Update injectRecaptchaFields to inject recaptcha enterprise fields into phone API requests (#7786)

* Update injectRecaptchaFields to inject recaptcha fields into phone API requests

* Fix lint

* Rename captchaResp and fakeToken params

* Format

Author: NhienLam

packages/auth/src/api/account_management/mfa.test.ts

@@ -20,7 +20,12 @@ import chaiAsPromised from 'chai-as-promised';
 
 import { FirebaseError } from '@firebase/util';
 
-import { Endpoint, HttpHeader } from '../';
+import {
+  Endpoint,
+  HttpHeader,
+  RecaptchaClientType,
+  RecaptchaVersion
+} from '../';
 import { mockEndpoint } from '../../../test/helpers/api/helper';
 import { testAuth, TestAuth } from '../../../test/helpers/mock_auth';
 import * as mockFetch from '../../../test/helpers/mock_fetch';
@@ -40,7 +45,10 @@ describe('api/account_management/startEnrollPhoneMfa', () => {
     idToken: 'id-token',
     phoneEnrollmentInfo: {
       phoneNumber: 'phone-number',
-      recaptchaToken: 'captcha-token'
+      recaptchaToken: 'captcha-token',
+      captchaResponse: 'captcha-response',
+      clientType: RecaptchaClientType.WEB,
+      recaptchaVersion: RecaptchaVersion.ENTERPRISE
     }
   };
 

packages/auth/src/api/account_management/mfa.ts

@@ -18,6 +18,8 @@
 import {
   Endpoint,
   HttpMethod,
+  RecaptchaClientType,
+  RecaptchaVersion,
   _addTidIfNecessary,
   _performApiRequest
 } from '../index';
@@ -55,7 +57,12 @@ export interface StartPhoneMfaEnrollmentRequest {
   idToken: string;
   phoneEnrollmentInfo: {
     phoneNumber: string;
-    recaptchaToken: string;
+    // reCAPTCHA v2 token
+    recaptchaToken?: string;
+    // reCAPTCHA Enterprise token
+    captchaResponse?: string;
+    clientType?: RecaptchaClientType;
+    recaptchaVersion?: RecaptchaVersion;
   };
   tenantId?: string;
 }

packages/auth/src/api/authentication/mfa.test.ts

@@ -20,7 +20,12 @@ import chaiAsPromised from 'chai-as-promised';
 
 import { FirebaseError } from '@firebase/util';
 
-import { Endpoint, HttpHeader } from '../';
+import {
+  Endpoint,
+  HttpHeader,
+  RecaptchaClientType,
+  RecaptchaVersion
+} from '../';
 import { mockEndpoint } from '../../../test/helpers/api/helper';
 import { testAuth, TestAuth } from '../../../test/helpers/mock_auth';
 import * as mockFetch from '../../../test/helpers/mock_fetch';
@@ -34,7 +39,10 @@ describe('api/authentication/startSignInPhoneMfa', () => {
     mfaPendingCredential: 'my-creds',
     mfaEnrollmentId: 'my-enrollment-id',
     phoneSignInInfo: {
-      recaptchaToken: 'catpcha-token'
+      recaptchaToken: 'catpcha-token',
+      captchaResponse: 'captcha-response',
+      clientType: RecaptchaClientType.WEB,
+      recaptchaVersion: RecaptchaVersion.ENTERPRISE
     }
   };
 

packages/auth/src/api/authentication/mfa.ts

@@ -19,6 +19,8 @@ import {
   _performApiRequest,
   Endpoint,
   HttpMethod,
+  RecaptchaClientType,
+  RecaptchaVersion,
   _addTidIfNecessary
 } from '../index';
 import { Auth } from '../../model/public_types';
@@ -47,7 +49,12 @@ export interface StartPhoneMfaSignInRequest {
   mfaPendingCredential: string;
   mfaEnrollmentId: string;
   phoneSignInInfo: {
-    recaptchaToken: string;
+    // reCAPTCHA v2 token
+    recaptchaToken?: string;
+    // reCAPTCHA Enterprise token
+    captchaResponse?: string;
+    clientType?: RecaptchaClientType;
+    recaptchaVersion?: RecaptchaVersion;
   };
   tenantId?: string;
 }

packages/auth/src/api/authentication/sms.test.ts

@@ -21,7 +21,12 @@ import chaiAsPromised from 'chai-as-promised';
 import { ProviderId } from '../../model/enums';
 import { FirebaseError } from '@firebase/util';
 
-import { Endpoint, HttpHeader } from '../';
+import {
+  Endpoint,
+  HttpHeader,
+  RecaptchaClientType,
+  RecaptchaVersion
+} from '../';
 import { mockEndpoint } from '../../../test/helpers/api/helper';
 import { testAuth, TestAuth } from '../../../test/helpers/mock_auth';
 import * as mockFetch from '../../../test/helpers/mock_fetch';
@@ -38,7 +43,10 @@ use(chaiAsPromised);
 describe('api/authentication/sendPhoneVerificationCode', () => {
   const request = {
     phoneNumber: '123456789',
-    recaptchaToken: 'captchad'
+    recaptchaToken: 'captchad',
+    captchaResponse: 'captcha-response',
+    clientType: RecaptchaClientType.WEB,
+    recaptchaVersion: RecaptchaVersion.ENTERPRISE
   };
 
   let auth: TestAuth;

packages/auth/src/api/authentication/sms.ts

@@ -18,6 +18,8 @@
 import {
   Endpoint,
   HttpMethod,
+  RecaptchaClientType,
+  RecaptchaVersion,
   _addTidIfNecessary,
   _makeTaggedError,
   _performApiRequest,
@@ -30,8 +32,13 @@ import { Auth } from '../../model/public_types';
 
 export interface SendPhoneVerificationCodeRequest {
   phoneNumber: string;
-  recaptchaToken: string;
+  // reCAPTCHA v2 token
+  recaptchaToken?: string;
   tenantId?: string;
+  // reCAPTCHA Enterprise token
+  captchaResponse?: string;
+  clientType?: RecaptchaClientType;
+  recaptchaVersion?: RecaptchaVersion;
 }
 
 export interface SendPhoneVerificationCodeResponse {

packages/auth/src/api/index.ts

@@ -86,7 +86,10 @@ export const enum RecaptchaVersion {
 export const enum RecaptchaActionName {
   SIGN_IN_WITH_PASSWORD = 'signInWithPassword',
   GET_OOB_CODE = 'getOobCode',
-  SIGN_UP_PASSWORD = 'signUpPassword'
+  SIGN_UP_PASSWORD = 'signUpPassword',
+  SEND_VERIFICATION_CODE = 'sendVerificationCode',
+  MFA_SMS_ENROLLMENT = 'mfaSmsEnrollment',
+  MFA_SMS_SIGNIN = 'mfaSmsSignin'
 }
 
 export const enum EnforcementState {
@@ -98,7 +101,8 @@ export const enum EnforcementState {
 
 // Providers that have reCAPTCHA Enterprise support.
 export const enum RecaptchaProvider {
-  EMAIL_PASSWORD_PROVIDER = 'EMAIL_PASSWORD_PROVIDER'
+  EMAIL_PASSWORD_PROVIDER = 'EMAIL_PASSWORD_PROVIDER',
+  PHONE_PROVIDER = 'PHONE_PROVIDER'
 }
 
 export const DEFAULT_API_TIMEOUT_MS = new Delay(30_000, 60_000);

packages/auth/src/platform_browser/recaptcha/recaptcha.test.ts

@@ -29,7 +29,7 @@ import {
 
 import { isV2, isEnterprise, RecaptchaConfig } from './recaptcha';
 import { GetRecaptchaConfigResponse } from '../../api/authentication/recaptcha';
-import { EnforcementState } from '../../api/index';
+import { EnforcementState, RecaptchaProvider } from '../../api/index';
 
 use(chaiAsPromised);
 use(sinonChai);
@@ -39,17 +39,60 @@ describe('platform_browser/recaptcha/recaptcha', () => {
   let recaptchaV2: MockReCaptcha;
   let recaptchaV3: MockGreCAPTCHA;
   let recaptchaEnterprise: MockGreCAPTCHATopLevel;
-  let recaptchaConfig: RecaptchaConfig;
 
   const TEST_SITE_KEY = 'test-site-key';
 
   const GET_RECAPTCHA_CONFIG_RESPONSE: GetRecaptchaConfigResponse = {
     recaptchaKey: 'projects/testproj/keys/' + TEST_SITE_KEY,
     recaptchaEnforcementState: [
-      { provider: 'EMAIL_PASSWORD_PROVIDER', enforcementState: 'ENFORCE' }
+      {
+        provider: RecaptchaProvider.EMAIL_PASSWORD_PROVIDER,
+        enforcementState: EnforcementState.ENFORCE
+      },
+      {
+        provider: RecaptchaProvider.PHONE_PROVIDER,
+        enforcementState: EnforcementState.AUDIT
+      }
     ]
   };
 
+  const GET_RECAPTCHA_CONFIG_RESPONSE_OFF: GetRecaptchaConfigResponse = {
+    recaptchaKey: 'projects/testproj/keys/' + TEST_SITE_KEY,
+    recaptchaEnforcementState: [
+      {
+        provider: RecaptchaProvider.EMAIL_PASSWORD_PROVIDER,
+        enforcementState: EnforcementState.OFF
+      },
+      {
+        provider: RecaptchaProvider.PHONE_PROVIDER,
+        enforcementState: EnforcementState.OFF
+      }
+    ]
+  };
+
+  const GET_RECAPTCHA_CONFIG_RESPONSE_ENFORCE_AND_OFF: GetRecaptchaConfigResponse =
+    {
+      recaptchaKey: 'projects/testproj/keys/' + TEST_SITE_KEY,
+      recaptchaEnforcementState: [
+        {
+          provider: RecaptchaProvider.EMAIL_PASSWORD_PROVIDER,
+          enforcementState: EnforcementState.ENFORCE
+        },
+        {
+          provider: RecaptchaProvider.PHONE_PROVIDER,
+          enforcementState: EnforcementState.OFF
+        }
+      ]
+    };
+
+  const recaptchaConfig = new RecaptchaConfig(GET_RECAPTCHA_CONFIG_RESPONSE);
+  const recaptchaConfigOff = new RecaptchaConfig(
+    GET_RECAPTCHA_CONFIG_RESPONSE_OFF
+  );
+  const recaptchaConfigEnforceAndOff = new RecaptchaConfig(
+    GET_RECAPTCHA_CONFIG_RESPONSE_ENFORCE_AND_OFF
+  );
+
   context('#verify', () => {
     beforeEach(async () => {
       auth = await testAuth();
@@ -74,30 +117,63 @@ describe('platform_browser/recaptcha/recaptcha', () => {
   });
 
   context('#RecaptchaConfig', () => {
-    beforeEach(async () => {
-      recaptchaConfig = new RecaptchaConfig(GET_RECAPTCHA_CONFIG_RESPONSE);
-    });
-
     it('should construct the recaptcha config from the backend response', () => {
       expect(recaptchaConfig.siteKey).to.eq(TEST_SITE_KEY);
       expect(recaptchaConfig.recaptchaEnforcementState[0]).to.eql({
-        provider: 'EMAIL_PASSWORD_PROVIDER',
-        enforcementState: 'ENFORCE'
+        provider: RecaptchaProvider.EMAIL_PASSWORD_PROVIDER,
+        enforcementState: EnforcementState.ENFORCE
+      });
+      expect(recaptchaConfig.recaptchaEnforcementState[1]).to.eql({
+        provider: RecaptchaProvider.PHONE_PROVIDER,
+        enforcementState: EnforcementState.AUDIT
+      });
+      expect(recaptchaConfigEnforceAndOff.recaptchaEnforcementState[1]).to.eql({
+        provider: RecaptchaProvider.PHONE_PROVIDER,
+        enforcementState: EnforcementState.OFF
       });
     });
 
     it('#getProviderEnforcementState should return the correct enforcement state of the provider', () => {
       expect(
-        recaptchaConfig.getProviderEnforcementState('EMAIL_PASSWORD_PROVIDER')
+        recaptchaConfig.getProviderEnforcementState(
+          RecaptchaProvider.EMAIL_PASSWORD_PROVIDER
+        )
       ).to.eq(EnforcementState.ENFORCE);
+      expect(
+        recaptchaConfig.getProviderEnforcementState(
+          RecaptchaProvider.PHONE_PROVIDER
+        )
+      ).to.eq(EnforcementState.AUDIT);
+      expect(
+        recaptchaConfigEnforceAndOff.getProviderEnforcementState(
+          RecaptchaProvider.PHONE_PROVIDER
+        )
+      ).to.eq(EnforcementState.OFF);
       expect(recaptchaConfig.getProviderEnforcementState('invalid-provider')).to
         .be.null;
     });
 
     it('#isProviderEnabled should return the enablement state of the provider', () => {
-      expect(recaptchaConfig.isProviderEnabled('EMAIL_PASSWORD_PROVIDER')).to.be
-        .true;
+      expect(
+        recaptchaConfig.isProviderEnabled(
+          RecaptchaProvider.EMAIL_PASSWORD_PROVIDER
+        )
+      ).to.be.true;
+      expect(
+        recaptchaConfig.isProviderEnabled(RecaptchaProvider.PHONE_PROVIDER)
+      ).to.be.true;
+      expect(
+        recaptchaConfigEnforceAndOff.isProviderEnabled(
+          RecaptchaProvider.PHONE_PROVIDER
+        )
+      ).to.be.false;
       expect(recaptchaConfig.isProviderEnabled('invalid-provider')).to.be.false;
     });
+
+    it('#isAnyProviderEnabled should return true if at least one provider is enabled', () => {
+      expect(recaptchaConfig.isAnyProviderEnabled()).to.be.true;
+      expect(recaptchaConfigEnforceAndOff.isAnyProviderEnabled()).to.be.true;
+      expect(recaptchaConfigOff.isAnyProviderEnabled()).to.be.false;
+    });
   });
 });

packages/auth/src/platform_browser/recaptcha/recaptcha.ts

@@ -20,7 +20,11 @@ import {
   GetRecaptchaConfigResponse,
   RecaptchaEnforcementProviderState
 } from '../../api/authentication/recaptcha';
-import { EnforcementState, _parseEnforcementState } from '../../api/index';
+import {
+  EnforcementState,
+  RecaptchaProvider,
+  _parseEnforcementState
+} from '../../api/index';
 
 // reCAPTCHA v2 interface
 export interface Recaptcha {
@@ -135,4 +139,17 @@ export class RecaptchaConfig {
       this.getProviderEnforcementState(providerStr) === EnforcementState.AUDIT
     );
   }
+
+  /**
+   * Returns true if reCAPTCHA Enterprise protection is enabled in at least one provider, otherwise
+   * returns false.
+   *
+   * @returns Whether or not reCAPTCHA Enterprise protection is enabled for at least one provider.
+   */
+  isAnyProviderEnabled(): boolean {
+    return (
+      this.isProviderEnabled(RecaptchaProvider.EMAIL_PASSWORD_PROVIDER) ||
+      this.isProviderEnabled(RecaptchaProvider.PHONE_PROVIDER)
+    );
+  }
 }