initial commit

server/node_modules/firebase-admin/lib/auth/tenant-manager.js

@@ -0,0 +1,230 @@
+/*! firebase-admin v13.5.0 */
+"use strict";
+/*!
+ * Copyright 2019 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TenantManager = exports.TenantAwareAuth = void 0;
+const validator = require("../utils/validator");
+const utils = require("../utils/index");
+const error_1 = require("../utils/error");
+const base_auth_1 = require("./base-auth");
+const tenant_1 = require("./tenant");
+const auth_api_request_1 = require("./auth-api-request");
+/**
+ * Tenant-aware `Auth` interface used for managing users, configuring SAML/OIDC providers,
+ * generating email links for password reset, email verification, etc for specific tenants.
+ *
+ * Multi-tenancy support requires Google Cloud's Identity Platform
+ * (GCIP). To learn more about GCIP, including pricing and features,
+ * see the {@link https://cloud.google.com/identity-platform | GCIP documentation}.
+ *
+ * Each tenant contains its own identity providers, settings and sets of users.
+ * Using `TenantAwareAuth`, users for a specific tenant and corresponding OIDC/SAML
+ * configurations can also be managed, ID tokens for users signed in to a specific tenant
+ * can be verified, and email action links can also be generated for users belonging to the
+ * tenant.
+ *
+ * `TenantAwareAuth` instances for a specific `tenantId` can be instantiated by calling
+ * {@link TenantManager.authForTenant}.
+ */
+class TenantAwareAuth extends base_auth_1.BaseAuth {
+    /**
+     * The TenantAwareAuth class constructor.
+     *
+     * @param app - The app that created this tenant.
+     * @param tenantId - The corresponding tenant ID.
+     * @constructor
+     * @internal
+     */
+    constructor(app, tenantId) {
+        super(app, new auth_api_request_1.TenantAwareAuthRequestHandler(app, tenantId), (0, base_auth_1.createFirebaseTokenGenerator)(app, tenantId));
+        utils.addReadonlyGetter(this, 'tenantId', tenantId);
+    }
+    /**
+     * {@inheritdoc BaseAuth.verifyIdToken}
+     */
+    verifyIdToken(idToken, checkRevoked = false) {
+        return super.verifyIdToken(idToken, checkRevoked)
+            .then((decodedClaims) => {
+            // Validate tenant ID.
+            if (decodedClaims.firebase.tenant !== this.tenantId) {
+                throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.MISMATCHING_TENANT_ID);
+            }
+            return decodedClaims;
+        });
+    }
+    /**
+     * {@inheritdoc BaseAuth.createSessionCookie}
+     */
+    createSessionCookie(idToken, sessionCookieOptions) {
+        // Validate arguments before processing.
+        if (!validator.isNonEmptyString(idToken)) {
+            return Promise.reject(new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_ID_TOKEN));
+        }
+        if (!validator.isNonNullObject(sessionCookieOptions) ||
+            !validator.isNumber(sessionCookieOptions.expiresIn)) {
+            return Promise.reject(new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_SESSION_COOKIE_DURATION));
+        }
+        // This will verify the ID token and then match the tenant ID before creating the session cookie.
+        return this.verifyIdToken(idToken)
+            .then(() => {
+            return super.createSessionCookie(idToken, sessionCookieOptions);
+        });
+    }
+    /**
+     * {@inheritdoc BaseAuth.verifySessionCookie}
+     */
+    verifySessionCookie(sessionCookie, checkRevoked = false) {
+        return super.verifySessionCookie(sessionCookie, checkRevoked)
+            .then((decodedClaims) => {
+            if (decodedClaims.firebase.tenant !== this.tenantId) {
+                throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.MISMATCHING_TENANT_ID);
+            }
+            return decodedClaims;
+        });
+    }
+}
+exports.TenantAwareAuth = TenantAwareAuth;
+/**
+ * Defines the tenant manager used to help manage tenant related operations.
+ * This includes:
+ * <ul>
+ * <li>The ability to create, update, list, get and delete tenants for the underlying
+ *     project.</li>
+ * <li>Getting a `TenantAwareAuth` instance for running Auth related operations
+ *     (user management, provider configuration management, token verification,
+ *     email link generation, etc) in the context of a specified tenant.</li>
+ * </ul>
+ */
+class TenantManager {
+    /**
+     * Initializes a TenantManager instance for a specified FirebaseApp.
+     *
+     * @param app - The app for this TenantManager instance.
+     *
+     * @constructor
+     * @internal
+     */
+    constructor(app) {
+        this.app = app;
+        this.authRequestHandler = new auth_api_request_1.AuthRequestHandler(app);
+        this.tenantsMap = {};
+    }
+    /**
+     * Returns a `TenantAwareAuth` instance bound to the given tenant ID.
+     *
+     * @param tenantId - The tenant ID whose `TenantAwareAuth` instance is to be returned.
+     *
+     * @returns The `TenantAwareAuth` instance corresponding to this tenant identifier.
+     */
+    authForTenant(tenantId) {
+        if (!validator.isNonEmptyString(tenantId)) {
+            throw new error_1.FirebaseAuthError(error_1.AuthClientErrorCode.INVALID_TENANT_ID);
+        }
+        if (typeof this.tenantsMap[tenantId] === 'undefined') {
+            this.tenantsMap[tenantId] = new TenantAwareAuth(this.app, tenantId);
+        }
+        return this.tenantsMap[tenantId];
+    }
+    /**
+     * Gets the tenant configuration for the tenant corresponding to a given `tenantId`.
+     *
+     * @param tenantId - The tenant identifier corresponding to the tenant whose data to fetch.
+     *
+     * @returns A promise fulfilled with the tenant configuration to the provided `tenantId`.
+     */
+    getTenant(tenantId) {
+        return this.authRequestHandler.getTenant(tenantId)
+            .then((response) => {
+            return new tenant_1.Tenant(response);
+        });
+    }
+    /**
+     * Retrieves a list of tenants (single batch only) with a size of `maxResults`
+     * starting from the offset as specified by `pageToken`. This is used to
+     * retrieve all the tenants of a specified project in batches.
+     *
+     * @param maxResults - The page size, 1000 if undefined. This is also
+     *   the maximum allowed limit.
+     * @param pageToken - The next page token. If not specified, returns
+     *   tenants starting without any offset.
+     *
+     * @returns A promise that resolves with
+     *   a batch of downloaded tenants and the next page token.
+     */
+    listTenants(maxResults, pageToken) {
+        return this.authRequestHandler.listTenants(maxResults, pageToken)
+            .then((response) => {
+            // List of tenants to return.
+            const tenants = [];
+            // Convert each user response to a Tenant.
+            response.tenants.forEach((tenantResponse) => {
+                tenants.push(new tenant_1.Tenant(tenantResponse));
+            });
+            // Return list of tenants and the next page token if available.
+            const result = {
+                tenants,
+                pageToken: response.nextPageToken,
+            };
+            // Delete result.pageToken if undefined.
+            if (typeof result.pageToken === 'undefined') {
+                delete result.pageToken;
+            }
+            return result;
+        });
+    }
+    /**
+     * Deletes an existing tenant.
+     *
+     * @param tenantId - The `tenantId` corresponding to the tenant to delete.
+     *
+     * @returns An empty promise fulfilled once the tenant has been deleted.
+     */
+    deleteTenant(tenantId) {
+        return this.authRequestHandler.deleteTenant(tenantId);
+    }
+    /**
+     * Creates a new tenant.
+     * When creating new tenants, tenants that use separate billing and quota will require their
+     * own project and must be defined as `full_service`.
+     *
+     * @param tenantOptions - The properties to set on the new tenant configuration to be created.
+     *
+     * @returns A promise fulfilled with the tenant configuration corresponding to the newly
+     *   created tenant.
+     */
+    createTenant(tenantOptions) {
+        return this.authRequestHandler.createTenant(tenantOptions)
+            .then((response) => {
+            return new tenant_1.Tenant(response);
+        });
+    }
+    /**
+     * Updates an existing tenant configuration.
+     *
+     * @param tenantId - The `tenantId` corresponding to the tenant to delete.
+     * @param tenantOptions - The properties to update on the provided tenant.
+     *
+     * @returns A promise fulfilled with the update tenant data.
+     */
+    updateTenant(tenantId, tenantOptions) {
+        return this.authRequestHandler.updateTenant(tenantId, tenantOptions)
+            .then((response) => {
+            return new tenant_1.Tenant(response);
+        });
+    }
+}
+exports.TenantManager = TenantManager;