firebase · bhparijat · Dec 3, 2022 · Nov 19, 2022 · Nov 24, 2022 · Nov 28, 2022
@@ -99,21 +99,18 @@ function stubConsoleToSilenceEmulatorWarnings(): sinon.SinonStub {
 export function getTotpCode(
   sharedSecretKey: string,
   periodSec: number,
-  verificationCodeLength: number
+  verificationCodeLength: number,
+  timestamp: Date
 ): string {
   const token = totp(sharedSecretKey, {
     period: periodSec,
     digits: verificationCodeLength,
-    algorithm: 'SHA-1'
+    algorithm: 'SHA-1',
+    timestamp
   });
 
   return token;
 }
-
-export function delay(dt: number): Promise<void> {
-  return new Promise(resolve => setTimeout(resolve, dt));
-}
-
 export const email = '[email protected]';
 //1000000 is always incorrect since it has 7 digits and we expect 6.
 export const incorrectTotpCode = '1000000';
@@ -29,7 +29,6 @@ import {
   cleanUpTestInstance,
   getTestInstance,
   getTotpCode,
-  delay,
   email,
   incorrectTotpCode
 } from '../../helpers/integration/helpers';
@@ -38,6 +37,7 @@ import {
   TotpMultiFactorGenerator,
   TotpSecret
 } from '../../../src/mfa/assertions/totp';
+import { getEmulatorUrl } from '../../helpers/integration/settings';
 
 use(chaiAsPromised);
 use(sinonChai);
@@ -46,112 +46,131 @@ describe(' Integration tests: Mfa TOTP', () => {
   let auth: Auth;
   let totpSecret: TotpSecret;
   let displayName: string;
+  let totpTimestamp: Date;
+  let emulatorUrl: string | null;
   beforeEach(async () => {
-    auth = getTestInstance();
-    displayName = 'totp-integration-test';
+    emulatorUrl = getEmulatorUrl();
+    if (!emulatorUrl) {
+      auth = getTestInstance();
+      displayName = 'totp-integration-test';
+    }
   });
 
   afterEach(async () => {
-    await cleanUpTestInstance(auth);
+    if (!emulatorUrl) {
+      await cleanUpTestInstance(auth);
+    }
   });
 
   it('should not enroll if incorrect totp supplied', async () => {
-    const cr = await signInWithEmailAndPassword(auth, email, 'password');
-    const mfaUser = multiFactor(cr.user);
-    const session = await mfaUser.getSession();
-    totpSecret = await TotpMultiFactorGenerator.generateSecret(session);
-    const multiFactorAssertion =
-      TotpMultiFactorGenerator.assertionForEnrollment(
-        totpSecret,
-        incorrectTotpCode
-      );
-
-    await expect(
-      mfaUser.enroll(multiFactorAssertion, displayName)
-    ).to.be.rejectedWith('auth/invalid-verification-code');
+    if (!emulatorUrl) {
+      const cr = await signInWithEmailAndPassword(auth, email, 'password');
+      const mfaUser = multiFactor(cr.user);
+      const session = await mfaUser.getSession();
+      totpSecret = await TotpMultiFactorGenerator.generateSecret(session);
+      const multiFactorAssertion =
+        TotpMultiFactorGenerator.assertionForEnrollment(
+          totpSecret,
+          incorrectTotpCode
+        );
+
+      await expect(
+        mfaUser.enroll(multiFactorAssertion, displayName)
+      ).to.be.rejectedWith('auth/invalid-verification-code');
+    }
   });
 
   it('should enroll using correct otp', async () => {
-    const cr = await signInWithEmailAndPassword(auth, email, 'password');
+    if (!emulatorUrl) {
+      const cr = await signInWithEmailAndPassword(auth, email, 'password');
 
-    const mfaUser = multiFactor(cr.user);
+      const mfaUser = multiFactor(cr.user);
 
-    const session = await mfaUser.getSession();
+      const session = await mfaUser.getSession();
 
-    totpSecret = await TotpMultiFactorGenerator.generateSecret(session);
+      totpSecret = await TotpMultiFactorGenerator.generateSecret(session);
 
-    const totpVerificationCode = getTotpCode(
-      totpSecret.secretKey,
-      totpSecret.codeIntervalSeconds,
-      totpSecret.codeLength
-    );
+      totpTimestamp = new Date();
 
-    const multiFactorAssertion =
-      TotpMultiFactorGenerator.assertionForEnrollment(
-        totpSecret,
-        totpVerificationCode
+      const totpVerificationCode = getTotpCode(
+        totpSecret.secretKey,
+        totpSecret.codeIntervalSeconds,
+        totpSecret.codeLength,
+        totpTimestamp
       );
-    await expect(mfaUser.enroll(multiFactorAssertion, displayName)).to.be
-      .fulfilled;
+
+      const multiFactorAssertion =
+        TotpMultiFactorGenerator.assertionForEnrollment(
+          totpSecret,
+          totpVerificationCode
+        );
+      await expect(mfaUser.enroll(multiFactorAssertion, displayName)).to.be
+        .fulfilled;
+    }
   });
 
   it('should not allow sign-in with incorrect totp', async () => {
     let resolver;
 
-    try {
-      await signInWithEmailAndPassword(auth, email, 'password');
+    if (!emulatorUrl) {
+      try {
+        await signInWithEmailAndPassword(auth, email, 'password');
 
-      throw new Error('Signin should not have been successful');
-    } catch (error) {
-      expect(error).to.be.an.instanceOf(FirebaseError);
-      expect((error as any).code).to.eql('auth/multi-factor-auth-required');
+        throw new Error('Signin should not have been successful');
+      } catch (error) {
+        expect(error).to.be.an.instanceOf(FirebaseError);
+        expect((error as any).code).to.eql('auth/multi-factor-auth-required');
 
-      resolver = getMultiFactorResolver(auth, error as any);
-      expect(resolver.hints).to.have.length(1);
+        resolver = getMultiFactorResolver(auth, error as any);
+        expect(resolver.hints).to.have.length(1);
 
-      const assertion = TotpMultiFactorGenerator.assertionForSignIn(
-        resolver.hints[0].uid,
-        incorrectTotpCode
-      );
+        const assertion = TotpMultiFactorGenerator.assertionForSignIn(
+          resolver.hints[0].uid,
+          incorrectTotpCode
+        );
 
-      await expect(resolver.resolveSignIn(assertion)).to.be.rejectedWith(
-        'auth/invalid-verification-code'
-      );
+        await expect(resolver.resolveSignIn(assertion)).to.be.rejectedWith(
+          'auth/invalid-verification-code'
+        );
+      }
     }
   });
 
   it('should allow sign-in with for correct totp and unenroll successfully', async () => {
     let resolver;
-
-    await delay(30 * 1000);
-    //TODO(bhparijat) generate the otp code for the next time window by passing the appropriate
-    //timestamp to avoid the 30s delay. The delay is needed because the otp code used for enrollment
-    //cannot be reused for signing in.
-    try {
-      await signInWithEmailAndPassword(auth, email, 'password');
-
-      throw new Error('Signin should not have been successful');
-    } catch (error) {
-      expect(error).to.be.an.instanceOf(FirebaseError);
-      expect((error as any).code).to.eql('auth/multi-factor-auth-required');
-
-      resolver = getMultiFactorResolver(auth, error as any);
-      expect(resolver.hints).to.have.length(1);
-
-      const totpVerificationCode = getTotpCode(
-        totpSecret.secretKey,
-        totpSecret.codeIntervalSeconds,
-        totpSecret.codeLength
-      );
-      const assertion = TotpMultiFactorGenerator.assertionForSignIn(
-        resolver.hints[0].uid,
-        totpVerificationCode
-      );
-      const userCredential = await resolver.resolveSignIn(assertion);
-
-      const mfaUser = multiFactor(userCredential.user);
-
-      await expect(mfaUser.unenroll(resolver.hints[0].uid)).to.be.fulfilled;
+    if (!emulatorUrl) {
+      try {
+        await signInWithEmailAndPassword(auth, email, 'password');
+
+        throw new Error('Signin should not have been successful');
+      } catch (error) {
+        expect(error).to.be.an.instanceOf(FirebaseError);
+        expect((error as any).code).to.eql('auth/multi-factor-auth-required');
+
+        resolver = getMultiFactorResolver(auth, error as any);
+        expect(resolver.hints).to.have.length(1);
+
+        totpTimestamp.setSeconds(totpTimestamp.getSeconds() + 30);
+
+        const totpVerificationCode = getTotpCode(
+          totpSecret.secretKey,
+          totpSecret.codeIntervalSeconds,
+          totpSecret.codeLength,
+          totpTimestamp
+        );
+
+        const assertion = TotpMultiFactorGenerator.assertionForSignIn(
+          resolver.hints[0].uid,
+          totpVerificationCode
+        );
+        const userCredential = await resolver.resolveSignIn(assertion);
+
+        const mfaUser = multiFactor(userCredential.user);
+
+        await expect(mfaUser.unenroll(resolver.hints[0].uid)).to.be.fulfilled;
+        await expect(signInWithEmailAndPassword(auth, email, 'password')).to.be
+          .fulfilled;
+      }
     }
-  }).timeout(32000);
+  });
 });
@@ -10839,6 +10839,11 @@ jsprim@^1.2.2:
     json-schema "0.2.3"
     verror "1.10.0"
 
+jssha@^3.1.2:
+  version "3.3.0"
+  resolved "https://registry.npmjs.org/jssha/-/jssha-3.3.0.tgz#44b5531bcf55a12f4a388476c647a9a1cca92839"
+  integrity sha512-w9OtT4ALL+fbbwG3gw7erAO0jvS5nfvrukGPMWIAoea359B26ALXGpzy4YJSp9yGnpUvuvOw1nSjSoHDfWSr1w==
+
 jszip@^3.1.3, jszip@^3.6.0:
   version "3.7.1"
   resolved "https://registry.npmjs.org/jszip/-/jszip-3.7.1.tgz#bd63401221c15625a1228c556ca8a68da6fda3d9"
@@ -16415,6 +16420,13 @@ [email protected]:
   resolved "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz#3be34321a88a820ed1bd80dfaa33e479fbb8dd35"
   integrity sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA==
 
+[email protected]:
+  version "0.0.14"
+  resolved "https://registry.npmjs.org/totp-generator/-/totp-generator-0.0.14.tgz#c136bcb4030f9cab5b10ecd82d15cd2d5518234a"
+  integrity sha512-vFZ8N2TdF4mCj8bUW460jI73LqS+JKccsZ8cttQSuXa3dkTmZo8q81Pq2yAuiPxCI5fPfUrfaKuU+7adjx5s4w==
+  dependencies:
+    jssha "^3.1.2"
+
 tough-cookie@~2.5.0:
   version "2.5.0"
   resolved "https://registry.npmjs.org/tough-cookie/-/tough-cookie-2.5.0.tgz#cd9fb2a0aa1d5a12b473bd9fb96fa3dcff65ade2"