Implemented EmailVerificationLink() API (#243)

Author: hiranya911

CHANGELOG.md

@@ -1,5 +1,8 @@
 # Unreleased
 
+- [added] Implemented `auth.EmailVerificationLink()` function for
+  generating email verification action links.
+
 # v3.7.0
 
 - [added] Implemented `auth.SessionCookie()` function for creating

auth/email_action_links.go

@@ -0,0 +1,122 @@
+// Copyright 2019 Google Inc. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package auth
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"net/http"
+	"net/url"
+)
+
+// ActionCodeSettings specifies the required continue/state URL with optional Android and iOS settings. Used when
+// invoking the email action link generation APIs.
+type ActionCodeSettings struct {
+	URL                   string `json:"continueUrl"`
+	HandleCodeInApp       bool   `json:"canHandleCodeInApp"`
+	IOSBundleID           string `json:"iOSBundleId,omitempty"`
+	AndroidPackageName    string `json:"androidPackageName,omitempty"`
+	AndroidMinimumVersion string `json:"androidMinimumVersion,omitempty"`
+	AndroidInstallApp     bool   `json:"androidInstallApp,omitempty"`
+	DynamicLinkDomain     string `json:"dynamicLinkDomain,omitempty"`
+}
+
+func (settings *ActionCodeSettings) toMap() (map[string]interface{}, error) {
+	if settings.URL == "" {
+		return nil, errors.New("URL must not be empty")
+	}
+
+	url, err := url.Parse(settings.URL)
+	if err != nil || url.Scheme == "" || url.Host == "" {
+		return nil, fmt.Errorf("malformed url string: %q", settings.URL)
+	}
+
+	if settings.AndroidMinimumVersion != "" || settings.AndroidInstallApp {
+		if settings.AndroidPackageName == "" {
+			return nil, errors.New("Android package name is required when specifying other Android settings")
+		}
+	}
+
+	b, err := json.Marshal(settings)
+	if err != nil {
+		return nil, err
+	}
+	var result map[string]interface{}
+	if err := json.Unmarshal(b, &result); err != nil {
+		return nil, err
+	}
+	return result, nil
+}
+
+type linkType string
+
+const (
+	emailLinkSignIn   linkType = "EMAIL_SIGNIN"
+	emailVerification linkType = "VERIFY_EMAIL"
+	passwordReset     linkType = "PASSWORD_RESET"
+)
+
+// EmailVerificationLink generates the out-of-band email action link for email verification flows for the specified
+// email address.
+func (c *userManagementClient) EmailVerificationLink(ctx context.Context, email string) (string, error) {
+	return c.EmailVerificationLinkWithSettings(ctx, email, nil)
+}
+
+// EmailVerificationLinkWithSettings generates the out-of-band email action link for email verification flows for the
+// specified email address, using the action code settings provided.
+func (c *userManagementClient) EmailVerificationLinkWithSettings(
+	ctx context.Context, email string, settings *ActionCodeSettings) (string, error) {
+	return c.generateEmailActionLink(ctx, emailVerification, email, settings)
+}
+
+func (c *userManagementClient) generateEmailActionLink(
+	ctx context.Context, linkType linkType, email string, settings *ActionCodeSettings) (string, error) {
+
+	if email == "" {
+		return "", errors.New("email must not be empty")
+	}
+
+	payload := map[string]interface{}{
+		"requestType":   linkType,
+		"email":         email,
+		"returnOobLink": true,
+	}
+	if settings != nil {
+		settingsMap, err := settings.toMap()
+		if err != nil {
+			return "", err
+		}
+		for k, v := range settingsMap {
+			payload[k] = v
+		}
+	}
+
+	resp, err := c.post(ctx, "/accounts:sendOobCode", payload)
+	if err != nil {
+		return "", err
+	}
+
+	if resp.Status != http.StatusOK {
+		return "", handleHTTPError(resp)
+	}
+
+	var result struct {
+		OOBLink string `json:"oobLink"`
+	}
+	err = json.Unmarshal(resp.Body, &result)
+	return result.OOBLink, err
+}

auth/email_action_links_test.go

@@ -0,0 +1,180 @@
+// Copyright 2019 Google Inc. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package auth
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"reflect"
+	"testing"
+)
+
+const (
+	testActionLink       = "https://test.link"
+	testActionLinkFormat = `{"oobLink": %q}`
+	testEmail            = "user@domain.com"
+)
+
+var testActionLinkResponse = []byte(fmt.Sprintf(testActionLinkFormat, testActionLink))
+var testActionCodeSettings = &ActionCodeSettings{
+	URL:                   "https://example.dynamic.link",
+	HandleCodeInApp:       true,
+	DynamicLinkDomain:     "custom.page.link",
+	IOSBundleID:           "com.example.ios",
+	AndroidPackageName:    "com.example.android",
+	AndroidInstallApp:     true,
+	AndroidMinimumVersion: "6",
+}
+var testActionCodeSettingsMap = map[string]interface{}{
+	"continueUrl":           "https://example.dynamic.link",
+	"canHandleCodeInApp":    true,
+	"dynamicLinkDomain":     "custom.page.link",
+	"iOSBundleId":           "com.example.ios",
+	"androidPackageName":    "com.example.android",
+	"androidInstallApp":     true,
+	"androidMinimumVersion": "6",
+}
+var invalidActionCodeSettings = []struct {
+	name     string
+	settings *ActionCodeSettings
+	want     string
+}{
+	{
+		"no-url",
+		&ActionCodeSettings{},
+		"URL must not be empty",
+	},
+	{
+		"malformed-url",
+		&ActionCodeSettings{
+			URL: "not a url",
+		},
+		`malformed url string: "not a url"`,
+	},
+	{
+		"no-android-package-1",
+		&ActionCodeSettings{
+			URL:               "https://example.dynamic.link",
+			AndroidInstallApp: true,
+		},
+		"Android package name is required when specifying other Android settings",
+	},
+	{
+		"no-android-package-2",
+		&ActionCodeSettings{
+			URL:                   "https://example.dynamic.link",
+			AndroidMinimumVersion: "6",
+		},
+		"Android package name is required when specifying other Android settings",
+	},
+}
+
+func TestEmailVerificationLink(t *testing.T) {
+	s := echoServer(testActionLinkResponse, t)
+	defer s.Close()
+
+	link, err := s.Client.EmailVerificationLink(context.Background(), testEmail)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if link != testActionLink {
+		t.Errorf("EmailVerificationLink() = %q; want = %q", link, testActionLink)
+	}
+
+	want := map[string]interface{}{
+		"requestType":   "VERIFY_EMAIL",
+		"email":         testEmail,
+		"returnOobLink": true,
+	}
+	if err := checkActionLinkRequest(want, s); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestEmailVerificationLinkWithSettings(t *testing.T) {
+	s := echoServer(testActionLinkResponse, t)
+	defer s.Close()
+
+	link, err := s.Client.EmailVerificationLinkWithSettings(context.Background(), testEmail, testActionCodeSettings)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if link != testActionLink {
+		t.Errorf("EmailVerificationLinkWithSettings() = %q; want = %q", link, testActionLink)
+	}
+
+	want := map[string]interface{}{
+		"requestType":   "VERIFY_EMAIL",
+		"email":         testEmail,
+		"returnOobLink": true,
+	}
+	for k, v := range testActionCodeSettingsMap {
+		want[k] = v
+	}
+	if err := checkActionLinkRequest(want, s); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestEmailVerificationLinkNoEmail(t *testing.T) {
+	client := &Client{}
+	_, err := client.EmailVerificationLink(context.Background(), "")
+	if err == nil {
+		t.Errorf("EmailVerificationLink('') = nil; want error")
+	}
+}
+
+func TestEmailVerificationLinkInvalidSettings(t *testing.T) {
+	client := &Client{}
+	for _, tc := range invalidActionCodeSettings {
+		_, err := client.EmailVerificationLinkWithSettings(context.Background(), testEmail, tc.settings)
+		if err == nil || err.Error() != tc.want {
+			t.Errorf("EmailVerificationLinkWithSettings(%q) = %v; want = %q", tc.name, err, tc.want)
+		}
+	}
+}
+
+func TestEmailVerificationLinkError(t *testing.T) {
+	cases := map[string]func(error) bool{
+		"UNAUTHORIZED_DOMAIN":         IsUnauthorizedContinueURI,
+		"INVALID_DYNAMIC_LINK_DOMAIN": IsInvalidDynamicLinkDomain,
+	}
+	s := echoServer(testActionLinkResponse, t)
+	defer s.Close()
+	s.Client.httpClient.RetryConfig = nil
+	s.Status = http.StatusInternalServerError
+
+	for code, check := range cases {
+		resp := fmt.Sprintf(`{"error": {"message": %q}}`, code)
+		s.Resp = []byte(resp)
+		_, err := s.Client.EmailVerificationLink(context.Background(), testEmail)
+		if err == nil || !check(err) {
+			t.Errorf("EmailVerificationLink(%q) = %v; want = %q", code, err, serverError[code])
+		}
+	}
+}
+
+func checkActionLinkRequest(want map[string]interface{}, s *mockAuthServer) error {
+	var got map[string]interface{}
+	if err := json.Unmarshal(s.Rbody, &got); err != nil {
+		return err
+	}
+	if !reflect.DeepEqual(got, want) {
+		return fmt.Errorf("EmailVerificationLink() request = %#v; want = %#v", got, want)
+	}
+	return nil
+}

auth/user_mgt.go

@@ -350,10 +350,12 @@ const (
 	emailAlreadyExists       = "email-already-exists"
 	idTokenRevoked           = "id-token-revoked"
 	insufficientPermission   = "insufficient-permission"
+	invalidDynamicLinkDomain = "invalid-dynamic-link-domain"
 	phoneNumberAlreadyExists = "phone-number-already-exists"
 	projectNotFound          = "project-not-found"
 	sessionCookieRevoked     = "session-cookie-revoked"
 	uidAlreadyExists         = "uid-already-exists"
+	unauthorizedContinueURI  = "unauthorized-continue-uri"
 	unknown                  = "unknown-error"
 	userNotFound             = "user-not-found"
 )
@@ -373,6 +375,11 @@ func IsInsufficientPermission(err error) bool {
 	return internal.HasErrorCode(err, insufficientPermission)
 }
 
+// IsInvalidDynamicLinkDomain checks if the given error was due to an invalid dynamic link domain.
+func IsInvalidDynamicLinkDomain(err error) bool {
+	return internal.HasErrorCode(err, invalidDynamicLinkDomain)
+}
+
 // IsPhoneNumberAlreadyExists checks if the given error was due to a duplicate phone number.
 func IsPhoneNumberAlreadyExists(err error) bool {
 	return internal.HasErrorCode(err, phoneNumberAlreadyExists)
@@ -393,6 +400,11 @@ func IsUIDAlreadyExists(err error) bool {
 	return internal.HasErrorCode(err, uidAlreadyExists)
 }
 
+// IsUnauthorizedContinueURI checks if the given error was due to an unauthorized continue URI domain.
+func IsUnauthorizedContinueURI(err error) bool {
+	return internal.HasErrorCode(err, unauthorizedContinueURI)
+}
+
 // IsUnknown checks if the given error was due to a unknown server error.
 func IsUnknown(err error) bool {
 	return internal.HasErrorCode(err, unknown)
@@ -404,15 +416,17 @@ func IsUserNotFound(err error) bool {
 }
 
 var serverError = map[string]string{
-	"CONFIGURATION_NOT_FOUND": projectNotFound,
-	"DUPLICATE_EMAIL":         emailAlreadyExists,
-	"DUPLICATE_LOCAL_ID":      uidAlreadyExists,
-	"EMAIL_EXISTS":            emailAlreadyExists,
-	"INSUFFICIENT_PERMISSION": insufficientPermission,
-	"PERMISSION_DENIED":       insufficientPermission,
-	"PHONE_NUMBER_EXISTS":     phoneNumberAlreadyExists,
-	"PROJECT_NOT_FOUND":       projectNotFound,
-	"USER_NOT_FOUND":          userNotFound,
+	"CONFIGURATION_NOT_FOUND":     projectNotFound,
+	"DUPLICATE_EMAIL":             emailAlreadyExists,
+	"DUPLICATE_LOCAL_ID":          uidAlreadyExists,
+	"EMAIL_EXISTS":                emailAlreadyExists,
+	"INSUFFICIENT_PERMISSION":     insufficientPermission,
+	"INVALID_DYNAMIC_LINK_DOMAIN": invalidDynamicLinkDomain,
+	"PERMISSION_DENIED":           insufficientPermission,
+	"PHONE_NUMBER_EXISTS":         phoneNumberAlreadyExists,
+	"PROJECT_NOT_FOUND":           projectNotFound,
+	"UNAUTHORIZED_DOMAIN":         unauthorizedContinueURI,
+	"USER_NOT_FOUND":              userNotFound,
 }
 
 func handleServerError(err error) error {