Bump ws from 6.2.2 to 6.2.3

.github/workflows/test.yml

@@ -21,16 +21,16 @@ jobs:
       - name: Setup node
         uses: actions/setup-node@v2-beta
         with:
-          node-version: '14'
+          node-version: '18'
           check-latest: true
       - name: node_modules cache
         id: node_modules_cache
         uses: actions/cache@v2
         with:
           path: ./node_modules
-          key: ${{ runner.os }}-14-node_modules-${{ hashFiles('package-lock.json') }}
+          key: ${{ runner.os }}-18-node_modules-${{ hashFiles('package-lock.json') }}
           restore-keys: |
-            ${{ runner.os }}-14-node_modules-
+            ${{ runner.os }}-18-node_modules-
       - name: NPM install
         if: steps.node_modules_cache.outputs.cache-hit != 'true'
         run: npm ci

CHANGELOG.md

@@ -0,0 +1 @@
+* Fix password policy error message handling in password reset flow (#1047)

README.md

@@ -62,8 +62,8 @@ You just need to include the following script and CSS file in the `<head>` tag
 of your page, below the initialization snippet from the Firebase Console:
 
 ```html
-<script src="https://www.gstatic.com/firebasejs/ui/6.0.2/firebase-ui-auth.js"></script>
-<link type="text/css" rel="stylesheet" href="https://www.gstatic.com/firebasejs/ui/6.0.2/firebase-ui-auth.css" />
+<script src="https://www.gstatic.com/firebasejs/ui/6.1.0/firebase-ui-auth.js"></script>
+<link type="text/css" rel="stylesheet" href="https://www.gstatic.com/firebasejs/ui/6.1.0/firebase-ui-auth.css" />
 ```
 
 #### Localized Widget
@@ -72,17 +72,17 @@ Localized versions of the widget are available through the CDN. To use a
 localized widget, load the localized JS library instead of the default library:
 
 ```html
-<script src="https://www.gstatic.com/firebasejs/ui/6.0.2/firebase-ui-auth__{LANGUAGE_CODE}.js"></script>
-<link type="text/css" rel="stylesheet" href="https://www.gstatic.com/firebasejs/ui/6.0.2/firebase-ui-auth.css" />
+<script src="https://www.gstatic.com/firebasejs/ui/6.1.0/firebase-ui-auth__{LANGUAGE_CODE}.js"></script>
+<link type="text/css" rel="stylesheet" href="https://www.gstatic.com/firebasejs/ui/6.1.0/firebase-ui-auth.css" />
 ```
 
 where `{LANGUAGE_CODE}` is replaced by the code of the language you want. For example, the French
 version of the library is available at
-`https://www.gstatic.com/firebasejs/ui/6.0.2/firebase-ui-auth__fr.js`. The list of available
+`https://www.gstatic.com/firebasejs/ui/6.1.0/firebase-ui-auth__fr.js`. The list of available
 languages and their respective language codes can be found at [LANGUAGES.md](LANGUAGES.md).
 
 Right-to-left languages also require the right-to-left version of the stylesheet, available at
-`https://www.gstatic.com/firebasejs/ui/6.0.2/firebase-ui-auth-rtl.css`, instead of the default
+`https://www.gstatic.com/firebasejs/ui/6.1.0/firebase-ui-auth-rtl.css`, instead of the default
 stylesheet. The supported right-to-left languages are Arabic (ar), Farsi (fa), and Hebrew (iw).
 
 ### Option 2: npm Module
@@ -182,14 +182,14 @@ for a more in-depth example, showcasing a Single Page Application mode.
   <head>
     <meta charset="UTF-8">
     <title>Sample FirebaseUI App</title>
-    <script src="https://www.gstatic.com/firebasejs/9.13.0/firebase-app-compat.js"></script>
-    <script src="https://www.gstatic.com/firebasejs/9.13.0/firebase-auth-compat.js"></script>
+    <script src="https://www.gstatic.com/firebasejs/10.0.0/firebase-app-compat.js"></script>
+    <script src="https://www.gstatic.com/firebasejs/10.0.0/firebase-auth-compat.js"></script>
     <!-- *******************************************************************************************
        * TODO(DEVELOPER): Paste the initialization snippet from this dialog box:
        * Firebase Console > Project Settings > Add App > Web.
        ***************************************************************************************** -->
-    <script src="https://www.gstatic.com/firebasejs/ui/6.0.2/firebase-ui-auth.js"></script>
-    <link type="text/css" rel="stylesheet" href="https://www.gstatic.com/firebasejs/ui/6.0.2/firebase-ui-auth.css" />
+    <script src="https://www.gstatic.com/firebasejs/ui/6.1.0/firebase-ui-auth.js"></script>
+    <link type="text/css" rel="stylesheet" href="https://www.gstatic.com/firebasejs/ui/6.1.0/firebase-ui-auth.css" />
     <script type="text/javascript">
       // FirebaseUI config.
       var uiConfig = {
@@ -257,8 +257,8 @@ Here is how you would track the Auth state across all your pages:
   <head>
     <meta charset="UTF-8">
     <title>Sample FirebaseUI App</title>
-    <script src="https://www.gstatic.com/firebasejs/9.13.0/firebase-app-compat.js"></script>
-    <script src="https://www.gstatic.com/firebasejs/9.13.0/firebase-auth-compat.js"></script>
+    <script src="https://www.gstatic.com/firebasejs/10.0.0/firebase-app-compat.js"></script>
+    <script src="https://www.gstatic.com/firebasejs/10.0.0/firebase-auth-compat.js"></script>
     <!-- *******************************************************************************************
        * TODO(DEVELOPER): Paste the initialization snippet from:
        * Firebase Console > Overview > Add Firebase to your web app. *
@@ -345,7 +345,7 @@ FirebaseUI supports the following configuration parameters.
 <td>callbacks</td>
 <td>No</td>
 <td>
-  An object of developers <a href="#available-callbacks">callbacks</a> after
+  An object of developers' <a href="#available-callbacks">callbacks</a> after
   specific events.
   <br/>
   <em>Default:</em> <code>{}</code>
@@ -935,7 +935,7 @@ enforce this policy via one of these 2 mechanisms:
 <td>No</td>
 <td>
   Defines whether to require the user to provide a display name during email
-  and password sign up.
+  and password sign up. Note: this has no effect when using the <code>firebase.auth.EmailAuthProvider.EMAIL_LINK_SIGN_IN_METHOD</code>.
   <br/>
   <em>Default:</em> <code>true</code>
 </td>
@@ -1338,14 +1338,14 @@ FirebaseUI is displayed.
   <head>
     <meta charset="UTF-8">
     <title>Sample FirebaseUI App</title>
-    <script src="https://www.gstatic.com/firebasejs/9.13.0/firebase-app-compat.js"></script>
-    <script src="https://www.gstatic.com/firebasejs/9.13.0/firebase-auth-compat.js"></script>
+    <script src="https://www.gstatic.com/firebasejs/10.0.0/firebase-app-compat.js"></script>
+    <script src="https://www.gstatic.com/firebasejs/10.0.0/firebase-auth-compat.js"></script>
     <!-- *******************************************************************************************
        * TODO(DEVELOPER): Paste the initialization snippet from:
        * Firebase Console > Overview > Add Firebase to your web app. *
        ***************************************************************************************** -->
-    <script src="https://www.gstatic.com/firebasejs/ui/6.0.2/firebase-ui-auth.js"></script>
-    <link type="text/css" rel="stylesheet" href="https://www.gstatic.com/firebasejs/ui/6.0.2/firebase-ui-auth.css" />
+    <script src="https://www.gstatic.com/firebasejs/ui/6.1.0/firebase-ui-auth.js"></script>
+    <link type="text/css" rel="stylesheet" href="https://www.gstatic.com/firebasejs/ui/6.1.0/firebase-ui-auth.css" />
     <script type="text/javascript">
       // FirebaseUI config.
       var uiConfig = {
@@ -1934,13 +1934,13 @@ can verify in the [demo app](https://fir-ui-demo-84a6c.firebaseapp.com/)).
 
 ### 6.0.0
 
-FirebaseUI-web v6.0.0 is intended to be used alongside Firebase JS SDK v9 compat.
+FirebaseUI-web v6.0.0 is intended to be used alongside Firebase JS SDK v9 or v10 [compat](https://firebase.google.com/docs/web/modular-upgrade#about_the_namespaced_compat_libraries).
 
 If using the CDN, change your Firebase imports to:
 
 ```html
-<script src="https://www.gstatic.com/firebasejs/9.13.0/firebase-app-compat.js"></script>
-<script src="https://www.gstatic.com/firebasejs/9.13.0/firebase-auth-compat.js"></script>
+<script src="https://www.gstatic.com/firebasejs/10.0.0/firebase-app-compat.js"></script>
+<script src="https://www.gstatic.com/firebasejs/10.0.0/firebase-auth-compat.js"></script>
 ```
 
 If NPM:

bower.json

@@ -22,6 +22,6 @@
     "out"
   ],
   "dependencies": {
-    "firebase": "^9.1.3"
+    "firebase": "^9.1.3 || ^10.0.0"
   }
 }

buildtools/container/Dockerfile

@@ -1,16 +1,22 @@
-FROM node:14.17.3
+FROM ubuntu:latest
 
 # Install dependencies: curl, git, jq, python2 and jre8.
 RUN apt-get update && \
-    apt-get install -y curl git jq python openjdk-8-jre-headless
+    apt-get install -y curl git jq python-is-python3 openjdk-11-jre-headless nodejs npm wget
 
-# Install npm at 6.14.13.
-RUN npm install --global [email protected]
+# Print Node version and npm version
+RUN node -v
+RUN npm -v
 
 # Install hub
 RUN curl -fsSL --output hub.tgz https://github.com/github/hub/releases/download/v2.11.2/hub-linux-amd64-2.11.2.tgz
 RUN tar --strip-components=2 -C /usr/bin -xf hub.tgz hub-linux-amd64-2.11.2/bin/hub
 
 # Install the lastest Chrome stable version.
-RUN wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
-RUN dpkg -i google-chrome-stable_current_amd64.deb; apt-get -fy install
+# RUN wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
+# RUN dpkg -i google-chrome-stable_current_amd64.deb; apt-get -fy install
+
+# Pin Chrome v119 because we're pinning this version in CI.
+# TODO: Install the lastest Chrome stable version once we unpin chrome version in CI.
+RUN wget https://edgedl.me.gvt1.com/edgedl/chrome/chrome-for-testing/119.0.6045.105/linux64/chrome-linux64.zip
+RUN dpkg -i google-chrome-stable_119.0.6045.105_amd64.deb; apt-get -fy install

buildtools/run_tests.sh

@@ -86,7 +86,11 @@ if [[ $1 = "--saucelabs" ]]; then
 else
   echo "Using Headless Chrome."
   # Updates Selenium Webdriver.
-  GOOGLE_CHROME_VERSION=$(google-chrome --product-version || echo 'latest')
+
+  # TODO(jhuleatt) this is failing when `google-chrome --product-version` returns Chrome 115.0.5790.110
+  # so for now, hard code latest
+  # GOOGLE_CHROME_VERSION=$(google-chrome --product-version || echo 'latest')
+  GOOGLE_CHROME_VERSION=$(echo 'latest')
   echo "$PROTRACTOR_BIN_PATH/webdriver-manager update --versions.chrome=$GOOGLE_CHROME_VERSION --gecko=false"
   $PROTRACTOR_BIN_PATH/webdriver-manager update --versions.chrome=$GOOGLE_CHROME_VERSION --gecko=false
   # Start Selenium Webdriver.

buildtools/sauce_connect.sh

@@ -23,9 +23,9 @@
 
 # Setup and start Sauce Connect locally.
 if [[ $OSTYPE == 'darwin'* ]]; then
-  CONNECT_URL="https://saucelabs.com/downloads/sc-4.7.1-osx.zip"
+  CONNECT_URL="https://saucelabs.com/downloads/sc-4.9.2-osx.zip"
 else
-  CONNECT_URL="https://saucelabs.com/downloads/sc-4.7.1-linux.tar.gz"
+  CONNECT_URL="https://saucelabs.com/downloads/sc-4.9.2-linux.tar.gz"
 fi
 CONNECT_DIR="/tmp/sauce-connect-$RANDOM"
 CONNECT_DOWNLOAD="sc-latest-linux.tar.gz"

demo/public/index.html

@@ -4,8 +4,8 @@
     <meta charset="UTF-8">
     <title>FirebaseUI Auth Demo</title>
     <link rel="manifest" href="manifest.json">
-    <script src="https://www.gstatic.com/firebasejs/9.13.0/firebase-app-compat.js"></script>
-    <script src="https://www.gstatic.com/firebasejs/9.13.0/firebase-auth-compat.js"></script>
+    <script src="https://www.gstatic.com/firebasejs/10.0.0/firebase-app-compat.js"></script>
+    <script src="https://www.gstatic.com/firebasejs/10.0.0/firebase-auth-compat.js"></script>
     <script src="config.js"></script>
     <script src="common.js"></script>
     <link href="style.css" rel="stylesheet" type="text/css" media="screen" />

demo/public/widget.html

@@ -3,8 +3,8 @@
   <head>
     <meta charset="UTF-8">
     <title>FirebaseUI Auth Demo</title>
-    <script src="https://www.gstatic.com/firebasejs/9.13.0/firebase-app-compat.js"></script>
-    <script src="https://www.gstatic.com/firebasejs/9.13.0/firebase-auth-compat.js"></script>
+    <script src="https://www.gstatic.com/firebasejs/10.0.0/firebase-app-compat.js"></script>
+    <script src="https://www.gstatic.com/firebasejs/10.0.0/firebase-auth-compat.js"></script>
     <script src="config.js"></script>
     <script src="common.js"></script>
     <script src="dist/firebaseui.js"></script>

javascript/widgets/handler/actioncode.js

@@ -129,27 +129,36 @@ firebaseui.auth.widget.handler.resetPassword_ = function(
  */
 firebaseui.auth.widget.handler.handlePasswordResetFailure_ = function(
     app, container, opt_component, opt_error) {
-  var errorCode = opt_error && opt_error['code'];
-  if (errorCode == 'auth/weak-password') {
+  const errorCode = opt_error && opt_error['code'];
+  if (errorCode === 'auth/weak-password') {
     // Handles this error differently as it just requires to display a message
     // to the user to use a longer password.
-    var errorMessage =
+    const errorMessage =
         firebaseui.auth.widget.handler.common.getErrorMessage(opt_error);
     firebaseui.auth.ui.element.setValid(
         opt_component.getNewPasswordElement(), false);
     firebaseui.auth.ui.element.show(
         opt_component.getNewPasswordErrorElement(), errorMessage);
     opt_component.getNewPasswordElement().focus();
-    return;
-  }
-
-  if (opt_component) {
-    opt_component.dispose();
+  } else if (errorCode === 'auth/password-does-not-meet-requirements') {
+    // Pass the error message from the backend which contains all the password
+    // requirements to be met.
+    const errorMessage =
+        firebaseui.auth.widget.handler.common.getErrorMessage(opt_error);
+    firebaseui.auth.ui.element.setValid(
+        opt_component.getNewPasswordElement(), false);
+    firebaseui.auth.ui.element.show(
+        opt_component.getNewPasswordErrorElement(), errorMessage);
+    opt_component.getNewPasswordElement().focus();
+  } else {
+    if (opt_component) {
+      opt_component.dispose();
+    }
+    var component = new firebaseui.auth.ui.page.PasswordResetFailure();
+    component.render(container);
+    // Set current UI component.
+    app.setCurrentComponent(component);
   }
-  var component = new firebaseui.auth.ui.page.PasswordResetFailure();
-  component.render(container);
-  // Set current UI component.
-  app.setCurrentComponent(component);
 };
 
 

javascript/widgets/handler/actioncode_test.js

@@ -201,6 +201,79 @@ function testHandlePasswordReset_weakPasswordError() {
 }
 
 
+function testHandlePasswordReset_nonCompliantPasswordError() {
+  const errorMessage = 'Missing password requirements: [Password may contain at most 16 characters, Password must contain a lower case character, Password must contain an upper case character, Password must contain a numeric character, Password must contain a non-alphanumeric character]';
+  const error = {
+    'code': 'auth/password-does-not-meet-requirements',
+    'message': errorMessage
+  };
+  asyncTestCase.waitForSignals(1);
+  firebaseui.auth.widget.handler.handlePasswordReset(
+      app, container, 'PASSWORD_RESET_ACTION_CODE');
+  // Successful action code verification.
+  app.getAuth().assertVerifyPasswordResetCode(
+      ['PASSWORD_RESET_ACTION_CODE'], '[email protected]');
+  app.getAuth()
+      .process()
+      .then(function() {
+        // Password reset page should show.
+        assertPasswordResetPage();
+
+        goog.dom.forms.setValue(getNewPasswordElement(), '123');
+        // Submit password reset form.
+        submitForm();
+        // Simulates password doesn't meet requirements.
+        app.getAuth().assertConfirmPasswordReset(
+            ['PASSWORD_RESET_ACTION_CODE', '123'], null, error);
+        return app.getAuth().process();
+      })
+      .then(function() {
+        // Error message should be shown on the same page.
+        assertPasswordResetPage();
+        assertEquals(
+            firebaseui.auth.widget.handler.common.getErrorMessage(error),
+            getNewPasswordErrorMessage());
+        asyncTestCase.signal();
+      });
+}
+
+
+function testHandlePasswordReset_nonCompliantPassword_emptyError() {
+  const error = {
+    'code': 'auth/password-does-not-meet-requirements',
+    'message': ''
+  };
+  asyncTestCase.waitForSignals(1);
+  firebaseui.auth.widget.handler.handlePasswordReset(
+      app, container, 'PASSWORD_RESET_ACTION_CODE');
+  // Successful action code verification.
+  app.getAuth().assertVerifyPasswordResetCode(
+      ['PASSWORD_RESET_ACTION_CODE'], '[email protected]');
+  app.getAuth()
+      .process()
+      .then(function() {
+        // Password reset page should show.
+        assertPasswordResetPage();
+
+        goog.dom.forms.setValue(getNewPasswordElement(), '123');
+        // Submit password reset form.
+        submitForm();
+        // Simulates password doesn't meet requirements.
+        app.getAuth().assertConfirmPasswordReset(
+            ['PASSWORD_RESET_ACTION_CODE', '123'], null, error);
+        return app.getAuth().process();
+      })
+      .then(function() {
+        // Error message should be shown on the same page.
+        assertPasswordResetPage();
+        assertEquals(
+            firebaseui.auth.widget.handler.common.getErrorMessage(error),
+            getNewPasswordErrorMessage());
+        asyncTestCase.signal();
+      });
+}
+
+
 function testHandlePasswordReset_failToResetPassword() {
   asyncTestCase.waitForSignals(1);
   firebaseui.auth.widget.handler.handlePasswordReset(