Merge expired error code to erro code config

Author: lahirumaramba

src/auth/auth.ts

@@ -30,7 +30,7 @@ import * as utils from '../utils/index';
 import * as validator from '../utils/validator';
 import { auth } from './index';
 import { FirebaseTokenVerifier } from '../utils/token-verifier';
-import { createSessionCookieVerifier, createIdTokenVerifier } from './token-verifier-util';
+import { createSessionCookieVerifier, createIdTokenVerifier } from './token-verifier';
 import {
   SAMLConfig, OIDCConfig, OIDCConfigServerResponse, SAMLConfigServerResponse,
 } from './auth-config';

src/auth/token-verifier-util.ts renamed to src/auth/token-verifier.ts

@@ -27,11 +27,20 @@ const CLIENT_CERT_URL = 'https://www.googleapis.com/robot/v1/metadata/x509/secur
 // URL containing the public keys for Firebase session cookies. This will be updated to a different URL soon.
 const SESSION_COOKIE_CERT_URL = 'https://www.googleapis.com/identitytoolkit/v3/relyingparty/publicKeys';
 
-/** Error codes that matches the FirebaseAuthError type */
-const AUTH_ERROR_CODE_CONFIG: ErrorCodeConfig = {
+/** Matching Auth error code config for ID token */
+export const ID_TOKEN_ERROR_CODE_CONFIG: ErrorCodeConfig = {
   invalidArg: AuthClientErrorCode.INVALID_ARGUMENT,
   invalidCredential: AuthClientErrorCode.INVALID_CREDENTIAL,
   internalError: AuthClientErrorCode.INTERNAL_ERROR,
+  expiredError: AuthClientErrorCode.ID_TOKEN_EXPIRED,
+}
+
+/** Matching Auth error code config for session cookie */
+export const SESSION_COOKIE_ERROR_CODE_CONFIG: ErrorCodeConfig = {
+  invalidArg: AuthClientErrorCode.INVALID_ARGUMENT,
+  invalidCredential: AuthClientErrorCode.INVALID_CREDENTIAL,
+  internalError: AuthClientErrorCode.INTERNAL_ERROR,
+  expiredError: AuthClientErrorCode.SESSION_COOKIE_EXPIRED,
 }
 
 /** User facing token information related to the Firebase ID token. */
@@ -40,8 +49,7 @@ export const ID_TOKEN_INFO: FirebaseTokenInfo = {
   verifyApiName: 'verifyIdToken()',
   jwtName: 'Firebase ID token',
   shortName: 'ID token',
-  expiredErrorCode: AuthClientErrorCode.ID_TOKEN_EXPIRED,
-  errorCodeConfig: AUTH_ERROR_CODE_CONFIG,
+  errorCodeConfig: ID_TOKEN_ERROR_CODE_CONFIG,
   errorType: FirebaseAuthError,
 };
 
@@ -51,8 +59,7 @@ export const SESSION_COOKIE_INFO: FirebaseTokenInfo = {
   verifyApiName: 'verifySessionCookie()',
   jwtName: 'Firebase session cookie',
   shortName: 'session cookie',
-  expiredErrorCode: AuthClientErrorCode.SESSION_COOKIE_EXPIRED,
-  errorCodeConfig: AUTH_ERROR_CODE_CONFIG,
+  errorCodeConfig: SESSION_COOKIE_ERROR_CODE_CONFIG,
   errorType: FirebaseAuthError,
 };
 

src/utils/error.ts

@@ -40,6 +40,7 @@ export interface ErrorCodeConfig {
   invalidArg: ErrorInfo;
   invalidCredential: ErrorInfo;
   internalError: ErrorInfo;
+  expiredError: ErrorInfo;
 }
 
 /**

src/utils/token-verifier.ts

@@ -37,8 +37,6 @@ export interface FirebaseTokenInfo {
   jwtName: string;
   /** The JWT short name. */
   shortName: string;
-  /** JWT Expiration error code. */
-  expiredErrorCode: ErrorInfo;
   /** Error code config of the public error type. */
   errorCodeConfig: ErrorCodeConfig;
   /** Public error type. */
@@ -73,9 +71,14 @@ export class FirebaseTokenVerifier {
       throw new Error('The JWT public full name must be a non-empty string.');
     } else if (!validator.isNonEmptyString(tokenInfo.shortName)) {
       throw new Error('The JWT public short name must be a non-empty string.');
-    } else if (!validator.isNonNullObject(tokenInfo.expiredErrorCode) ||
-      !('code' in tokenInfo.expiredErrorCode)) {
-      throw new Error('The JWT expiration error code must be a non-null ErrorInfo object.');
+    } else if (!(typeof tokenInfo.errorType === 'function' && tokenInfo.errorType !== null)) {
+      throw new Error('The provided error type must be a non-null PrefixedFirebaseError type.');
+    } else if (!validator.isNonNullObject(tokenInfo.errorCodeConfig) ||
+      !('invalidArg' in tokenInfo.errorCodeConfig ||
+        'invalidCredential' in tokenInfo.errorCodeConfig ||
+        'internalError' in tokenInfo.errorCodeConfig ||
+        'expiredError' in tokenInfo.errorCodeConfig)) {
+      throw new Error('The provided error code config must be a non-null ErrorCodeInfo object.');
     }
     this.shortNameArticle = tokenInfo.shortName.charAt(0).match(/[aeiou]/i) ? 'an' : 'a';
 
@@ -213,9 +216,9 @@ export class FirebaseTokenVerifier {
           if (error) {
             if (error.name === 'TokenExpiredError') {
               const errorMessage = `${this.tokenInfo.jwtName} has expired. Get a fresh ${this.tokenInfo.shortName}` +
-                ` from your client app and try again (auth/${this.tokenInfo.expiredErrorCode.code}).` +
+                ` from your client app and try again (auth/${this.tokenInfo.errorCodeConfig.expiredError.code}).` +
                 verifyJwtTokenDocsMessage;
-              return reject(new this.tokenInfo.errorType(this.tokenInfo.expiredErrorCode, errorMessage));
+              return reject(new this.tokenInfo.errorType(this.tokenInfo.errorCodeConfig.expiredError, errorMessage));
             } else if (error.name === 'JsonWebTokenError') {
               const errorMessage = `${this.tokenInfo.jwtName} has invalid signature.` + verifyJwtTokenDocsMessage;
               return reject(new this.tokenInfo.errorType(this.tokenInfo.errorCodeConfig.invalidArg, errorMessage));

test/unit/auth/token-verifier.spec.ts

@@ -30,10 +30,10 @@ import LegacyFirebaseTokenGenerator = require('firebase-token-generator');
 import * as mocks from '../../resources/mocks';
 import { FirebaseTokenGenerator, ServiceAccountSigner } from '../../../src/auth/token-generator';
 import * as verifier from '../../../src/utils/token-verifier';
-import * as verifierUtil from '../../../src/auth/token-verifier-util';
+import * as verifierUtil from '../../../src/auth/token-verifier';
 
 import { ServiceAccountCredential } from '../../../src/credential/credential-internal';
-import { AuthClientErrorCode, ErrorCodeConfig, FirebaseAuthError } from '../../../src/utils/error';
+import { FirebaseAuthError } from '../../../src/utils/error';
 import { FirebaseApp } from '../../../src/firebase-app';
 import { Algorithm } from 'jsonwebtoken';
 
@@ -46,12 +46,6 @@ const expect = chai.expect;
 const ONE_HOUR_IN_SECONDS = 60 * 60;
 const idTokenPublicCertPath = '/robot/v1/metadata/x509/[email protected]';
 
-const AUTH_ERROR_CODE_CONFIG: ErrorCodeConfig = {
-  invalidArg: AuthClientErrorCode.INVALID_ARGUMENT,
-  invalidCredential: AuthClientErrorCode.INVALID_CREDENTIAL,
-  internalError: AuthClientErrorCode.INTERNAL_ERROR,
-}
-
 /**
  * Returns a mocked out success response from the URL containing the public keys for the Google certs.
  *
@@ -166,8 +160,7 @@ describe('FirebaseTokenVerifier', () => {
             verifyApiName: 'verifyToken()',
             jwtName: 'Important Token',
             shortName: 'token',
-            expiredErrorCode: AuthClientErrorCode.INVALID_ARGUMENT,
-            errorCodeConfig: AUTH_ERROR_CODE_CONFIG,
+            errorCodeConfig: verifierUtil.ID_TOKEN_ERROR_CODE_CONFIG,
             errorType: FirebaseAuthError,
           },
           app,
@@ -232,8 +225,7 @@ describe('FirebaseTokenVerifier', () => {
               verifyApiName: invalidVerifyApiName as any,
               jwtName: 'Important Token',
               shortName: 'token',
-              expiredErrorCode: AuthClientErrorCode.INVALID_ARGUMENT,
-              errorCodeConfig: AUTH_ERROR_CODE_CONFIG,
+              errorCodeConfig: verifierUtil.ID_TOKEN_ERROR_CODE_CONFIG,
               errorType: FirebaseAuthError,
             },
             app,
@@ -255,8 +247,7 @@ describe('FirebaseTokenVerifier', () => {
               verifyApiName: 'verifyToken()',
               jwtName: invalidJwtName as any,
               shortName: 'token',
-              expiredErrorCode: AuthClientErrorCode.INVALID_ARGUMENT,
-              errorCodeConfig: AUTH_ERROR_CODE_CONFIG,
+              errorCodeConfig: verifierUtil.ID_TOKEN_ERROR_CODE_CONFIG,
               errorType: FirebaseAuthError,
             },
             app,
@@ -278,8 +269,7 @@ describe('FirebaseTokenVerifier', () => {
               verifyApiName: 'verifyToken()',
               jwtName: 'Important Token',
               shortName: invalidShortName as any,
-              expiredErrorCode: AuthClientErrorCode.INVALID_ARGUMENT,
-              errorCodeConfig: AUTH_ERROR_CODE_CONFIG,
+              errorCodeConfig: verifierUtil.ID_TOKEN_ERROR_CODE_CONFIG,
               errorType: FirebaseAuthError,
             },
             app,
@@ -288,9 +278,9 @@ describe('FirebaseTokenVerifier', () => {
       });
     });
 
-    const invalidExpiredErrorCodes = [null, NaN, 0, 1, true, false, [], {}, { a: 1 }, _.noop, '', 'test'];
-    invalidExpiredErrorCodes.forEach((invalidExpiredErrorCode) => {
-      it('should throw given an invalid expiration error code: ' + JSON.stringify(invalidExpiredErrorCode), () => {
+    const invalidErrorCodeTypes = [null, NaN, 0, 1, true, false, [], {}, { a: 1 }, _.noop, '', 'test'];
+    invalidErrorCodeTypes.forEach((invalidErrorCodeType) => {
+      it('should throw given an invalid error code config: ' + JSON.stringify(invalidErrorCodeType), () => {
         expect(() => {
           new verifier.FirebaseTokenVerifier(
             'https://www.example.com/publicKeys',
@@ -301,13 +291,34 @@ describe('FirebaseTokenVerifier', () => {
               verifyApiName: 'verifyToken()',
               jwtName: 'Important Token',
               shortName: 'token',
-              expiredErrorCode: invalidExpiredErrorCode as any,
-              errorCodeConfig: AUTH_ERROR_CODE_CONFIG,
+              errorCodeConfig: verifierUtil.ID_TOKEN_ERROR_CODE_CONFIG,
+              errorType: invalidErrorCodeTypes as any,
+            },
+            app,
+          );
+        }).to.throw('The provided error type must be a non-null PrefixedFirebaseError type.');
+      });
+    });
+
+    const invalidErrorCodeConfigs = [null, NaN, 0, 1, true, false, [], {}, { a: 1 }, _.noop, '', 'test'];
+    invalidErrorCodeConfigs.forEach((invalidErrorCodeConfig) => {
+      it('should throw given an invalid error code config: ' + JSON.stringify(invalidErrorCodeConfig), () => {
+        expect(() => {
+          new verifier.FirebaseTokenVerifier(
+            'https://www.example.com/publicKeys',
+            'RS256',
+            'https://www.example.com/issuer/',
+            {
+              url: 'https://docs.example.com/verify-tokens',
+              verifyApiName: 'verifyToken()',
+              jwtName: 'Important Token',
+              shortName: 'token',
+              errorCodeConfig: invalidErrorCodeConfig as any,
               errorType: FirebaseAuthError,
             },
             app,
           );
-        }).to.throw('The JWT expiration error code must be a non-null ErrorInfo object.');
+        }).to.throw('The provided error code config must be a non-null ErrorCodeInfo object.');
       });
     });
   });
@@ -326,10 +337,9 @@ describe('FirebaseTokenVerifier', () => {
       }).to.throw('First argument to verifyIdToken() must be a Firebase ID token');
     });
 
-    const errorTypes = [
-      { type: FirebaseAuthError, config: AUTH_ERROR_CODE_CONFIG },
-    ];
-    errorTypes.forEach((errorType) => {
+    it('should throw with the correct error type and code set in token info', () => {
+      const errorType = FirebaseAuthError;
+      const errorCodeConfig = verifierUtil.ID_TOKEN_ERROR_CODE_CONFIG;
       const tokenVerifier = new verifier.FirebaseTokenVerifier(
         'https://www.example.com/publicKeys',
         'RS256',
@@ -339,19 +349,14 @@ describe('FirebaseTokenVerifier', () => {
           verifyApiName: 'verifyToken()',
           jwtName: 'Important Token',
           shortName: 'token',
-          expiredErrorCode: errorType.config.invalidArg,
-          errorCodeConfig: errorType.config,
-          errorType: errorType.type,
+          errorCodeConfig: errorCodeConfig,
+          errorType,
         },
         app,
       );
-      it('should throw with the correct error type and code set in token info', () => {
-        expect(() => {
-          (tokenVerifier as any).verifyJWT();
-        }).to.throw(errorType.type).with.property('code').match(
-          new RegExp(`(.*)/${errorType.config.invalidArg.code}`)
-        );
-      });
+      expect(() => {
+        (tokenVerifier as any).verifyJWT();
+      }).to.throw(errorType).with.property('code').equal(`auth/${errorCodeConfig.invalidArg.code}`);
     });
 
     const invalidIdTokens = [null, NaN, 0, 1, true, false, [], {}, { a: 1 }, _.noop];