Fix custom claims (#3915)

Author: samtstern

.changeset/silent-brooms-search.md

@@ -0,0 +1,5 @@
+---
+'@firebase/rules-unit-testing': patch
+---
+
+Fix custom claims in rules-unit-testing

packages/rules-unit-testing/src/api/index.ts

@@ -105,7 +105,7 @@ export type FirebaseIdToken = {
   };
 
   // Custom claims set by the developer
-  claims?: object;
+  [claim: string]: any;
 };
 
 // To avoid a breaking change, we accept the 'uid' option here, but

packages/rules-unit-testing/test/database.test.ts

@@ -202,6 +202,50 @@ describe('Testing Module Tests', function () {
     );
   });
 
+  it('initializeAdminApp() works with custom claims', async function () {
+    await firebase.loadFirestoreRules({
+      projectId: 'foo',
+      rules: `service cloud.firestore {
+        match /databases/{db}/documents/{doc=**} {
+          allow read, write: if request.auth.token.custom_claim == 'foo';
+        }
+      }`
+    });
+
+    const noClaim = firebase.initializeTestApp({
+      projectId: 'foo',
+      auth: {
+        uid: 'noClaim'
+      }
+    });
+
+    const hasClaim = firebase.initializeTestApp({
+      projectId: 'foo',
+      auth: {
+        uid: 'hasClaim',
+        custom_claim: 'foo'
+      }
+    });
+
+    const wrongClaim = firebase.initializeTestApp({
+      projectId: 'foo',
+      auth: {
+        uid: 'wrongClaim',
+        custom_claim: 'bar'
+      }
+    });
+
+    await firebase.assertSucceeds(
+      hasClaim.firestore().doc('test/test').set({ hello: 'test' })
+    );
+    await firebase.assertFails(
+      noClaim.firestore().doc('test/test').set({ hello: 'test' })
+    );
+    await firebase.assertFails(
+      wrongClaim.firestore().doc('test/test').set({ hello: 'test' })
+    );
+  });
+  
   it('loadDatabaseRules() throws if no databaseName or rules', async function () {
     // eslint-disable-next-line @typescript-eslint/no-explicit-any
     await expect((firebase as any).loadDatabaseRules.bind(null, {})).to.throw(