0x1998 - MANAGER

Düzenlenen Dosya: firebase_auth.js

import { Component, ErrorFactory, FirebaseError, LogLevel, Logger, SDK_VERSION, _getProvider, _isFirebaseServerApp, _registerComponent, base64Decode, createSubscribe, deepEqual, extractQuerystring, getApp, getDefaultEmulatorHost, getExperimentalSetting, getModularInstance, getUA, isBrowserExtension, isCloudWorkstation, isCloudflareWorker, isEmpty, isIE, isMobileCordova, isReactNative, pingServer, querystring, querystringDecode, registerVersion, updateEmulatorBanner } from "./chunk-2ZX2ZIUA.js"; import "./chunk-5WRI5ZAA.js"; // node_modules/@firebase/auth/dist/esm/index-3398f4bb.js var FactorId = { /** Phone as second factor */ PHONE: "phone", TOTP: "totp" }; var ProviderId = { /** Facebook provider ID */ FACEBOOK: "facebook.com", /** GitHub provider ID */ GITHUB: "github.com", /** Google provider ID */ GOOGLE: "google.com", /** Password provider */ PASSWORD: "password", /** Phone provider */ PHONE: "phone", /** Twitter provider ID */ TWITTER: "twitter.com" }; var SignInMethod = { /** Email link sign in method */ EMAIL_LINK: "emailLink", /** Email/password sign in method */ EMAIL_PASSWORD: "password", /** Facebook sign in method */ FACEBOOK: "facebook.com", /** GitHub sign in method */ GITHUB: "github.com", /** Google sign in method */ GOOGLE: "google.com", /** Phone sign in method */ PHONE: "phone", /** Twitter sign in method */ TWITTER: "twitter.com" }; var OperationType = { /** Operation involving linking an additional provider to an already signed-in user. */ LINK: "link", /** Operation involving using a provider to reauthenticate an already signed-in user. */ REAUTHENTICATE: "reauthenticate", /** Operation involving signing in a user. */ SIGN_IN: "signIn" }; var ActionCodeOperation = { /** The email link sign-in action. */ EMAIL_SIGNIN: "EMAIL_SIGNIN", /** The password reset action. */ PASSWORD_RESET: "PASSWORD_RESET", /** The email revocation action. */ RECOVER_EMAIL: "RECOVER_EMAIL", /** The revert second factor addition email action. */ REVERT_SECOND_FACTOR_ADDITION: "REVERT_SECOND_FACTOR_ADDITION", /** The revert second factor addition email action. */ VERIFY_AND_CHANGE_EMAIL: "VERIFY_AND_CHANGE_EMAIL", /** The email verification action. */ VERIFY_EMAIL: "VERIFY_EMAIL" }; function _debugErrorMap() { return { [ "admin-restricted-operation" /* AuthErrorCode.ADMIN_ONLY_OPERATION */ ]: "This operation is restricted to administrators only.", [ "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */ ]: "", [ "app-not-authorized" /* AuthErrorCode.APP_NOT_AUTHORIZED */ ]: "This app, identified by the domain where it's hosted, is not authorized to use Firebase Authentication with the provided API key. Review your key configuration in the Google API console.", [ "app-not-installed" /* AuthErrorCode.APP_NOT_INSTALLED */ ]: "The requested mobile application corresponding to the identifier (Android package name or iOS bundle ID) provided is not installed on this device.", [ "captcha-check-failed" /* AuthErrorCode.CAPTCHA_CHECK_FAILED */ ]: "The reCAPTCHA response token provided is either invalid, expired, already used or the domain associated with it does not match the list of whitelisted domains.", [ "code-expired" /* AuthErrorCode.CODE_EXPIRED */ ]: "The SMS code has expired. Please re-send the verification code to try again.", [ "cordova-not-ready" /* AuthErrorCode.CORDOVA_NOT_READY */ ]: "Cordova framework is not ready.", [ "cors-unsupported" /* AuthErrorCode.CORS_UNSUPPORTED */ ]: "This browser is not supported.", [ "credential-already-in-use" /* AuthErrorCode.CREDENTIAL_ALREADY_IN_USE */ ]: "This credential is already associated with a different user account.", [ "custom-token-mismatch" /* AuthErrorCode.CREDENTIAL_MISMATCH */ ]: "The custom token corresponds to a different audience.", [ "requires-recent-login" /* AuthErrorCode.CREDENTIAL_TOO_OLD_LOGIN_AGAIN */ ]: "This operation is sensitive and requires recent authentication. Log in again before retrying this request.", [ "dependent-sdk-initialized-before-auth" /* AuthErrorCode.DEPENDENT_SDK_INIT_BEFORE_AUTH */ ]: "Another Firebase SDK was initialized and is trying to use Auth before Auth is initialized. Please be sure to call `initializeAuth` or `getAuth` before starting any other Firebase SDK.", [ "dynamic-link-not-activated" /* AuthErrorCode.DYNAMIC_LINK_NOT_ACTIVATED */ ]: "Please activate Dynamic Links in the Firebase Console and agree to the terms and conditions.", [ "email-change-needs-verification" /* AuthErrorCode.EMAIL_CHANGE_NEEDS_VERIFICATION */ ]: "Multi-factor users must always have a verified email.", [ "email-already-in-use" /* AuthErrorCode.EMAIL_EXISTS */ ]: "The email address is already in use by another account.", [ "emulator-config-failed" /* AuthErrorCode.EMULATOR_CONFIG_FAILED */ ]: 'Auth instance has already been used to make a network call. Auth can no longer be configured to use the emulator. Try calling "connectAuthEmulator()" sooner.', [ "expired-action-code" /* AuthErrorCode.EXPIRED_OOB_CODE */ ]: "The action code has expired.", [ "cancelled-popup-request" /* AuthErrorCode.EXPIRED_POPUP_REQUEST */ ]: "This operation has been cancelled due to another conflicting popup being opened.", [ "internal-error" /* AuthErrorCode.INTERNAL_ERROR */ ]: "An internal AuthError has occurred.", [ "invalid-app-credential" /* AuthErrorCode.INVALID_APP_CREDENTIAL */ ]: "The phone verification request contains an invalid application verifier. The reCAPTCHA token response is either invalid or expired.", [ "invalid-app-id" /* AuthErrorCode.INVALID_APP_ID */ ]: "The mobile app identifier is not registered for the current project.", [ "invalid-user-token" /* AuthErrorCode.INVALID_AUTH */ ]: "This user's credential isn't valid for this project. This can happen if the user's token has been tampered with, or if the user isn't for the project associated with this API key.", [ "invalid-auth-event" /* AuthErrorCode.INVALID_AUTH_EVENT */ ]: "An internal AuthError has occurred.", [ "invalid-verification-code" /* AuthErrorCode.INVALID_CODE */ ]: "The SMS verification code used to create the phone auth credential is invalid. Please resend the verification code sms and be sure to use the verification code provided by the user.", [ "invalid-continue-uri" /* AuthErrorCode.INVALID_CONTINUE_URI */ ]: "The continue URL provided in the request is invalid.", [ "invalid-cordova-configuration" /* AuthErrorCode.INVALID_CORDOVA_CONFIGURATION */ ]: "The following Cordova plugins must be installed to enable OAuth sign-in: cordova-plugin-buildinfo, cordova-universal-links-plugin, cordova-plugin-browsertab, cordova-plugin-inappbrowser and cordova-plugin-customurlscheme.", [ "invalid-custom-token" /* AuthErrorCode.INVALID_CUSTOM_TOKEN */ ]: "The custom token format is incorrect. Please check the documentation.", [ "invalid-dynamic-link-domain" /* AuthErrorCode.INVALID_DYNAMIC_LINK_DOMAIN */ ]: "The provided dynamic link domain is not configured or authorized for the current project.", [ "invalid-email" /* AuthErrorCode.INVALID_EMAIL */ ]: "The email address is badly formatted.", [ "invalid-emulator-scheme" /* AuthErrorCode.INVALID_EMULATOR_SCHEME */ ]: "Emulator URL must start with a valid scheme (http:// or https://).", [ "invalid-api-key" /* AuthErrorCode.INVALID_API_KEY */ ]: "Your API key is invalid, please check you have copied it correctly.", [ "invalid-cert-hash" /* AuthErrorCode.INVALID_CERT_HASH */ ]: "The SHA-1 certificate hash provided is invalid.", [ "invalid-credential" /* AuthErrorCode.INVALID_CREDENTIAL */ ]: "The supplied auth credential is incorrect, malformed or has expired.", [ "invalid-message-payload" /* AuthErrorCode.INVALID_MESSAGE_PAYLOAD */ ]: "The email template corresponding to this action contains invalid characters in its message. Please fix by going to the Auth email templates section in the Firebase Console.", [ "invalid-multi-factor-session" /* AuthErrorCode.INVALID_MFA_SESSION */ ]: "The request does not contain a valid proof of first factor successful sign-in.", [ "invalid-oauth-provider" /* AuthErrorCode.INVALID_OAUTH_PROVIDER */ ]: "EmailAuthProvider is not supported for this operation. This operation only supports OAuth providers.", [ "invalid-oauth-client-id" /* AuthErrorCode.INVALID_OAUTH_CLIENT_ID */ ]: "The OAuth client ID provided is either invalid or does not match the specified API key.", [ "unauthorized-domain" /* AuthErrorCode.INVALID_ORIGIN */ ]: "This domain is not authorized for OAuth operations for your Firebase project. Edit the list of authorized domains from the Firebase console.", [ "invalid-action-code" /* AuthErrorCode.INVALID_OOB_CODE */ ]: "The action code is invalid. This can happen if the code is malformed, expired, or has already been used.", [ "wrong-password" /* AuthErrorCode.INVALID_PASSWORD */ ]: "The password is invalid or the user does not have a password.", [ "invalid-persistence-type" /* AuthErrorCode.INVALID_PERSISTENCE */ ]: "The specified persistence type is invalid. It can only be local, session or none.", [ "invalid-phone-number" /* AuthErrorCode.INVALID_PHONE_NUMBER */ ]: "The format of the phone number provided is incorrect. Please enter the phone number in a format that can be parsed into E.164 format. E.164 phone numbers are written in the format [+][country code][subscriber number including area code].", [ "invalid-provider-id" /* AuthErrorCode.INVALID_PROVIDER_ID */ ]: "The specified provider ID is invalid.", [ "invalid-recipient-email" /* AuthErrorCode.INVALID_RECIPIENT_EMAIL */ ]: "The email corresponding to this action failed to send as the provided recipient email address is invalid.", [ "invalid-sender" /* AuthErrorCode.INVALID_SENDER */ ]: "The email template corresponding to this action contains an invalid sender email or name. Please fix by going to the Auth email templates section in the Firebase Console.", [ "invalid-verification-id" /* AuthErrorCode.INVALID_SESSION_INFO */ ]: "The verification ID used to create the phone auth credential is invalid.", [ "invalid-tenant-id" /* AuthErrorCode.INVALID_TENANT_ID */ ]: "The Auth instance's tenant ID is invalid.", [ "login-blocked" /* AuthErrorCode.LOGIN_BLOCKED */ ]: "Login blocked by user-provided method: {$originalMessage}", [ "missing-android-pkg-name" /* AuthErrorCode.MISSING_ANDROID_PACKAGE_NAME */ ]: "An Android Package Name must be provided if the Android App is required to be installed.", [ "auth-domain-config-required" /* AuthErrorCode.MISSING_AUTH_DOMAIN */ ]: "Be sure to include authDomain when calling firebase.initializeApp(), by following the instructions in the Firebase console.", [ "missing-app-credential" /* AuthErrorCode.MISSING_APP_CREDENTIAL */ ]: "The phone verification request is missing an application verifier assertion. A reCAPTCHA response token needs to be provided.", [ "missing-verification-code" /* AuthErrorCode.MISSING_CODE */ ]: "The phone auth credential was created with an empty SMS verification code.", [ "missing-continue-uri" /* AuthErrorCode.MISSING_CONTINUE_URI */ ]: "A continue URL must be provided in the request.", [ "missing-iframe-start" /* AuthErrorCode.MISSING_IFRAME_START */ ]: "An internal AuthError has occurred.", [ "missing-ios-bundle-id" /* AuthErrorCode.MISSING_IOS_BUNDLE_ID */ ]: "An iOS Bundle ID must be provided if an App Store ID is provided.", [ "missing-or-invalid-nonce" /* AuthErrorCode.MISSING_OR_INVALID_NONCE */ ]: "The request does not contain a valid nonce. This can occur if the SHA-256 hash of the provided raw nonce does not match the hashed nonce in the ID token payload.", [ "missing-password" /* AuthErrorCode.MISSING_PASSWORD */ ]: "A non-empty password must be provided", [ "missing-multi-factor-info" /* AuthErrorCode.MISSING_MFA_INFO */ ]: "No second factor identifier is provided.", [ "missing-multi-factor-session" /* AuthErrorCode.MISSING_MFA_SESSION */ ]: "The request is missing proof of first factor successful sign-in.", [ "missing-phone-number" /* AuthErrorCode.MISSING_PHONE_NUMBER */ ]: "To send verification codes, provide a phone number for the recipient.", [ "missing-verification-id" /* AuthErrorCode.MISSING_SESSION_INFO */ ]: "The phone auth credential was created with an empty verification ID.", [ "app-deleted" /* AuthErrorCode.MODULE_DESTROYED */ ]: "This instance of FirebaseApp has been deleted.", [ "multi-factor-info-not-found" /* AuthErrorCode.MFA_INFO_NOT_FOUND */ ]: "The user does not have a second factor matching the identifier provided.", [ "multi-factor-auth-required" /* AuthErrorCode.MFA_REQUIRED */ ]: "Proof of ownership of a second factor is required to complete sign-in.", [ "account-exists-with-different-credential" /* AuthErrorCode.NEED_CONFIRMATION */ ]: "An account already exists with the same email address but different sign-in credentials. Sign in using a provider associated with this email address.", [ "network-request-failed" /* AuthErrorCode.NETWORK_REQUEST_FAILED */ ]: "A network AuthError (such as timeout, interrupted connection or unreachable host) has occurred.", [ "no-auth-event" /* AuthErrorCode.NO_AUTH_EVENT */ ]: "An internal AuthError has occurred.", [ "no-such-provider" /* AuthErrorCode.NO_SUCH_PROVIDER */ ]: "User was not linked to an account with the given provider.", [ "null-user" /* AuthErrorCode.NULL_USER */ ]: "A null user object was provided as the argument for an operation which requires a non-null user object.", [ "operation-not-allowed" /* AuthErrorCode.OPERATION_NOT_ALLOWED */ ]: "The given sign-in provider is disabled for this Firebase project. Enable it in the Firebase console, under the sign-in method tab of the Auth section.", [ "operation-not-supported-in-this-environment" /* AuthErrorCode.OPERATION_NOT_SUPPORTED */ ]: 'This operation is not supported in the environment this application is running on. "location.protocol" must be http, https or chrome-extension and web storage must be enabled.', [ "popup-blocked" /* AuthErrorCode.POPUP_BLOCKED */ ]: "Unable to establish a connection with the popup. It may have been blocked by the browser.", [ "popup-closed-by-user" /* AuthErrorCode.POPUP_CLOSED_BY_USER */ ]: "The popup has been closed by the user before finalizing the operation.", [ "provider-already-linked" /* AuthErrorCode.PROVIDER_ALREADY_LINKED */ ]: "User can only be linked to one identity for the given provider.", [ "quota-exceeded" /* AuthErrorCode.QUOTA_EXCEEDED */ ]: "The project's quota for this operation has been exceeded.", [ "redirect-cancelled-by-user" /* AuthErrorCode.REDIRECT_CANCELLED_BY_USER */ ]: "The redirect operation has been cancelled by the user before finalizing.", [ "redirect-operation-pending" /* AuthErrorCode.REDIRECT_OPERATION_PENDING */ ]: "A redirect sign-in operation is already pending.", [ "rejected-credential" /* AuthErrorCode.REJECTED_CREDENTIAL */ ]: "The request contains malformed or mismatching credentials.", [ "second-factor-already-in-use" /* AuthErrorCode.SECOND_FACTOR_ALREADY_ENROLLED */ ]: "The second factor is already enrolled on this account.", [ "maximum-second-factor-count-exceeded" /* AuthErrorCode.SECOND_FACTOR_LIMIT_EXCEEDED */ ]: "The maximum allowed number of second factors on a user has been exceeded.", [ "tenant-id-mismatch" /* AuthErrorCode.TENANT_ID_MISMATCH */ ]: "The provided tenant ID does not match the Auth instance's tenant ID", [ "timeout" /* AuthErrorCode.TIMEOUT */ ]: "The operation has timed out.", [ "user-token-expired" /* AuthErrorCode.TOKEN_EXPIRED */ ]: "The user's credential is no longer valid. The user must sign in again.", [ "too-many-requests" /* AuthErrorCode.TOO_MANY_ATTEMPTS_TRY_LATER */ ]: "We have blocked all requests from this device due to unusual activity. Try again later.", [ "unauthorized-continue-uri" /* AuthErrorCode.UNAUTHORIZED_DOMAIN */ ]: "The domain of the continue URL is not whitelisted. Please whitelist the domain in the Firebase console.", [ "unsupported-first-factor" /* AuthErrorCode.UNSUPPORTED_FIRST_FACTOR */ ]: "Enrolling a second factor or signing in with a multi-factor account requires sign-in with a supported first factor.", [ "unsupported-persistence-type" /* AuthErrorCode.UNSUPPORTED_PERSISTENCE */ ]: "The current environment does not support the specified persistence type.", [ "unsupported-tenant-operation" /* AuthErrorCode.UNSUPPORTED_TENANT_OPERATION */ ]: "This operation is not supported in a multi-tenant context.", [ "unverified-email" /* AuthErrorCode.UNVERIFIED_EMAIL */ ]: "The operation requires a verified email.", [ "user-cancelled" /* AuthErrorCode.USER_CANCELLED */ ]: "The user did not grant your application the permissions it requested.", [ "user-not-found" /* AuthErrorCode.USER_DELETED */ ]: "There is no user record corresponding to this identifier. The user may have been deleted.", [ "user-disabled" /* AuthErrorCode.USER_DISABLED */ ]: "The user account has been disabled by an administrator.", [ "user-mismatch" /* AuthErrorCode.USER_MISMATCH */ ]: "The supplied credentials do not correspond to the previously signed in user.", [ "user-signed-out" /* AuthErrorCode.USER_SIGNED_OUT */ ]: "", [ "weak-password" /* AuthErrorCode.WEAK_PASSWORD */ ]: "The password must be 6 characters long or more.", [ "web-storage-unsupported" /* AuthErrorCode.WEB_STORAGE_UNSUPPORTED */ ]: "This browser is not supported or 3rd party cookies and data may be disabled.", [ "already-initialized" /* AuthErrorCode.ALREADY_INITIALIZED */ ]: "initializeAuth() has already been called with different options. To avoid this error, call initializeAuth() with the same options as when it was originally called, or call getAuth() to return the already initialized instance.", [ "missing-recaptcha-token" /* AuthErrorCode.MISSING_RECAPTCHA_TOKEN */ ]: "The reCAPTCHA token is missing when sending request to the backend.", [ "invalid-recaptcha-token" /* AuthErrorCode.INVALID_RECAPTCHA_TOKEN */ ]: "The reCAPTCHA token is invalid when sending request to the backend.", [ "invalid-recaptcha-action" /* AuthErrorCode.INVALID_RECAPTCHA_ACTION */ ]: "The reCAPTCHA action is invalid when sending request to the backend.", [ "recaptcha-not-enabled" /* AuthErrorCode.RECAPTCHA_NOT_ENABLED */ ]: "reCAPTCHA Enterprise integration is not enabled for this project.", [ "missing-client-type" /* AuthErrorCode.MISSING_CLIENT_TYPE */ ]: "The reCAPTCHA client type is missing when sending request to the backend.", [ "missing-recaptcha-version" /* AuthErrorCode.MISSING_RECAPTCHA_VERSION */ ]: "The reCAPTCHA version is missing when sending request to the backend.", [ "invalid-req-type" /* AuthErrorCode.INVALID_REQ_TYPE */ ]: "Invalid request parameters.", [ "invalid-recaptcha-version" /* AuthErrorCode.INVALID_RECAPTCHA_VERSION */ ]: "The reCAPTCHA version is invalid when sending request to the backend.", [ "unsupported-password-policy-schema-version" /* AuthErrorCode.UNSUPPORTED_PASSWORD_POLICY_SCHEMA_VERSION */ ]: "The password policy received from the backend uses a schema version that is not supported by this version of the Firebase SDK.", [ "password-does-not-meet-requirements" /* AuthErrorCode.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */ ]: "The password does not meet the requirements.", [ "invalid-hosting-link-domain" /* AuthErrorCode.INVALID_HOSTING_LINK_DOMAIN */ ]: "The provided Hosting link domain is not configured in Firebase Hosting or is not owned by the current project. This cannot be a default Hosting domain (`web.app` or `firebaseapp.com`)." }; } function _prodErrorMap() { return { [ "dependent-sdk-initialized-before-auth" /* AuthErrorCode.DEPENDENT_SDK_INIT_BEFORE_AUTH */ ]: "Another Firebase SDK was initialized and is trying to use Auth before Auth is initialized. Please be sure to call `initializeAuth` or `getAuth` before starting any other Firebase SDK." }; } var debugErrorMap = _debugErrorMap; var prodErrorMap = _prodErrorMap; var _DEFAULT_AUTH_ERROR_FACTORY = new ErrorFactory("auth", "Firebase", _prodErrorMap()); var AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY = { ADMIN_ONLY_OPERATION: "auth/admin-restricted-operation", ARGUMENT_ERROR: "auth/argument-error", APP_NOT_AUTHORIZED: "auth/app-not-authorized", APP_NOT_INSTALLED: "auth/app-not-installed", CAPTCHA_CHECK_FAILED: "auth/captcha-check-failed", CODE_EXPIRED: "auth/code-expired", CORDOVA_NOT_READY: "auth/cordova-not-ready", CORS_UNSUPPORTED: "auth/cors-unsupported", CREDENTIAL_ALREADY_IN_USE: "auth/credential-already-in-use", CREDENTIAL_MISMATCH: "auth/custom-token-mismatch", CREDENTIAL_TOO_OLD_LOGIN_AGAIN: "auth/requires-recent-login", DEPENDENT_SDK_INIT_BEFORE_AUTH: "auth/dependent-sdk-initialized-before-auth", DYNAMIC_LINK_NOT_ACTIVATED: "auth/dynamic-link-not-activated", EMAIL_CHANGE_NEEDS_VERIFICATION: "auth/email-change-needs-verification", EMAIL_EXISTS: "auth/email-already-in-use", EMULATOR_CONFIG_FAILED: "auth/emulator-config-failed", EXPIRED_OOB_CODE: "auth/expired-action-code", EXPIRED_POPUP_REQUEST: "auth/cancelled-popup-request", INTERNAL_ERROR: "auth/internal-error", INVALID_API_KEY: "auth/invalid-api-key", INVALID_APP_CREDENTIAL: "auth/invalid-app-credential", INVALID_APP_ID: "auth/invalid-app-id", INVALID_AUTH: "auth/invalid-user-token", INVALID_AUTH_EVENT: "auth/invalid-auth-event", INVALID_CERT_HASH: "auth/invalid-cert-hash", INVALID_CODE: "auth/invalid-verification-code", INVALID_CONTINUE_URI: "auth/invalid-continue-uri", INVALID_CORDOVA_CONFIGURATION: "auth/invalid-cordova-configuration", INVALID_CUSTOM_TOKEN: "auth/invalid-custom-token", INVALID_DYNAMIC_LINK_DOMAIN: "auth/invalid-dynamic-link-domain", INVALID_EMAIL: "auth/invalid-email", INVALID_EMULATOR_SCHEME: "auth/invalid-emulator-scheme", INVALID_IDP_RESPONSE: "auth/invalid-credential", INVALID_LOGIN_CREDENTIALS: "auth/invalid-credential", INVALID_MESSAGE_PAYLOAD: "auth/invalid-message-payload", INVALID_MFA_SESSION: "auth/invalid-multi-factor-session", INVALID_OAUTH_CLIENT_ID: "auth/invalid-oauth-client-id", INVALID_OAUTH_PROVIDER: "auth/invalid-oauth-provider", INVALID_OOB_CODE: "auth/invalid-action-code", INVALID_ORIGIN: "auth/unauthorized-domain", INVALID_PASSWORD: "auth/wrong-password", INVALID_PERSISTENCE: "auth/invalid-persistence-type", INVALID_PHONE_NUMBER: "auth/invalid-phone-number", INVALID_PROVIDER_ID: "auth/invalid-provider-id", INVALID_RECIPIENT_EMAIL: "auth/invalid-recipient-email", INVALID_SENDER: "auth/invalid-sender", INVALID_SESSION_INFO: "auth/invalid-verification-id", INVALID_TENANT_ID: "auth/invalid-tenant-id", MFA_INFO_NOT_FOUND: "auth/multi-factor-info-not-found", MFA_REQUIRED: "auth/multi-factor-auth-required", MISSING_ANDROID_PACKAGE_NAME: "auth/missing-android-pkg-name", MISSING_APP_CREDENTIAL: "auth/missing-app-credential", MISSING_AUTH_DOMAIN: "auth/auth-domain-config-required", MISSING_CODE: "auth/missing-verification-code", MISSING_CONTINUE_URI: "auth/missing-continue-uri", MISSING_IFRAME_START: "auth/missing-iframe-start", MISSING_IOS_BUNDLE_ID: "auth/missing-ios-bundle-id", MISSING_OR_INVALID_NONCE: "auth/missing-or-invalid-nonce", MISSING_MFA_INFO: "auth/missing-multi-factor-info", MISSING_MFA_SESSION: "auth/missing-multi-factor-session", MISSING_PHONE_NUMBER: "auth/missing-phone-number", MISSING_PASSWORD: "auth/missing-password", MISSING_SESSION_INFO: "auth/missing-verification-id", MODULE_DESTROYED: "auth/app-deleted", NEED_CONFIRMATION: "auth/account-exists-with-different-credential", NETWORK_REQUEST_FAILED: "auth/network-request-failed", NULL_USER: "auth/null-user", NO_AUTH_EVENT: "auth/no-auth-event", NO_SUCH_PROVIDER: "auth/no-such-provider", OPERATION_NOT_ALLOWED: "auth/operation-not-allowed", OPERATION_NOT_SUPPORTED: "auth/operation-not-supported-in-this-environment", POPUP_BLOCKED: "auth/popup-blocked", POPUP_CLOSED_BY_USER: "auth/popup-closed-by-user", PROVIDER_ALREADY_LINKED: "auth/provider-already-linked", QUOTA_EXCEEDED: "auth/quota-exceeded", REDIRECT_CANCELLED_BY_USER: "auth/redirect-cancelled-by-user", REDIRECT_OPERATION_PENDING: "auth/redirect-operation-pending", REJECTED_CREDENTIAL: "auth/rejected-credential", SECOND_FACTOR_ALREADY_ENROLLED: "auth/second-factor-already-in-use", SECOND_FACTOR_LIMIT_EXCEEDED: "auth/maximum-second-factor-count-exceeded", TENANT_ID_MISMATCH: "auth/tenant-id-mismatch", TIMEOUT: "auth/timeout", TOKEN_EXPIRED: "auth/user-token-expired", TOO_MANY_ATTEMPTS_TRY_LATER: "auth/too-many-requests", UNAUTHORIZED_DOMAIN: "auth/unauthorized-continue-uri", UNSUPPORTED_FIRST_FACTOR: "auth/unsupported-first-factor", UNSUPPORTED_PERSISTENCE: "auth/unsupported-persistence-type", UNSUPPORTED_TENANT_OPERATION: "auth/unsupported-tenant-operation", UNVERIFIED_EMAIL: "auth/unverified-email", USER_CANCELLED: "auth/user-cancelled", USER_DELETED: "auth/user-not-found", USER_DISABLED: "auth/user-disabled", USER_MISMATCH: "auth/user-mismatch", USER_SIGNED_OUT: "auth/user-signed-out", WEAK_PASSWORD: "auth/weak-password", WEB_STORAGE_UNSUPPORTED: "auth/web-storage-unsupported", ALREADY_INITIALIZED: "auth/already-initialized", RECAPTCHA_NOT_ENABLED: "auth/recaptcha-not-enabled", MISSING_RECAPTCHA_TOKEN: "auth/missing-recaptcha-token", INVALID_RECAPTCHA_TOKEN: "auth/invalid-recaptcha-token", INVALID_RECAPTCHA_ACTION: "auth/invalid-recaptcha-action", MISSING_CLIENT_TYPE: "auth/missing-client-type", MISSING_RECAPTCHA_VERSION: "auth/missing-recaptcha-version", INVALID_RECAPTCHA_VERSION: "auth/invalid-recaptcha-version", INVALID_REQ_TYPE: "auth/invalid-req-type", INVALID_HOSTING_LINK_DOMAIN: "auth/invalid-hosting-link-domain" }; var logClient = new Logger("@firebase/auth"); function _logWarn(msg, ...args) { if (logClient.logLevel <= LogLevel.WARN) { logClient.warn(`Auth (${SDK_VERSION}): ${msg}`, ...args); } } function _logError(msg, ...args) { if (logClient.logLevel <= LogLevel.ERROR) { logClient.error(`Auth (${SDK_VERSION}): ${msg}`, ...args); } } function _fail(authOrCode, ...rest) { throw createErrorInternal(authOrCode, ...rest); } function _createError(authOrCode, ...rest) { return createErrorInternal(authOrCode, ...rest); } function _errorWithCustomMessage(auth, code, message) { const errorMap = { ...prodErrorMap(), [code]: message }; const factory = new ErrorFactory("auth", "Firebase", errorMap); return factory.create(code, { appName: auth.name }); } function _serverAppCurrentUserOperationNotSupportedError(auth) { return _errorWithCustomMessage(auth, "operation-not-supported-in-this-environment", "Operations that alter the current user are not supported in conjunction with FirebaseServerApp"); } function _assertInstanceOf(auth, object, instance) { const constructorInstance = instance; if (!(object instanceof constructorInstance)) { if (constructorInstance.name !== object.constructor.name) { _fail( auth, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */ ); } throw _errorWithCustomMessage(auth, "argument-error", `Type of ${object.constructor.name} does not match expected instance.Did you pass a reference from a different Auth SDK?`); } } function createErrorInternal(authOrCode, ...rest) { if (typeof authOrCode !== "string") { const code = rest[0]; const fullParams = [...rest.slice(1)]; if (fullParams[0]) { fullParams[0].appName = authOrCode.name; } return authOrCode._errorFactory.create(code, ...fullParams); } return _DEFAULT_AUTH_ERROR_FACTORY.create(authOrCode, ...rest); } function _assert(assertion, authOrCode, ...rest) { if (!assertion) { throw createErrorInternal(authOrCode, ...rest); } } function debugFail(failure) { const message = `INTERNAL ASSERTION FAILED: ` + failure; _logError(message); throw new Error(message); } function debugAssert(assertion, message) { if (!assertion) { debugFail(message); } } function _getCurrentUrl() { return typeof self !== "undefined" && self.location?.href || ""; } function _isHttpOrHttps() { return _getCurrentScheme() === "http:" || _getCurrentScheme() === "https:"; } function _getCurrentScheme() { return typeof self !== "undefined" && self.location?.protocol || null; } function _isOnline() { if (typeof navigator !== "undefined" && navigator && "onLine" in navigator && typeof navigator.onLine === "boolean" && // Apply only for traditional web apps and Chrome extensions. // This is especially true for Cordova apps which have unreliable // navigator.onLine behavior unless cordova-plugin-network-information is // installed which overwrites the native navigator.onLine value and // defines navigator.connection. (_isHttpOrHttps() || isBrowserExtension() || "connection" in navigator)) { return navigator.onLine; } return true; } function _getUserLanguage() { if (typeof navigator === "undefined") { return null; } const navigatorLanguage = navigator; return ( // Most reliable, but only supported in Chrome/Firefox. navigatorLanguage.languages && navigatorLanguage.languages[0] || // Supported in most browsers, but returns the language of the browser // UI, not the language set in browser settings. navigatorLanguage.language || // Couldn't determine language. null ); } var Delay = class { constructor(shortDelay, longDelay) { this.shortDelay = shortDelay; this.longDelay = longDelay; debugAssert(longDelay > shortDelay, "Short delay should be less than long delay!"); this.isMobile = isMobileCordova() || isReactNative(); } get() { if (!_isOnline()) { return Math.min(5e3, this.shortDelay); } return this.isMobile ? this.longDelay : this.shortDelay; } }; function _emulatorUrl(config, path) { debugAssert(config.emulator, "Emulator should always be set here"); const { url } = config.emulator; if (!path) { return url; } return `${url}${path.startsWith("/") ? path.slice(1) : path}`; } var FetchProvider = class { static initialize(fetchImpl, headersImpl, responseImpl) { this.fetchImpl = fetchImpl; if (headersImpl) { this.headersImpl = headersImpl; } if (responseImpl) { this.responseImpl = responseImpl; } } static fetch() { if (this.fetchImpl) { return this.fetchImpl; } if (typeof self !== "undefined" && "fetch" in self) { return self.fetch; } if (typeof globalThis !== "undefined" && globalThis.fetch) { return globalThis.fetch; } if (typeof fetch !== "undefined") { return fetch; } debugFail("Could not find fetch implementation, make sure you call FetchProvider.initialize() with an appropriate polyfill"); } static headers() { if (this.headersImpl) { return this.headersImpl; } if (typeof self !== "undefined" && "Headers" in self) { return self.Headers; } if (typeof globalThis !== "undefined" && globalThis.Headers) { return globalThis.Headers; } if (typeof Headers !== "undefined") { return Headers; } debugFail("Could not find Headers implementation, make sure you call FetchProvider.initialize() with an appropriate polyfill"); } static response() { if (this.responseImpl) { return this.responseImpl; } if (typeof self !== "undefined" && "Response" in self) { return self.Response; } if (typeof globalThis !== "undefined" && globalThis.Response) { return globalThis.Response; } if (typeof Response !== "undefined") { return Response; } debugFail("Could not find Response implementation, make sure you call FetchProvider.initialize() with an appropriate polyfill"); } }; var SERVER_ERROR_MAP = { // Custom token errors. [ "CREDENTIAL_MISMATCH" /* ServerError.CREDENTIAL_MISMATCH */ ]: "custom-token-mismatch", // This can only happen if the SDK sends a bad request. [ "MISSING_CUSTOM_TOKEN" /* ServerError.MISSING_CUSTOM_TOKEN */ ]: "internal-error", // Create Auth URI errors. [ "INVALID_IDENTIFIER" /* ServerError.INVALID_IDENTIFIER */ ]: "invalid-email", // This can only happen if the SDK sends a bad request. [ "MISSING_CONTINUE_URI" /* ServerError.MISSING_CONTINUE_URI */ ]: "internal-error", // Sign in with email and password errors (some apply to sign up too). [ "INVALID_PASSWORD" /* ServerError.INVALID_PASSWORD */ ]: "wrong-password", // This can only happen if the SDK sends a bad request. [ "MISSING_PASSWORD" /* ServerError.MISSING_PASSWORD */ ]: "missing-password", // Thrown if Email Enumeration Protection is enabled in the project and the email or password is // invalid. [ "INVALID_LOGIN_CREDENTIALS" /* ServerError.INVALID_LOGIN_CREDENTIALS */ ]: "invalid-credential", // Sign up with email and password errors. [ "EMAIL_EXISTS" /* ServerError.EMAIL_EXISTS */ ]: "email-already-in-use", [ "PASSWORD_LOGIN_DISABLED" /* ServerError.PASSWORD_LOGIN_DISABLED */ ]: "operation-not-allowed", // Verify assertion for sign in with credential errors: [ "INVALID_IDP_RESPONSE" /* ServerError.INVALID_IDP_RESPONSE */ ]: "invalid-credential", [ "INVALID_PENDING_TOKEN" /* ServerError.INVALID_PENDING_TOKEN */ ]: "invalid-credential", [ "FEDERATED_USER_ID_ALREADY_LINKED" /* ServerError.FEDERATED_USER_ID_ALREADY_LINKED */ ]: "credential-already-in-use", // This can only happen if the SDK sends a bad request. [ "MISSING_REQ_TYPE" /* ServerError.MISSING_REQ_TYPE */ ]: "internal-error", // Send Password reset email errors: [ "EMAIL_NOT_FOUND" /* ServerError.EMAIL_NOT_FOUND */ ]: "user-not-found", [ "RESET_PASSWORD_EXCEED_LIMIT" /* ServerError.RESET_PASSWORD_EXCEED_LIMIT */ ]: "too-many-requests", [ "EXPIRED_OOB_CODE" /* ServerError.EXPIRED_OOB_CODE */ ]: "expired-action-code", [ "INVALID_OOB_CODE" /* ServerError.INVALID_OOB_CODE */ ]: "invalid-action-code", // This can only happen if the SDK sends a bad request. [ "MISSING_OOB_CODE" /* ServerError.MISSING_OOB_CODE */ ]: "internal-error", // Operations that require ID token in request: [ "CREDENTIAL_TOO_OLD_LOGIN_AGAIN" /* ServerError.CREDENTIAL_TOO_OLD_LOGIN_AGAIN */ ]: "requires-recent-login", [ "INVALID_ID_TOKEN" /* ServerError.INVALID_ID_TOKEN */ ]: "invalid-user-token", [ "TOKEN_EXPIRED" /* ServerError.TOKEN_EXPIRED */ ]: "user-token-expired", [ "USER_NOT_FOUND" /* ServerError.USER_NOT_FOUND */ ]: "user-token-expired", // Other errors. [ "TOO_MANY_ATTEMPTS_TRY_LATER" /* ServerError.TOO_MANY_ATTEMPTS_TRY_LATER */ ]: "too-many-requests", [ "PASSWORD_DOES_NOT_MEET_REQUIREMENTS" /* ServerError.PASSWORD_DOES_NOT_MEET_REQUIREMENTS */ ]: "password-does-not-meet-requirements", // Phone Auth related errors. [ "INVALID_CODE" /* ServerError.INVALID_CODE */ ]: "invalid-verification-code", [ "INVALID_SESSION_INFO" /* ServerError.INVALID_SESSION_INFO */ ]: "invalid-verification-id", [ "INVALID_TEMPORARY_PROOF" /* ServerError.INVALID_TEMPORARY_PROOF */ ]: "invalid-credential", [ "MISSING_SESSION_INFO" /* ServerError.MISSING_SESSION_INFO */ ]: "missing-verification-id", [ "SESSION_EXPIRED" /* ServerError.SESSION_EXPIRED */ ]: "code-expired", // Other action code errors when additional settings passed. // MISSING_CONTINUE_URI is getting mapped to INTERNAL_ERROR above. // This is OK as this error will be caught by client side validation. [ "MISSING_ANDROID_PACKAGE_NAME" /* ServerError.MISSING_ANDROID_PACKAGE_NAME */ ]: "missing-android-pkg-name", [ "UNAUTHORIZED_DOMAIN" /* ServerError.UNAUTHORIZED_DOMAIN */ ]: "unauthorized-continue-uri", // getProjectConfig errors when clientId is passed. [ "INVALID_OAUTH_CLIENT_ID" /* ServerError.INVALID_OAUTH_CLIENT_ID */ ]: "invalid-oauth-client-id", // User actions (sign-up or deletion) disabled errors. [ "ADMIN_ONLY_OPERATION" /* ServerError.ADMIN_ONLY_OPERATION */ ]: "admin-restricted-operation", // Multi factor related errors. [ "INVALID_MFA_PENDING_CREDENTIAL" /* ServerError.INVALID_MFA_PENDING_CREDENTIAL */ ]: "invalid-multi-factor-session", [ "MFA_ENROLLMENT_NOT_FOUND" /* ServerError.MFA_ENROLLMENT_NOT_FOUND */ ]: "multi-factor-info-not-found", [ "MISSING_MFA_ENROLLMENT_ID" /* ServerError.MISSING_MFA_ENROLLMENT_ID */ ]: "missing-multi-factor-info", [ "MISSING_MFA_PENDING_CREDENTIAL" /* ServerError.MISSING_MFA_PENDING_CREDENTIAL */ ]: "missing-multi-factor-session", [ "SECOND_FACTOR_EXISTS" /* ServerError.SECOND_FACTOR_EXISTS */ ]: "second-factor-already-in-use", [ "SECOND_FACTOR_LIMIT_EXCEEDED" /* ServerError.SECOND_FACTOR_LIMIT_EXCEEDED */ ]: "maximum-second-factor-count-exceeded", // Blocking functions related errors. [ "BLOCKING_FUNCTION_ERROR_RESPONSE" /* ServerError.BLOCKING_FUNCTION_ERROR_RESPONSE */ ]: "internal-error", // Recaptcha related errors. [ "RECAPTCHA_NOT_ENABLED" /* ServerError.RECAPTCHA_NOT_ENABLED */ ]: "recaptcha-not-enabled", [ "MISSING_RECAPTCHA_TOKEN" /* ServerError.MISSING_RECAPTCHA_TOKEN */ ]: "missing-recaptcha-token", [ "INVALID_RECAPTCHA_TOKEN" /* ServerError.INVALID_RECAPTCHA_TOKEN */ ]: "invalid-recaptcha-token", [ "INVALID_RECAPTCHA_ACTION" /* ServerError.INVALID_RECAPTCHA_ACTION */ ]: "invalid-recaptcha-action", [ "MISSING_CLIENT_TYPE" /* ServerError.MISSING_CLIENT_TYPE */ ]: "missing-client-type", [ "MISSING_RECAPTCHA_VERSION" /* ServerError.MISSING_RECAPTCHA_VERSION */ ]: "missing-recaptcha-version", [ "INVALID_RECAPTCHA_VERSION" /* ServerError.INVALID_RECAPTCHA_VERSION */ ]: "invalid-recaptcha-version", [ "INVALID_REQ_TYPE" /* ServerError.INVALID_REQ_TYPE */ ]: "invalid-req-type" /* AuthErrorCode.INVALID_REQ_TYPE */ }; var CookieAuthProxiedEndpoints = [ "/v1/accounts:signInWithCustomToken", "/v1/accounts:signInWithEmailLink", "/v1/accounts:signInWithIdp", "/v1/accounts:signInWithPassword", "/v1/accounts:signInWithPhoneNumber", "/v1/token" /* Endpoint.TOKEN */ ]; var DEFAULT_API_TIMEOUT_MS = new Delay(3e4, 6e4); function _addTidIfNecessary(auth, request) { if (auth.tenantId && !request.tenantId) { return { ...request, tenantId: auth.tenantId }; } return request; } async function _performApiRequest(auth, method, path, request, customErrorMap = {}) { return _performFetchWithErrorHandling(auth, customErrorMap, async () => { let body = {}; let params = {}; if (request) { if (method === "GET") { params = request; } else { body = { body: JSON.stringify(request) }; } } const query = querystring({ key: auth.config.apiKey, ...params }).slice(1); const headers = await auth._getAdditionalHeaders(); headers[ "Content-Type" /* HttpHeader.CONTENT_TYPE */ ] = "application/json"; if (auth.languageCode) { headers[ "X-Firebase-Locale" /* HttpHeader.X_FIREBASE_LOCALE */ ] = auth.languageCode; } const fetchArgs = { method, headers, ...body }; if (!isCloudflareWorker()) { fetchArgs.referrerPolicy = "no-referrer"; } if (auth.emulatorConfig && isCloudWorkstation(auth.emulatorConfig.host)) { fetchArgs.credentials = "include"; } return FetchProvider.fetch()(await _getFinalTarget(auth, auth.config.apiHost, path, query), fetchArgs); }); } async function _performFetchWithErrorHandling(auth, customErrorMap, fetchFn) { auth._canInitEmulator = false; const errorMap = { ...SERVER_ERROR_MAP, ...customErrorMap }; try { const networkTimeout = new NetworkTimeout(auth); const response = await Promise.race([ fetchFn(), networkTimeout.promise ]); networkTimeout.clearNetworkTimeout(); const json = await response.json(); if ("needConfirmation" in json) { throw _makeTaggedError(auth, "account-exists-with-different-credential", json); } if (response.ok && !("errorMessage" in json)) { return json; } else { const errorMessage = response.ok ? json.errorMessage : json.error.message; const [serverErrorCode, serverErrorMessage] = errorMessage.split(" : "); if (serverErrorCode === "FEDERATED_USER_ID_ALREADY_LINKED") { throw _makeTaggedError(auth, "credential-already-in-use", json); } else if (serverErrorCode === "EMAIL_EXISTS") { throw _makeTaggedError(auth, "email-already-in-use", json); } else if (serverErrorCode === "USER_DISABLED") { throw _makeTaggedError(auth, "user-disabled", json); } const authError = errorMap[serverErrorCode] || serverErrorCode.toLowerCase().replace(/[_\s]+/g, "-"); if (serverErrorMessage) { throw _errorWithCustomMessage(auth, authError, serverErrorMessage); } else { _fail(auth, authError); } } } catch (e) { if (e instanceof FirebaseError) { throw e; } _fail(auth, "network-request-failed", { "message": String(e) }); } } async function _performSignInRequest(auth, method, path, request, customErrorMap = {}) { const serverResponse = await _performApiRequest(auth, method, path, request, customErrorMap); if ("mfaPendingCredential" in serverResponse) { _fail(auth, "multi-factor-auth-required", { _serverResponse: serverResponse }); } return serverResponse; } async function _getFinalTarget(auth, host, path, query) { const base = `${host}${path}?${query}`; const authInternal = auth; const finalTarget = authInternal.config.emulator ? _emulatorUrl(auth.config, base) : `${auth.config.apiScheme}://${base}`; if (CookieAuthProxiedEndpoints.includes(path)) { await authInternal._persistenceManagerAvailable; if (authInternal._getPersistenceType() === "COOKIE") { const cookiePersistence = authInternal._getPersistence(); return cookiePersistence._getFinalTarget(finalTarget).toString(); } } return finalTarget; } function _parseEnforcementState(enforcementStateStr) { switch (enforcementStateStr) { case "ENFORCE": return "ENFORCE"; case "AUDIT": return "AUDIT"; case "OFF": return "OFF"; default: return "ENFORCEMENT_STATE_UNSPECIFIED"; } } var NetworkTimeout = class { clearNetworkTimeout() { clearTimeout(this.timer); } constructor(auth) { this.auth = auth; this.timer = null; this.promise = new Promise((_, reject) => { this.timer = setTimeout(() => { return reject(_createError( this.auth, "network-request-failed" /* AuthErrorCode.NETWORK_REQUEST_FAILED */ )); }, DEFAULT_API_TIMEOUT_MS.get()); }); } }; function _makeTaggedError(auth, code, response) { const errorParams = { appName: auth.name }; if (response.email) { errorParams.email = response.email; } if (response.phoneNumber) { errorParams.phoneNumber = response.phoneNumber; } const error = _createError(auth, code, errorParams); error.customData._tokenResponse = response; return error; } function isV2(grecaptcha) { return grecaptcha !== void 0 && grecaptcha.getResponse !== void 0; } function isEnterprise(grecaptcha) { return grecaptcha !== void 0 && grecaptcha.enterprise !== void 0; } var RecaptchaConfig = class { constructor(response) { this.siteKey = ""; this.recaptchaEnforcementState = []; if (response.recaptchaKey === void 0) { throw new Error("recaptchaKey undefined"); } this.siteKey = response.recaptchaKey.split("/")[3]; this.recaptchaEnforcementState = response.recaptchaEnforcementState; } /** * Returns the reCAPTCHA Enterprise enforcement state for the given provider. * * @param providerStr - The provider whose enforcement state is to be returned. * @returns The reCAPTCHA Enterprise enforcement state for the given provider. */ getProviderEnforcementState(providerStr) { if (!this.recaptchaEnforcementState || this.recaptchaEnforcementState.length === 0) { return null; } for (const recaptchaEnforcementState of this.recaptchaEnforcementState) { if (recaptchaEnforcementState.provider && recaptchaEnforcementState.provider === providerStr) { return _parseEnforcementState(recaptchaEnforcementState.enforcementState); } } return null; } /** * Returns true if the reCAPTCHA Enterprise enforcement state for the provider is set to ENFORCE or AUDIT. * * @param providerStr - The provider whose enablement state is to be returned. * @returns Whether or not reCAPTCHA Enterprise protection is enabled for the given provider. */ isProviderEnabled(providerStr) { return this.getProviderEnforcementState(providerStr) === "ENFORCE" || this.getProviderEnforcementState(providerStr) === "AUDIT"; } /** * Returns true if reCAPTCHA Enterprise protection is enabled in at least one provider, otherwise * returns false. * * @returns Whether or not reCAPTCHA Enterprise protection is enabled for at least one provider. */ isAnyProviderEnabled() { return this.isProviderEnabled( "EMAIL_PASSWORD_PROVIDER" /* RecaptchaAuthProvider.EMAIL_PASSWORD_PROVIDER */ ) || this.isProviderEnabled( "PHONE_PROVIDER" /* RecaptchaAuthProvider.PHONE_PROVIDER */ ); } }; async function getRecaptchaParams(auth) { return (await _performApiRequest( auth, "GET", "/v1/recaptchaParams" /* Endpoint.GET_RECAPTCHA_PARAM */ )).recaptchaSiteKey || ""; } async function getRecaptchaConfig(auth, request) { return _performApiRequest(auth, "GET", "/v2/recaptchaConfig", _addTidIfNecessary(auth, request)); } async function deleteAccount(auth, request) { return _performApiRequest(auth, "POST", "/v1/accounts:delete", request); } async function deleteLinkedAccounts(auth, request) { return _performApiRequest(auth, "POST", "/v1/accounts:update", request); } async function getAccountInfo(auth, request) { return _performApiRequest(auth, "POST", "/v1/accounts:lookup", request); } function utcTimestampToDateString(utcTimestamp) { if (!utcTimestamp) { return void 0; } try { const date = new Date(Number(utcTimestamp)); if (!isNaN(date.getTime())) { return date.toUTCString(); } } catch (e) { } return void 0; } function getIdToken(user, forceRefresh = false) { return getModularInstance(user).getIdToken(forceRefresh); } async function getIdTokenResult(user, forceRefresh = false) { const userInternal = getModularInstance(user); const token = await userInternal.getIdToken(forceRefresh); const claims = _parseToken(token); _assert( claims && claims.exp && claims.auth_time && claims.iat, userInternal.auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */ ); const firebase = typeof claims.firebase === "object" ? claims.firebase : void 0; const signInProvider = firebase?.["sign_in_provider"]; return { claims, token, authTime: utcTimestampToDateString(secondsStringToMilliseconds(claims.auth_time)), issuedAtTime: utcTimestampToDateString(secondsStringToMilliseconds(claims.iat)), expirationTime: utcTimestampToDateString(secondsStringToMilliseconds(claims.exp)), signInProvider: signInProvider || null, signInSecondFactor: firebase?.["sign_in_second_factor"] || null }; } function secondsStringToMilliseconds(seconds) { return Number(seconds) * 1e3; } function _parseToken(token) { const [algorithm, payload, signature] = token.split("."); if (algorithm === void 0 || payload === void 0 || signature === void 0) { _logError("JWT malformed, contained fewer than 3 sections"); return null; } try { const decoded = base64Decode(payload); if (!decoded) { _logError("Failed to decode base64 JWT payload"); return null; } return JSON.parse(decoded); } catch (e) { _logError("Caught error parsing JWT payload as JSON", e?.toString()); return null; } } function _tokenExpiresIn(token) { const parsedToken = _parseToken(token); _assert( parsedToken, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */ ); _assert( typeof parsedToken.exp !== "undefined", "internal-error" /* AuthErrorCode.INTERNAL_ERROR */ ); _assert( typeof parsedToken.iat !== "undefined", "internal-error" /* AuthErrorCode.INTERNAL_ERROR */ ); return Number(parsedToken.exp) - Number(parsedToken.iat); } async function _logoutIfInvalidated(user, promise, bypassAuthState = false) { if (bypassAuthState) { return promise; } try { return await promise; } catch (e) { if (e instanceof FirebaseError && isUserInvalidated(e)) { if (user.auth.currentUser === user) { await user.auth.signOut(); } } throw e; } } function isUserInvalidated({ code }) { return code === `auth/${"user-disabled"}` || code === `auth/${"user-token-expired"}`; } var ProactiveRefresh = class { constructor(user) { this.user = user; this.isRunning = false; this.timerId = null; this.errorBackoff = 3e4; } _start() { if (this.isRunning) { return; } this.isRunning = true; this.schedule(); } _stop() { if (!this.isRunning) { return; } this.isRunning = false; if (this.timerId !== null) { clearTimeout(this.timerId); } } getInterval(wasError) { if (wasError) { const interval = this.errorBackoff; this.errorBackoff = Math.min( this.errorBackoff * 2, 96e4 /* Duration.RETRY_BACKOFF_MAX */ ); return interval; } else { this.errorBackoff = 3e4; const expTime = this.user.stsTokenManager.expirationTime ?? 0; const interval = expTime - Date.now() - 3e5; return Math.max(0, interval); } } schedule(wasError = false) { if (!this.isRunning) { return; } const interval = this.getInterval(wasError); this.timerId = setTimeout(async () => { await this.iteration(); }, interval); } async iteration() { try { await this.user.getIdToken(true); } catch (e) { if (e?.code === `auth/${"network-request-failed"}`) { this.schedule( /* wasError */ true ); } return; } this.schedule(); } }; var UserMetadata = class { constructor(createdAt, lastLoginAt) { this.createdAt = createdAt; this.lastLoginAt = lastLoginAt; this._initializeTime(); } _initializeTime() { this.lastSignInTime = utcTimestampToDateString(this.lastLoginAt); this.creationTime = utcTimestampToDateString(this.createdAt); } _copy(metadata) { this.createdAt = metadata.createdAt; this.lastLoginAt = metadata.lastLoginAt; this._initializeTime(); } toJSON() { return { createdAt: this.createdAt, lastLoginAt: this.lastLoginAt }; } }; async function _reloadWithoutSaving(user) { const auth = user.auth; const idToken = await user.getIdToken(); const response = await _logoutIfInvalidated(user, getAccountInfo(auth, { idToken })); _assert( response?.users.length, auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */ ); const coreAccount = response.users[0]; user._notifyReloadListener(coreAccount); const newProviderData = coreAccount.providerUserInfo?.length ? extractProviderData(coreAccount.providerUserInfo) : []; const providerData = mergeProviderData(user.providerData, newProviderData); const oldIsAnonymous = user.isAnonymous; const newIsAnonymous = !(user.email && coreAccount.passwordHash) && !providerData?.length; const isAnonymous = !oldIsAnonymous ? false : newIsAnonymous; const updates = { uid: coreAccount.localId, displayName: coreAccount.displayName || null, photoURL: coreAccount.photoUrl || null, email: coreAccount.email || null, emailVerified: coreAccount.emailVerified || false, phoneNumber: coreAccount.phoneNumber || null, tenantId: coreAccount.tenantId || null, providerData, metadata: new UserMetadata(coreAccount.createdAt, coreAccount.lastLoginAt), isAnonymous }; Object.assign(user, updates); } async function reload(user) { const userInternal = getModularInstance(user); await _reloadWithoutSaving(userInternal); await userInternal.auth._persistUserIfCurrent(userInternal); userInternal.auth._notifyListenersIfCurrent(userInternal); } function mergeProviderData(original, newData) { const deduped = original.filter((o) => !newData.some((n) => n.providerId === o.providerId)); return [...deduped, ...newData]; } function extractProviderData(providers) { return providers.map(({ providerId, ...provider }) => { return { providerId, uid: provider.rawId || "", displayName: provider.displayName || null, email: provider.email || null, phoneNumber: provider.phoneNumber || null, photoURL: provider.photoUrl || null }; }); } async function requestStsToken(auth, refreshToken) { const response = await _performFetchWithErrorHandling(auth, {}, async () => { const body = querystring({ "grant_type": "refresh_token", "refresh_token": refreshToken }).slice(1); const { tokenApiHost, apiKey } = auth.config; const url = await _getFinalTarget(auth, tokenApiHost, "/v1/token", `key=${apiKey}`); const headers = await auth._getAdditionalHeaders(); headers[ "Content-Type" /* HttpHeader.CONTENT_TYPE */ ] = "application/x-www-form-urlencoded"; const options = { method: "POST", headers, body }; if (auth.emulatorConfig && isCloudWorkstation(auth.emulatorConfig.host)) { options.credentials = "include"; } return FetchProvider.fetch()(url, options); }); return { accessToken: response.access_token, expiresIn: response.expires_in, refreshToken: response.refresh_token }; } async function revokeToken(auth, request) { return _performApiRequest(auth, "POST", "/v2/accounts:revokeToken", _addTidIfNecessary(auth, request)); } var StsTokenManager = class _StsTokenManager { constructor() { this.refreshToken = null; this.accessToken = null; this.expirationTime = null; } get isExpired() { return !this.expirationTime || Date.now() > this.expirationTime - 3e4; } updateFromServerResponse(response) { _assert( response.idToken, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */ ); _assert( typeof response.idToken !== "undefined", "internal-error" /* AuthErrorCode.INTERNAL_ERROR */ ); _assert( typeof response.refreshToken !== "undefined", "internal-error" /* AuthErrorCode.INTERNAL_ERROR */ ); const expiresIn = "expiresIn" in response && typeof response.expiresIn !== "undefined" ? Number(response.expiresIn) : _tokenExpiresIn(response.idToken); this.updateTokensAndExpiration(response.idToken, response.refreshToken, expiresIn); } updateFromIdToken(idToken) { _assert( idToken.length !== 0, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */ ); const expiresIn = _tokenExpiresIn(idToken); this.updateTokensAndExpiration(idToken, null, expiresIn); } async getToken(auth, forceRefresh = false) { if (!forceRefresh && this.accessToken && !this.isExpired) { return this.accessToken; } _assert( this.refreshToken, auth, "user-token-expired" /* AuthErrorCode.TOKEN_EXPIRED */ ); if (this.refreshToken) { await this.refresh(auth, this.refreshToken); return this.accessToken; } return null; } clearRefreshToken() { this.refreshToken = null; } async refresh(auth, oldToken) { const { accessToken, refreshToken, expiresIn } = await requestStsToken(auth, oldToken); this.updateTokensAndExpiration(accessToken, refreshToken, Number(expiresIn)); } updateTokensAndExpiration(accessToken, refreshToken, expiresInSec) { this.refreshToken = refreshToken || null; this.accessToken = accessToken || null; this.expirationTime = Date.now() + expiresInSec * 1e3; } static fromJSON(appName, object) { const { refreshToken, accessToken, expirationTime } = object; const manager = new _StsTokenManager(); if (refreshToken) { _assert(typeof refreshToken === "string", "internal-error", { appName }); manager.refreshToken = refreshToken; } if (accessToken) { _assert(typeof accessToken === "string", "internal-error", { appName }); manager.accessToken = accessToken; } if (expirationTime) { _assert(typeof expirationTime === "number", "internal-error", { appName }); manager.expirationTime = expirationTime; } return manager; } toJSON() { return { refreshToken: this.refreshToken, accessToken: this.accessToken, expirationTime: this.expirationTime }; } _assign(stsTokenManager) { this.accessToken = stsTokenManager.accessToken; this.refreshToken = stsTokenManager.refreshToken; this.expirationTime = stsTokenManager.expirationTime; } _clone() { return Object.assign(new _StsTokenManager(), this.toJSON()); } _performRefresh() { return debugFail("not implemented"); } }; function assertStringOrUndefined(assertion, appName) { _assert(typeof assertion === "string" || typeof assertion === "undefined", "internal-error", { appName }); } var UserImpl = class _UserImpl { constructor({ uid, auth, stsTokenManager, ...opt }) { this.providerId = "firebase"; this.proactiveRefresh = new ProactiveRefresh(this); this.reloadUserInfo = null; this.reloadListener = null; this.uid = uid; this.auth = auth; this.stsTokenManager = stsTokenManager; this.accessToken = stsTokenManager.accessToken; this.displayName = opt.displayName || null; this.email = opt.email || null; this.emailVerified = opt.emailVerified || false; this.phoneNumber = opt.phoneNumber || null; this.photoURL = opt.photoURL || null; this.isAnonymous = opt.isAnonymous || false; this.tenantId = opt.tenantId || null; this.providerData = opt.providerData ? [...opt.providerData] : []; this.metadata = new UserMetadata(opt.createdAt || void 0, opt.lastLoginAt || void 0); } async getIdToken(forceRefresh) { const accessToken = await _logoutIfInvalidated(this, this.stsTokenManager.getToken(this.auth, forceRefresh)); _assert( accessToken, this.auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */ ); if (this.accessToken !== accessToken) { this.accessToken = accessToken; await this.auth._persistUserIfCurrent(this); this.auth._notifyListenersIfCurrent(this); } return accessToken; } getIdTokenResult(forceRefresh) { return getIdTokenResult(this, forceRefresh); } reload() { return reload(this); } _assign(user) { if (this === user) { return; } _assert( this.uid === user.uid, this.auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */ ); this.displayName = user.displayName; this.photoURL = user.photoURL; this.email = user.email; this.emailVerified = user.emailVerified; this.phoneNumber = user.phoneNumber; this.isAnonymous = user.isAnonymous; this.tenantId = user.tenantId; this.providerData = user.providerData.map((userInfo) => ({ ...userInfo })); this.metadata._copy(user.metadata); this.stsTokenManager._assign(user.stsTokenManager); } _clone(auth) { const newUser = new _UserImpl({ ...this, auth, stsTokenManager: this.stsTokenManager._clone() }); newUser.metadata._copy(this.metadata); return newUser; } _onReload(callback) { _assert( !this.reloadListener, this.auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */ ); this.reloadListener = callback; if (this.reloadUserInfo) { this._notifyReloadListener(this.reloadUserInfo); this.reloadUserInfo = null; } } _notifyReloadListener(userInfo) { if (this.reloadListener) { this.reloadListener(userInfo); } else { this.reloadUserInfo = userInfo; } } _startProactiveRefresh() { this.proactiveRefresh._start(); } _stopProactiveRefresh() { this.proactiveRefresh._stop(); } async _updateTokensIfNecessary(response, reload2 = false) { let tokensRefreshed = false; if (response.idToken && response.idToken !== this.stsTokenManager.accessToken) { this.stsTokenManager.updateFromServerResponse(response); tokensRefreshed = true; } if (reload2) { await _reloadWithoutSaving(this); } await this.auth._persistUserIfCurrent(this); if (tokensRefreshed) { this.auth._notifyListenersIfCurrent(this); } } async delete() { if (_isFirebaseServerApp(this.auth.app)) { return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(this.auth)); } const idToken = await this.getIdToken(); await _logoutIfInvalidated(this, deleteAccount(this.auth, { idToken })); this.stsTokenManager.clearRefreshToken(); return this.auth.signOut(); } toJSON() { return { uid: this.uid, email: this.email || void 0, emailVerified: this.emailVerified, displayName: this.displayName || void 0, isAnonymous: this.isAnonymous, photoURL: this.photoURL || void 0, phoneNumber: this.phoneNumber || void 0, tenantId: this.tenantId || void 0, providerData: this.providerData.map((userInfo) => ({ ...userInfo })), stsTokenManager: this.stsTokenManager.toJSON(), // Redirect event ID must be maintained in case there is a pending // redirect event. _redirectEventId: this._redirectEventId, ...this.metadata.toJSON(), // Required for compatibility with the legacy SDK (go/firebase-auth-sdk-persistence-parsing): apiKey: this.auth.config.apiKey, appName: this.auth.name // Missing authDomain will be tolerated by the legacy SDK. // stsTokenManager.apiKey isn't actually required (despite the legacy SDK persisting it). }; } get refreshToken() { return this.stsTokenManager.refreshToken || ""; } static _fromJSON(auth, object) { const displayName = object.displayName ?? void 0; const email = object.email ?? void 0; const phoneNumber = object.phoneNumber ?? void 0; const photoURL = object.photoURL ?? void 0; const tenantId = object.tenantId ?? void 0; const _redirectEventId = object._redirectEventId ?? void 0; const createdAt = object.createdAt ?? void 0; const lastLoginAt = object.lastLoginAt ?? void 0; const { uid, emailVerified, isAnonymous, providerData, stsTokenManager: plainObjectTokenManager } = object; _assert( uid && plainObjectTokenManager, auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */ ); const stsTokenManager = StsTokenManager.fromJSON(this.name, plainObjectTokenManager); _assert( typeof uid === "string", auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */ ); assertStringOrUndefined(displayName, auth.name); assertStringOrUndefined(email, auth.name); _assert( typeof emailVerified === "boolean", auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */ ); _assert( typeof isAnonymous === "boolean", auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */ ); assertStringOrUndefined(phoneNumber, auth.name); assertStringOrUndefined(photoURL, auth.name); assertStringOrUndefined(tenantId, auth.name); assertStringOrUndefined(_redirectEventId, auth.name); assertStringOrUndefined(createdAt, auth.name); assertStringOrUndefined(lastLoginAt, auth.name); const user = new _UserImpl({ uid, auth, email, emailVerified, displayName, isAnonymous, photoURL, phoneNumber, tenantId, stsTokenManager, createdAt, lastLoginAt }); if (providerData && Array.isArray(providerData)) { user.providerData = providerData.map((userInfo) => ({ ...userInfo })); } if (_redirectEventId) { user._redirectEventId = _redirectEventId; } return user; } /** * Initialize a User from an idToken server response * @param auth * @param idTokenResponse */ static async _fromIdTokenResponse(auth, idTokenResponse, isAnonymous = false) { const stsTokenManager = new StsTokenManager(); stsTokenManager.updateFromServerResponse(idTokenResponse); const user = new _UserImpl({ uid: idTokenResponse.localId, auth, stsTokenManager, isAnonymous }); await _reloadWithoutSaving(user); return user; } /** * Initialize a User from an idToken server response * @param auth * @param idTokenResponse */ static async _fromGetAccountInfoResponse(auth, response, idToken) { const coreAccount = response.users[0]; _assert( coreAccount.localId !== void 0, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */ ); const providerData = coreAccount.providerUserInfo !== void 0 ? extractProviderData(coreAccount.providerUserInfo) : []; const isAnonymous = !(coreAccount.email && coreAccount.passwordHash) && !providerData?.length; const stsTokenManager = new StsTokenManager(); stsTokenManager.updateFromIdToken(idToken); const user = new _UserImpl({ uid: coreAccount.localId, auth, stsTokenManager, isAnonymous }); const updates = { uid: coreAccount.localId, displayName: coreAccount.displayName || null, photoURL: coreAccount.photoUrl || null, email: coreAccount.email || null, emailVerified: coreAccount.emailVerified || false, phoneNumber: coreAccount.phoneNumber || null, tenantId: coreAccount.tenantId || null, providerData, metadata: new UserMetadata(coreAccount.createdAt, coreAccount.lastLoginAt), isAnonymous: !(coreAccount.email && coreAccount.passwordHash) && !providerData?.length }; Object.assign(user, updates); return user; } }; var instanceCache = /* @__PURE__ */ new Map(); function _getInstance(cls) { debugAssert(cls instanceof Function, "Expected a class definition"); let instance = instanceCache.get(cls); if (instance) { debugAssert(instance instanceof cls, "Instance stored in cache mismatched with class"); return instance; } instance = new cls(); instanceCache.set(cls, instance); return instance; } var InMemoryPersistence = class { constructor() { this.type = "NONE"; this.storage = {}; } async _isAvailable() { return true; } async _set(key, value) { this.storage[key] = value; } async _get(key) { const value = this.storage[key]; return value === void 0 ? null : value; } async _remove(key) { delete this.storage[key]; } _addListener(_key, _listener) { return; } _removeListener(_key, _listener) { return; } }; InMemoryPersistence.type = "NONE"; var inMemoryPersistence = InMemoryPersistence; function _persistenceKeyName(key, apiKey, appName) { return `${"firebase"}:${key}:${apiKey}:${appName}`; } var PersistenceUserManager = class _PersistenceUserManager { constructor(persistence, auth, userKey) { this.persistence = persistence; this.auth = auth; this.userKey = userKey; const { config, name: name2 } = this.auth; this.fullUserKey = _persistenceKeyName(this.userKey, config.apiKey, name2); this.fullPersistenceKey = _persistenceKeyName("persistence", config.apiKey, name2); this.boundEventHandler = auth._onStorageEvent.bind(auth); this.persistence._addListener(this.fullUserKey, this.boundEventHandler); } setCurrentUser(user) { return this.persistence._set(this.fullUserKey, user.toJSON()); } async getCurrentUser() { const blob = await this.persistence._get(this.fullUserKey); if (!blob) { return null; } if (typeof blob === "string") { const response = await getAccountInfo(this.auth, { idToken: blob }).catch(() => void 0); if (!response) { return null; } return UserImpl._fromGetAccountInfoResponse(this.auth, response, blob); } return UserImpl._fromJSON(this.auth, blob); } removeCurrentUser() { return this.persistence._remove(this.fullUserKey); } savePersistenceForRedirect() { return this.persistence._set(this.fullPersistenceKey, this.persistence.type); } async setPersistence(newPersistence) { if (this.persistence === newPersistence) { return; } const currentUser = await this.getCurrentUser(); await this.removeCurrentUser(); this.persistence = newPersistence; if (currentUser) { return this.setCurrentUser(currentUser); } } delete() { this.persistence._removeListener(this.fullUserKey, this.boundEventHandler); } static async create(auth, persistenceHierarchy, userKey = "authUser") { if (!persistenceHierarchy.length) { return new _PersistenceUserManager(_getInstance(inMemoryPersistence), auth, userKey); } const availablePersistences = (await Promise.all(persistenceHierarchy.map(async (persistence) => { if (await persistence._isAvailable()) { return persistence; } return void 0; }))).filter((persistence) => persistence); let selectedPersistence = availablePersistences[0] || _getInstance(inMemoryPersistence); const key = _persistenceKeyName(userKey, auth.config.apiKey, auth.name); let userToMigrate = null; for (const persistence of persistenceHierarchy) { try { const blob = await persistence._get(key); if (blob) { let user; if (typeof blob === "string") { const response = await getAccountInfo(auth, { idToken: blob }).catch(() => void 0); if (!response) { break; } user = await UserImpl._fromGetAccountInfoResponse(auth, response, blob); } else { user = UserImpl._fromJSON(auth, blob); } if (persistence !== selectedPersistence) { userToMigrate = user; } selectedPersistence = persistence; break; } } catch { } } const migrationHierarchy = availablePersistences.filter((p) => p._shouldAllowMigration); if (!selectedPersistence._shouldAllowMigration || !migrationHierarchy.length) { return new _PersistenceUserManager(selectedPersistence, auth, userKey); } selectedPersistence = migrationHierarchy[0]; if (userToMigrate) { await selectedPersistence._set(key, userToMigrate.toJSON()); } await Promise.all(persistenceHierarchy.map(async (persistence) => { if (persistence !== selectedPersistence) { try { await persistence._remove(key); } catch { } } })); return new _PersistenceUserManager(selectedPersistence, auth, userKey); } }; function _getBrowserName(userAgent) { const ua = userAgent.toLowerCase(); if (ua.includes("opera/") || ua.includes("opr/") || ua.includes("opios/")) { return "Opera"; } else if (_isIEMobile(ua)) { return "IEMobile"; } else if (ua.includes("msie") || ua.includes("trident/")) { return "IE"; } else if (ua.includes("edge/")) { return "Edge"; } else if (_isFirefox(ua)) { return "Firefox"; } else if (ua.includes("silk/")) { return "Silk"; } else if (_isBlackBerry(ua)) { return "Blackberry"; } else if (_isWebOS(ua)) { return "Webos"; } else if (_isSafari(ua)) { return "Safari"; } else if ((ua.includes("chrome/") || _isChromeIOS(ua)) && !ua.includes("edge/")) { return "Chrome"; } else if (_isAndroid(ua)) { return "Android"; } else { const re = /([a-zA-Z\d\.]+)\/[a-zA-Z\d\.]*$/; const matches = userAgent.match(re); if (matches?.length === 2) { return matches[1]; } } return "Other"; } function _isFirefox(ua = getUA()) { return /firefox\//i.test(ua); } function _isSafari(userAgent = getUA()) { const ua = userAgent.toLowerCase(); return ua.includes("safari/") && !ua.includes("chrome/") && !ua.includes("crios/") && !ua.includes("android"); } function _isChromeIOS(ua = getUA()) { return /crios\//i.test(ua); } function _isIEMobile(ua = getUA()) { return /iemobile/i.test(ua); } function _isAndroid(ua = getUA()) { return /android/i.test(ua); } function _isBlackBerry(ua = getUA()) { return /blackberry/i.test(ua); } function _isWebOS(ua = getUA()) { return /webos/i.test(ua); } function _isIOS(ua = getUA()) { return /iphone|ipad|ipod/i.test(ua) || /macintosh/i.test(ua) && /mobile/i.test(ua); } function _isIOSStandalone(ua = getUA()) { return _isIOS(ua) && !!window.navigator?.standalone; } function _isIE10() { return isIE() && document.documentMode === 10; } function _isMobileBrowser(ua = getUA()) { return _isIOS(ua) || _isAndroid(ua) || _isWebOS(ua) || _isBlackBerry(ua) || /windows phone/i.test(ua) || _isIEMobile(ua); } function _getClientVersion(clientPlatform, frameworks = []) { let reportedPlatform; switch (clientPlatform) { case "Browser": reportedPlatform = _getBrowserName(getUA()); break; case "Worker": reportedPlatform = `${_getBrowserName(getUA())}-${clientPlatform}`; break; default: reportedPlatform = clientPlatform; } const reportedFrameworks = frameworks.length ? frameworks.join(",") : "FirebaseCore-web"; return `${reportedPlatform}/${"JsCore"}/${SDK_VERSION}/${reportedFrameworks}`; } var AuthMiddlewareQueue = class { constructor(auth) { this.auth = auth; this.queue = []; } pushCallback(callback, onAbort) { const wrappedCallback = (user) => new Promise((resolve, reject) => { try { const result = callback(user); resolve(result); } catch (e) { reject(e); } }); wrappedCallback.onAbort = onAbort; this.queue.push(wrappedCallback); const index = this.queue.length - 1; return () => { this.queue[index] = () => Promise.resolve(); }; } async runMiddleware(nextUser) { if (this.auth.currentUser === nextUser) { return; } const onAbortStack = []; try { for (const beforeStateCallback of this.queue) { await beforeStateCallback(nextUser); if (beforeStateCallback.onAbort) { onAbortStack.push(beforeStateCallback.onAbort); } } } catch (e) { onAbortStack.reverse(); for (const onAbort of onAbortStack) { try { onAbort(); } catch (_) { } } throw this.auth._errorFactory.create("login-blocked", { originalMessage: e?.message }); } } }; async function _getPasswordPolicy(auth, request = {}) { return _performApiRequest(auth, "GET", "/v2/passwordPolicy", _addTidIfNecessary(auth, request)); } var MINIMUM_MIN_PASSWORD_LENGTH = 6; var PasswordPolicyImpl = class { constructor(response) { const responseOptions = response.customStrengthOptions; this.customStrengthOptions = {}; this.customStrengthOptions.minPasswordLength = responseOptions.minPasswordLength ?? MINIMUM_MIN_PASSWORD_LENGTH; if (responseOptions.maxPasswordLength) { this.customStrengthOptions.maxPasswordLength = responseOptions.maxPasswordLength; } if (responseOptions.containsLowercaseCharacter !== void 0) { this.customStrengthOptions.containsLowercaseLetter = responseOptions.containsLowercaseCharacter; } if (responseOptions.containsUppercaseCharacter !== void 0) { this.customStrengthOptions.containsUppercaseLetter = responseOptions.containsUppercaseCharacter; } if (responseOptions.containsNumericCharacter !== void 0) { this.customStrengthOptions.containsNumericCharacter = responseOptions.containsNumericCharacter; } if (responseOptions.containsNonAlphanumericCharacter !== void 0) { this.customStrengthOptions.containsNonAlphanumericCharacter = responseOptions.containsNonAlphanumericCharacter; } this.enforcementState = response.enforcementState; if (this.enforcementState === "ENFORCEMENT_STATE_UNSPECIFIED") { this.enforcementState = "OFF"; } this.allowedNonAlphanumericCharacters = response.allowedNonAlphanumericCharacters?.join("") ?? ""; this.forceUpgradeOnSignin = response.forceUpgradeOnSignin ?? false; this.schemaVersion = response.schemaVersion; } validatePassword(password) { const status = { isValid: true, passwordPolicy: this }; this.validatePasswordLengthOptions(password, status); this.validatePasswordCharacterOptions(password, status); status.isValid && (status.isValid = status.meetsMinPasswordLength ?? true); status.isValid && (status.isValid = status.meetsMaxPasswordLength ?? true); status.isValid && (status.isValid = status.containsLowercaseLetter ?? true); status.isValid && (status.isValid = status.containsUppercaseLetter ?? true); status.isValid && (status.isValid = status.containsNumericCharacter ?? true); status.isValid && (status.isValid = status.containsNonAlphanumericCharacter ?? true); return status; } /** * Validates that the password meets the length options for the policy. * * @param password Password to validate. * @param status Validation status. */ validatePasswordLengthOptions(password, status) { const minPasswordLength = this.customStrengthOptions.minPasswordLength; const maxPasswordLength = this.customStrengthOptions.maxPasswordLength; if (minPasswordLength) { status.meetsMinPasswordLength = password.length >= minPasswordLength; } if (maxPasswordLength) { status.meetsMaxPasswordLength = password.length <= maxPasswordLength; } } /** * Validates that the password meets the character options for the policy. * * @param password Password to validate. * @param status Validation status. */ validatePasswordCharacterOptions(password, status) { this.updatePasswordCharacterOptionsStatuses( status, /* containsLowercaseCharacter= */ false, /* containsUppercaseCharacter= */ false, /* containsNumericCharacter= */ false, /* containsNonAlphanumericCharacter= */ false ); let passwordChar; for (let i = 0; i < password.length; i++) { passwordChar = password.charAt(i); this.updatePasswordCharacterOptionsStatuses( status, /* containsLowercaseCharacter= */ passwordChar >= "a" && passwordChar <= "z", /* containsUppercaseCharacter= */ passwordChar >= "A" && passwordChar <= "Z", /* containsNumericCharacter= */ passwordChar >= "0" && passwordChar <= "9", /* containsNonAlphanumericCharacter= */ this.allowedNonAlphanumericCharacters.includes(passwordChar) ); } } /** * Updates the running validation status with the statuses for the character options. * Expected to be called each time a character is processed to update each option status * based on the current character. * * @param status Validation status. * @param containsLowercaseCharacter Whether the character is a lowercase letter. * @param containsUppercaseCharacter Whether the character is an uppercase letter. * @param containsNumericCharacter Whether the character is a numeric character. * @param containsNonAlphanumericCharacter Whether the character is a non-alphanumeric character. */ updatePasswordCharacterOptionsStatuses(status, containsLowercaseCharacter, containsUppercaseCharacter, containsNumericCharacter, containsNonAlphanumericCharacter) { if (this.customStrengthOptions.containsLowercaseLetter) { status.containsLowercaseLetter || (status.containsLowercaseLetter = containsLowercaseCharacter); } if (this.customStrengthOptions.containsUppercaseLetter) { status.containsUppercaseLetter || (status.containsUppercaseLetter = containsUppercaseCharacter); } if (this.customStrengthOptions.containsNumericCharacter) { status.containsNumericCharacter || (status.containsNumericCharacter = containsNumericCharacter); } if (this.customStrengthOptions.containsNonAlphanumericCharacter) { status.containsNonAlphanumericCharacter || (status.containsNonAlphanumericCharacter = containsNonAlphanumericCharacter); } } }; var AuthImpl = class { constructor(app, heartbeatServiceProvider, appCheckServiceProvider, config) { this.app = app; this.heartbeatServiceProvider = heartbeatServiceProvider; this.appCheckServiceProvider = appCheckServiceProvider; this.config = config; this.currentUser = null; this.emulatorConfig = null; this.operations = Promise.resolve(); this.authStateSubscription = new Subscription(this); this.idTokenSubscription = new Subscription(this); this.beforeStateQueue = new AuthMiddlewareQueue(this); this.redirectUser = null; this.isProactiveRefreshEnabled = false; this.EXPECTED_PASSWORD_POLICY_SCHEMA_VERSION = 1; this._canInitEmulator = true; this._isInitialized = false; this._deleted = false; this._initializationPromise = null; this._popupRedirectResolver = null; this._errorFactory = _DEFAULT_AUTH_ERROR_FACTORY; this._agentRecaptchaConfig = null; this._tenantRecaptchaConfigs = {}; this._projectPasswordPolicy = null; this._tenantPasswordPolicies = {}; this._resolvePersistenceManagerAvailable = void 0; this.lastNotifiedUid = void 0; this.languageCode = null; this.tenantId = null; this.settings = { appVerificationDisabledForTesting: false }; this.frameworks = []; this.name = app.name; this.clientVersion = config.sdkClientVersion; this._persistenceManagerAvailable = new Promise((resolve) => this._resolvePersistenceManagerAvailable = resolve); } _initializeWithPersistence(persistenceHierarchy, popupRedirectResolver) { if (popupRedirectResolver) { this._popupRedirectResolver = _getInstance(popupRedirectResolver); } this._initializationPromise = this.queue(async () => { if (this._deleted) { return; } this.persistenceManager = await PersistenceUserManager.create(this, persistenceHierarchy); this._resolvePersistenceManagerAvailable?.(); if (this._deleted) { return; } if (this._popupRedirectResolver?._shouldInitProactively) { try { await this._popupRedirectResolver._initialize(this); } catch (e) { } } await this.initializeCurrentUser(popupRedirectResolver); this.lastNotifiedUid = this.currentUser?.uid || null; if (this._deleted) { return; } this._isInitialized = true; }); return this._initializationPromise; } /** * If the persistence is changed in another window, the user manager will let us know */ async _onStorageEvent() { if (this._deleted) { return; } const user = await this.assertedPersistence.getCurrentUser(); if (!this.currentUser && !user) { return; } if (this.currentUser && user && this.currentUser.uid === user.uid) { this._currentUser._assign(user); await this.currentUser.getIdToken(); return; } await this._updateCurrentUser( user, /* skipBeforeStateCallbacks */ true ); } async initializeCurrentUserFromIdToken(idToken) { try { const response = await getAccountInfo(this, { idToken }); const user = await UserImpl._fromGetAccountInfoResponse(this, response, idToken); await this.directlySetCurrentUser(user); } catch (err) { console.warn("FirebaseServerApp could not login user with provided authIdToken: ", err); await this.directlySetCurrentUser(null); } } async initializeCurrentUser(popupRedirectResolver) { if (_isFirebaseServerApp(this.app)) { const idToken = this.app.settings.authIdToken; if (idToken) { return new Promise((resolve) => { setTimeout(() => this.initializeCurrentUserFromIdToken(idToken).then(resolve, resolve)); }); } else { return this.directlySetCurrentUser(null); } } const previouslyStoredUser = await this.assertedPersistence.getCurrentUser(); let futureCurrentUser = previouslyStoredUser; let needsTocheckMiddleware = false; if (popupRedirectResolver && this.config.authDomain) { await this.getOrInitRedirectPersistenceManager(); const redirectUserEventId = this.redirectUser?._redirectEventId; const storedUserEventId = futureCurrentUser?._redirectEventId; const result = await this.tryRedirectSignIn(popupRedirectResolver); if ((!redirectUserEventId || redirectUserEventId === storedUserEventId) && result?.user) { futureCurrentUser = result.user; needsTocheckMiddleware = true; } } if (!futureCurrentUser) { return this.directlySetCurrentUser(null); } if (!futureCurrentUser._redirectEventId) { if (needsTocheckMiddleware) { try { await this.beforeStateQueue.runMiddleware(futureCurrentUser); } catch (e) { futureCurrentUser = previouslyStoredUser; this._popupRedirectResolver._overrideRedirectResult(this, () => Promise.reject(e)); } } if (futureCurrentUser) { return this.reloadAndSetCurrentUserOrClear(futureCurrentUser); } else { return this.directlySetCurrentUser(null); } } _assert( this._popupRedirectResolver, this, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */ ); await this.getOrInitRedirectPersistenceManager(); if (this.redirectUser && this.redirectUser._redirectEventId === futureCurrentUser._redirectEventId) { return this.directlySetCurrentUser(futureCurrentUser); } return this.reloadAndSetCurrentUserOrClear(futureCurrentUser); } async tryRedirectSignIn(redirectResolver) { let result = null; try { result = await this._popupRedirectResolver._completeRedirectFn(this, redirectResolver, true); } catch (e) { await this._setRedirectUser(null); } return result; } async reloadAndSetCurrentUserOrClear(user) { try { await _reloadWithoutSaving(user); } catch (e) { if (e?.code !== `auth/${"network-request-failed"}`) { return this.directlySetCurrentUser(null); } } return this.directlySetCurrentUser(user); } useDeviceLanguage() { this.languageCode = _getUserLanguage(); } async _delete() { this._deleted = true; } async updateCurrentUser(userExtern) { if (_isFirebaseServerApp(this.app)) { return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(this)); } const user = userExtern ? getModularInstance(userExtern) : null; if (user) { _assert( user.auth.config.apiKey === this.config.apiKey, this, "invalid-user-token" /* AuthErrorCode.INVALID_AUTH */ ); } return this._updateCurrentUser(user && user._clone(this)); } async _updateCurrentUser(user, skipBeforeStateCallbacks = false) { if (this._deleted) { return; } if (user) { _assert( this.tenantId === user.tenantId, this, "tenant-id-mismatch" /* AuthErrorCode.TENANT_ID_MISMATCH */ ); } if (!skipBeforeStateCallbacks) { await this.beforeStateQueue.runMiddleware(user); } return this.queue(async () => { await this.directlySetCurrentUser(user); this.notifyAuthListeners(); }); } async signOut() { if (_isFirebaseServerApp(this.app)) { return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(this)); } await this.beforeStateQueue.runMiddleware(null); if (this.redirectPersistenceManager || this._popupRedirectResolver) { await this._setRedirectUser(null); } return this._updateCurrentUser( null, /* skipBeforeStateCallbacks */ true ); } setPersistence(persistence) { if (_isFirebaseServerApp(this.app)) { return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(this)); } return this.queue(async () => { await this.assertedPersistence.setPersistence(_getInstance(persistence)); }); } _getRecaptchaConfig() { if (this.tenantId == null) { return this._agentRecaptchaConfig; } else { return this._tenantRecaptchaConfigs[this.tenantId]; } } async validatePassword(password) { if (!this._getPasswordPolicyInternal()) { await this._updatePasswordPolicy(); } const passwordPolicy = this._getPasswordPolicyInternal(); if (passwordPolicy.schemaVersion !== this.EXPECTED_PASSWORD_POLICY_SCHEMA_VERSION) { return Promise.reject(this._errorFactory.create("unsupported-password-policy-schema-version", {})); } return passwordPolicy.validatePassword(password); } _getPasswordPolicyInternal() { if (this.tenantId === null) { return this._projectPasswordPolicy; } else { return this._tenantPasswordPolicies[this.tenantId]; } } async _updatePasswordPolicy() { const response = await _getPasswordPolicy(this); const passwordPolicy = new PasswordPolicyImpl(response); if (this.tenantId === null) { this._projectPasswordPolicy = passwordPolicy; } else { this._tenantPasswordPolicies[this.tenantId] = passwordPolicy; } } _getPersistenceType() { return this.assertedPersistence.persistence.type; } _getPersistence() { return this.assertedPersistence.persistence; } _updateErrorMap(errorMap) { this._errorFactory = new ErrorFactory("auth", "Firebase", errorMap()); } onAuthStateChanged(nextOrObserver, error, completed) { return this.registerStateListener(this.authStateSubscription, nextOrObserver, error, completed); } beforeAuthStateChanged(callback, onAbort) { return this.beforeStateQueue.pushCallback(callback, onAbort); } onIdTokenChanged(nextOrObserver, error, completed) { return this.registerStateListener(this.idTokenSubscription, nextOrObserver, error, completed); } authStateReady() { return new Promise((resolve, reject) => { if (this.currentUser) { resolve(); } else { const unsubscribe = this.onAuthStateChanged(() => { unsubscribe(); resolve(); }, reject); } }); } /** * Revokes the given access token. Currently only supports Apple OAuth access tokens. */ async revokeAccessToken(token) { if (this.currentUser) { const idToken = await this.currentUser.getIdToken(); const request = { providerId: "apple.com", tokenType: "ACCESS_TOKEN", token, idToken }; if (this.tenantId != null) { request.tenantId = this.tenantId; } await revokeToken(this, request); } } toJSON() { return { apiKey: this.config.apiKey, authDomain: this.config.authDomain, appName: this.name, currentUser: this._currentUser?.toJSON() }; } async _setRedirectUser(user, popupRedirectResolver) { const redirectManager = await this.getOrInitRedirectPersistenceManager(popupRedirectResolver); return user === null ? redirectManager.removeCurrentUser() : redirectManager.setCurrentUser(user); } async getOrInitRedirectPersistenceManager(popupRedirectResolver) { if (!this.redirectPersistenceManager) { const resolver = popupRedirectResolver && _getInstance(popupRedirectResolver) || this._popupRedirectResolver; _assert( resolver, this, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */ ); this.redirectPersistenceManager = await PersistenceUserManager.create( this, [_getInstance(resolver._redirectPersistence)], "redirectUser" /* KeyName.REDIRECT_USER */ ); this.redirectUser = await this.redirectPersistenceManager.getCurrentUser(); } return this.redirectPersistenceManager; } async _redirectUserForId(id) { if (this._isInitialized) { await this.queue(async () => { }); } if (this._currentUser?._redirectEventId === id) { return this._currentUser; } if (this.redirectUser?._redirectEventId === id) { return this.redirectUser; } return null; } async _persistUserIfCurrent(user) { if (user === this.currentUser) { return this.queue(async () => this.directlySetCurrentUser(user)); } } /** Notifies listeners only if the user is current */ _notifyListenersIfCurrent(user) { if (user === this.currentUser) { this.notifyAuthListeners(); } } _key() { return `${this.config.authDomain}:${this.config.apiKey}:${this.name}`; } _startProactiveRefresh() { this.isProactiveRefreshEnabled = true; if (this.currentUser) { this._currentUser._startProactiveRefresh(); } } _stopProactiveRefresh() { this.isProactiveRefreshEnabled = false; if (this.currentUser) { this._currentUser._stopProactiveRefresh(); } } /** Returns the current user cast as the internal type */ get _currentUser() { return this.currentUser; } notifyAuthListeners() { if (!this._isInitialized) { return; } this.idTokenSubscription.next(this.currentUser); const currentUid = this.currentUser?.uid ?? null; if (this.lastNotifiedUid !== currentUid) { this.lastNotifiedUid = currentUid; this.authStateSubscription.next(this.currentUser); } } registerStateListener(subscription, nextOrObserver, error, completed) { if (this._deleted) { return () => { }; } const cb = typeof nextOrObserver === "function" ? nextOrObserver : nextOrObserver.next.bind(nextOrObserver); let isUnsubscribed = false; const promise = this._isInitialized ? Promise.resolve() : this._initializationPromise; _assert( promise, this, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */ ); promise.then(() => { if (isUnsubscribed) { return; } cb(this.currentUser); }); if (typeof nextOrObserver === "function") { const unsubscribe = subscription.addObserver(nextOrObserver, error, completed); return () => { isUnsubscribed = true; unsubscribe(); }; } else { const unsubscribe = subscription.addObserver(nextOrObserver); return () => { isUnsubscribed = true; unsubscribe(); }; } } /** * Unprotected (from race conditions) method to set the current user. This * should only be called from within a queued callback. This is necessary * because the queue shouldn't rely on another queued callback. */ async directlySetCurrentUser(user) { if (this.currentUser && this.currentUser !== user) { this._currentUser._stopProactiveRefresh(); } if (user && this.isProactiveRefreshEnabled) { user._startProactiveRefresh(); } this.currentUser = user; if (user) { await this.assertedPersistence.setCurrentUser(user); } else { await this.assertedPersistence.removeCurrentUser(); } } queue(action) { this.operations = this.operations.then(action, action); return this.operations; } get assertedPersistence() { _assert( this.persistenceManager, this, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */ ); return this.persistenceManager; } _logFramework(framework) { if (!framework || this.frameworks.includes(framework)) { return; } this.frameworks.push(framework); this.frameworks.sort(); this.clientVersion = _getClientVersion(this.config.clientPlatform, this._getFrameworks()); } _getFrameworks() { return this.frameworks; } async _getAdditionalHeaders() { const headers = { [ "X-Client-Version" /* HttpHeader.X_CLIENT_VERSION */ ]: this.clientVersion }; if (this.app.options.appId) { headers[ "X-Firebase-gmpid" /* HttpHeader.X_FIREBASE_GMPID */ ] = this.app.options.appId; } const heartbeatsHeader = await this.heartbeatServiceProvider.getImmediate({ optional: true })?.getHeartbeatsHeader(); if (heartbeatsHeader) { headers[ "X-Firebase-Client" /* HttpHeader.X_FIREBASE_CLIENT */ ] = heartbeatsHeader; } const appCheckToken = await this._getAppCheckToken(); if (appCheckToken) { headers[ "X-Firebase-AppCheck" /* HttpHeader.X_FIREBASE_APP_CHECK */ ] = appCheckToken; } return headers; } async _getAppCheckToken() { if (_isFirebaseServerApp(this.app) && this.app.settings.appCheckToken) { return this.app.settings.appCheckToken; } const appCheckTokenResult = await this.appCheckServiceProvider.getImmediate({ optional: true })?.getToken(); if (appCheckTokenResult?.error) { _logWarn(`Error while retrieving App Check token: ${appCheckTokenResult.error}`); } return appCheckTokenResult?.token; } }; function _castAuth(auth) { return getModularInstance(auth); } var Subscription = class { constructor(auth) { this.auth = auth; this.observer = null; this.addObserver = createSubscribe((observer) => this.observer = observer); } get next() { _assert( this.observer, this.auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */ ); return this.observer.next.bind(this.observer); } }; var externalJSProvider = { async loadJS() { throw new Error("Unable to load external scripts"); }, recaptchaV2Script: "", recaptchaEnterpriseScript: "", gapiScript: "" }; function _setExternalJSProvider(p) { externalJSProvider = p; } function _loadJS(url) { return externalJSProvider.loadJS(url); } function _recaptchaV2ScriptUrl() { return externalJSProvider.recaptchaV2Script; } function _recaptchaEnterpriseScriptUrl() { return externalJSProvider.recaptchaEnterpriseScript; } function _gapiScriptUrl() { return externalJSProvider.gapiScript; } function _generateCallbackName(prefix) { return `__${prefix}${Math.floor(Math.random() * 1e6)}`; } var _SOLVE_TIME_MS = 500; var _EXPIRATION_TIME_MS = 6e4; var _WIDGET_ID_START = 1e12; var MockReCaptcha = class { constructor(auth) { this.auth = auth; this.counter = _WIDGET_ID_START; this._widgets = /* @__PURE__ */ new Map(); } render(container, parameters) { const id = this.counter; this._widgets.set(id, new MockWidget(container, this.auth.name, parameters || {})); this.counter++; return id; } reset(optWidgetId) { const id = optWidgetId || _WIDGET_ID_START; void this._widgets.get(id)?.delete(); this._widgets.delete(id); } getResponse(optWidgetId) { const id = optWidgetId || _WIDGET_ID_START; return this._widgets.get(id)?.getResponse() || ""; } async execute(optWidgetId) { const id = optWidgetId || _WIDGET_ID_START; void this._widgets.get(id)?.execute(); return ""; } }; var MockGreCAPTCHATopLevel = class { constructor() { this.enterprise = new MockGreCAPTCHA(); } ready(callback) { callback(); } execute(_siteKey, _options) { return Promise.resolve("token"); } render(_container, _parameters) { return ""; } }; var MockGreCAPTCHA = class { ready(callback) { callback(); } execute(_siteKey, _options) { return Promise.resolve("token"); } render(_container, _parameters) { return ""; } }; var MockWidget = class { constructor(containerOrId, appName, params) { this.params = params; this.timerId = null; this.deleted = false; this.responseToken = null; this.clickHandler = () => { this.execute(); }; const container = typeof containerOrId === "string" ? document.getElementById(containerOrId) : containerOrId; _assert(container, "argument-error", { appName }); this.container = container; this.isVisible = this.params.size !== "invisible"; if (this.isVisible) { this.execute(); } else { this.container.addEventListener("click", this.clickHandler); } } getResponse() { this.checkIfDeleted(); return this.responseToken; } delete() { this.checkIfDeleted(); this.deleted = true; if (this.timerId) { clearTimeout(this.timerId); this.timerId = null; } this.container.removeEventListener("click", this.clickHandler); } execute() { this.checkIfDeleted(); if (this.timerId) { return; } this.timerId = window.setTimeout(() => { this.responseToken = generateRandomAlphaNumericString(50); const { callback, "expired-callback": expiredCallback } = this.params; if (callback) { try { callback(this.responseToken); } catch (e) { } } this.timerId = window.setTimeout(() => { this.timerId = null; this.responseToken = null; if (expiredCallback) { try { expiredCallback(); } catch (e) { } } if (this.isVisible) { this.execute(); } }, _EXPIRATION_TIME_MS); }, _SOLVE_TIME_MS); } checkIfDeleted() { if (this.deleted) { throw new Error("reCAPTCHA mock was already deleted!"); } } }; function generateRandomAlphaNumericString(len) { const chars = []; const allowedChars = "1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; for (let i = 0; i < len; i++) { chars.push(allowedChars.charAt(Math.floor(Math.random() * allowedChars.length))); } return chars.join(""); } var RECAPTCHA_ENTERPRISE_VERIFIER_TYPE = "recaptcha-enterprise"; var FAKE_TOKEN = "NO_RECAPTCHA"; var RecaptchaEnterpriseVerifier = class { /** * * @param authExtern - The corresponding Firebase {@link Auth} instance. * */ constructor(authExtern) { this.type = RECAPTCHA_ENTERPRISE_VERIFIER_TYPE; this.auth = _castAuth(authExtern); } /** * Executes the verification process. * * @returns A Promise for a token that can be used to assert the validity of a request. */ async verify(action = "verify", forceRefresh = false) { async function retrieveSiteKey(auth) { if (!forceRefresh) { if (auth.tenantId == null && auth._agentRecaptchaConfig != null) { return auth._agentRecaptchaConfig.siteKey; } if (auth.tenantId != null && auth._tenantRecaptchaConfigs[auth.tenantId] !== void 0) { return auth._tenantRecaptchaConfigs[auth.tenantId].siteKey; } } return new Promise(async (resolve, reject) => { getRecaptchaConfig(auth, { clientType: "CLIENT_TYPE_WEB", version: "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */ }).then((response) => { if (response.recaptchaKey === void 0) { reject(new Error("recaptcha Enterprise site key undefined")); } else { const config = new RecaptchaConfig(response); if (auth.tenantId == null) { auth._agentRecaptchaConfig = config; } else { auth._tenantRecaptchaConfigs[auth.tenantId] = config; } return resolve(config.siteKey); } }).catch((error) => { reject(error); }); }); } function retrieveRecaptchaToken(siteKey, resolve, reject) { const grecaptcha = window.grecaptcha; if (isEnterprise(grecaptcha)) { grecaptcha.enterprise.ready(() => { grecaptcha.enterprise.execute(siteKey, { action }).then((token) => { resolve(token); }).catch(() => { resolve(FAKE_TOKEN); }); }); } else { reject(Error("No reCAPTCHA enterprise script loaded.")); } } if (this.auth.settings.appVerificationDisabledForTesting) { const mockRecaptcha = new MockGreCAPTCHATopLevel(); return mockRecaptcha.execute("siteKey", { action: "verify" }); } return new Promise((resolve, reject) => { retrieveSiteKey(this.auth).then((siteKey) => { if (!forceRefresh && isEnterprise(window.grecaptcha)) { retrieveRecaptchaToken(siteKey, resolve, reject); } else { if (typeof window === "undefined") { reject(new Error("RecaptchaVerifier is only supported in browser")); return; } let url = _recaptchaEnterpriseScriptUrl(); if (url.length !== 0) { url += siteKey; } _loadJS(url).then(() => { retrieveRecaptchaToken(siteKey, resolve, reject); }).catch((error) => { reject(error); }); } }).catch((error) => { reject(error); }); }); } }; async function injectRecaptchaFields(auth, request, action, isCaptchaResp = false, isFakeToken = false) { const verifier = new RecaptchaEnterpriseVerifier(auth); let captchaResponse; if (isFakeToken) { captchaResponse = FAKE_TOKEN; } else { try { captchaResponse = await verifier.verify(action); } catch (error) { captchaResponse = await verifier.verify(action, true); } } const newRequest = { ...request }; if (action === "mfaSmsEnrollment" || action === "mfaSmsSignIn") { if ("phoneEnrollmentInfo" in newRequest) { const phoneNumber = newRequest.phoneEnrollmentInfo.phoneNumber; const recaptchaToken = newRequest.phoneEnrollmentInfo.recaptchaToken; Object.assign(newRequest, { "phoneEnrollmentInfo": { phoneNumber, recaptchaToken, captchaResponse, "clientType": "CLIENT_TYPE_WEB", "recaptchaVersion": "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */ } }); } else if ("phoneSignInInfo" in newRequest) { const recaptchaToken = newRequest.phoneSignInInfo.recaptchaToken; Object.assign(newRequest, { "phoneSignInInfo": { recaptchaToken, captchaResponse, "clientType": "CLIENT_TYPE_WEB", "recaptchaVersion": "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */ } }); } return newRequest; } if (!isCaptchaResp) { Object.assign(newRequest, { captchaResponse }); } else { Object.assign(newRequest, { "captchaResp": captchaResponse }); } Object.assign(newRequest, { "clientType": "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */ }); Object.assign(newRequest, { "recaptchaVersion": "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */ }); return newRequest; } async function handleRecaptchaFlow(authInstance, request, actionName, actionMethod, recaptchaAuthProvider) { if (recaptchaAuthProvider === "EMAIL_PASSWORD_PROVIDER") { if (authInstance._getRecaptchaConfig()?.isProviderEnabled( "EMAIL_PASSWORD_PROVIDER" /* RecaptchaAuthProvider.EMAIL_PASSWORD_PROVIDER */ )) { const requestWithRecaptcha = await injectRecaptchaFields( authInstance, request, actionName, actionName === "getOobCode" /* RecaptchaActionName.GET_OOB_CODE */ ); return actionMethod(authInstance, requestWithRecaptcha); } else { return actionMethod(authInstance, request).catch(async (error) => { if (error.code === `auth/${"missing-recaptcha-token"}`) { console.log(`${actionName} is protected by reCAPTCHA Enterprise for this project. Automatically triggering the reCAPTCHA flow and restarting the flow.`); const requestWithRecaptcha = await injectRecaptchaFields( authInstance, request, actionName, actionName === "getOobCode" /* RecaptchaActionName.GET_OOB_CODE */ ); return actionMethod(authInstance, requestWithRecaptcha); } else { return Promise.reject(error); } }); } } else if (recaptchaAuthProvider === "PHONE_PROVIDER") { if (authInstance._getRecaptchaConfig()?.isProviderEnabled( "PHONE_PROVIDER" /* RecaptchaAuthProvider.PHONE_PROVIDER */ )) { const requestWithRecaptcha = await injectRecaptchaFields(authInstance, request, actionName); return actionMethod(authInstance, requestWithRecaptcha).catch(async (error) => { if (authInstance._getRecaptchaConfig()?.getProviderEnforcementState( "PHONE_PROVIDER" /* RecaptchaAuthProvider.PHONE_PROVIDER */ ) === "AUDIT") { if (error.code === `auth/${"missing-recaptcha-token"}` || error.code === `auth/${"invalid-app-credential"}`) { console.log(`Failed to verify with reCAPTCHA Enterprise. Automatically triggering the reCAPTCHA v2 flow to complete the ${actionName} flow.`); const requestWithRecaptchaFields = await injectRecaptchaFields( authInstance, request, actionName, false, // isCaptchaResp true // isFakeToken ); return actionMethod(authInstance, requestWithRecaptchaFields); } } return Promise.reject(error); }); } else { const requestWithRecaptchaFields = await injectRecaptchaFields( authInstance, request, actionName, false, // isCaptchaResp true // isFakeToken ); return actionMethod(authInstance, requestWithRecaptchaFields); } } else { return Promise.reject(recaptchaAuthProvider + " provider is not supported."); } } async function _initializeRecaptchaConfig(auth) { const authInternal = _castAuth(auth); const response = await getRecaptchaConfig(authInternal, { clientType: "CLIENT_TYPE_WEB", version: "RECAPTCHA_ENTERPRISE" /* RecaptchaVersion.ENTERPRISE */ }); const config = new RecaptchaConfig(response); if (authInternal.tenantId == null) { authInternal._agentRecaptchaConfig = config; } else { authInternal._tenantRecaptchaConfigs[authInternal.tenantId] = config; } if (config.isAnyProviderEnabled()) { const verifier = new RecaptchaEnterpriseVerifier(authInternal); void verifier.verify(); } } function initializeAuth(app, deps) { const provider = _getProvider(app, "auth"); if (provider.isInitialized()) { const auth2 = provider.getImmediate(); const initialOptions = provider.getOptions(); if (deepEqual(initialOptions, deps ?? {})) { return auth2; } else { _fail( auth2, "already-initialized" /* AuthErrorCode.ALREADY_INITIALIZED */ ); } } const auth = provider.initialize({ options: deps }); return auth; } function _initializeAuthInstance(auth, deps) { const persistence = deps?.persistence || []; const hierarchy = (Array.isArray(persistence) ? persistence : [persistence]).map(_getInstance); if (deps?.errorMap) { auth._updateErrorMap(deps.errorMap); } auth._initializeWithPersistence(hierarchy, deps?.popupRedirectResolver); } function connectAuthEmulator(auth, url, options) { const authInternal = _castAuth(auth); _assert( /^https?:\/\//.test(url), authInternal, "invalid-emulator-scheme" /* AuthErrorCode.INVALID_EMULATOR_SCHEME */ ); const disableWarnings = !!options?.disableWarnings; const protocol = extractProtocol(url); const { host, port } = extractHostAndPort(url); const portStr = port === null ? "" : `:${port}`; const emulator = { url: `${protocol}//${host}${portStr}/` }; const emulatorConfig = Object.freeze({ host, port, protocol: protocol.replace(":", ""), options: Object.freeze({ disableWarnings }) }); if (!authInternal._canInitEmulator) { _assert( authInternal.config.emulator && authInternal.emulatorConfig, authInternal, "emulator-config-failed" /* AuthErrorCode.EMULATOR_CONFIG_FAILED */ ); _assert( deepEqual(emulator, authInternal.config.emulator) && deepEqual(emulatorConfig, authInternal.emulatorConfig), authInternal, "emulator-config-failed" /* AuthErrorCode.EMULATOR_CONFIG_FAILED */ ); return; } authInternal.config.emulator = emulator; authInternal.emulatorConfig = emulatorConfig; authInternal.settings.appVerificationDisabledForTesting = true; if (isCloudWorkstation(host)) { void pingServer(`${protocol}//${host}${portStr}`); updateEmulatorBanner("Auth", true); } else if (!disableWarnings) { emitEmulatorWarning(); } } function extractProtocol(url) { const protocolEnd = url.indexOf(":"); return protocolEnd < 0 ? "" : url.substr(0, protocolEnd + 1); } function extractHostAndPort(url) { const protocol = extractProtocol(url); const authority = /(\/\/)?([^?#/]+)/.exec(url.substr(protocol.length)); if (!authority) { return { host: "", port: null }; } const hostAndPort = authority[2].split("@").pop() || ""; const bracketedIPv6 = /^(\[[^\]]+\])(:|$)/.exec(hostAndPort); if (bracketedIPv6) { const host = bracketedIPv6[1]; return { host, port: parsePort(hostAndPort.substr(host.length + 1)) }; } else { const [host, port] = hostAndPort.split(":"); return { host, port: parsePort(port) }; } } function parsePort(portStr) { if (!portStr) { return null; } const port = Number(portStr); if (isNaN(port)) { return null; } return port; } function emitEmulatorWarning() { function attachBanner() { const el = document.createElement("p"); const sty = el.style; el.innerText = "Running in emulator mode. Do not use with production credentials."; sty.position = "fixed"; sty.width = "100%"; sty.backgroundColor = "#ffffff"; sty.border = ".1em solid #000000"; sty.color = "#b50000"; sty.bottom = "0px"; sty.left = "0px"; sty.margin = "0px"; sty.zIndex = "10000"; sty.textAlign = "center"; el.classList.add("firebase-emulator-warning"); document.body.appendChild(el); } if (typeof console !== "undefined" && typeof console.info === "function") { console.info("WARNING: You are using the Auth Emulator, which is intended for local testing only. Do not use with production credentials."); } if (typeof window !== "undefined" && typeof document !== "undefined") { if (document.readyState === "loading") { window.addEventListener("DOMContentLoaded", attachBanner); } else { attachBanner(); } } } var AuthCredential = class { /** @internal */ constructor(providerId, signInMethod) { this.providerId = providerId; this.signInMethod = signInMethod; } /** * Returns a JSON-serializable representation of this object. * * @returns a JSON-serializable representation of this object. */ toJSON() { return debugFail("not implemented"); } /** @internal */ _getIdTokenResponse(_auth) { return debugFail("not implemented"); } /** @internal */ _linkToIdToken(_auth, _idToken) { return debugFail("not implemented"); } /** @internal */ _getReauthenticationResolver(_auth) { return debugFail("not implemented"); } }; async function resetPassword(auth, request) { return _performApiRequest(auth, "POST", "/v1/accounts:resetPassword", _addTidIfNecessary(auth, request)); } async function updateEmailPassword(auth, request) { return _performApiRequest(auth, "POST", "/v1/accounts:update", request); } async function linkEmailPassword(auth, request) { return _performApiRequest(auth, "POST", "/v1/accounts:signUp", request); } async function applyActionCode$1(auth, request) { return _performApiRequest(auth, "POST", "/v1/accounts:update", _addTidIfNecessary(auth, request)); } async function signInWithPassword(auth, request) { return _performSignInRequest(auth, "POST", "/v1/accounts:signInWithPassword", _addTidIfNecessary(auth, request)); } async function sendOobCode(auth, request) { return _performApiRequest(auth, "POST", "/v1/accounts:sendOobCode", _addTidIfNecessary(auth, request)); } async function sendEmailVerification$1(auth, request) { return sendOobCode(auth, request); } async function sendPasswordResetEmail$1(auth, request) { return sendOobCode(auth, request); } async function sendSignInLinkToEmail$1(auth, request) { return sendOobCode(auth, request); } async function verifyAndChangeEmail(auth, request) { return sendOobCode(auth, request); } async function signInWithEmailLink$1(auth, request) { return _performSignInRequest(auth, "POST", "/v1/accounts:signInWithEmailLink", _addTidIfNecessary(auth, request)); } async function signInWithEmailLinkForLinking(auth, request) { return _performSignInRequest(auth, "POST", "/v1/accounts:signInWithEmailLink", _addTidIfNecessary(auth, request)); } var EmailAuthCredential = class _EmailAuthCredential extends AuthCredential { /** @internal */ constructor(_email, _password, signInMethod, _tenantId = null) { super("password", signInMethod); this._email = _email; this._password = _password; this._tenantId = _tenantId; } /** @internal */ static _fromEmailAndPassword(email, password) { return new _EmailAuthCredential( email, password, "password" /* SignInMethod.EMAIL_PASSWORD */ ); } /** @internal */ static _fromEmailAndCode(email, oobCode, tenantId = null) { return new _EmailAuthCredential(email, oobCode, "emailLink", tenantId); } /** {@inheritdoc AuthCredential.toJSON} */ toJSON() { return { email: this._email, password: this._password, signInMethod: this.signInMethod, tenantId: this._tenantId }; } /** * Static method to deserialize a JSON representation of an object into an {@link AuthCredential}. * * @param json - Either `object` or the stringified representation of the object. When string is * provided, `JSON.parse` would be called first. * * @returns If the JSON input does not represent an {@link AuthCredential}, null is returned. */ static fromJSON(json) { const obj = typeof json === "string" ? JSON.parse(json) : json; if (obj?.email && obj?.password) { if (obj.signInMethod === "password") { return this._fromEmailAndPassword(obj.email, obj.password); } else if (obj.signInMethod === "emailLink") { return this._fromEmailAndCode(obj.email, obj.password, obj.tenantId); } } return null; } /** @internal */ async _getIdTokenResponse(auth) { switch (this.signInMethod) { case "password": const request = { returnSecureToken: true, email: this._email, password: this._password, clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */ }; return handleRecaptchaFlow( auth, request, "signInWithPassword", signInWithPassword, "EMAIL_PASSWORD_PROVIDER" /* RecaptchaAuthProvider.EMAIL_PASSWORD_PROVIDER */ ); case "emailLink": return signInWithEmailLink$1(auth, { email: this._email, oobCode: this._password }); default: _fail( auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */ ); } } /** @internal */ async _linkToIdToken(auth, idToken) { switch (this.signInMethod) { case "password": const request = { idToken, returnSecureToken: true, email: this._email, password: this._password, clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */ }; return handleRecaptchaFlow( auth, request, "signUpPassword", linkEmailPassword, "EMAIL_PASSWORD_PROVIDER" /* RecaptchaAuthProvider.EMAIL_PASSWORD_PROVIDER */ ); case "emailLink": return signInWithEmailLinkForLinking(auth, { idToken, email: this._email, oobCode: this._password }); default: _fail( auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */ ); } } /** @internal */ _getReauthenticationResolver(auth) { return this._getIdTokenResponse(auth); } }; async function signInWithIdp(auth, request) { return _performSignInRequest(auth, "POST", "/v1/accounts:signInWithIdp", _addTidIfNecessary(auth, request)); } var IDP_REQUEST_URI$1 = "http://localhost"; var OAuthCredential = class _OAuthCredential extends AuthCredential { constructor() { super(...arguments); this.pendingToken = null; } /** @internal */ static _fromParams(params) { const cred = new _OAuthCredential(params.providerId, params.signInMethod); if (params.idToken || params.accessToken) { if (params.idToken) { cred.idToken = params.idToken; } if (params.accessToken) { cred.accessToken = params.accessToken; } if (params.nonce && !params.pendingToken) { cred.nonce = params.nonce; } if (params.pendingToken) { cred.pendingToken = params.pendingToken; } } else if (params.oauthToken && params.oauthTokenSecret) { cred.accessToken = params.oauthToken; cred.secret = params.oauthTokenSecret; } else { _fail( "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */ ); } return cred; } /** {@inheritdoc AuthCredential.toJSON} */ toJSON() { return { idToken: this.idToken, accessToken: this.accessToken, secret: this.secret, nonce: this.nonce, pendingToken: this.pendingToken, providerId: this.providerId, signInMethod: this.signInMethod }; } /** * Static method to deserialize a JSON representation of an object into an * {@link AuthCredential}. * * @param json - Input can be either Object or the stringified representation of the object. * When string is provided, JSON.parse would be called first. * * @returns If the JSON input does not represent an {@link AuthCredential}, null is returned. */ static fromJSON(json) { const obj = typeof json === "string" ? JSON.parse(json) : json; const { providerId, signInMethod, ...rest } = obj; if (!providerId || !signInMethod) { return null; } const cred = new _OAuthCredential(providerId, signInMethod); cred.idToken = rest.idToken || void 0; cred.accessToken = rest.accessToken || void 0; cred.secret = rest.secret; cred.nonce = rest.nonce; cred.pendingToken = rest.pendingToken || null; return cred; } /** @internal */ _getIdTokenResponse(auth) { const request = this.buildRequest(); return signInWithIdp(auth, request); } /** @internal */ _linkToIdToken(auth, idToken) { const request = this.buildRequest(); request.idToken = idToken; return signInWithIdp(auth, request); } /** @internal */ _getReauthenticationResolver(auth) { const request = this.buildRequest(); request.autoCreate = false; return signInWithIdp(auth, request); } buildRequest() { const request = { requestUri: IDP_REQUEST_URI$1, returnSecureToken: true }; if (this.pendingToken) { request.pendingToken = this.pendingToken; } else { const postBody = {}; if (this.idToken) { postBody["id_token"] = this.idToken; } if (this.accessToken) { postBody["access_token"] = this.accessToken; } if (this.secret) { postBody["oauth_token_secret"] = this.secret; } postBody["providerId"] = this.providerId; if (this.nonce && !this.pendingToken) { postBody["nonce"] = this.nonce; } request.postBody = querystring(postBody); } return request; } }; async function sendPhoneVerificationCode(auth, request) { return _performApiRequest(auth, "POST", "/v1/accounts:sendVerificationCode", _addTidIfNecessary(auth, request)); } async function signInWithPhoneNumber$1(auth, request) { return _performSignInRequest(auth, "POST", "/v1/accounts:signInWithPhoneNumber", _addTidIfNecessary(auth, request)); } async function linkWithPhoneNumber$1(auth, request) { const response = await _performSignInRequest(auth, "POST", "/v1/accounts:signInWithPhoneNumber", _addTidIfNecessary(auth, request)); if (response.temporaryProof) { throw _makeTaggedError(auth, "account-exists-with-different-credential", response); } return response; } var VERIFY_PHONE_NUMBER_FOR_EXISTING_ERROR_MAP_ = { [ "USER_NOT_FOUND" /* ServerError.USER_NOT_FOUND */ ]: "user-not-found" /* AuthErrorCode.USER_DELETED */ }; async function verifyPhoneNumberForExisting(auth, request) { const apiRequest = { ...request, operation: "REAUTH" }; return _performSignInRequest(auth, "POST", "/v1/accounts:signInWithPhoneNumber", _addTidIfNecessary(auth, apiRequest), VERIFY_PHONE_NUMBER_FOR_EXISTING_ERROR_MAP_); } var PhoneAuthCredential = class _PhoneAuthCredential extends AuthCredential { constructor(params) { super( "phone", "phone" /* SignInMethod.PHONE */ ); this.params = params; } /** @internal */ static _fromVerification(verificationId, verificationCode) { return new _PhoneAuthCredential({ verificationId, verificationCode }); } /** @internal */ static _fromTokenResponse(phoneNumber, temporaryProof) { return new _PhoneAuthCredential({ phoneNumber, temporaryProof }); } /** @internal */ _getIdTokenResponse(auth) { return signInWithPhoneNumber$1(auth, this._makeVerificationRequest()); } /** @internal */ _linkToIdToken(auth, idToken) { return linkWithPhoneNumber$1(auth, { idToken, ...this._makeVerificationRequest() }); } /** @internal */ _getReauthenticationResolver(auth) { return verifyPhoneNumberForExisting(auth, this._makeVerificationRequest()); } /** @internal */ _makeVerificationRequest() { const { temporaryProof, phoneNumber, verificationId, verificationCode } = this.params; if (temporaryProof && phoneNumber) { return { temporaryProof, phoneNumber }; } return { sessionInfo: verificationId, code: verificationCode }; } /** {@inheritdoc AuthCredential.toJSON} */ toJSON() { const obj = { providerId: this.providerId }; if (this.params.phoneNumber) { obj.phoneNumber = this.params.phoneNumber; } if (this.params.temporaryProof) { obj.temporaryProof = this.params.temporaryProof; } if (this.params.verificationCode) { obj.verificationCode = this.params.verificationCode; } if (this.params.verificationId) { obj.verificationId = this.params.verificationId; } return obj; } /** Generates a phone credential based on a plain object or a JSON string. */ static fromJSON(json) { if (typeof json === "string") { json = JSON.parse(json); } const { verificationId, verificationCode, phoneNumber, temporaryProof } = json; if (!verificationCode && !verificationId && !phoneNumber && !temporaryProof) { return null; } return new _PhoneAuthCredential({ verificationId, verificationCode, phoneNumber, temporaryProof }); } }; function parseMode(mode) { switch (mode) { case "recoverEmail": return "RECOVER_EMAIL"; case "resetPassword": return "PASSWORD_RESET"; case "signIn": return "EMAIL_SIGNIN"; case "verifyEmail": return "VERIFY_EMAIL"; case "verifyAndChangeEmail": return "VERIFY_AND_CHANGE_EMAIL"; case "revertSecondFactorAddition": return "REVERT_SECOND_FACTOR_ADDITION"; default: return null; } } function parseDeepLink(url) { const link = querystringDecode(extractQuerystring(url))["link"]; const doubleDeepLink = link ? querystringDecode(extractQuerystring(link))["deep_link_id"] : null; const iOSDeepLink = querystringDecode(extractQuerystring(url))["deep_link_id"]; const iOSDoubleDeepLink = iOSDeepLink ? querystringDecode(extractQuerystring(iOSDeepLink))["link"] : null; return iOSDoubleDeepLink || iOSDeepLink || doubleDeepLink || link || url; } var ActionCodeURL = class _ActionCodeURL { /** * @param actionLink - The link from which to extract the URL. * @returns The {@link ActionCodeURL} object, or null if the link is invalid. * * @internal */ constructor(actionLink) { const searchParams = querystringDecode(extractQuerystring(actionLink)); const apiKey = searchParams[ "apiKey" /* QueryField.API_KEY */ ] ?? null; const code = searchParams[ "oobCode" /* QueryField.CODE */ ] ?? null; const operation = parseMode(searchParams[ "mode" /* QueryField.MODE */ ] ?? null); _assert( apiKey && code && operation, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */ ); this.apiKey = apiKey; this.operation = operation; this.code = code; this.continueUrl = searchParams[ "continueUrl" /* QueryField.CONTINUE_URL */ ] ?? null; this.languageCode = searchParams[ "lang" /* QueryField.LANGUAGE_CODE */ ] ?? null; this.tenantId = searchParams[ "tenantId" /* QueryField.TENANT_ID */ ] ?? null; } /** * Parses the email action link string and returns an {@link ActionCodeURL} if the link is valid, * otherwise returns null. * * @param link - The email action link string. * @returns The {@link ActionCodeURL} object, or null if the link is invalid. * * @public */ static parseLink(link) { const actionLink = parseDeepLink(link); try { return new _ActionCodeURL(actionLink); } catch { return null; } } }; function parseActionCodeURL(link) { return ActionCodeURL.parseLink(link); } var EmailAuthProvider = class _EmailAuthProvider { constructor() { this.providerId = _EmailAuthProvider.PROVIDER_ID; } /** * Initialize an {@link AuthCredential} using an email and password. * * @example * ```javascript * const authCredential = EmailAuthProvider.credential(email, password); * const userCredential = await signInWithCredential(auth, authCredential); * ``` * * @example * ```javascript * const userCredential = await signInWithEmailAndPassword(auth, email, password); * ``` * * @param email - Email address. * @param password - User account password. * @returns The auth provider credential. */ static credential(email, password) { return EmailAuthCredential._fromEmailAndPassword(email, password); } /** * Initialize an {@link AuthCredential} using an email and an email link after a sign in with * email link operation. * * @example * ```javascript * const authCredential = EmailAuthProvider.credentialWithLink(auth, email, emailLink); * const userCredential = await signInWithCredential(auth, authCredential); * ``` * * @example * ```javascript * await sendSignInLinkToEmail(auth, email); * // Obtain emailLink from user. * const userCredential = await signInWithEmailLink(auth, email, emailLink); * ``` * * @param auth - The {@link Auth} instance used to verify the link. * @param email - Email address. * @param emailLink - Sign-in email link. * @returns - The auth provider credential. */ static credentialWithLink(email, emailLink) { const actionCodeUrl = ActionCodeURL.parseLink(emailLink); _assert( actionCodeUrl, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */ ); return EmailAuthCredential._fromEmailAndCode(email, actionCodeUrl.code, actionCodeUrl.tenantId); } }; EmailAuthProvider.PROVIDER_ID = "password"; EmailAuthProvider.EMAIL_PASSWORD_SIGN_IN_METHOD = "password"; EmailAuthProvider.EMAIL_LINK_SIGN_IN_METHOD = "emailLink"; var FederatedAuthProvider = class { /** * Constructor for generic OAuth providers. * * @param providerId - Provider for which credentials should be generated. */ constructor(providerId) { this.providerId = providerId; this.defaultLanguageCode = null; this.customParameters = {}; } /** * Set the language gode. * * @param languageCode - language code */ setDefaultLanguage(languageCode) { this.defaultLanguageCode = languageCode; } /** * Sets the OAuth custom parameters to pass in an OAuth request for popup and redirect sign-in * operations. * * @remarks * For a detailed list, check the reserved required OAuth 2.0 parameters such as `client_id`, * `redirect_uri`, `scope`, `response_type`, and `state` are not allowed and will be ignored. * * @param customOAuthParameters - The custom OAuth parameters to pass in the OAuth request. */ setCustomParameters(customOAuthParameters) { this.customParameters = customOAuthParameters; return this; } /** * Retrieve the current list of {@link CustomParameters}. */ getCustomParameters() { return this.customParameters; } }; var BaseOAuthProvider = class extends FederatedAuthProvider { constructor() { super(...arguments); this.scopes = []; } /** * Add an OAuth scope to the credential. * * @param scope - Provider OAuth scope to add. */ addScope(scope) { if (!this.scopes.includes(scope)) { this.scopes.push(scope); } return this; } /** * Retrieve the current list of OAuth scopes. */ getScopes() { return [...this.scopes]; } }; var OAuthProvider = class _OAuthProvider extends BaseOAuthProvider { /** * Creates an {@link OAuthCredential} from a JSON string or a plain object. * @param json - A plain object or a JSON string */ static credentialFromJSON(json) { const obj = typeof json === "string" ? JSON.parse(json) : json; _assert( "providerId" in obj && "signInMethod" in obj, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */ ); return OAuthCredential._fromParams(obj); } /** * Creates a {@link OAuthCredential} from a generic OAuth provider's access token or ID token. * * @remarks * The raw nonce is required when an ID token with a nonce field is provided. The SHA-256 hash of * the raw nonce must match the nonce field in the ID token. * * @example * ```javascript * // `googleUser` from the onsuccess Google Sign In callback. * // Initialize a generate OAuth provider with a `google.com` providerId. * const provider = new OAuthProvider('google.com'); * const credential = provider.credential({ * idToken: googleUser.getAuthResponse().id_token, * }); * const result = await signInWithCredential(credential); * ``` * * @param params - Either the options object containing the ID token, access token and raw nonce * or the ID token string. */ credential(params) { return this._credential({ ...params, nonce: params.rawNonce }); } /** An internal credential method that accepts more permissive options */ _credential(params) { _assert( params.idToken || params.accessToken, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */ ); return OAuthCredential._fromParams({ ...params, providerId: this.providerId, signInMethod: this.providerId }); } /** * Used to extract the underlying {@link OAuthCredential} from a {@link UserCredential}. * * @param userCredential - The user credential. */ static credentialFromResult(userCredential) { return _OAuthProvider.oauthCredentialFromTaggedObject(userCredential); } /** * Used to extract the underlying {@link OAuthCredential} from a {@link AuthError} which was * thrown during a sign-in, link, or reauthenticate operation. * * @param userCredential - The user credential. */ static credentialFromError(error) { return _OAuthProvider.oauthCredentialFromTaggedObject(error.customData || {}); } static oauthCredentialFromTaggedObject({ _tokenResponse: tokenResponse }) { if (!tokenResponse) { return null; } const { oauthIdToken, oauthAccessToken, oauthTokenSecret, pendingToken, nonce, providerId } = tokenResponse; if (!oauthAccessToken && !oauthTokenSecret && !oauthIdToken && !pendingToken) { return null; } if (!providerId) { return null; } try { return new _OAuthProvider(providerId)._credential({ idToken: oauthIdToken, accessToken: oauthAccessToken, nonce, pendingToken }); } catch (e) { return null; } } }; var FacebookAuthProvider = class _FacebookAuthProvider extends BaseOAuthProvider { constructor() { super( "facebook.com" /* ProviderId.FACEBOOK */ ); } /** * Creates a credential for Facebook. * * @example * ```javascript * // `event` from the Facebook auth.authResponseChange callback. * const credential = FacebookAuthProvider.credential(event.authResponse.accessToken); * const result = await signInWithCredential(credential); * ``` * * @param accessToken - Facebook access token. */ static credential(accessToken) { return OAuthCredential._fromParams({ providerId: _FacebookAuthProvider.PROVIDER_ID, signInMethod: _FacebookAuthProvider.FACEBOOK_SIGN_IN_METHOD, accessToken }); } /** * Used to extract the underlying {@link OAuthCredential} from a {@link UserCredential}. * * @param userCredential - The user credential. */ static credentialFromResult(userCredential) { return _FacebookAuthProvider.credentialFromTaggedObject(userCredential); } /** * Used to extract the underlying {@link OAuthCredential} from a {@link AuthError} which was * thrown during a sign-in, link, or reauthenticate operation. * * @param userCredential - The user credential. */ static credentialFromError(error) { return _FacebookAuthProvider.credentialFromTaggedObject(error.customData || {}); } static credentialFromTaggedObject({ _tokenResponse: tokenResponse }) { if (!tokenResponse || !("oauthAccessToken" in tokenResponse)) { return null; } if (!tokenResponse.oauthAccessToken) { return null; } try { return _FacebookAuthProvider.credential(tokenResponse.oauthAccessToken); } catch { return null; } } }; FacebookAuthProvider.FACEBOOK_SIGN_IN_METHOD = "facebook.com"; FacebookAuthProvider.PROVIDER_ID = "facebook.com"; var GoogleAuthProvider = class _GoogleAuthProvider extends BaseOAuthProvider { constructor() { super( "google.com" /* ProviderId.GOOGLE */ ); this.addScope("profile"); } /** * Creates a credential for Google. At least one of ID token and access token is required. * * @example * ```javascript * // \`googleUser\` from the onsuccess Google Sign In callback. * const credential = GoogleAuthProvider.credential(googleUser.getAuthResponse().id_token); * const result = await signInWithCredential(credential); * ``` * * @param idToken - Google ID token. * @param accessToken - Google access token. */ static credential(idToken, accessToken) { return OAuthCredential._fromParams({ providerId: _GoogleAuthProvider.PROVIDER_ID, signInMethod: _GoogleAuthProvider.GOOGLE_SIGN_IN_METHOD, idToken, accessToken }); } /** * Used to extract the underlying {@link OAuthCredential} from a {@link UserCredential}. * * @param userCredential - The user credential. */ static credentialFromResult(userCredential) { return _GoogleAuthProvider.credentialFromTaggedObject(userCredential); } /** * Used to extract the underlying {@link OAuthCredential} from a {@link AuthError} which was * thrown during a sign-in, link, or reauthenticate operation. * * @param userCredential - The user credential. */ static credentialFromError(error) { return _GoogleAuthProvider.credentialFromTaggedObject(error.customData || {}); } static credentialFromTaggedObject({ _tokenResponse: tokenResponse }) { if (!tokenResponse) { return null; } const { oauthIdToken, oauthAccessToken } = tokenResponse; if (!oauthIdToken && !oauthAccessToken) { return null; } try { return _GoogleAuthProvider.credential(oauthIdToken, oauthAccessToken); } catch { return null; } } }; GoogleAuthProvider.GOOGLE_SIGN_IN_METHOD = "google.com"; GoogleAuthProvider.PROVIDER_ID = "google.com"; var GithubAuthProvider = class _GithubAuthProvider extends BaseOAuthProvider { constructor() { super( "github.com" /* ProviderId.GITHUB */ ); } /** * Creates a credential for GitHub. * * @param accessToken - GitHub access token. */ static credential(accessToken) { return OAuthCredential._fromParams({ providerId: _GithubAuthProvider.PROVIDER_ID, signInMethod: _GithubAuthProvider.GITHUB_SIGN_IN_METHOD, accessToken }); } /** * Used to extract the underlying {@link OAuthCredential} from a {@link UserCredential}. * * @param userCredential - The user credential. */ static credentialFromResult(userCredential) { return _GithubAuthProvider.credentialFromTaggedObject(userCredential); } /** * Used to extract the underlying {@link OAuthCredential} from a {@link AuthError} which was * thrown during a sign-in, link, or reauthenticate operation. * * @param userCredential - The user credential. */ static credentialFromError(error) { return _GithubAuthProvider.credentialFromTaggedObject(error.customData || {}); } static credentialFromTaggedObject({ _tokenResponse: tokenResponse }) { if (!tokenResponse || !("oauthAccessToken" in tokenResponse)) { return null; } if (!tokenResponse.oauthAccessToken) { return null; } try { return _GithubAuthProvider.credential(tokenResponse.oauthAccessToken); } catch { return null; } } }; GithubAuthProvider.GITHUB_SIGN_IN_METHOD = "github.com"; GithubAuthProvider.PROVIDER_ID = "github.com"; var IDP_REQUEST_URI = "http://localhost"; var SAMLAuthCredential = class _SAMLAuthCredential extends AuthCredential { /** @internal */ constructor(providerId, pendingToken) { super(providerId, providerId); this.pendingToken = pendingToken; } /** @internal */ _getIdTokenResponse(auth) { const request = this.buildRequest(); return signInWithIdp(auth, request); } /** @internal */ _linkToIdToken(auth, idToken) { const request = this.buildRequest(); request.idToken = idToken; return signInWithIdp(auth, request); } /** @internal */ _getReauthenticationResolver(auth) { const request = this.buildRequest(); request.autoCreate = false; return signInWithIdp(auth, request); } /** {@inheritdoc AuthCredential.toJSON} */ toJSON() { return { signInMethod: this.signInMethod, providerId: this.providerId, pendingToken: this.pendingToken }; } /** * Static method to deserialize a JSON representation of an object into an * {@link AuthCredential}. * * @param json - Input can be either Object or the stringified representation of the object. * When string is provided, JSON.parse would be called first. * * @returns If the JSON input does not represent an {@link AuthCredential}, null is returned. */ static fromJSON(json) { const obj = typeof json === "string" ? JSON.parse(json) : json; const { providerId, signInMethod, pendingToken } = obj; if (!providerId || !signInMethod || !pendingToken || providerId !== signInMethod) { return null; } return new _SAMLAuthCredential(providerId, pendingToken); } /** * Helper static method to avoid exposing the constructor to end users. * * @internal */ static _create(providerId, pendingToken) { return new _SAMLAuthCredential(providerId, pendingToken); } buildRequest() { return { requestUri: IDP_REQUEST_URI, returnSecureToken: true, pendingToken: this.pendingToken }; } }; var SAML_PROVIDER_PREFIX = "saml."; var SAMLAuthProvider = class _SAMLAuthProvider extends FederatedAuthProvider { /** * Constructor. The providerId must start with "saml." * @param providerId - SAML provider ID. */ constructor(providerId) { _assert( providerId.startsWith(SAML_PROVIDER_PREFIX), "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */ ); super(providerId); } /** * Generates an {@link AuthCredential} from a {@link UserCredential} after a * successful SAML flow completes. * * @remarks * * For example, to get an {@link AuthCredential}, you could write the * following code: * * ```js * const userCredential = await signInWithPopup(auth, samlProvider); * const credential = SAMLAuthProvider.credentialFromResult(userCredential); * ``` * * @param userCredential - The user credential. */ static credentialFromResult(userCredential) { return _SAMLAuthProvider.samlCredentialFromTaggedObject(userCredential); } /** * Used to extract the underlying {@link OAuthCredential} from a {@link AuthError} which was * thrown during a sign-in, link, or reauthenticate operation. * * @param userCredential - The user credential. */ static credentialFromError(error) { return _SAMLAuthProvider.samlCredentialFromTaggedObject(error.customData || {}); } /** * Creates an {@link AuthCredential} from a JSON string or a plain object. * @param json - A plain object or a JSON string */ static credentialFromJSON(json) { const credential = SAMLAuthCredential.fromJSON(json); _assert( credential, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */ ); return credential; } static samlCredentialFromTaggedObject({ _tokenResponse: tokenResponse }) { if (!tokenResponse) { return null; } const { pendingToken, providerId } = tokenResponse; if (!pendingToken || !providerId) { return null; } try { return SAMLAuthCredential._create(providerId, pendingToken); } catch (e) { return null; } } }; var TwitterAuthProvider = class _TwitterAuthProvider extends BaseOAuthProvider { constructor() { super( "twitter.com" /* ProviderId.TWITTER */ ); } /** * Creates a credential for Twitter. * * @param token - Twitter access token. * @param secret - Twitter secret. */ static credential(token, secret) { return OAuthCredential._fromParams({ providerId: _TwitterAuthProvider.PROVIDER_ID, signInMethod: _TwitterAuthProvider.TWITTER_SIGN_IN_METHOD, oauthToken: token, oauthTokenSecret: secret }); } /** * Used to extract the underlying {@link OAuthCredential} from a {@link UserCredential}. * * @param userCredential - The user credential. */ static credentialFromResult(userCredential) { return _TwitterAuthProvider.credentialFromTaggedObject(userCredential); } /** * Used to extract the underlying {@link OAuthCredential} from a {@link AuthError} which was * thrown during a sign-in, link, or reauthenticate operation. * * @param userCredential - The user credential. */ static credentialFromError(error) { return _TwitterAuthProvider.credentialFromTaggedObject(error.customData || {}); } static credentialFromTaggedObject({ _tokenResponse: tokenResponse }) { if (!tokenResponse) { return null; } const { oauthAccessToken, oauthTokenSecret } = tokenResponse; if (!oauthAccessToken || !oauthTokenSecret) { return null; } try { return _TwitterAuthProvider.credential(oauthAccessToken, oauthTokenSecret); } catch { return null; } } }; TwitterAuthProvider.TWITTER_SIGN_IN_METHOD = "twitter.com"; TwitterAuthProvider.PROVIDER_ID = "twitter.com"; async function signUp(auth, request) { return _performSignInRequest(auth, "POST", "/v1/accounts:signUp", _addTidIfNecessary(auth, request)); } var UserCredentialImpl = class _UserCredentialImpl { constructor(params) { this.user = params.user; this.providerId = params.providerId; this._tokenResponse = params._tokenResponse; this.operationType = params.operationType; } static async _fromIdTokenResponse(auth, operationType, idTokenResponse, isAnonymous = false) { const user = await UserImpl._fromIdTokenResponse(auth, idTokenResponse, isAnonymous); const providerId = providerIdForResponse(idTokenResponse); const userCred = new _UserCredentialImpl({ user, providerId, _tokenResponse: idTokenResponse, operationType }); return userCred; } static async _forOperation(user, operationType, response) { await user._updateTokensIfNecessary( response, /* reload */ true ); const providerId = providerIdForResponse(response); return new _UserCredentialImpl({ user, providerId, _tokenResponse: response, operationType }); } }; function providerIdForResponse(response) { if (response.providerId) { return response.providerId; } if ("phoneNumber" in response) { return "phone"; } return null; } async function signInAnonymously(auth) { if (_isFirebaseServerApp(auth.app)) { return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(auth)); } const authInternal = _castAuth(auth); await authInternal._initializationPromise; if (authInternal.currentUser?.isAnonymous) { return new UserCredentialImpl({ user: authInternal.currentUser, providerId: null, operationType: "signIn" /* OperationType.SIGN_IN */ }); } const response = await signUp(authInternal, { returnSecureToken: true }); const userCredential = await UserCredentialImpl._fromIdTokenResponse(authInternal, "signIn", response, true); await authInternal._updateCurrentUser(userCredential.user); return userCredential; } var MultiFactorError = class _MultiFactorError extends FirebaseError { constructor(auth, error, operationType, user) { super(error.code, error.message); this.operationType = operationType; this.user = user; Object.setPrototypeOf(this, _MultiFactorError.prototype); this.customData = { appName: auth.name, tenantId: auth.tenantId ?? void 0, _serverResponse: error.customData._serverResponse, operationType }; } static _fromErrorAndOperation(auth, error, operationType, user) { return new _MultiFactorError(auth, error, operationType, user); } }; function _processCredentialSavingMfaContextIfNecessary(auth, operationType, credential, user) { const idTokenProvider = operationType === "reauthenticate" ? credential._getReauthenticationResolver(auth) : credential._getIdTokenResponse(auth); return idTokenProvider.catch((error) => { if (error.code === `auth/${"multi-factor-auth-required"}`) { throw MultiFactorError._fromErrorAndOperation(auth, error, operationType, user); } throw error; }); } function providerDataAsNames(providerData) { return new Set(providerData.map(({ providerId }) => providerId).filter((pid) => !!pid)); } async function unlink(user, providerId) { const userInternal = getModularInstance(user); await _assertLinkedStatus(true, userInternal, providerId); const { providerUserInfo } = await deleteLinkedAccounts(userInternal.auth, { idToken: await userInternal.getIdToken(), deleteProvider: [providerId] }); const providersLeft = providerDataAsNames(providerUserInfo || []); userInternal.providerData = userInternal.providerData.filter((pd) => providersLeft.has(pd.providerId)); if (!providersLeft.has( "phone" /* ProviderId.PHONE */ )) { userInternal.phoneNumber = null; } await userInternal.auth._persistUserIfCurrent(userInternal); return userInternal; } async function _link$1(user, credential, bypassAuthState = false) { const response = await _logoutIfInvalidated(user, credential._linkToIdToken(user.auth, await user.getIdToken()), bypassAuthState); return UserCredentialImpl._forOperation(user, "link", response); } async function _assertLinkedStatus(expected, user, provider) { await _reloadWithoutSaving(user); const providerIds = providerDataAsNames(user.providerData); const code = expected === false ? "provider-already-linked" : "no-such-provider"; _assert(providerIds.has(provider) === expected, user.auth, code); } async function _reauthenticate(user, credential, bypassAuthState = false) { const { auth } = user; if (_isFirebaseServerApp(auth.app)) { return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(auth)); } const operationType = "reauthenticate"; try { const response = await _logoutIfInvalidated(user, _processCredentialSavingMfaContextIfNecessary(auth, operationType, credential, user), bypassAuthState); _assert( response.idToken, auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */ ); const parsed = _parseToken(response.idToken); _assert( parsed, auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */ ); const { sub: localId } = parsed; _assert( user.uid === localId, auth, "user-mismatch" /* AuthErrorCode.USER_MISMATCH */ ); return UserCredentialImpl._forOperation(user, operationType, response); } catch (e) { if (e?.code === `auth/${"user-not-found"}`) { _fail( auth, "user-mismatch" /* AuthErrorCode.USER_MISMATCH */ ); } throw e; } } async function _signInWithCredential(auth, credential, bypassAuthState = false) { if (_isFirebaseServerApp(auth.app)) { return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(auth)); } const operationType = "signIn"; const response = await _processCredentialSavingMfaContextIfNecessary(auth, operationType, credential); const userCredential = await UserCredentialImpl._fromIdTokenResponse(auth, operationType, response); if (!bypassAuthState) { await auth._updateCurrentUser(userCredential.user); } return userCredential; } async function signInWithCredential(auth, credential) { return _signInWithCredential(_castAuth(auth), credential); } async function linkWithCredential(user, credential) { const userInternal = getModularInstance(user); await _assertLinkedStatus(false, userInternal, credential.providerId); return _link$1(userInternal, credential); } async function reauthenticateWithCredential(user, credential) { return _reauthenticate(getModularInstance(user), credential); } async function signInWithCustomToken$1(auth, request) { return _performSignInRequest(auth, "POST", "/v1/accounts:signInWithCustomToken", _addTidIfNecessary(auth, request)); } async function signInWithCustomToken(auth, customToken) { if (_isFirebaseServerApp(auth.app)) { return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(auth)); } const authInternal = _castAuth(auth); const response = await signInWithCustomToken$1(authInternal, { token: customToken, returnSecureToken: true }); const cred = await UserCredentialImpl._fromIdTokenResponse(authInternal, "signIn", response); await authInternal._updateCurrentUser(cred.user); return cred; } var MultiFactorInfoImpl = class { constructor(factorId, response) { this.factorId = factorId; this.uid = response.mfaEnrollmentId; this.enrollmentTime = new Date(response.enrolledAt).toUTCString(); this.displayName = response.displayName; } static _fromServerResponse(auth, enrollment) { if ("phoneInfo" in enrollment) { return PhoneMultiFactorInfoImpl._fromServerResponse(auth, enrollment); } else if ("totpInfo" in enrollment) { return TotpMultiFactorInfoImpl._fromServerResponse(auth, enrollment); } return _fail( auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */ ); } }; var PhoneMultiFactorInfoImpl = class _PhoneMultiFactorInfoImpl extends MultiFactorInfoImpl { constructor(response) { super("phone", response); this.phoneNumber = response.phoneInfo; } static _fromServerResponse(_auth, enrollment) { return new _PhoneMultiFactorInfoImpl(enrollment); } }; var TotpMultiFactorInfoImpl = class _TotpMultiFactorInfoImpl extends MultiFactorInfoImpl { constructor(response) { super("totp", response); } static _fromServerResponse(_auth, enrollment) { return new _TotpMultiFactorInfoImpl(enrollment); } }; function _setActionCodeSettingsOnRequest(auth, request, actionCodeSettings) { _assert( actionCodeSettings.url?.length > 0, auth, "invalid-continue-uri" /* AuthErrorCode.INVALID_CONTINUE_URI */ ); _assert( typeof actionCodeSettings.dynamicLinkDomain === "undefined" || actionCodeSettings.dynamicLinkDomain.length > 0, auth, "invalid-dynamic-link-domain" /* AuthErrorCode.INVALID_DYNAMIC_LINK_DOMAIN */ ); _assert( typeof actionCodeSettings.linkDomain === "undefined" || actionCodeSettings.linkDomain.length > 0, auth, "invalid-hosting-link-domain" /* AuthErrorCode.INVALID_HOSTING_LINK_DOMAIN */ ); request.continueUrl = actionCodeSettings.url; request.dynamicLinkDomain = actionCodeSettings.dynamicLinkDomain; request.linkDomain = actionCodeSettings.linkDomain; request.canHandleCodeInApp = actionCodeSettings.handleCodeInApp; if (actionCodeSettings.iOS) { _assert( actionCodeSettings.iOS.bundleId.length > 0, auth, "missing-ios-bundle-id" /* AuthErrorCode.MISSING_IOS_BUNDLE_ID */ ); request.iOSBundleId = actionCodeSettings.iOS.bundleId; } if (actionCodeSettings.android) { _assert( actionCodeSettings.android.packageName.length > 0, auth, "missing-android-pkg-name" /* AuthErrorCode.MISSING_ANDROID_PACKAGE_NAME */ ); request.androidInstallApp = actionCodeSettings.android.installApp; request.androidMinimumVersionCode = actionCodeSettings.android.minimumVersion; request.androidPackageName = actionCodeSettings.android.packageName; } } async function recachePasswordPolicy(auth) { const authInternal = _castAuth(auth); if (authInternal._getPasswordPolicyInternal()) { await authInternal._updatePasswordPolicy(); } } async function sendPasswordResetEmail(auth, email, actionCodeSettings) { const authInternal = _castAuth(auth); const request = { requestType: "PASSWORD_RESET", email, clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */ }; if (actionCodeSettings) { _setActionCodeSettingsOnRequest(authInternal, request, actionCodeSettings); } await handleRecaptchaFlow( authInternal, request, "getOobCode", sendPasswordResetEmail$1, "EMAIL_PASSWORD_PROVIDER" /* RecaptchaAuthProvider.EMAIL_PASSWORD_PROVIDER */ ); } async function confirmPasswordReset(auth, oobCode, newPassword) { await resetPassword(getModularInstance(auth), { oobCode, newPassword }).catch(async (error) => { if (error.code === `auth/${"password-does-not-meet-requirements"}`) { void recachePasswordPolicy(auth); } throw error; }); } async function applyActionCode(auth, oobCode) { await applyActionCode$1(getModularInstance(auth), { oobCode }); } async function checkActionCode(auth, oobCode) { const authModular = getModularInstance(auth); const response = await resetPassword(authModular, { oobCode }); const operation = response.requestType; _assert( operation, authModular, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */ ); switch (operation) { case "EMAIL_SIGNIN": break; case "VERIFY_AND_CHANGE_EMAIL": _assert( response.newEmail, authModular, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */ ); break; case "REVERT_SECOND_FACTOR_ADDITION": _assert( response.mfaInfo, authModular, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */ ); // fall through default: _assert( response.email, authModular, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */ ); } let multiFactorInfo = null; if (response.mfaInfo) { multiFactorInfo = MultiFactorInfoImpl._fromServerResponse(_castAuth(authModular), response.mfaInfo); } return { data: { email: (response.requestType === "VERIFY_AND_CHANGE_EMAIL" ? response.newEmail : response.email) || null, previousEmail: (response.requestType === "VERIFY_AND_CHANGE_EMAIL" ? response.email : response.newEmail) || null, multiFactorInfo }, operation }; } async function verifyPasswordResetCode(auth, code) { const { data } = await checkActionCode(getModularInstance(auth), code); return data.email; } async function createUserWithEmailAndPassword(auth, email, password) { if (_isFirebaseServerApp(auth.app)) { return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(auth)); } const authInternal = _castAuth(auth); const request = { returnSecureToken: true, email, password, clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */ }; const signUpResponse = handleRecaptchaFlow( authInternal, request, "signUpPassword", signUp, "EMAIL_PASSWORD_PROVIDER" /* RecaptchaAuthProvider.EMAIL_PASSWORD_PROVIDER */ ); const response = await signUpResponse.catch((error) => { if (error.code === `auth/${"password-does-not-meet-requirements"}`) { void recachePasswordPolicy(auth); } throw error; }); const userCredential = await UserCredentialImpl._fromIdTokenResponse(authInternal, "signIn", response); await authInternal._updateCurrentUser(userCredential.user); return userCredential; } function signInWithEmailAndPassword(auth, email, password) { if (_isFirebaseServerApp(auth.app)) { return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(auth)); } return signInWithCredential(getModularInstance(auth), EmailAuthProvider.credential(email, password)).catch(async (error) => { if (error.code === `auth/${"password-does-not-meet-requirements"}`) { void recachePasswordPolicy(auth); } throw error; }); } async function sendSignInLinkToEmail(auth, email, actionCodeSettings) { const authInternal = _castAuth(auth); const request = { requestType: "EMAIL_SIGNIN", email, clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */ }; function setActionCodeSettings(request2, actionCodeSettings2) { _assert( actionCodeSettings2.handleCodeInApp, authInternal, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */ ); if (actionCodeSettings2) { _setActionCodeSettingsOnRequest(authInternal, request2, actionCodeSettings2); } } setActionCodeSettings(request, actionCodeSettings); await handleRecaptchaFlow( authInternal, request, "getOobCode", sendSignInLinkToEmail$1, "EMAIL_PASSWORD_PROVIDER" /* RecaptchaAuthProvider.EMAIL_PASSWORD_PROVIDER */ ); } function isSignInWithEmailLink(auth, emailLink) { const actionCodeUrl = ActionCodeURL.parseLink(emailLink); return actionCodeUrl?.operation === "EMAIL_SIGNIN"; } async function signInWithEmailLink(auth, email, emailLink) { if (_isFirebaseServerApp(auth.app)) { return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(auth)); } const authModular = getModularInstance(auth); const credential = EmailAuthProvider.credentialWithLink(email, emailLink || _getCurrentUrl()); _assert( credential._tenantId === (authModular.tenantId || null), authModular, "tenant-id-mismatch" /* AuthErrorCode.TENANT_ID_MISMATCH */ ); return signInWithCredential(authModular, credential); } async function createAuthUri(auth, request) { return _performApiRequest(auth, "POST", "/v1/accounts:createAuthUri", _addTidIfNecessary(auth, request)); } async function fetchSignInMethodsForEmail(auth, email) { const continueUri = _isHttpOrHttps() ? _getCurrentUrl() : "http://localhost"; const request = { identifier: email, continueUri }; const { signinMethods } = await createAuthUri(getModularInstance(auth), request); return signinMethods || []; } async function sendEmailVerification(user, actionCodeSettings) { const userInternal = getModularInstance(user); const idToken = await user.getIdToken(); const request = { requestType: "VERIFY_EMAIL", idToken }; if (actionCodeSettings) { _setActionCodeSettingsOnRequest(userInternal.auth, request, actionCodeSettings); } const { email } = await sendEmailVerification$1(userInternal.auth, request); if (email !== user.email) { await user.reload(); } } async function verifyBeforeUpdateEmail(user, newEmail, actionCodeSettings) { const userInternal = getModularInstance(user); const idToken = await user.getIdToken(); const request = { requestType: "VERIFY_AND_CHANGE_EMAIL", idToken, newEmail }; if (actionCodeSettings) { _setActionCodeSettingsOnRequest(userInternal.auth, request, actionCodeSettings); } const { email } = await verifyAndChangeEmail(userInternal.auth, request); if (email !== user.email) { await user.reload(); } } async function updateProfile$1(auth, request) { return _performApiRequest(auth, "POST", "/v1/accounts:update", request); } async function updateProfile(user, { displayName, photoURL: photoUrl }) { if (displayName === void 0 && photoUrl === void 0) { return; } const userInternal = getModularInstance(user); const idToken = await userInternal.getIdToken(); const profileRequest = { idToken, displayName, photoUrl, returnSecureToken: true }; const response = await _logoutIfInvalidated(userInternal, updateProfile$1(userInternal.auth, profileRequest)); userInternal.displayName = response.displayName || null; userInternal.photoURL = response.photoUrl || null; const passwordProvider = userInternal.providerData.find( ({ providerId }) => providerId === "password" /* ProviderId.PASSWORD */ ); if (passwordProvider) { passwordProvider.displayName = userInternal.displayName; passwordProvider.photoURL = userInternal.photoURL; } await userInternal._updateTokensIfNecessary(response); } function updateEmail(user, newEmail) { const userInternal = getModularInstance(user); if (_isFirebaseServerApp(userInternal.auth.app)) { return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(userInternal.auth)); } return updateEmailOrPassword(userInternal, newEmail, null); } function updatePassword(user, newPassword) { return updateEmailOrPassword(getModularInstance(user), null, newPassword); } async function updateEmailOrPassword(user, email, password) { const { auth } = user; const idToken = await user.getIdToken(); const request = { idToken, returnSecureToken: true }; if (email) { request.email = email; } if (password) { request.password = password; } const response = await _logoutIfInvalidated(user, updateEmailPassword(auth, request)); await user._updateTokensIfNecessary( response, /* reload */ true ); } function _fromIdTokenResponse(idTokenResponse) { if (!idTokenResponse) { return null; } const { providerId } = idTokenResponse; const profile = idTokenResponse.rawUserInfo ? JSON.parse(idTokenResponse.rawUserInfo) : {}; const isNewUser = idTokenResponse.isNewUser || idTokenResponse.kind === "identitytoolkit#SignupNewUserResponse"; if (!providerId && idTokenResponse?.idToken) { const signInProvider = _parseToken(idTokenResponse.idToken)?.firebase?.["sign_in_provider"]; if (signInProvider) { const filteredProviderId = signInProvider !== "anonymous" && signInProvider !== "custom" ? signInProvider : null; return new GenericAdditionalUserInfo(isNewUser, filteredProviderId); } } if (!providerId) { return null; } switch (providerId) { case "facebook.com": return new FacebookAdditionalUserInfo(isNewUser, profile); case "github.com": return new GithubAdditionalUserInfo(isNewUser, profile); case "google.com": return new GoogleAdditionalUserInfo(isNewUser, profile); case "twitter.com": return new TwitterAdditionalUserInfo(isNewUser, profile, idTokenResponse.screenName || null); case "custom": case "anonymous": return new GenericAdditionalUserInfo(isNewUser, null); default: return new GenericAdditionalUserInfo(isNewUser, providerId, profile); } } var GenericAdditionalUserInfo = class { constructor(isNewUser, providerId, profile = {}) { this.isNewUser = isNewUser; this.providerId = providerId; this.profile = profile; } }; var FederatedAdditionalUserInfoWithUsername = class extends GenericAdditionalUserInfo { constructor(isNewUser, providerId, profile, username) { super(isNewUser, providerId, profile); this.username = username; } }; var FacebookAdditionalUserInfo = class extends GenericAdditionalUserInfo { constructor(isNewUser, profile) { super(isNewUser, "facebook.com", profile); } }; var GithubAdditionalUserInfo = class extends FederatedAdditionalUserInfoWithUsername { constructor(isNewUser, profile) { super(isNewUser, "github.com", profile, typeof profile?.login === "string" ? profile?.login : null); } }; var GoogleAdditionalUserInfo = class extends GenericAdditionalUserInfo { constructor(isNewUser, profile) { super(isNewUser, "google.com", profile); } }; var TwitterAdditionalUserInfo = class extends FederatedAdditionalUserInfoWithUsername { constructor(isNewUser, profile, screenName) { super(isNewUser, "twitter.com", profile, screenName); } }; function getAdditionalUserInfo(userCredential) { const { user, _tokenResponse } = userCredential; if (user.isAnonymous && !_tokenResponse) { return { providerId: null, isNewUser: false, profile: null }; } return _fromIdTokenResponse(_tokenResponse); } function setPersistence(auth, persistence) { return getModularInstance(auth).setPersistence(persistence); } function initializeRecaptchaConfig(auth) { return _initializeRecaptchaConfig(auth); } async function validatePassword(auth, password) { const authInternal = _castAuth(auth); return authInternal.validatePassword(password); } function onIdTokenChanged(auth, nextOrObserver, error, completed) { return getModularInstance(auth).onIdTokenChanged(nextOrObserver, error, completed); } function beforeAuthStateChanged(auth, callback, onAbort) { return getModularInstance(auth).beforeAuthStateChanged(callback, onAbort); } function onAuthStateChanged(auth, nextOrObserver, error, completed) { return getModularInstance(auth).onAuthStateChanged(nextOrObserver, error, completed); } function useDeviceLanguage(auth) { getModularInstance(auth).useDeviceLanguage(); } function updateCurrentUser(auth, user) { return getModularInstance(auth).updateCurrentUser(user); } function signOut(auth) { return getModularInstance(auth).signOut(); } function revokeAccessToken(auth, token) { const authInternal = _castAuth(auth); return authInternal.revokeAccessToken(token); } async function deleteUser(user) { return getModularInstance(user).delete(); } var MultiFactorSessionImpl = class _MultiFactorSessionImpl { constructor(type, credential, user) { this.type = type; this.credential = credential; this.user = user; } static _fromIdtoken(idToken, user) { return new _MultiFactorSessionImpl("enroll", idToken, user); } static _fromMfaPendingCredential(mfaPendingCredential) { return new _MultiFactorSessionImpl("signin", mfaPendingCredential); } toJSON() { const key = this.type === "enroll" ? "idToken" : "pendingCredential"; return { multiFactorSession: { [key]: this.credential } }; } static fromJSON(obj) { if (obj?.multiFactorSession) { if (obj.multiFactorSession?.pendingCredential) { return _MultiFactorSessionImpl._fromMfaPendingCredential(obj.multiFactorSession.pendingCredential); } else if (obj.multiFactorSession?.idToken) { return _MultiFactorSessionImpl._fromIdtoken(obj.multiFactorSession.idToken); } } return null; } }; var MultiFactorResolverImpl = class _MultiFactorResolverImpl { constructor(session, hints, signInResolver) { this.session = session; this.hints = hints; this.signInResolver = signInResolver; } /** @internal */ static _fromError(authExtern, error) { const auth = _castAuth(authExtern); const serverResponse = error.customData._serverResponse; const hints = (serverResponse.mfaInfo || []).map((enrollment) => MultiFactorInfoImpl._fromServerResponse(auth, enrollment)); _assert( serverResponse.mfaPendingCredential, auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */ ); const session = MultiFactorSessionImpl._fromMfaPendingCredential(serverResponse.mfaPendingCredential); return new _MultiFactorResolverImpl(session, hints, async (assertion) => { const mfaResponse = await assertion._process(auth, session); delete serverResponse.mfaInfo; delete serverResponse.mfaPendingCredential; const idTokenResponse = { ...serverResponse, idToken: mfaResponse.idToken, refreshToken: mfaResponse.refreshToken }; switch (error.operationType) { case "signIn": const userCredential = await UserCredentialImpl._fromIdTokenResponse(auth, error.operationType, idTokenResponse); await auth._updateCurrentUser(userCredential.user); return userCredential; case "reauthenticate": _assert( error.user, auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */ ); return UserCredentialImpl._forOperation(error.user, error.operationType, idTokenResponse); default: _fail( auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */ ); } }); } async resolveSignIn(assertionExtern) { const assertion = assertionExtern; return this.signInResolver(assertion); } }; function getMultiFactorResolver(auth, error) { const authModular = getModularInstance(auth); const errorInternal = error; _assert( error.customData.operationType, authModular, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */ ); _assert( errorInternal.customData._serverResponse?.mfaPendingCredential, authModular, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */ ); return MultiFactorResolverImpl._fromError(authModular, errorInternal); } function startEnrollPhoneMfa(auth, request) { return _performApiRequest(auth, "POST", "/v2/accounts/mfaEnrollment:start", _addTidIfNecessary(auth, request)); } function finalizeEnrollPhoneMfa(auth, request) { return _performApiRequest(auth, "POST", "/v2/accounts/mfaEnrollment:finalize", _addTidIfNecessary(auth, request)); } function startEnrollTotpMfa(auth, request) { return _performApiRequest(auth, "POST", "/v2/accounts/mfaEnrollment:start", _addTidIfNecessary(auth, request)); } function finalizeEnrollTotpMfa(auth, request) { return _performApiRequest(auth, "POST", "/v2/accounts/mfaEnrollment:finalize", _addTidIfNecessary(auth, request)); } function withdrawMfa(auth, request) { return _performApiRequest(auth, "POST", "/v2/accounts/mfaEnrollment:withdraw", _addTidIfNecessary(auth, request)); } var MultiFactorUserImpl = class _MultiFactorUserImpl { constructor(user) { this.user = user; this.enrolledFactors = []; user._onReload((userInfo) => { if (userInfo.mfaInfo) { this.enrolledFactors = userInfo.mfaInfo.map((enrollment) => MultiFactorInfoImpl._fromServerResponse(user.auth, enrollment)); } }); } static _fromUser(user) { return new _MultiFactorUserImpl(user); } async getSession() { return MultiFactorSessionImpl._fromIdtoken(await this.user.getIdToken(), this.user); } async enroll(assertionExtern, displayName) { const assertion = assertionExtern; const session = await this.getSession(); const finalizeMfaResponse = await _logoutIfInvalidated(this.user, assertion._process(this.user.auth, session, displayName)); await this.user._updateTokensIfNecessary(finalizeMfaResponse); return this.user.reload(); } async unenroll(infoOrUid) { const mfaEnrollmentId = typeof infoOrUid === "string" ? infoOrUid : infoOrUid.uid; const idToken = await this.user.getIdToken(); try { const idTokenResponse = await _logoutIfInvalidated(this.user, withdrawMfa(this.user.auth, { idToken, mfaEnrollmentId })); this.enrolledFactors = this.enrolledFactors.filter(({ uid }) => uid !== mfaEnrollmentId); await this.user._updateTokensIfNecessary(idTokenResponse); await this.user.reload(); } catch (e) { throw e; } } }; var multiFactorUserCache = /* @__PURE__ */ new WeakMap(); function multiFactor(user) { const userModular = getModularInstance(user); if (!multiFactorUserCache.has(userModular)) { multiFactorUserCache.set(userModular, MultiFactorUserImpl._fromUser(userModular)); } return multiFactorUserCache.get(userModular); } var STORAGE_AVAILABLE_KEY = "__sak"; var BrowserPersistenceClass = class { constructor(storageRetriever, type) { this.storageRetriever = storageRetriever; this.type = type; } _isAvailable() { try { if (!this.storage) { return Promise.resolve(false); } this.storage.setItem(STORAGE_AVAILABLE_KEY, "1"); this.storage.removeItem(STORAGE_AVAILABLE_KEY); return Promise.resolve(true); } catch { return Promise.resolve(false); } } _set(key, value) { this.storage.setItem(key, JSON.stringify(value)); return Promise.resolve(); } _get(key) { const json = this.storage.getItem(key); return Promise.resolve(json ? JSON.parse(json) : null); } _remove(key) { this.storage.removeItem(key); return Promise.resolve(); } get storage() { return this.storageRetriever(); } }; var _POLLING_INTERVAL_MS$1 = 1e3; var IE10_LOCAL_STORAGE_SYNC_DELAY = 10; var BrowserLocalPersistence = class extends BrowserPersistenceClass { constructor() { super( () => window.localStorage, "LOCAL" /* PersistenceType.LOCAL */ ); this.boundEventHandler = (event, poll) => this.onStorageEvent(event, poll); this.listeners = {}; this.localCache = {}; this.pollTimer = null; this.fallbackToPolling = _isMobileBrowser(); this._shouldAllowMigration = true; } forAllChangedKeys(cb) { for (const key of Object.keys(this.listeners)) { const newValue = this.storage.getItem(key); const oldValue = this.localCache[key]; if (newValue !== oldValue) { cb(key, oldValue, newValue); } } } onStorageEvent(event, poll = false) { if (!event.key) { this.forAllChangedKeys((key2, _oldValue, newValue) => { this.notifyListeners(key2, newValue); }); return; } const key = event.key; if (poll) { this.detachListener(); } else { this.stopPolling(); } const triggerListeners = () => { const storedValue2 = this.storage.getItem(key); if (!poll && this.localCache[key] === storedValue2) { return; } this.notifyListeners(key, storedValue2); }; const storedValue = this.storage.getItem(key); if (_isIE10() && storedValue !== event.newValue && event.newValue !== event.oldValue) { setTimeout(triggerListeners, IE10_LOCAL_STORAGE_SYNC_DELAY); } else { triggerListeners(); } } notifyListeners(key, value) { this.localCache[key] = value; const listeners = this.listeners[key]; if (listeners) { for (const listener of Array.from(listeners)) { listener(value ? JSON.parse(value) : value); } } } startPolling() { this.stopPolling(); this.pollTimer = setInterval(() => { this.forAllChangedKeys((key, oldValue, newValue) => { this.onStorageEvent( new StorageEvent("storage", { key, oldValue, newValue }), /* poll */ true ); }); }, _POLLING_INTERVAL_MS$1); } stopPolling() { if (this.pollTimer) { clearInterval(this.pollTimer); this.pollTimer = null; } } attachListener() { window.addEventListener("storage", this.boundEventHandler); } detachListener() { window.removeEventListener("storage", this.boundEventHandler); } _addListener(key, listener) { if (Object.keys(this.listeners).length === 0) { if (this.fallbackToPolling) { this.startPolling(); } else { this.attachListener(); } } if (!this.listeners[key]) { this.listeners[key] = /* @__PURE__ */ new Set(); this.localCache[key] = this.storage.getItem(key); } this.listeners[key].add(listener); } _removeListener(key, listener) { if (this.listeners[key]) { this.listeners[key].delete(listener); if (this.listeners[key].size === 0) { delete this.listeners[key]; } } if (Object.keys(this.listeners).length === 0) { this.detachListener(); this.stopPolling(); } } // Update local cache on base operations: async _set(key, value) { await super._set(key, value); this.localCache[key] = JSON.stringify(value); } async _get(key) { const value = await super._get(key); this.localCache[key] = JSON.stringify(value); return value; } async _remove(key) { await super._remove(key); delete this.localCache[key]; } }; BrowserLocalPersistence.type = "LOCAL"; var browserLocalPersistence = BrowserLocalPersistence; var POLLING_INTERVAL_MS = 1e3; function getDocumentCookie(name2) { const escapedName = name2.replace(/[\\^$.*+?()[\]{}|]/g, "\\$&"); const matcher = RegExp(`${escapedName}=([^;]+)`); return document.cookie.match(matcher)?.[1] ?? null; } function getCookieName(key) { const isDevMode = window.location.protocol === "http:"; return `${isDevMode ? "__dev_" : "__HOST-"}FIREBASE_${key.split(":")[3]}`; } var CookiePersistence = class { constructor() { this.type = "COOKIE"; this.listenerUnsubscribes = /* @__PURE__ */ new Map(); } // used to get the URL to the backend to proxy to _getFinalTarget(originalUrl) { if (typeof window === void 0) { return originalUrl; } const url = new URL(`${window.location.origin}/__cookies__`); url.searchParams.set("finalTarget", originalUrl); return url; } // To be a usable persistence method in a chain browserCookiePersistence ensures that // prerequisites have been met, namely that we're in a secureContext, navigator and document are // available and cookies are enabled. Not all UAs support these method, so fallback accordingly. async _isAvailable() { if (typeof isSecureContext === "boolean" && !isSecureContext) { return false; } if (typeof navigator === "undefined" || typeof document === "undefined") { return false; } return navigator.cookieEnabled ?? true; } // Set should be a noop as we expect middleware to handle this async _set(_key, _value) { return; } // Attempt to get the cookie from cookieStore, fallback to document.cookie async _get(key) { if (!this._isAvailable()) { return null; } const name2 = getCookieName(key); if (window.cookieStore) { const cookie = await window.cookieStore.get(name2); return cookie?.value; } return getDocumentCookie(name2); } // Log out by overriding the idToken with a sentinel value of "" async _remove(key) { if (!this._isAvailable()) { return; } const existingValue = await this._get(key); if (!existingValue) { return; } const name2 = getCookieName(key); document.cookie = `${name2}=;Max-Age=34560000;Partitioned;Secure;SameSite=Strict;Path=/;Priority=High`; await fetch(`/__cookies__`, { method: "DELETE" }).catch(() => void 0); } // Listen for cookie changes, both cookieStore and fallback to polling document.cookie _addListener(key, listener) { if (!this._isAvailable()) { return; } const name2 = getCookieName(key); if (window.cookieStore) { const cb = ((event) => { const changedCookie = event.changed.find((change) => change.name === name2); if (changedCookie) { listener(changedCookie.value); } const deletedCookie = event.deleted.find((change) => change.name === name2); if (deletedCookie) { listener(null); } }); const unsubscribe2 = () => window.cookieStore.removeEventListener("change", cb); this.listenerUnsubscribes.set(listener, unsubscribe2); return window.cookieStore.addEventListener("change", cb); } let lastValue = getDocumentCookie(name2); const interval = setInterval(() => { const currentValue = getDocumentCookie(name2); if (currentValue !== lastValue) { listener(currentValue); lastValue = currentValue; } }, POLLING_INTERVAL_MS); const unsubscribe = () => clearInterval(interval); this.listenerUnsubscribes.set(listener, unsubscribe); } _removeListener(_key, listener) { const unsubscribe = this.listenerUnsubscribes.get(listener); if (!unsubscribe) { return; } unsubscribe(); this.listenerUnsubscribes.delete(listener); } }; CookiePersistence.type = "COOKIE"; var browserCookiePersistence = CookiePersistence; var BrowserSessionPersistence = class extends BrowserPersistenceClass { constructor() { super( () => window.sessionStorage, "SESSION" /* PersistenceType.SESSION */ ); } _addListener(_key, _listener) { return; } _removeListener(_key, _listener) { return; } }; BrowserSessionPersistence.type = "SESSION"; var browserSessionPersistence = BrowserSessionPersistence; function _allSettled(promises) { return Promise.all(promises.map(async (promise) => { try { const value = await promise; return { fulfilled: true, value }; } catch (reason) { return { fulfilled: false, reason }; } })); } var Receiver = class _Receiver { constructor(eventTarget) { this.eventTarget = eventTarget; this.handlersMap = {}; this.boundEventHandler = this.handleEvent.bind(this); } /** * Obtain an instance of a Receiver for a given event target, if none exists it will be created. * * @param eventTarget - An event target (such as window or self) through which the underlying * messages will be received. */ static _getInstance(eventTarget) { const existingInstance = this.receivers.find((receiver) => receiver.isListeningto(eventTarget)); if (existingInstance) { return existingInstance; } const newInstance = new _Receiver(eventTarget); this.receivers.push(newInstance); return newInstance; } isListeningto(eventTarget) { return this.eventTarget === eventTarget; } /** * Fans out a MessageEvent to the appropriate listeners. * * @remarks * Sends an {@link Status.ACK} upon receipt and a {@link Status.DONE} once all handlers have * finished processing. * * @param event - The MessageEvent. * */ async handleEvent(event) { const messageEvent = event; const { eventId, eventType, data } = messageEvent.data; const handlers = this.handlersMap[eventType]; if (!handlers?.size) { return; } messageEvent.ports[0].postMessage({ status: "ack", eventId, eventType }); const promises = Array.from(handlers).map(async (handler) => handler(messageEvent.origin, data)); const response = await _allSettled(promises); messageEvent.ports[0].postMessage({ status: "done", eventId, eventType, response }); } /** * Subscribe an event handler for a particular event. * * @param eventType - Event name to subscribe to. * @param eventHandler - The event handler which should receive the events. * */ _subscribe(eventType, eventHandler) { if (Object.keys(this.handlersMap).length === 0) { this.eventTarget.addEventListener("message", this.boundEventHandler); } if (!this.handlersMap[eventType]) { this.handlersMap[eventType] = /* @__PURE__ */ new Set(); } this.handlersMap[eventType].add(eventHandler); } /** * Unsubscribe an event handler from a particular event. * * @param eventType - Event name to unsubscribe from. * @param eventHandler - Optional event handler, if none provided, unsubscribe all handlers on this event. * */ _unsubscribe(eventType, eventHandler) { if (this.handlersMap[eventType] && eventHandler) { this.handlersMap[eventType].delete(eventHandler); } if (!eventHandler || this.handlersMap[eventType].size === 0) { delete this.handlersMap[eventType]; } if (Object.keys(this.handlersMap).length === 0) { this.eventTarget.removeEventListener("message", this.boundEventHandler); } } }; Receiver.receivers = []; function _generateEventId(prefix = "", digits = 10) { let random = ""; for (let i = 0; i < digits; i++) { random += Math.floor(Math.random() * 10); } return prefix + random; } var Sender = class { constructor(target) { this.target = target; this.handlers = /* @__PURE__ */ new Set(); } /** * Unsubscribe the handler and remove it from our tracking Set. * * @param handler - The handler to unsubscribe. */ removeMessageHandler(handler) { if (handler.messageChannel) { handler.messageChannel.port1.removeEventListener("message", handler.onMessage); handler.messageChannel.port1.close(); } this.handlers.delete(handler); } /** * Send a message to the Receiver located at {@link target}. * * @remarks * We'll first wait a bit for an ACK , if we get one we will wait significantly longer until the * receiver has had a chance to fully process the event. * * @param eventType - Type of event to send. * @param data - The payload of the event. * @param timeout - Timeout for waiting on an ACK from the receiver. * * @returns An array of settled promises from all the handlers that were listening on the receiver. */ async _send(eventType, data, timeout = 50) { const messageChannel = typeof MessageChannel !== "undefined" ? new MessageChannel() : null; if (!messageChannel) { throw new Error( "connection_unavailable" /* _MessageError.CONNECTION_UNAVAILABLE */ ); } let completionTimer; let handler; return new Promise((resolve, reject) => { const eventId = _generateEventId("", 20); messageChannel.port1.start(); const ackTimer = setTimeout(() => { reject(new Error( "unsupported_event" /* _MessageError.UNSUPPORTED_EVENT */ )); }, timeout); handler = { messageChannel, onMessage(event) { const messageEvent = event; if (messageEvent.data.eventId !== eventId) { return; } switch (messageEvent.data.status) { case "ack": clearTimeout(ackTimer); completionTimer = setTimeout( () => { reject(new Error( "timeout" /* _MessageError.TIMEOUT */ )); }, 3e3 /* _TimeoutDuration.COMPLETION */ ); break; case "done": clearTimeout(completionTimer); resolve(messageEvent.data.response); break; default: clearTimeout(ackTimer); clearTimeout(completionTimer); reject(new Error( "invalid_response" /* _MessageError.INVALID_RESPONSE */ )); break; } } }; this.handlers.add(handler); messageChannel.port1.addEventListener("message", handler.onMessage); this.target.postMessage({ eventType, eventId, data }, [messageChannel.port2]); }).finally(() => { if (handler) { this.removeMessageHandler(handler); } }); } }; function _window() { return window; } function _setWindowLocation(url) { _window().location.href = url; } function _isWorker() { return typeof _window()["WorkerGlobalScope"] !== "undefined" && typeof _window()["importScripts"] === "function"; } async function _getActiveServiceWorker() { if (!navigator?.serviceWorker) { return null; } try { const registration = await navigator.serviceWorker.ready; return registration.active; } catch { return null; } } function _getServiceWorkerController() { return navigator?.serviceWorker?.controller || null; } function _getWorkerGlobalScope() { return _isWorker() ? self : null; } var DB_NAME = "firebaseLocalStorageDb"; var DB_VERSION = 1; var DB_OBJECTSTORE_NAME = "firebaseLocalStorage"; var DB_DATA_KEYPATH = "fbase_key"; var DBPromise = class { constructor(request) { this.request = request; } toPromise() { return new Promise((resolve, reject) => { this.request.addEventListener("success", () => { resolve(this.request.result); }); this.request.addEventListener("error", () => { reject(this.request.error); }); }); } }; function getObjectStore(db, isReadWrite) { return db.transaction([DB_OBJECTSTORE_NAME], isReadWrite ? "readwrite" : "readonly").objectStore(DB_OBJECTSTORE_NAME); } function _deleteDatabase() { const request = indexedDB.deleteDatabase(DB_NAME); return new DBPromise(request).toPromise(); } function _openDatabase() { const request = indexedDB.open(DB_NAME, DB_VERSION); return new Promise((resolve, reject) => { request.addEventListener("error", () => { reject(request.error); }); request.addEventListener("upgradeneeded", () => { const db = request.result; try { db.createObjectStore(DB_OBJECTSTORE_NAME, { keyPath: DB_DATA_KEYPATH }); } catch (e) { reject(e); } }); request.addEventListener("success", async () => { const db = request.result; if (!db.objectStoreNames.contains(DB_OBJECTSTORE_NAME)) { db.close(); await _deleteDatabase(); resolve(await _openDatabase()); } else { resolve(db); } }); }); } async function _putObject(db, key, value) { const request = getObjectStore(db, true).put({ [DB_DATA_KEYPATH]: key, value }); return new DBPromise(request).toPromise(); } async function getObject(db, key) { const request = getObjectStore(db, false).get(key); const data = await new DBPromise(request).toPromise(); return data === void 0 ? null : data.value; } function _deleteObject(db, key) { const request = getObjectStore(db, true).delete(key); return new DBPromise(request).toPromise(); } var _POLLING_INTERVAL_MS = 800; var _TRANSACTION_RETRY_COUNT = 3; var IndexedDBLocalPersistence = class { constructor() { this.type = "LOCAL"; this._shouldAllowMigration = true; this.listeners = {}; this.localCache = {}; this.pollTimer = null; this.pendingWrites = 0; this.receiver = null; this.sender = null; this.serviceWorkerReceiverAvailable = false; this.activeServiceWorker = null; this._workerInitializationPromise = this.initializeServiceWorkerMessaging().then(() => { }, () => { }); } async _openDb() { if (this.db) { return this.db; } this.db = await _openDatabase(); return this.db; } async _withRetries(op) { let numAttempts = 0; while (true) { try { const db = await this._openDb(); return await op(db); } catch (e) { if (numAttempts++ > _TRANSACTION_RETRY_COUNT) { throw e; } if (this.db) { this.db.close(); this.db = void 0; } } } } /** * IndexedDB events do not propagate from the main window to the worker context. We rely on a * postMessage interface to send these events to the worker ourselves. */ async initializeServiceWorkerMessaging() { return _isWorker() ? this.initializeReceiver() : this.initializeSender(); } /** * As the worker we should listen to events from the main window. */ async initializeReceiver() { this.receiver = Receiver._getInstance(_getWorkerGlobalScope()); this.receiver._subscribe("keyChanged", async (_origin, data) => { const keys = await this._poll(); return { keyProcessed: keys.includes(data.key) }; }); this.receiver._subscribe("ping", async (_origin, _data) => { return [ "keyChanged" /* _EventType.KEY_CHANGED */ ]; }); } /** * As the main window, we should let the worker know when keys change (set and remove). * * @remarks * {@link https://developer.mozilla.org/en-US/docs/Web/API/ServiceWorkerContainer/ready | ServiceWorkerContainer.ready} * may not resolve. */ async initializeSender() { this.activeServiceWorker = await _getActiveServiceWorker(); if (!this.activeServiceWorker) { return; } this.sender = new Sender(this.activeServiceWorker); const results = await this.sender._send( "ping", {}, 800 /* _TimeoutDuration.LONG_ACK */ ); if (!results) { return; } if (results[0]?.fulfilled && results[0]?.value.includes( "keyChanged" /* _EventType.KEY_CHANGED */ )) { this.serviceWorkerReceiverAvailable = true; } } /** * Let the worker know about a changed key, the exact key doesn't technically matter since the * worker will just trigger a full sync anyway. * * @remarks * For now, we only support one service worker per page. * * @param key - Storage key which changed. */ async notifyServiceWorker(key) { if (!this.sender || !this.activeServiceWorker || _getServiceWorkerController() !== this.activeServiceWorker) { return; } try { await this.sender._send( "keyChanged", { key }, // Use long timeout if receiver has previously responded to a ping from us. this.serviceWorkerReceiverAvailable ? 800 : 50 /* _TimeoutDuration.ACK */ ); } catch { } } async _isAvailable() { try { if (!indexedDB) { return false; } const db = await _openDatabase(); await _putObject(db, STORAGE_AVAILABLE_KEY, "1"); await _deleteObject(db, STORAGE_AVAILABLE_KEY); return true; } catch { } return false; } async _withPendingWrite(write) { this.pendingWrites++; try { await write(); } finally { this.pendingWrites--; } } async _set(key, value) { return this._withPendingWrite(async () => { await this._withRetries((db) => _putObject(db, key, value)); this.localCache[key] = value; return this.notifyServiceWorker(key); }); } async _get(key) { const obj = await this._withRetries((db) => getObject(db, key)); this.localCache[key] = obj; return obj; } async _remove(key) { return this._withPendingWrite(async () => { await this._withRetries((db) => _deleteObject(db, key)); delete this.localCache[key]; return this.notifyServiceWorker(key); }); } async _poll() { const result = await this._withRetries((db) => { const getAllRequest = getObjectStore(db, false).getAll(); return new DBPromise(getAllRequest).toPromise(); }); if (!result) { return []; } if (this.pendingWrites !== 0) { return []; } const keys = []; const keysInResult = /* @__PURE__ */ new Set(); if (result.length !== 0) { for (const { fbase_key: key, value } of result) { keysInResult.add(key); if (JSON.stringify(this.localCache[key]) !== JSON.stringify(value)) { this.notifyListeners(key, value); keys.push(key); } } } for (const localKey of Object.keys(this.localCache)) { if (this.localCache[localKey] && !keysInResult.has(localKey)) { this.notifyListeners(localKey, null); keys.push(localKey); } } return keys; } notifyListeners(key, newValue) { this.localCache[key] = newValue; const listeners = this.listeners[key]; if (listeners) { for (const listener of Array.from(listeners)) { listener(newValue); } } } startPolling() { this.stopPolling(); this.pollTimer = setInterval(async () => this._poll(), _POLLING_INTERVAL_MS); } stopPolling() { if (this.pollTimer) { clearInterval(this.pollTimer); this.pollTimer = null; } } _addListener(key, listener) { if (Object.keys(this.listeners).length === 0) { this.startPolling(); } if (!this.listeners[key]) { this.listeners[key] = /* @__PURE__ */ new Set(); void this._get(key); } this.listeners[key].add(listener); } _removeListener(key, listener) { if (this.listeners[key]) { this.listeners[key].delete(listener); if (this.listeners[key].size === 0) { delete this.listeners[key]; } } if (Object.keys(this.listeners).length === 0) { this.stopPolling(); } } }; IndexedDBLocalPersistence.type = "LOCAL"; var indexedDBLocalPersistence = IndexedDBLocalPersistence; function startSignInPhoneMfa(auth, request) { return _performApiRequest(auth, "POST", "/v2/accounts/mfaSignIn:start", _addTidIfNecessary(auth, request)); } function finalizeSignInPhoneMfa(auth, request) { return _performApiRequest(auth, "POST", "/v2/accounts/mfaSignIn:finalize", _addTidIfNecessary(auth, request)); } function finalizeSignInTotpMfa(auth, request) { return _performApiRequest(auth, "POST", "/v2/accounts/mfaSignIn:finalize", _addTidIfNecessary(auth, request)); } var _JSLOAD_CALLBACK = _generateCallbackName("rcb"); var NETWORK_TIMEOUT_DELAY = new Delay(3e4, 6e4); var ReCaptchaLoaderImpl = class { constructor() { this.hostLanguage = ""; this.counter = 0; this.librarySeparatelyLoaded = !!_window().grecaptcha?.render; } load(auth, hl = "") { _assert( isHostLanguageValid(hl), auth, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */ ); if (this.shouldResolveImmediately(hl) && isV2(_window().grecaptcha)) { return Promise.resolve(_window().grecaptcha); } return new Promise((resolve, reject) => { const networkTimeout = _window().setTimeout(() => { reject(_createError( auth, "network-request-failed" /* AuthErrorCode.NETWORK_REQUEST_FAILED */ )); }, NETWORK_TIMEOUT_DELAY.get()); _window()[_JSLOAD_CALLBACK] = () => { _window().clearTimeout(networkTimeout); delete _window()[_JSLOAD_CALLBACK]; const recaptcha = _window().grecaptcha; if (!recaptcha || !isV2(recaptcha)) { reject(_createError( auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */ )); return; } const render = recaptcha.render; recaptcha.render = (container, params) => { const widgetId = render(container, params); this.counter++; return widgetId; }; this.hostLanguage = hl; resolve(recaptcha); }; const url = `${_recaptchaV2ScriptUrl()}?${querystring({ onload: _JSLOAD_CALLBACK, render: "explicit", hl })}`; _loadJS(url).catch(() => { clearTimeout(networkTimeout); reject(_createError( auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */ )); }); }); } clearedOneInstance() { this.counter--; } shouldResolveImmediately(hl) { return !!_window().grecaptcha?.render && (hl === this.hostLanguage || this.counter > 0 || this.librarySeparatelyLoaded); } }; function isHostLanguageValid(hl) { return hl.length <= 6 && /^\s*[a-zA-Z0-9\-]*\s*$/.test(hl); } var MockReCaptchaLoaderImpl = class { async load(auth) { return new MockReCaptcha(auth); } clearedOneInstance() { } }; var RECAPTCHA_VERIFIER_TYPE = "recaptcha"; var DEFAULT_PARAMS = { theme: "light", type: "image" }; var RecaptchaVerifier = class { /** * @param authExtern - The corresponding Firebase {@link Auth} instance. * * @param containerOrId - The reCAPTCHA container parameter. * * @remarks * This has different meaning depending on whether the reCAPTCHA is hidden or visible. For a * visible reCAPTCHA the container must be empty. If a string is used, it has to correspond to * an element ID. The corresponding element must also must be in the DOM at the time of * initialization. * * @param parameters - The optional reCAPTCHA parameters. * * @remarks * Check the reCAPTCHA docs for a comprehensive list. All parameters are accepted except for * the sitekey. Firebase Auth backend provisions a reCAPTCHA for each project and will * configure this upon rendering. For an invisible reCAPTCHA, a size key must have the value * 'invisible'. */ constructor(authExtern, containerOrId, parameters = { ...DEFAULT_PARAMS }) { this.parameters = parameters; this.type = RECAPTCHA_VERIFIER_TYPE; this.destroyed = false; this.widgetId = null; this.tokenChangeListeners = /* @__PURE__ */ new Set(); this.renderPromise = null; this.recaptcha = null; this.auth = _castAuth(authExtern); this.isInvisible = this.parameters.size === "invisible"; _assert( typeof document !== "undefined", this.auth, "operation-not-supported-in-this-environment" /* AuthErrorCode.OPERATION_NOT_SUPPORTED */ ); const container = typeof containerOrId === "string" ? document.getElementById(containerOrId) : containerOrId; _assert( container, this.auth, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */ ); this.container = container; this.parameters.callback = this.makeTokenCallback(this.parameters.callback); this._recaptchaLoader = this.auth.settings.appVerificationDisabledForTesting ? new MockReCaptchaLoaderImpl() : new ReCaptchaLoaderImpl(); this.validateStartingState(); } /** * Waits for the user to solve the reCAPTCHA and resolves with the reCAPTCHA token. * * @returns A Promise for the reCAPTCHA token. */ async verify() { this.assertNotDestroyed(); const id = await this.render(); const recaptcha = this.getAssertedRecaptcha(); const response = recaptcha.getResponse(id); if (response) { return response; } return new Promise((resolve) => { const tokenChange = (token) => { if (!token) { return; } this.tokenChangeListeners.delete(tokenChange); resolve(token); }; this.tokenChangeListeners.add(tokenChange); if (this.isInvisible) { recaptcha.execute(id); } }); } /** * Renders the reCAPTCHA widget on the page. * * @returns A Promise that resolves with the reCAPTCHA widget ID. */ render() { try { this.assertNotDestroyed(); } catch (e) { return Promise.reject(e); } if (this.renderPromise) { return this.renderPromise; } this.renderPromise = this.makeRenderPromise().catch((e) => { this.renderPromise = null; throw e; }); return this.renderPromise; } /** @internal */ _reset() { this.assertNotDestroyed(); if (this.widgetId !== null) { this.getAssertedRecaptcha().reset(this.widgetId); } } /** * Clears the reCAPTCHA widget from the page and destroys the instance. */ clear() { this.assertNotDestroyed(); this.destroyed = true; this._recaptchaLoader.clearedOneInstance(); if (!this.isInvisible) { this.container.childNodes.forEach((node) => { this.container.removeChild(node); }); } } validateStartingState() { _assert( !this.parameters.sitekey, this.auth, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */ ); _assert( this.isInvisible || !this.container.hasChildNodes(), this.auth, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */ ); _assert( typeof document !== "undefined", this.auth, "operation-not-supported-in-this-environment" /* AuthErrorCode.OPERATION_NOT_SUPPORTED */ ); } makeTokenCallback(existing) { return (token) => { this.tokenChangeListeners.forEach((listener) => listener(token)); if (typeof existing === "function") { existing(token); } else if (typeof existing === "string") { const globalFunc = _window()[existing]; if (typeof globalFunc === "function") { globalFunc(token); } } }; } assertNotDestroyed() { _assert( !this.destroyed, this.auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */ ); } async makeRenderPromise() { await this.init(); if (!this.widgetId) { let container = this.container; if (!this.isInvisible) { const guaranteedEmpty = document.createElement("div"); container.appendChild(guaranteedEmpty); container = guaranteedEmpty; } this.widgetId = this.getAssertedRecaptcha().render(container, this.parameters); } return this.widgetId; } async init() { _assert( _isHttpOrHttps() && !_isWorker(), this.auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */ ); await domReady(); this.recaptcha = await this._recaptchaLoader.load(this.auth, this.auth.languageCode || void 0); const siteKey = await getRecaptchaParams(this.auth); _assert( siteKey, this.auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */ ); this.parameters.sitekey = siteKey; } getAssertedRecaptcha() { _assert( this.recaptcha, this.auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */ ); return this.recaptcha; } }; function domReady() { let resolver = null; return new Promise((resolve) => { if (document.readyState === "complete") { resolve(); return; } resolver = () => resolve(); window.addEventListener("load", resolver); }).catch((e) => { if (resolver) { window.removeEventListener("load", resolver); } throw e; }); } var ConfirmationResultImpl = class { constructor(verificationId, onConfirmation) { this.verificationId = verificationId; this.onConfirmation = onConfirmation; } confirm(verificationCode) { const authCredential = PhoneAuthCredential._fromVerification(this.verificationId, verificationCode); return this.onConfirmation(authCredential); } }; async function signInWithPhoneNumber(auth, phoneNumber, appVerifier) { if (_isFirebaseServerApp(auth.app)) { return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(auth)); } const authInternal = _castAuth(auth); const verificationId = await _verifyPhoneNumber(authInternal, phoneNumber, getModularInstance(appVerifier)); return new ConfirmationResultImpl(verificationId, (cred) => signInWithCredential(authInternal, cred)); } async function linkWithPhoneNumber(user, phoneNumber, appVerifier) { const userInternal = getModularInstance(user); await _assertLinkedStatus( false, userInternal, "phone" /* ProviderId.PHONE */ ); const verificationId = await _verifyPhoneNumber(userInternal.auth, phoneNumber, getModularInstance(appVerifier)); return new ConfirmationResultImpl(verificationId, (cred) => linkWithCredential(userInternal, cred)); } async function reauthenticateWithPhoneNumber(user, phoneNumber, appVerifier) { const userInternal = getModularInstance(user); if (_isFirebaseServerApp(userInternal.auth.app)) { return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(userInternal.auth)); } const verificationId = await _verifyPhoneNumber(userInternal.auth, phoneNumber, getModularInstance(appVerifier)); return new ConfirmationResultImpl(verificationId, (cred) => reauthenticateWithCredential(userInternal, cred)); } async function _verifyPhoneNumber(auth, options, verifier) { if (!auth._getRecaptchaConfig()) { try { await _initializeRecaptchaConfig(auth); } catch (error) { console.log("Failed to initialize reCAPTCHA Enterprise config. Triggering the reCAPTCHA v2 verification."); } } try { let phoneInfoOptions; if (typeof options === "string") { phoneInfoOptions = { phoneNumber: options }; } else { phoneInfoOptions = options; } if ("session" in phoneInfoOptions) { const session = phoneInfoOptions.session; if ("phoneNumber" in phoneInfoOptions) { _assert( session.type === "enroll", auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */ ); const startPhoneMfaEnrollmentRequest = { idToken: session.credential, phoneEnrollmentInfo: { phoneNumber: phoneInfoOptions.phoneNumber, clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */ } }; const startEnrollPhoneMfaActionCallback = async (authInstance, request) => { if (request.phoneEnrollmentInfo.captchaResponse === FAKE_TOKEN) { _assert( verifier?.type === RECAPTCHA_VERIFIER_TYPE, authInstance, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */ ); const requestWithRecaptchaV2 = await injectRecaptchaV2Token(authInstance, request, verifier); return startEnrollPhoneMfa(authInstance, requestWithRecaptchaV2); } return startEnrollPhoneMfa(authInstance, request); }; const startPhoneMfaEnrollmentResponse = handleRecaptchaFlow( auth, startPhoneMfaEnrollmentRequest, "mfaSmsEnrollment", startEnrollPhoneMfaActionCallback, "PHONE_PROVIDER" /* RecaptchaAuthProvider.PHONE_PROVIDER */ ); const response = await startPhoneMfaEnrollmentResponse.catch((error) => { return Promise.reject(error); }); return response.phoneSessionInfo.sessionInfo; } else { _assert( session.type === "signin", auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */ ); const mfaEnrollmentId = phoneInfoOptions.multiFactorHint?.uid || phoneInfoOptions.multiFactorUid; _assert( mfaEnrollmentId, auth, "missing-multi-factor-info" /* AuthErrorCode.MISSING_MFA_INFO */ ); const startPhoneMfaSignInRequest = { mfaPendingCredential: session.credential, mfaEnrollmentId, phoneSignInInfo: { clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */ } }; const startSignInPhoneMfaActionCallback = async (authInstance, request) => { if (request.phoneSignInInfo.captchaResponse === FAKE_TOKEN) { _assert( verifier?.type === RECAPTCHA_VERIFIER_TYPE, authInstance, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */ ); const requestWithRecaptchaV2 = await injectRecaptchaV2Token(authInstance, request, verifier); return startSignInPhoneMfa(authInstance, requestWithRecaptchaV2); } return startSignInPhoneMfa(authInstance, request); }; const startPhoneMfaSignInResponse = handleRecaptchaFlow( auth, startPhoneMfaSignInRequest, "mfaSmsSignIn", startSignInPhoneMfaActionCallback, "PHONE_PROVIDER" /* RecaptchaAuthProvider.PHONE_PROVIDER */ ); const response = await startPhoneMfaSignInResponse.catch((error) => { return Promise.reject(error); }); return response.phoneResponseInfo.sessionInfo; } } else { const sendPhoneVerificationCodeRequest = { phoneNumber: phoneInfoOptions.phoneNumber, clientType: "CLIENT_TYPE_WEB" /* RecaptchaClientType.WEB */ }; const sendPhoneVerificationCodeActionCallback = async (authInstance, request) => { if (request.captchaResponse === FAKE_TOKEN) { _assert( verifier?.type === RECAPTCHA_VERIFIER_TYPE, authInstance, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */ ); const requestWithRecaptchaV2 = await injectRecaptchaV2Token(authInstance, request, verifier); return sendPhoneVerificationCode(authInstance, requestWithRecaptchaV2); } return sendPhoneVerificationCode(authInstance, request); }; const sendPhoneVerificationCodeResponse = handleRecaptchaFlow( auth, sendPhoneVerificationCodeRequest, "sendVerificationCode", sendPhoneVerificationCodeActionCallback, "PHONE_PROVIDER" /* RecaptchaAuthProvider.PHONE_PROVIDER */ ); const response = await sendPhoneVerificationCodeResponse.catch((error) => { return Promise.reject(error); }); return response.sessionInfo; } } finally { verifier?._reset(); } } async function updatePhoneNumber(user, credential) { const userInternal = getModularInstance(user); if (_isFirebaseServerApp(userInternal.auth.app)) { return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(userInternal.auth)); } await _link$1(userInternal, credential); } async function injectRecaptchaV2Token(auth, request, recaptchaV2Verifier) { _assert( recaptchaV2Verifier.type === RECAPTCHA_VERIFIER_TYPE, auth, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */ ); const recaptchaV2Token = await recaptchaV2Verifier.verify(); _assert( typeof recaptchaV2Token === "string", auth, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */ ); const newRequest = { ...request }; if ("phoneEnrollmentInfo" in newRequest) { const phoneNumber = newRequest.phoneEnrollmentInfo.phoneNumber; const captchaResponse = newRequest.phoneEnrollmentInfo.captchaResponse; const clientType = newRequest.phoneEnrollmentInfo.clientType; const recaptchaVersion = newRequest.phoneEnrollmentInfo.recaptchaVersion; Object.assign(newRequest, { "phoneEnrollmentInfo": { phoneNumber, recaptchaToken: recaptchaV2Token, captchaResponse, clientType, recaptchaVersion } }); return newRequest; } else if ("phoneSignInInfo" in newRequest) { const captchaResponse = newRequest.phoneSignInInfo.captchaResponse; const clientType = newRequest.phoneSignInInfo.clientType; const recaptchaVersion = newRequest.phoneSignInInfo.recaptchaVersion; Object.assign(newRequest, { "phoneSignInInfo": { recaptchaToken: recaptchaV2Token, captchaResponse, clientType, recaptchaVersion } }); return newRequest; } else { Object.assign(newRequest, { "recaptchaToken": recaptchaV2Token }); return newRequest; } } var PhoneAuthProvider = class _PhoneAuthProvider { /** * @param auth - The Firebase {@link Auth} instance in which sign-ins should occur. * */ constructor(auth) { this.providerId = _PhoneAuthProvider.PROVIDER_ID; this.auth = _castAuth(auth); } /** * * Starts a phone number authentication flow by sending a verification code to the given phone * number. * * @example * ```javascript * const provider = new PhoneAuthProvider(auth); * const verificationId = await provider.verifyPhoneNumber(phoneNumber, applicationVerifier); * // Obtain verificationCode from the user. * const authCredential = PhoneAuthProvider.credential(verificationId, verificationCode); * const userCredential = await signInWithCredential(auth, authCredential); * ``` * * @example * An alternative flow is provided using the `signInWithPhoneNumber` method. * ```javascript * const confirmationResult = signInWithPhoneNumber(auth, phoneNumber, applicationVerifier); * // Obtain verificationCode from the user. * const userCredential = confirmationResult.confirm(verificationCode); * ``` * * @param phoneInfoOptions - The user's {@link PhoneInfoOptions}. The phone number should be in * E.164 format (e.g. +16505550101). * @param applicationVerifier - An {@link ApplicationVerifier}, which prevents * requests from unauthorized clients. This SDK includes an implementation * based on reCAPTCHA v2, {@link RecaptchaVerifier}. If you've enabled * reCAPTCHA Enterprise bot protection in Enforce mode, this parameter is * optional; in all other configurations, the parameter is required. * * @returns A Promise for a verification ID that can be passed to * {@link PhoneAuthProvider.credential} to identify this flow. */ verifyPhoneNumber(phoneOptions, applicationVerifier) { return _verifyPhoneNumber(this.auth, phoneOptions, getModularInstance(applicationVerifier)); } /** * Creates a phone auth credential, given the verification ID from * {@link PhoneAuthProvider.verifyPhoneNumber} and the code that was sent to the user's * mobile device. * * @example * ```javascript * const provider = new PhoneAuthProvider(auth); * const verificationId = provider.verifyPhoneNumber(phoneNumber, applicationVerifier); * // Obtain verificationCode from the user. * const authCredential = PhoneAuthProvider.credential(verificationId, verificationCode); * const userCredential = signInWithCredential(auth, authCredential); * ``` * * @example * An alternative flow is provided using the `signInWithPhoneNumber` method. * ```javascript * const confirmationResult = await signInWithPhoneNumber(auth, phoneNumber, applicationVerifier); * // Obtain verificationCode from the user. * const userCredential = await confirmationResult.confirm(verificationCode); * ``` * * @param verificationId - The verification ID returned from {@link PhoneAuthProvider.verifyPhoneNumber}. * @param verificationCode - The verification code sent to the user's mobile device. * * @returns The auth provider credential. */ static credential(verificationId, verificationCode) { return PhoneAuthCredential._fromVerification(verificationId, verificationCode); } /** * Generates an {@link AuthCredential} from a {@link UserCredential}. * @param userCredential - The user credential. */ static credentialFromResult(userCredential) { const credential = userCredential; return _PhoneAuthProvider.credentialFromTaggedObject(credential); } /** * Returns an {@link AuthCredential} when passed an error. * * @remarks * * This method works for errors like * `auth/account-exists-with-different-credentials`. This is useful for * recovering when attempting to set a user's phone number but the number * in question is already tied to another account. For example, the following * code tries to update the current user's phone number, and if that * fails, links the user with the account associated with that number: * * ```js * const provider = new PhoneAuthProvider(auth); * const verificationId = await provider.verifyPhoneNumber(number, verifier); * try { * const code = ''; // Prompt the user for the verification code * await updatePhoneNumber( * auth.currentUser, * PhoneAuthProvider.credential(verificationId, code)); * } catch (e) { * if ((e as FirebaseError)?.code === 'auth/account-exists-with-different-credential') { * const cred = PhoneAuthProvider.credentialFromError(e); * await linkWithCredential(auth.currentUser, cred); * } * } * * // At this point, auth.currentUser.phoneNumber === number. * ``` * * @param error - The error to generate a credential from. */ static credentialFromError(error) { return _PhoneAuthProvider.credentialFromTaggedObject(error.customData || {}); } static credentialFromTaggedObject({ _tokenResponse: tokenResponse }) { if (!tokenResponse) { return null; } const { phoneNumber, temporaryProof } = tokenResponse; if (phoneNumber && temporaryProof) { return PhoneAuthCredential._fromTokenResponse(phoneNumber, temporaryProof); } return null; } }; PhoneAuthProvider.PROVIDER_ID = "phone"; PhoneAuthProvider.PHONE_SIGN_IN_METHOD = "phone"; function _withDefaultResolver(auth, resolverOverride) { if (resolverOverride) { return _getInstance(resolverOverride); } _assert( auth._popupRedirectResolver, auth, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */ ); return auth._popupRedirectResolver; } var IdpCredential = class extends AuthCredential { constructor(params) { super( "custom", "custom" /* ProviderId.CUSTOM */ ); this.params = params; } _getIdTokenResponse(auth) { return signInWithIdp(auth, this._buildIdpRequest()); } _linkToIdToken(auth, idToken) { return signInWithIdp(auth, this._buildIdpRequest(idToken)); } _getReauthenticationResolver(auth) { return signInWithIdp(auth, this._buildIdpRequest()); } _buildIdpRequest(idToken) { const request = { requestUri: this.params.requestUri, sessionId: this.params.sessionId, postBody: this.params.postBody, tenantId: this.params.tenantId, pendingToken: this.params.pendingToken, returnSecureToken: true, returnIdpCredential: true }; if (idToken) { request.idToken = idToken; } return request; } }; function _signIn(params) { return _signInWithCredential(params.auth, new IdpCredential(params), params.bypassAuthState); } function _reauth(params) { const { auth, user } = params; _assert( user, auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */ ); return _reauthenticate(user, new IdpCredential(params), params.bypassAuthState); } async function _link(params) { const { auth, user } = params; _assert( user, auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */ ); return _link$1(user, new IdpCredential(params), params.bypassAuthState); } var AbstractPopupRedirectOperation = class { constructor(auth, filter, resolver, user, bypassAuthState = false) { this.auth = auth; this.resolver = resolver; this.user = user; this.bypassAuthState = bypassAuthState; this.pendingPromise = null; this.eventManager = null; this.filter = Array.isArray(filter) ? filter : [filter]; } execute() { return new Promise(async (resolve, reject) => { this.pendingPromise = { resolve, reject }; try { this.eventManager = await this.resolver._initialize(this.auth); await this.onExecution(); this.eventManager.registerConsumer(this); } catch (e) { this.reject(e); } }); } async onAuthEvent(event) { const { urlResponse, sessionId, postBody, tenantId, error, type } = event; if (error) { this.reject(error); return; } const params = { auth: this.auth, requestUri: urlResponse, sessionId, tenantId: tenantId || void 0, postBody: postBody || void 0, user: this.user, bypassAuthState: this.bypassAuthState }; try { this.resolve(await this.getIdpTask(type)(params)); } catch (e) { this.reject(e); } } onError(error) { this.reject(error); } getIdpTask(type) { switch (type) { case "signInViaPopup": case "signInViaRedirect": return _signIn; case "linkViaPopup": case "linkViaRedirect": return _link; case "reauthViaPopup": case "reauthViaRedirect": return _reauth; default: _fail( this.auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */ ); } } resolve(cred) { debugAssert(this.pendingPromise, "Pending promise was never set"); this.pendingPromise.resolve(cred); this.unregisterAndCleanUp(); } reject(error) { debugAssert(this.pendingPromise, "Pending promise was never set"); this.pendingPromise.reject(error); this.unregisterAndCleanUp(); } unregisterAndCleanUp() { if (this.eventManager) { this.eventManager.unregisterConsumer(this); } this.pendingPromise = null; this.cleanUp(); } }; var _POLL_WINDOW_CLOSE_TIMEOUT = new Delay(2e3, 1e4); async function signInWithPopup(auth, provider, resolver) { if (_isFirebaseServerApp(auth.app)) { return Promise.reject(_createError( auth, "operation-not-supported-in-this-environment" /* AuthErrorCode.OPERATION_NOT_SUPPORTED */ )); } const authInternal = _castAuth(auth); _assertInstanceOf(auth, provider, FederatedAuthProvider); const resolverInternal = _withDefaultResolver(authInternal, resolver); const action = new PopupOperation(authInternal, "signInViaPopup", provider, resolverInternal); return action.executeNotNull(); } async function reauthenticateWithPopup(user, provider, resolver) { const userInternal = getModularInstance(user); if (_isFirebaseServerApp(userInternal.auth.app)) { return Promise.reject(_createError( userInternal.auth, "operation-not-supported-in-this-environment" /* AuthErrorCode.OPERATION_NOT_SUPPORTED */ )); } _assertInstanceOf(userInternal.auth, provider, FederatedAuthProvider); const resolverInternal = _withDefaultResolver(userInternal.auth, resolver); const action = new PopupOperation(userInternal.auth, "reauthViaPopup", provider, resolverInternal, userInternal); return action.executeNotNull(); } async function linkWithPopup(user, provider, resolver) { const userInternal = getModularInstance(user); _assertInstanceOf(userInternal.auth, provider, FederatedAuthProvider); const resolverInternal = _withDefaultResolver(userInternal.auth, resolver); const action = new PopupOperation(userInternal.auth, "linkViaPopup", provider, resolverInternal, userInternal); return action.executeNotNull(); } var PopupOperation = class _PopupOperation extends AbstractPopupRedirectOperation { constructor(auth, filter, provider, resolver, user) { super(auth, filter, resolver, user); this.provider = provider; this.authWindow = null; this.pollId = null; if (_PopupOperation.currentPopupAction) { _PopupOperation.currentPopupAction.cancel(); } _PopupOperation.currentPopupAction = this; } async executeNotNull() { const result = await this.execute(); _assert( result, this.auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */ ); return result; } async onExecution() { debugAssert(this.filter.length === 1, "Popup operations only handle one event"); const eventId = _generateEventId(); this.authWindow = await this.resolver._openPopup( this.auth, this.provider, this.filter[0], // There's always one, see constructor eventId ); this.authWindow.associatedEvent = eventId; this.resolver._originValidation(this.auth).catch((e) => { this.reject(e); }); this.resolver._isIframeWebStorageSupported(this.auth, (isSupported) => { if (!isSupported) { this.reject(_createError( this.auth, "web-storage-unsupported" /* AuthErrorCode.WEB_STORAGE_UNSUPPORTED */ )); } }); this.pollUserCancellation(); } get eventId() { return this.authWindow?.associatedEvent || null; } cancel() { this.reject(_createError( this.auth, "cancelled-popup-request" /* AuthErrorCode.EXPIRED_POPUP_REQUEST */ )); } cleanUp() { if (this.authWindow) { this.authWindow.close(); } if (this.pollId) { window.clearTimeout(this.pollId); } this.authWindow = null; this.pollId = null; _PopupOperation.currentPopupAction = null; } pollUserCancellation() { const poll = () => { if (this.authWindow?.window?.closed) { this.pollId = window.setTimeout( () => { this.pollId = null; this.reject(_createError( this.auth, "popup-closed-by-user" /* AuthErrorCode.POPUP_CLOSED_BY_USER */ )); }, 8e3 /* _Timeout.AUTH_EVENT */ ); return; } this.pollId = window.setTimeout(poll, _POLL_WINDOW_CLOSE_TIMEOUT.get()); }; poll(); } }; PopupOperation.currentPopupAction = null; var PENDING_REDIRECT_KEY = "pendingRedirect"; var redirectOutcomeMap = /* @__PURE__ */ new Map(); var RedirectAction = class extends AbstractPopupRedirectOperation { constructor(auth, resolver, bypassAuthState = false) { super(auth, [ "signInViaRedirect", "linkViaRedirect", "reauthViaRedirect", "unknown" /* AuthEventType.UNKNOWN */ ], resolver, void 0, bypassAuthState); this.eventId = null; } /** * Override the execute function; if we already have a redirect result, then * just return it. */ async execute() { let readyOutcome = redirectOutcomeMap.get(this.auth._key()); if (!readyOutcome) { try { const hasPendingRedirect = await _getAndClearPendingRedirectStatus(this.resolver, this.auth); const result = hasPendingRedirect ? await super.execute() : null; readyOutcome = () => Promise.resolve(result); } catch (e) { readyOutcome = () => Promise.reject(e); } redirectOutcomeMap.set(this.auth._key(), readyOutcome); } if (!this.bypassAuthState) { redirectOutcomeMap.set(this.auth._key(), () => Promise.resolve(null)); } return readyOutcome(); } async onAuthEvent(event) { if (event.type === "signInViaRedirect") { return super.onAuthEvent(event); } else if (event.type === "unknown") { this.resolve(null); return; } if (event.eventId) { const user = await this.auth._redirectUserForId(event.eventId); if (user) { this.user = user; return super.onAuthEvent(event); } else { this.resolve(null); } } } async onExecution() { } cleanUp() { } }; async function _getAndClearPendingRedirectStatus(resolver, auth) { const key = pendingRedirectKey(auth); const persistence = resolverPersistence(resolver); if (!await persistence._isAvailable()) { return false; } const hasPendingRedirect = await persistence._get(key) === "true"; await persistence._remove(key); return hasPendingRedirect; } async function _setPendingRedirectStatus(resolver, auth) { return resolverPersistence(resolver)._set(pendingRedirectKey(auth), "true"); } function _overrideRedirectResult(auth, result) { redirectOutcomeMap.set(auth._key(), result); } function resolverPersistence(resolver) { return _getInstance(resolver._redirectPersistence); } function pendingRedirectKey(auth) { return _persistenceKeyName(PENDING_REDIRECT_KEY, auth.config.apiKey, auth.name); } function signInWithRedirect(auth, provider, resolver) { return _signInWithRedirect(auth, provider, resolver); } async function _signInWithRedirect(auth, provider, resolver) { if (_isFirebaseServerApp(auth.app)) { return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(auth)); } const authInternal = _castAuth(auth); _assertInstanceOf(auth, provider, FederatedAuthProvider); await authInternal._initializationPromise; const resolverInternal = _withDefaultResolver(authInternal, resolver); await _setPendingRedirectStatus(resolverInternal, authInternal); return resolverInternal._openRedirect( authInternal, provider, "signInViaRedirect" /* AuthEventType.SIGN_IN_VIA_REDIRECT */ ); } function reauthenticateWithRedirect(user, provider, resolver) { return _reauthenticateWithRedirect(user, provider, resolver); } async function _reauthenticateWithRedirect(user, provider, resolver) { const userInternal = getModularInstance(user); _assertInstanceOf(userInternal.auth, provider, FederatedAuthProvider); if (_isFirebaseServerApp(userInternal.auth.app)) { return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(userInternal.auth)); } await userInternal.auth._initializationPromise; const resolverInternal = _withDefaultResolver(userInternal.auth, resolver); await _setPendingRedirectStatus(resolverInternal, userInternal.auth); const eventId = await prepareUserForRedirect(userInternal); return resolverInternal._openRedirect(userInternal.auth, provider, "reauthViaRedirect", eventId); } function linkWithRedirect(user, provider, resolver) { return _linkWithRedirect(user, provider, resolver); } async function _linkWithRedirect(user, provider, resolver) { const userInternal = getModularInstance(user); _assertInstanceOf(userInternal.auth, provider, FederatedAuthProvider); await userInternal.auth._initializationPromise; const resolverInternal = _withDefaultResolver(userInternal.auth, resolver); await _assertLinkedStatus(false, userInternal, provider.providerId); await _setPendingRedirectStatus(resolverInternal, userInternal.auth); const eventId = await prepareUserForRedirect(userInternal); return resolverInternal._openRedirect(userInternal.auth, provider, "linkViaRedirect", eventId); } async function getRedirectResult(auth, resolver) { await _castAuth(auth)._initializationPromise; return _getRedirectResult(auth, resolver, false); } async function _getRedirectResult(auth, resolverExtern, bypassAuthState = false) { if (_isFirebaseServerApp(auth.app)) { return Promise.reject(_serverAppCurrentUserOperationNotSupportedError(auth)); } const authInternal = _castAuth(auth); const resolver = _withDefaultResolver(authInternal, resolverExtern); const action = new RedirectAction(authInternal, resolver, bypassAuthState); const result = await action.execute(); if (result && !bypassAuthState) { delete result.user._redirectEventId; await authInternal._persistUserIfCurrent(result.user); await authInternal._setRedirectUser(null, resolverExtern); } return result; } async function prepareUserForRedirect(user) { const eventId = _generateEventId(`${user.uid}:::`); user._redirectEventId = eventId; await user.auth._setRedirectUser(user); await user.auth._persistUserIfCurrent(user); return eventId; } var EVENT_DUPLICATION_CACHE_DURATION_MS = 10 * 60 * 1e3; var AuthEventManager = class { constructor(auth) { this.auth = auth; this.cachedEventUids = /* @__PURE__ */ new Set(); this.consumers = /* @__PURE__ */ new Set(); this.queuedRedirectEvent = null; this.hasHandledPotentialRedirect = false; this.lastProcessedEventTime = Date.now(); } registerConsumer(authEventConsumer) { this.consumers.add(authEventConsumer); if (this.queuedRedirectEvent && this.isEventForConsumer(this.queuedRedirectEvent, authEventConsumer)) { this.sendToConsumer(this.queuedRedirectEvent, authEventConsumer); this.saveEventToCache(this.queuedRedirectEvent); this.queuedRedirectEvent = null; } } unregisterConsumer(authEventConsumer) { this.consumers.delete(authEventConsumer); } onEvent(event) { if (this.hasEventBeenHandled(event)) { return false; } let handled = false; this.consumers.forEach((consumer) => { if (this.isEventForConsumer(event, consumer)) { handled = true; this.sendToConsumer(event, consumer); this.saveEventToCache(event); } }); if (this.hasHandledPotentialRedirect || !isRedirectEvent(event)) { return handled; } this.hasHandledPotentialRedirect = true; if (!handled) { this.queuedRedirectEvent = event; handled = true; } return handled; } sendToConsumer(event, consumer) { if (event.error && !isNullRedirectEvent(event)) { const code = event.error.code?.split("auth/")[1] || "internal-error"; consumer.onError(_createError(this.auth, code)); } else { consumer.onAuthEvent(event); } } isEventForConsumer(event, consumer) { const eventIdMatches = consumer.eventId === null || !!event.eventId && event.eventId === consumer.eventId; return consumer.filter.includes(event.type) && eventIdMatches; } hasEventBeenHandled(event) { if (Date.now() - this.lastProcessedEventTime >= EVENT_DUPLICATION_CACHE_DURATION_MS) { this.cachedEventUids.clear(); } return this.cachedEventUids.has(eventUid(event)); } saveEventToCache(event) { this.cachedEventUids.add(eventUid(event)); this.lastProcessedEventTime = Date.now(); } }; function eventUid(e) { return [e.type, e.eventId, e.sessionId, e.tenantId].filter((v) => v).join("-"); } function isNullRedirectEvent({ type, error }) { return type === "unknown" && error?.code === `auth/${"no-auth-event"}`; } function isRedirectEvent(event) { switch (event.type) { case "signInViaRedirect": case "linkViaRedirect": case "reauthViaRedirect": return true; case "unknown": return isNullRedirectEvent(event); default: return false; } } async function _getProjectConfig(auth, request = {}) { return _performApiRequest(auth, "GET", "/v1/projects", request); } var IP_ADDRESS_REGEX = /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/; var HTTP_REGEX = /^https?/; async function _validateOrigin(auth) { if (auth.config.emulator) { return; } const { authorizedDomains } = await _getProjectConfig(auth); for (const domain of authorizedDomains) { try { if (matchDomain(domain)) { return; } } catch { } } _fail( auth, "unauthorized-domain" /* AuthErrorCode.INVALID_ORIGIN */ ); } function matchDomain(expected) { const currentUrl = _getCurrentUrl(); const { protocol, hostname } = new URL(currentUrl); if (expected.startsWith("chrome-extension://")) { const ceUrl = new URL(expected); if (ceUrl.hostname === "" && hostname === "") { return protocol === "chrome-extension:" && expected.replace("chrome-extension://", "") === currentUrl.replace("chrome-extension://", ""); } return protocol === "chrome-extension:" && ceUrl.hostname === hostname; } if (!HTTP_REGEX.test(protocol)) { return false; } if (IP_ADDRESS_REGEX.test(expected)) { return hostname === expected; } const escapedDomainPattern = expected.replace(/\./g, "\\."); const re = new RegExp("^(.+\\." + escapedDomainPattern + "|" + escapedDomainPattern + ")$", "i"); return re.test(hostname); } var NETWORK_TIMEOUT = new Delay(3e4, 6e4); function resetUnloadedGapiModules() { const beacon = _window().___jsl; if (beacon?.H) { for (const hint of Object.keys(beacon.H)) { beacon.H[hint].r = beacon.H[hint].r || []; beacon.H[hint].L = beacon.H[hint].L || []; beacon.H[hint].r = [...beacon.H[hint].L]; if (beacon.CP) { for (let i = 0; i < beacon.CP.length; i++) { beacon.CP[i] = null; } } } } } function loadGapi(auth) { return new Promise((resolve, reject) => { function loadGapiIframe() { resetUnloadedGapiModules(); gapi.load("gapi.iframes", { callback: () => { resolve(gapi.iframes.getContext()); }, ontimeout: () => { resetUnloadedGapiModules(); reject(_createError( auth, "network-request-failed" /* AuthErrorCode.NETWORK_REQUEST_FAILED */ )); }, timeout: NETWORK_TIMEOUT.get() }); } if (_window().gapi?.iframes?.Iframe) { resolve(gapi.iframes.getContext()); } else if (!!_window().gapi?.load) { loadGapiIframe(); } else { const cbName = _generateCallbackName("iframefcb"); _window()[cbName] = () => { if (!!gapi.load) { loadGapiIframe(); } else { reject(_createError( auth, "network-request-failed" /* AuthErrorCode.NETWORK_REQUEST_FAILED */ )); } }; return _loadJS(`${_gapiScriptUrl()}?onload=${cbName}`).catch((e) => reject(e)); } }).catch((error) => { cachedGApiLoader = null; throw error; }); } var cachedGApiLoader = null; function _loadGapi(auth) { cachedGApiLoader = cachedGApiLoader || loadGapi(auth); return cachedGApiLoader; } var PING_TIMEOUT = new Delay(5e3, 15e3); var IFRAME_PATH = "__/auth/iframe"; var EMULATED_IFRAME_PATH = "emulator/auth/iframe"; var IFRAME_ATTRIBUTES = { style: { position: "absolute", top: "-100px", width: "1px", height: "1px" }, "aria-hidden": "true", tabindex: "-1" }; var EID_FROM_APIHOST = /* @__PURE__ */ new Map([ ["identitytoolkit.googleapis.com", "p"], // production ["staging-identitytoolkit.sandbox.googleapis.com", "s"], // staging ["test-identitytoolkit.sandbox.googleapis.com", "t"] // test ]); function getIframeUrl(auth) { const config = auth.config; _assert( config.authDomain, auth, "auth-domain-config-required" /* AuthErrorCode.MISSING_AUTH_DOMAIN */ ); const url = config.emulator ? _emulatorUrl(config, EMULATED_IFRAME_PATH) : `https://${auth.config.authDomain}/${IFRAME_PATH}`; const params = { apiKey: config.apiKey, appName: auth.name, v: SDK_VERSION }; const eid = EID_FROM_APIHOST.get(auth.config.apiHost); if (eid) { params.eid = eid; } const frameworks = auth._getFrameworks(); if (frameworks.length) { params.fw = frameworks.join(","); } return `${url}?${querystring(params).slice(1)}`; } async function _openIframe(auth) { const context = await _loadGapi(auth); const gapi2 = _window().gapi; _assert( gapi2, auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */ ); return context.open({ where: document.body, url: getIframeUrl(auth), messageHandlersFilter: gapi2.iframes.CROSS_ORIGIN_IFRAMES_FILTER, attributes: IFRAME_ATTRIBUTES, dontclear: true }, (iframe) => new Promise(async (resolve, reject) => { await iframe.restyle({ // Prevent iframe from closing on mouse out. setHideOnLeave: false }); const networkError = _createError( auth, "network-request-failed" /* AuthErrorCode.NETWORK_REQUEST_FAILED */ ); const networkErrorTimer = _window().setTimeout(() => { reject(networkError); }, PING_TIMEOUT.get()); function clearTimerAndResolve() { _window().clearTimeout(networkErrorTimer); resolve(iframe); } iframe.ping(clearTimerAndResolve).then(clearTimerAndResolve, () => { reject(networkError); }); })); } var BASE_POPUP_OPTIONS = { location: "yes", resizable: "yes", statusbar: "yes", toolbar: "no" }; var DEFAULT_WIDTH = 500; var DEFAULT_HEIGHT = 600; var TARGET_BLANK = "_blank"; var FIREFOX_EMPTY_URL = "http://localhost"; var AuthPopup = class { constructor(window2) { this.window = window2; this.associatedEvent = null; } close() { if (this.window) { try { this.window.close(); } catch (e) { } } } }; function _open(auth, url, name2, width = DEFAULT_WIDTH, height = DEFAULT_HEIGHT) { const top = Math.max((window.screen.availHeight - height) / 2, 0).toString(); const left = Math.max((window.screen.availWidth - width) / 2, 0).toString(); let target = ""; const options = { ...BASE_POPUP_OPTIONS, width: width.toString(), height: height.toString(), top, left }; const ua = getUA().toLowerCase(); if (name2) { target = _isChromeIOS(ua) ? TARGET_BLANK : name2; } if (_isFirefox(ua)) { url = url || FIREFOX_EMPTY_URL; options.scrollbars = "yes"; } const optionsString = Object.entries(options).reduce((accum, [key, value]) => `${accum}${key}=${value},`, ""); if (_isIOSStandalone(ua) && target !== "_self") { openAsNewWindowIOS(url || "", target); return new AuthPopup(null); } const newWin = window.open(url || "", target, optionsString); _assert( newWin, auth, "popup-blocked" /* AuthErrorCode.POPUP_BLOCKED */ ); try { newWin.focus(); } catch (e) { } return new AuthPopup(newWin); } function openAsNewWindowIOS(url, target) { const el = document.createElement("a"); el.href = url; el.target = target; const click = document.createEvent("MouseEvent"); click.initMouseEvent("click", true, true, window, 1, 0, 0, 0, 0, false, false, false, false, 1, null); el.dispatchEvent(click); } var WIDGET_PATH = "__/auth/handler"; var EMULATOR_WIDGET_PATH = "emulator/auth/handler"; var FIREBASE_APP_CHECK_FRAGMENT_ID = encodeURIComponent("fac"); async function _getRedirectUrl(auth, provider, authType, redirectUrl, eventId, additionalParams) { _assert( auth.config.authDomain, auth, "auth-domain-config-required" /* AuthErrorCode.MISSING_AUTH_DOMAIN */ ); _assert( auth.config.apiKey, auth, "invalid-api-key" /* AuthErrorCode.INVALID_API_KEY */ ); const params = { apiKey: auth.config.apiKey, appName: auth.name, authType, redirectUrl, v: SDK_VERSION, eventId }; if (provider instanceof FederatedAuthProvider) { provider.setDefaultLanguage(auth.languageCode); params.providerId = provider.providerId || ""; if (!isEmpty(provider.getCustomParameters())) { params.customParameters = JSON.stringify(provider.getCustomParameters()); } for (const [key, value] of Object.entries(additionalParams || {})) { params[key] = value; } } if (provider instanceof BaseOAuthProvider) { const scopes = provider.getScopes().filter((scope) => scope !== ""); if (scopes.length > 0) { params.scopes = scopes.join(","); } } if (auth.tenantId) { params.tid = auth.tenantId; } const paramsDict = params; for (const key of Object.keys(paramsDict)) { if (paramsDict[key] === void 0) { delete paramsDict[key]; } } const appCheckToken = await auth._getAppCheckToken(); const appCheckTokenFragment = appCheckToken ? `#${FIREBASE_APP_CHECK_FRAGMENT_ID}=${encodeURIComponent(appCheckToken)}` : ""; return `${getHandlerBase(auth)}?${querystring(paramsDict).slice(1)}${appCheckTokenFragment}`; } function getHandlerBase({ config }) { if (!config.emulator) { return `https://${config.authDomain}/${WIDGET_PATH}`; } return _emulatorUrl(config, EMULATOR_WIDGET_PATH); } var WEB_STORAGE_SUPPORT_KEY = "webStorageSupport"; var BrowserPopupRedirectResolver = class { constructor() { this.eventManagers = {}; this.iframes = {}; this.originValidationPromises = {}; this._redirectPersistence = browserSessionPersistence; this._completeRedirectFn = _getRedirectResult; this._overrideRedirectResult = _overrideRedirectResult; } // Wrapping in async even though we don't await anywhere in order // to make sure errors are raised as promise rejections async _openPopup(auth, provider, authType, eventId) { debugAssert(this.eventManagers[auth._key()]?.manager, "_initialize() not called before _openPopup()"); const url = await _getRedirectUrl(auth, provider, authType, _getCurrentUrl(), eventId); return _open(auth, url, _generateEventId()); } async _openRedirect(auth, provider, authType, eventId) { await this._originValidation(auth); const url = await _getRedirectUrl(auth, provider, authType, _getCurrentUrl(), eventId); _setWindowLocation(url); return new Promise(() => { }); } _initialize(auth) { const key = auth._key(); if (this.eventManagers[key]) { const { manager, promise: promise2 } = this.eventManagers[key]; if (manager) { return Promise.resolve(manager); } else { debugAssert(promise2, "If manager is not set, promise should be"); return promise2; } } const promise = this.initAndGetManager(auth); this.eventManagers[key] = { promise }; promise.catch(() => { delete this.eventManagers[key]; }); return promise; } async initAndGetManager(auth) { const iframe = await _openIframe(auth); const manager = new AuthEventManager(auth); iframe.register("authEvent", (iframeEvent) => { _assert( iframeEvent?.authEvent, auth, "invalid-auth-event" /* AuthErrorCode.INVALID_AUTH_EVENT */ ); const handled = manager.onEvent(iframeEvent.authEvent); return { status: handled ? "ACK" : "ERROR" /* GapiOutcome.ERROR */ }; }, gapi.iframes.CROSS_ORIGIN_IFRAMES_FILTER); this.eventManagers[auth._key()] = { manager }; this.iframes[auth._key()] = iframe; return manager; } _isIframeWebStorageSupported(auth, cb) { const iframe = this.iframes[auth._key()]; iframe.send(WEB_STORAGE_SUPPORT_KEY, { type: WEB_STORAGE_SUPPORT_KEY }, (result) => { const isSupported = result?.[0]?.[WEB_STORAGE_SUPPORT_KEY]; if (isSupported !== void 0) { cb(!!isSupported); } _fail( auth, "internal-error" /* AuthErrorCode.INTERNAL_ERROR */ ); }, gapi.iframes.CROSS_ORIGIN_IFRAMES_FILTER); } _originValidation(auth) { const key = auth._key(); if (!this.originValidationPromises[key]) { this.originValidationPromises[key] = _validateOrigin(auth); } return this.originValidationPromises[key]; } get _shouldInitProactively() { return _isMobileBrowser() || _isSafari() || _isIOS(); } }; var browserPopupRedirectResolver = BrowserPopupRedirectResolver; var MultiFactorAssertionImpl = class { constructor(factorId) { this.factorId = factorId; } _process(auth, session, displayName) { switch (session.type) { case "enroll": return this._finalizeEnroll(auth, session.credential, displayName); case "signin": return this._finalizeSignIn(auth, session.credential); default: return debugFail("unexpected MultiFactorSessionType"); } } }; var PhoneMultiFactorAssertionImpl = class _PhoneMultiFactorAssertionImpl extends MultiFactorAssertionImpl { constructor(credential) { super( "phone" /* FactorId.PHONE */ ); this.credential = credential; } /** @internal */ static _fromCredential(credential) { return new _PhoneMultiFactorAssertionImpl(credential); } /** @internal */ _finalizeEnroll(auth, idToken, displayName) { return finalizeEnrollPhoneMfa(auth, { idToken, displayName, phoneVerificationInfo: this.credential._makeVerificationRequest() }); } /** @internal */ _finalizeSignIn(auth, mfaPendingCredential) { return finalizeSignInPhoneMfa(auth, { mfaPendingCredential, phoneVerificationInfo: this.credential._makeVerificationRequest() }); } }; var PhoneMultiFactorGenerator = class { constructor() { } /** * Provides a {@link PhoneMultiFactorAssertion} to confirm ownership of the phone second factor. * * @remarks * This method does not work in a Node.js environment. * * @param phoneAuthCredential - A credential provided by {@link PhoneAuthProvider.credential}. * @returns A {@link PhoneMultiFactorAssertion} which can be used with * {@link MultiFactorResolver.resolveSignIn} */ static assertion(credential) { return PhoneMultiFactorAssertionImpl._fromCredential(credential); } }; PhoneMultiFactorGenerator.FACTOR_ID = "phone"; var TotpMultiFactorGenerator = class { /** * Provides a {@link TotpMultiFactorAssertion} to confirm ownership of * the TOTP (time-based one-time password) second factor. * This assertion is used to complete enrollment in TOTP second factor. * * @param secret A {@link TotpSecret} containing the shared secret key and other TOTP parameters. * @param oneTimePassword One-time password from TOTP App. * @returns A {@link TotpMultiFactorAssertion} which can be used with * {@link MultiFactorUser.enroll}. */ static assertionForEnrollment(secret, oneTimePassword) { return TotpMultiFactorAssertionImpl._fromSecret(secret, oneTimePassword); } /** * Provides a {@link TotpMultiFactorAssertion} to confirm ownership of the TOTP second factor. * This assertion is used to complete signIn with TOTP as the second factor. * * @param enrollmentId identifies the enrolled TOTP second factor. * @param oneTimePassword One-time password from TOTP App. * @returns A {@link TotpMultiFactorAssertion} which can be used with * {@link MultiFactorResolver.resolveSignIn}. */ static assertionForSignIn(enrollmentId, oneTimePassword) { return TotpMultiFactorAssertionImpl._fromEnrollmentId(enrollmentId, oneTimePassword); } /** * Returns a promise to {@link TotpSecret} which contains the TOTP shared secret key and other parameters. * Creates a TOTP secret as part of enrolling a TOTP second factor. * Used for generating a QR code URL or inputting into a TOTP app. * This method uses the auth instance corresponding to the user in the multiFactorSession. * * @param session The {@link MultiFactorSession} that the user is part of. * @returns A promise to {@link TotpSecret}. */ static async generateSecret(session) { const mfaSession = session; _assert( typeof mfaSession.user?.auth !== "undefined", "internal-error" /* AuthErrorCode.INTERNAL_ERROR */ ); const response = await startEnrollTotpMfa(mfaSession.user.auth, { idToken: mfaSession.credential, totpEnrollmentInfo: {} }); return TotpSecret._fromStartTotpMfaEnrollmentResponse(response, mfaSession.user.auth); } }; TotpMultiFactorGenerator.FACTOR_ID = "totp"; var TotpMultiFactorAssertionImpl = class _TotpMultiFactorAssertionImpl extends MultiFactorAssertionImpl { constructor(otp, enrollmentId, secret) { super( "totp" /* FactorId.TOTP */ ); this.otp = otp; this.enrollmentId = enrollmentId; this.secret = secret; } /** @internal */ static _fromSecret(secret, otp) { return new _TotpMultiFactorAssertionImpl(otp, void 0, secret); } /** @internal */ static _fromEnrollmentId(enrollmentId, otp) { return new _TotpMultiFactorAssertionImpl(otp, enrollmentId); } /** @internal */ async _finalizeEnroll(auth, idToken, displayName) { _assert( typeof this.secret !== "undefined", auth, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */ ); return finalizeEnrollTotpMfa(auth, { idToken, displayName, totpVerificationInfo: this.secret._makeTotpVerificationInfo(this.otp) }); } /** @internal */ async _finalizeSignIn(auth, mfaPendingCredential) { _assert( this.enrollmentId !== void 0 && this.otp !== void 0, auth, "argument-error" /* AuthErrorCode.ARGUMENT_ERROR */ ); const totpVerificationInfo = { verificationCode: this.otp }; return finalizeSignInTotpMfa(auth, { mfaPendingCredential, mfaEnrollmentId: this.enrollmentId, totpVerificationInfo }); } }; var TotpSecret = class _TotpSecret { // The public members are declared outside the constructor so the docs can be generated. constructor(secretKey, hashingAlgorithm, codeLength, codeIntervalSeconds, enrollmentCompletionDeadline, sessionInfo, auth) { this.sessionInfo = sessionInfo; this.auth = auth; this.secretKey = secretKey; this.hashingAlgorithm = hashingAlgorithm; this.codeLength = codeLength; this.codeIntervalSeconds = codeIntervalSeconds; this.enrollmentCompletionDeadline = enrollmentCompletionDeadline; } /** @internal */ static _fromStartTotpMfaEnrollmentResponse(response, auth) { return new _TotpSecret(response.totpSessionInfo.sharedSecretKey, response.totpSessionInfo.hashingAlgorithm, response.totpSessionInfo.verificationCodeLength, response.totpSessionInfo.periodSec, new Date(response.totpSessionInfo.finalizeEnrollmentTime).toUTCString(), response.totpSessionInfo.sessionInfo, auth); } /** @internal */ _makeTotpVerificationInfo(otp) { return { sessionInfo: this.sessionInfo, verificationCode: otp }; } /** * Returns a QR code URL as described in * https://github.com/google/google-authenticator/wiki/Key-Uri-Format * This can be displayed to the user as a QR code to be scanned into a TOTP app like Google Authenticator. * If the optional parameters are unspecified, an accountName of <userEmail> and issuer of <firebaseAppName> are used. * * @param accountName the name of the account/app along with a user identifier. * @param issuer issuer of the TOTP (likely the app name). * @returns A QR code URL string. */ generateQrCodeUrl(accountName, issuer) { let useDefaults = false; if (_isEmptyString(accountName) || _isEmptyString(issuer)) { useDefaults = true; } if (useDefaults) { if (_isEmptyString(accountName)) { accountName = this.auth.currentUser?.email || "unknownuser"; } if (_isEmptyString(issuer)) { issuer = this.auth.name; } } return `otpauth://totp/${issuer}:${accountName}?secret=${this.secretKey}&issuer=${issuer}&algorithm=${this.hashingAlgorithm}&digits=${this.codeLength}`; } }; function _isEmptyString(input) { return typeof input === "undefined" || input?.length === 0; } var name = "@firebase/auth"; var version = "1.12.1"; var AuthInterop = class { constructor(auth) { this.auth = auth; this.internalListeners = /* @__PURE__ */ new Map(); } getUid() { this.assertAuthConfigured(); return this.auth.currentUser?.uid || null; } async getToken(forceRefresh) { this.assertAuthConfigured(); await this.auth._initializationPromise; if (!this.auth.currentUser) { return null; } const accessToken = await this.auth.currentUser.getIdToken(forceRefresh); return { accessToken }; } addAuthTokenListener(listener) { this.assertAuthConfigured(); if (this.internalListeners.has(listener)) { return; } const unsubscribe = this.auth.onIdTokenChanged((user) => { listener(user?.stsTokenManager.accessToken || null); }); this.internalListeners.set(listener, unsubscribe); this.updateProactiveRefresh(); } removeAuthTokenListener(listener) { this.assertAuthConfigured(); const unsubscribe = this.internalListeners.get(listener); if (!unsubscribe) { return; } this.internalListeners.delete(listener); unsubscribe(); this.updateProactiveRefresh(); } assertAuthConfigured() { _assert( this.auth._initializationPromise, "dependent-sdk-initialized-before-auth" /* AuthErrorCode.DEPENDENT_SDK_INIT_BEFORE_AUTH */ ); } updateProactiveRefresh() { if (this.internalListeners.size > 0) { this.auth._startProactiveRefresh(); } else { this.auth._stopProactiveRefresh(); } } }; function getVersionForPlatform(clientPlatform) { switch (clientPlatform) { case "Node": return "node"; case "ReactNative": return "rn"; case "Worker": return "webworker"; case "Cordova": return "cordova"; case "WebExtension": return "web-extension"; default: return void 0; } } function registerAuth(clientPlatform) { _registerComponent(new Component( "auth", (container, { options: deps }) => { const app = container.getProvider("app").getImmediate(); const heartbeatServiceProvider = container.getProvider("heartbeat"); const appCheckServiceProvider = container.getProvider("app-check-internal"); const { apiKey, authDomain } = app.options; _assert(apiKey && !apiKey.includes(":"), "invalid-api-key", { appName: app.name }); const config = { apiKey, authDomain, clientPlatform, apiHost: "identitytoolkit.googleapis.com", tokenApiHost: "securetoken.googleapis.com", apiScheme: "https", sdkClientVersion: _getClientVersion(clientPlatform) }; const authInstance = new AuthImpl(app, heartbeatServiceProvider, appCheckServiceProvider, config); _initializeAuthInstance(authInstance, deps); return authInstance; }, "PUBLIC" /* ComponentType.PUBLIC */ ).setInstantiationMode( "EXPLICIT" /* InstantiationMode.EXPLICIT */ ).setInstanceCreatedCallback((container, _instanceIdentifier, _instance) => { const authInternalProvider = container.getProvider( "auth-internal" /* _ComponentName.AUTH_INTERNAL */ ); authInternalProvider.initialize(); })); _registerComponent(new Component( "auth-internal", (container) => { const auth = _castAuth(container.getProvider( "auth" /* _ComponentName.AUTH */ ).getImmediate()); return ((auth2) => new AuthInterop(auth2))(auth); }, "PRIVATE" /* ComponentType.PRIVATE */ ).setInstantiationMode( "EXPLICIT" /* InstantiationMode.EXPLICIT */ )); registerVersion(name, version, getVersionForPlatform(clientPlatform)); registerVersion(name, version, "esm2020"); } var DEFAULT_ID_TOKEN_MAX_AGE = 5 * 60; var authIdTokenMaxAge = getExperimentalSetting("authIdTokenMaxAge") || DEFAULT_ID_TOKEN_MAX_AGE; var lastPostedIdToken = null; var mintCookieFactory = (url) => async (user) => { const idTokenResult = user && await user.getIdTokenResult(); const idTokenAge = idTokenResult && ((/* @__PURE__ */ new Date()).getTime() - Date.parse(idTokenResult.issuedAtTime)) / 1e3; if (idTokenAge && idTokenAge > authIdTokenMaxAge) { return; } const idToken = idTokenResult?.token; if (lastPostedIdToken === idToken) { return; } lastPostedIdToken = idToken; await fetch(url, { method: idToken ? "POST" : "DELETE", headers: idToken ? { "Authorization": `Bearer ${idToken}` } : {} }); }; function getAuth(app = getApp()) { const provider = _getProvider(app, "auth"); if (provider.isInitialized()) { return provider.getImmediate(); } const auth = initializeAuth(app, { popupRedirectResolver: browserPopupRedirectResolver, persistence: [ indexedDBLocalPersistence, browserLocalPersistence, browserSessionPersistence ] }); const authTokenSyncPath = getExperimentalSetting("authTokenSyncURL"); if (authTokenSyncPath && typeof isSecureContext === "boolean" && isSecureContext) { const authTokenSyncUrl = new URL(authTokenSyncPath, location.origin); if (location.origin === authTokenSyncUrl.origin) { const mintCookie = mintCookieFactory(authTokenSyncUrl.toString()); beforeAuthStateChanged(auth, mintCookie, () => mintCookie(auth.currentUser)); onIdTokenChanged(auth, (user) => mintCookie(user)); } } const authEmulatorHost = getDefaultEmulatorHost("auth"); if (authEmulatorHost) { connectAuthEmulator(auth, `http://${authEmulatorHost}`); } return auth; } function getScriptParentElement() { return document.getElementsByTagName("head")?.[0] ?? document; } _setExternalJSProvider({ loadJS(url) { return new Promise((resolve, reject) => { const el = document.createElement("script"); el.setAttribute("src", url); el.onload = resolve; el.onerror = (e) => { const error = _createError( "internal-error" /* AuthErrorCode.INTERNAL_ERROR */ ); error.customData = e; reject(error); }; el.type = "text/javascript"; el.charset = "UTF-8"; getScriptParentElement().appendChild(el); }); }, gapiScript: "https://apis.google.com/js/api.js", recaptchaV2Script: "https://www.google.com/recaptcha/api.js", recaptchaEnterpriseScript: "https://www.google.com/recaptcha/enterprise.js?render=" }); registerAuth( "Browser" /* ClientPlatform.BROWSER */ ); export { ActionCodeOperation, ActionCodeURL, AuthCredential, AUTH_ERROR_CODES_MAP_DO_NOT_USE_INTERNALLY as AuthErrorCodes, EmailAuthCredential, EmailAuthProvider, FacebookAuthProvider, FactorId, GithubAuthProvider, GoogleAuthProvider, OAuthCredential, OAuthProvider, OperationType, PhoneAuthCredential, PhoneAuthProvider, PhoneMultiFactorGenerator, ProviderId, RecaptchaVerifier, SAMLAuthProvider, SignInMethod, TotpMultiFactorGenerator, TotpSecret, TwitterAuthProvider, applyActionCode, beforeAuthStateChanged, browserCookiePersistence, browserLocalPersistence, browserPopupRedirectResolver, browserSessionPersistence, checkActionCode, confirmPasswordReset, connectAuthEmulator, createUserWithEmailAndPassword, debugErrorMap, deleteUser, fetchSignInMethodsForEmail, getAdditionalUserInfo, getAuth, getIdToken, getIdTokenResult, getMultiFactorResolver, getRedirectResult, inMemoryPersistence, indexedDBLocalPersistence, initializeAuth, initializeRecaptchaConfig, isSignInWithEmailLink, linkWithCredential, linkWithPhoneNumber, linkWithPopup, linkWithRedirect, multiFactor, onAuthStateChanged, onIdTokenChanged, parseActionCodeURL, prodErrorMap, reauthenticateWithCredential, reauthenticateWithPhoneNumber, reauthenticateWithPopup, reauthenticateWithRedirect, reload, revokeAccessToken, sendEmailVerification, sendPasswordResetEmail, sendSignInLinkToEmail, setPersistence, signInAnonymously, signInWithCredential, signInWithCustomToken, signInWithEmailAndPassword, signInWithEmailLink, signInWithPhoneNumber, signInWithPopup, signInWithRedirect, signOut, unlink, updateCurrentUser, updateEmail, updatePassword, updatePhoneNumber, updateProfile, useDeviceLanguage, validatePassword, verifyBeforeUpdateEmail, verifyPasswordResetCode }; //# sourceMappingURL=firebase_auth.js.map
geri dön