Project config - Recaptcha config (#1595)

* Recaptcha config changes in project config.
- Implemented getProjectConfig.
- Implemented updateProjectConfig.
- Updated error code.
- Add Term of Service consents.

Author: Xiaoshouzi-gh

etc/firebase-admin.auth.api.md

@@ -345,6 +345,7 @@ export class PhoneMultiFactorInfo extends MultiFactorInfo {
 export class ProjectConfig {
     get multiFactorConfig(): MultiFactorConfig | undefined;
     readonly smsRegionConfig?: SmsRegionConfig;
+    get recaptchaConfig(): RecaptchaConfig | undefined;
     toJSON(): object;
 }
 
@@ -478,6 +479,7 @@ export interface UpdatePhoneMultiFactorInfoRequest extends BaseUpdateMultiFactor
 export interface UpdateProjectConfigRequest {
     multiFactorConfig?: MultiFactorConfig;
     smsRegionConfig?: SmsRegionConfig;
+    recaptchaConfig?: RecaptchaConfig;
 }
 
 // @public

src/auth/auth-config.ts

@@ -1773,6 +1773,9 @@ export interface RecaptchaKey {
 
 /**
  * The request interface for updating a reCAPTCHA Config.
+ * By enabling reCAPTCHA Enterprise Integration you are
+ * agreeing to reCAPTCHA Enterprise
+ * {@link https://cloud.google.com/terms/service-terms | Term of Service}.
  */
 export interface RecaptchaConfig {
   /**

src/auth/project-config-manager.ts

@@ -27,7 +27,6 @@ import {
  */
 export class ProjectConfigManager {
   private readonly authRequestHandler: AuthRequestHandler;
-
   /**
    * Initializes a ProjectConfigManager instance for a specified FirebaseApp.
    *

src/auth/project-config.ts

@@ -21,6 +21,8 @@ import {
   MultiFactorConfig,
   MultiFactorAuthConfig,
   MultiFactorAuthServerConfig,
+  RecaptchaConfig,
+  RecaptchaAuthConfig,
 } from './auth-config';
 import { deepCopy } from '../utils/deep-copy';
 
@@ -36,6 +38,14 @@ export interface UpdateProjectConfigRequest {
    * The multi-factor auth configuration to update on the project.
    */
   multiFactorConfig?: MultiFactorConfig;
+  
+  /**
+   * The recaptcha configuration to update on the project.
+   * By enabling reCAPTCHA Enterprise Integration you are
+   * agreeing to reCAPTCHA Enterprise
+   * {@link https://cloud.google.com/terms/service-terms | Term of Service}.
+   */
+  recaptchaConfig?: RecaptchaConfig;
 }
 
 /**
@@ -45,6 +55,7 @@ export interface UpdateProjectConfigRequest {
 export interface ProjectConfigServerResponse {
   smsRegionConfig?: SmsRegionConfig;
   mfa?: MultiFactorAuthServerConfig;
+  recaptchaConfig?: RecaptchaConfig;
 }
 
 /**
@@ -54,6 +65,7 @@ export interface ProjectConfigServerResponse {
 export interface ProjectConfigClientRequest {
   smsRegionConfig?: SmsRegionConfig;
   mfa?: MultiFactorAuthServerConfig;
+  recaptchaConfig?: RecaptchaConfig;
 }
 
 /**
@@ -66,10 +78,21 @@ export class ProjectConfig {
    * This is based on the calling code of the destination phone number.
    */
   public readonly smsRegionConfig?: SmsRegionConfig;
+
   /**
    * The project's multi-factor auth configuration.
    * Supports only phone and TOTP.
-   */  private readonly multiFactorConfig_?: MultiFactorConfig;
+   */  
+  private readonly multiFactorConfig_?: MultiFactorConfig;
+
+  /**
+   * The recaptcha configuration to update on the project config.
+   * By enabling reCAPTCHA Enterprise Integration you are
+   * agreeing to reCAPTCHA Enterprise
+   * {@link https://cloud.google.com/terms/service-terms | Term of Service}.
+   */
+  private readonly recaptchaConfig_?: RecaptchaAuthConfig;
+  
   /**
    * The multi-factor auth configuration.
    */
@@ -92,6 +115,7 @@ export class ProjectConfig {
     const validKeys = {
       smsRegionConfig: true,
       multiFactorConfig: true,
+      recaptchaConfig: true,
     }
     // Check for unsupported top level attributes.
     for (const key in request) {
@@ -111,13 +135,17 @@ export class ProjectConfig {
     if (typeof request.multiFactorConfig !== 'undefined') {
       MultiFactorAuthConfig.validate(request.multiFactorConfig);
     }
+    // Validate reCAPTCHA config attribute.
+    if (typeof request.recaptchaConfig !== 'undefined') {
+      RecaptchaAuthConfig.validate(request.recaptchaConfig);
+    }
   }
 
   /**
    * Build the corresponding server request for a UpdateProjectConfigRequest object.
    * @param configOptions - The properties to convert to a server request.
    * @returns  The equivalent server request.
-   *
+   * 
    * @internal
    */
   public static buildServerRequest(configOptions: UpdateProjectConfigRequest): ProjectConfigClientRequest {
@@ -133,7 +161,13 @@ export class ProjectConfig {
     delete request.multiFactorConfig;
     return request as ProjectConfigClientRequest;
   }
-
+ 
+  /**
+   * The recaptcha configuration.
+   */
+  get recaptchaConfig(): RecaptchaConfig | undefined {
+    return this.recaptchaConfig_;
+  }
   /**
    * The Project Config object constructor.
    *
@@ -150,6 +184,9 @@ export class ProjectConfig {
     if (typeof response.mfa !== 'undefined') {
       this.multiFactorConfig_ = new MultiFactorAuthConfig(response.mfa);
     }
+    if (typeof response.recaptchaConfig !== 'undefined') {
+      this.recaptchaConfig_ = new RecaptchaAuthConfig(response.recaptchaConfig);
+    }
   }
   /**
    * Returns a JSON-serializable representation of this object.
@@ -161,13 +198,17 @@ export class ProjectConfig {
     const json = {
       smsRegionConfig: deepCopy(this.smsRegionConfig),
       multiFactorConfig: deepCopy(this.multiFactorConfig),
+      recaptchaConfig: this.recaptchaConfig_?.toJSON(),
     };
     if (typeof json.smsRegionConfig === 'undefined') {
       delete json.smsRegionConfig;
     }
     if (typeof json.multiFactorConfig === 'undefined') {
       delete json.multiFactorConfig;
     }
+    if (typeof json.recaptchaConfig === 'undefined') {
+      delete json.recaptchaConfig;
+    }
     return json;
   }
 }

src/auth/tenant.ts

@@ -62,6 +62,9 @@ export interface UpdateTenantRequest {
 
   /**
    * The recaptcha configuration to update on the tenant.
+   * By enabling reCAPTCHA Enterprise Integration you are
+   * agreeing to reCAPTCHA Enterprise
+   * {@link https://cloud.google.com/terms/service-terms | Term of Service}.
    */
   recaptchaConfig?: RecaptchaConfig;
 }
@@ -137,9 +140,12 @@ export class Tenant {
   private readonly emailSignInConfig_?: EmailSignInConfig;
   private readonly multiFactorConfig_?: MultiFactorAuthConfig;
 
-  /*
-  * The map conatining the reCAPTCHA config.
-  */
+  /**
+   * The map conatining the reCAPTCHA config.
+   * By enabling reCAPTCHA Enterprise Integration you are
+   * agreeing to reCAPTCHA Enterprise
+   * {@link https://cloud.google.com/terms/service-terms | Term of Service}.
+   */
   private readonly recaptchaConfig_?: RecaptchaAuthConfig;
   /**
    * The SMS Regions Config to update a tenant.

src/utils/error.ts

@@ -737,6 +737,14 @@ export class AuthClientErrorCode {
     code: 'user-not-disabled',
     message: 'The user must be disabled in order to bulk delete it (or you must pass force=true).',
   };
+  public static INVALID_RECAPTCHA_ACTION = {
+    code: 'invalid-recaptcha-action',
+    message: 'reCAPTCHA action must be "BLOCK".'
+  }
+  public static INVALID_RECAPTCHA_ENFORCEMENT_STATE = {
+    code: 'invalid-recaptcha-enforcement-state',
+    message: 'reCAPTCHA enforcement state must be either "OFF", "AUDIT" or "ENFORCE".'
+  }
 }
 
 /**
@@ -996,6 +1004,10 @@ const AUTH_SERVER_TO_CLIENT_CODE: ServerToClientCode = {
   USER_DISABLED: 'USER_DISABLED',
   // Password provided is too weak.
   WEAK_PASSWORD: 'INVALID_PASSWORD',
+  // Unrecognized reCAPTCHA action.
+  INVALID_RECAPTCHA_ACTION: 'INVALID_RECAPTCHA_ACTION',
+  // Unrecognized reCAPTCHA enforcement state.
+  INVALID_RECAPTCHA_ENFORCEMENT_STATE: 'INVALID_RECAPTCHA_ENFORCEMENT_STATE',
 };
 
 /** @const {ServerToClientCode} Messaging server to client enum error codes. */

test/unit/auth/project-config-manager.spec.ts

@@ -51,6 +51,17 @@ describe('ProjectConfigManager', () => {
         allowedRegions: [ 'AC', 'AD' ],
       },
     },
+    recaptchaConfig: {
+      emailPasswordEnforcementState: 'AUDIT',
+      managedRules: [ {
+        endScore: 0.2,
+        action: 'BLOCK'
+      } ],
+      recaptchaKeys: [ {
+        type: 'WEB',
+        key: 'test-key-1' }
+      ],
+    }
   };
 
   before(() => {
@@ -131,6 +142,13 @@ describe('ProjectConfigManager', () => {
           disallowedRegions: [ 'AC', 'AD' ],
         },
       },
+      recaptchaConfig: {
+        emailPasswordEnforcementState: 'AUDIT',
+        managedRules: [ {
+          endScore: 0.2,
+          action: 'BLOCK'
+        } ],
+      }
     };
     const expectedProjectConfig = new ProjectConfig(GET_CONFIG_RESPONSE);
     const expectedError = new FirebaseAuthError(
@@ -193,4 +211,4 @@ describe('ProjectConfigManager', () => {
         });
     });
   });
-});
+});