Add verifyBeforeUpdate to auth-next

Also add a couple edge cases that I missed first pass around

Author: avolkovi

packages-exp/auth-exp/src/api/account_management/email_and_password.ts

@@ -20,6 +20,7 @@ import { Operation } from '@firebase/auth-types-exp';
 import { Endpoint, HttpMethod, _performApiRequest } from '..';
 import { Auth } from '../../model/auth';
 import { IdTokenResponse } from '../../model/id_token';
+import { MfaEnrollment } from './mfa';
 
 export interface ResetPasswordRequest {
   oobCode: string;
@@ -30,6 +31,7 @@ export interface ResetPasswordResponse {
   email: string;
   newEmail?: string;
   requestType?: Operation;
+  mfaInfo?: MfaEnrollment;
 }
 
 export async function resetPassword(

packages-exp/auth-exp/src/api/authentication/email_and_password.test.ts

@@ -33,7 +33,9 @@ import {
   sendPasswordResetEmail,
   sendSignInLinkToEmail,
   signInWithPassword,
-  VerifyEmailRequest
+  VerifyEmailRequest,
+  verifyAndChangeEmail,
+  VerifyAndChangeEmailRequest
 } from './email_and_password';
 import { Operation } from '@firebase/auth-types-exp';
 
@@ -269,3 +271,61 @@ describe('api/authentication/sendSignInLinkToEmail', () => {
     expect(mock.calls[0].request).to.eql(request);
   });
 });
+
+describe('api/authentication/verifyAndChangeEmail', () => {
+  const request: VerifyAndChangeEmailRequest = {
+    requestType: Operation.VERIFY_AND_CHANGE_EMAIL,
+    idToken: 'id-token',
+    newEmail: '[email protected]'
+  };
+
+  let auth: Auth;
+
+  beforeEach(async () => {
+    auth = await testAuth();
+    mockFetch.setUp();
+  });
+
+  afterEach(mockFetch.tearDown);
+
+  it('should POST to the correct endpoint', async () => {
+    const mock = mockEndpoint(Endpoint.SEND_OOB_CODE, {
+      email: '[email protected]'
+    });
+
+    const response = await verifyAndChangeEmail(auth, request);
+    expect(response.email).to.eq('[email protected]');
+    expect(mock.calls[0].request).to.eql(request);
+    expect(mock.calls[0].method).to.eq('POST');
+    expect(mock.calls[0].headers!.get(HttpHeader.CONTENT_TYPE)).to.eq(
+      'application/json'
+    );
+    expect(mock.calls[0].headers!.get(HttpHeader.X_CLIENT_VERSION)).to.eq(
+      'testSDK/0.0.0'
+    );
+  });
+
+  it('should handle errors', async () => {
+    const mock = mockEndpoint(
+      Endpoint.SEND_OOB_CODE,
+      {
+        error: {
+          code: 400,
+          message: ServerError.INVALID_EMAIL,
+          errors: [
+            {
+              message: ServerError.INVALID_EMAIL
+            }
+          ]
+        }
+      },
+      400
+    );
+
+    await expect(verifyAndChangeEmail(auth, request)).to.be.rejectedWith(
+      FirebaseError,
+      'Firebase: The email address is badly formatted. (auth/invalid-email).'
+    );
+    expect(mock.calls[0].request).to.eql(request);
+  });
+});

packages-exp/auth-exp/src/api/authentication/email_and_password.ts

@@ -78,13 +78,20 @@ export interface EmailSignInRequest extends GetOobCodeRequest {
   email: string;
 }
 
+export interface VerifyAndChangeEmailRequest extends GetOobCodeRequest {
+  requestType: Operation.VERIFY_AND_CHANGE_EMAIL;
+  idToken: IdToken;
+  newEmail: string;
+}
+
 interface GetOobCodeResponse {
   email: string;
 }
 
 export interface VerifyEmailResponse extends GetOobCodeResponse {}
 export interface PasswordResetResponse extends GetOobCodeResponse {}
 export interface EmailSignInResponse extends GetOobCodeResponse {}
+export interface VerifyAndChangeEmailResponse extends GetOobCodeRequest {}
 
 async function sendOobCode(
   auth: Auth,
@@ -118,3 +125,10 @@ export async function sendSignInLinkToEmail(
 ): Promise<EmailSignInResponse> {
   return sendOobCode(auth, request);
 }
+
+export async function verifyAndChangeEmail(
+  auth: Auth,
+  request: VerifyAndChangeEmailRequest
+): Promise<VerifyAndChangeEmailResponse> {
+  return sendOobCode(auth, request);
+}

packages-exp/auth-exp/src/core/strategies/email.test.ts

@@ -31,7 +31,11 @@ import { ServerError } from '../../api/errors';
 import { Auth } from '../../model/auth';
 import { User } from '../../model/user';
 import * as location from '../util/location';
-import { fetchSignInMethodsForEmail, sendEmailVerification } from './email';
+import {
+  fetchSignInMethodsForEmail,
+  sendEmailVerification,
+  verifyBeforeUpdateEmail
+} from './email';
 
 use(chaiAsPromised);
 use(sinonChai);
@@ -107,18 +111,15 @@ describe('core/strategies/fetchSignInMethodsForEmail', () => {
 
 describe('core/strategies/sendEmailVerification', () => {
   const email = '[email protected]';
-  const idToken = 'id-token';
+  const idToken = 'access-token';
   let user: User;
   let auth: Auth;
-  let idTokenStub: SinonStub;
   let reloadStub: SinonStub;
 
   beforeEach(async () => {
     auth = await testAuth();
-    user = testUser(auth, 'my-user-uid', email);
+    user = testUser(auth, 'my-user-uid', email, true);
     mockFetch.setUp();
-    idTokenStub = stub(user, 'getIdToken');
-    idTokenStub.callsFake(async () => idToken);
     reloadStub = stub(user, 'reload');
   });
 
@@ -214,3 +215,115 @@ describe('core/strategies/sendEmailVerification', () => {
     });
   });
 });
+
+describe('core/strategies/verifyBeforeUpdateEmail', () => {
+  const email = '[email protected]';
+  const newEmail = '[email protected]';
+  const idToken = 'access-token';
+  let user: User;
+  let auth: Auth;
+  let reloadStub: SinonStub;
+
+  beforeEach(async () => {
+    auth = await testAuth();
+    user = testUser(auth, 'my-user-uid', email, true);
+    mockFetch.setUp();
+    reloadStub = stub(user, 'reload');
+  });
+
+  afterEach(() => {
+    mockFetch.tearDown();
+    restore();
+  });
+
+  it('should send the email verification', async () => {
+    const mock = mockEndpoint(Endpoint.SEND_OOB_CODE, {
+      requestType: Operation.VERIFY_AND_CHANGE_EMAIL,
+      email
+    });
+
+    await verifyBeforeUpdateEmail(user, newEmail);
+
+    expect(reloadStub).to.not.have.been.called;
+    expect(mock.calls[0].request).to.eql({
+      requestType: Operation.VERIFY_AND_CHANGE_EMAIL,
+      idToken,
+      newEmail
+    });
+  });
+
+  it('should reload the user if the API returns a different email', async () => {
+    const mock = mockEndpoint(Endpoint.SEND_OOB_CODE, {
+      requestType: Operation.VERIFY_AND_CHANGE_EMAIL,
+      email: '[email protected]'
+    });
+
+    await verifyBeforeUpdateEmail(user, newEmail);
+
+    expect(reloadStub).to.have.been.calledOnce;
+    expect(mock.calls[0].request).to.eql({
+      requestType: Operation.VERIFY_AND_CHANGE_EMAIL,
+      idToken,
+      newEmail
+    });
+  });
+
+  context('on iOS', () => {
+    it('should pass action code parameters', async () => {
+      const mock = mockEndpoint(Endpoint.SEND_OOB_CODE, {
+        requestType: Operation.VERIFY_AND_CHANGE_EMAIL,
+        email
+      });
+      await verifyBeforeUpdateEmail(user, newEmail, {
+        handleCodeInApp: true,
+        iOS: {
+          bundleId: 'my-bundle',
+          appStoreId: 'my-appstore-id'
+        },
+        url: 'my-url',
+        dynamicLinkDomain: 'fdl-domain'
+      });
+
+      expect(mock.calls[0].request).to.eql({
+        requestType: Operation.VERIFY_AND_CHANGE_EMAIL,
+        idToken,
+        newEmail,
+        continueUrl: 'my-url',
+        dynamicLinkDomain: 'fdl-domain',
+        canHandleCodeInApp: true,
+        iosBundleId: 'my-bundle',
+        iosAppStoreId: 'my-appstore-id'
+      });
+    });
+  });
+
+  context('on Android', () => {
+    it('should pass action code parameters', async () => {
+      const mock = mockEndpoint(Endpoint.SEND_OOB_CODE, {
+        requestType: Operation.VERIFY_AND_CHANGE_EMAIL,
+        email
+      });
+      await verifyBeforeUpdateEmail(user, newEmail, {
+        handleCodeInApp: true,
+        android: {
+          installApp: false,
+          minimumVersion: 'my-version',
+          packageName: 'my-package'
+        },
+        url: 'my-url',
+        dynamicLinkDomain: 'fdl-domain'
+      });
+      expect(mock.calls[0].request).to.eql({
+        requestType: Operation.VERIFY_AND_CHANGE_EMAIL,
+        idToken,
+        newEmail,
+        continueUrl: 'my-url',
+        dynamicLinkDomain: 'fdl-domain',
+        canHandleCodeInApp: true,
+        androidInstallApp: false,
+        androidMinimumVersionCode: 'my-version',
+        androidPackageName: 'my-package'
+      });
+    });
+  });
+});

packages-exp/auth-exp/src/core/strategies/email.ts

@@ -65,3 +65,28 @@ export async function sendEmailVerification(
     await user.reload();
   }
 }
+
+export async function verifyBeforeUpdateEmail(
+  userExtern: externs.User,
+  newEmail: string,
+  actionCodeSettings?: externs.ActionCodeSettings | null
+): Promise<void> {
+  const user = userExtern as User;
+  const idToken = await user.getIdToken();
+  const request: api.VerifyAndChangeEmailRequest = {
+    requestType: externs.Operation.VERIFY_AND_CHANGE_EMAIL,
+    idToken,
+    newEmail
+  };
+  if (actionCodeSettings) {
+    setActionCodeSettingsOnRequest(request, actionCodeSettings);
+  }
+
+  const { email } = await api.verifyAndChangeEmail(user.auth, request);
+
+  if (email !== user.email) {
+    // If the local copy of the email on user is outdated, reload the
+    // user.
+    await user.reload();
+  }
+}

packages-exp/auth-exp/src/core/strategies/email_and_password.test.ts

@@ -250,7 +250,8 @@ describe('core/strategies/checkActionCode', () => {
     expect(response).to.eql({
       data: {
         email,
-        previousEmail: null
+        previousEmail: null,
+        multiFactorInfo: null
       },
       operation: Operation.PASSWORD_RESET
     });
@@ -269,7 +270,8 @@ describe('core/strategies/checkActionCode', () => {
     expect(response).to.eql({
       data: {
         email,
-        previousEmail: newEmail
+        previousEmail: newEmail,
+        multiFactorInfo: null
       },
       operation: Operation.PASSWORD_RESET
     });

packages-exp/auth-exp/src/core/strategies/email_and_password.ts

@@ -20,13 +20,13 @@ import * as externs from '@firebase/auth-types-exp';
 import * as account from '../../api/account_management/email_and_password';
 import * as authentication from '../../api/authentication/email_and_password';
 import { Auth } from '../../model/auth';
-import { AuthErrorCode } from '../errors';
 import { EmailAuthProvider } from '../providers/email';
 import { setActionCodeSettingsOnRequest } from './action_code_settings';
 import { signInWithCredential } from './credential';
 import { UserCredentialImpl } from '../user/user_credential_impl';
 import { signUp } from '../../api/authentication/sign_up';
 import { assert } from '../util/assert';
+import { MultiFactorInfo } from '../../mfa/mfa_info';
 
 export async function sendPasswordResetEmail(
   auth: externs.Auth,
@@ -73,16 +73,30 @@ export async function checkActionCode(
   // VERIFY_AND_CHANGE_EMAIL.
   // New email should not be empty if the request type is
   // VERIFY_AND_CHANGE_EMAIL.
+  // Multi-factor info could not be empty if the request type is
+  // REVERT_SECOND_FACTOR_ADDITION.
   const operation = response.requestType;
-  assert(operation, auth.name, AuthErrorCode.INTERNAL_ERROR);
+  assert(operation, auth.name);
   switch (operation) {
     case externs.Operation.EMAIL_SIGNIN:
       break;
     case externs.Operation.VERIFY_AND_CHANGE_EMAIL:
-      assert(response.newEmail, auth.name, AuthErrorCode.INTERNAL_ERROR);
+      assert(response.newEmail, auth.name);
       break;
+    case externs.Operation.REVERT_SECOND_FACTOR_ADDITION:
+      assert(response.mfaInfo, auth.name);
+    // fall through
     default:
-      assert(response.email, auth.name, AuthErrorCode.INTERNAL_ERROR);
+      assert(response.email, auth.name);
+  }
+
+  // The multi-factor info for revert second factor addition
+  let multiFactorInfo: MultiFactorInfo | null = null;
+  if (response.mfaInfo) {
+    multiFactorInfo = MultiFactorInfo._fromServerResponse(
+      auth as Auth,
+      response.mfaInfo
+    );
   }
 
   return {
@@ -94,8 +108,8 @@ export async function checkActionCode(
       previousEmail:
         (response.requestType === externs.Operation.VERIFY_AND_CHANGE_EMAIL
           ? response.email
-          : response.newEmail) || null
-      /* multiFactorInfo: MultiFactorInfo | null; */
+          : response.newEmail) || null,
+      multiFactorInfo
     },
     operation
   };

packages-exp/auth-exp/src/core/strategies/phone.test.ts

@@ -344,7 +344,7 @@ describe('core/strategies/phone', () => {
         });
       });
 
-      it('works when completing the sign in flow, ignoring the supplied phone number', async () => {
+      it('works when completing the sign in flow', async () => {
         const endpoint = mockEndpoint(Endpoint.START_PHONE_MFA_SIGN_IN, {
           phoneResponseInfo: {
             sessionInfo: 'session-info'
@@ -361,7 +361,6 @@ describe('core/strategies/phone', () => {
         const sessionInfo = await _verifyPhoneNumber(
           auth,
           {
-            phoneNumber: 'phone-number-from-user',
             session,
             multiFactorHint: mfaInfo
           },