Update injectRecaptchaFields to inject recaptcha enterprise fields in…

…to phone API requests (#7786) * Update injectRecaptchaFields to inject recaptcha fields into phone API requests * Fix lint * Rename captchaResp and fakeToken params * Format
firebase · Jun 9, 2024 · 24954c3 · 24954c3
1 parent a90255a
commit 24954c3
Show file tree

Hide file tree

Showing 11 changed files with 391 additions and 51 deletions.
diff --git a/packages/auth/src/api/account_management/mfa.test.ts b/packages/auth/src/api/account_management/mfa.test.ts
@@ -20,7 +20,12 @@ import chaiAsPromised from 'chai-as-promised';
 
 import { FirebaseError } from '@firebase/util';
 
-import { Endpoint, HttpHeader } from '../';
+import {
+ Endpoint,
+ HttpHeader,
+ RecaptchaClientType,
+ RecaptchaVersion
+} from '../';
 import { mockEndpoint } from '../../../test/helpers/api/helper';
 import { testAuth, TestAuth } from '../../../test/helpers/mock_auth';
 import * as mockFetch from '../../../test/helpers/mock_fetch';
@@ -40,7 +45,10 @@ describe('api/account_management/startEnrollPhoneMfa', () => {
  idToken: 'id-token',
  phoneEnrollmentInfo: {
  phoneNumber: 'phone-number',
- recaptchaToken: 'captcha-token'
+ recaptchaToken: 'captcha-token',
+ captchaResponse: 'captcha-response',
+ clientType: RecaptchaClientType.WEB,
+ recaptchaVersion: RecaptchaVersion.ENTERPRISE
  }
  };
 

diff --git a/packages/auth/src/api/account_management/mfa.ts b/packages/auth/src/api/account_management/mfa.ts
@@ -18,6 +18,8 @@
 import {
  Endpoint,
  HttpMethod,
+ RecaptchaClientType,
+ RecaptchaVersion,
  _addTidIfNecessary,
  _performApiRequest
 } from '../index';
@@ -55,7 +57,12 @@ export interface StartPhoneMfaEnrollmentRequest {
  idToken: string;
  phoneEnrollmentInfo: {
  phoneNumber: string;
- recaptchaToken: string;
+ // reCAPTCHA v2 token
+ recaptchaToken?: string;
+ // reCAPTCHA Enterprise token
+ captchaResponse?: string;
+ clientType?: RecaptchaClientType;
+ recaptchaVersion?: RecaptchaVersion;
  };
  tenantId?: string;
 }

diff --git a/packages/auth/src/api/authentication/mfa.test.ts b/packages/auth/src/api/authentication/mfa.test.ts
@@ -20,7 +20,12 @@ import chaiAsPromised from 'chai-as-promised';
 
 import { FirebaseError } from '@firebase/util';
 
-import { Endpoint, HttpHeader } from '../';
+import {
+ Endpoint,
+ HttpHeader,
+ RecaptchaClientType,
+ RecaptchaVersion
+} from '../';
 import { mockEndpoint } from '../../../test/helpers/api/helper';
 import { testAuth, TestAuth } from '../../../test/helpers/mock_auth';
 import * as mockFetch from '../../../test/helpers/mock_fetch';
@@ -34,7 +39,10 @@ describe('api/authentication/startSignInPhoneMfa', () => {
  mfaPendingCredential: 'my-creds',
  mfaEnrollmentId: 'my-enrollment-id',
  phoneSignInInfo: {
- recaptchaToken: 'catpcha-token'
+ recaptchaToken: 'catpcha-token',
+ captchaResponse: 'captcha-response',
+ clientType: RecaptchaClientType.WEB,
+ recaptchaVersion: RecaptchaVersion.ENTERPRISE
  }
  };
 

diff --git a/packages/auth/src/api/authentication/mfa.ts b/packages/auth/src/api/authentication/mfa.ts
@@ -19,6 +19,8 @@ import {
  _performApiRequest,
  Endpoint,
  HttpMethod,
+ RecaptchaClientType,
+ RecaptchaVersion,
  _addTidIfNecessary
 } from '../index';
 import { Auth } from '../../model/public_types';
@@ -47,7 +49,12 @@ export interface StartPhoneMfaSignInRequest {
  mfaPendingCredential: string;
  mfaEnrollmentId: string;
  phoneSignInInfo: {
- recaptchaToken: string;
+ // reCAPTCHA v2 token
+ recaptchaToken?: string;
+ // reCAPTCHA Enterprise token
+ captchaResponse?: string;
+ clientType?: RecaptchaClientType;
+ recaptchaVersion?: RecaptchaVersion;
  };
  tenantId?: string;
 }

diff --git a/packages/auth/src/api/authentication/sms.test.ts b/packages/auth/src/api/authentication/sms.test.ts
@@ -21,7 +21,12 @@ import chaiAsPromised from 'chai-as-promised';
 import { ProviderId } from '../../model/enums';
 import { FirebaseError } from '@firebase/util';
 
-import { Endpoint, HttpHeader } from '../';
+import {
+ Endpoint,
+ HttpHeader,
+ RecaptchaClientType,
+ RecaptchaVersion
+} from '../';
 import { mockEndpoint } from '../../../test/helpers/api/helper';
 import { testAuth, TestAuth } from '../../../test/helpers/mock_auth';
 import * as mockFetch from '../../../test/helpers/mock_fetch';
@@ -38,7 +43,10 @@ use(chaiAsPromised);
 describe('api/authentication/sendPhoneVerificationCode', () => {
  const request = {
  phoneNumber: '123456789',
- recaptchaToken: 'captchad'
+ recaptchaToken: 'captchad',
+ captchaResponse: 'captcha-response',
+ clientType: RecaptchaClientType.WEB,
+ recaptchaVersion: RecaptchaVersion.ENTERPRISE
  };
 
  let auth: TestAuth;

diff --git a/packages/auth/src/api/authentication/sms.ts b/packages/auth/src/api/authentication/sms.ts
@@ -18,6 +18,8 @@
 import {
  Endpoint,
  HttpMethod,
+ RecaptchaClientType,
+ RecaptchaVersion,
  _addTidIfNecessary,
  _makeTaggedError,
  _performApiRequest,
@@ -30,8 +32,13 @@ import { Auth } from '../../model/public_types';
 
 export interface SendPhoneVerificationCodeRequest {
  phoneNumber: string;
- recaptchaToken: string;
+ // reCAPTCHA v2 token
+ recaptchaToken?: string;
  tenantId?: string;
+ // reCAPTCHA Enterprise token
+ captchaResponse?: string;
+ clientType?: RecaptchaClientType;
+ recaptchaVersion?: RecaptchaVersion;
 }
 
 export interface SendPhoneVerificationCodeResponse {

diff --git a/packages/auth/src/api/index.ts b/packages/auth/src/api/index.ts
@@ -86,7 +86,10 @@ export const enum RecaptchaVersion {
 export const enum RecaptchaActionName {
  SIGN_IN_WITH_PASSWORD = 'signInWithPassword',
  GET_OOB_CODE = 'getOobCode',
- SIGN_UP_PASSWORD = 'signUpPassword'
+ SIGN_UP_PASSWORD = 'signUpPassword',
+ SEND_VERIFICATION_CODE = 'sendVerificationCode',
+ MFA_SMS_ENROLLMENT = 'mfaSmsEnrollment',
+ MFA_SMS_SIGNIN = 'mfaSmsSignin'
 }
 
 export const enum EnforcementState {
@@ -98,7 +101,8 @@ export const enum EnforcementState {
 
 // Providers that have reCAPTCHA Enterprise support.
 export const enum RecaptchaProvider {
- EMAIL_PASSWORD_PROVIDER = 'EMAIL_PASSWORD_PROVIDER'
+ EMAIL_PASSWORD_PROVIDER = 'EMAIL_PASSWORD_PROVIDER',
+ PHONE_PROVIDER = 'PHONE_PROVIDER'
 }
 
 export const DEFAULT_API_TIMEOUT_MS = new Delay(30_000, 60_000);

diff --git a/packages/auth/src/platform_browser/recaptcha/recaptcha.test.ts b/packages/auth/src/platform_browser/recaptcha/recaptcha.test.ts
@@ -29,7 +29,7 @@ import {
 
 import { isV2, isEnterprise, RecaptchaConfig } from './recaptcha';
 import { GetRecaptchaConfigResponse } from '../../api/authentication/recaptcha';
-import { EnforcementState } from '../../api/index';
+import { EnforcementState, RecaptchaProvider } from '../../api/index';
 
 use(chaiAsPromised);
 use(sinonChai);
@@ -39,17 +39,60 @@ describe('platform_browser/recaptcha/recaptcha', () => {
  let recaptchaV2: MockReCaptcha;
  let recaptchaV3: MockGreCAPTCHA;
  let recaptchaEnterprise: MockGreCAPTCHATopLevel;
- let recaptchaConfig: RecaptchaConfig;
 
  const TEST_SITE_KEY = 'test-site-key';
 
  const GET_RECAPTCHA_CONFIG_RESPONSE: GetRecaptchaConfigResponse = {
  recaptchaKey: 'projects/testproj/keys/' + TEST_SITE_KEY,
  recaptchaEnforcementState: [
- { provider: 'EMAIL_PASSWORD_PROVIDER', enforcementState: 'ENFORCE' }
+ {
+ provider: RecaptchaProvider.EMAIL_PASSWORD_PROVIDER,
+ enforcementState: EnforcementState.ENFORCE
+ },
+ {
+ provider: RecaptchaProvider.PHONE_PROVIDER,
+ enforcementState: EnforcementState.AUDIT
+ }
  ]
  };
 
+ const GET_RECAPTCHA_CONFIG_RESPONSE_OFF: GetRecaptchaConfigResponse = {
+ recaptchaKey: 'projects/testproj/keys/' + TEST_SITE_KEY,
+ recaptchaEnforcementState: [
+ {
+ provider: RecaptchaProvider.EMAIL_PASSWORD_PROVIDER,
+ enforcementState: EnforcementState.OFF
+ },
+ {
+ provider: RecaptchaProvider.PHONE_PROVIDER,
+ enforcementState: EnforcementState.OFF
+ }
+ ]
+ };
+
+ const GET_RECAPTCHA_CONFIG_RESPONSE_ENFORCE_AND_OFF: GetRecaptchaConfigResponse =
+ {
+ recaptchaKey: 'projects/testproj/keys/' + TEST_SITE_KEY,
+ recaptchaEnforcementState: [
+ {
+ provider: RecaptchaProvider.EMAIL_PASSWORD_PROVIDER,
+ enforcementState: EnforcementState.ENFORCE
+ },
+ {
+ provider: RecaptchaProvider.PHONE_PROVIDER,
+ enforcementState: EnforcementState.OFF
+ }
+ ]
+ };
+
+ const recaptchaConfig = new RecaptchaConfig(GET_RECAPTCHA_CONFIG_RESPONSE);
+ const recaptchaConfigOff = new RecaptchaConfig(
+ GET_RECAPTCHA_CONFIG_RESPONSE_OFF
+ );
+ const recaptchaConfigEnforceAndOff = new RecaptchaConfig(
+ GET_RECAPTCHA_CONFIG_RESPONSE_ENFORCE_AND_OFF
+ );
+
  context('#verify', () => {
  beforeEach(async () => {
  auth = await testAuth();
@@ -74,30 +117,63 @@ describe('platform_browser/recaptcha/recaptcha', () => {
  });
 
  context('#RecaptchaConfig', () => {
- beforeEach(async () => {
- recaptchaConfig = new RecaptchaConfig(GET_RECAPTCHA_CONFIG_RESPONSE);
- });
-
  it('should construct the recaptcha config from the backend response', () => {
  expect(recaptchaConfig.siteKey).to.eq(TEST_SITE_KEY);
  expect(recaptchaConfig.recaptchaEnforcementState[0]).to.eql({
- provider: 'EMAIL_PASSWORD_PROVIDER',
- enforcementState: 'ENFORCE'
+ provider: RecaptchaProvider.EMAIL_PASSWORD_PROVIDER,
+ enforcementState: EnforcementState.ENFORCE
+ });
+ expect(recaptchaConfig.recaptchaEnforcementState[1]).to.eql({
+ provider: RecaptchaProvider.PHONE_PROVIDER,
+ enforcementState: EnforcementState.AUDIT
+ });
+ expect(recaptchaConfigEnforceAndOff.recaptchaEnforcementState[1]).to.eql({
+ provider: RecaptchaProvider.PHONE_PROVIDER,
+ enforcementState: EnforcementState.OFF
  });
  });
 
  it('#getProviderEnforcementState should return the correct enforcement state of the provider', () => {
  expect(
- recaptchaConfig.getProviderEnforcementState('EMAIL_PASSWORD_PROVIDER')
+ recaptchaConfig.getProviderEnforcementState(
+ RecaptchaProvider.EMAIL_PASSWORD_PROVIDER
+ )
  ).to.eq(EnforcementState.ENFORCE);
+ expect(
+ recaptchaConfig.getProviderEnforcementState(
+ RecaptchaProvider.PHONE_PROVIDER
+ )
+ ).to.eq(EnforcementState.AUDIT);
+ expect(
+ recaptchaConfigEnforceAndOff.getProviderEnforcementState(
+ RecaptchaProvider.PHONE_PROVIDER
+ )
+ ).to.eq(EnforcementState.OFF);
  expect(recaptchaConfig.getProviderEnforcementState('invalid-provider')).to
  .be.null;
  });
 
  it('#isProviderEnabled should return the enablement state of the provider', () => {
- expect(recaptchaConfig.isProviderEnabled('EMAIL_PASSWORD_PROVIDER')).to.be
- .true;
+ expect(
+ recaptchaConfig.isProviderEnabled(
+ RecaptchaProvider.EMAIL_PASSWORD_PROVIDER
+ )
+ ).to.be.true;
+ expect(
+ recaptchaConfig.isProviderEnabled(RecaptchaProvider.PHONE_PROVIDER)
+ ).to.be.true;
+ expect(
+ recaptchaConfigEnforceAndOff.isProviderEnabled(
+ RecaptchaProvider.PHONE_PROVIDER
+ )
+ ).to.be.false;
  expect(recaptchaConfig.isProviderEnabled('invalid-provider')).to.be.false;
  });
+
+ it('#isAnyProviderEnabled should return true if at least one provider is enabled', () => {
+ expect(recaptchaConfig.isAnyProviderEnabled()).to.be.true;
+ expect(recaptchaConfigEnforceAndOff.isAnyProviderEnabled()).to.be.true;
+ expect(recaptchaConfigOff.isAnyProviderEnabled()).to.be.false;
+ });
  });
 });
diff --git a/packages/auth/src/platform_browser/recaptcha/recaptcha.ts b/packages/auth/src/platform_browser/recaptcha/recaptcha.ts
@@ -20,7 +20,11 @@ import {
  GetRecaptchaConfigResponse,
  RecaptchaEnforcementProviderState
 } from '../../api/authentication/recaptcha';
-import { EnforcementState, _parseEnforcementState } from '../../api/index';
+import {
+ EnforcementState,
+ RecaptchaProvider,
+ _parseEnforcementState
+} from '../../api/index';
 
 // reCAPTCHA v2 interface
 export interface Recaptcha {
@@ -135,4 +139,17 @@ export class RecaptchaConfig {
  this.getProviderEnforcementState(providerStr) === EnforcementState.AUDIT
  );
  }
+
+ /**
+ * Returns true if reCAPTCHA Enterprise protection is enabled in at least one provider, otherwise
+ * returns false.
+ *
+ * @returns Whether or not reCAPTCHA Enterprise protection is enabled for at least one provider.
+ */
+ isAnyProviderEnabled(): boolean {
+ return (
+ this.isProviderEnabled(RecaptchaProvider.EMAIL_PASSWORD_PROVIDER) ||
+ this.isProviderEnabled(RecaptchaProvider.PHONE_PROVIDER)
+ );
+ }
 }