Big refactor of reauth / link + basic idp tasks (#3242)

* Big refactor of reauth / link + basic idp tasks

* PR feedback

* Formatting

Author: sam-gc

packages-exp/auth-exp/src/core/credentials/from_token_response.test.ts

@@ -0,0 +1,43 @@
+/**
+ * @license
+ * Copyright 2020 Google LLC.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import { expect } from 'chai';
+
+import { ProviderId } from '@firebase/auth-types-exp';
+
+import { TEST_ID_TOKEN_RESPONSE } from '../../../test/id_token_response';
+import { _authCredentialFromTokenResponse } from './from_token_response';
+
+describe('src/core/credentials/inferred', () => {
+  it('returns a phone credential if response conains correct fields', () => {
+    const cred = _authCredentialFromTokenResponse({
+      ...TEST_ID_TOKEN_RESPONSE,
+      temporaryProof: 'temporary-proof',
+      phoneNumber: 'phone-number'
+    });
+
+    expect(cred!.providerId).to.eq(ProviderId.PHONE);
+  });
+
+  it('returns null if nothing matches', () => {
+    const cred = _authCredentialFromTokenResponse({
+      ...TEST_ID_TOKEN_RESPONSE
+    });
+
+    expect(cred).to.be.null;
+  });
+});

packages-exp/auth-exp/src/core/credentials/from_token_response.ts

@@ -0,0 +1,36 @@
+/**
+ * @license
+ * Copyright 2020 Google LLC.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import { PhoneOrOauthTokenResponse } from '../../api/authentication/mfa';
+import { SignInWithPhoneNumberResponse } from '../../api/authentication/sms';
+import { AuthCredential } from './';
+import { PhoneAuthCredential } from './phone';
+
+export function _authCredentialFromTokenResponse(
+  response: PhoneOrOauthTokenResponse
+): AuthCredential | null {
+  const {
+    temporaryProof,
+    phoneNumber
+  } = response as SignInWithPhoneNumberResponse;
+  if (temporaryProof && phoneNumber) {
+    return new PhoneAuthCredential({ temporaryProof, phoneNumber });
+  }
+
+  // TODO: Handle Oauth cases
+  return null;
+}

packages-exp/auth-exp/src/core/strategies/credential.test.ts

@@ -36,7 +36,6 @@ import { Auth } from '../../model/auth';
 import { IdTokenResponse } from '../../model/id_token';
 import { User } from '../../model/user';
 import {
-  _assertLinkedStatus,
   linkWithCredential,
   reauthenticateWithCredential,
   signInWithCredential
@@ -167,51 +166,4 @@ describe('core/strategies/credential', () => {
       expect(credential).to.be.null;
     });
   });
-
-  describe('_assertLinkedStatus', () => {
-    it('should error with already linked if expectation is true', async () => {
-      getAccountInfoEndpoint.response = {
-        users: [
-          {
-            ...serverUser,
-            providerUserInfo: [{ providerId: ProviderId.GOOGLE }]
-          }
-        ]
-      };
-
-      await expect(
-        _assertLinkedStatus(false, user, ProviderId.GOOGLE)
-      ).to.be.rejectedWith(
-        FirebaseError,
-        'Firebase: User can only be linked to one identity for the given provider. (auth/provider-already-linked).'
-      );
-    });
-
-    it('should not error if provider is not linked', async () => {
-      await expect(_assertLinkedStatus(false, user, ProviderId.GOOGLE)).not.to
-        .be.rejected;
-    });
-
-    it('should error if provider is not linked but it was expected to be', async () => {
-      await expect(
-        _assertLinkedStatus(true, user, ProviderId.GOOGLE)
-      ).to.be.rejectedWith(
-        FirebaseError,
-        'Firebase: User was not linked to an account with the given provider. (auth/no-such-provider).'
-      );
-    });
-
-    it('should not error if provider is linked and that is expected', async () => {
-      getAccountInfoEndpoint.response = {
-        users: [
-          {
-            ...serverUser,
-            providerUserInfo: [{ providerId: ProviderId.GOOGLE }]
-          }
-        ]
-      };
-      await expect(_assertLinkedStatus(true, user, ProviderId.GOOGLE)).not.to.be
-        .rejected;
-    });
-  });
 });

packages-exp/auth-exp/src/core/strategies/credential.ts

@@ -18,19 +18,14 @@
 import * as externs from '@firebase/auth-types-exp';
 import { OperationType, UserCredential } from '@firebase/auth-types-exp';
 
-import { PhoneOrOauthTokenResponse } from '../../api/authentication/mfa';
-import { SignInWithPhoneNumberResponse } from '../../api/authentication/sms';
 import { Auth } from '../../model/auth';
-import { IdTokenResponse } from '../../model/id_token';
 import { User } from '../../model/user';
 import { AuthCredential } from '../credentials';
-import { PhoneAuthCredential } from '../credentials/phone';
-import { AuthErrorCode } from '../errors';
 import { _parseToken } from '../user/id_token_result';
+import { _assertLinkedStatus, _link } from '../user/link_unlink';
+import { _reauthenticate } from '../user/reauthenticate';
 import { _reloadWithoutSaving } from '../user/reload';
 import { UserCredentialImpl } from '../user/user_credential_impl';
-import { assert, fail } from '../util/assert';
-import { providerDataAsNames } from '../util/providers';
 
 export async function signInWithCredential(
   authExtern: externs.Auth,
@@ -56,14 +51,13 @@ export async function linkWithCredential(
 ): Promise<UserCredential> {
   const user = userExtern as User;
   const credential = credentialExtern as AuthCredential;
+
   await _assertLinkedStatus(false, user, credential.providerId);
 
-  const response = await credential._linkToIdToken(
-    user.auth,
-    await user.getIdToken()
+  return _link(
+    user,
+    credential._linkToIdToken(user.auth, await user.getIdToken())
   );
-
-  return userCredForOperation(user, OperationType.LINK, response);
 }
 
 export async function reauthenticateWithCredential(
@@ -73,76 +67,8 @@ export async function reauthenticateWithCredential(
   const credential = credentialExtern as AuthCredential;
   const user = userExtern as User;
 
-  const { auth, uid } = user;
-  const response = await verifyTokenResponseUid(
-    credential._getReauthenticationResolver(auth),
-    uid,
-    auth.name
+  return _reauthenticate(
+    user,
+    credential._getReauthenticationResolver(user.auth)
   );
-
-  return userCredForOperation(user, OperationType.REAUTHENTICATE, response);
-}
-
-export function _authCredentialFromTokenResponse(
-  response: PhoneOrOauthTokenResponse
-): AuthCredential | null {
-  const {
-    temporaryProof,
-    phoneNumber
-  } = response as SignInWithPhoneNumberResponse;
-  if (temporaryProof && phoneNumber) {
-    return new PhoneAuthCredential({ temporaryProof, phoneNumber });
-  }
-
-  // TODO: Handle Oauth cases
-  return null;
-}
-
-export async function _assertLinkedStatus(
-  expected: boolean,
-  user: User,
-  provider: externs.ProviderId
-): Promise<void> {
-  await _reloadWithoutSaving(user);
-  const providerIds = providerDataAsNames(user.providerData);
-
-  const code =
-    expected === false
-      ? AuthErrorCode.PROVIDER_ALREADY_LINKED
-      : AuthErrorCode.NO_SUCH_PROVIDER;
-  assert(providerIds.has(provider) === expected, user.auth.name, code);
-}
-
-async function verifyTokenResponseUid(
-  idTokenResolver: Promise<IdTokenResponse>,
-  uid: string,
-  appName: string
-): Promise<IdTokenResponse> {
-  try {
-    const response = await idTokenResolver;
-    assert(response.idToken, appName, AuthErrorCode.INTERNAL_ERROR);
-    const parsed = _parseToken(response.idToken);
-    assert(parsed, appName, AuthErrorCode.INTERNAL_ERROR);
-
-    const { sub: localId } = parsed;
-    assert(uid === localId, appName, AuthErrorCode.USER_MISMATCH);
-
-    return response;
-  } catch (e) {
-    // Convert user deleted error into user mismatch
-    if (e?.code === `auth/${AuthErrorCode.USER_DELETED}`) {
-      fail(appName, AuthErrorCode.USER_MISMATCH);
-    }
-    throw e;
-  }
-}
-
-async function userCredForOperation(
-  user: User,
-  opType: OperationType,
-  response: IdTokenResponse
-): Promise<UserCredentialImpl> {
-  const newCred = _authCredentialFromTokenResponse(response);
-  await user._updateTokensIfNecessary(response, /* reload */ true);
-  return new UserCredentialImpl(user, newCred, opType);
 }