Fixes to password policy validation (#2227)

kevinthecheung · pragatimodi · web-flow · commit 64f033683b79 · 2023-06-27T16:51:40.000-07:00
* Fixes to password policy validation * add test * feat(auth): Add `TotpInfo` field to `UserRecord` (#2197) * Adding TotpInfo to userRecord * Changing type from `any` to `unknown` for type safety. * Addressing feedback --------- Co-authored-by: pragatimodi <110490169+pragatimodi@users.noreply.github.com>
diff --git a/src/auth/auth-config.ts b/src/auth/auth-config.ts
@@ -2146,49 +2146,42 @@ export class PasswordPolicyAuthConfig implements PasswordPolicyConfig {
           );
         }
       }
-      if (typeof options.constraints.requireUppercase !== undefined &&
+      if (typeof options.constraints.requireUppercase !== 'undefined' &&
         !validator.isBoolean(options.constraints.requireUppercase)) {
         throw new FirebaseAuthError(
           AuthClientErrorCode.INVALID_CONFIG,
           '"PasswordPolicyConfig.constraints.requireUppercase" must be a boolean.',
         );
       }
-      if (typeof options.constraints.requireLowercase !== undefined &&
+      if (typeof options.constraints.requireLowercase !== 'undefined' &&
         !validator.isBoolean(options.constraints.requireLowercase)) {
         throw new FirebaseAuthError(
           AuthClientErrorCode.INVALID_CONFIG,
           '"PasswordPolicyConfig.constraints.requireLowercase" must be a boolean.',
         );
       }
-      if (typeof options.constraints.requireNonAlphanumeric !== undefined &&
+      if (typeof options.constraints.requireNonAlphanumeric !== 'undefined' &&
         !validator.isBoolean(options.constraints.requireNonAlphanumeric)) {
         throw new FirebaseAuthError(
           AuthClientErrorCode.INVALID_CONFIG,
           '"PasswordPolicyConfig.constraints.requireNonAlphanumeric"' +
             ' must be a boolean.',
         );
       }
-      if (typeof options.constraints.requireNumeric !== undefined &&
+      if (typeof options.constraints.requireNumeric !== 'undefined' &&
         !validator.isBoolean(options.constraints.requireNumeric)) {
         throw new FirebaseAuthError(
           AuthClientErrorCode.INVALID_CONFIG,
           '"PasswordPolicyConfig.constraints.requireNumeric" must be a boolean.',
         );
       }
-      if (!validator.isNumber(options.constraints.minLength)) {
+      if (typeof options.constraints.minLength === 'undefined') {
+        options.constraints.minLength = 6;
+      } else if (!validator.isNumber(options.constraints.minLength)) {
         throw new FirebaseAuthError(
           AuthClientErrorCode.INVALID_CONFIG,
           '"PasswordPolicyConfig.constraints.minLength" must be a number.',
         );
-      }
-      if (!validator.isNumber(options.constraints.maxLength)) {
-        throw new FirebaseAuthError(
-          AuthClientErrorCode.INVALID_CONFIG,
-          '"PasswordPolicyConfig.constraints.maxLength" must be a number.',
-        );
-      }
-      if (options.constraints.minLength === undefined) {
-        options.constraints.minLength = 6;
       } else {
         if (!(options.constraints.minLength >= 6
           && options.constraints.minLength <= 30)) {
@@ -2199,8 +2192,13 @@ export class PasswordPolicyAuthConfig implements PasswordPolicyConfig {
           );
         }
       }
-      if (options.constraints.maxLength === undefined) {
+      if (typeof options.constraints.maxLength === 'undefined') {
         options.constraints.maxLength = 4096;
+      } else if (!validator.isNumber(options.constraints.maxLength)) {
+        throw new FirebaseAuthError(
+          AuthClientErrorCode.INVALID_CONFIG,
+          '"PasswordPolicyConfig.constraints.maxLength" must be a number.',
+        );
       } else {
         if (!(options.constraints.maxLength >= options.constraints.minLength &&
           options.constraints.maxLength <= 4096)) {
diff --git a/test/unit/auth/auth-config.spec.ts b/test/unit/auth/auth-config.spec.ts
@@ -1297,4 +1297,28 @@ describe('PasswordPolicyAuthConfig',() => {
       expect(validConfig.forceUpgradeOnSignin).to.deep.equal(true);
     });
   });
+
+  describe('buildServerRequest()', () => {
+    it('should return server request with default constraints', () => {
+      expect(PasswordPolicyAuthConfig.buildServerRequest({
+        enforcementState: 'ENFORCE',
+        constraints: {},
+      })).to.deep.equal({
+        passwordPolicyEnforcementState: 'ENFORCE',
+        forceUpgradeOnSignin: false,
+        passwordPolicyVersions: [
+          {
+            customStrengthOptions: {
+              containsLowercaseCharacter: false,
+              containsUppercaseCharacter: false,
+              containsNumericCharacter: false,
+              containsNonAlphanumericCharacter: false,
+              minPasswordLength: 6,
+              maxPasswordLength: 4096,
+            }
+          }
+        ]
+      });
+    });
+  });
 });
