Update password policy in reset password flow when the password does not meet the backend requirements #7434

ch5zzy · 2023-07-10T19:05:53Z

Update the cached password policy when the reset password flow (confirmPasswordReset) receives a PASSWORD_DOES_NOT_MEET_REQUIREMENTS error.

changeset-bot · 2023-07-10T19:05:56Z

⚠️ No Changeset found

Latest commit: 70383b1

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

google-oss-bot · 2023-07-10T19:26:47Z

Size Report ¹

Affected Products

`@firebase/auth`

Type	Base (`d40ca7d`)	Merge (`9b4251c`)	Diff
browser	175 kB	176 kB	+268 B (+0.2%)
cordova	204 kB	204 kB	+647 B (+0.3%)
esm5	229 kB	229 kB	+647 B (+0.3%)
main	173 kB	174 kB	+671 B (+0.4%)
module	175 kB	176 kB	+268 B (+0.2%)
react-native	188 kB	189 kB	+679 B (+0.4%)

@firebase/auth/cordova
Type Base (d40ca7d) Merge (9b4251c) Diff
browser 204 kB 204 kB +647 B (+0.3%)
module 204 kB 204 kB +647 B (+0.3%)
@firebase/auth/internal
Type Base (d40ca7d) Merge (9b4251c) Diff
browser 186 kB 186 kB +268 B (+0.1%)
esm5 242 kB 243 kB +647 B (+0.3%)
main 209 kB 210 kB +681 B (+0.3%)
module 186 kB 186 kB +268 B (+0.1%)
@firebase/auth/react-native
Type Base (d40ca7d) Merge (9b4251c) Diff
browser 188 kB 189 kB +679 B (+0.4%)
module 188 kB 189 kB +679 B (+0.4%)

`firebase`

Type	Base (`d40ca7d`)	Merge (`9b4251c`)	Diff
firebase-auth-compat.js	136 kB	136 kB	+148 B (+0.1%)
firebase-auth-cordova.js	152 kB	152 kB	+464 B (+0.3%)
firebase-auth-react-native.js	164 kB	164 kB	+508 B (+0.3%)
firebase-auth.js	130 kB	130 kB	+150 B (+0.1%)
firebase-compat.js	777 kB	777 kB	+148 B (+0.0%)

Test Logs

https://storage.googleapis.com/firebase-sdk-metric-reports/DAgAnPaNgF.html

google-oss-bot · 2023-07-10T19:56:43Z

Size Analysis Report ¹

Affected Products

`@firebase/auth`

`confirmPasswordReset`

Size

Type	Base (`d40ca7d`)	Merge (`9b4251c`)	Diff
size	38.6 kB	38.8 kB	+221 B (+0.6%)
size-with-ext-deps	59.3 kB	59.6 kB	+221 B (+0.4%)

Dependency

Type Base (d40ca7d) Merge (9b4251c) Diff

functions

57 dependencies

_addTidIfNecessary
_assert
_castAuth
_createError
_emulatorUrl
_errorWithCustomMessage
_fail
_getBrowserName
_getClientVersion
_getCurrentScheme
_getFinalTarget
_getInstance
_getPasswordPolicy
_getUserLanguage
_initializeAuthInstance
_isAndroid
_isBlackBerry
_isChromeIOS
_isFirefox
_isHttpOrHttps
_isIEMobile
_isOnline
_isSafari
_isWebOS
_loadJS
_logError
_logWarn
_logoutIfInvalidated
_makeTaggedError
_parseToken
_performApiRequest
_performFetchWithErrorHandling
_persistenceKeyName
_prodErrorMap
_reloadWithoutSaving
_tokenExpiresIn
assertStringOrUndefined
confirmPasswordReset
createErrorInternal
debugAssert
debugFail
deleteAccount
extractProviderData
getAccountInfo
getIdTokenResult
getRecaptchaConfig
getScriptParentElement
getVersionForPlatform
isEnterprise
isUserInvalidated
mergeProviderData
registerAuth
reload
requestStsToken
resetPassword
secondsStringToMilliseconds
utcTimestampToDateString

58 dependencies

_addTidIfNecessary
_assert
_castAuth
_createError
_emulatorUrl
_errorWithCustomMessage
_fail
_getBrowserName
_getClientVersion
_getCurrentScheme
_getFinalTarget
_getInstance
_getPasswordPolicy
_getUserLanguage
_initializeAuthInstance
_isAndroid
_isBlackBerry
_isChromeIOS
_isFirefox
_isHttpOrHttps
_isIEMobile
_isOnline
_isSafari
_isWebOS
_loadJS
_logError
_logWarn
_logoutIfInvalidated
_makeTaggedError
_parseToken
_performApiRequest
_performFetchWithErrorHandling
_persistenceKeyName
_prodErrorMap
_reloadWithoutSaving
_tokenExpiresIn
assertStringOrUndefined
confirmPasswordReset
createErrorInternal
debugAssert
debugFail
deleteAccount
extractProviderData
getAccountInfo
getIdTokenResult
getRecaptchaConfig
getScriptParentElement
getVersionForPlatform
isEnterprise
isUserInvalidated
mergeProviderData
recachePasswordPolicy
registerAuth
reload
requestStsToken
resetPassword
secondsStringToMilliseconds
utcTimestampToDateString

+ recachePasswordPolicy

`createUserWithEmailAndPassword`

Size

Type	Base (`d40ca7d`)	Merge (`9b4251c`)	Diff
size	40.4 kB	40.5 kB	+51 B (+0.1%)
size-with-ext-deps	61.2 kB	61.3 kB	+51 B (+0.1%)

Dependency

Type Base (d40ca7d) Merge (9b4251c) Diff

functions

60 dependencies

_addTidIfNecessary
_assert
_castAuth
_createError
_emulatorUrl
_errorWithCustomMessage
_fail
_getBrowserName
_getClientVersion
_getCurrentScheme
_getFinalTarget
_getInstance
_getPasswordPolicy
_getUserLanguage
_initializeAuthInstance
_isAndroid
_isBlackBerry
_isChromeIOS
_isFirefox
_isHttpOrHttps
_isIEMobile
_isOnline
_isSafari
_isWebOS
_loadJS
_logError
_logWarn
_logoutIfInvalidated
_makeTaggedError
_parseToken
_performApiRequest
_performFetchWithErrorHandling
_performSignInRequest
_persistenceKeyName
_prodErrorMap
_reloadWithoutSaving
_tokenExpiresIn
assertStringOrUndefined
createErrorInternal
createUserWithEmailAndPassword
debugAssert
debugFail
deleteAccount
extractProviderData
getAccountInfo
getIdTokenResult
getRecaptchaConfig
getScriptParentElement
getVersionForPlatform
injectRecaptchaFields
isEnterprise
isUserInvalidated
mergeProviderData
providerIdForResponse
registerAuth
reload
requestStsToken
secondsStringToMilliseconds
signUp
utcTimestampToDateString

61 dependencies

_addTidIfNecessary
_assert
_castAuth
_createError
_emulatorUrl
_errorWithCustomMessage
_fail
_getBrowserName
_getClientVersion
_getCurrentScheme
_getFinalTarget
_getInstance
_getPasswordPolicy
_getUserLanguage
_initializeAuthInstance
_isAndroid
_isBlackBerry
_isChromeIOS
_isFirefox
_isHttpOrHttps
_isIEMobile
_isOnline
_isSafari
_isWebOS
_loadJS
_logError
_logWarn
_logoutIfInvalidated
_makeTaggedError
_parseToken
_performApiRequest
_performFetchWithErrorHandling
_performSignInRequest
_persistenceKeyName
_prodErrorMap
_reloadWithoutSaving
_tokenExpiresIn
assertStringOrUndefined
createErrorInternal
createUserWithEmailAndPassword
debugAssert
debugFail
deleteAccount
extractProviderData
getAccountInfo
getIdTokenResult
getRecaptchaConfig
getScriptParentElement
getVersionForPlatform
injectRecaptchaFields
isEnterprise
isUserInvalidated
mergeProviderData
providerIdForResponse
recachePasswordPolicy
registerAuth
reload
requestStsToken
secondsStringToMilliseconds
signUp
utcTimestampToDateString

+ recachePasswordPolicy

Test Logs

https://storage.googleapis.com/firebase-sdk-metric-reports/wJU35hbMfS.html

* Define internal password policy typings

* Define PasswordPolicyImpl * Add PasswordPolicyCustomStrengthOptions internal typing

* Update Auth to use PasswordPolicyImpl for validation * Rename _getPasswordPolicy to _getPasswordPolicyInternal

…tch API proposal (#7456) * Implement validatePassword * Fix allowedNonAlphanumericCharacters typing to match API proposal

Xiaoshouzi-gh

Mostly LTGM.
There are some strings that show up more than once in the test, please consider putting them to a constant.

packages/auth/src/core/strategies/email_and_password.ts

packages/auth/src/core/strategies/email_and_password.test.ts

ch5zzy · 2023-07-14T17:52:51Z

The strings that are duplicated are used in test cases that I didn't write, but I'll extract the strings that I also use into global constants to help clean up code style since these tests should have done this originally.

ch5zzy added 2 commits July 10, 2023 11:43

Update confirmPasswordReset to handle password requirements error

1067b56

Add and refactor tests

8bfac9c

ch5zzy and others added 6 commits July 13, 2023 14:44

Define internal password policy typings (#7446)

ace9a53

* Define internal password policy typings

Define implementation of internal password policy class (#7447)

525c2ab

* Define PasswordPolicyImpl * Add PasswordPolicyCustomStrengthOptions internal typing

Update Auth to use PasswordPolicyImpl for validation (#7451)

74515b7

* Update Auth to use PasswordPolicyImpl for validation * Rename _getPasswordPolicy to _getPasswordPolicyInternal

Implement validatePassword endpoint and fix PasswordPolicy type to ma…

b87eb45

…tch API proposal (#7456) * Implement validatePassword * Fix allowedNonAlphanumericCharacters typing to match API proposal

Merge branch 'password-policy' into update-policy-in-reset-password-flow

85ef848

Fix formatting and tests

6ba19df

ch5zzy requested a review from Xiaoshouzi-gh July 13, 2023 22:26

ch5zzy marked this pull request as ready for review July 13, 2023 22:26

ch5zzy requested review from lisajian, prameshj, renkelvin, sam-gc and a team as code owners July 13, 2023 22:26

ch5zzy changed the title ~~Update password policy in reset password flow~~ Update password policy in reset password flow when the password does not meet the backend requirements Jul 13, 2023

Xiaoshouzi-gh approved these changes Jul 14, 2023

View reviewed changes

packages/auth/src/core/strategies/email_and_password.ts Outdated Show resolved Hide resolved

packages/auth/src/core/strategies/email_and_password.test.ts Outdated Show resolved Hide resolved

Rename caching helper method and clean up test cases

70383b1

ch5zzy merged commit 1025840 into password-policy Jul 14, 2023

ch5zzy deleted the update-policy-in-reset-password-flow branch July 14, 2023 18:59

firebase locked and limited conversation to collaborators Aug 14, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Update password policy in reset password flow when the password does not meet the backend requirements #7434

Update password policy in reset password flow when the password does not meet the backend requirements #7434

Uh oh!

ch5zzy commented Jul 10, 2023

Uh oh!

changeset-bot bot commented Jul 10, 2023 •

edited

Loading

Uh oh!

google-oss-bot commented Jul 10, 2023 •

edited

Loading

`@firebase/auth`

`@firebase/auth/cordova`

`@firebase/auth/internal`

`@firebase/auth/react-native`

`firebase`

Uh oh!

google-oss-bot commented Jul 10, 2023 •

edited

Loading

`@firebase/auth`

`confirmPasswordReset`

`createUserWithEmailAndPassword`

Uh oh!

Xiaoshouzi-gh left a comment

Uh oh!

Uh oh!

Uh oh!

ch5zzy commented Jul 14, 2023

Uh oh!

Uh oh!

Update password policy in reset password flow when the password does not meet the backend requirements #7434

Update password policy in reset password flow when the password does not meet the backend requirements #7434

Uh oh!

Conversation

ch5zzy commented Jul 10, 2023

Uh oh!

changeset-bot bot commented Jul 10, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

⚠️ No Changeset found

Uh oh!

google-oss-bot commented Jul 10, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Size Report 1

Affected Products

@firebase/auth

@firebase/auth/cordova

@firebase/auth/internal

@firebase/auth/react-native

firebase

Test Logs

Uh oh!

google-oss-bot commented Jul 10, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Size Analysis Report 1

Affected Products

@firebase/auth

confirmPasswordReset

createUserWithEmailAndPassword

Test Logs

Uh oh!

Xiaoshouzi-gh left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

ch5zzy commented Jul 14, 2023

Uh oh!

Uh oh!

changeset-bot bot commented Jul 10, 2023 •

edited

Loading

google-oss-bot commented Jul 10, 2023 •

edited

Loading

Size Report ¹

`@firebase/auth`

`@firebase/auth/cordova`

`@firebase/auth/internal`

`@firebase/auth/react-native`

`firebase`

google-oss-bot commented Jul 10, 2023 •

edited

Loading

Size Analysis Report ¹

`@firebase/auth`

`confirmPasswordReset`

`createUserWithEmailAndPassword`