Align recaptcha error codes with android

Author: chuanr

common/api-review/auth.api.md

@@ -227,8 +227,14 @@ export const AuthErrorCodes: {
     readonly WEAK_PASSWORD: "auth/weak-password";
     readonly WEB_STORAGE_UNSUPPORTED: "auth/web-storage-unsupported";
     readonly ALREADY_INITIALIZED: "auth/already-initialized";
-    readonly RECAPTCHA_CHECK_FAILED: "auth/recaptcha-check-failed";
     readonly RECAPTCHA_NOT_ENABLED: "auth/recaptcha-not-enabled";
+    readonly MISSING_RECAPTCHA_TOKEN: "auth/missing-recaptcha-token";
+    readonly INVALID_RECAPTCHA_TOKEN: "auth/invalid-recaptcha-token";
+    readonly INVALID_RECAPTCHA_ACTION: "auth/invalide-recaptcha-action";
+    readonly MISSING_CLIENT_TYPE: "auth/missing-client-type";
+    readonly MISSING_RECAPTCHA_VERSION: "auth/missing-recaptcha-version";
+    readonly INVALID_RECAPTCHA_VERSION: "auth/invalid-recaptcha-version";
+    readonly INVALID_REQ_TYPE: "auth/invalid-req-type";
 };
 
 // @public

packages/auth/src/api/errors.ts

@@ -216,7 +216,7 @@ export const SERVER_ERROR_MAP: Partial<ServerErrorMap<ServerError>> = {
   [ServerError.BLOCKING_FUNCTION_ERROR_RESPONSE]: AuthErrorCode.INTERNAL_ERROR,
 
   // Recaptcha related errors.
-  [ServerError.INVALID_RECAPTCHA_SCORE]: AuthErrorCode.RECAPTCHA_CHECK_FAILED,
+  [ServerError.INVALID_RECAPTCHA_SCORE]: AuthErrorCode.CAPTCHA_CHECK_FAILED,
   [ServerError.RECAPTCHA_NOT_ENABLED]: AuthErrorCode.RECAPTCHA_NOT_ENABLED,
   [ServerError.MISSING_RECAPTCHA_TOKEN]: AuthErrorCode.INTERNAL_ERROR,
   [ServerError.INVALID_RECAPTCHA_TOKEN]: AuthErrorCode.INTERNAL_ERROR,

packages/auth/src/core/credentials/email.ts

@@ -29,7 +29,6 @@ import {
 import { AuthInternal } from '../../model/auth';
 import { IdTokenResponse } from '../../model/id_token';
 import { AuthErrorCode } from '../errors';
-import { ServerError } from '../../api/errors';
 import { _fail } from '../util/assert';
 import { AuthCredential } from './auth_credential';
 import { injectRecaptchaFields } from '../../platform_browser/recaptcha/recaptcha_enterprise_verifier';
@@ -132,7 +131,9 @@ export class EmailAuthCredential extends AuthCredential {
           return signInWithPassword(auth, requestWithRecaptcha);
         } else {
           return signInWithPassword(auth, request).catch(async error => {
-            if (error.code === `auth/${ServerError.MISSING_RECAPTCHA_TOKEN}`) {
+            if (
+              error.code === `auth/${AuthErrorCode.MISSING_RECAPTCHA_TOKEN}`
+            ) {
               console.log(
                 'Sign-in with email address and password is protected by reCAPTCHA for this project. Automatically triggering the reCAPTCHA flow and restarting the sign-in flow.'
               );

packages/auth/src/core/errors.ts

@@ -124,8 +124,14 @@ export const enum AuthErrorCode {
   WEAK_PASSWORD = 'weak-password',
   WEB_STORAGE_UNSUPPORTED = 'web-storage-unsupported',
   ALREADY_INITIALIZED = 'already-initialized',
-  RECAPTCHA_CHECK_FAILED = 'recaptcha-check-failed',
-  RECAPTCHA_NOT_ENABLED = 'recaptcha-not-enabled'
+  RECAPTCHA_NOT_ENABLED = 'recaptcha-not-enabled',
+  MISSING_RECAPTCHA_TOKEN = 'missing-recaptcha-token',
+  INVALID_RECAPTCHA_TOKEN = 'invalid-recaptcha-token',
+  INVALID_RECAPTCHA_ACTION = 'invalide-recaptcha-action',
+  MISSING_CLIENT_TYPE = 'missing-client-type',
+  MISSING_RECAPTCHA_VERSION = 'missing-recaptcha-version',
+  INVALID_RECAPTCHA_VERSION = 'invalid-recaptcha-version',
+  INVALID_REQ_TYPE = 'invalid-req-type'
 }
 
 function _debugErrorMap(): ErrorMap<AuthErrorCode> {
@@ -359,10 +365,22 @@ function _debugErrorMap(): ErrorMap<AuthErrorCode> {
       'different options. To avoid this error, call initializeAuth() with the ' +
       'same options as when it was originally called, or call getAuth() to return the' +
       ' already initialized instance.',
-    [AuthErrorCode.RECAPTCHA_CHECK_FAILED]:
-      'The ReCAPTCHA assessment failed for this request.',
+    [AuthErrorCode.MISSING_RECAPTCHA_TOKEN]:
+      'The reCAPTCHA token is missing when sending request to the backend.',
+    [AuthErrorCode.INVALID_RECAPTCHA_TOKEN]:
+      'The reCAPTCHA token is invalid when sending request to the backend.',
+    [AuthErrorCode.INVALID_RECAPTCHA_ACTION]:
+      'The reCAPTCHA action is invalid when sending request to the backend.',
     [AuthErrorCode.RECAPTCHA_NOT_ENABLED]:
-      'reCAPTCHA integration is not enabled for this project.'
+      'reCAPTCHA integration is not enabled for this project.',
+    [AuthErrorCode.MISSING_CLIENT_TYPE]:
+      'The reCAPTCHA client type is missing when sending request to the backend.',
+    [AuthErrorCode.MISSING_RECAPTCHA_VERSION]:
+      'The reCAPTCHA version is missing when sending request to the backend.',
+    [AuthErrorCode.INVALID_REQ_TYPE]:
+      'The reCAPTCHA client type or version is invalid when retrieving the site key.',
+    [AuthErrorCode.INVALID_RECAPTCHA_VERSION]:
+      'The reCAPTCHA version is invalid when sending request to the backend.'
   };
 }
 
@@ -565,6 +583,12 @@ export const AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY = {
   WEAK_PASSWORD: 'auth/weak-password',
   WEB_STORAGE_UNSUPPORTED: 'auth/web-storage-unsupported',
   ALREADY_INITIALIZED: 'auth/already-initialized',
-  RECAPTCHA_CHECK_FAILED: 'auth/recaptcha-check-failed',
-  RECAPTCHA_NOT_ENABLED: 'auth/recaptcha-not-enabled'
+  RECAPTCHA_NOT_ENABLED: 'auth/recaptcha-not-enabled',
+  MISSING_RECAPTCHA_TOKEN: 'auth/missing-recaptcha-token',
+  INVALID_RECAPTCHA_TOKEN: 'auth/invalid-recaptcha-token',
+  INVALID_RECAPTCHA_ACTION: 'auth/invalide-recaptcha-action',
+  MISSING_CLIENT_TYPE: 'auth/missing-client-type',
+  MISSING_RECAPTCHA_VERSION: 'auth/missing-recaptcha-version',
+  INVALID_RECAPTCHA_VERSION: 'auth/invalid-recaptcha-version',
+  INVALID_REQ_TYPE: 'auth/invalid-req-type'
 } as const;

packages/auth/src/core/strategies/email_and_password.ts

@@ -34,7 +34,6 @@ import { _setActionCodeSettingsOnRequest } from './action_code_settings';
 import { signInWithCredential } from './credential';
 import { _castAuth } from '../auth/auth_impl';
 import { AuthErrorCode } from '../errors';
-import { ServerError } from '../../api/errors';
 import { getModularInstance } from '@firebase/util';
 import { OperationType } from '../../model/enums';
 import { injectRecaptchaFields } from '../../platform_browser/recaptcha/recaptcha_enterprise_verifier';
@@ -109,32 +108,12 @@ export async function sendPasswordResetEmail(
         actionCodeSettings
       );
     }
-    await authentication
-      .sendPasswordResetEmail(authInternal, request)
-      .catch(async error => {
-        if (error.code === `auth/${ServerError.MISSING_RECAPTCHA_TOKEN}`) {
-          console.log(
-            'Password resets are protected by reCAPTCHA for this project. Automatically triggering the reCAPTCHA flow and restarting the password reset flow.'
-          );
-          const requestWithRecaptcha = await injectRecaptchaFields(
-            authInternal,
-            request,
-            RecaptchaActionName.GET_OOB_CODE,
-            true
-          );
-          if (actionCodeSettings) {
-            _setActionCodeSettingsOnRequest(
-              authInternal,
-              requestWithRecaptcha,
-              actionCodeSettings
-            );
-          }
-          await authentication.sendPasswordResetEmail(
-            authInternal,
-            requestWithRecaptcha
-          );
-        } else {
-          return Promise.reject(error);
+    await authentication.sendPasswordResetEmail(authInternal, request).catch(async (error) => {
+      if (error.code === `auth/${AuthErrorCode.MISSING_RECAPTCHA_TOKEN}`) {
+        console.log("Password resets are protected by reCAPTCHA for this project. Automatically triggering the reCAPTCHA flow and restarting the password reset flow.");
+        const requestWithRecaptcha = await injectRecaptchaFields(authInternal, request, RecaptchaActionName.GET_OOB_CODE, true);
+        if (actionCodeSettings) {
+          _setActionCodeSettingsOnRequest(authInternal, requestWithRecaptcha, actionCodeSettings);
         }
       });
   }
@@ -295,16 +274,10 @@ export async function createUserWithEmailAndPassword(
     );
     signUpResponse = signUp(authInternal, requestWithRecaptcha);
   } else {
-    signUpResponse = signUp(authInternal, request).catch(async error => {
-      if (error.code === `auth/${ServerError.MISSING_RECAPTCHA_TOKEN}`) {
-        console.log(
-          'Sign-up is protected by reCAPTCHA for this project. Automatically triggering the reCAPTCHA flow and restarting the sign-up flow.'
-        );
-        const requestWithRecaptcha = await injectRecaptchaFields(
-          authInternal,
-          request,
-          RecaptchaActionName.SIGN_UP_PASSWORD
-        );
+    signUpResponse = signUp(authInternal, request).catch(async (error) => {
+      if (error.code === `auth/${AuthErrorCode.MISSING_RECAPTCHA_TOKEN}`) {
+        console.log("Sign-up is protected by reCAPTCHA for this project. Automatically triggering the reCAPTCHA flow and restarting the sign-up flow.");
+        const requestWithRecaptcha = await injectRecaptchaFields(authInternal, request, RecaptchaActionName.SIGN_UP_PASSWORD);
         return signUp(authInternal, requestWithRecaptcha);
       } else {
         return Promise.reject(error);

packages/auth/src/core/strategies/email_link.ts

@@ -29,7 +29,6 @@ import { _getCurrentUrl } from '../util/location';
 import { _setActionCodeSettingsOnRequest } from './action_code_settings';
 import { signInWithCredential } from './credential';
 import { AuthErrorCode } from '../errors';
-import { ServerError } from '../../api/errors';
 import { _assert } from '../util/assert';
 import { getModularInstance } from '@firebase/util';
 import { _castAuth } from '../auth/auth_impl';
@@ -115,7 +114,7 @@ export async function sendSignInLinkToEmail(
     await api
       .sendSignInLinkToEmail(authInternal, request)
       .catch(async error => {
-        if (error.code === `auth/${ServerError.MISSING_RECAPTCHA_TOKEN}`) {
+        if (error.code === `auth/${AuthErrorCode.MISSING_RECAPTCHA_TOKEN}`) {
           console.log(
             'Email link sign-in is protected by reCAPTCHA for this project. Automatically triggering the reCAPTCHA flow and restarting the sign-in flow.'
           );