Add extra asserts around action code settings (auth-next) (#3911)

* Add extra asserts around action code settings (auth-next)

* PR feedback

Author: avolkovi

packages-exp/auth-exp/src/core/strategies/action_code_settings.test.ts

@@ -0,0 +1,96 @@
+/**
+ * @license
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import { FirebaseError } from '@firebase/util';
+import { expect } from 'chai';
+
+import { testAuth, TestAuth } from '../../../test/helpers/mock_auth';
+import { GetOobCodeRequest } from '../../api/authentication/email_and_password';
+import { _setActionCodeSettingsOnRequest } from './action_code_settings';
+
+describe('core/strategies/action_code_settings', () => {
+  let auth: TestAuth;
+  const request: GetOobCodeRequest = {};
+
+  beforeEach(async () => {
+    auth = await testAuth();
+  });
+
+  it('should require a non empty continue URL', () => {
+    expect(() =>
+      _setActionCodeSettingsOnRequest(auth, request, {
+        handleCodeInApp: true,
+        iOS: {
+          bundleId: 'my-bundle'
+        },
+        url: '',
+        dynamicLinkDomain: 'fdl-domain'
+      })
+    ).to.throw(FirebaseError, '(auth/invalid-continue-uri)');
+  });
+
+  it('should allow undefined dynamic link URL', () => {
+    expect(() =>
+      _setActionCodeSettingsOnRequest(auth, request, {
+        handleCodeInApp: true,
+        iOS: {
+          bundleId: 'my-´bundle'
+        },
+        url: 'my-url'
+      })
+    ).to.not.throw();
+  });
+
+  it('should require a non empty dynamic link URL', () => {
+    expect(() =>
+      _setActionCodeSettingsOnRequest(auth, request, {
+        handleCodeInApp: true,
+        iOS: {
+          bundleId: 'my-´bundle'
+        },
+        url: 'my-url',
+        dynamicLinkDomain: ''
+      })
+    ).to.throw(FirebaseError, '(auth/invalid-dynamic-link-domain)');
+  });
+
+  it('should require a non-empty bundle ID', () => {
+    expect(() =>
+      _setActionCodeSettingsOnRequest(auth, request, {
+        handleCodeInApp: true,
+        iOS: {
+          bundleId: ''
+        },
+        url: 'my-url',
+        dynamicLinkDomain: 'fdl-domain'
+      })
+    ).to.throw(FirebaseError, '(auth/missing-ios-bundle-id)');
+  });
+
+  it('should require a non-empty package name', () => {
+    expect(() =>
+      _setActionCodeSettingsOnRequest(auth, request, {
+        handleCodeInApp: true,
+        android: {
+          packageName: ''
+        },
+        url: 'my-url',
+        dynamicLinkDomain: 'fdl-domain'
+      })
+    ).to.throw(FirebaseError, '(auth/missing-android-pkg-name)');
+  });
+});

packages-exp/auth-exp/src/core/strategies/action_code_settings.ts

@@ -15,23 +15,56 @@
  * limitations under the License.
  */
 
-import { ActionCodeSettings } from '@firebase/auth-types-exp';
+import { ActionCodeSettings, Auth } from '@firebase/auth-types-exp';
 
 import { GetOobCodeRequest } from '../../api/authentication/email_and_password';
+import { AuthErrorCode } from '../errors';
+import { assert } from '../util/assert';
 
-export function setActionCodeSettingsOnRequest(
+export function _setActionCodeSettingsOnRequest(
+  auth: Auth,
   request: GetOobCodeRequest,
   actionCodeSettings: ActionCodeSettings
 ): void {
+  assert(
+    actionCodeSettings.url.length > 0,
+    AuthErrorCode.INVALID_CONTINUE_URI,
+    {
+      appName: auth.name
+    }
+  );
+  assert(
+    typeof actionCodeSettings.dynamicLinkDomain === 'undefined' ||
+      actionCodeSettings.dynamicLinkDomain.length > 0,
+    AuthErrorCode.INVALID_DYNAMIC_LINK_DOMAIN,
+    {
+      appName: auth.name
+    }
+  );
+
   request.continueUrl = actionCodeSettings.url;
   request.dynamicLinkDomain = actionCodeSettings.dynamicLinkDomain;
   request.canHandleCodeInApp = actionCodeSettings.handleCodeInApp;
 
   if (actionCodeSettings.iOS) {
+    assert(
+      actionCodeSettings.iOS.bundleId.length > 0,
+      AuthErrorCode.MISSING_IOS_BUNDLE_ID,
+      {
+        appName: auth.name
+      }
+    );
     request.iosBundleId = actionCodeSettings.iOS.bundleId;
   }
 
   if (actionCodeSettings.android) {
+    assert(
+      actionCodeSettings.android.packageName.length > 0,
+      AuthErrorCode.MISSING_ANDROID_PACKAGE_NAME,
+      {
+        appName: auth.name
+      }
+    );
     request.androidInstallApp = actionCodeSettings.android.installApp;
     request.androidMinimumVersionCode =
       actionCodeSettings.android.minimumVersion;

packages-exp/auth-exp/src/core/strategies/email.ts

@@ -24,7 +24,7 @@ import {
 import * as api from '../../api/authentication/email_and_password';
 import { User } from '../../model/user';
 import { _getCurrentUrl, _isHttpOrHttps } from '../util/location';
-import { setActionCodeSettingsOnRequest } from './action_code_settings';
+import { _setActionCodeSettingsOnRequest } from './action_code_settings';
 import { _castAuth } from '../auth/auth_impl';
 
 export async function fetchSignInMethodsForEmail(
@@ -56,7 +56,7 @@ export async function sendEmailVerification(
     idToken
   };
   if (actionCodeSettings) {
-    setActionCodeSettingsOnRequest(request, actionCodeSettings);
+    _setActionCodeSettingsOnRequest(user.auth, request, actionCodeSettings);
   }
 
   const { email } = await api.sendEmailVerification(user.auth, request);
@@ -79,7 +79,7 @@ export async function verifyBeforeUpdateEmail(
     newEmail
   };
   if (actionCodeSettings) {
-    setActionCodeSettingsOnRequest(request, actionCodeSettings);
+    _setActionCodeSettingsOnRequest(user.auth, request, actionCodeSettings);
   }
 
   const { email } = await api.verifyAndChangeEmail(user.auth, request);

packages-exp/auth-exp/src/core/strategies/email_and_password.ts

@@ -24,7 +24,7 @@ import { MultiFactorInfo } from '../../mfa/mfa_info';
 import { EmailAuthProvider } from '../providers/email';
 import { UserCredentialImpl } from '../user/user_credential_impl';
 import { assert } from '../util/assert';
-import { setActionCodeSettingsOnRequest } from './action_code_settings';
+import { _setActionCodeSettingsOnRequest } from './action_code_settings';
 import { signInWithCredential } from './credential';
 import { _castAuth } from '../auth/auth_impl';
 import { AuthErrorCode } from '../errors';
@@ -39,7 +39,7 @@ export async function sendPasswordResetEmail(
     email
   };
   if (actionCodeSettings) {
-    setActionCodeSettingsOnRequest(request, actionCodeSettings);
+    _setActionCodeSettingsOnRequest(auth, request, actionCodeSettings);
   }
 
   await authentication.sendPasswordResetEmail(auth, request);

packages-exp/auth-exp/src/core/strategies/email_link.ts

@@ -21,7 +21,7 @@ import * as api from '../../api/authentication/email_and_password';
 import { ActionCodeURL } from '../action_code_url';
 import { EmailAuthProvider } from '../providers/email';
 import { _getCurrentUrl } from '../util/location';
-import { setActionCodeSettingsOnRequest } from './action_code_settings';
+import { _setActionCodeSettingsOnRequest } from './action_code_settings';
 import { signInWithCredential } from './credential';
 import { AuthErrorCode } from '../errors';
 import { assert } from '../util/assert';
@@ -36,7 +36,7 @@ export async function sendSignInLinkToEmail(
     email
   };
   if (actionCodeSettings) {
-    setActionCodeSettingsOnRequest(request, actionCodeSettings);
+    _setActionCodeSettingsOnRequest(auth, request, actionCodeSettings);
   }
 
   await api.sendSignInLinkToEmail(auth, request);