firebase · pragatimodi · Aug 5, 2024 · Aug 20, 2024 · Aug 20, 2024 · Aug 20, 2024
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1 +1 @@
-- Add support for beforeEmailSent auth blocking triggers. (#1492)
+- Add support for beforeSmsSent auth blocking triggers. (#1589)
diff --git a/spec/common/providers/identity.spec.ts b/spec/common/providers/identity.spec.ts
@@ -529,6 +529,7 @@ describe("identity", () => {
         eventId: "EVENT_ID",
         eventType: EVENT,
         emailType: undefined,
+        smsType: undefined,
         authType: "UNAUTHENTICATED",
         resource: {
           service: "identitytoolkit.googleapis.com",
@@ -542,6 +543,7 @@ describe("identity", () => {
           isNewUser: false,
           recaptchaScore: TEST_RECAPTCHA_SCORE,
           email: undefined,
+          phoneNumber: undefined,
         },
         credential: null,
         params: {},
@@ -580,6 +582,7 @@ describe("identity", () => {
         eventId: "EVENT_ID",
         eventType: "providers/cloud.auth/eventTypes/user.beforeSignIn:password",
         emailType: undefined,
+        smsType: undefined,
         authType: "UNAUTHENTICATED",
         resource: {
           service: "identitytoolkit.googleapis.com",
@@ -593,6 +596,7 @@ describe("identity", () => {
           isNewUser: false,
           recaptchaScore: TEST_RECAPTCHA_SCORE,
           email: undefined,
+          phoneNumber: undefined,
         },
         credential: {
           claims: undefined,
@@ -668,6 +672,7 @@ describe("identity", () => {
         eventId: "EVENT_ID",
         eventType: "providers/cloud.auth/eventTypes/user.beforeCreate:oidc.provider",
         emailType: undefined,
+        smsType: undefined,
         authType: "USER",
         resource: {
           service: "identitytoolkit.googleapis.com",
@@ -681,6 +686,7 @@ describe("identity", () => {
           isNewUser: true,
           recaptchaScore: TEST_RECAPTCHA_SCORE,
           email: undefined,
+          phoneNumber: undefined,
         },
         credential: {
           claims: undefined,
@@ -721,6 +727,7 @@ describe("identity", () => {
         eventId: "EVENT_ID",
         eventType: "providers/cloud.auth/eventTypes/user.beforeSendEmail",
         emailType: "RESET_PASSWORD",
+        smsType: undefined,
         authType: "UNAUTHENTICATED",
         resource: {
           service: "identitytoolkit.googleapis.com",
@@ -734,6 +741,53 @@ describe("identity", () => {
           username: undefined,
           recaptchaScore: TEST_RECAPTCHA_SCORE,
           email: "johndoe@gmail.com",
+          phoneNumber: undefined,
+        },
+        credential: null,
+        params: {},
+      };
+
+      expect(identity.parseAuthEventContext(decodedJwt, "project-id", time)).to.deep.equal(context);
+    });
+
+    it("should parse a beforeSendSms event", () => {
+      const time = now.getTime();
+      const decodedJwt = {
+        iss: "https://securetoken.google.com/project_id",
+        aud: "https://us-east1-project_id.cloudfunctions.net/function-1",
+        iat: 1,
+        exp: 60 * 60 + 1,
+        event_id: "EVENT_ID",
+        event_type: "beforeSendSms",
+        user_agent: "USER_AGENT",
+        ip_address: "1.2.3.4",
+        locale: "en",
+        recaptcha_score: TEST_RECAPTCHA_SCORE,
+        sms_type: "SIGN_IN_OR_SIGN_UP",
+        phone_number: "+11234567890",
+      };
+      const context = {
+        locale: "en",
+        ipAddress: "1.2.3.4",
+        userAgent: "USER_AGENT",
+        eventId: "EVENT_ID",
+        eventType: "providers/cloud.auth/eventTypes/user.beforeSendSms",
+        emailType: undefined,
+        smsType: "SIGN_IN_OR_SIGN_UP",
+        authType: "UNAUTHENTICATED",
+        resource: {
+          service: "identitytoolkit.googleapis.com",
+          name: "projects/project-id",
+        },
+        timestamp: new Date(1000).toUTCString(),
+        additionalUserInfo: {
+          isNewUser: false,
+          profile: undefined,
+          providerId: undefined,
+          username: undefined,
+          recaptchaScore: TEST_RECAPTCHA_SCORE,
+          email: undefined,
+          phoneNumber: "+11234567890",
         },
         credential: null,
         params: {},

diff --git a/spec/v1/providers/auth.spec.ts b/spec/v1/providers/auth.spec.ts
@@ -395,6 +395,96 @@ describe("Auth Functions", () => {
       });
     });
 
+    describe("beforeSms", () => {
+      it("should create function without options", () => {
+        const fn = auth.user().beforeSms(() => Promise.resolve());
+
+        expect(fn.__trigger).to.deep.equal({
+          labels: {},
+          blockingTrigger: {
+            eventType: "providers/cloud.auth/eventTypes/user.beforeSendSms",
+            options: {
+              accessToken: false,
+              idToken: false,
+              refreshToken: false,
+            },
+          },
+        });
+        expect(fn.__endpoint).to.deep.equal({
+          ...MINIMAL_V1_ENDPOINT,
+          platform: "gcfv1",
+          labels: {},
+          blockingTrigger: {
+            eventType: "providers/cloud.auth/eventTypes/user.beforeSendSms",
+            options: {
+              accessToken: false,
+              idToken: false,
+              refreshToken: false,
+            },
+          },
+        });
+        expect(fn.__requiredAPIs).to.deep.equal([
+          {
+            api: "identitytoolkit.googleapis.com",
+            reason: "Needed for auth blocking functions",
+          },
+        ]);
+      });
+
+      it("should create the function with options", () => {
+        const fn = functions
+          .region("us-east1")
+          .runWith({
+            timeoutSeconds: 90,
+            memory: "256MB",
+          })
+          .auth.user({
+            blockingOptions: {
+              accessToken: true,
+              refreshToken: false,
+            },
+          })
+          .beforeSms(() => Promise.resolve());
+
+        expect(fn.__trigger).to.deep.equal({
+          labels: {},
+          regions: ["us-east1"],
+          availableMemoryMb: 256,
+          timeout: "90s",
+          blockingTrigger: {
+            eventType: "providers/cloud.auth/eventTypes/user.beforeSendSms",
+            options: {
+              accessToken: true,
+              idToken: false,
+              refreshToken: false,
+            },
+          },
+        });
+        expect(fn.__endpoint).to.deep.equal({
+          ...MINIMAL_V1_ENDPOINT,
+          platform: "gcfv1",
+          labels: {},
+          region: ["us-east1"],
+          availableMemoryMb: 256,
+          timeoutSeconds: 90,
+          blockingTrigger: {
+            eventType: "providers/cloud.auth/eventTypes/user.beforeSendSms",
+            options: {
+              accessToken: true,
+              idToken: false,
+              refreshToken: false,
+            },
+          },
+        });
+        expect(fn.__requiredAPIs).to.deep.equal([
+          {
+            api: "identitytoolkit.googleapis.com",
+            reason: "Needed for auth blocking functions",
+          },
+        ]);
+      });
+    });
+
     describe("#_dataConstructor", () => {
       let cloudFunctionDelete: CloudFunction<UserRecord>;
 

diff --git a/spec/v2/providers/identity.spec.ts b/spec/v2/providers/identity.spec.ts
@@ -52,6 +52,11 @@ const BEFORE_EMAIL_TRIGGER = {
   options: {},
 };
 
+const BEFORE_SMS_TRIGGER = {
+  eventType: "providers/cloud.auth/eventTypes/user.beforeSendSms",
+  options: {},
+};
+
 const opts: identity.BlockingOptions = {
   accessToken: true,
   refreshToken: false,
@@ -233,6 +238,49 @@ describe("identity", () => {
     });
   });
 
+  describe("beforeSmsSent", () => {
+    it("should accept a handler", () => {
+      const fn = identity.beforeSmsSent(() => Promise.resolve());
+
+      expect(fn.__endpoint).to.deep.equal({
+        ...MINIMAL_V2_ENDPOINT,
+        platform: "gcfv2",
+        labels: {},
+        blockingTrigger: BEFORE_SMS_TRIGGER,
+      });
+      expect(fn.__requiredAPIs).to.deep.equal([
+        {
+          api: IDENTITY_TOOLKIT_API,
+          reason: "Needed for auth blocking functions",
+        },
+      ]);
+    });
+
+    it("should accept options and a handler", () => {
+      const fn = identity.beforeSmsSent(
+        { region: opts.region, minInstances: opts.minInstances },
+        () => Promise.resolve()
+      );
+
+      expect(fn.__endpoint).to.deep.equal({
+        ...MINIMAL_V2_ENDPOINT,
+        platform: "gcfv2",
+        labels: {},
+        minInstances: 1,
+        region: [REGION],
+        blockingTrigger: {
+          ...BEFORE_SMS_TRIGGER,
+        },
+      });
+      expect(fn.__requiredAPIs).to.deep.equal([
+        {
+          api: IDENTITY_TOOLKIT_API,
+          reason: "Needed for auth blocking functions",
+        },
+      ]);
+    });
+  });
+
   describe("beforeOperation", () => {
     it("should handle eventType and handler for before create events", () => {
       const fn = identity.beforeOperation("beforeCreate", () => Promise.resolve(), undefined);
@@ -285,6 +333,23 @@ describe("identity", () => {
       ]);
     });
 
+    it("should handle eventType and handler for before SMS events", () => {
+      const fn = identity.beforeOperation("beforeSendSms", () => Promise.resolve(), undefined);
+
+      expect(fn.__endpoint).to.deep.equal({
+        ...MINIMAL_V2_ENDPOINT,
+        platform: "gcfv2",
+        labels: {},
+        blockingTrigger: BEFORE_SMS_TRIGGER,
+      });
+      expect(fn.__requiredAPIs).to.deep.equal([
+        {
+          api: IDENTITY_TOOLKIT_API,
+          reason: "Needed for auth blocking functions",
+        },
+      ]);
+    });
+
     it("should handle eventType, options, and handler for before create events", () => {
       const fn = identity.beforeOperation("beforeCreate", opts, () => Promise.resolve());
 
@@ -355,6 +420,27 @@ describe("identity", () => {
         },
       ]);
     });
+
+    it("should handle eventType, options, and handler for before send SMS events", () => {
+      const fn = identity.beforeOperation("beforeSendSms", opts, () => Promise.resolve());
+
+      expect(fn.__endpoint).to.deep.equal({
+        ...MINIMAL_V2_ENDPOINT,
+        platform: "gcfv2",
+        labels: {},
+        minInstances: 1,
+        region: [REGION],
+        blockingTrigger: {
+          ...BEFORE_SMS_TRIGGER,
+        },
+      });
+      expect(fn.__requiredAPIs).to.deep.equal([
+        {
+          api: IDENTITY_TOOLKIT_API,
+          reason: "Needed for auth blocking functions",
+        },
+      ]);
+    });
   });
 
   describe("getOpts", () => {