fix(auth): make MFA uid optional for updateUser operations (#1278)

bojeil-google · web-flow · commit 3b48235bf49d · 2021-05-18T16:00:43.000-07:00
* fix(auth): make MFA uid optional for updateUser operations MFA `uid` should be optional for `updateUser` operations. When not specified, the backend will provision a `uid` for the enrolled second factor. Fixes #1276
diff --git a/src/auth/auth-api-request.ts b/src/auth/auth-api-request.ts
@@ -257,9 +257,8 @@ class AuthHttpClient extends AuthorizedHttpClient {
  * an error is thrown.
  *
  * @param request The AuthFactorInfo request object.
- * @param writeOperationType The write operation type.
  */
-function validateAuthFactorInfo(request: AuthFactorInfo, writeOperationType: WriteOperationType): void {
+function validateAuthFactorInfo(request: AuthFactorInfo): void {
   const validKeys = {
     mfaEnrollmentId: true,
     displayName: true,
@@ -275,8 +274,8 @@ function validateAuthFactorInfo(request: AuthFactorInfo, writeOperationType: Wri
   // No enrollment ID is available for signupNewUser. Use another identifier.
   const authFactorInfoIdentifier =
       request.mfaEnrollmentId || request.phoneInfo || JSON.stringify(request);
-  const uidRequired = writeOperationType !== WriteOperationType.Create;
-  if ((typeof request.mfaEnrollmentId !== 'undefined' || uidRequired) &&
+  // Enrollment uid may or may not be specified for update operations.
+  if (typeof request.mfaEnrollmentId !== 'undefined' &&
       !validator.isNonEmptyString(request.mfaEnrollmentId)) {
     throw new FirebaseAuthError(
       AuthClientErrorCode.INVALID_UID,
@@ -573,7 +572,7 @@ function validateCreateEditRequest(request: any, writeOperationType: WriteOperat
       throw new FirebaseAuthError(AuthClientErrorCode.INVALID_ENROLLED_FACTORS);
     }
     enrollments.forEach((authFactorInfoEntry: AuthFactorInfo) => {
-      validateAuthFactorInfo(authFactorInfoEntry, writeOperationType);
+      validateAuthFactorInfo(authFactorInfoEntry);
     });
   }
 }
diff --git a/test/unit/auth/auth-api-request.spec.ts b/test/unit/auth/auth-api-request.spec.ts
@@ -2071,6 +2071,11 @@ AUTH_REQUEST_HANDLER_TESTS.forEach((handler) => {
               phoneNumber: '+16505551000',
               factorId: 'phone',
             } as UpdateMultiFactorInfoRequest,
+            {
+              // No error should be thrown when no uid is specified.
+              phoneNumber: '+16505551234',
+              factorId: 'phone',
+            } as UpdateMultiFactorInfoRequest,
           ],
         },
       };
@@ -2096,6 +2101,9 @@ AUTH_REQUEST_HANDLER_TESTS.forEach((handler) => {
               mfaEnrollmentId: 'enrolledSecondFactor2',
               phoneInfo: '+16505551000',
             },
+            {
+              phoneInfo: '+16505551234',
+            },
           ],
         },
       };
