Fixes firebaseui.auth.idp.getAuthCredential credential initializer which was (#125)

breaking account linking flow.

Added login_hint to Google OAuth flow when the email is specified.
This is applied in the following 2 cases:
1. Account linking is triggered and the user needs to sign in to existing Google account.
To force the user to sign in to the expected Google account, we pass the login hint with the email.
2. If a user selects email login and the Google account already exists for that email,
when clicking continue to sign in with Google account, we pass the login_hint for that account.

Author: bojeil-google

javascript/utils/idp.js

@@ -66,9 +66,18 @@ firebaseui.auth.idp.getAuthCredential = function(credentialObject) {
     if (credentialObject['secret'] && credentialObject['accessToken']) {
       credentialObject['oauthToken'] = credentialObject['accessToken'];
       credentialObject['oauthTokenSecret'] = credentialObject['secret'];
+      return firebase.auth[firebaseui.auth.idp.AuthProviders[providerId]]
+          .credential(credentialObject['accessToken'],
+                      credentialObject['secret']);
+    } else if (providerId == firebase.auth.GoogleAuthProvider.PROVIDER_ID) {
+      return firebase.auth[firebaseui.auth.idp.AuthProviders[providerId]]
+          .credential(credentialObject['idToken'],
+                      credentialObject['accessToken']);
+    } else {
+      // GitHub and Facebook.
+      return firebase.auth[firebaseui.auth.idp.AuthProviders[providerId]]
+          .credential(credentialObject['accessToken']);
     }
-    return firebase.auth[firebaseui.auth.idp.AuthProviders[providerId]]
-        .credential(credentialObject);
   }
   return null;
 };

javascript/utils/idp_test.js

@@ -33,6 +33,7 @@ function setUp() {
   firebase.auth = {};
   for (var providerId in firebaseui.auth.idp.AuthProviders) {
     firebase.auth[firebaseui.auth.idp.AuthProviders[providerId]] = {
+      'PROVIDER_ID': providerId,
       'credential': goog.testing.recordFunction(function() {
         // Return something.
         return providerId;
@@ -64,15 +65,17 @@ function testIsSupportedProvider() {
 /**
  * Asserts the credential is initialized with correct OAuth response.
  * @param {!Object} provider The provider object.
- * @param {!Object} oauthResponse The response used to initialize the
+ * @param {!Array<string>} oauthParams The OAuth params used to initialize the
  *     credential.
  * @param {!Object} ref The credential reference.
  */
-function assertCredential(provider, oauthResponse, ref) {
+function assertCredential(provider, oauthParams, ref) {
   assertNotNullNorUndefined(ref);
-  var parameter = provider.credential.getLastCall().getArgument(0);
-  for (var key in oauthResponse) {
-    assertEquals(oauthResponse[key], parameter[key]);
+  var parameters = provider.credential.getLastCall().getArguments();
+  assertEquals(oauthParams.length, parameters.length);
+  // Confirm the expected parameters passed when initializing the credential.
+  for (var i = 0; i < parameters.length; i++) {
+    assertEquals(oauthParams[i], parameters[i]);
   }
 }
 
@@ -86,10 +89,7 @@ function testGetAuthCredential_google() {
   var ref = firebaseui.auth.idp.getAuthCredential(cred);
   assertCredential(
       firebase.auth.GoogleAuthProvider,
-      {
-        'idToken': 'ID_TOKEN',
-        'accessToken': 'ACCESS_TOKEN'
-      },
+      ['ID_TOKEN', 'ACCESS_TOKEN'],
       ref);
 }
 
@@ -102,9 +102,7 @@ function testGetAuthCredential_facebook() {
   var ref = firebaseui.auth.idp.getAuthCredential(cred);
   assertCredential(
       firebase.auth.FacebookAuthProvider,
-      {
-        'accessToken': 'ACCESS_TOKEN'
-      },
+      ['ACCESS_TOKEN'],
       ref);
 }
 
@@ -118,10 +116,7 @@ function testGetAuthCredential_twitter() {
   var ref = firebaseui.auth.idp.getAuthCredential(cred);
   assertCredential(
       firebase.auth.TwitterAuthProvider,
-      {
-        'oauthToken': 'ACCESS_TOKEN',
-        'oauthTokenSecret': 'SECRET'
-      },
+      ['ACCESS_TOKEN', 'SECRET'],
       ref);
 }
 
@@ -134,9 +129,7 @@ function testGetAuthCredential_github() {
   var ref = firebaseui.auth.idp.getAuthCredential(cred);
   assertCredential(
       firebase.auth.GithubAuthProvider,
-      {
-        'accessToken': 'ACCESS_TOKEN'
-      },
+      ['ACCESS_TOKEN'],
       ref);
 }
 

javascript/utils/pendingemailcredential_test.js

@@ -36,9 +36,12 @@ function setUp() {
   // Mock credential.
   firebase['auth'] = firebase['auth'] || {
     'GoogleAuthProvider' : {
-      'credential' : function(response) {
-        return response;
-      }
+      'credential' : function(idToken, accessToken) {
+        assertEquals(credential['idToken'], idToken);
+        assertEquals(credential['accessToken'], accessToken);
+        return credential;
+      },
+      'PROVIDER_ID': 'google.com'
     }
   };
   credential = {

javascript/widgets/handler/common.js

@@ -608,10 +608,11 @@ firebaseui.auth.widget.handler.common.isCredentialExpired = function(error) {
  *     configuration is used.
  * @param {!firebaseui.auth.ui.page.Base} component The current UI component.
  * @param {string} providerId The provider ID of the selected IdP.
+ * @param {?string=} opt_email The optional email to try to sign in with.
  * @package
  */
 firebaseui.auth.widget.handler.common.federatedSignIn = function(
-    app, component, providerId) {
+    app, component, providerId, opt_email) {
   var container = component.getContainer();
   var providerSigninFailedCallback = function(error) {
     // TODO: align redirect and popup flow error handling for similar errors.
@@ -642,6 +643,19 @@ firebaseui.auth.widget.handler.common.federatedSignIn = function(
       provider['addScope'](additionalScopes[i]);
     }
   }
+  // If Google provider is requested and email is specified, pass OAuth
+  // parameter login_hint with that email.
+  if (provider &&
+      // In case the Firebase Auth version used is too old.
+      provider.setCustomParameters &&
+      // Only Google supports this parameter.
+      providerId == firebase.auth.GoogleAuthProvider.PROVIDER_ID &&
+      // Only pass login_hint when email available.
+      opt_email) {
+    provider.setCustomParameters({
+      'login_hint': opt_email
+    });
+  }
   // Redirect processor.
   var processRedirect = function() {
     app.registerPending(component.executePromiseRequest(

javascript/widgets/handler/federatedlinking.js

@@ -61,8 +61,10 @@ firebaseui.auth.widget.handler.handleFederatedLinking = function(
         // We sign in the user through the normal federated sign-in flow,
         // and the callback handler will take care of linking the
         // pending credential to the successfully signed in user.
+        // Pass the email since some OAuth providers support OAuth flow
+        // with a specified email.
         firebaseui.auth.widget.handler.common.federatedSignIn(app, component,
-            providerId);
+            providerId, email);
       });
   component.render(container);
   // Set current UI component.

javascript/widgets/handler/federatedlinking_test.js

@@ -56,7 +56,9 @@ function setPendingEmailCredentials() {
 function testHandleFederatedLinking() {
   // Add additional scopes to test they are properly passed to the sign-in
   // method.
-  var expectedProvider = getExpectedProviderWithScopes();
+  var expectedProvider = getExpectedProviderWithScopes({
+    'login_hint': federatedAccount.getEmail()
+  });
   setPendingEmailCredentials();
   firebaseui.auth.widget.handler.handleFederatedLinking(
       app, container, federatedAccount.getEmail(), 'google.com');
@@ -67,12 +69,30 @@ function testHandleFederatedLinking() {
 }
 
 
+function testHandleFederatedLinking_noLoginHint() {
+  // Add additional scopes to test they are properly passed to the sign-in
+  // method.
+  // As this is not google.com, no customParameters will be set.
+  var expectedProvider =
+      getExpectedProviderWithCustomParameters('github.com');
+  setPendingEmailCredentials();
+  firebaseui.auth.widget.handler.handleFederatedLinking(
+      app, container, federatedAccount.getEmail(), 'github.com');
+  assertFederatedLinkingPage(federatedAccount.getEmail());
+  submitForm();
+  testAuth.assertSignInWithRedirect([expectedProvider]);
+  return testAuth.process();
+}
+
+
 function testHandleFederatedLinking_popup_success() {
   // Test successful federated linking in popup flow.
   app.updateConfig('signInFlow', 'popup');
   // Add additional scopes to test they are properly passed to the sign-in
   // method.
-  var expectedProvider = getExpectedProviderWithScopes();
+  var expectedProvider = getExpectedProviderWithScopes({
+    'login_hint': federatedAccount.getEmail()
+  });
   setPendingEmailCredentials();
   firebaseui.auth.widget.handler.handleFederatedLinking(
       app, container, federatedAccount.getEmail(), 'google.com');
@@ -124,7 +144,9 @@ function testHandleFederatedLinking_popup_success_multipleClicks() {
   app.updateConfig('signInFlow', 'popup');
   // Add additional scopes to test they are properly passed to the sign-in
   // method.
-  var expectedProvider = getExpectedProviderWithScopes();
+  var expectedProvider = getExpectedProviderWithScopes({
+    'login_hint': federatedAccount.getEmail()
+  });
   setPendingEmailCredentials();
   firebaseui.auth.widget.handler.handleFederatedLinking(
       app, container, federatedAccount.getEmail(), 'google.com');
@@ -216,7 +238,9 @@ function testHandleFederatedLinking_noPendingCredential_popup() {
 function testHandleFederatedLinking_error() {
   // Add additional scopes to test they are properly passed to the sign-in
   // method.
-  var expectedProvider = getExpectedProviderWithScopes();
+  var expectedProvider = getExpectedProviderWithScopes({
+    'login_hint': federatedAccount.getEmail()
+  });
   setPendingEmailCredentials();
   firebaseui.auth.widget.handler.handleFederatedLinking(
       app, container, federatedAccount.getEmail(), 'google.com');
@@ -237,7 +261,9 @@ function testHandleFederatedLinking_popup_recoverableError() {
   app.updateConfig('signInFlow', 'popup');
   // Add additional scopes to test they are properly passed to the sign-in
   // method.
-  var expectedProvider = getExpectedProviderWithScopes();
+  var expectedProvider = getExpectedProviderWithScopes({
+    'login_hint': federatedAccount.getEmail()
+  });
   setPendingEmailCredentials();
   firebaseui.auth.widget.handler.handleFederatedLinking(
       app, container, federatedAccount.getEmail(), 'google.com');
@@ -268,7 +294,9 @@ function testHandleFederatedLinking_popup_userCancelled() {
   app.updateConfig('signInFlow', 'popup');
   // Add additional scopes to test they are properly passed to the sign-in
   // method.
-  var expectedProvider = getExpectedProviderWithScopes();
+  var expectedProvider = getExpectedProviderWithScopes({
+    'login_hint': federatedAccount.getEmail()
+  });
   setPendingEmailCredentials();
   firebaseui.auth.widget.handler.handleFederatedLinking(
       app, container, federatedAccount.getEmail(), 'google.com');
@@ -299,7 +327,9 @@ function testHandleFederatedLinking_popup_unrecoverableError() {
   app.updateConfig('signInFlow', 'popup');
   // Add additional scopes to test they are properly passed to the sign-in
   // method.
-  var expectedProvider = getExpectedProviderWithScopes();
+  var expectedProvider = getExpectedProviderWithScopes({
+    'login_hint': federatedAccount.getEmail()
+  });
   setPendingEmailCredentials();
   firebaseui.auth.widget.handler.handleFederatedLinking(
       app, container, federatedAccount.getEmail(), 'google.com');
@@ -326,7 +356,9 @@ function testHandleFederatedLinking_popup_popupBlockedError() {
   app.updateConfig('signInFlow', 'popup');
   // Add additional scopes to test they are properly passed to the sign-in
   // method.
-  var expectedProvider = getExpectedProviderWithScopes();
+  var expectedProvider = getExpectedProviderWithScopes({
+    'login_hint': federatedAccount.getEmail()
+  });
   setPendingEmailCredentials();
   firebaseui.auth.widget.handler.handleFederatedLinking(
       app, container, federatedAccount.getEmail(), 'google.com');
@@ -357,7 +389,9 @@ function testHandleFederatedLinking_popup_popupBlockedError_redirectError() {
   app.updateConfig('signInFlow', 'popup');
   // Add additional scopes to test they are properly passed to the sign-in
   // method.
-  var expectedProvider = getExpectedProviderWithScopes();
+  var expectedProvider = getExpectedProviderWithScopes({
+    'login_hint': federatedAccount.getEmail()
+  });
   setPendingEmailCredentials();
   firebaseui.auth.widget.handler.handleFederatedLinking(
       app, container, federatedAccount.getEmail(), 'google.com');
@@ -392,7 +426,9 @@ function testHandleFederatedLinking_inProcessing() {
   // Add additional scopes to test they are properly passed to the sign-in
   // method.
   app.updateConfig('signInOptions', signInOptionsWithScopes);
-  var expectedProvider = getExpectedProviderWithScopes();
+  var expectedProvider = getExpectedProviderWithScopes({
+    'login_hint': federatedAccount.getEmail()
+  });
   setPendingEmailCredentials();
   firebaseui.auth.widget.handler.handleFederatedLinking(
       app, container, federatedAccount.getEmail(), 'google.com');
@@ -421,7 +457,9 @@ function testHandleFederatedLinking_inProcessing() {
 function testHandleFederatedLinking_popup_cancelled() {
   // Test sign in with popup flow when the popup is cancelled.
   app.updateConfig('signInFlow', 'popup');
-  var expectedProvider = getExpectedProviderWithScopes();
+  var expectedProvider = getExpectedProviderWithScopes({
+    'login_hint': federatedAccount.getEmail()
+  });
   setPendingEmailCredentials();
   firebaseui.auth.widget.handler.handleFederatedLinking(
       app, container, federatedAccount.getEmail(), 'google.com');

javascript/widgets/handler/federatedsignin.js

@@ -45,8 +45,10 @@ firebaseui.auth.widget.handler.handleFederatedSignIn = function(
       providerId,
       // On submit.
       function() {
+        // Pass the email since some OAuth providers support OAuth flow
+        // with a specified email.
         firebaseui.auth.widget.handler.common.federatedSignIn(app, component,
-            providerId);
+            providerId, email);
       });
 
   component.render(container);