@@ -50,6 +50,7 @@ const sessionCookieUids = [
50
50
generateRandomString ( 20 ) ,
51
51
generateRandomString ( 20 ) ,
52
52
generateRandomString ( 20 ) ,
53
+ generateRandomString ( 20 ) ,
53
54
] ;
54
55
const testPhoneNumber = '+11234567890' ;
55
56
const testPhoneNumber2 = '+16505550101' ;
@@ -2118,6 +2119,7 @@ describe('admin.auth', () => {
2118
2119
const uid = sessionCookieUids [ 0 ] ;
2119
2120
const uid2 = sessionCookieUids [ 1 ] ;
2120
2121
const uid3 = sessionCookieUids [ 2 ] ;
2122
+ const uid4 = sessionCookieUids [ 3 ] ;
2121
2123
2122
2124
it ( 'creates a valid Firebase session cookie' , ( ) => {
2123
2125
return getAuth ( ) . createCustomToken ( uid , { admin : true , groupId : '1234' } )
@@ -2207,6 +2209,28 @@ describe('admin.auth', () => {
2207
2209
} ) ;
2208
2210
} ) ;
2209
2211
2212
+ it ( 'fails when called with user disabled' , async ( ) => {
2213
+ const expiresIn = 24 * 60 * 60 * 1000 ;
2214
+ const customToken = await getAuth ( ) . createCustomToken ( uid4 , { admin : true , groupId : '1234' } ) ;
2215
+ const { user } = await clientAuth ( ) . signInWithCustomToken ( customToken ) ;
2216
+ expect ( user ) . to . exist ;
2217
+
2218
+ const idToken = await user ! . getIdToken ( ) ;
2219
+ const decodedIdTokenClaims = await getAuth ( ) . verifyIdToken ( idToken ) ;
2220
+ expect ( decodedIdTokenClaims . uid ) . to . be . equal ( uid4 ) ;
2221
+
2222
+ const sessionCookie = await getAuth ( ) . createSessionCookie ( idToken , { expiresIn } ) ;
2223
+ const decodedIdToken = await getAuth ( ) . verifySessionCookie ( sessionCookie , true ) ;
2224
+ expect ( decodedIdToken . uid ) . to . equal ( uid4 ) ;
2225
+
2226
+ const userRecord = await getAuth ( ) . updateUser ( uid4 , { disabled : true } ) ;
2227
+ // Ensure disabled field has been updated.
2228
+ expect ( userRecord . uid ) . to . equal ( uid4 ) ;
2229
+ expect ( userRecord . disabled ) . to . equal ( true ) ;
2230
+
2231
+ return getAuth ( ) . createSessionCookie ( idToken , { expiresIn } )
2232
+ . should . eventually . be . rejected . and . have . property ( 'code' , 'auth/user-disabled' ) ;
2233
+ } ) ;
2210
2234
} ) ;
2211
2235
2212
2236
describe ( 'verifySessionCookie()' , ( ) => {
0 commit comments