Added PasswordResetLink() and EmailSignInLink() APIs (#247)

* Implemented EmailVerificationLink() API

* Implemented PasswordResetLink() and EmailSignInLink() APIs

Author: hiranya911

CHANGELOG.md

@@ -2,6 +2,10 @@
 
 - [added] Implemented `auth.EmailVerificationLink()` function for
   generating email verification action links.
+- [added] Implemented `auth.PasswordResetLink()` function for
+  generating password reset action links.
+- [added] Implemented `auth.EmailSignInLink()` function for generating
+  email sign in action links.
 
 # v3.7.0
 

auth/email_action_links.go

@@ -83,13 +83,37 @@ func (c *userManagementClient) EmailVerificationLinkWithSettings(
 	return c.generateEmailActionLink(ctx, emailVerification, email, settings)
 }
 
+// PasswordResetLink generates the out-of-band email action link for password reset flows for the specified email
+// address.
+func (c *userManagementClient) PasswordResetLink(ctx context.Context, email string) (string, error) {
+	return c.PasswordResetLinkWithSettings(ctx, email, nil)
+}
+
+// PasswordResetLinkWithSettings generates the out-of-band email action link for password reset flows for the
+// specified email address, using the action code settings provided.
+func (c *userManagementClient) PasswordResetLinkWithSettings(
+	ctx context.Context, email string, settings *ActionCodeSettings) (string, error) {
+	return c.generateEmailActionLink(ctx, passwordReset, email, settings)
+}
+
+// EmailSignInLink generates the out-of-band email action link for email link sign-in flows, using the action
+// code settings provided.
+func (c *userManagementClient) EmailSignInLink(
+	ctx context.Context, email string, settings *ActionCodeSettings) (string, error) {
+	return c.generateEmailActionLink(ctx, emailLinkSignIn, email, settings)
+}
+
 func (c *userManagementClient) generateEmailActionLink(
 	ctx context.Context, linkType linkType, email string, settings *ActionCodeSettings) (string, error) {
 
 	if email == "" {
 		return "", errors.New("email must not be empty")
 	}
 
+	if linkType == emailLinkSignIn && settings == nil {
+		return "", errors.New("ActionCodeSettings must not be nil when generating sign-in links")
+	}
+
 	payload := map[string]interface{}{
 		"requestType":   linkType,
 		"email":         email,

auth/email_action_links_test.go

@@ -130,12 +130,94 @@ func TestEmailVerificationLinkWithSettings(t *testing.T) {
 	}
 }
 
-func TestEmailVerificationLinkNoEmail(t *testing.T) {
+func TestPasswordResetLink(t *testing.T) {
+	s := echoServer(testActionLinkResponse, t)
+	defer s.Close()
+
+	link, err := s.Client.PasswordResetLink(context.Background(), testEmail)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if link != testActionLink {
+		t.Errorf("PasswordResetLink() = %q; want = %q", link, testActionLink)
+	}
+
+	want := map[string]interface{}{
+		"requestType":   "PASSWORD_RESET",
+		"email":         testEmail,
+		"returnOobLink": true,
+	}
+	if err := checkActionLinkRequest(want, s); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestPasswordResetLinkWithSettings(t *testing.T) {
+	s := echoServer(testActionLinkResponse, t)
+	defer s.Close()
+
+	link, err := s.Client.PasswordResetLinkWithSettings(context.Background(), testEmail, testActionCodeSettings)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if link != testActionLink {
+		t.Errorf("PasswordResetLinkWithSettings() = %q; want = %q", link, testActionLink)
+	}
+
+	want := map[string]interface{}{
+		"requestType":   "PASSWORD_RESET",
+		"email":         testEmail,
+		"returnOobLink": true,
+	}
+	for k, v := range testActionCodeSettingsMap {
+		want[k] = v
+	}
+	if err := checkActionLinkRequest(want, s); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestEmailSignInLink(t *testing.T) {
+	s := echoServer(testActionLinkResponse, t)
+	defer s.Close()
+
+	link, err := s.Client.EmailSignInLink(context.Background(), testEmail, testActionCodeSettings)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if link != testActionLink {
+		t.Errorf("EmailSignInLink() = %q; want = %q", link, testActionLink)
+	}
+
+	want := map[string]interface{}{
+		"requestType":   "EMAIL_SIGNIN",
+		"email":         testEmail,
+		"returnOobLink": true,
+	}
+	for k, v := range testActionCodeSettingsMap {
+		want[k] = v
+	}
+	if err := checkActionLinkRequest(want, s); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestEmailActionLinkNoEmail(t *testing.T) {
 	client := &Client{}
 	_, err := client.EmailVerificationLink(context.Background(), "")
 	if err == nil {
 		t.Errorf("EmailVerificationLink('') = nil; want error")
 	}
+
+	_, err = client.PasswordResetLink(context.Background(), "")
+	if err == nil {
+		t.Errorf("PasswordResetLink('') = nil; want error")
+	}
+
+	_, err = client.EmailSignInLink(context.Background(), "", testActionCodeSettings)
+	if err == nil {
+		t.Errorf("EmailSignInLink('') = nil; want error")
+	}
 }
 
 func TestEmailVerificationLinkInvalidSettings(t *testing.T) {
@@ -148,6 +230,34 @@ func TestEmailVerificationLinkInvalidSettings(t *testing.T) {
 	}
 }
 
+func TestPasswordResetLinkInvalidSettings(t *testing.T) {
+	client := &Client{}
+	for _, tc := range invalidActionCodeSettings {
+		_, err := client.PasswordResetLinkWithSettings(context.Background(), testEmail, tc.settings)
+		if err == nil || err.Error() != tc.want {
+			t.Errorf("PasswordResetLinkWithSettings(%q) = %v; want = %q", tc.name, err, tc.want)
+		}
+	}
+}
+
+func TestEmailSignInLinkInvalidSettings(t *testing.T) {
+	client := &Client{}
+	for _, tc := range invalidActionCodeSettings {
+		_, err := client.EmailSignInLink(context.Background(), testEmail, tc.settings)
+		if err == nil || err.Error() != tc.want {
+			t.Errorf("EmailSignInLink(%q) = %v; want = %q", tc.name, err, tc.want)
+		}
+	}
+}
+
+func TestEmailSignInLinkNoSettings(t *testing.T) {
+	client := &Client{}
+	_, err := client.EmailSignInLink(context.Background(), testEmail, nil)
+	if err == nil {
+		t.Errorf("EmailSignInLink(nil) = %v; want = error", err)
+	}
+}
+
 func TestEmailVerificationLinkError(t *testing.T) {
 	cases := map[string]func(error) bool{
 		"UNAUTHORIZED_DOMAIN":         IsUnauthorizedContinueURI,

integration/auth/auth_test.go

@@ -42,6 +42,7 @@ const (
 )
 
 var client *auth.Client
+var apiKey string
 
 func TestMain(m *testing.M) {
 	flag.Parse()
@@ -58,6 +59,10 @@ func TestMain(m *testing.M) {
 	if err != nil {
 		log.Fatalln(err)
 	}
+	apiKey, err = internal.APIKey()
+	if err != nil {
+		log.Fatalln(err)
+	}
 
 	seed := time.Now().UTC().UnixNano()
 	log.Printf("Using random seed: %d", seed)
@@ -207,10 +212,6 @@ func signInWithCustomToken(token string) (string, error) {
 		return "", err
 	}
 
-	apiKey, err := internal.APIKey()
-	if err != nil {
-		return "", err
-	}
 	resp, err := postRequest(fmt.Sprintf(verifyCustomTokenURL, apiKey), req)
 	if err != nil {
 		return "", err
@@ -233,10 +234,6 @@ func signInWithPassword(email, password string) (string, error) {
 		return "", err
 	}
 
-	apiKey, err := internal.APIKey()
-	if err != nil {
-		return "", err
-	}
 	resp, err := postRequest(fmt.Sprintf(verifyPasswordURL, apiKey), req)
 	if err != nil {
 		return "", err

integration/auth/user_mgt_test.go

@@ -18,6 +18,7 @@ package auth
 import (
 	"context"
 	"encoding/base64"
+	"encoding/json"
 	"fmt"
 	"math/rand"
 	"net/url"
@@ -31,7 +32,14 @@ import (
 	"google.golang.org/api/iterator"
 )
 
-const continueURL = "http://localhost/?a=1&b=2#c=3"
+const (
+	continueURL        = "http://localhost/?a=1&b=2#c=3"
+	continueURLKey     = "continueUrl"
+	oobCodeKey         = "oobCode"
+	modeKey            = "mode"
+	resetPasswordURL   = "https://www.googleapis.com/identitytoolkit/v3/relyingparty/resetPassword?key=%s"
+	emailLinkSignInURL = "https://www.googleapis.com/identitytoolkit/v3/relyingparty/emailLinkSignin?key=%s"
+)
 
 func TestGetUser(t *testing.T) {
 	want := newUserWithParams(t)
@@ -466,20 +474,133 @@ func TestEmailVerificationLink(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	const (
-		continueURLKey = "continueUrl"
-		modeKey        = "mode"
-		verifyEmail    = "verifyEmail"
-	)
 	query := parsed.Query()
 	if got := query.Get(continueURLKey); got != continueURL {
 		t.Errorf("EmailVerificationLinkWithSettings() %s = %q; want = %q", continueURLKey, got, continueURL)
 	}
+
+	const verifyEmail = "verifyEmail"
 	if got := query.Get(modeKey); got != verifyEmail {
 		t.Errorf("EmailVerificationLinkWithSettings() %s = %q; want = %q", modeKey, got, verifyEmail)
 	}
 }
 
+func TestPasswordResetLink(t *testing.T) {
+	user := newUserWithParams(t)
+	defer deleteUser(user.UID)
+	link, err := client.PasswordResetLinkWithSettings(context.Background(), user.Email, &auth.ActionCodeSettings{
+		URL:             continueURL,
+		HandleCodeInApp: false,
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	parsed, err := url.ParseRequestURI(link)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	query := parsed.Query()
+	if got := query.Get(continueURLKey); got != continueURL {
+		t.Errorf("PasswordResetLinkWithSettings() %s = %q; want = %q", continueURLKey, got, continueURL)
+	}
+
+	oobCode := query.Get(oobCodeKey)
+	if err := resetPassword(user.Email, "password", "newPassword", oobCode); err != nil {
+		t.Fatalf("PasswordResetLinkWithSettings() reset = %v; want = nil", err)
+	}
+
+	// Password reset also verifies the user's email
+	user, err = client.GetUser(context.Background(), user.UID)
+	if err != nil {
+		t.Fatalf("GetUser() = %v; want = nil", err)
+	}
+	if !user.EmailVerified {
+		t.Error("PasswordResetLinkWithSettings() EmailVerified = false; want = true")
+	}
+}
+
+func TestEmailSignInLink(t *testing.T) {
+	user := newUserWithParams(t)
+	defer deleteUser(user.UID)
+	link, err := client.EmailSignInLink(context.Background(), user.Email, &auth.ActionCodeSettings{
+		URL:             continueURL,
+		HandleCodeInApp: false,
+	})
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	parsed, err := url.ParseRequestURI(link)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	query := parsed.Query()
+	if got := query.Get(continueURLKey); got != continueURL {
+		t.Errorf("EmailSignInLink() %s = %q; want = %q", continueURLKey, got, continueURL)
+	}
+
+	oobCode := query.Get(oobCodeKey)
+	idToken, err := signInWithEmailLink(user.Email, oobCode)
+	if err != nil {
+		t.Fatalf("EmailSignInLink() signIn = %v; want = nil", err)
+	}
+	if idToken == "" {
+		t.Errorf("ID Token = empty; want = non-empty")
+	}
+
+	// Signing in with email link also verifies the user's email
+	user, err = client.GetUser(context.Background(), user.UID)
+	if err != nil {
+		t.Fatalf("GetUser() = %v; want = nil", err)
+	}
+	if !user.EmailVerified {
+		t.Error("EmailSignInLink() EmailVerified = false; want = true")
+	}
+}
+
+func resetPassword(email, oldPassword, newPassword, oobCode string) error {
+	req := map[string]interface{}{
+		"email":       email,
+		"oldPassword": oldPassword,
+		"newPassword": newPassword,
+		"oobCode":     oobCode,
+	}
+	reqBytes, err := json.Marshal(req)
+	if err != nil {
+		return err
+	}
+
+	_, err = postRequest(fmt.Sprintf(resetPasswordURL, apiKey), reqBytes)
+	return err
+}
+
+func signInWithEmailLink(email, oobCode string) (string, error) {
+	req := map[string]interface{}{
+		"email":   email,
+		"oobCode": oobCode,
+	}
+	reqBytes, err := json.Marshal(req)
+	if err != nil {
+		return "", err
+	}
+
+	b, err := postRequest(fmt.Sprintf(emailLinkSignInURL, apiKey), reqBytes)
+	if err != nil {
+		return "", err
+	}
+
+	var parsed struct {
+		IDToken string `json:"idToken"`
+	}
+	if err := json.Unmarshal(b, &parsed); err != nil {
+		return "", err
+	}
+	return parsed.IDToken, nil
+}
+
 var seededRand = rand.New(rand.NewSource(time.Now().UnixNano()))
 
 func randomUID() string {
@@ -514,7 +635,6 @@ func newUserWithParams(t *testing.T) *auth.UserRecord {
 		PhoneNumber(phone).
 		DisplayName("Random User").
 		PhotoURL("https://example.com/photo.png").
-		EmailVerified(true).
 		Password("password")
 	user, err := client.CreateUser(context.Background(), params)
 	if err != nil {