Merge master into release

Author: google-oss-bot

.changeset/chilly-emus-sit.md

@@ -0,0 +1,5 @@
+---
+'@firebase/app': patch
+---
+
+App - provide a more robust check to cover more cases of empty heartbeat data.

.changeset/eight-planets-sleep.md

@@ -0,0 +1,6 @@
+---
+'@firebase/auth': minor
+'firebase': minor
+---
+
+[feature] Add sign-in with Apple token revocation support.

.changeset/strong-coins-repeat.md

@@ -0,0 +1,5 @@
+---
+'@firebase/firestore-compat': patch
+---
+
+Allow converter return value of undefined.

.changeset/tiny-items-grin.md

@@ -0,0 +1,5 @@
+---
+'@firebase/auth': patch
+---
+
+Fixes https://github.com/firebase/firebase-js-sdk/issues/7675

common/api-review/auth.api.md

@@ -725,6 +725,9 @@ export class RecaptchaVerifier implements ApplicationVerifierInternal {
 // @public
 export function reload(user: User): Promise<void>;
 
+// @public
+export function revokeAccessToken(auth: Auth, token: string): Promise<void>;
+
 // Warning: (ae-forgotten-export) The symbol "FederatedAuthProvider" needs to be exported by the entry point index.d.ts
 //
 // @public

docs-devsite/auth.md

@@ -35,6 +35,7 @@ Firebase Authentication
 |  [isSignInWithEmailLink(auth, emailLink)](./auth.md#issigninwithemaillink) | Checks if an incoming link is a sign-in with email link suitable for [signInWithEmailLink()](./auth.md#signinwithemaillink)<!-- -->. |
 |  [onAuthStateChanged(auth, nextOrObserver, error, completed)](./auth.md#onauthstatechanged) | Adds an observer for changes to the user's sign-in state. |
 |  [onIdTokenChanged(auth, nextOrObserver, error, completed)](./auth.md#onidtokenchanged) | Adds an observer for changes to the signed-in user's ID token. |
+|  [revokeAccessToken(auth, token)](./auth.md#revokeaccesstoken) | Revokes the given access token. Currently only supports Apple OAuth access tokens. |
 |  [sendPasswordResetEmail(auth, email, actionCodeSettings)](./auth.md#sendpasswordresetemail) | Sends a password reset email to the given email address. |
 |  [sendSignInLinkToEmail(auth, email, actionCodeSettings)](./auth.md#sendsigninlinktoemail) | Sends a sign-in email link to the user with the specified email. |
 |  [setPersistence(auth, persistence)](./auth.md#setpersistence) | Changes the type of persistence on the [Auth](./auth.auth.md#auth_interface) instance for the currently saved <code>Auth</code> session and applies this type of persistence for future sign-in requests, including sign-in with redirect requests. |
@@ -598,6 +599,27 @@ export declare function onIdTokenChanged(auth: Auth, nextOrObserver: NextOrObser
 
 [Unsubscribe](./util.md#unsubscribe)
 
+## revokeAccessToken()
+
+Revokes the given access token. Currently only supports Apple OAuth access tokens.
+
+<b>Signature:</b>
+
+```typescript
+export declare function revokeAccessToken(auth: Auth, token: string): Promise<void>;
+```
+
+### Parameters
+
+|  Parameter | Type | Description |
+|  --- | --- | --- |
+|  auth | [Auth](./auth.auth.md#auth_interface) | The [Auth](./auth.auth.md#auth_interface) instance. |
+|  token | string | The Apple OAuth access token. |
+
+<b>Returns:</b>
+
+Promise&lt;void&gt;
+
 ## sendPasswordResetEmail()
 
 Sends a password reset email to the given email address.

packages/app/src/heartbeatService.ts

@@ -88,7 +88,7 @@ export class HeartbeatServiceImpl implements HeartbeatService {
     // service, not the browser user agent.
     const agent = platformLogger.getPlatformInfoString();
     const date = getUTCDateString();
-    if (this._heartbeatsCache === null) {
+    if (this._heartbeatsCache?.heartbeats == null) {
       this._heartbeatsCache = await this._heartbeatsCachePromise;
     }
     // Do not store a heartbeat if one is already stored for this day
@@ -128,7 +128,7 @@ export class HeartbeatServiceImpl implements HeartbeatService {
     }
     // If it's still null or the array is empty, there is no data to send.
     if (
-      this._heartbeatsCache === null ||
+      this._heartbeatsCache?.heartbeats == null ||
       this._heartbeatsCache.heartbeats.length === 0
     ) {
       return '';

packages/auth/demo/src/index.js

@@ -73,7 +73,8 @@ import {
   browserPopupRedirectResolver,
   connectAuthEmulator,
   initializeRecaptchaConfig,
-  validatePassword
+  validatePassword,
+  revokeAccessToken
 } from '@firebase/auth';
 
 import { config } from './config';
@@ -1730,13 +1731,58 @@ function logAdditionalUserInfo(response) {
  * Deletes the user account.
  */
 function onDelete() {
-  activeUser()
-    ['delete']()
-    .then(() => {
-      log('User successfully deleted.');
-      alertSuccess('User successfully deleted.');
-      refreshUserData();
-    }, onAuthError);
+  let isAppleProviderLinked = false;
+
+  for (const provider of activeUser().providerData) {
+    if (provider.providerId == 'apple.com') {
+      isAppleProviderLinked = true;
+      break;
+    }
+  }
+
+  if (isAppleProviderLinked) {
+    revokeAppleTokenAndDeleteUser();
+  } else {
+    activeUser()
+      ['delete']()
+      .then(() => {
+        log('User successfully deleted.');
+        alertSuccess('User successfully deleted.');
+        refreshUserData();
+      }, onAuthError);
+  }
+}
+
+function revokeAppleTokenAndDeleteUser() {
+  // Re-auth then revoke the token
+  const provider = new OAuthProvider('apple.com');
+  provider.addScope('email');
+  provider.addScope('name');
+
+  const auth = getAuth();
+  signInWithPopup(auth, provider).then(result => {
+    // The signed-in user info.
+    const credential = OAuthProvider.credentialFromResult(result);
+    const accessToken = credential.accessToken;
+
+    revokeAccessToken(auth, accessToken)
+      .then(() => {
+        log('Token successfully revoked.');
+
+        // Usual user deletion
+        activeUser()
+          ['delete']()
+          .then(() => {
+            log('User successfully deleted.');
+            alertSuccess('User successfully deleted.');
+            refreshUserData();
+          }, onAuthError);
+      })
+      .catch(error => {
+        log('Failed to revoke token. ', error.message);
+        alertError('Failed to revoke token. ', error.message);
+      });
+  });
 }
 
 /**

packages/auth/src/api/account_management/email_and_password.test.ts

@@ -27,6 +27,7 @@ import * as mockFetch from '../../../test/helpers/mock_fetch';
 import { ServerError } from '../errors';
 import {
   applyActionCode,
+  linkEmailPassword,
   resetPassword,
   updateEmailPassword
 } from './email_and_password';
@@ -91,6 +92,65 @@ describe('api/account_management/resetPassword', () => {
   });
 });
 
+describe('api/account_management/linkEmailPassword', () => {
+  const request = {
+    idToken: 'id-token',
+    returnSecureToken: true,
+    email: '[email protected]',
+    password: 'new-password'
+  };
+
+  let auth: TestAuth;
+
+  beforeEach(async () => {
+    auth = await testAuth();
+    mockFetch.setUp();
+  });
+
+  afterEach(mockFetch.tearDown);
+
+  it('should POST to the correct endpoint', async () => {
+    const mock = mockEndpoint(Endpoint.SIGN_UP, {
+      idToken: 'id-token'
+    });
+
+    const response = await linkEmailPassword(auth, request);
+    expect(response.idToken).to.eq('id-token');
+    expect(mock.calls[0].request).to.eql(request);
+    expect(mock.calls[0].method).to.eq('POST');
+    expect(mock.calls[0].headers!.get(HttpHeader.CONTENT_TYPE)).to.eq(
+      'application/json'
+    );
+    expect(mock.calls[0].headers!.get(HttpHeader.X_CLIENT_VERSION)).to.eq(
+      'testSDK/0.0.0'
+    );
+  });
+
+  it('should handle errors', async () => {
+    const mock = mockEndpoint(
+      Endpoint.SIGN_UP,
+      {
+        error: {
+          code: 400,
+          message: ServerError.INVALID_EMAIL,
+          errors: [
+            {
+              message: ServerError.INVALID_EMAIL
+            }
+          ]
+        }
+      },
+      400
+    );
+
+    await expect(linkEmailPassword(auth, request)).to.be.rejectedWith(
+      FirebaseError,
+      'Firebase: The email address is badly formatted. (auth/invalid-email).'
+    );
+    expect(mock.calls[0].request).to.eql(request);
+  });
+});
+
 describe('api/account_management/updateEmailPassword', () => {
   const request = {
     idToken: 'id-token',

packages/auth/src/api/account_management/email_and_password.ts

@@ -25,6 +25,7 @@ import {
 } from '../index';
 import { IdTokenResponse } from '../../model/id_token';
 import { MfaEnrollment } from './mfa';
+import { SignUpRequest, SignUpResponse } from '../authentication/sign_up';
 
 export interface ResetPasswordRequest {
   oobCode: string;
@@ -69,6 +70,20 @@ export async function updateEmailPassword(
   >(auth, HttpMethod.POST, Endpoint.SET_ACCOUNT_INFO, request);
 }
 
+// Used for linking an email/password account to an existing idToken. Uses the same request/response
+// format as updateEmailPassword.
+export async function linkEmailPassword(
+  auth: Auth,
+  request: SignUpRequest
+): Promise<SignUpResponse> {
+  return _performApiRequest<SignUpRequest, SignUpResponse>(
+    auth,
+    HttpMethod.POST,
+    Endpoint.SIGN_UP,
+    request
+  );
+}
+
 export interface ApplyActionCodeRequest {
   oobCode: string;
   tenantId?: string;

packages/auth/src/api/authentication/sign_up.ts

@@ -27,6 +27,7 @@ import { IdTokenResponse } from '../../model/id_token';
 import { Auth } from '../../model/public_types';
 
 export interface SignUpRequest {
+  idToken?: string;
   returnSecureToken?: boolean;
   email?: string;
   password?: string;

packages/auth/src/api/authentication/token.test.ts

@@ -21,11 +21,12 @@ import chaiAsPromised from 'chai-as-promised';
 
 import { FirebaseError, getUA, querystringDecode } from '@firebase/util';
 
-import { HttpHeader } from '../';
+import { Endpoint, HttpHeader } from '../';
+import { mockEndpoint } from '../../../test/helpers/api/helper';
 import { testAuth, TestAuth } from '../../../test/helpers/mock_auth';
 import * as fetch from '../../../test/helpers/mock_fetch';
 import { ServerError } from '../errors';
-import { Endpoint, requestStsToken } from './token';
+import { TokenType, requestStsToken, revokeToken } from './token';
 import { SDK_VERSION } from '@firebase/app';
 import { _getBrowserName } from '../../core/util/browser';
 
@@ -143,3 +144,63 @@ describe('requestStsToken', () => {
     });
   });
 });
+
+describe('api/authentication/revokeToken', () => {
+  const request = {
+    providerId: 'provider-id',
+    tokenType: TokenType.ACCESS_TOKEN,
+    token: 'token',
+    idToken: 'id-token'
+  };
+
+  let auth: TestAuth;
+
+  beforeEach(async () => {
+    auth = await testAuth();
+    fetch.setUp();
+  });
+
+  afterEach(() => {
+    fetch.tearDown();
+  });
+
+  it('should POST to the correct endpoint', async () => {
+    const mock = mockEndpoint(Endpoint.REVOKE_TOKEN, {});
+
+    auth.tenantId = 'tenant-id';
+    await revokeToken(auth, request);
+    // Currently, backend returns an empty response.
+    expect(mock.calls[0].request).to.eql({ ...request, tenantId: 'tenant-id' });
+    expect(mock.calls[0].method).to.eq('POST');
+    expect(mock.calls[0].headers!.get(HttpHeader.CONTENT_TYPE)).to.eq(
+      'application/json'
+    );
+    expect(mock.calls[0].headers!.get(HttpHeader.X_CLIENT_VERSION)).to.eq(
+      'testSDK/0.0.0'
+    );
+  });
+
+  it('should handle errors', async () => {
+    const mock = mockEndpoint(
+      Endpoint.REVOKE_TOKEN,
+      {
+        error: {
+          code: 400,
+          message: ServerError.INVALID_IDP_RESPONSE,
+          errors: [
+            {
+              message: ServerError.INVALID_IDP_RESPONSE
+            }
+          ]
+        }
+      },
+      400
+    );
+
+    await expect(revokeToken(auth, request)).to.be.rejectedWith(
+      FirebaseError,
+      'Firebase: The supplied auth credential is malformed or has expired. (auth/invalid-credential).'
+    );
+    expect(mock.calls[0].request).to.eql(request);
+  });
+});