feat(auth): validatePassword method implementation (#8400)

* feat(auth): validatePassword method implementation

* feat(auth): more definitions to support validatePassword and definition test passes

* feat(auth): Shift new definitions into Modular API

* feat(auth): implementation draft

* feat(auth): Add some internal methods for api call

* feat: More API features and fixed errors in tests

* feat: license agreement

* feat: passwordpolicy api works

* feat: Added more tests for password policy API

* fix: Code cleanup

* fix: more code clean up and documentation

* feat: coverage tests for password policy impl

* fix: code cleanup

* fix: validatePassword fully working

* chore: cleanup move api tests to e2e

* feat: started adding e2e tests

* feat: e2e tests

* fix: e2e tests working

* fix: formatting

* fix: removed redundant comments

* fix: formatting

* fix: better error messages and fix formatting

* fix: cleanup and test fixes

* fix: tests

* fix: formatting

* fix: formatting

* fix: top level suite formatting issue

* fix: unused var issue

* fix: fix last test

* fix: last test fix

* fix: allow final test to pass on macOS by looking for subtstring

* test(auth): re-structure auth unit test file

- cleanly split between namespace / modular - some sections were mixed
- remove empty block avoiding test
- fix double-nesting on ActionCodeSettings

* fix: use modular references only

* docs: validatePassword documentation

* fix: rid trailing spaces

---------

Co-authored-by: Mike Hardy <github@mikehardy.net>
Co-authored by: Chase Hartsell <51487099+ch5zzy@users.noreply.github.com>

Author: MichaelVerdon

packages/auth/__tests__/auth.test.ts

@@ -61,6 +61,7 @@ import auth, {
   verifyBeforeUpdateEmail,
   getAdditionalUserInfo,
   getCustomAuthDomain,
+  validatePassword,
   AppleAuthProvider,
   EmailAuthProvider,
   FacebookAuthProvider,
@@ -72,6 +73,8 @@ import auth, {
   TwitterAuthProvider,
 } from '../lib';
 
+const PasswordPolicyImpl = require('../lib/password-policy/PasswordPolicyImpl').default;
+
 // @ts-ignore test
 import FirebaseModule from '../../app/lib/internal/FirebaseModule';
 // @ts-ignore - We don't mind missing types here
@@ -133,13 +136,13 @@ describe('Auth', function () {
         const result = auth().useEmulator('http://my-host:9099');
         expect(result).toEqual(['my-host', 9099]);
       });
-    });
 
-    describe('tenantId', function () {
-      it('should be able to set tenantId ', function () {
-        const auth = firebase.app().auth();
-        auth.setTenantId('test-id').then(() => {
-          expect(auth.tenantId).toBe('test-id');
+      describe('tenantId', function () {
+        it('should be able to set tenantId ', function () {
+          const auth = firebase.app().auth();
+          auth.setTenantId('test-id').then(() => {
+            expect(auth.tenantId).toBe('test-id');
+          });
         });
       });
 
@@ -201,6 +204,84 @@ describe('Auth', function () {
         expect(actual._auth).not.toBeNull();
       });
     });
+
+    describe('ActionCodeSettings', function () {
+      beforeAll(function () {
+        // @ts-ignore test
+        jest.spyOn(FirebaseModule.prototype, 'native', 'get').mockImplementation(() => {
+          return new Proxy(
+            {},
+            {
+              get: () => jest.fn().mockResolvedValue({} as never),
+            },
+          );
+        });
+      });
+
+      it('should allow linkDomain as `ActionCodeSettings.linkDomain`', function () {
+        const auth = firebase.app().auth();
+        const actionCodeSettings: FirebaseAuthTypes.ActionCodeSettings = {
+          url: 'https://example.com',
+          handleCodeInApp: true,
+          linkDomain: 'example.com',
+        };
+        const email = 'fake@example.com';
+        auth.sendSignInLinkToEmail(email, actionCodeSettings);
+        auth.sendPasswordResetEmail(email, actionCodeSettings);
+        sendPasswordResetEmail(auth, email, actionCodeSettings);
+        sendSignInLinkToEmail(auth, email, actionCodeSettings);
+
+        const user: FirebaseAuthTypes.User = new User(auth, {});
+
+        user.sendEmailVerification(actionCodeSettings);
+        user.verifyBeforeUpdateEmail(email, actionCodeSettings);
+        sendEmailVerification(user, actionCodeSettings);
+        verifyBeforeUpdateEmail(user, email, actionCodeSettings);
+      });
+
+      it('should warn using `ActionCodeSettings.dynamicLinkDomain`', function () {
+        const auth = firebase.app().auth();
+        const actionCodeSettings: FirebaseAuthTypes.ActionCodeSettings = {
+          url: 'https://example.com',
+          handleCodeInApp: true,
+          linkDomain: 'example.com',
+          dynamicLinkDomain: 'example.com',
+        };
+        const email = 'fake@example.com';
+        let warnings = 0;
+        const consoleWarnSpy = jest.spyOn(console, 'warn');
+        consoleWarnSpy.mockReset();
+        consoleWarnSpy.mockImplementation(warnMessage => {
+          if (
+            warnMessage.includes(
+              'Instead, use ActionCodeSettings.linkDomain to set up a custom domain',
+            )
+          ) {
+            warnings++;
+          }
+        });
+        auth.sendSignInLinkToEmail(email, actionCodeSettings);
+        expect(warnings).toBe(1);
+        auth.sendPasswordResetEmail(email, actionCodeSettings);
+        expect(warnings).toBe(2);
+        sendPasswordResetEmail(auth, email, actionCodeSettings);
+        expect(warnings).toBe(3);
+        sendSignInLinkToEmail(auth, email, actionCodeSettings);
+        expect(warnings).toBe(4);
+        const user: FirebaseAuthTypes.User = new User(auth, {});
+
+        user.sendEmailVerification(actionCodeSettings);
+        expect(warnings).toBe(5);
+        user.verifyBeforeUpdateEmail(email, actionCodeSettings);
+        expect(warnings).toBe(6);
+        sendEmailVerification(user, actionCodeSettings);
+        expect(warnings).toBe(7);
+        verifyBeforeUpdateEmail(user, email, actionCodeSettings);
+        expect(warnings).toBe(8);
+        consoleWarnSpy.mockReset();
+        consoleWarnSpy.mockRestore();
+      });
+    });
   });
 
   describe('modular', function () {
@@ -420,6 +501,10 @@ describe('Auth', function () {
       expect(getCustomAuthDomain).toBeDefined();
     });
 
+    it('`validatePassword` function is properly exposed to end user', function () {
+      expect(validatePassword).toBeDefined();
+    });
+
     it('`AppleAuthProvider` class is properly exposed to end user', function () {
       expect(AppleAuthProvider).toBeDefined();
     });
@@ -456,81 +541,79 @@ describe('Auth', function () {
       expect(TwitterAuthProvider).toBeDefined();
     });
 
-    describe('ActionCodeSettings', function () {
-      beforeAll(function () {
-        // @ts-ignore test
-        jest.spyOn(FirebaseModule.prototype, 'native', 'get').mockImplementation(() => {
-          return new Proxy(
-            {},
-            {
-              get: () => jest.fn().mockResolvedValue({} as never),
-            },
-          );
-        });
+    describe('PasswordPolicyImpl', function () {
+      const TEST_MIN_PASSWORD_LENGTH = 6;
+      const TEST_SCHEMA_VERSION = 1;
+
+      const testPolicy = {
+        customStrengthOptions: {
+          minPasswordLength: 6,
+          maxPasswordLength: 4096,
+          containsLowercaseCharacter: true,
+          containsUppercaseCharacter: true,
+          containsNumericCharacter: true,
+          containsNonAlphanumericCharacter: true,
+        },
+        allowedNonAlphanumericCharacters: ['$', '*'],
+        schemaVersion: 1,
+        enforcementState: 'OFF',
+      };
+
+      it('should create a password policy', async () => {
+        let passwordPolicy = new PasswordPolicyImpl(testPolicy);
+        expect(passwordPolicy).toBeDefined();
+        expect(passwordPolicy.customStrengthOptions.minPasswordLength).toEqual(
+          TEST_MIN_PASSWORD_LENGTH,
+        );
+        expect(passwordPolicy.schemaVersion).toEqual(TEST_SCHEMA_VERSION);
       });
 
-      it('should allow linkDomain as `ActionCodeSettings.linkDomain`', function () {
-        const auth = firebase.app().auth();
-        const actionCodeSettings: FirebaseAuthTypes.ActionCodeSettings = {
-          url: 'https://example.com',
-          handleCodeInApp: true,
-          linkDomain: 'example.com',
-        };
-        const email = 'fake@example.com';
-        auth.sendSignInLinkToEmail(email, actionCodeSettings);
-        auth.sendPasswordResetEmail(email, actionCodeSettings);
-        sendPasswordResetEmail(auth, email, actionCodeSettings);
-        sendSignInLinkToEmail(auth, email, actionCodeSettings);
+      it('should return statusValid: true when the password satisfies the password policy', async () => {
+        const passwordPolicy = new PasswordPolicyImpl(testPolicy);
+        let password = 'Password$123';
+        let status = passwordPolicy.validatePassword(password);
+        expect(status).toBeDefined();
+        expect(status.isValid).toEqual(true);
+      });
 
-        const user: FirebaseAuthTypes.User = new User(auth, {});
+      it('should return statusValid: false when the password is too short', async () => {
+        const passwordPolicy = new PasswordPolicyImpl(testPolicy);
+        let password = 'Pa1$';
+        let status = passwordPolicy.validatePassword(password);
+        expect(status).toBeDefined();
+        expect(status.isValid).toEqual(false);
+      });
 
-        user.sendEmailVerification(actionCodeSettings);
-        user.verifyBeforeUpdateEmail(email, actionCodeSettings);
-        sendEmailVerification(user, actionCodeSettings);
-        verifyBeforeUpdateEmail(user, email, actionCodeSettings);
+      it('should return statusValid: false when the password has no capital characters', async () => {
+        const passwordPolicy = new PasswordPolicyImpl(testPolicy);
+        let password = 'password123$';
+        let status = passwordPolicy.validatePassword(password);
+        expect(status).toBeDefined();
+        expect(status.isValid).toEqual(false);
       });
 
-      it('should warn using `ActionCodeSettings.dynamicLinkDomain`', function () {
-        const auth = firebase.app().auth();
-        const actionCodeSettings: FirebaseAuthTypes.ActionCodeSettings = {
-          url: 'https://example.com',
-          handleCodeInApp: true,
-          linkDomain: 'example.com',
-          dynamicLinkDomain: 'example.com',
-        };
-        const email = 'fake@example.com';
-        let warnings = 0;
-        const consoleWarnSpy = jest.spyOn(console, 'warn');
-        consoleWarnSpy.mockReset();
-        consoleWarnSpy.mockImplementation(warnMessage => {
-          if (
-            warnMessage.includes(
-              'Instead, use ActionCodeSettings.linkDomain to set up a custom domain',
-            )
-          ) {
-            warnings++;
-          }
-        });
-        auth.sendSignInLinkToEmail(email, actionCodeSettings);
-        expect(warnings).toBe(1);
-        auth.sendPasswordResetEmail(email, actionCodeSettings);
-        expect(warnings).toBe(2);
-        sendPasswordResetEmail(auth, email, actionCodeSettings);
-        expect(warnings).toBe(3);
-        sendSignInLinkToEmail(auth, email, actionCodeSettings);
-        expect(warnings).toBe(4);
-        const user: FirebaseAuthTypes.User = new User(auth, {});
+      it('should return statusValid: false when the password has no lowercase characters', async () => {
+        const passwordPolicy = new PasswordPolicyImpl(testPolicy);
+        let password = 'PASSWORD123$';
+        let status = passwordPolicy.validatePassword(password);
+        expect(status).toBeDefined();
+        expect(status.isValid).toEqual(false);
+      });
 
-        user.sendEmailVerification(actionCodeSettings);
-        expect(warnings).toBe(5);
-        user.verifyBeforeUpdateEmail(email, actionCodeSettings);
-        expect(warnings).toBe(6);
-        sendEmailVerification(user, actionCodeSettings);
-        expect(warnings).toBe(7);
-        verifyBeforeUpdateEmail(user, email, actionCodeSettings);
-        expect(warnings).toBe(8);
-        consoleWarnSpy.mockReset();
-        consoleWarnSpy.mockRestore();
+      it('should return statusValid: false when the password has no numbers', async () => {
+        const passwordPolicy = new PasswordPolicyImpl(testPolicy);
+        let password = 'Password$';
+        let status = passwordPolicy.validatePassword(password);
+        expect(status).toBeDefined();
+        expect(status.isValid).toEqual(false);
+      });
+
+      it('should return statusValid: false when the password has no special characters', async () => {
+        const passwordPolicy = new PasswordPolicyImpl(testPolicy);
+        let password = 'Password123';
+        let status = passwordPolicy.validatePassword(password);
+        expect(status).toBeDefined();
+        expect(status.isValid).toEqual(false);
       });
     });
   });

packages/auth/e2e/validatePassword.e2e.js

@@ -0,0 +1,79 @@
+/*
+ * Copyright (c) 2016-present Invertase Limited & Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this library except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+import { validatePassword, getAuth } from '../lib/';
+
+describe('auth() -> validatePassword()', function () {
+  it('isValid is false if password is too short', async function () {
+    let status = await validatePassword(getAuth(), 'Pa1$');
+    status.isValid.should.equal(false);
+  });
+
+  it('isValid is false if password is empty string', async function () {
+    let status = await validatePassword(getAuth(), '');
+    status.isValid.should.equal(false);
+  });
+
+  it('isValid is false if password has no digits', async function () {
+    let status = await validatePassword(getAuth(), 'Password$');
+    status.isValid.should.equal(false);
+  });
+
+  it('isValid is false if password has no capital letters', async function () {
+    let status = await validatePassword(getAuth(), 'password123$');
+    status.isValid.should.equal(false);
+  });
+
+  it('isValid is false if password has no lowercase letters', async function () {
+    let status = await validatePassword(getAuth(), 'PASSWORD123$');
+    status.isValid.should.equal(false);
+  });
+
+  it('isValid is true if given a password that satisfies the policy', async function () {
+    let status = await validatePassword(getAuth(), 'Password123$');
+    status.isValid.should.equal(true);
+  });
+
+  it('validatePassword throws an error if password is null', async function () {
+    try {
+      await validatePassword(getAuth(), null);
+    } catch (e) {
+      e.message.should.equal(
+        "firebase.auth().validatePassword(*) expected 'password' to be a non-null or a defined value.",
+      );
+    }
+  });
+
+  it('validatePassword throws an error if password is undefined', async function () {
+    try {
+      await validatePassword(getAuth(), undefined);
+    } catch (e) {
+      e.message.should.equal(
+        "firebase.auth().validatePassword(*) expected 'password' to be a non-null or a defined value.",
+      );
+    }
+  });
+
+  it('validatePassword throws an error if given a bad auth instance', async function () {
+    try {
+      await validatePassword(undefined, 'Testing123$');
+    } catch (e) {
+      e.message.should.containEql('app');
+      e.message.should.containEql('undefined');
+    }
+  });
+});