Skip to content

Commit

Permalink
Project config - Recaptcha config (#1595)
Browse files Browse the repository at this point in the history
* Recaptcha config changes in project config.
- Implemented getProjectConfig.
- Implemented updateProjectConfig.
- Updated error code.
- Add Term of Service consents.
  • Loading branch information
Xiaoshouzi-gh committed Apr 12, 2023
1 parent ad904c4 commit 21c7deb
Show file tree
Hide file tree
Showing 9 changed files with 200 additions and 13 deletions.
2 changes: 2 additions & 0 deletions etc/firebase-admin.auth.api.md
Original file line number Diff line number Diff line change
Expand Up @@ -345,6 +345,7 @@ export class PhoneMultiFactorInfo extends MultiFactorInfo {
export class ProjectConfig {
get multiFactorConfig(): MultiFactorConfig | undefined;
readonly smsRegionConfig?: SmsRegionConfig;
get recaptchaConfig(): RecaptchaConfig | undefined;
toJSON(): object;
}

Expand Down Expand Up @@ -478,6 +479,7 @@ export interface UpdatePhoneMultiFactorInfoRequest extends BaseUpdateMultiFactor
export interface UpdateProjectConfigRequest {
multiFactorConfig?: MultiFactorConfig;
smsRegionConfig?: SmsRegionConfig;
recaptchaConfig?: RecaptchaConfig;
}

// @public
Expand Down
3 changes: 3 additions & 0 deletions src/auth/auth-config.ts
Original file line number Diff line number Diff line change
Expand Up @@ -1773,6 +1773,9 @@ export interface RecaptchaKey {

/**
* The request interface for updating a reCAPTCHA Config.
* By enabling reCAPTCHA Enterprise Integration you are
* agreeing to reCAPTCHA Enterprise
* {@link https://cloud.google.com/terms/service-terms | Term of Service}.
*/
export interface RecaptchaConfig {
/**
Expand Down
1 change: 0 additions & 1 deletion src/auth/project-config-manager.ts
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,6 @@ import {
*/
export class ProjectConfigManager {
private readonly authRequestHandler: AuthRequestHandler;

/**
* Initializes a ProjectConfigManager instance for a specified FirebaseApp.
*
Expand Down
47 changes: 44 additions & 3 deletions src/auth/project-config.ts
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,8 @@ import {
MultiFactorConfig,
MultiFactorAuthConfig,
MultiFactorAuthServerConfig,
RecaptchaConfig,
RecaptchaAuthConfig,
} from './auth-config';
import { deepCopy } from '../utils/deep-copy';

Expand All @@ -36,6 +38,14 @@ export interface UpdateProjectConfigRequest {
* The multi-factor auth configuration to update on the project.
*/
multiFactorConfig?: MultiFactorConfig;

/**
* The recaptcha configuration to update on the project.
* By enabling reCAPTCHA Enterprise Integration you are
* agreeing to reCAPTCHA Enterprise
* {@link https://cloud.google.com/terms/service-terms | Term of Service}.
*/
recaptchaConfig?: RecaptchaConfig;
}

/**
Expand All @@ -45,6 +55,7 @@ export interface UpdateProjectConfigRequest {
export interface ProjectConfigServerResponse {
smsRegionConfig?: SmsRegionConfig;
mfa?: MultiFactorAuthServerConfig;
recaptchaConfig?: RecaptchaConfig;
}

/**
Expand All @@ -54,6 +65,7 @@ export interface ProjectConfigServerResponse {
export interface ProjectConfigClientRequest {
smsRegionConfig?: SmsRegionConfig;
mfa?: MultiFactorAuthServerConfig;
recaptchaConfig?: RecaptchaConfig;
}

/**
Expand All @@ -66,10 +78,21 @@ export class ProjectConfig {
* This is based on the calling code of the destination phone number.
*/
public readonly smsRegionConfig?: SmsRegionConfig;

/**
* The project's multi-factor auth configuration.
* Supports only phone and TOTP.
*/ private readonly multiFactorConfig_?: MultiFactorConfig;
*/
private readonly multiFactorConfig_?: MultiFactorConfig;

/**
* The recaptcha configuration to update on the project config.
* By enabling reCAPTCHA Enterprise Integration you are
* agreeing to reCAPTCHA Enterprise
* {@link https://cloud.google.com/terms/service-terms | Term of Service}.
*/
private readonly recaptchaConfig_?: RecaptchaAuthConfig;

/**
* The multi-factor auth configuration.
*/
Expand All @@ -92,6 +115,7 @@ export class ProjectConfig {
const validKeys = {
smsRegionConfig: true,
multiFactorConfig: true,
recaptchaConfig: true,
}
// Check for unsupported top level attributes.
for (const key in request) {
Expand All @@ -111,13 +135,17 @@ export class ProjectConfig {
if (typeof request.multiFactorConfig !== 'undefined') {
MultiFactorAuthConfig.validate(request.multiFactorConfig);
}
// Validate reCAPTCHA config attribute.
if (typeof request.recaptchaConfig !== 'undefined') {
RecaptchaAuthConfig.validate(request.recaptchaConfig);
}
}

/**
* Build the corresponding server request for a UpdateProjectConfigRequest object.
* @param configOptions - The properties to convert to a server request.
* @returns The equivalent server request.
*
*
* @internal
*/
public static buildServerRequest(configOptions: UpdateProjectConfigRequest): ProjectConfigClientRequest {
Expand All @@ -133,7 +161,13 @@ export class ProjectConfig {
delete request.multiFactorConfig;
return request as ProjectConfigClientRequest;
}


/**
* The recaptcha configuration.
*/
get recaptchaConfig(): RecaptchaConfig | undefined {
return this.recaptchaConfig_;
}
/**
* The Project Config object constructor.
*
Expand All @@ -150,6 +184,9 @@ export class ProjectConfig {
if (typeof response.mfa !== 'undefined') {
this.multiFactorConfig_ = new MultiFactorAuthConfig(response.mfa);
}
if (typeof response.recaptchaConfig !== 'undefined') {
this.recaptchaConfig_ = new RecaptchaAuthConfig(response.recaptchaConfig);
}
}
/**
* Returns a JSON-serializable representation of this object.
Expand All @@ -161,13 +198,17 @@ export class ProjectConfig {
const json = {
smsRegionConfig: deepCopy(this.smsRegionConfig),
multiFactorConfig: deepCopy(this.multiFactorConfig),
recaptchaConfig: this.recaptchaConfig_?.toJSON(),
};
if (typeof json.smsRegionConfig === 'undefined') {
delete json.smsRegionConfig;
}
if (typeof json.multiFactorConfig === 'undefined') {
delete json.multiFactorConfig;
}
if (typeof json.recaptchaConfig === 'undefined') {
delete json.recaptchaConfig;
}
return json;
}
}
Expand Down
12 changes: 9 additions & 3 deletions src/auth/tenant.ts
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,9 @@ export interface UpdateTenantRequest {

/**
* The recaptcha configuration to update on the tenant.
* By enabling reCAPTCHA Enterprise Integration you are
* agreeing to reCAPTCHA Enterprise
* {@link https://cloud.google.com/terms/service-terms | Term of Service}.
*/
recaptchaConfig?: RecaptchaConfig;
}
Expand Down Expand Up @@ -137,9 +140,12 @@ export class Tenant {
private readonly emailSignInConfig_?: EmailSignInConfig;
private readonly multiFactorConfig_?: MultiFactorAuthConfig;

/*
* The map conatining the reCAPTCHA config.
*/
/**
* The map conatining the reCAPTCHA config.
* By enabling reCAPTCHA Enterprise Integration you are
* agreeing to reCAPTCHA Enterprise
* {@link https://cloud.google.com/terms/service-terms | Term of Service}.
*/
private readonly recaptchaConfig_?: RecaptchaAuthConfig;
/**
* The SMS Regions Config to update a tenant.
Expand Down
12 changes: 12 additions & 0 deletions src/utils/error.ts
Original file line number Diff line number Diff line change
Expand Up @@ -737,6 +737,14 @@ export class AuthClientErrorCode {
code: 'user-not-disabled',
message: 'The user must be disabled in order to bulk delete it (or you must pass force=true).',
};
public static INVALID_RECAPTCHA_ACTION = {
code: 'invalid-recaptcha-action',
message: 'reCAPTCHA action must be "BLOCK".'
}
public static INVALID_RECAPTCHA_ENFORCEMENT_STATE = {
code: 'invalid-recaptcha-enforcement-state',
message: 'reCAPTCHA enforcement state must be either "OFF", "AUDIT" or "ENFORCE".'
}
}

/**
Expand Down Expand Up @@ -996,6 +1004,10 @@ const AUTH_SERVER_TO_CLIENT_CODE: ServerToClientCode = {
USER_DISABLED: 'USER_DISABLED',
// Password provided is too weak.
WEAK_PASSWORD: 'INVALID_PASSWORD',
// Unrecognized reCAPTCHA action.
INVALID_RECAPTCHA_ACTION: 'INVALID_RECAPTCHA_ACTION',
// Unrecognized reCAPTCHA enforcement state.
INVALID_RECAPTCHA_ENFORCEMENT_STATE: 'INVALID_RECAPTCHA_ENFORCEMENT_STATE',
};

/** @const {ServerToClientCode} Messaging server to client enum error codes. */
Expand Down
20 changes: 19 additions & 1 deletion test/unit/auth/project-config-manager.spec.ts
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,17 @@ describe('ProjectConfigManager', () => {
allowedRegions: [ 'AC', 'AD' ],
},
},
recaptchaConfig: {
emailPasswordEnforcementState: 'AUDIT',
managedRules: [ {
endScore: 0.2,
action: 'BLOCK'
} ],
recaptchaKeys: [ {
type: 'WEB',
key: 'test-key-1' }
],
}
};

before(() => {
Expand Down Expand Up @@ -131,6 +142,13 @@ describe('ProjectConfigManager', () => {
disallowedRegions: [ 'AC', 'AD' ],
},
},
recaptchaConfig: {
emailPasswordEnforcementState: 'AUDIT',
managedRules: [ {
endScore: 0.2,
action: 'BLOCK'
} ],
}
};
const expectedProjectConfig = new ProjectConfig(GET_CONFIG_RESPONSE);
const expectedError = new FirebaseAuthError(
Expand Down Expand Up @@ -193,4 +211,4 @@ describe('ProjectConfigManager', () => {
});
});
});
});
});
Loading

0 comments on commit 21c7deb

Please sign in to comment.