$replayAll();
   // The expected popup window object.
   var expectedPopup = {
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "@firebase/app-types",`
`3`		`- "version": "0.3.8",`
	`3`	`+ "version": "0.3.9",`
`4`	`4`	`"description": "@firebase/app Types",`
`5`	`5`	`"author": "Firebase <[email protected]> (https://firebase.google.com/)",`
`6`	`6`	`"license": "Apache-2.0",`
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "@firebase/auth-types",`
`3`		`- "version": "0.5.6",`
	`3`	`+ "version": "0.6.0",`
`4`	`4`	`"description": "@firebase/auth Types",`
`5`	`5`	`"author": "Firebase <[email protected]> (https://firebase.google.com/)",`
`6`	`6`	`"license": "Apache-2.0",`