1 | /*! firebase-admin v10.0.0 */
|
2 | /*!
|
3 | * Copyright 2018 Google Inc.
|
4 | *
|
5 | * Licensed under the Apache License, Version 2.0 (the "License");
|
6 | * you may not use this file except in compliance with the License.
|
7 | * You may obtain a copy of the License at
|
8 | *
|
9 | * http://www.apache.org/licenses/LICENSE-2.0
|
10 | *
|
11 | * Unless required by applicable law or agreed to in writing, software
|
12 | * distributed under the License is distributed on an "AS IS" BASIS,
|
13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14 | * See the License for the specific language governing permissions and
|
15 | * limitations under the License.
|
16 | */
|
17 | /// <reference types="node" />
|
18 | import { FirebaseArrayIndexError } from '../app/index';
|
19 | import { UpdateMultiFactorInfoRequest, MultiFactorUpdateSettings } from './auth-config';
|
20 | export declare type HashAlgorithmType = 'SCRYPT' | 'STANDARD_SCRYPT' | 'HMAC_SHA512' | 'HMAC_SHA256' | 'HMAC_SHA1' | 'HMAC_MD5' | 'MD5' | 'PBKDF_SHA1' | 'BCRYPT' | 'PBKDF2_SHA256' | 'SHA512' | 'SHA256' | 'SHA1';
|
21 | /**
|
22 | * Interface representing the user import options needed for
|
23 | * {@link BaseAuth.importUsers} method. This is used to
|
24 | * provide the password hashing algorithm information.
|
25 | */
|
26 | export interface UserImportOptions {
|
27 | /**
|
28 | * The password hashing information.
|
29 | */
|
30 | hash: {
|
31 | /**
|
32 | * The password hashing algorithm identifier. The following algorithm
|
33 | * identifiers are supported:
|
34 | * `SCRYPT`, `STANDARD_SCRYPT`, `HMAC_SHA512`, `HMAC_SHA256`, `HMAC_SHA1`,
|
35 | * `HMAC_MD5`, `MD5`, `PBKDF_SHA1`, `BCRYPT`, `PBKDF2_SHA256`, `SHA512`,
|
36 | * `SHA256` and `SHA1`.
|
37 | */
|
38 | algorithm: HashAlgorithmType;
|
39 | /**
|
40 | * The signing key used in the hash algorithm in buffer bytes.
|
41 | * Required by hashing algorithms `SCRYPT`, `HMAC_SHA512`, `HMAC_SHA256`,
|
42 | * `HAMC_SHA1` and `HMAC_MD5`.
|
43 | */
|
44 | key?: Buffer;
|
45 | /**
|
46 | * The salt separator in buffer bytes which is appended to salt when
|
47 | * verifying a password. This is only used by the `SCRYPT` algorithm.
|
48 | */
|
49 | saltSeparator?: Buffer;
|
50 | /**
|
51 | * The number of rounds for hashing calculation.
|
52 | * Required for `SCRYPT`, `MD5`, `SHA512`, `SHA256`, `SHA1`, `PBKDF_SHA1` and
|
53 | * `PBKDF2_SHA256`.
|
54 | */
|
55 | rounds?: number;
|
56 | /**
|
57 | * The memory cost required for `SCRYPT` algorithm, or the CPU/memory cost.
|
58 | * Required for `STANDARD_SCRYPT` algorithm.
|
59 | */
|
60 | memoryCost?: number;
|
61 | /**
|
62 | * The parallelization of the hashing algorithm. Required for the
|
63 | * `STANDARD_SCRYPT` algorithm.
|
64 | */
|
65 | parallelization?: number;
|
66 | /**
|
67 | * The block size (normally 8) of the hashing algorithm. Required for the
|
68 | * `STANDARD_SCRYPT` algorithm.
|
69 | */
|
70 | blockSize?: number;
|
71 | /**
|
72 | * The derived key length of the hashing algorithm. Required for the
|
73 | * `STANDARD_SCRYPT` algorithm.
|
74 | */
|
75 | derivedKeyLength?: number;
|
76 | };
|
77 | }
|
78 | /**
|
79 | * Interface representing a user to import to Firebase Auth via the
|
80 | * {@link BaseAuth.importUsers} method.
|
81 | */
|
82 | export interface UserImportRecord {
|
83 | /**
|
84 | * The user's `uid`.
|
85 | */
|
86 | uid: string;
|
87 | /**
|
88 | * The user's primary email, if set.
|
89 | */
|
90 | email?: string;
|
91 | /**
|
92 | * Whether or not the user's primary email is verified.
|
93 | */
|
94 | emailVerified?: boolean;
|
95 | /**
|
96 | * The user's display name.
|
97 | */
|
98 | displayName?: string;
|
99 | /**
|
100 | * The user's primary phone number, if set.
|
101 | */
|
102 | phoneNumber?: string;
|
103 | /**
|
104 | * The user's photo URL.
|
105 | */
|
106 | photoURL?: string;
|
107 | /**
|
108 | * Whether or not the user is disabled: `true` for disabled; `false` for
|
109 | * enabled.
|
110 | */
|
111 | disabled?: boolean;
|
112 | /**
|
113 | * Additional metadata about the user.
|
114 | */
|
115 | metadata?: UserMetadataRequest;
|
116 | /**
|
117 | * An array of providers (for example, Google, Facebook) linked to the user.
|
118 | */
|
119 | providerData?: UserProviderRequest[];
|
120 | /**
|
121 | * The user's custom claims object if available, typically used to define
|
122 | * user roles and propagated to an authenticated user's ID token.
|
123 | */
|
124 | customClaims?: {
|
125 | [key: string]: any;
|
126 | };
|
127 | /**
|
128 | * The buffer of bytes representing the user's hashed password.
|
129 | * When a user is to be imported with a password hash,
|
130 | * {@link UserImportOptions} are required to be
|
131 | * specified to identify the hashing algorithm used to generate this hash.
|
132 | */
|
133 | passwordHash?: Buffer;
|
134 | /**
|
135 | * The buffer of bytes representing the user's password salt.
|
136 | */
|
137 | passwordSalt?: Buffer;
|
138 | /**
|
139 | * The identifier of the tenant where user is to be imported to.
|
140 | * When not provided in an `admin.auth.Auth` context, the user is uploaded to
|
141 | * the default parent project.
|
142 | * When not provided in an `admin.auth.TenantAwareAuth` context, the user is uploaded
|
143 | * to the tenant corresponding to that `TenantAwareAuth` instance's tenant ID.
|
144 | */
|
145 | tenantId?: string;
|
146 | /**
|
147 | * The user's multi-factor related properties.
|
148 | */
|
149 | multiFactor?: MultiFactorUpdateSettings;
|
150 | }
|
151 | /**
|
152 | * User metadata to include when importing a user.
|
153 | */
|
154 | export interface UserMetadataRequest {
|
155 | /**
|
156 | * The date the user last signed in, formatted as a UTC string.
|
157 | */
|
158 | lastSignInTime?: string;
|
159 | /**
|
160 | * The date the user was created, formatted as a UTC string.
|
161 | */
|
162 | creationTime?: string;
|
163 | }
|
164 | /**
|
165 | * User provider data to include when importing a user.
|
166 | */
|
167 | export interface UserProviderRequest {
|
168 | /**
|
169 | * The user identifier for the linked provider.
|
170 | */
|
171 | uid: string;
|
172 | /**
|
173 | * The display name for the linked provider.
|
174 | */
|
175 | displayName?: string;
|
176 | /**
|
177 | * The email for the linked provider.
|
178 | */
|
179 | email?: string;
|
180 | /**
|
181 | * The phone number for the linked provider.
|
182 | */
|
183 | phoneNumber?: string;
|
184 | /**
|
185 | * The photo URL for the linked provider.
|
186 | */
|
187 | photoURL?: string;
|
188 | /**
|
189 | * The linked provider ID (for example, "google.com" for the Google provider).
|
190 | */
|
191 | providerId: string;
|
192 | }
|
193 | /**
|
194 | * Interface representing the response from the
|
195 | * {@link BaseAuth.importUsers} method for batch
|
196 | * importing users to Firebase Auth.
|
197 | */
|
198 | export interface UserImportResult {
|
199 | /**
|
200 | * The number of user records that failed to import to Firebase Auth.
|
201 | */
|
202 | failureCount: number;
|
203 | /**
|
204 | * The number of user records that successfully imported to Firebase Auth.
|
205 | */
|
206 | successCount: number;
|
207 | /**
|
208 | * An array of errors corresponding to the provided users to import. The
|
209 | * length of this array is equal to [`failureCount`](#failureCount).
|
210 | */
|
211 | errors: FirebaseArrayIndexError[];
|
212 | }
|
213 | /** Interface representing an Auth second factor in Auth server format. */
|
214 | export interface AuthFactorInfo {
|
215 | mfaEnrollmentId?: string;
|
216 | displayName?: string;
|
217 | phoneInfo?: string;
|
218 | enrolledAt?: string;
|
219 | [key: string]: any;
|
220 | }
|
221 | /** UploadAccount endpoint request user interface. */
|
222 | interface UploadAccountUser {
|
223 | localId: string;
|
224 | email?: string;
|
225 | emailVerified?: boolean;
|
226 | displayName?: string;
|
227 | disabled?: boolean;
|
228 | photoUrl?: string;
|
229 | phoneNumber?: string;
|
230 | providerUserInfo?: Array<{
|
231 | rawId: string;
|
232 | providerId: string;
|
233 | email?: string;
|
234 | displayName?: string;
|
235 | photoUrl?: string;
|
236 | }>;
|
237 | mfaInfo?: AuthFactorInfo[];
|
238 | passwordHash?: string;
|
239 | salt?: string;
|
240 | lastLoginAt?: number;
|
241 | createdAt?: number;
|
242 | customAttributes?: string;
|
243 | tenantId?: string;
|
244 | }
|
245 | /** UploadAccount endpoint request hash options. */
|
246 | export interface UploadAccountOptions {
|
247 | hashAlgorithm?: string;
|
248 | signerKey?: string;
|
249 | rounds?: number;
|
250 | memoryCost?: number;
|
251 | saltSeparator?: string;
|
252 | cpuMemCost?: number;
|
253 | parallelization?: number;
|
254 | blockSize?: number;
|
255 | dkLen?: number;
|
256 | }
|
257 | /** UploadAccount endpoint complete request interface. */
|
258 | export interface UploadAccountRequest extends UploadAccountOptions {
|
259 | users?: UploadAccountUser[];
|
260 | }
|
261 | /** Callback function to validate an UploadAccountUser object. */
|
262 | export declare type ValidatorFunction = (data: UploadAccountUser) => void;
|
263 | /**
|
264 | * Converts a client format second factor object to server format.
|
265 | * @param multiFactorInfo - The client format second factor.
|
266 | * @returns The corresponding AuthFactorInfo server request format.
|
267 | */
|
268 | export declare function convertMultiFactorInfoToServerFormat(multiFactorInfo: UpdateMultiFactorInfoRequest): AuthFactorInfo;
|
269 | /**
|
270 | * Class that provides a helper for building/validating uploadAccount requests and
|
271 | * UserImportResult responses.
|
272 | */
|
273 | export declare class UserImportBuilder {
|
274 | private requiresHashOptions;
|
275 | private validatedUsers;
|
276 | private validatedOptions;
|
277 | private indexMap;
|
278 | private userImportResultErrors;
|
279 | /**
|
280 | * @param {UserImportRecord[]} users The list of user records to import.
|
281 | * @param {UserImportOptions=} options The import options which includes hashing
|
282 | * algorithm details.
|
283 | * @param {ValidatorFunction=} userRequestValidator The user request validator function.
|
284 | * @constructor
|
285 | */
|
286 | constructor(users: UserImportRecord[], options?: UserImportOptions, userRequestValidator?: ValidatorFunction);
|
287 | /**
|
288 | * Returns the corresponding constructed uploadAccount request.
|
289 | * @returns {UploadAccountRequest} The constructed uploadAccount request.
|
290 | */
|
291 | buildRequest(): UploadAccountRequest;
|
292 | /**
|
293 | * Populates the UserImportResult using the client side detected errors and the server
|
294 | * side returned errors.
|
295 | * @returns {UserImportResult} The user import result based on the returned failed
|
296 | * uploadAccount response.
|
297 | */
|
298 | buildResponse(failedUploads: Array<{
|
299 | index: number;
|
300 | message: string;
|
301 | }>): UserImportResult;
|
302 | /**
|
303 | * Validates and returns the hashing options of the uploadAccount request.
|
304 | * Throws an error whenever an invalid or missing options is detected.
|
305 | * @param {UserImportOptions} options The UserImportOptions.
|
306 | * @param {boolean} requiresHashOptions Whether to require hash options.
|
307 | * @returns {UploadAccountOptions} The populated UploadAccount options.
|
308 | */
|
309 | private populateOptions;
|
310 | /**
|
311 | * Validates and returns the users list of the uploadAccount request.
|
312 | * Whenever a user with an error is detected, the error is cached and will later be
|
313 | * merged into the user import result. This allows the processing of valid users without
|
314 | * failing early on the first error detected.
|
315 | * @param {UserImportRecord[]} users The UserImportRecords to convert to UnploadAccountUser
|
316 | * objects.
|
317 | * @param {ValidatorFunction=} userValidator The user validator function.
|
318 | * @returns {UploadAccountUser[]} The populated uploadAccount users.
|
319 | */
|
320 | private populateUsers;
|
321 | }
|
322 | export {};
|