firebase · mohankumarelec · Nov 21, 2024 · Nov 22, 2024 · Nov 22, 2024 · Nov 22, 2024
diff --git a/src/emulator/auth/operations.ts b/src/emulator/auth/operations.ts
@@ -1030,11 +1030,7 @@ export function setAccountInfoImpl(
   { privileged = false, emulatorUrl = undefined }: { privileged?: boolean; emulatorUrl?: URL } = {},
 ): Schemas["GoogleCloudIdentitytoolkitV1SetAccountInfoResponse"] {
   // TODO: Implement these.
-  const unimplementedFields: (keyof typeof reqBody)[] = [
-    "provider",
-    "upgradeToFederatedLogin",
-    "linkProviderUserInfo",
-  ];
+  const unimplementedFields: (keyof typeof reqBody)[] = ["provider", "upgradeToFederatedLogin"];
   for (const field of unimplementedFields) {
     if (field in reqBody) {
       throw new NotImplementedError(`${field} is not implemented yet.`);
@@ -1232,8 +1228,16 @@ export function setAccountInfoImpl(
     }
   }
 
+  if (reqBody.linkProviderUserInfo) {
+    assert(!reqBody.linkProviderUserInfo.providerId?.length, "MISSING_PROVIDER_ID");
+    assert(!reqBody.linkProviderUserInfo.rawId?.length, "MISSING_RAW_ID");
+  }
+
   user = state.updateUserByLocalId(user.localId, updates, {
     deleteProviders: reqBody.deleteProvider,
+    upsertProviders: reqBody.linkProviderUserInfo
+      ? [reqBody.linkProviderUserInfo as ProviderUserInfo]
+      : undefined,
   });
 
   // Only initiate the recover email OOB flow for non-anonymous users

diff --git a/src/emulator/auth/setAccountInfo.spec.ts b/src/emulator/auth/setAccountInfo.spec.ts
@@ -1254,4 +1254,100 @@ describeAuthEmulator("accounts:update", ({ authApi, getClock }) => {
     expect(oobs[0].requestType).to.equal("RECOVER_EMAIL");
     expect(oobs[0].oobLink).to.include(tenant.tenantId);
   });
+
+  it("should link provider account with existing user account", async () => {
+    const { idToken } = await registerUser(authApi(), {
+      email: "test@example.com",
+      password: "password",
+    });
+
+    const providerId = "google.com";
+    const rawId = "google_user_id";
+    const providerUserInfo = {
+      providerId,
+      rawId,
+      email: "linked@example.com",
+      displayName: "Linked User",
+      photoUrl: "https://example.com/photo.jpg",
+    };
+
+    await authApi()
+      .post("/identitytoolkit.googleapis.com/v1/accounts:update")
+      .query({ key: "fake-api-key" })
+      .send({ idToken, linkProviderUserInfo: providerUserInfo })
+      .then((res) => {
+        expectStatusCode(200, res);
+        const providers = res.body.providerUserInfo;
+        expect(providers).to.have.length(2); // Original email/password + linked provider
+
+        const linkedProvider = providers.find((p: ProviderUserInfo) => p.providerId === providerId);
+        expect(linkedProvider).to.deep.equal(providerUserInfo);
+      });
+
+    const accountInfo = await getAccountInfoByIdToken(authApi(), idToken);
+    expect(accountInfo.providerUserInfo).to.have.length(2);
+    const linkedProviderInfo = accountInfo.providerUserInfo?.find(
+      (p: ProviderUserInfo) => p.providerId === providerId,
+    );
+    expect(linkedProviderInfo).to.deep.equal(providerUserInfo);
+  });
+
+  it("should error if linkProviderUserInfo is missing required fields", async () => {
+    const { idToken } = await registerUser(authApi(), {
+      email: "test@example.com",
+      password: "password",
+    });
+
+    const incompleteProviderUserInfo1 = {
+      providerId: "google.com",
+      email: "linked@example.com",
+    };
+
+    await authApi()
+      .post("/identitytoolkit.googleapis.com/v1/accounts:update")
+      .query({ key: "fake-api-key" })
+      .send({ idToken, linkProviderUserInfo: incompleteProviderUserInfo1 })
+      .then((res) => {
+        expectStatusCode(400, res);
+        expect(res.body.error.message).to.contain("MISSING_RAW_ID");
+      });
+
+    const incompleteProviderUserInfo2 = {
+      rawId: "google_user_id",
+      email: "linked@example.com",
+    };
+
+    await authApi()
+      .post("/identitytoolkit.googleapis.com/v1/accounts:update")
+      .query({ key: "fake-api-key" })
+      .send({ idToken, linkProviderUserInfo: incompleteProviderUserInfo2 })
+      .then((res) => {
+        expectStatusCode(400, res);
+        expect(res.body.error.message).to.contain("MISSING_PROVIDER_ID");
+      });
+  });
+
+  it("should error if user is disabled when linking a provider", async () => {
+    const { localId, idToken } = await registerUser(authApi(), {
+      email: "test@example.com",
+      password: "password",
+    });
+
+    await updateAccountByLocalId(authApi(), localId, { disableUser: true });
+
+    const providerUserInfo = {
+      providerId: "google.com",
+      rawId: "google_user_id",
+      email: "linked@example.com",
+    };
+
+    await authApi()
+      .post("/identitytoolkit.googleapis.com/v1/accounts:update")
+      .query({ key: "fake-api-key" })
+      .send({ idToken, linkProviderUserInfo: providerUserInfo })
+      .then((res) => {
+        expectStatusCode(400, res);
+        expect(res.body.error.message).to.equal("USER_DISABLED");
+      });
+  });
 });