chore: Merge main branch into modular-sdk (#1312)

* chore(core): Automate Daily Integration Tests (#1130)

* Automate daily integration tests

* Rename to nightly

* Change to 6am and 8pm PT & remove tar verification

* Fix schedule comment

* Updating Google Cloud naming (#1122)

* Reinstating tag that devsite needs present to supress machine translation.

* Updating a couple of references to GCP/Google Cloud Platform per new branding guidelines.

* update typo in interface name (#1138)

FireabseErrorInterface -> FirebaseErrorInterface

* Improve token verification logic with Auth Emulator. (#1148)

* Improve token verification logic with Auth Emulator.

* Clean up comments.

* Fix linting issues.

* Address review comments.

* Use mock for auth emulator unit test.

* Implement session cookies.

* Call useEmulator() only once.

* Update tests.

* Delete unused test helper.

* Add unit tests for checking revocation.

* Fix typo in test comments.

* feat: Exporting all types of Messages so they can be used by consumers (#1147)

* feat: Exporting all types of Messages so they can be used by consumers

Fixes #1146

* feat(exportMessageTypes): Testing TokenMessage

* feat(exportMessageTypes): Added tests for all Message types

* feat(exportMessageTypes): Fixed build

* feat(exportMessageTypes): Better unit tests

* feat(exportMessageTypes): Deleted unneeded separate TS test

* feat(exportMessageTypes): Fixed build

* feat(exportMessageTypes): Fixed linting

* feat(auth): Implement getUserByProviderId (#769)

RELEASE NOTE: Added a new getUserByProviderId() to lookup user accounts by their providers.

* Allow enabling of anonymous provider via tenant configuration (#802)

RELEASE NOTES: Allow enabling of anonymous provider via tenant configuration.

* feat(auth): Add ability to link a federated ID with the `updateUser()` method. (#770)

* (chore): Export UserProvider type and add it to toc.yaml (#1165)

- Export UserProvider type
- Add UserProvider to toc.yaml

* [chore] Release 9.5.0 (#1167)

Release 9.5.0

* chore: Updated doc generator for typedoc 0.19.0 (#1166)

* Update HOME.md (#1181)

Quick addition of a little bit of clarifying verbiage per an internal bug report.  Thanks!

* feat(rtdb): Support emulator mode for rules management operations (#1190)

* feat(rtdb): Support emulator mode for rules management operations

* fix: Adding namespace to emulated URL string

* fix: Consolidated unit testing

* fix: Removed extra whitespace

* fix: Decoupled proactive token refresh from FirebaseApp (#1194)

* fix: Decoupled proactive token refresh from FirebaseApp

* fix: Defined constants for duration values

* fix: Logging errors encountered while scheduling a refresh

* fix: Renamed some variables for clarity

* fix(rtdb): Fixing the RTDB token listener callback (#1203)

* Add emulator-based integration tests. (#1155)

* Add emulator-based integration tests.

* Move emulator stuff out of package.json.

* Update CONTRIBUTING.md too.

* Add npx.

* Skip new unsupported tests.

* Inline commands in ci.yml.

* Disable one flaky tests in emulator. (#1205)

* [chore] Release 9.6.0 (#1209)

* (chore): Add JWT Decoder and Signature Verifier (#1204)

* (chore): Add JWT Decoder

* Add signature verifier and key fetcher abstractions

* Add unit tests for utils/jwt

* chore: Add Mailgun send email action (#1210)

* Add Mailgun send email github action
* Add send email action in nightly workflow

* chore: Fix bug in send-email action code (#1214)

* chore: Fix bug in send-email action code

* Add run id and trigger on repo dispatch event

* Change dispatch event name in nightly workflow (#1216)

- Change dispatch event name to `firebase_nightly_build`

* chore: Clean up nightly workflow trigger tests (#1212)

- Remove failing integration test added to trigger the send email workflow in nightly builds.

* Add support for FIREBASE_STORAGE_EMULATOR_HOST env var (#1175)

* Add support for FIREBASE_STORAGE_EMULATOR_HOST env var

* Fixes lint error

* Add test for FIREBASE_STORAGE_EMULATOR_HOST support

* Lint fix

* Minor fixes to storage tests

* Address review comments

* Address review suggestion

Co-authored-by: Samuel Bushi <[email protected]>

* Revert "Disable one flaky tests in emulator. (#1205)" (#1227)

This reverts commit 19660d9.

* fix(rtdb): Fixing a token refresh livelock in Cloud Functions (#1234)

* [chore] Release 9.7.0 (#1240)

* fix: adds missing EMAIL_NOT_FOUND error code (#1246)

Catch `EMAIL_NOT_FOUND` and translate to `auth/email-not-found` when `/accounts:sendOobCode` is called for password reset on a user that does not exist.
Fixes #1202

* build(deps-dev): bump lodash from 4.17.19 to 4.17.21 (#1255)

Bumps [lodash](https://github.com/lodash/lodash) from 4.17.19 to 4.17.21.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.19...4.17.21)

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore: Upgraded RTDB and other @firebase dependencies (#1250)

* build(deps): bump y18n from 3.2.1 to 3.2.2 (#1208)

Bumps [y18n](https://github.com/yargs/y18n) from 3.2.1 to 3.2.2.
- [Release notes](https://github.com/yargs/y18n/releases)
- [Changelog](https://github.com/yargs/y18n/blob/master/CHANGELOG.md)
- [Commits](https://github.com/yargs/y18n/commits)

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Fix storage emulator env formatting (#1257)

* Fix storage emulator env formatting

* Repair test

* Rename test

* Dang tests 2 good 4 me

* Fix test

* Fix tests again

* build(deps): bump hosted-git-info from 2.8.8 to 2.8.9 (#1260)

Bumps [hosted-git-info](https://github.com/npm/hosted-git-info) from 2.8.8 to 2.8.9.
- [Release notes](https://github.com/npm/hosted-git-info/releases)
- [Changelog](https://github.com/npm/hosted-git-info/blob/v2.8.9/CHANGELOG.md)
- [Commits](npm/hosted-git-info@v2.8.8...v2.8.9)

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Hiranya Jayathilaka <[email protected]>

* feat: Add abuse reduction support (#1264)

- Add abuse reduction support APIs

* Fix @types/node conflict with grpc and port type (#1258)

Upgraded the @types/node dependency to v12.12.47

* [chore] Release 9.8.0 (#1266)

* build(deps): bump handlebars from 4.7.6 to 4.7.7 (#1253)

Bumps [handlebars](https://github.com/wycats/handlebars.js) from 4.7.6 to 4.7.7.
- [Release notes](https://github.com/wycats/handlebars.js/releases)
- [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/master/release-notes.md)
- [Commits](handlebars-lang/handlebars.js@v4.7.6...v4.7.7)

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump jose from 2.0.4 to 2.0.5 (#1265)

Bumps [jose](https://github.com/panva/jose) from 2.0.4 to 2.0.5.
- [Release notes](https://github.com/panva/jose/releases)
- [Changelog](https://github.com/panva/jose/blob/v2.0.5/CHANGELOG.md)
- [Commits](panva/jose@v2.0.4...v2.0.5)

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* fix: Revert regression introduced in #1257 (#1277)

* fix(auth): make MFA uid optional for updateUser operations (#1278)

* fix(auth): make MFA uid optional for updateUser operations

MFA `uid` should be optional for `updateUser` operations.
When not specified, the backend will provision a `uid` for the
enrolled second factor.

Fixes #1276

* chore: Enabled dependabot (#1279)

* chore: Remove gulp-replace dependency (#1285)

* build(deps-dev): bump gulp-header from 1.8.12 to 2.0.9 (#1283)

Bumps [gulp-header](https://github.com/tracker1/gulp-header) from 1.8.12 to 2.0.9.
- [Release notes](https://github.com/tracker1/gulp-header/releases)
- [Changelog](https://github.com/gulp-community/gulp-header/blob/master/changelog.md)
- [Commits](gulp-community/gulp-header@v1.8.12...v2.0.9)

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps-dev): bump run-sequence from 1.2.2 to 2.2.1 (#1282)

Bumps [run-sequence](https://github.com/OverZealous/run-sequence) from 1.2.2 to 2.2.1.
- [Release notes](https://github.com/OverZealous/run-sequence/releases)
- [Changelog](https://github.com/OverZealous/run-sequence/blob/master/CHANGELOG.md)
- [Commits](OverZealous/run-sequence@v1.2.2...v2.2.1)

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps-dev): bump sinon from 9.0.2 to 9.2.4 (#1289)

Bumps [sinon](https://github.com/sinonjs/sinon) from 9.0.2 to 9.2.4.
- [Release notes](https://github.com/sinonjs/sinon/releases)
- [Changelog](https://github.com/sinonjs/sinon/blob/master/CHANGELOG.md)
- [Commits](sinonjs/sinon@v9.0.2...v9.2.4)

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps-dev): bump nyc from 14.1.1 to 15.1.0 (#1290)

Bumps [nyc](https://github.com/istanbuljs/nyc) from 14.1.1 to 15.1.0.
- [Release notes](https://github.com/istanbuljs/nyc/releases)
- [Changelog](https://github.com/istanbuljs/nyc/blob/master/CHANGELOG.md)
- [Commits](istanbuljs/nyc@v14.1.1...v15.1.0)

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps-dev): bump chalk from 1.1.3 to 4.1.1 (#1288)

Bumps [chalk](https://github.com/chalk/chalk) from 1.1.3 to 4.1.1.
- [Release notes](https://github.com/chalk/chalk/releases)
- [Commits](chalk/chalk@v1.1.3...v4.1.1)

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps-dev): bump @microsoft/api-extractor from 7.11.2 to 7.15.2 (#1291)

Bumps [@microsoft/api-extractor](https://github.com/microsoft/rushstack) from 7.11.2 to 7.15.2.
- [Release notes](https://github.com/microsoft/rushstack/releases)
- [Commits](https://github.com/microsoft/rushstack/compare/@microsoft/api-extractor_v7.11.2...@microsoft/api-extractor_v7.15.2)

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore: Teporarily disabling sendToDeviceGroup integration test (#1292)

* feat(auth): Added code flow support for OIDC flow. (#1220)

* OIDC codeflow support

* improve configs to simulate the real cases

* update for changes in signiture

* resolve comments

* improve validator logic

* remove unnecessary logic

* add tests and fix errors

* add auth-api-request rests

* Update supported Node version to 10.13.0v (#1300)

* Fixed integration test failure of skipped tests (#1299)

* Fix integration test failure of skipped testss

* Trigger integration tests

* [chore] Release 9.9.0 (#1302)

* Update OIDC reference docs (#1305)

* Add OAuthResponseType to ToC (#1303)

* fix(auth): Better type hierarchies for Auth API (#1294)

* fix(auth): Better type heirarchies for Auth API

* fix: Moved factorId back to the base types

* fix: Updated API report

* fix: Fixed a grammar error in comment

* fix: Update to comment text

* Fix build issues

* Add new auth type hierarchies from the main branch

* Update import paths

* Update package-lock

* Export new auth types from the entry point

Co-authored-by: egilmorez <[email protected]>
Co-authored-by: batuxd <[email protected]>
Co-authored-by: Yuchen Shi <[email protected]>
Co-authored-by: Marc Bornträger <[email protected]>
Co-authored-by: rsgowman <[email protected]>
Co-authored-by: Hiranya Jayathilaka <[email protected]>
Co-authored-by: Abe Haskins <[email protected]>
Co-authored-by: Samuel Bushi <[email protected]>
Co-authored-by: bojeil-google <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Nikhil Agarwal <[email protected]>
Co-authored-by: Xin Li <[email protected]>

Author: 13 people

.github/dependabot.yml

@@ -0,0 +1,6 @@
+version: 2
+updates:
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "weekly"

.github/scripts/run_integration_tests.sh

@@ -22,4 +22,6 @@ gpg --quiet --batch --yes --decrypt --passphrase="${FIREBASE_SERVICE_ACCT_KEY}"
 
 echo "${FIREBASE_API_KEY}" > test/resources/apikey.txt
 
+echo "${FIREBASE_APP_ID}" > test/resources/appid.txt
+
 npm run test:integration -- --updateRules --testMultiTenancy

.github/workflows/nightly.yml

@@ -55,6 +55,7 @@ jobs:
       env:
         FIREBASE_SERVICE_ACCT_KEY: ${{ secrets.FIREBASE_SERVICE_ACCT_KEY }}
         FIREBASE_API_KEY: ${{ secrets.FIREBASE_API_KEY }}
+        FIREBASE_APP_ID: ${{ secrets.FIREBASE_APP_ID }}
 
     - name: Package release artifacts
       run: |

.github/workflows/release.yml

@@ -66,6 +66,7 @@ jobs:
       env:
         FIREBASE_SERVICE_ACCT_KEY: ${{ secrets.FIREBASE_SERVICE_ACCT_KEY }}
         FIREBASE_API_KEY: ${{ secrets.FIREBASE_API_KEY }}
+        FIREBASE_APP_ID: ${{ secrets.FIREBASE_APP_ID }}
 
     - name: Package release artifacts
       run: |

.gitignore

@@ -14,6 +14,7 @@ node_modules/
 # Real key file should not be checked in
 test/resources/key.json
 test/resources/apikey.txt
+test/resources/appid.txt
 
 # Release tarballs should not be checked in
 firebase-admin-*.tgz

CONTRIBUTING.md

@@ -87,7 +87,7 @@ information on using pull requests.
 
 ### Prerequisites
 
-1. Node.js 10.10.0 or higher.
+1. Node.js 10.13.0 or higher.
 2. NPM 5 or higher (NPM 6 recommended).
 3. Google Cloud SDK ([`gcloud`](https://cloud.google.com/sdk/downloads) utility)
 

README.md

@@ -55,7 +55,7 @@ requests, code review feedback, and also pull requests.
 
 ## Supported Environments
 
-We support Node.js 10.10.0 and higher.
+We support Node.js 10.13.0 and higher.
 
 Please also note that the Admin SDK should only
 be used in server-side/back-end environments controlled by the app developer.

etc/firebase-admin.api.md

@@ -17,6 +17,8 @@ export function app(name?: string): app.App;
 export namespace app {
     // Warning: (ae-forgotten-export) The symbol "App" needs to be exported by the entry point default-namespace.d.ts
     export interface App extends App {
+        // (undocumented)
+        appCheck(): appCheck.AppCheck;
         // (undocumented)
         auth(): auth.Auth;
         // (undocumented)
@@ -41,6 +43,37 @@ export namespace app {
     }
 }
 
+// @public
+export function appCheck(app?: app.App): appCheck.AppCheck;
+
+// @public (undocumented)
+export namespace appCheck {
+    export interface AppCheck {
+        // (undocumented)
+        app: app.App;
+        createToken(appId: string): Promise<AppCheckToken>;
+        verifyToken(appCheckToken: string): Promise<VerifyAppCheckTokenResponse>;
+    }
+    export interface AppCheckToken {
+        token: string;
+        ttlMillis: number;
+    }
+    export interface DecodedAppCheckToken {
+        // (undocumented)
+        [key: string]: any;
+        app_id: string;
+        aud: string[];
+        exp: number;
+        iat: number;
+        iss: string;
+        sub: string;
+    }
+    export interface VerifyAppCheckTokenResponse {
+        appId: string;
+        token: appCheck.DecodedAppCheckToken;
+    }
+}
+
 // @public
 export interface AppOptions {
     // Warning: (ae-forgotten-export) The symbol "Credential" needs to be exported by the entry point default-namespace.d.ts

etc/firebase-admin.auth.api.md

@@ -32,11 +32,7 @@ export class Auth extends BaseAuth {
 export type AuthFactorType = 'phone';
 
 // @public
-export interface AuthProviderConfig {
-    displayName?: string;
-    enabled: boolean;
-    providerId: string;
-}
+export type AuthProviderConfig = SAMLAuthProviderConfig | OIDCAuthProviderConfig;
 
 // @public
 export interface AuthProviderConfigFilter {
@@ -75,13 +71,31 @@ export abstract class BaseAuth {
 }
 
 // @public
-export interface CreateMultiFactorInfoRequest {
+export interface BaseAuthProviderConfig {
+    displayName?: string;
+    enabled: boolean;
+    providerId: string;
+}
+
+// @public
+export interface BaseCreateMultiFactorInfoRequest {
     displayName?: string;
     factorId: string;
 }
 
 // @public
-export interface CreatePhoneMultiFactorInfoRequest extends CreateMultiFactorInfoRequest {
+export interface BaseUpdateMultiFactorInfoRequest {
+    displayName?: string;
+    enrollmentTime?: string;
+    factorId: string;
+    uid?: string;
+}
+
+// @public
+export type CreateMultiFactorInfoRequest = CreatePhoneMultiFactorInfoRequest;
+
+// @public
+export interface CreatePhoneMultiFactorInfoRequest extends BaseCreateMultiFactorInfoRequest {
     phoneNumber: string;
 }
 
@@ -205,17 +219,27 @@ export interface MultiFactorUpdateSettings {
 }
 
 // @public
-export interface OIDCAuthProviderConfig extends AuthProviderConfig {
+export interface OAuthResponseType {
+    code?: boolean;
+    idToken?: boolean;
+}
+
+// @public
+export interface OIDCAuthProviderConfig extends BaseAuthProviderConfig {
     clientId: string;
+    clientSecret?: string;
     issuer: string;
+    responseType?: OAuthResponseType;
 }
 
 // @public
 export interface OIDCUpdateAuthProviderRequest {
     clientId?: string;
+    clientSecret?: string;
     displayName?: string;
     enabled?: boolean;
     issuer?: string;
+    responseType?: OAuthResponseType;
 }
 
 // @public
@@ -239,7 +263,7 @@ export interface ProviderIdentifier {
 }
 
 // @public
-export interface SAMLAuthProviderConfig extends AuthProviderConfig {
+export interface SAMLAuthProviderConfig extends BaseAuthProviderConfig {
     callbackURL?: string;
     idpEntityId: string;
     rpEntityId: string;
@@ -305,15 +329,10 @@ export interface UidIdentifier {
 export type UpdateAuthProviderRequest = SAMLUpdateAuthProviderRequest | OIDCUpdateAuthProviderRequest;
 
 // @public
-export interface UpdateMultiFactorInfoRequest {
-    displayName?: string;
-    enrollmentTime?: string;
-    factorId: string;
-    uid?: string;
-}
+export type UpdateMultiFactorInfoRequest = UpdatePhoneMultiFactorInfoRequest;
 
 // @public
-export interface UpdatePhoneMultiFactorInfoRequest extends UpdateMultiFactorInfoRequest {
+export interface UpdatePhoneMultiFactorInfoRequest extends BaseUpdateMultiFactorInfoRequest {
     phoneNumber: string;
 }