Skip to content

Commit 7ce2345

Browse files
authored
fix(auth): Add user disabled error code. (#1506)
* fix: add user disabled error code * Trigger integration tests
1 parent aea280d commit 7ce2345

File tree

2 files changed

+26
-0
lines changed

2 files changed

+26
-0
lines changed

src/utils/error.ts

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -982,6 +982,8 @@ const AUTH_SERVER_TO_CLIENT_CODE: ServerToClientCode = {
982982
UNVERIFIED_EMAIL: 'UNVERIFIED_EMAIL',
983983
// User on which action is to be performed is not found.
984984
USER_NOT_FOUND: 'USER_NOT_FOUND',
985+
// User record is disabled.
986+
USER_DISABLED: 'USER_DISABLED',
985987
// Password provided is too weak.
986988
WEAK_PASSWORD: 'INVALID_PASSWORD',
987989
};

test/integration/auth.spec.ts

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -50,6 +50,7 @@ const sessionCookieUids = [
5050
generateRandomString(20),
5151
generateRandomString(20),
5252
generateRandomString(20),
53+
generateRandomString(20),
5354
];
5455
const testPhoneNumber = '+11234567890';
5556
const testPhoneNumber2 = '+16505550101';
@@ -2118,6 +2119,7 @@ describe('admin.auth', () => {
21182119
const uid = sessionCookieUids[0];
21192120
const uid2 = sessionCookieUids[1];
21202121
const uid3 = sessionCookieUids[2];
2122+
const uid4 = sessionCookieUids[3];
21212123

21222124
it('creates a valid Firebase session cookie', () => {
21232125
return getAuth().createCustomToken(uid, { admin: true, groupId: '1234' })
@@ -2207,6 +2209,28 @@ describe('admin.auth', () => {
22072209
});
22082210
});
22092211

2212+
it('fails when called with user disabled', async () => {
2213+
const expiresIn = 24 * 60 * 60 * 1000;
2214+
const customToken = await getAuth().createCustomToken(uid4, { admin: true, groupId: '1234' });
2215+
const { user } = await clientAuth().signInWithCustomToken(customToken);
2216+
expect(user).to.exist;
2217+
2218+
const idToken = await user!.getIdToken();
2219+
const decodedIdTokenClaims = await getAuth().verifyIdToken(idToken);
2220+
expect(decodedIdTokenClaims.uid).to.be.equal(uid4);
2221+
2222+
const sessionCookie = await getAuth().createSessionCookie(idToken, { expiresIn });
2223+
const decodedIdToken = await getAuth().verifySessionCookie(sessionCookie, true);
2224+
expect(decodedIdToken.uid).to.equal(uid4);
2225+
2226+
const userRecord = await getAuth().updateUser(uid4, { disabled : true });
2227+
// Ensure disabled field has been updated.
2228+
expect(userRecord.uid).to.equal(uid4);
2229+
expect(userRecord.disabled).to.equal(true);
2230+
2231+
return getAuth().createSessionCookie(idToken, { expiresIn })
2232+
.should.eventually.be.rejected.and.have.property('code', 'auth/user-disabled');
2233+
});
22102234
});
22112235

22122236
describe('verifySessionCookie()', () => {

0 commit comments

Comments
 (0)