Add auth event manager and popup_redirect browser implementation

Author: sam-gc

packages-exp/auth-exp/src/core/auth/auth_event_manager.ts

@@ -0,0 +1,173 @@
+/**
+ * @license
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import { AuthEvent, AuthEventConsumer, EventManager } from '../../model/popup_redirect';
+
+export class AuthEventManager implements EventManager {
+  private readonly consumers: Set<AuthEventConsumer> = new Set();
+
+  registerConsumer(authEventConsumer: AuthEventConsumer): void {
+    this.consumers.add(authEventConsumer);
+  }
+
+  unregisterConsumer(authEventConsumer: AuthEventConsumer): void {
+    this.consumers.delete(authEventConsumer);
+  }
+
+  onEvent(event: AuthEvent): void {
+    this.consumers.forEach(consumer => {
+      if (consumer.filter === event.type && consumer.isMatchingEvent(event.eventId)) {
+        consumer.onAuthEvent(event);
+      }
+    });
+  }
+}
+
+// export abstract class Abstract
+
+// export abstract class AbstractAuthEventManager {
+//   // private readonly redirectOutcomeHandler = new RedirectManager();
+//   private readonly popupOutcomeHandler = new PopupResultManager();
+  
+//   constructor() {}
+
+//   abstract openPopup(
+//     provider: AuthProvider,
+//     authType: AuthEventType,
+//     eventId?: string
+//   ): Promise<AuthPopup>;
+
+//   abstract processRedirect(
+//     auth: Auth,
+//     provider: AuthProvider,
+//     authType: AuthEventType
+//   ): Promise<never>;
+
+//   abstract initializeAndWait(auth: Auth): Promise<void>;
+//   abstract isInitialized(): boolean;
+
+//   async onEvent(event: AuthEvent): Promise<boolean> {
+//     if (event.error && event.type !== AuthEventType.UNKNOWN) {
+//       this.getOutcomeHandler(event.type).broadcastResult(null, event.error);
+//       return true;
+//     }
+
+//     const potentialUser = this.userForEvent(event.eventId);
+
+//     switch (event.type) {
+//       case AuthEventType.SIGN_IN_VIA_POPUP:
+//         if (!this.popupOutcomeHandler.isMatchingEvent(event.eventId)) {
+//           break;
+//         }
+//       // Fallthrough
+//       case AuthEventType.SIGN_IN_VIA_REDIRECT:
+//         this.execIdpTask(event, idp.signIn);
+//         break;
+//       case AuthEventType.LINK_VIA_POPUP:
+//       case AuthEventType.LINK_VIA_REDIRECT:
+//         if (potentialUser) {
+//           this.execIdpTask(event, idp.link, potentialUser);
+//         }
+//         break;
+//       case AuthEventType.REAUTH_VIA_POPUP:
+//       case AuthEventType.REAUTH_VIA_REDIRECT:
+//         if (potentialUser) {
+//           this.execIdpTask(event, idp.reauth, potentialUser);
+//         }
+//         break;
+//     }
+
+//     // Always resolve with the iframe
+//     return true;
+//   }
+
+//   processPopup(
+//     auth: Auth,
+//     provider: AuthProvider,
+//     authType: AuthEventType,
+//     eventId?: string
+//   ): Promise<UserCredential | null> {
+//     // TODO: Fix the dirty hack
+//     this.auth = auth;
+
+//     return this.popupOutcomeHandler.getNewPendingPromise(async () => {
+//       if (!this.isInitialized()) {
+//         await this.initializeAndWait(auth);
+//       }
+
+//       const win = await this.openPopup(auth, provider, authType, eventId);
+//       win.associatedEvent = eventId || null;
+//       return win;
+//     });
+//   }
+
+//   getRedirectResult(auth: Auth): Promise<UserCredential | null> {
+//     // TODO: Fix this dirty hack
+//     this.auth = auth;
+//     return this.redirectOutcomeHandler.getRedirectPromiseOrInit(() => {
+//       if (!this.isInitialized()) {
+//         this.initializeAndWait(auth);
+//       }
+//     });
+//   }
+
+//   private userForEvent(id: string | null): User | undefined {
+//     return this.auth
+//       .getPotentialRedirectUsers_()
+//       .find(u => u.redirectEventId_ === id);
+//   }
+
+//   private getOutcomeHandler(
+//     eventType: AuthEventType
+//   ): PopupRedirectOutcomeHandler {
+//     switch (eventType) {
+//       case AuthEventType.SIGN_IN_VIA_POPUP:
+//       case AuthEventType.LINK_VIA_POPUP:
+//       case AuthEventType.REAUTH_VIA_POPUP:
+//         return this.popupOutcomeHandler;
+//       case AuthEventType.SIGN_IN_VIA_REDIRECT:
+//       case AuthEventType.LINK_VIA_REDIRECT:
+//       case AuthEventType.REAUTH_VIA_REDIRECT:
+//         return this.redirectOutcomeHandler;
+//       default:
+//         throw AUTH_ERROR_FACTORY.create(AuthErrorCode.INTERNAL_ERROR, {
+//           appName: 'TODO'
+//         });
+//     }
+//   }
+
+//   private async execIdpTask(event: AuthEvent, task: idp.IdpTask, user?: User) {
+//     const { urlResponse, sessionId, postBody, tenantId } = event;
+//     const params: idp.IdpTaskParams = {
+//       requestUri: urlResponse!,
+//       sessionId: sessionId!,
+//       auth: this.auth,
+//       tenantId: tenantId || undefined,
+//       postBody: postBody || undefined,
+//       user
+//     };
+
+//     const outcomeHandler = this.getOutcomeHandler(event.type);
+
+//     try {
+//       const cred = await task(params);
+//       outcomeHandler.broadcastResult(cred);
+//     } catch (e) {
+//       outcomeHandler.broadcastResult(null, e);
+//     }
+//   }
+// }

packages-exp/auth-exp/src/model/popup_redirect.d.ts

@@ -0,0 +1,86 @@
+/**
+ * @license
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import * as externs from '@firebase/auth-types-exp';
+
+import { AuthPopup } from '../core/util/popup';
+import { Auth } from './auth';
+import { UserCredential } from './user';
+
+export const enum EventFilter {
+  POPUP,
+  REDIRECT
+}
+
+export const enum GapiOutcome {
+  ACK = 'ACK',
+  ERROR = 'ERROR'
+}
+
+interface GapiAuthEvent extends gapi.iframes.Message {
+  authEvent: AuthEvent;
+}
+
+export const enum AuthEventType {
+  LINK_VIA_POPUP = 'linkViaPopup',
+  LINK_VIA_REDIRECT = 'linkViaRedirect',
+  REAUTH_VIA_POPUP = 'reauthViaPopup',
+  REAUTH_VIA_REDIRECT = 'reauthViaRedirect',
+  SIGN_IN_VIA_POPUP = 'signInViaPopup',
+  SIGN_IN_VIA_REDIRECT = 'signInViaRedirect',
+  UNKNOWN = 'unknown',
+  VERIFY_APP = 'verifyApp'
+}
+
+// TODO: convert from these to FirebaseError
+export interface AuthEventError extends Error {
+  code: string; // in the form of auth/${AuthErrorCode}
+  message: string;
+}
+
+export interface AuthEvent {
+  type: AuthEventType;
+  eventId: string | null;
+  urlResponse: string | null;
+  sessionId: string | null;
+  postBody: string | null;
+  tenantId: string | null;
+  error: AuthEventError;
+}
+
+export interface AuthEventConsumer {
+  readonly filter: AuthEventType;
+  isMatchingEvent(eventId: string | null): boolean;
+  onAuthEvent(event: AuthEvent): unknown;
+}
+
+export interface EventManager {
+  registerConsumer(authEventConsumer: AuthEventConsumer): void;
+  unregisterConsumer(authEventConsumer: AuthEventConsumer): void;
+}
+
+export interface PopupRedirectResolver extends externs.PopupRedirectResolver {
+  initialize(auth: Auth): Promise<EventManager>;
+  // registerConsumer(authEventConsumer: AuthEventConsumer): void;
+  // unregisterConsumer(authEventConsumer: AuthEventConsumer): void;
+  openPopup(
+    auth: Auth,
+    provider: externs.AuthProvider,
+    authType: AuthEventType,
+    eventId?: string
+  ): Promise<AuthPopup>;
+}

packages-exp/auth-exp/src/platform_browser/popup_redirect.ts

@@ -0,0 +1,134 @@
+/**
+ * @license
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import { SDK_VERSION } from '@firebase/app-exp';
+import * as externs from '@firebase/auth-types-exp';
+import { isEmpty, querystring } from '@firebase/util';
+
+import { AuthEventManager } from '../core/auth/auth_event_manager';
+import { AuthErrorCode } from '../core/errors';
+import { OAuthProvider } from '../core/providers/oauth';
+import { assert } from '../core/util/assert';
+import { _generateEventId } from '../core/util/event_id';
+import { _getCurrentUrl } from '../core/util/location';
+import { _open, AuthPopup } from '../core/util/popup';
+import { ApiKey, AppName, Auth } from '../model/auth';
+import {
+    AuthEventType, EventManager, GapiAuthEvent, GapiOutcome, PopupRedirectResolver
+} from '../model/popup_redirect';
+import { _openIframe } from './iframe/iframe';
+
+/**
+ * URL for Authentication widget which will initiate the OAuth handshake
+ */
+const WIDGET_URL = '__/auth/handler';
+
+export class BrowserPopupRedirectResolver implements PopupRedirectResolver {
+  private eventManager: EventManager|null = null;
+
+  openPopup(
+    auth: Auth,
+    provider: externs.AuthProvider,
+    authType: AuthEventType,
+    eventId?: string
+  ): Promise<AuthPopup> {
+    const url = getRedirectUrl(auth, provider, authType, eventId);
+    return Promise.resolve(_open(auth.name, url, _generateEventId()));
+  }
+
+  async initialize(auth: Auth): Promise<EventManager> {
+    if (this.eventManager) {
+      return this.eventManager;
+    }
+
+    const iframe = await _openIframe(auth);
+    const eventManager = new AuthEventManager();
+    iframe.register<GapiAuthEvent>('authEvent',
+      async (message: GapiAuthEvent) => {
+        await eventManager.onEvent(message.authEvent);
+
+        // We always ACK with the iframe
+        return { status: GapiOutcome.ACK };
+      },
+      gapi.iframes.CROSS_ORIGIN_IFRAMES_FILTER
+    );
+
+    this.eventManager = eventManager;
+    return eventManager;
+  }
+}
+
+// eslint-disable-next-line @typescript-eslint/consistent-type-definitions
+type WidgetParams = {
+  apiKey: ApiKey;
+  appName: AppName;
+  authType: AuthEventType;
+  redirectUrl: string;
+  v: string;
+  providerId?: string;
+  scopes?: string;
+  customParameters?: string;
+  eventId?: string;
+};
+
+function getRedirectUrl(
+  auth: Auth,
+  provider: externs.AuthProvider,
+  authType: AuthEventType,
+  eventId?: string
+): string {
+  assert(auth.config.authDomain, auth.name, AuthErrorCode.MISSING_AUTH_DOMAIN);
+  assert(auth.config.apiKey, auth.name, AuthErrorCode.INVALID_API_KEY);
+
+  const params: WidgetParams = {
+    apiKey: auth.config.apiKey,
+    appName: auth.name,
+    authType,
+    redirectUrl: _getCurrentUrl(),
+    v: SDK_VERSION,
+    eventId
+  };
+
+  if (provider instanceof OAuthProvider) {
+    provider.setDefaultLanguage(auth.languageCode);
+    params.providerId = provider.providerId || '';
+    if (!isEmpty(provider.getCustomParameters())) {
+      params.customParameters = JSON.stringify(provider.getCustomParameters());
+    }
+    const scopes = provider.getScopes();
+    if (scopes.length > 0) {
+      params.scopes = scopes.join(',');
+    }
+    // TODO set additionalParams?
+    // let additionalParams = provider.getAdditionalParams();
+    // for (let key in additionalParams) {
+    //   if (!params.hasOwnProperty(key)) {
+    //     params[key] = additionalParams[key]
+    //   }
+    // }
+  }
+
+  // TODO: maybe set tid as tenantId
+  // TODO: maybe set eid as endipointId
+  // TODO: maybe set fw as Frameworks.join(",")
+
+  const url = new URL(
+    `https://${auth.config.authDomain}/${WIDGET_URL}?${querystring(params as Record<string, string|number>)}`
+  );
+
+  return url.toString();
+}