Merge master into release

.changeset/heavy-dingos-obey.md

@@ -0,0 +1,5 @@
+---
+'@firebase/firestore': patch
+---
+
+Update @grpc/proto-loader from v0.6.13 to v0.7.8

.changeset/mean-candles-approve.md

@@ -0,0 +1,5 @@
+---
+'@firebase/auth': patch
+---
+
+Fix auth event uncancellable bug #7383

.changeset/quiet-gorillas-smoke.md

@@ -0,0 +1,5 @@
+---
+"@firebase/firestore": patch
+---
+
+Refactored aggregate query order-by normalization to support future aggregate operations.

.changeset/short-dogs-smell.md

@@ -0,0 +1,5 @@
+---
+'@firebase/auth': patch
+---
+
+Raise error if calling initializeRecaptchaConfig in node env

.changeset/thick-lions-divide.md

@@ -0,0 +1,6 @@
+---
+'@firebase/auth': minor
+'firebase': minor
+---
+
+Add a validatePassword method for validating passwords against the password policy configured for the project or a tenant. This method returns a status object that can be used to display the requirements of the password policy and whether each one was met.

.github/workflows/test-changed-auth.yml

@@ -45,13 +45,20 @@ jobs:
     # Whatever version of Firefox comes with 22.04 is causing Firefox
     # startup to hang when launched by karma. Need to look further into
     # why.
+
     runs-on: ubuntu-20.04
 
+    # Chrome webdriver version is pinned to avoid install failures like "No such object: chromedriver/LATEST_RELEASE_115.0.5790"
+    # These are installed even in the Firefox test due to `yarn` command which pulls the devDependency listed in package.json.
     steps:
       - name: install Firefox stable
         run: |
           sudo apt-get update
           sudo apt-get install firefox
+          sudo apt-get install wget
+          sudo wget http://dl.google.com/linux/chrome/deb/pool/main/g/google-chrome-stable/google-chrome-stable_110.0.5481.177-1_amd64.deb
+          sudo apt-get install -f ./google-chrome-stable_110.0.5481.177-1_amd64.deb --allow-downgrades
+
       - name: Checkout Repo
         uses: actions/checkout@master
         with:

common/api-review/auth.api.md

@@ -563,6 +563,33 @@ export interface ParsedToken {
     'sub'?: string;
 }
 
+// @public
+export interface PasswordPolicy {
+    readonly allowedNonAlphanumericCharacters: string;
+    readonly customStrengthOptions: {
+        readonly minPasswordLength?: number;
+        readonly maxPasswordLength?: number;
+        readonly containsLowercaseLetter?: boolean;
+        readonly containsUppercaseLetter?: boolean;
+        readonly containsNumericCharacter?: boolean;
+        readonly containsNonAlphanumericCharacter?: boolean;
+    };
+    readonly enforcementState: string;
+    readonly forceUpgradeOnSignin: boolean;
+}
+
+// @public
+export interface PasswordValidationStatus {
+    readonly containsLowercaseLetter?: boolean;
+    readonly containsNonAlphanumericCharacter?: boolean;
+    readonly containsNumericCharacter?: boolean;
+    readonly containsUppercaseLetter?: boolean;
+    readonly isValid: boolean;
+    readonly meetsMaxPasswordLength?: boolean;
+    readonly meetsMinPasswordLength?: boolean;
+    readonly passwordPolicy: PasswordPolicy;
+}
+
 // @public
 export interface Persistence {
     readonly type: 'SESSION' | 'LOCAL' | 'NONE';
@@ -869,6 +896,9 @@ export interface UserMetadata {
 // @public
 export type UserProfile = Record<string, unknown>;
 
+// @public
+export function validatePassword(auth: Auth, password: string): Promise<PasswordValidationStatus>;
+
 // @public
 export function verifyBeforeUpdateEmail(user: User, newEmail: string, actionCodeSettings?: ActionCodeSettings | null): Promise<void>;
 

config/webpack.test.js

@@ -17,6 +17,7 @@
 
 const path = require('path');
 const webpack = require('webpack');
+const NodePolyfillPlugin = require('node-polyfill-webpack-plugin');
 
 /**
  * A regular expression used to replace Firestore's and Storage's platform-
@@ -28,6 +29,11 @@ const PLATFORM_RE = /^(.*)\/platform\/([^.\/]*)(\.ts)?$/;
 module.exports = {
   mode: 'development',
   devtool: 'source-map',
+  optimization: {
+    runtimeChunk: false,
+    splitChunks: false,
+    minimize: false
+  },
   module: {
     rules: [
       {
@@ -98,7 +104,7 @@ module.exports = {
     modules: ['node_modules', path.resolve(__dirname, '../../node_modules')],
     mainFields: ['browser', 'module', 'main'],
     extensions: ['.js', '.ts'],
-    symlinks: false
+    symlinks: true
   },
   plugins: [
     new webpack.NormalModuleReplacementPlugin(PLATFORM_RE, resource => {
@@ -108,6 +114,7 @@ module.exports = {
         `$1/platform/${targetPlatform}/$2.ts`
       );
     }),
+    new NodePolyfillPlugin(),
     new webpack.EnvironmentPlugin([
       'RTDB_EMULATOR_PORT',
       'RTDB_EMULATOR_NAMESPACE'

docs-devsite/auth.md

@@ -49,6 +49,7 @@ Firebase Authentication
 |  [signOut(auth)](./auth.md#signout) | Signs out the current user. |
 |  [updateCurrentUser(auth, user)](./auth.md#updatecurrentuser) | Asynchronously sets the provided user as [Auth.currentUser](./auth.auth.md#authcurrentuser) on the [Auth](./auth.auth.md#auth_interface) instance. |
 |  [useDeviceLanguage(auth)](./auth.md#usedevicelanguage) | Sets the current language to the default device/browser preference. |
+|  [validatePassword(auth, password)](./auth.md#validatepassword) | Validates the password against the password policy configured for the project or tenant. |
 |  [verifyPasswordResetCode(auth, code)](./auth.md#verifypasswordresetcode) | Checks a password reset code sent to the user by email or other out-of-band mechanism. |
 |  <b>function(link...)</b> |
 |  [parseActionCodeURL(link)](./auth.md#parseactioncodeurl) | Parses the email action link string and returns an [ActionCodeURL](./auth.actioncodeurl.md#actioncodeurl_class) if the link is valid, otherwise returns null. |
@@ -124,6 +125,8 @@ Firebase Authentication
 |  [MultiFactorUser](./auth.multifactoruser.md#multifactoruser_interface) | An interface that defines the multi-factor related properties and operations pertaining to a [User](./auth.user.md#user_interface)<!-- -->. |
 |  [OAuthCredentialOptions](./auth.oauthcredentialoptions.md#oauthcredentialoptions_interface) | Defines the options for initializing an [OAuthCredential](./auth.oauthcredential.md#oauthcredential_class)<!-- -->. |
 |  [ParsedToken](./auth.parsedtoken.md#parsedtoken_interface) | Interface representing a parsed ID token. |
+|  [PasswordPolicy](./auth.passwordpolicy.md#passwordpolicy_interface) | A structure specifying password policy requirements. |
+|  [PasswordValidationStatus](./auth.passwordvalidationstatus.md#passwordvalidationstatus_interface) | A structure indicating which password policy requirements were met or violated and what the requirements are. |
 |  [Persistence](./auth.persistence.md#persistence_interface) | An interface covering the possible persistence mechanism types. |
 |  [PhoneMultiFactorAssertion](./auth.phonemultifactorassertion.md#phonemultifactorassertion_interface) | The class for asserting ownership of a phone second factor. Provided by [PhoneMultiFactorGenerator.assertion()](./auth.phonemultifactorgenerator.md#phonemultifactorgeneratorassertion)<!-- -->. |
 |  [PhoneMultiFactorEnrollInfoOptions](./auth.phonemultifactorenrollinfooptions.md#phonemultifactorenrollinfooptions_interface) | Options used for enrolling a second factor. |
@@ -1077,6 +1080,39 @@ export declare function useDeviceLanguage(auth: Auth): void;
 
 void
 
+## validatePassword()
+
+Validates the password against the password policy configured for the project or tenant.
+
+If no tenant ID is set on the `Auth` instance, then this method will use the password policy configured for the project. Otherwise, this method will use the policy configured for the tenant. If a password policy has not been configured, then the default policy configured for all projects will be used.
+
+If an auth flow fails because a submitted password does not meet the password policy requirements and this method has previously been called, then this method will use the most recent policy available when called again.
+
+<b>Signature:</b>
+
+```typescript
+export declare function validatePassword(auth: Auth, password: string): Promise<PasswordValidationStatus>;
+```
+
+### Parameters
+
+|  Parameter | Type | Description |
+|  --- | --- | --- |
+|  auth | [Auth](./auth.auth.md#auth_interface) | The [Auth](./auth.auth.md#auth_interface) instance. |
+|  password | string | The password to validate. |
+
+<b>Returns:</b>
+
+Promise&lt;[PasswordValidationStatus](./auth.passwordvalidationstatus.md#passwordvalidationstatus_interface)<!-- -->&gt;
+
+### Example
+
+
+```javascript
+validatePassword(auth, 'some-password');
+
+```
+
 ## verifyPasswordResetCode()
 
 Checks a password reset code sent to the user by email or other out-of-band mechanism.

docs-devsite/auth.passwordpolicy.md

@@ -0,0 +1,75 @@
+Project: /docs/reference/js/_project.yaml
+Book: /docs/reference/_book.yaml
+page_type: reference
+
+{% comment %}
+DO NOT EDIT THIS FILE!
+This is generated by the JS SDK team, and any local changes will be
+overwritten. Changes should be made in the source code at
+https://github.com/firebase/firebase-js-sdk
+{% endcomment %}
+
+# PasswordPolicy interface
+A structure specifying password policy requirements.
+
+<b>Signature:</b>
+
+```typescript
+export interface PasswordPolicy 
+```
+
+## Properties
+
+|  Property | Type | Description |
+|  --- | --- | --- |
+|  [allowedNonAlphanumericCharacters](./auth.passwordpolicy.md#passwordpolicyallowednonalphanumericcharacters) | string | List of characters that are considered non-alphanumeric during validation. |
+|  [customStrengthOptions](./auth.passwordpolicy.md#passwordpolicycustomstrengthoptions) | { readonly minPasswordLength?: number; readonly maxPasswordLength?: number; readonly containsLowercaseLetter?: boolean; readonly containsUppercaseLetter?: boolean; readonly containsNumericCharacter?: boolean; readonly containsNonAlphanumericCharacter?: boolean; } | Requirements enforced by this password policy. |
+|  [enforcementState](./auth.passwordpolicy.md#passwordpolicyenforcementstate) | string | The enforcement state of the policy. Can be 'OFF' or 'ENFORCE'. |
+|  [forceUpgradeOnSignin](./auth.passwordpolicy.md#passwordpolicyforceupgradeonsignin) | boolean | Whether existing passwords must meet the policy. |
+
+## PasswordPolicy.allowedNonAlphanumericCharacters
+
+List of characters that are considered non-alphanumeric during validation.
+
+<b>Signature:</b>
+
+```typescript
+readonly allowedNonAlphanumericCharacters: string;
+```
+
+## PasswordPolicy.customStrengthOptions
+
+Requirements enforced by this password policy.
+
+<b>Signature:</b>
+
+```typescript
+readonly customStrengthOptions: {
+        readonly minPasswordLength?: number;
+        readonly maxPasswordLength?: number;
+        readonly containsLowercaseLetter?: boolean;
+        readonly containsUppercaseLetter?: boolean;
+        readonly containsNumericCharacter?: boolean;
+        readonly containsNonAlphanumericCharacter?: boolean;
+    };
+```
+
+## PasswordPolicy.enforcementState
+
+The enforcement state of the policy. Can be 'OFF' or 'ENFORCE'.
+
+<b>Signature:</b>
+
+```typescript
+readonly enforcementState: string;
+```
+
+## PasswordPolicy.forceUpgradeOnSignin
+
+Whether existing passwords must meet the policy.
+
+<b>Signature:</b>
+
+```typescript
+readonly forceUpgradeOnSignin: boolean;
+```

docs-devsite/auth.passwordvalidationstatus.md

@@ -0,0 +1,112 @@
+Project: /docs/reference/js/_project.yaml
+Book: /docs/reference/_book.yaml
+page_type: reference
+
+{% comment %}
+DO NOT EDIT THIS FILE!
+This is generated by the JS SDK team, and any local changes will be
+overwritten. Changes should be made in the source code at
+https://github.com/firebase/firebase-js-sdk
+{% endcomment %}
+
+# PasswordValidationStatus interface
+A structure indicating which password policy requirements were met or violated and what the requirements are.
+
+<b>Signature:</b>
+
+```typescript
+export interface PasswordValidationStatus 
+```
+
+## Properties
+
+|  Property | Type | Description |
+|  --- | --- | --- |
+|  [containsLowercaseLetter](./auth.passwordvalidationstatus.md#passwordvalidationstatuscontainslowercaseletter) | boolean | Whether the password contains a lowercase letter, or undefined if not required. |
+|  [containsNonAlphanumericCharacter](./auth.passwordvalidationstatus.md#passwordvalidationstatuscontainsnonalphanumericcharacter) | boolean | Whether the password contains a non-alphanumeric character, or undefined if not required. |
+|  [containsNumericCharacter](./auth.passwordvalidationstatus.md#passwordvalidationstatuscontainsnumericcharacter) | boolean | Whether the password contains a numeric character, or undefined if not required. |
+|  [containsUppercaseLetter](./auth.passwordvalidationstatus.md#passwordvalidationstatuscontainsuppercaseletter) | boolean | Whether the password contains an uppercase letter, or undefined if not required. |
+|  [isValid](./auth.passwordvalidationstatus.md#passwordvalidationstatusisvalid) | boolean | Whether the password meets all requirements. |
+|  [meetsMaxPasswordLength](./auth.passwordvalidationstatus.md#passwordvalidationstatusmeetsmaxpasswordlength) | boolean | Whether the password meets the maximum password length, or undefined if not required. |
+|  [meetsMinPasswordLength](./auth.passwordvalidationstatus.md#passwordvalidationstatusmeetsminpasswordlength) | boolean | Whether the password meets the minimum password length, or undefined if not required. |
+|  [passwordPolicy](./auth.passwordvalidationstatus.md#passwordvalidationstatuspasswordpolicy) | [PasswordPolicy](./auth.passwordpolicy.md#passwordpolicy_interface) | The policy used to validate the password. |
+
+## PasswordValidationStatus.containsLowercaseLetter
+
+Whether the password contains a lowercase letter, or undefined if not required.
+
+<b>Signature:</b>
+
+```typescript
+readonly containsLowercaseLetter?: boolean;
+```
+
+## PasswordValidationStatus.containsNonAlphanumericCharacter
+
+Whether the password contains a non-alphanumeric character, or undefined if not required.
+
+<b>Signature:</b>
+
+```typescript
+readonly containsNonAlphanumericCharacter?: boolean;
+```
+
+## PasswordValidationStatus.containsNumericCharacter
+
+Whether the password contains a numeric character, or undefined if not required.
+
+<b>Signature:</b>
+
+```typescript
+readonly containsNumericCharacter?: boolean;
+```
+
+## PasswordValidationStatus.containsUppercaseLetter
+
+Whether the password contains an uppercase letter, or undefined if not required.
+
+<b>Signature:</b>
+
+```typescript
+readonly containsUppercaseLetter?: boolean;
+```
+
+## PasswordValidationStatus.isValid
+
+Whether the password meets all requirements.
+
+<b>Signature:</b>
+
+```typescript
+readonly isValid: boolean;
+```
+
+## PasswordValidationStatus.meetsMaxPasswordLength
+
+Whether the password meets the maximum password length, or undefined if not required.
+
+<b>Signature:</b>
+
+```typescript
+readonly meetsMaxPasswordLength?: boolean;
+```
+
+## PasswordValidationStatus.meetsMinPasswordLength
+
+Whether the password meets the minimum password length, or undefined if not required.
+
+<b>Signature:</b>
+
+```typescript
+readonly meetsMinPasswordLength?: boolean;
+```
+
+## PasswordValidationStatus.passwordPolicy
+
+The policy used to validate the password.
+
+<b>Signature:</b>
+
+```typescript
+readonly passwordPolicy: PasswordPolicy;
+```

integration/firebase/test/namespace.test.ts

@@ -15,7 +15,11 @@
  * limitations under the License.
  */
 
-import firebase from 'firebase/compat';
+import firebase from 'firebase/compat/app';
+import 'firebase/compat/auth';
+import 'firebase/compat/database';
+import 'firebase/compat/storage';
+import 'firebase/compat/messaging';
 import * as namespaceDefinition from './namespaceDefinition.json';
 import validateNamespace from './validator';