Add extra asserts around action code settings (auth-next)

Author: avolkovi

packages-exp/auth-exp/src/core/strategies/action_code_settings.test.ts

@@ -0,0 +1,126 @@
+/**
+ * @license
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import { FirebaseError } from '@firebase/util';
+import { expect } from 'chai';
+import { ActionCodeSettings } from '@firebase/auth-types-exp';
+
+import { testAuth, TestAuth } from '../../../test/helpers/mock_auth';
+import { GetOobCodeRequest } from '../../api/authentication/email_and_password';
+import { setActionCodeSettingsOnRequest_ } from './action_code_settings';
+
+describe('core/strategies/action_code_settings', () => {
+  let auth: TestAuth;
+  const request: GetOobCodeRequest = {
+  };
+
+  beforeEach(async () => {
+    auth = await testAuth();
+  });
+
+
+  it('should require a continue URL', () => {
+    expect(() =>
+      setActionCodeSettingsOnRequest_(auth, request, {
+        handleCodeInApp: true,
+        iOS: {
+          bundleId: 'my-bundle'
+        },
+        dynamicLinkDomain: 'fdl-domain'
+      } as unknown as ActionCodeSettings)
+    ).to.throw(
+      FirebaseError,
+      '(auth/missing-continue-uri)'
+    );
+  });
+
+  it('should require a non empty continue URL', () => {
+    expect(() =>
+      setActionCodeSettingsOnRequest_(auth, request, {
+        handleCodeInApp: true,
+        iOS: {
+          bundleId: 'my-bundle'
+        },
+        url: '',
+        dynamicLinkDomain: 'fdl-domain'
+      })
+    ).to.throw(
+      FirebaseError,
+      '(auth/invalid-continue-uri)'
+    );
+  });
+
+  it('should allow undefined dynamic link URL', () => {
+    expect(() =>
+      setActionCodeSettingsOnRequest_(auth, request, {
+        handleCodeInApp: true,
+        iOS: {
+          bundleId: 'my-´bundle'
+        },
+        url: 'my-url'
+      })
+    ).to.not.throw();
+  });
+
+  it('should require a non empty dynamic link URL', () => {
+    expect(() =>
+      setActionCodeSettingsOnRequest_(auth, request, {
+        handleCodeInApp: true,
+        iOS: {
+          bundleId: 'my-´bundle'
+        },
+        url: 'my-url',
+        dynamicLinkDomain: ''
+      })
+    ).to.throw(
+      FirebaseError,
+      '(auth/invalid-dynamic-link-domain)'
+    );
+  });
+
+  it('should require a non-empty bundle ID', () => {
+    expect(() =>
+      setActionCodeSettingsOnRequest_(auth, request, {
+        handleCodeInApp: true,
+        iOS: {
+          bundleId: ''
+        },
+        url: 'my-url',
+        dynamicLinkDomain: 'fdl-domain'
+      })
+    ).to.throw(
+      FirebaseError,
+      '(auth/missing-ios-bundle-id)'
+    );
+  });
+
+  it('should require a non-empty package name', () => {
+    expect(() =>
+      setActionCodeSettingsOnRequest_(auth, request, {
+        handleCodeInApp: true,
+        android: {
+          packageName: ''
+        },
+        url: 'my-url',
+        dynamicLinkDomain: 'fdl-domain'
+      })
+    ).to.throw(
+      FirebaseError,
+      '(auth/missing-android-pkg-name)'
+    );
+  });
+});

packages-exp/auth-exp/src/core/strategies/action_code_settings.ts

@@ -18,20 +18,41 @@
 import { ActionCodeSettings } from '@firebase/auth-types-exp';
 
 import { GetOobCodeRequest } from '../../api/authentication/email_and_password';
+import { AuthErrorCode } from '../errors';
+import { assert } from '../util/assert';
+import { AuthCore } from '../../model/auth'; 
 
-export function setActionCodeSettingsOnRequest(
+export function setActionCodeSettingsOnRequest_(
+  auth: AuthCore,
   request: GetOobCodeRequest,
   actionCodeSettings: ActionCodeSettings
 ): void {
+  assert(typeof actionCodeSettings.url !== 'undefined', AuthErrorCode.MISSING_CONTINUE_URI, {
+    appName: auth.name
+  });
+  assert(actionCodeSettings.url.length > 0, AuthErrorCode.INVALID_CONTINUE_URI, {
+    appName: auth.name
+  });
+  assert(typeof actionCodeSettings.dynamicLinkDomain === 'undefined' ||
+    actionCodeSettings.dynamicLinkDomain.length > 0, AuthErrorCode.INVALID_DYNAMIC_LINK_DOMAIN, {
+    appName: auth.name
+  });
+
   request.continueUrl = actionCodeSettings.url;
   request.dynamicLinkDomain = actionCodeSettings.dynamicLinkDomain;
   request.canHandleCodeInApp = actionCodeSettings.handleCodeInApp;
 
   if (actionCodeSettings.iOS) {
+    assert(actionCodeSettings.iOS.bundleId.length > 0, AuthErrorCode.MISSING_IOS_BUNDLE_ID, {
+      appName: auth.name
+    });
     request.iosBundleId = actionCodeSettings.iOS.bundleId;
   }
 
   if (actionCodeSettings.android) {
+    assert(actionCodeSettings.android.packageName.length > 0, AuthErrorCode.MISSING_ANDROID_PACKAGE_NAME, {
+      appName: auth.name
+    });
     request.androidInstallApp = actionCodeSettings.android.installApp;
     request.androidMinimumVersionCode =
       actionCodeSettings.android.minimumVersion;

packages-exp/auth-exp/src/core/strategies/email.ts

@@ -24,7 +24,7 @@ import {
 import * as api from '../../api/authentication/email_and_password';
 import { User } from '../../model/user';
 import { _getCurrentUrl, _isHttpOrHttps } from '../util/location';
-import { setActionCodeSettingsOnRequest } from './action_code_settings';
+import { setActionCodeSettingsOnRequest_ } from './action_code_settings';
 import { _castAuth } from '../auth/auth_impl';
 
 export async function fetchSignInMethodsForEmail(
@@ -56,7 +56,7 @@ export async function sendEmailVerification(
     idToken
   };
   if (actionCodeSettings) {
-    setActionCodeSettingsOnRequest(request, actionCodeSettings);
+    setActionCodeSettingsOnRequest_(user.auth, request, actionCodeSettings);
   }
 
   const { email } = await api.sendEmailVerification(user.auth, request);
@@ -79,7 +79,7 @@ export async function verifyBeforeUpdateEmail(
     newEmail
   };
   if (actionCodeSettings) {
-    setActionCodeSettingsOnRequest(request, actionCodeSettings);
+    setActionCodeSettingsOnRequest_(user.auth, request, actionCodeSettings);
   }
 
   const { email } = await api.verifyAndChangeEmail(user.auth, request);

packages-exp/auth-exp/src/core/strategies/email_and_password.ts

@@ -24,7 +24,7 @@ import { MultiFactorInfo } from '../../mfa/mfa_info';
 import { EmailAuthProvider } from '../providers/email';
 import { UserCredentialImpl } from '../user/user_credential_impl';
 import { assert } from '../util/assert';
-import { setActionCodeSettingsOnRequest } from './action_code_settings';
+import { setActionCodeSettingsOnRequest_ } from './action_code_settings';
 import { signInWithCredential } from './credential';
 import { _castAuth } from '../auth/auth_impl';
 import { AuthErrorCode } from '../errors';
@@ -39,7 +39,7 @@ export async function sendPasswordResetEmail(
     email
   };
   if (actionCodeSettings) {
-    setActionCodeSettingsOnRequest(request, actionCodeSettings);
+    setActionCodeSettingsOnRequest_(auth, request, actionCodeSettings);
   }
 
   await authentication.sendPasswordResetEmail(auth, request);

packages-exp/auth-exp/src/core/strategies/email_link.ts

@@ -21,7 +21,7 @@ import * as api from '../../api/authentication/email_and_password';
 import { ActionCodeURL } from '../action_code_url';
 import { EmailAuthProvider } from '../providers/email';
 import { _getCurrentUrl } from '../util/location';
-import { setActionCodeSettingsOnRequest } from './action_code_settings';
+import { setActionCodeSettingsOnRequest_ } from './action_code_settings';
 import { signInWithCredential } from './credential';
 import { AuthErrorCode } from '../errors';
 import { assert } from '../util/assert';
@@ -36,7 +36,7 @@ export async function sendSignInLinkToEmail(
     email
   };
   if (actionCodeSettings) {
-    setActionCodeSettingsOnRequest(request, actionCodeSettings);
+    setActionCodeSettingsOnRequest_(auth ,request, actionCodeSettings);
   }
 
   await api.sendSignInLinkToEmail(auth, request);