[Auth] Remove tenantId field from calls to MFA endpoints (#5522)

* Remove tenantId field from calls to MFA endpoints

* Changeset

Author: sam-gc

.changeset/tender-walls-hang.md

@@ -0,0 +1,5 @@
+---
+"@firebase/auth": patch
+---
+
+Fix wrongly-typed tenantId fields in requests to some endpoints

packages/auth/src/api/account_management/mfa.test.ts

@@ -60,10 +60,7 @@ describe('api/account_management/startEnrollPhoneMfa', () => {
 
     const response = await startEnrollPhoneMfa(auth, request);
     expect(response.phoneSessionInfo.sessionInfo).to.eq('session-info');
-    expect(mock.calls[0].request).to.eql({
-      tenantId: null,
-      ...request
-    });
+    expect(mock.calls[0].request).to.eql(request);
     expect(mock.calls[0].method).to.eq('POST');
     expect(mock.calls[0].headers!.get(HttpHeader.CONTENT_TYPE)).to.eq(
       'application/json'
@@ -94,10 +91,7 @@ describe('api/account_management/startEnrollPhoneMfa', () => {
       FirebaseError,
       "Firebase: This user's credential isn't valid for this project. This can happen if the user's token has been tampered with, or if the user isn't for the project associated with this API key. (auth/invalid-user-token)."
     );
-    expect(mock.calls[0].request).to.eql({
-      tenantId: null,
-      ...request
-    });
+    expect(mock.calls[0].request).to.eql(request);
   });
 });
 
@@ -130,10 +124,7 @@ describe('api/account_management/finalizeEnrollPhoneMfa', () => {
     const response = await finalizeEnrollPhoneMfa(auth, request);
     expect(response.idToken).to.eq('id-token');
     expect(response.refreshToken).to.eq('refresh-token');
-    expect(mock.calls[0].request).to.eql({
-      tenantId: null,
-      ...request
-    });
+    expect(mock.calls[0].request).to.eql(request);
     expect(mock.calls[0].method).to.eq('POST');
     expect(mock.calls[0].headers!.get(HttpHeader.CONTENT_TYPE)).to.eq(
       'application/json'
@@ -164,10 +155,7 @@ describe('api/account_management/finalizeEnrollPhoneMfa', () => {
       FirebaseError,
       'Firebase: The verification ID used to create the phone auth credential is invalid. (auth/invalid-verification-id).'
     );
-    expect(mock.calls[0].request).to.eql({
-      tenantId: null,
-      ...request
-    });
+    expect(mock.calls[0].request).to.eql(request);
   });
 });
 
@@ -195,10 +183,7 @@ describe('api/account_management/withdrawMfa', () => {
     const response = await withdrawMfa(auth, request);
     expect(response.idToken).to.eq('id-token');
     expect(response.refreshToken).to.eq('refresh-token');
-    expect(mock.calls[0].request).to.eql({
-      tenantId: null,
-      ...request
-    });
+    expect(mock.calls[0].request).to.eql(request);
     expect(mock.calls[0].method).to.eq('POST');
     expect(mock.calls[0].headers!.get(HttpHeader.CONTENT_TYPE)).to.eq(
       'application/json'
@@ -229,9 +214,6 @@ describe('api/account_management/withdrawMfa', () => {
       FirebaseError,
       "Firebase: This user's credential isn't valid for this project. This can happen if the user's token has been tampered with, or if the user isn't for the project associated with this API key. (auth/invalid-user-token)."
     );
-    expect(mock.calls[0].request).to.eql({
-      tenantId: null,
-      ...request
-    });
+    expect(mock.calls[0].request).to.eql(request);
   });
 });

packages/auth/src/api/account_management/mfa.ts

@@ -15,7 +15,7 @@
  * limitations under the License.
  */
 
-import { Endpoint, HttpMethod, _performApiRequest } from '../index';
+import { Endpoint, HttpMethod, _addTidIfNecessary, _performApiRequest } from '../index';
 import { SignInWithPhoneNumberRequest } from '../authentication/sms';
 import { FinalizeMfaResponse } from '../authentication/mfa';
 import { AuthInternal } from '../../model/auth';
@@ -47,7 +47,7 @@ export interface StartPhoneMfaEnrollmentRequest {
     phoneNumber: string;
     recaptchaToken: string;
   };
-  tenantId: string | null;
+  tenantId?: string;
 }
 
 export interface StartPhoneMfaEnrollmentResponse {
@@ -58,59 +58,50 @@ export interface StartPhoneMfaEnrollmentResponse {
 
 export function startEnrollPhoneMfa(
   auth: AuthInternal,
-  request: Omit<StartPhoneMfaEnrollmentRequest, 'tenantId'>
+  request: StartPhoneMfaEnrollmentRequest
 ): Promise<StartPhoneMfaEnrollmentResponse> {
   return _performApiRequest<
     StartPhoneMfaEnrollmentRequest,
     StartPhoneMfaEnrollmentResponse
-  >(auth, HttpMethod.POST, Endpoint.START_PHONE_MFA_ENROLLMENT, {
-    tenantId: auth.tenantId,
-    ...request
-  });
+  >(auth, HttpMethod.POST, Endpoint.START_PHONE_MFA_ENROLLMENT, _addTidIfNecessary(auth, request));
 }
 
 export interface FinalizePhoneMfaEnrollmentRequest {
   idToken: string;
   phoneVerificationInfo: SignInWithPhoneNumberRequest;
   displayName?: string | null;
-  tenantId: string | null;
+  tenantId?: string;
 }
 
 export interface FinalizePhoneMfaEnrollmentResponse
   extends FinalizeMfaResponse {}
 
 export function finalizeEnrollPhoneMfa(
   auth: AuthInternal,
-  request: Omit<FinalizePhoneMfaEnrollmentRequest, 'tenantId'>
+  request: FinalizePhoneMfaEnrollmentRequest
 ): Promise<FinalizePhoneMfaEnrollmentResponse> {
   return _performApiRequest<
     FinalizePhoneMfaEnrollmentRequest,
     FinalizePhoneMfaEnrollmentResponse
-  >(auth, HttpMethod.POST, Endpoint.FINALIZE_PHONE_MFA_ENROLLMENT, {
-    tenantId: auth.tenantId,
-    ...request
-  });
+  >(auth, HttpMethod.POST, Endpoint.FINALIZE_PHONE_MFA_ENROLLMENT, _addTidIfNecessary(auth, request));
 }
 
 export interface WithdrawMfaRequest {
   idToken: string;
   mfaEnrollmentId: string;
-  tenantId: string | null;
+  tenantId?: string;
 }
 
 export interface WithdrawMfaResponse extends FinalizeMfaResponse {}
 
 export function withdrawMfa(
   auth: AuthInternal,
-  request: Omit<WithdrawMfaRequest, 'tenantId'>
+  request: WithdrawMfaRequest
 ): Promise<WithdrawMfaResponse> {
   return _performApiRequest<WithdrawMfaRequest, WithdrawMfaResponse>(
     auth,
     HttpMethod.POST,
     Endpoint.WITHDRAW_MFA,
-    {
-      tenantId: auth.tenantId,
-      ...request
-    }
+    _addTidIfNecessary(auth, request)
   );
 }

packages/auth/src/api/authentication/mfa.test.ts

@@ -56,10 +56,7 @@ describe('api/authentication/startSignInPhoneMfa', () => {
 
     const response = await startSignInPhoneMfa(auth, request);
     expect(response.phoneResponseInfo.sessionInfo).to.eq('session-info');
-    expect(mock.calls[0].request).to.eql({
-      tenantId: null,
-      ...request
-    });
+    expect(mock.calls[0].request).to.eql(request);
     expect(mock.calls[0].method).to.eq('POST');
     expect(mock.calls[0].headers!.get(HttpHeader.CONTENT_TYPE)).to.eq(
       'application/json'
@@ -90,10 +87,7 @@ describe('api/authentication/startSignInPhoneMfa', () => {
       FirebaseError,
       'Firebase: The supplied auth credential is malformed or has expired. (auth/invalid-credential).'
     );
-    expect(mock.calls[0].request).to.eql({
-      tenantId: null,
-      ...request
-    });
+    expect(mock.calls[0].request).to.eql(request);
   });
 });
 
@@ -126,10 +120,7 @@ describe('api/authentication/finalizeSignInPhoneMfa', () => {
     const response = await finalizeSignInPhoneMfa(auth, request);
     expect(response.idToken).to.eq('id-token');
     expect(response.refreshToken).to.eq('refresh-token');
-    expect(mock.calls[0].request).to.eql({
-      tenantId: null,
-      ...request
-    });
+    expect(mock.calls[0].request).to.eql(request);
     expect(mock.calls[0].method).to.eq('POST');
     expect(mock.calls[0].headers!.get(HttpHeader.CONTENT_TYPE)).to.eq(
       'application/json'
@@ -160,9 +151,6 @@ describe('api/authentication/finalizeSignInPhoneMfa', () => {
       FirebaseError,
       'Firebase: The SMS verification code used to create the phone auth credential is invalid. Please resend the verification code sms and be sure to use the verification code provided by the user. (auth/invalid-verification-code).'
     );
-    expect(mock.calls[0].request).to.eql({
-      tenantId: null,
-      ...request
-    });
+    expect(mock.calls[0].request).to.eql(request);
   });
 });

packages/auth/src/api/authentication/mfa.ts

@@ -15,7 +15,7 @@
  * limitations under the License.
  */
 
-import { _performApiRequest, Endpoint, HttpMethod } from '../index';
+import { _performApiRequest, Endpoint, HttpMethod, _addTidIfNecessary } from '../index';
 import { Auth } from '../../model/public_types';
 import { IdTokenResponse } from '../../model/id_token';
 import { MfaEnrollment } from '../account_management/mfa';
@@ -44,7 +44,7 @@ export interface StartPhoneMfaSignInRequest {
   phoneSignInInfo: {
     recaptchaToken: string;
   };
-  tenantId: string | null;
+  tenantId?: string;
 }
 
 export interface StartPhoneMfaSignInResponse {
@@ -55,36 +55,30 @@ export interface StartPhoneMfaSignInResponse {
 
 export function startSignInPhoneMfa(
   auth: Auth,
-  request: Omit<StartPhoneMfaSignInRequest, 'tenantId'>
+  request: StartPhoneMfaSignInRequest
 ): Promise<StartPhoneMfaSignInResponse> {
   return _performApiRequest<
     StartPhoneMfaSignInRequest,
     StartPhoneMfaSignInResponse
-  >(auth, HttpMethod.POST, Endpoint.START_PHONE_MFA_SIGN_IN, {
-    tenantId: auth.tenantId,
-    ...request
-  });
+  >(auth, HttpMethod.POST, Endpoint.START_PHONE_MFA_SIGN_IN, _addTidIfNecessary(auth, request));
 }
 
 export interface FinalizePhoneMfaSignInRequest {
   mfaPendingCredential: string;
   phoneVerificationInfo: SignInWithPhoneNumberRequest;
-  tenantId: string | null;
+  tenantId?: string;
 }
 
 export interface FinalizePhoneMfaSignInResponse extends FinalizeMfaResponse {}
 
 export function finalizeSignInPhoneMfa(
   auth: Auth,
-  request: Omit<FinalizePhoneMfaSignInRequest, 'tenantId'>
+  request: FinalizePhoneMfaSignInRequest,
 ): Promise<FinalizePhoneMfaSignInResponse> {
   return _performApiRequest<
     FinalizePhoneMfaSignInRequest,
     FinalizePhoneMfaSignInResponse
-  >(auth, HttpMethod.POST, Endpoint.FINALIZE_PHONE_MFA_SIGN_IN, {
-    tenantId: auth.tenantId,
-    ...request
-  });
+  >(auth, HttpMethod.POST, Endpoint.FINALIZE_PHONE_MFA_SIGN_IN, _addTidIfNecessary(auth, request));
 }
 
 /**

packages/auth/src/mfa/mfa_user.test.ts

@@ -189,7 +189,6 @@ describe('core/mfa/mfa_user/MultiFactorUser', () => {
       expect(withdrawMfaEnrollmentMock.calls[0].request).to.eql({
         idToken: 'access-token',
         mfaEnrollmentId: mfaInfo.uid,
-        tenantId: auth.tenantId
       });
     });
 
@@ -205,7 +204,6 @@ describe('core/mfa/mfa_user/MultiFactorUser', () => {
       expect(withdrawMfaEnrollmentMock.calls[0].request).to.eql({
         idToken: 'access-token',
         mfaEnrollmentId: mfaInfo.uid,
-        tenantId: auth.tenantId
       });
     });
 

packages/auth/src/platform_browser/mfa/assertions/phone.test.ts

@@ -70,7 +70,6 @@ describe('platform_browser/mfa/phone', () => {
       expect(response).to.eql(serverResponse);
       expect(mock.calls[0].request).to.eql({
         idToken: 'enrollment-id-token',
-        tenantId: auth.tenantId,
         phoneVerificationInfo: {
           code: 'verification-code',
           sessionInfo: 'verification-id'
@@ -93,7 +92,6 @@ describe('platform_browser/mfa/phone', () => {
         expect(mock.calls[0].request).to.eql({
           idToken: 'enrollment-id-token',
           displayName: 'display-name',
-          tenantId: auth.tenantId,
           phoneVerificationInfo: {
             code: 'verification-code',
             sessionInfo: 'verification-id'
@@ -119,7 +117,6 @@ describe('platform_browser/mfa/phone', () => {
       expect(response).to.eql(serverResponse);
       expect(mock.calls[0].request).to.eql({
         mfaPendingCredential: 'mfa-pending-credential',
-        tenantId: null,
         phoneVerificationInfo: {
           code: 'verification-code',
           sessionInfo: 'verification-id'

packages/auth/src/platform_browser/strategies/phone.test.ts

@@ -336,7 +336,6 @@ describe('platform_browser/strategies/phone', () => {
         );
         expect(sessionInfo).to.eq('session-info');
         expect(endpoint.calls[0].request).to.eql({
-          tenantId: auth.tenantId,
           idToken: session.credential,
           phoneEnrollmentInfo: {
             phoneNumber: 'number',
@@ -369,7 +368,6 @@ describe('platform_browser/strategies/phone', () => {
         );
         expect(sessionInfo).to.eq('session-info');
         expect(endpoint.calls[0].request).to.eql({
-          tenantId: auth.tenantId,
           mfaPendingCredential: 'mfa-pending-credential',
           mfaEnrollmentId: 'mfa-enrollment-id',
           phoneSignInInfo: {