Implements phone auth support for Admin node.js SDK. (#58)

* Implements phone auth support for Admin node.js SDK.
Adds phoneNumber to UserRecord and UserInfo.
Implements new API for looking up users by phone number: getUserByPhoneNumber
Adds the ability to pass the phoneNumber property when creating a new user,
or updating an existing one via createUser and updateUser.
This includes the ability to delete the phone number for a specified user.
Defines the new related auth errors:
auth/invalid-phone-number and auth/phone-number-already-exists.

* Adds integration tests for phone Auth APIs.
In addition, adds some basic checks on the expected email/phone number
on update and create operations.

Author: bojeil-google

src/auth/auth-api-request.ts

@@ -60,7 +60,9 @@ function validateCreateEditRequest(request: any) {
       disabled: true,
       disableUser: true,
       deleteAttribute: true,
+      deleteProvider: true,
       sanityCheck: true,
+      phoneNumber: true,
     };
     // Remove invalid keys from original request.
     for (let key in request) {
@@ -83,6 +85,11 @@ function validateCreateEditRequest(request: any) {
     if (typeof request.email !== 'undefined' && !validator.isEmail(request.email)) {
       throw new FirebaseAuthError(AuthClientErrorCode.INVALID_EMAIL);
     }
+    // phoneNumber should be a string and a valid phone number.
+    if (typeof request.phoneNumber !== 'undefined' &&
+        !validator.isPhoneNumber(request.phoneNumber)) {
+      throw new FirebaseAuthError(AuthClientErrorCode.INVALID_PHONE_NUMBER);
+    }
     // password should be a string and a minimum of 6 chars.
     if (typeof request.password !== 'undefined' &&
         !validator.isPassword(request.password)) {
@@ -126,7 +133,7 @@ function validateCreateEditRequest(request: any) {
 export const FIREBASE_AUTH_GET_ACCOUNT_INFO = new ApiSettings('getAccountInfo', 'POST')
   // Set request validator.
   .setRequestValidator((request: any) => {
-    if (!request.localId && !request.email) {
+    if (!request.localId && !request.email && !request.phoneNumber) {
       throw new FirebaseAuthError(
         AuthClientErrorCode.INTERNAL_ERROR,
         'INTERNAL ASSERT FAILED: Server request is missing user identifier');
@@ -217,7 +224,7 @@ export class FirebaseAuthRequestHandler {
   }
 
   /**
-   * Looks a user by uid.
+   * Looks up a user by uid.
    *
    * @param {string} uid The uid of the user to lookup.
    * @return {Promise<Object>} A promise that resolves with the user information.
@@ -234,7 +241,7 @@ export class FirebaseAuthRequestHandler {
   }
 
   /**
-   * Looks a user by email.
+   * Looks up a user by email.
    *
    * @param {string} email The email of the user to lookup.
    * @return {Promise<Object>} A promise that resolves with the user information.
@@ -250,6 +257,24 @@ export class FirebaseAuthRequestHandler {
     return this.invokeRequestHandler(FIREBASE_AUTH_GET_ACCOUNT_INFO, request);
   }
 
+  /**
+   * Looks up a user by phone number.
+   *
+   * @param {string} phoneNumber The phone number of the user to lookup.
+   * @return {Promise<Object>} A promise that resolves with the user information.
+   */
+  public getAccountInfoByPhoneNumber(phoneNumber: string): Promise<Object> {
+    if (!validator.isPhoneNumber(phoneNumber)) {
+      return Promise.reject(new FirebaseAuthError(AuthClientErrorCode.INVALID_PHONE_NUMBER));
+    }
+
+    const request = {
+      phoneNumber: [phoneNumber],
+    };
+    return this.invokeRequestHandler(FIREBASE_AUTH_GET_ACCOUNT_INFO, request);
+  }
+
+
   /**
    * Deletes an account identified by a uid.
    *
@@ -314,6 +339,20 @@ export class FirebaseAuthRequestHandler {
     if (request.deleteAttribute.length === 0) {
       delete request.deleteAttribute;
     }
+
+    // For deleting phoneNumber, this value must be passed as null.
+    // It will be removed from the backend request and an additional parameter
+    // deleteProvider: ['phone'] with an array of providerIds (phone in this case),
+    // will be passed.
+    // Currently this applies to phone provider only.
+    if (request.phoneNumber === null) {
+      request.deleteProvider = ['phone'];
+      delete request.phoneNumber;
+    } else {
+      // Doesn't apply to other providers in admin SDK.
+      delete request.deleteProvider;
+    }
+
     // Rewrite photoURL to photoUrl.
     if (typeof request.photoURL !== 'undefined') {
       request.photoUrl = request.photoURL;

src/auth/auth.ts

@@ -163,6 +163,21 @@ class Auth implements FirebaseServiceInterface {
       });
   };
 
+  /**
+   * Looks up the user identified by the provided phone number and returns a promise that is
+   * fulfilled with a user record for the given user if that user is found.
+   *
+   * @param {string} phoneNumber The phone number of the user to look up.
+   * @return {Promise<UserRecord>} A promise that resolves with the corresponding user record.
+   */
+  public getUserByPhoneNumber(phoneNumber: string): Promise<UserRecord> {
+    return this.authRequestHandler.getAccountInfoByPhoneNumber(phoneNumber)
+      .then((response: any) => {
+        // Returns the user record populated with server response.
+        return new UserRecord(response.users[0]);
+      });
+  };
+
   /**
    * Creates a new user with the properties provided.
    *

src/auth/user-record.ts

@@ -80,6 +80,7 @@ export class UserInfo {
   public readonly email: string;
   public readonly photoURL: string;
   public readonly providerId: string;
+  public readonly phoneNumber: string;
 
   constructor(response: any) {
     // Provider user id and provider id are required.
@@ -94,6 +95,7 @@ export class UserInfo {
     utils.addReadonlyGetter(this, 'email', response.email);
     utils.addReadonlyGetter(this, 'photoURL', response.photoUrl);
     utils.addReadonlyGetter(this, 'providerId', response.providerId);
+    utils.addReadonlyGetter(this, 'phoneNumber', response.phoneNumber);
   }
 
   /** @return {Object} The plain object representation of the current provider data. */
@@ -104,6 +106,7 @@ export class UserInfo {
       email: this.email,
       photoURL: this.photoURL,
       providerId: this.providerId,
+      phoneNumber: this.phoneNumber,
     };
   }
 }
@@ -122,6 +125,7 @@ export class UserRecord {
   public readonly emailVerified: boolean;
   public readonly displayName: string;
   public readonly photoURL: string;
+  public readonly phoneNumber: string;
   public readonly disabled: boolean;
   public readonly metadata: UserMetadata;
   public readonly providerData: UserInfo[];
@@ -139,6 +143,7 @@ export class UserRecord {
     utils.addReadonlyGetter(this, 'emailVerified', !!response.emailVerified);
     utils.addReadonlyGetter(this, 'displayName', response.displayName);
     utils.addReadonlyGetter(this, 'photoURL', response.photoUrl);
+    utils.addReadonlyGetter(this, 'phoneNumber', response.phoneNumber);
     // If disabled is not provided, the account is enabled by default.
     utils.addReadonlyGetter(this, 'disabled', response.disabled || false);
     utils.addReadonlyGetter(this, 'metadata', new UserMetadata(response));
@@ -157,6 +162,7 @@ export class UserRecord {
       emailVerified: this.emailVerified,
       displayName: this.displayName,
       photoURL: this.photoURL,
+      phoneNumber: this.phoneNumber,
       disabled: this.disabled,
       // Convert metadata to json.
       metadata: this.metadata.toJSON(),

src/index.d.ts

@@ -80,6 +80,7 @@ declare namespace admin.auth {
     uid: string;
     displayName: string;
     email: string;
+    phoneNumber: string;
     photoURL: string;
     providerId: string;
 
@@ -91,6 +92,7 @@ declare namespace admin.auth {
     email: string;
     emailVerified: boolean;
     displayName: string;
+    phoneNumber: string;
     photoURL: string;
     disabled: boolean;
     metadata: admin.auth.UserMetadata;
@@ -125,6 +127,7 @@ declare namespace admin.auth {
     deleteUser(uid: string): Promise<void>;
     getUser(uid: string): Promise<admin.auth.UserRecord>;
     getUserByEmail(email: string): Promise<admin.auth.UserRecord>;
+    getUserByPhoneNumber(phoneNumber: string): Promise<admin.auth.UserRecord>;
     updateUser(uid: string, properties: Object): Promise<admin.auth.UserRecord>;
     verifyIdToken(idToken: string): Promise<admin.auth.DecodedIdToken>;
   }

src/utils/error.ts

@@ -235,6 +235,11 @@ export class AuthClientErrorCode {
     code: 'invalid-password',
     message: 'The password must be a string with at least 6 characters.',
   };
+  public static INVALID_PHONE_NUMBER = {
+    code: 'invalid-phone-number',
+    message: 'The phone number must be a non-empty E.164 standard compliant identifier ' +
+      'string.',
+  };
   public static INVALID_PHOTO_URL = {
     code: 'invalid-photo-url',
     message: 'The photoURL field must be a valid URL.',
@@ -253,6 +258,10 @@ export class AuthClientErrorCode {
         'Enable it in the Firebase console, under the sign-in method tab of the ' +
         'Auth section.',
   };
+  public static PHONE_NUMBER_ALREADY_EXISTS = {
+    code: 'phone-number-already-exists',
+    message: 'The user with the provided phone number already exists.',
+  };
   public static PROJECT_NOT_FOUND = {
     code: 'project-not-found',
     message: 'No Firebase project was found for the provided credential.',
@@ -382,6 +391,8 @@ const AUTH_SERVER_TO_CLIENT_CODE: ServerToClientCode = {
   EMAIL_EXISTS: 'EMAIL_ALREADY_EXISTS',
   // Invalid email provided.
   INVALID_EMAIL: 'INVALID_EMAIL',
+  // Invalid phone number.
+  INVALID_PHONE_NUMBER: 'INVALID_PHONE_NUMBER',
   // Invalid service account.
   INVALID_SERVICE_ACCOUNT: 'INVALID_SERVICE_ACCOUNT',
   // No localId provided (deleteAccount missing localId).
@@ -390,6 +401,8 @@ const AUTH_SERVER_TO_CLIENT_CODE: ServerToClientCode = {
   MISSING_USER_ACCOUNT: 'MISSING_UID',
   // Password auth disabled in console.
   OPERATION_NOT_ALLOWED: 'OPERATION_NOT_ALLOWED',
+  // Phone number already exists.
+  PHONE_NUMBER_EXISTS: 'PHONE_NUMBER_ALREADY_EXISTS',
   // Project not found.
   PROJECT_NOT_FOUND: 'PROJECT_NOT_FOUND',
   // User on which action is to be performed is not found.

src/utils/validator.ts

@@ -131,6 +131,27 @@ export function isEmail(email: any): boolean {
 }
 
 
+/**
+ * Validates that a string is a valid phone number.
+ *
+ * @param {any} phoneNumber The string to validate.
+ * @return {boolean} Whether the string is a valid phone number or not.
+ */
+export function isPhoneNumber(phoneNumber: any): boolean {
+  if (typeof phoneNumber !== 'string') {
+    return false;
+  }
+  // Phone number validation is very lax here. Backend will enforce E.164
+  // spec compliance and will normalize accordingly.
+  // The phone number string must be non-empty and starts with a plus sign.
+  let re1 = /^\+/;
+  // The phone number string must contain at least one alphanumeric character.
+  let re2 = /[\da-zA-Z]+/;
+  return re1.test(phoneNumber) && re2.test(phoneNumber);
+}
+
+
+
 /**
  * Validates that a string is a valid web URL.
  *