From 9ca25b9b205f279a889bf737845527ff1706f0ae Mon Sep 17 00:00:00 2001 From: Brian Rodriguez Date: Fri, 2 Apr 2021 19:44:01 -0400 Subject: [PATCH] Fix #11462: Migrate to Firebase authentication (#12392) * bump pip to 20.3.4 * add 20.3.4 check * add 20.3.4 tests * improve error message * fix lint * auto-upgrade pip * Migrate to Firebase authentication * address comments * create user in lighthouse main * add comments to FirebaseErrorFilterHandler * undo disable account deletion * address comments * fix lint * suppress user info when on login/logout pages * always use email.toLowerCase() * combine AdminSuperAdminPrivilegesHandler --- .firebase.json | 7 + .github/CODEOWNERS | 3 + .isort.cfg | 2 +- app_dev.yaml | 26 + assets/constants.ts | 13 +- core/controllers/admin.py | 46 + core/controllers/admin_test.py | 114 ++ core/controllers/base.py | 36 +- core/controllers/base_test.py | 70 +- core/controllers/creator_dashboard_test.py | 2 +- core/controllers/editor_test.py | 47 - core/domain/auth_jobs_one_off.py | 355 ++++-- core/domain/auth_jobs_one_off_test.py | 598 +++++---- core/domain/auth_services.py | 26 + core/domain/auth_validators.py | 52 + core/domain/auth_validators_test.py | 23 + core/domain/prod_validation_jobs_one_off.py | 8 + core/domain/user_services.py | 11 +- core/jobs_registry.py | 3 +- core/platform/auth/firebase_auth_services.py | 165 ++- .../auth/firebase_auth_services_test.py | 1079 +++++++++++------ core/platform/models.py | 8 +- core/platform/models_test.py | 4 +- core/storage/auth/gae_models.py | 21 + core/storage/auth/gae_models_test.py | 21 + .../top-navigation-bar.directive.html | 2 +- .../admin/admin-backend-api.service.spec.ts | 28 + .../domain/admin/admin-backend-api.service.ts | 14 + .../pages/admin-page/admin-page.constants.ts | 1 + .../misc-tab/admin-misc-tab.directive.html | 30 + .../misc-tab/admin-misc-tab.directive.ts | 38 + core/templates/pages/header_css_libs.html | 2 - .../login-page/login-page.component.html | 78 ++ .../login-page/login-page.component.spec.ts | 314 +++++ .../pages/login-page/login-page.component.ts | 108 ++ .../pages/login-page/login-page.import.ts | 36 + .../pages/login-page/login-page.mainpage.html | 26 + .../pages/login-page/login-page.module.ts | 118 ++ .../logout-page/logout-page.component.spec.ts | 163 +++ .../logout-page/logout-page.component.ts | 58 + .../pages/logout-page/logout-page.import.ts | 36 + .../logout-page/logout-page.mainpage.html | 26 + .../pages/logout-page/logout-page.module.ts | 71 ++ core/templates/services/alerts.service.ts | 63 +- .../services/auth-backend-api.service.spec.ts | 14 +- .../services/auth-backend-api.service.ts | 4 + core/templates/services/auth.service.spec.ts | 211 ++-- core/templates/services/auth.service.ts | 160 ++- core/templates/services/loader.service.ts | 14 +- core/templates/services/user.service.spec.ts | 20 + core/templates/services/user.service.ts | 19 +- ....txt => requirements_invalid_git_test.txt} | 5 +- core/tests/protractor.conf.js | 8 + core/tests/protractor/featureGatingFlow.js | 25 - .../protractor_desktop/topicAndStoryViewer.js | 11 +- core/tests/protractor_desktop/wipeout.js | 21 +- core/tests/protractor_mobile/navigation.js | 2 +- .../TopicAndStoryViewerPage.js | 7 - core/tests/protractor_utils/general.js | 56 +- core/tests/protractor_utils/users.js | 159 ++- core/tests/puppeteer/lighthouse_setup.js | 11 +- core/tests/test_utils.py | 42 +- core/tests/test_utils_test.py | 83 +- feconf.py | 7 +- main.py | 9 +- package.json | 3 +- puppeteer-login-script.js | 11 +- scripts/build.py | 13 +- scripts/build_test.py | 1 + scripts/common.py | 1 + scripts/pre_commit_hook.py | 5 +- webpack.common.config.ts | 18 + yarn.lock | 380 ++++-- 73 files changed, 3963 insertions(+), 1309 deletions(-) create mode 100644 .firebase.json create mode 100644 core/templates/pages/login-page/login-page.component.html create mode 100644 core/templates/pages/login-page/login-page.component.spec.ts create mode 100644 core/templates/pages/login-page/login-page.component.ts create mode 100644 core/templates/pages/login-page/login-page.import.ts create mode 100644 core/templates/pages/login-page/login-page.mainpage.html create mode 100644 core/templates/pages/login-page/login-page.module.ts create mode 100644 core/templates/pages/logout-page/logout-page.component.spec.ts create mode 100644 core/templates/pages/logout-page/logout-page.component.ts create mode 100644 core/templates/pages/logout-page/logout-page.import.ts create mode 100644 core/templates/pages/logout-page/logout-page.mainpage.html create mode 100644 core/templates/pages/logout-page/logout-page.module.ts rename core/tests/data/third_party/{ignorable_requirements_test.txt => requirements_invalid_git_test.txt} (75%) diff --git a/.firebase.json b/.firebase.json new file mode 100644 index 000000000000..9140b51247bc --- /dev/null +++ b/.firebase.json @@ -0,0 +1,7 @@ +{ + "emulators": { + "auth": { + "port": "9099" + } + } +} diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index b2c0809cef9a..df15ea866f0e 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -468,6 +468,8 @@ /core/templates/combined-tests.spec.ts @srijanreddy98 /core/templates/pages/interaction-specs.constants.ajs.ts @jameesjohn @vojtechjelinek /core/templates/pages/interaction-specs.constants.ts @nithusha21 +/core/templates/pages/login-page/ @brianrodri +/core/templates/pages/logout-page/ @brianrodri /core/templates/I18nFooter.ts @nithusha21 /core/templates/i18n-footer.directive.html @nithusha21 /core/templates/services/app.service*.ts @srijanreddy98 @@ -479,6 +481,7 @@ # TODO(#11811): Replace @BenHenning with @seanlip after 2021-02-07. /redis.conf @BenHenning /release_constants.json @DubeySandeep @nithusha21 +/.firebase.json @brianrodri # Miscellaneous. diff --git a/.isort.cfg b/.isort.cfg index 7cf66a92a171..c09433cb65ff 100644 --- a/.isort.cfg +++ b/.isort.cfg @@ -2,6 +2,6 @@ force_single_line=true force_sort_within_sections=true ignore_whitespace=true -known_third_party=apache_beam,backports.functools_lru_cache,browsermobproxy,cloudstorage,contextlib2,elasticsearch,firebase_admin,google.api_core,google.appengine,google.cloud,google.protobuf,jinja2,mapreduce,mutagen,pipeline,pkg_resources,psutil,pylatexenc,pylint,requests,requests_mock,selenium,six,skulpt,webapp2,webapp2_extras,webtest,yaml +known_third_party=apache_beam,backports.functools_lru_cache,browsermobproxy,cloudstorage,contextlib2,elasticsearch,firebase_admin,google.api_core,google.appengine,google.cloud,google.protobuf,jinja2,mapreduce,mock,mutagen,pipeline,pkg_resources,psutil,pylatexenc,pylint,requests,requests_mock,selenium,six,skulpt,webapp2,webapp2_extras,webtest,yaml line_length=80 sections=FUTURE,STDLIB,FIRSTPARTY,THIRDPARTY,LOCALFOLDER diff --git a/app_dev.yaml b/app_dev.yaml index f436d6470cf5..82d2de281659 100644 --- a/app_dev.yaml +++ b/app_dev.yaml @@ -186,6 +186,28 @@ handlers: X-Xss-Protection: "1; mode=block" secure: always expiration: "0" +- url: /login + static_files: webpack_bundles/login-page.mainpage.html + upload: webpack_bundles/login-page.mainpage.html + http_headers: + Pragma: no-cache + Strict-Transport-Security: "max-age=31536000; includeSubDomains" + X-Content-Type-Options: "nosniff" + X-Frame-Options: "DENY" + X-Xss-Protection: "1; mode=block" + secure: always + expiration: "0" +- url: /logout + static_files: webpack_bundles/logout-page.mainpage.html + upload: webpack_bundles/logout-page.mainpage.html + http_headers: + Pragma: no-cache + Strict-Transport-Security: "max-age=31536000; includeSubDomains" + X-Content-Type-Options: "nosniff" + X-Frame-Options: "DENY" + X-Xss-Protection: "1; mode=block" + secure: always + expiration: "0" - url: /creator-guidelines static_files: webpack_bundles/playbook.mainpage.html upload: webpack_bundles/playbook.mainpage.html @@ -273,6 +295,10 @@ env_variables: # redirects to these instructions to disable URL fetch: # https://cloud.google.com/appengine/docs/standard/python/sockets#making_httplib_use_sockets GAE_USE_SOCKETS_HTTPLIB : "anyvalue" +# FIREBASE_AUTH_EMULATOR_HOST is needed to allow the Firebase SDK to connect +# with the Firebase emulator. THIS MUST NOT BE DEPLOYED TO PRODUCTION. We +# protect against this in the build script. + FIREBASE_AUTH_EMULATOR_HOST: "localhost:9099" skip_files: # .pyc and .pyo files diff --git a/assets/constants.ts b/assets/constants.ts index 366b003c5f4c..36cf3c14b685 100644 --- a/assets/constants.ts +++ b/assets/constants.ts @@ -5439,21 +5439,22 @@ export default { "ANALYTICS_ID": "", "SITE_NAME_FOR_ANALYTICS": "", - "FIREBASE_AUTH_ENABLED": false, + "FIREBASE_AUTH_ENABLED": true, + + // TODO(#11462): Delete this after Firebase authentication has been deployed. + "ENABLE_LOGIN_PAGE": true, // Data required for Firebase authentication. // // NOTE TO RELEASE COORDINATORS: Please change these to the production values, // and change useEmulator to be false, before deploying to production. "FIREBASE_CONFIG_API_KEY": "fake-api-key", - "FIREBASE_CONFIG_APP_ID": "", "FIREBASE_CONFIG_AUTH_DOMAIN": "", - "FIREBASE_CONFIG_DATABASE_URL": "", - "FIREBASE_CONFIG_GOOGLE_CLIENT_ID": "", - "FIREBASE_CONFIG_MESSAGING_SENDER_ID": "", "FIREBASE_CONFIG_PROJECT_ID": "dev-project-id", "FIREBASE_CONFIG_STORAGE_BUCKET": "", - "FIREBASE_EMULATOR_ENABLED": true, + "FIREBASE_CONFIG_MESSAGING_SENDER_ID": "", + "FIREBASE_CONFIG_APP_ID": "", + "FIREBASE_CONFIG_GOOGLE_CLIENT_ID": "", "ALLOW_YAML_FILE_UPLOAD": false, diff --git a/core/controllers/admin.py b/core/controllers/admin.py index 725d4f195900..7f9063ca6421 100644 --- a/core/controllers/admin.py +++ b/core/controllers/admin.py @@ -25,6 +25,7 @@ from core import jobs_registry from core.controllers import acl_decorators from core.controllers import base +from core.domain import auth_services from core.domain import caching_services from core.domain import collection_services from core.domain import config_domain @@ -729,6 +730,51 @@ def post(self): self.render_json({}) +class AdminSuperAdminPrivilegesHandler(base.BaseHandler): + """Handler for granting a user super admin privileges.""" + + PUT_HANDLER_ERROR_RETURN_TYPE = feconf.HANDLER_TYPE_JSON + DELETE_HANDLER_ERROR_RETURN_TYPE = feconf.HANDLER_TYPE_JSON + + @acl_decorators.can_access_admin_page + def put(self): + if self.email != feconf.ADMIN_EMAIL_ADDRESS: + raise self.UnauthorizedUserException( + 'Only the default system admin can manage super admins') + + username = self.payload.get('username', None) + if username is None: + raise self.InvalidInputException('Missing username param') + + user_id = user_services.get_user_id_from_username(username) + if user_id is None: + raise self.InvalidInputException('No such user exists') + + auth_services.grant_super_admin_privileges(user_id) + self.render_json(self.values) + + @acl_decorators.can_access_admin_page + def delete(self): + if self.email != feconf.ADMIN_EMAIL_ADDRESS: + raise self.UnauthorizedUserException( + 'Only the default system admin can manage super admins') + + username = self.request.get('username', None) + if username is None: + raise self.InvalidInputException('Missing username param') + + user_settings = user_services.get_user_settings_from_username(username) + if user_settings is None: + raise self.InvalidInputException('No such user exists') + + if user_settings.email == feconf.ADMIN_EMAIL_ADDRESS: + raise self.InvalidInputException( + 'Cannot revoke privileges from the default super admin account') + + auth_services.revoke_super_admin_privileges(user_settings.user_id) + self.render_json(self.values) + + class AdminJobOutputHandler(base.BaseHandler): """Retrieves job output to show on the admin page.""" diff --git a/core/controllers/admin_test.py b/core/controllers/admin_test.py index da1c0772c123..72313d6139c5 100644 --- a/core/controllers/admin_test.py +++ b/core/controllers/admin_test.py @@ -48,6 +48,7 @@ from core.domain import user_services from core.domain import wipeout_service from core.platform import models +from core.platform.auth import firebase_auth_services from core.tests import test_utils import feconf import utils @@ -86,6 +87,7 @@ class AdminIntegrationTest(test_utils.GenericTestBase): def setUp(self): """Complete the signup process for self.ADMIN_EMAIL.""" super(AdminIntegrationTest, self).setUp() + self.signup(feconf.ADMIN_EMAIL_ADDRESS, 'testsuper') self.signup(self.ADMIN_EMAIL, self.ADMIN_USERNAME) self.signup(self.EDITOR_EMAIL, self.EDITOR_USERNAME) self.admin_id = self.get_user_id_from_email(self.ADMIN_EMAIL) @@ -1033,6 +1035,118 @@ def test_update_flag_rules_with_unexpected_exception_returns_500(self): feature.name) self.logout() + def test_grant_super_admin_privileges(self): + self.login(feconf.ADMIN_EMAIL_ADDRESS, is_super_admin=True) + + grant_super_admin_privileges_stub = self.swap_with_call_counter( + firebase_auth_services, 'grant_super_admin_privileges') + + with grant_super_admin_privileges_stub as call_counter: + response = self.put_json( + '/adminsuperadminhandler', + {'username': self.ADMIN_USERNAME}, + csrf_token=self.get_new_csrf_token(), + expected_status_int=200) + + self.assertEqual(call_counter.times_called, 1) + self.assertNotIn('error', response) + + def test_grant_super_admin_privileges_requires_system_default_admin(self): + self.login(self.ADMIN_EMAIL, is_super_admin=True) + + grant_super_admin_privileges_stub = self.swap_with_call_counter( + firebase_auth_services, 'grant_super_admin_privileges') + + with grant_super_admin_privileges_stub as call_counter: + response = self.put_json( + '/adminsuperadminhandler', + {'username': self.ADMIN_USERNAME}, + csrf_token=self.get_new_csrf_token(), + expected_status_int=401) + + self.assertEqual(call_counter.times_called, 0) + self.assertEqual( + response['error'], + 'Only the default system admin can manage super admins') + + def test_grant_super_admin_privileges_fails_without_username(self): + self.login(feconf.ADMIN_EMAIL_ADDRESS, is_super_admin=True) + + response = self.put_json( + '/adminsuperadminhandler', {}, csrf_token=self.get_new_csrf_token(), + expected_status_int=400) + + self.assertEqual(response['error'], 'Missing username param') + + def test_grant_super_admin_privileges_fails_with_invalid_username(self): + self.login(feconf.ADMIN_EMAIL_ADDRESS, is_super_admin=True) + + response = self.put_json( + '/adminsuperadminhandler', {'username': 'fakeusername'}, + csrf_token=self.get_new_csrf_token(), expected_status_int=400) + + self.assertEqual(response['error'], 'No such user exists') + + def test_revoke_super_admin_privileges(self): + self.login(feconf.ADMIN_EMAIL_ADDRESS, is_super_admin=True) + + revoke_super_admin_privileges_stub = self.swap_with_call_counter( + firebase_auth_services, 'revoke_super_admin_privileges') + + with revoke_super_admin_privileges_stub as call_counter: + response = self.delete_json( + '/adminsuperadminhandler', + params={'username': self.ADMIN_USERNAME}, + expected_status_int=200) + + self.assertEqual(call_counter.times_called, 1) + self.assertNotIn('error', response) + + def test_revoke_super_admin_privileges_requires_system_default_admin(self): + self.login(self.ADMIN_EMAIL, is_super_admin=True) + + revoke_super_admin_privileges_stub = self.swap_with_call_counter( + firebase_auth_services, 'revoke_super_admin_privileges') + + with revoke_super_admin_privileges_stub as call_counter: + response = self.delete_json( + '/adminsuperadminhandler', + params={'username': self.ADMIN_USERNAME}, + expected_status_int=401) + + self.assertEqual(call_counter.times_called, 0) + self.assertEqual( + response['error'], + 'Only the default system admin can manage super admins') + + def test_revoke_super_admin_privileges_fails_without_username(self): + self.login(feconf.ADMIN_EMAIL_ADDRESS, is_super_admin=True) + + response = self.delete_json( + '/adminsuperadminhandler', params={}, expected_status_int=400) + + self.assertEqual(response['error'], 'Missing username param') + + def test_revoke_super_admin_privileges_fails_with_invalid_username(self): + self.login(feconf.ADMIN_EMAIL_ADDRESS, is_super_admin=True) + + response = self.delete_json( + '/adminsuperadminhandler', + params={'username': 'fakeusername'}, expected_status_int=400) + + self.assertEqual(response['error'], 'No such user exists') + + def test_revoke_super_admin_privileges_fails_for_default_admin(self): + self.login(feconf.ADMIN_EMAIL_ADDRESS, is_super_admin=True) + + response = self.delete_json( + '/adminsuperadminhandler', params={'username': 'testsuper'}, + expected_status_int=400) + + self.assertEqual( + response['error'], + 'Cannot revoke privileges from the default super admin account') + class GenerateDummyExplorationsTest(test_utils.GenericTestBase): """Test the conditions for generation of dummy explorations.""" diff --git a/core/controllers/base.py b/core/controllers/base.py index 55ac2456ff28..ec4a6c0adb1c 100755 --- a/core/controllers/base.py +++ b/core/controllers/base.py @@ -63,26 +63,36 @@ def load_template(filename): class SessionBeginHandler(webapp2.RequestHandler): - """Class which handles the creation of a new authentication session.""" + """Handler for creating new authentication sessions.""" def get(self): """Establishes a new auth session.""" auth_services.establish_auth_session(self.request, self.response) -class LogoutPage(webapp2.RequestHandler): - """Class which handles the logout URL.""" +class SessionEndHandler(webapp2.RequestHandler): + """Handler for destroying existing authentication sessions.""" def get(self): - """Logs the user out, and returns them to a specified follow-up - page (or the home page if no follow-up page is specified). - """ - + """Destroys an existing auth session.""" auth_services.destroy_auth_session(self.response) - url_to_redirect_to = ( - python_utils.convert_to_bytes( - self.request.get('redirect_url', '/'))) - self.redirect(url_to_redirect_to) + + +class SeedFirebaseHandler(webapp2.RequestHandler): + """Handler for preparing Firebase and Oppia to run SeedFirebaseOneOffJob. + + TODO(#11462): Delete this handler once the Firebase migration logic is + rollback-safe and all backup data is using post-migration data. + """ + + def get(self): + """Prepares Firebase and Oppia to run SeedFirebaseOneOffJob.""" + try: + auth_services.seed_firebase() + except Exception: + logging.exception('Failed to prepare for SeedFirebaseOneOffJob') + finally: + self.redirect('/') class UserFacingExceptions(python_utils.OBJECT): @@ -164,6 +174,7 @@ def __init__(self, request, response): # pylint: disable=super-init-not-called self.user_id = None self.username = None + self.email = None self.partially_logged_in = False self.user_is_scheduled_for_deletion = False @@ -176,6 +187,8 @@ def __init__(self, request, response): # pylint: disable=super-init-not-called # the not-fully registered user. email = auth_claims.email if 'signup?' in self.request.uri: + if not feconf.ENABLE_USER_CREATION: + raise Exception('New sign-ups are temporarily disabled') user_settings = ( user_services.create_new_user(auth_id, email)) else: @@ -185,6 +198,7 @@ def __init__(self, request, response): # pylint: disable=super-init-not-called auth_services.destroy_auth_session(self.response) return + self.email = user_settings.email self.values['user_email'] = user_settings.email self.user_id = user_settings.user_id diff --git a/core/controllers/base_test.py b/core/controllers/base_test.py index 6e366981effc..daa796c29b26 100644 --- a/core/controllers/base_test.py +++ b/core/controllers/base_test.py @@ -40,6 +40,7 @@ from core.domain import rights_manager from core.domain import user_services from core.platform import models +from core.platform.auth import firebase_auth_services from core.tests import test_utils import feconf import main @@ -709,45 +710,60 @@ def test_downloadable(self): class SessionBeginHandlerTests(test_utils.GenericTestBase): - """Tests for session handler.""" + """Tests for /session_begin handler.""" def test_get(self): - call_counter = test_utils.CallCounter(lambda *_: None) + swap = self.swap_with_call_counter( + auth_services, 'establish_auth_session') - with self.swap(auth_services, 'establish_auth_session', call_counter): + with swap as call_counter: self.get_html_response('/session_begin', expected_status_int=200) self.assertEqual(call_counter.times_called, 1) -class LogoutPageTests(test_utils.GenericTestBase): - """Tests for logout handler.""" +class SessionEndHandlerTests(test_utils.GenericTestBase): + """Tests for /session_end handler.""" - def test_logout_page_calls_destroy_auth_session(self): - exp_services.load_demo('0') - self.get_html_response('/explore/0') + def test_get(self): + swap = ( + self.swap_with_call_counter(auth_services, 'destroy_auth_session')) + + with swap as call_counter: + self.get_html_response('/session_end', expected_status_int=200) + + self.assertEqual(call_counter.times_called, 1) - call_counter = test_utils.CallCounter(lambda _: None) - with self.swap(auth_services, 'destroy_auth_session', call_counter): - # Logout with valid query arg. This test only validates that the - # login cookies have expired after hitting the logout url. - self.get_html_response('/logout', expected_status_int=302) +class SeedFirebaseHandlerTests(test_utils.GenericTestBase): + """Tests for /seed_firebase handler.""" + + def test_get(self): + swap = self.swap_with_call_counter( + firebase_auth_services, 'seed_firebase') + + with swap as call_counter: + response = self.get_html_response( + '/seed_firebase', expected_status_int=302) self.assertEqual(call_counter.times_called, 1) + self.assertEqual(response.location, 'http://localhost/') - def test_logout_page_with_redirect_url(self): - exp_services.load_demo('0') - self.get_html_response('/explore/0') + def test_get_with_error(self): + swap = self.swap_with_call_counter( + firebase_auth_services, 'seed_firebase', raises=Exception()) - response = self.get_html_response( - '/logout?redirect_url=community-library', expected_status_int=302) + captured_logging_context = self.capture_logging(min_level=logging.ERROR) - self.assertIn('community-library', response.headers['Location']) + with swap as call_counter, captured_logging_context as logs: + response = self.get_html_response( + '/seed_firebase', expected_status_int=302) - def test_logout_page_with_dev_mode_disabled(self): - with self.swap(constants, 'DEV_MODE', False): - self.get_html_response('/logout', expected_status_int=302) + self.assertEqual(call_counter.times_called, 1) + self.assertEqual(response.location, 'http://localhost/') + self.assert_matches_regexps(logs, [ + 'Failed to prepare for SeedFirebaseOneOffJob' + ]) class I18nDictsTests(test_utils.GenericTestBase): @@ -970,8 +986,9 @@ class CheckAllHandlersHaveDecoratorTests(test_utils.GenericTestBase): UNDECORATED_HANDLERS = frozenset([ 'CsrfTokenHandler', 'Error404Handler', - 'LogoutPage', 'SessionBeginHandler', + 'SessionEndHandler', + 'SeedFirebaseHandler', ]) def test_every_method_has_decorator(self): @@ -1202,6 +1219,13 @@ def test_no_error_is_raised_on_opening_new_tab_after_signup(self): self.get_html_response('/community-library') + def test_500_error_is_raised_when_enable_user_creation_is_false(self): + self.login('abc@example.com') + + with self.swap(feconf, 'ENABLE_USER_CREATION', False): + response = self.get_response_without_checking_for_errors( + '%s?return_url=/' % feconf.SIGNUP_URL, [500]) + class CsrfTokenHandlerTests(test_utils.GenericTestBase): diff --git a/core/controllers/creator_dashboard_test.py b/core/controllers/creator_dashboard_test.py index 5317a0f6c5e5..6db087d32d08 100644 --- a/core/controllers/creator_dashboard_test.py +++ b/core/controllers/creator_dashboard_test.py @@ -129,7 +129,7 @@ def test_notifications_dashboard_redirects_for_logged_out_users(self): response = self.get_html_response( '/notifications', expected_status_int=302) # This should redirect to the login page. - self.assertIn('signup', response.headers['location']) + self.assertIn('login', response.headers['location']) self.assertIn('notifications', response.headers['location']) self.login('reader@example.com') diff --git a/core/controllers/editor_test.py b/core/controllers/editor_test.py index 96883de6002b..439550d0c7a1 100644 --- a/core/controllers/editor_test.py +++ b/core/controllers/editor_test.py @@ -265,53 +265,6 @@ def test_publish_exploration(self): self.logout() -class ExplorationEditorLogoutTest(BaseEditorControllerTests): - """Test handler for logout from exploration editor page.""" - - def test_logout_from_unpublished_exploration_editor(self): - """Logout from unpublished exploration should redirect - to library page. - """ - - unpublished_exp_id = '_unpublished_eid123' - exploration = exp_domain.Exploration.create_default_exploration( - unpublished_exp_id) - exp_services.save_new_exploration(self.owner_id, exploration) - - current_page_url = '%s/%s' % ( - feconf.EDITOR_URL_PREFIX, unpublished_exp_id) - self.login(self.OWNER_EMAIL) - response = self.get_html_response(current_page_url) - - response = self.get_html_response('/logout', expected_status_int=302) - self.assertEqual(response.status_int, 302) - self.assertEqual(response.headers['location'], 'http://localhost/') - self.logout() - - def test_logout_from_published_exploration_editor(self): - """Logout from published exploration should redirect - to same page. - """ - - published_exp_id = 'published_eid-123' - exploration = exp_domain.Exploration.create_default_exploration( - published_exp_id) - exp_services.save_new_exploration(self.owner_id, exploration) - - current_page_url = '%s/%s' % ( - feconf.EDITOR_URL_PREFIX, published_exp_id) - self.login(self.OWNER_EMAIL) - response = self.get_html_response(current_page_url) - - rights_manager.publish_exploration(self.owner, published_exp_id) - - response = self.get_html_response('/logout', expected_status_int=302) - self.assertEqual(response.status_int, 302) - self.assertEqual( - response.headers['location'], 'http://localhost/') - self.logout() - - class DownloadIntegrationTest(BaseEditorControllerTests): """Test handler for exploration and state download.""" diff --git a/core/domain/auth_jobs_one_off.py b/core/domain/auth_jobs_one_off.py index b6b89bf139e4..9fb45ba38a2a 100644 --- a/core/domain/auth_jobs_one_off.py +++ b/core/domain/auth_jobs_one_off.py @@ -20,7 +20,6 @@ from __future__ import unicode_literals # pylint: disable=import-only-modules import ast -import itertools from core import jobs from core.domain import auth_domain @@ -29,66 +28,202 @@ from core.platform.auth import gae_auth_services import feconf import python_utils +import utils import firebase_admin from firebase_admin import auth as firebase_auth -from firebase_admin import exceptions as firebase_exceptions + +auth_models, user_models = ( + models.Registry.import_models([models.NAMES.auth, models.NAMES.user])) ID_HASHING_FUNCTION = hash -MAX_USERS_FIREBASE_CAN_IMPORT_PER_CALL = 1000 -AUDIT_KEY = 'INFO: Pre-existing Firebase accounts' -FAILURE_KEY = 'FAILURE: Failed to create Firebase accounts' -SUCCESS_KEY = 'SUCCESS: Created Firebase accounts' -WARNING_KEY = 'WARNING: No action needed' +class SeedFirebaseOneOffJob(jobs.BaseMapReduceOneOffJobManager): + """Brings Firebase accounts and association models to a deterministic state. + + The following pre-conditions must hold for no errors to occur (accomplished + by calling the firebase_auth_services.seed_firebase() function): + 1. Exactly one FirebaseSeedModel must exist. + 2. feconf.ADMIN_EMAIL_ADDRESS must correspond to a UserAuthDetailsModel + where: + firebase_auth_id is not None AND + gae_id != feconf.SYSTEM_COMMITTER_ID. + 3. feconf.ADMIN_EMAIL_ADDRESS must correspond to exactly one + UserIdByFirebaseAuthIdModel where: + id equals the aforementioned firebase_auth_id AND + user_id is the ID of the aforementioned UserAuthDetailsModel. + 4. feconf.ADMIN_EMAIL_ADDRESS must correspond to exactly one Firebase + account where: + uid is equal to the aforementioned firebase_auth_id AND + custom_claims == {"role":"super_admin"}. + + The following post-conditions will hold if no errors occur: + 1. Exactly one Firebase account will exist: feconf.ADMIN_EMAIL_ADDRESS. + 2. Exactly one UserIdByFirebaseAuthIdModel model will exist. + 3. Exactly one UserAuthDetailsModel will have a non-None + firebase_auth_id value. + """ -SYSTEM_COMMITTER_ACK = 'INFO: SYSTEM_COMMITTER_ID skipped' + ASSOC_MODEL_TYPES = ( + auth_models.UserAuthDetailsModel, + auth_models.UserIdByFirebaseAuthIdModel) -POPULATED_KEY = 'ALREADY_DONE' -NOT_POPULATED_KEY = 'NEEDS_WORK' + INFO_SUPER_ADMIN_ACK = 'INFO: Found feconf.ADMIN_EMAIL_ADDRESS' + INFO_SYSTEM_COMMITTER_ACK = 'INFO: Found feconf.SYSTEM_COMMITTER_ID' + INFO_SEED_MODEL_ACK = 'INFO: Found FirebaseSeedModel' -auth_models, user_models = ( - models.Registry.import_models([models.NAMES.auth, models.NAMES.user])) + ERROR_BATCH_DELETE = 'ERROR: Failed to delete a batch of Firebase accounts' + ERROR_INDIVIDUAL_DELETE = ( + 'ERROR: Failed to delete an individual Firebase account') + SUCCESS_DELETE_ACCOUNTS = 'SUCCESS: Firebase accounts deleted' + SUCCESS_DELETE_ASSOC_TEMPLATE = 'SUCCESS: %s wiped' + SUCCESS_ALREADY_DELETED_ASSOC_TEMPLATE = 'SUCCESS: %s already wiped' -class AuditFirebaseImportReadinessOneOffJob(jobs.BaseMapReduceOneOffJobManager): - """One-off job to confirm whether users are ready for Firebase import.""" + MAX_USERS_FIREBASE_CAN_DELETE_PER_CALL = 1000 @classmethod def entity_classes_to_map_over(cls): - return [user_models.UserSettingsModel] + return [ + auth_models.FirebaseSeedModel, + auth_models.UserAuthDetailsModel, + auth_models.UserIdByFirebaseAuthIdModel, + ] @staticmethod - def map(user): - gae_auth_id = gae_auth_services.get_auth_id_from_user_id(user.id) - # NOTE: This committer ID is a legacy ACL-bypass that we no longer - # depend on. Because it is obsolete, we do not want it to have a - # Firebase account associated with it, or even consider it for import. - if gae_auth_id == feconf.SYSTEM_COMMITTER_ID: - yield (SYSTEM_COMMITTER_ACK, user.id) + def map(item): + # The map() function must be static, so we manually create a "cls" + # variable instead of changing the function into a classmethod. + cls = SeedFirebaseOneOffJob + + if isinstance(item, cls.ASSOC_MODEL_TYPES): + admin_ack = cls.get_admin_ack(item) + if admin_ack is not None: + yield admin_ack + else: + yield (cls.wipe_assoc_model(item), 1) return - if user.deleted: - yield ('[DELETED]', user.id) - else: - yield (user.email, user.id) + yield (cls.INFO_SEED_MODEL_ACK, item.id) + + for user_batch in cls.yield_firebase_user_batches(): + admins_to_ack, users_to_delete = utils.partition( + user_batch, + predicate=lambda user: user.email == feconf.ADMIN_EMAIL_ADDRESS) + + for user in admins_to_ack: + yield ( + '%s in Firebase account' % cls.INFO_SUPER_ADMIN_ACK, + 'firebase_auth_id=%s' % (user.uid)) + + ids_to_delete = [user.uid for user in users_to_delete] + try: + result = firebase_admin.auth.delete_users( + ids_to_delete, force_delete=True) + except Exception as exception: + yield (cls.ERROR_BATCH_DELETE, len(ids_to_delete)) + yield (cls.ERROR_BATCH_DELETE, 'reason=%r' % exception) + else: + for error in result.errors: + firebase_auth_id = ids_to_delete[error.index] + debug_info = 'firebase_auth_id=%s, reason=%s' % ( + firebase_auth_id, error.reason) + yield (cls.ERROR_INDIVIDUAL_DELETE, debug_info) + num_deleted = len(ids_to_delete) - len(result.errors) + if num_deleted: + yield (cls.SUCCESS_DELETE_ACCOUNTS, num_deleted) @staticmethod def reduce(key, values): - # NOTE: These are only sorted to make unit tests simpler. - if key == SYSTEM_COMMITTER_ACK: - yield (SYSTEM_COMMITTER_ACK, values) - return + # The reduce() function must be static, so we manually create a "cls" + # variable instead of changing the function into a classmethod. + cls = SeedFirebaseOneOffJob + + if key.startswith('SUCCESS:'): + yield (key, sum(int(v) for v in values)) + elif key == cls.ERROR_BATCH_DELETE: + reasons, counts = utils.partition( + values, predicate=lambda value: value.startswith('reason=')) + debug_info = 'count=%d, reasons=[%s]' % ( + sum(int(c) for c in counts), + ', '.join(sorted({r[7:] for r in reasons}))) + yield (key, debug_info) + else: + yield (key, values) - joined_user_ids = ', '.join(sorted(values)) + @classmethod + def yield_firebase_user_batches(cls): + """Yields every single Firebase account in batches.""" + # 1000 is the maximum amount of users that can be deleted at once. + page = firebase_admin.auth.list_users( + max_results=cls.MAX_USERS_FIREBASE_CAN_DELETE_PER_CALL) + while page is not None: + user_batch = page.users + if not user_batch: + break + yield user_batch + page = page.get_next_page() - if key == '[DELETED]': - yield ('ERROR: Found deleted users', joined_user_ids) + @classmethod + def get_admin_ack(cls, item): + """Returns an acknowledgement key if the item is associated to an admin. + + Args: + item: UserAuthDetailsModel|UserIdByFirebaseAuthIdModel. The item to + check. + + Returns: + str|None. A key acknowledging a super admin, or None if the item + does not correspond to a super admin. + """ + model_name = type(item).__name__ + + if isinstance(item, auth_models.UserAuthDetailsModel): + user_id = item.id + gae_auth_id = item.gae_id else: - email = key - if len(values) > 1: - yield ('ERROR: %s is a shared email' % email, joined_user_ids) + user_id = item.user_id + gae_auth_id = auth_models.UserAuthDetailsModel.get(user_id).gae_id + + if gae_auth_id == feconf.SYSTEM_COMMITTER_ID: + return ( + '%s in %s' % (cls.INFO_SYSTEM_COMMITTER_ACK, model_name), + 'user_id=%s' % user_id) + + user_settings_model = user_models.UserSettingsModel.get(user_id) + if user_settings_model.email == feconf.ADMIN_EMAIL_ADDRESS: + return ( + '%s in %s' % (cls.INFO_SUPER_ADMIN_ACK, model_name), + 'user_id=%s' % user_id) + + return None + + @classmethod + def wipe_assoc_model(cls, item): + """Wipes the given model of Firebase account associations. + + Args: + item: UserAuthDetailsModel|UserIdByFirebaseAuthIdModel. The item to + wipe. + + Returns: + str. The reduce key to yield from the map() function for further + processing. + """ + model_name = type(item).__name__ + + if isinstance(item, auth_models.UserAuthDetailsModel): + if item.firebase_auth_id is None: + return cls.SUCCESS_ALREADY_DELETED_ASSOC_TEMPLATE % model_name + else: + item.firebase_auth_id = None + item.update_timestamps(update_last_updated_time=False) + item.put() + else: + item.delete() + + return cls.SUCCESS_DELETE_ASSOC_TEMPLATE % model_name class PopulateFirebaseAccountsOneOffJob(jobs.BaseMapReduceOneOffJobManager): @@ -99,9 +234,23 @@ class PopulateFirebaseAccountsOneOffJob(jobs.BaseMapReduceOneOffJobManager): NOTE: **DO NOT** ASSUME THAT FIREBASE IDS AND OPPIA USER IDS WILL BE THE SAME! We are only doing this for users that already exist; future users that sign up with Firebase will have an entirely different ID. + + DO NOT START THIS JOB UNTIL SeedFirebaseOneOffJob COMPLETES WITHOUT ANY + ERRORS! """ NUM_SHARDS = 50 # Arbitrary value. + MAX_USERS_FIREBASE_CAN_IMPORT_PER_CALL = 1000 + + AUDIT_KEY = 'INFO: Pre-existing Firebase accounts' + ERROR_KEY = 'ERROR: Failed to create Firebase accounts' + SUCCESS_KEY = 'SUCCESS: Created Firebase accounts' + WARNING_KEY = 'WARNING: No action needed' + + SUPER_ADMIN_ACK = 'INFO: Super admin created' + SYSTEM_COMMITTER_ACK = 'INFO: SYSTEM_COMMITTER_ID skipped' + + POPULATED_KEY = 'ALREADY_DONE' @classmethod def entity_classes_to_map_over(cls): @@ -109,6 +258,10 @@ def entity_classes_to_map_over(cls): @staticmethod def map(user): + # The map() function must be static, so we manually create a "cls" + # variable instead of changing the function into a classmethod. + cls = PopulateFirebaseAccountsOneOffJob + if user.deleted: return @@ -117,69 +270,69 @@ def map(user): # depend on. Because it is obsolete, we do not want it to have a # Firebase account associated with it. if gae_auth_id == feconf.SYSTEM_COMMITTER_ID: - yield (SYSTEM_COMMITTER_ACK, user.id) + yield (cls.SYSTEM_COMMITTER_ACK, user.id) return auth_id = firebase_auth_services.get_auth_id_from_user_id(user.id) if auth_id is not None: - yield (POPULATED_KEY, 1) + yield (cls.POPULATED_KEY, 1) else: + user_is_super_admin = (user.email == feconf.ADMIN_EMAIL_ADDRESS) + if user_is_super_admin: + yield (cls.SUPER_ADMIN_ACK, user.id) + # Split up users into different shards to help speed up the job. - sharding_key = ( - ID_HASHING_FUNCTION(user.id) % - PopulateFirebaseAccountsOneOffJob.NUM_SHARDS) + sharding_key = ID_HASHING_FUNCTION(user.id) % cls.NUM_SHARDS yield ( - sharding_key, (_strip_uid_prefix(user.id), user.id, user.email)) + sharding_key, ( + cls.strip_uid_prefix(user.id), user.id, user.email, + user_is_super_admin)) @staticmethod def reduce(key, values): - if key == POPULATED_KEY: - yield (AUDIT_KEY, len(values)) - return - elif key == SYSTEM_COMMITTER_ACK: - yield (SYSTEM_COMMITTER_ACK, values) - return + # The reduce() function must be static, so we manually create a "cls" + # variable instead of changing the function into a classmethod. + cls = PopulateFirebaseAccountsOneOffJob - try: - # NOTE: "app" is the term Firebase uses for the "entry point" to the - # Firebase SDK. Oppia only has one server, so it only needs to - # instantiate one app. - firebase_connection = firebase_admin.initialize_app() - except Exception as exception: - yield (WARNING_KEY, repr(exception)) + if key == cls.POPULATED_KEY: + yield (cls.AUDIT_KEY, len(values)) + return + elif key in (cls.SUPER_ADMIN_ACK, cls.SYSTEM_COMMITTER_ACK): + yield (key, values) return # NOTE: This is only sorted to make unit testing easier. user_fields = sorted(ast.literal_eval(v) for v in values) user_records = [ firebase_auth.ImportUserRecord( - uid=auth_id, email=email, email_verified=True) - for auth_id, _, email in user_fields + uid=auth_id, email=email, email_verified=True, custom_claims=( + '{"role":"%s"}' % feconf.FIREBASE_ROLE_SUPER_ADMIN + if user_is_super_admin else None)) + for auth_id, _, email, user_is_super_admin in user_fields ] # The Firebase Admin SDK places a hard-limit on the number of users that # can be "imported" in a single call. To compensate, we break up the # users into chunks. offsets = python_utils.RANGE( - 0, len(user_records), MAX_USERS_FIREBASE_CAN_IMPORT_PER_CALL) + 0, len(user_records), cls.MAX_USERS_FIREBASE_CAN_IMPORT_PER_CALL) results = ( - _populate_firebase([record for record in record_group if record]) - for record_group in _grouper( - user_records, MAX_USERS_FIREBASE_CAN_IMPORT_PER_CALL)) + cls.populate_firebase([r for r in record_group if r is not None]) + for record_group in utils.grouper( + user_records, cls.MAX_USERS_FIREBASE_CAN_IMPORT_PER_CALL)) assocs_to_create = [] for offset, (result, exception) in python_utils.ZIP(offsets, results): if exception is not None: - yield (FAILURE_KEY, repr(exception)) + yield (cls.ERROR_KEY, repr(exception)) else: successful_indices = set(python_utils.RANGE( result.success_count + result.failure_count)) for error in result.errors: successful_indices.remove(error.index) - debug_info = ( - 'Import user_id=%r failed: %s' % ( - user_fields[offset + error.index][1], error.reason)) - yield (FAILURE_KEY, debug_info) + debug_info = 'Import user_id=%r failed: %s' % ( + user_fields[offset + error.index][1], error.reason) + yield (cls.ERROR_KEY, debug_info) assocs_to_create.extend( auth_domain.AuthIdUserIdPair(*user_fields[offset + i][:2]) for i in successful_indices) @@ -187,57 +340,27 @@ def reduce(key, values): if assocs_to_create: firebase_auth_services.associate_multi_auth_ids_with_user_ids( assocs_to_create) - yield (SUCCESS_KEY, len(assocs_to_create)) + yield (cls.SUCCESS_KEY, len(assocs_to_create)) + @classmethod + def populate_firebase(cls, user_records): + """Populates the Firebase server with the given user records. + + Args: + user_records: list(firebase_admin.auth.ImportUserRecord). Users to + store in Firebase. + + Returns: + tuple(UserImportResult|None, Exception|None). The result of the + operation, or an exception if the operation failed. Exactly one of + the values will be non-None. + """ try: - # NOTE: This is not dangerous. We are just deleting the resources - # used to form a connection to Firebase servers. - firebase_admin.delete_app(firebase_connection) + return (firebase_auth.import_users(user_records), None) except Exception as exception: - yield (WARNING_KEY, repr(exception)) + return (None, exception) - -def _grouper(iterable, chunk_len, fillvalue=None): - """Collect data into fixed-length chunks. - - Source: https://docs.python.org/3/library/itertools.html#itertools-recipes. - - Example: - grouper('ABCDEFG', 3, 'x') --> ABC DEF Gxx" - - Args: - iterable: iterable. Any kind of iterable object. - chunk_len: int. The chunk size to group values. - fillvalue: *. The value used to fill out the last chunk when the - iterable is exhausted. - - Returns: - iterable(iterable). A sequence of chunks over the input data. - """ - # To understand how/why this works, please refer to the following - # stackoverflow post: https://stackoverflow.com/a/49181132/4859885. - args = [iter(iterable)] * chunk_len - return itertools.izip_longest(*args, fillvalue=fillvalue) # pylint: disable=deprecated-itertools-function - - -def _populate_firebase(user_records): - """Populates the Firebase server with the given user records. - - Args: - user_records: list(firebase_admin.auth.ImportUserRecord). Users to store - in Firebase. - - Returns: - tuple(UserImportResult|None, Exception|None). The result of the - operation, or an exception if the operation failed. Exactly one of the - values will be non-None. - """ - try: - return (firebase_auth.import_users(user_records), None) - except firebase_exceptions.FirebaseError as exception: - return (None, exception) - - -def _strip_uid_prefix(user_id): - """Removes the 'uid_' prefix from a user_id and returns the result.""" - return user_id[4:] if user_id.startswith('uid_') else user_id + @classmethod + def strip_uid_prefix(cls, user_id): + """Removes the 'uid_' prefix from a user_id and returns the result.""" + return user_id[4:] if user_id.startswith('uid_') else user_id diff --git a/core/domain/auth_jobs_one_off_test.py b/core/domain/auth_jobs_one_off_test.py index 529827b04fa4..5298ceb5048e 100644 --- a/core/domain/auth_jobs_one_off_test.py +++ b/core/domain/auth_jobs_one_off_test.py @@ -29,20 +29,38 @@ from core.platform import models from core.platform.auth import firebase_auth_services from core.platform.auth import firebase_auth_services_test +from core.platform.auth import gae_auth_services from core.tests import test_utils import feconf import python_utils import contextlib2 +import firebase_admin.auth auth_models, user_models = ( models.Registry.import_models([models.NAMES.auth, models.NAMES.user])) +datastore_services = models.Registry.import_datastore_services() -class AuditFirebaseImportReadinessOneOffJobTests(test_utils.AppEngineTestBase): + +class FirebaseOneOffJobTestBase(test_utils.AppEngineTestBase): + """Base class for Firebase-dependent one-off jobs.""" AUTO_CREATE_DEFAULT_SUPERADMIN_USER = False + def setUp(self): + super(FirebaseOneOffJobTestBase, self).setUp() + self.exit_stack = contextlib2.ExitStack() + self.firebase_sdk_stub = ( + firebase_auth_services_test.FirebaseAdminSdkStub()) + + self.firebase_sdk_stub.install(self) + self.exit_stack.callback(self.firebase_sdk_stub.uninstall) + + def tearDown(self): + self.exit_stack.close() + super(FirebaseOneOffJobTestBase, self).tearDown() + def count_one_off_jobs_in_queue(self): """Returns the number of one off jobs in the taskqueue.""" return self.count_jobs_in_mapreduce_taskqueue( @@ -54,137 +72,186 @@ def run_one_off_job(self): Returns: *. The output of the one off job. """ - job_id = auth_jobs.AuditFirebaseImportReadinessOneOffJob.create_new() + job_id = self.JOB_CLASS.create_new() self.assertEqual(self.count_one_off_jobs_in_queue(), 0) - auth_jobs.AuditFirebaseImportReadinessOneOffJob.enqueue(job_id) + self.JOB_CLASS.enqueue(job_id) self.assertEqual(self.count_one_off_jobs_in_queue(), 1) self.process_and_flush_pending_mapreduce_tasks() self.assertEqual(self.count_one_off_jobs_in_queue(), 0) return sorted( - ast.literal_eval(o) for o in - auth_jobs.AuditFirebaseImportReadinessOneOffJob.get_output(job_id)) + ast.literal_eval(o) for o in self.JOB_CLASS.get_output(job_id)) - def create_user(self, user_id, email, deleted=False): - """Creates a new user with the provided ID and email address. + def create_user_auth_models( + self, user_id, email=None, firebase_auth_id=None, gae_id=None, + deleted=False): + """Adds the minimum model set necessary for a user account. Args: - user_id: str. The user's ID. - email: str. The user's email address. - deleted: bool. Value for the user's deleted property. + user_id: str. The Oppia ID of the user. + email: str|None. The email address of the user. If None, one will be + generated. + firebase_auth_id: str|None. The Firebase account ID of the user. If + None, no Firebase-related models will be created. + gae_id: str|None. The GAE ID of the user. If None, no GAE-related + models will be created. + deleted: bool. Value for the deleted property of the models. """ - user_models.UserSettingsModel( - id=user_id, email=email, deleted=deleted, - role=feconf.ROLE_ID_EXPLORATION_EDITOR, - preferred_language_codes=[constants.DEFAULT_LANGUAGE_CODE] - ).put() + if email is None: + email = '%s@example.com' % user_id + + models_to_put = [ + user_models.UserSettingsModel(id=user_id, email=email), + auth_models.UserAuthDetailsModel( + id=user_id, firebase_auth_id=firebase_auth_id, gae_id=gae_id, + deleted=deleted), + ] + if firebase_auth_id is not None: + models_to_put.append( + auth_models.UserIdByFirebaseAuthIdModel( + id=firebase_auth_id, user_id=user_id, + deleted=deleted)) + if gae_id is not None: + models_to_put.append( + auth_models.UserIdentifiersModel( + id=gae_id, user_id=user_id, deleted=deleted)) + + datastore_services.put_multi(models_to_put) + + def assert_firebase_assoc_exists(self, firebase_auth_id, user_id): + """Asserts that the given user's Firebase association exists. - def test_users_with_distinct_emails_returns_empty_output(self): - self.create_user('u1', 'u1@test.com') - self.create_user('u2', 'u2@test.com') + Args: + user_id: str. The Oppia ID of the user. + firebase_auth_id: str. The Firebase account ID of the user. + """ + self.assertEqual( + firebase_auth_services.get_auth_id_from_user_id(user_id), + firebase_auth_id) + self.assertEqual( + firebase_auth_services.get_user_id_from_auth_id(firebase_auth_id), + user_id) - self.assertEqual(self.run_one_off_job(), []) + def assert_firebase_assoc_does_not_exist(self, firebase_auth_id, user_id): + """Asserts that the given user's Firebase association doesn't exist. - def test_users_with_same_email_are_reported(self): - self.create_user('u1', 'a@test.com') - self.create_user('u2', 'a@test.com') + Args: + firebase_auth_id: str. The Firebase account ID of the user. + user_id: str. The Oppia ID of the user. + """ + self.assertIsNone( + firebase_auth_services.get_auth_id_from_user_id(user_id)) + self.assertIsNone( + firebase_auth_services.get_user_id_from_auth_id(firebase_auth_id)) - self.assertEqual(self.run_one_off_job(), [ - ['ERROR: a@test.com is a shared email', 'u1, u2'], - ]) + def assert_firebase_assoc_exists_multi(self, assocs): + """Asserts that the given users' Firebase association exists. - def test_deleted_users_are_reported(self): - self.create_user('u1', 'u1@test.com', deleted=True) - self.create_user('u2', 'u2@test.com', deleted=True) - self.create_user('u3', 'u3@test.com', deleted=False) + Args: + assocs: list(AuthIdUserIdPair). The associations to check. + """ + auth_ids, user_ids = (list(a) for a in python_utils.ZIP(*assocs)) + self.assertEqual( + firebase_auth_services.get_multi_auth_ids_from_user_ids(user_ids), + auth_ids) + self.assertEqual( + firebase_auth_services.get_multi_user_ids_from_auth_ids(auth_ids), + user_ids) - self.assertEqual(self.run_one_off_job(), [ - ['ERROR: Found deleted users', 'u1, u2'], - ]) + def assert_firebase_assoc_does_not_exist_multi(self, assocs): + """Asserts that the given users' Firebase association doesn't exist. - def test_system_committer_is_ignored_by_duplicate_email_check(self): - self.create_user('xx', 'admin@test.com') - self.create_user('yy', 'admin@test.com') - auth_models.UserAuthDetailsModel( - id='xx', gae_id=feconf.SYSTEM_COMMITTER_ID - ).put() - auth_models.UserIdentifiersModel( - id=feconf.SYSTEM_COMMITTER_ID, user_id='xx' - ).put() + Args: + assocs: list(AuthIdUserIdPair). The associations to check. + """ + auth_ids, user_ids = (list(a) for a in python_utils.ZIP(*assocs)) + self.assertEqual( + firebase_auth_services.get_multi_user_ids_from_auth_ids(auth_ids), + [None] * len(auth_ids)) + self.assertEqual( + firebase_auth_services.get_multi_auth_ids_from_user_ids(user_ids), + [None] * len(user_ids)) - self.assertEqual(self.run_one_off_job(), [ - ['INFO: SYSTEM_COMMITTER_ID skipped', ['xx']], - ]) + def assert_gae_assoc_exists(self, gae_id, user_id): + """Asserts that the given user's GAE association exists. - def test_system_committer_is_ignored_by_deleted_check(self): - self.create_user('u1', 'admin@test.com', deleted=True) - auth_models.UserAuthDetailsModel( - id='u1', gae_id=feconf.SYSTEM_COMMITTER_ID - ).put() - auth_models.UserIdentifiersModel( - id=feconf.SYSTEM_COMMITTER_ID, user_id='u1' - ).put() + Args: + user_id: str. The Oppia ID of the user. + gae_id: str. The GAE ID of the user. + """ + self.assertEqual( + gae_auth_services.get_auth_id_from_user_id(user_id), gae_id) + self.assertEqual( + gae_auth_services.get_user_id_from_auth_id(gae_id), user_id) - self.assertEqual(self.run_one_off_job(), [ - ['INFO: SYSTEM_COMMITTER_ID skipped', ['u1']], - ]) + def assert_gae_assoc_does_not_exist(self, gae_id, user_id): + """Asserts that the given user's GAE association doesn't exist. + Args: + user_id: str. The Oppia ID of the user. + gae_id: str. The GAE ID of the user. + """ + self.assertIsNone(gae_auth_services.get_auth_id_from_user_id(user_id)) + self.assertIsNone(gae_auth_services.get_user_id_from_auth_id(gae_id)) + + def assert_gae_assoc_exists_multi(self, assocs): + """Asserts that the given users' GAE association exists. + + Args: + assocs: list(AuthIdUserIdPair). The associations to check. + """ + auth_ids, user_ids = (list(a) for a in python_utils.ZIP(*assocs)) + self.assertEqual( + gae_auth_services.get_multi_auth_ids_from_user_ids(user_ids), + auth_ids) + self.assertEqual( + gae_auth_services.get_multi_user_ids_from_auth_ids(auth_ids), + user_ids) + + def assert_gae_assoc_does_not_exist_multi(self, assocs): + """Asserts that the given users' GAE association doesn't exist. + + Args: + assocs: list(AuthIdUserIdPair). The associations to check. + """ + auth_ids, user_ids = (list(a) for a in python_utils.ZIP(*assocs)) + self.assertEqual( + gae_auth_services.get_multi_user_ids_from_auth_ids(auth_ids), + [None] * len(auth_ids)) + self.assertEqual( + gae_auth_services.get_multi_auth_ids_from_user_ids(user_ids), + [None] * len(user_ids)) -class PopulateFirebaseAccountsOneOffJobTests(test_utils.AppEngineTestBase): + +class PopulateFirebaseAccountsOneOffJobTests(FirebaseOneOffJobTestBase): AUTO_CREATE_DEFAULT_SUPERADMIN_USER = False + JOB_CLASS = auth_jobs.PopulateFirebaseAccountsOneOffJob + def setUp(self): super(PopulateFirebaseAccountsOneOffJobTests, self).setUp() self._auth_id_generator = itertools.count() - self.exit_stack = contextlib2.ExitStack() - self.sdk_stub = firebase_auth_services_test.FirebaseAdminSdkStub() - - self.sdk_stub.install(self) - self.exit_stack.callback(self.sdk_stub.uninstall) - # Forces all users to produce the same hash value during unit tests to # prevent them from being sharded and complicating the testing logic. self.exit_stack.enter_context(self.swap_to_always_return( auth_jobs, 'ID_HASHING_FUNCTION', value=1)) - def tearDown(self): - self.exit_stack.close() - super(PopulateFirebaseAccountsOneOffJobTests, self).tearDown() - - def count_one_off_jobs_in_queue(self): - """Returns the number of one off jobs in the taskqueue.""" - return self.count_jobs_in_mapreduce_taskqueue( - taskqueue_services.QUEUE_NAME_ONE_OFF_JOBS) - - def run_one_off_job(self): - """Begins the one off job and asserts it completes as expected. - - Returns: - *. The output of the one off job. - """ - job_id = auth_jobs.PopulateFirebaseAccountsOneOffJob.create_new() - self.assertEqual(self.count_one_off_jobs_in_queue(), 0) - auth_jobs.PopulateFirebaseAccountsOneOffJob.enqueue(job_id) - self.assertEqual(self.count_one_off_jobs_in_queue(), 1) - self.process_and_flush_pending_mapreduce_tasks() - self.assertEqual(self.count_one_off_jobs_in_queue(), 0) - return sorted( - ast.literal_eval(o) for o in - auth_jobs.PopulateFirebaseAccountsOneOffJob.get_output(job_id)) - - def create_oppia_user(self, deleted=False): + def create_oppia_user(self, email=None, deleted=False): """Returns an (auth_id, user_id) pair for a new user. Args: + email: str. The email address of the user. deleted: bool. Value for the user's deleted property. Returns: AuthIdUserIdPair. The association the user should create. """ - auth_id = 'aid%d' % python_utils.NEXT(self._auth_id_generator) + auth_id = 'aid_index_%d' % python_utils.NEXT(self._auth_id_generator) user_id = 'uid_%s' % auth_id + if email is None: + email = 'email_%s@test.com' % auth_id user_models.UserSettingsModel( - id=user_id, email=('email_%s@test.com' % auth_id), deleted=deleted, + id=user_id, email=email, deleted=deleted, role=feconf.ROLE_ID_EXPLORATION_EDITOR, preferred_language_codes=[constants.DEFAULT_LANGUAGE_CODE] ).put() @@ -202,58 +269,6 @@ def create_multi_oppia_users(self, count): """ return [self.create_oppia_user() for _ in python_utils.RANGE(count)] - def assert_auth_mapping_exists(self, auth_assoc): - """Asserts that the given auth association exists. - - Args: - auth_assoc: AuthIdUserIdPair. The association to check. - """ - auth_id, user_id = auth_assoc - self.assertEqual( - firebase_auth_services.get_auth_id_from_user_id(user_id), auth_id) - self.assertEqual( - firebase_auth_services.get_user_id_from_auth_id(auth_id), user_id) - - def assert_auth_mapping_does_not_exist(self, auth_assoc): - """Asserts that the given auth association does not exist. - - Args: - auth_assoc: AuthIdUserIdPair. The association to check. - """ - auth_id, user_id = auth_assoc - self.assertIsNone( - firebase_auth_services.get_auth_id_from_user_id(user_id)) - self.assertIsNone( - firebase_auth_services.get_user_id_from_auth_id(auth_id)) - - def assert_multi_auth_mappings_exist(self, auth_assocs): - """Asserts that the given auth associations exist. - - Args: - auth_assocs: list(AuthIdUserIdPair). The association to check. - """ - auth_ids, user_ids = (list(a) for a in python_utils.ZIP(*auth_assocs)) - self.assertEqual( - firebase_auth_services.get_multi_auth_ids_from_user_ids(user_ids), - auth_ids) - self.assertEqual( - firebase_auth_services.get_multi_user_ids_from_auth_ids(auth_ids), - user_ids) - - def assert_multi_auth_mappings_do_not_exist(self, auth_assocs): - """Asserts that the given auth associations exist. - - Args: - auth_assocs: list(AuthIdUserIdPair). The association to check. - """ - auth_ids, user_ids = (list(a) for a in python_utils.ZIP(*auth_assocs)) - self.assertEqual( - firebase_auth_services.get_multi_user_ids_from_auth_ids(auth_ids), - [None] * len(auth_ids)) - self.assertEqual( - firebase_auth_services.get_multi_auth_ids_from_user_ids(user_ids), - [None] * len(user_ids)) - def test_successfully_imports_one_user(self): auth_assoc = self.create_oppia_user() @@ -261,16 +276,17 @@ def test_successfully_imports_one_user(self): ['SUCCESS: Created Firebase accounts', 1], ]) - self.assert_auth_mapping_exists(auth_assoc) - self.sdk_stub.assert_firebase_user_exists(auth_assoc.auth_id) + self.assert_firebase_assoc_exists(*auth_assoc) + self.firebase_sdk_stub.assert_is_user(auth_assoc.auth_id) self.assertItemsEqual(self.run_one_off_job(), [ ['INFO: Pre-existing Firebase accounts', 1], ]) def test_successfully_imports_users_in_bulk(self): - self.exit_stack.enter_context( - self.swap(auth_jobs, 'MAX_USERS_FIREBASE_CAN_IMPORT_PER_CALL', 3)) + self.exit_stack.enter_context(self.swap( + auth_jobs.PopulateFirebaseAccountsOneOffJob, + 'MAX_USERS_FIREBASE_CAN_IMPORT_PER_CALL', 3)) auth_assocs = self.create_multi_oppia_users(11) @@ -278,8 +294,8 @@ def test_successfully_imports_users_in_bulk(self): ['SUCCESS: Created Firebase accounts', 11], ]) - self.assert_multi_auth_mappings_exist(auth_assocs) - self.sdk_stub.assert_multi_firebase_users_exist( + self.assert_firebase_assoc_exists_multi(auth_assocs) + self.firebase_sdk_stub.assert_is_user_multi( [a.auth_id for a in auth_assocs]) self.assertItemsEqual(self.run_one_off_job(), [ @@ -291,87 +307,57 @@ def test_skips_deleted_users(self): self.assertItemsEqual(self.run_one_off_job(), []) - def test_initialize_app_error_is_reported(self): - self.exit_stack.enter_context(self.sdk_stub.mock_initialize_app_error()) - - auth_assoc = self.create_oppia_user() - - self.assertItemsEqual(self.run_one_off_job(), [ - ['WARNING: No action needed', - 'UnknownError(u\'could not init\',)'], - ]) - - self.assert_auth_mapping_does_not_exist(auth_assoc) - self.sdk_stub.assert_firebase_user_does_not_exist(auth_assoc.auth_id) - - def test_delete_app_error_is_reported(self): - self.exit_stack.enter_context(self.sdk_stub.mock_delete_app_error()) - - auth_assoc = self.create_oppia_user() - - self.assertItemsEqual(self.run_one_off_job(), [ - ['SUCCESS: Created Firebase accounts', 1], - ['WARNING: No action needed', - 'UnknownError(u\'could not delete app\',)'], - ]) - - # Deleting the app should not be a fatal error, so we should still - # create a firebase account and an association. - self.assert_auth_mapping_exists(auth_assoc) - self.sdk_stub.assert_firebase_user_exists(auth_assoc.auth_id) - - self.assertItemsEqual(self.run_one_off_job(), [ - ['INFO: Pre-existing Firebase accounts', 1], - ]) - def test_import_user_error_is_reported(self): - mock_import_users_error = self.sdk_stub.mock_import_users_error( - call_error_sequence=(True,)) # Always raise an exception. + mock_import_users_error = ( + self.firebase_sdk_stub.mock_import_users_error( + batch_error_pattern=[Exception('uh-oh!')])) auth_assoc = self.create_oppia_user() with mock_import_users_error: self.assertItemsEqual(self.run_one_off_job(), [ - ['FAILURE: Failed to create Firebase accounts', - 'DataLossError(u\'Failed to connect\',)'], + ['ERROR: Failed to create Firebase accounts', + 'Exception(u\'uh-oh!\',)'], ]) - self.assert_auth_mapping_does_not_exist(auth_assoc) - self.sdk_stub.assert_firebase_user_does_not_exist(auth_assoc.auth_id) + self.assert_firebase_assoc_does_not_exist(*auth_assoc) + self.firebase_sdk_stub.assert_is_not_user(auth_assoc.auth_id) self.assertItemsEqual(self.run_one_off_job(), [ ['SUCCESS: Created Firebase accounts', 1], ]) - self.assert_auth_mapping_exists(auth_assoc) - self.sdk_stub.assert_firebase_user_exists(auth_assoc.auth_id) + self.assert_firebase_assoc_exists(*auth_assoc) + self.firebase_sdk_stub.assert_is_user(auth_assoc.auth_id) self.assertItemsEqual(self.run_one_off_job(), [ ['INFO: Pre-existing Firebase accounts', 1], ]) def test_single_import_batch_error_is_reported(self): - self.exit_stack.enter_context( - self.swap(auth_jobs, 'MAX_USERS_FIREBASE_CAN_IMPORT_PER_CALL', 3)) - mock_import_users_error = self.sdk_stub.mock_import_users_error( - call_error_sequence=(False, True, False)) + self.exit_stack.enter_context(self.swap( + auth_jobs.PopulateFirebaseAccountsOneOffJob, + 'MAX_USERS_FIREBASE_CAN_IMPORT_PER_CALL', 3)) + mock_import_users_error = ( + self.firebase_sdk_stub.mock_import_users_error( + batch_error_pattern=[None, Exception('uh-oh!'), None])) auth_assocs = self.create_multi_oppia_users(9) with mock_import_users_error: self.assertItemsEqual(self.run_one_off_job(), [ - ['FAILURE: Failed to create Firebase accounts', - 'DataLossError(u\'Failed to connect\',)'], + ['ERROR: Failed to create Firebase accounts', + 'Exception(u\'uh-oh!\',)'], ['SUCCESS: Created Firebase accounts', 6], ]) successful_assocs = auth_assocs[:3] + auth_assocs[6:] - self.assert_multi_auth_mappings_exist(successful_assocs) - self.sdk_stub.assert_multi_firebase_users_exist( + self.assert_firebase_assoc_exists_multi(successful_assocs) + self.firebase_sdk_stub.assert_is_user_multi( [a.auth_id for a in successful_assocs]) failed_assocs = auth_assocs[3:6] - self.assert_multi_auth_mappings_do_not_exist(failed_assocs) - self.sdk_stub.assert_multi_firebase_users_do_not_exist( + self.assert_firebase_assoc_does_not_exist_multi(failed_assocs) + self.firebase_sdk_stub.assert_is_not_user_multi( [a.auth_id for a in failed_assocs]) self.assertItemsEqual(self.run_one_off_job(), [ @@ -379,8 +365,8 @@ def test_single_import_batch_error_is_reported(self): ['SUCCESS: Created Firebase accounts', 3], ]) - self.assert_multi_auth_mappings_exist(auth_assocs) - self.sdk_stub.assert_multi_firebase_users_exist( + self.assert_firebase_assoc_exists_multi(auth_assocs) + self.firebase_sdk_stub.assert_is_user_multi( [a.auth_id for a in auth_assocs]) self.assertItemsEqual(self.run_one_off_job(), [ @@ -388,32 +374,34 @@ def test_single_import_batch_error_is_reported(self): ]) def test_individual_user_import_errors_are_reported(self): - self.exit_stack.enter_context( - self.swap(auth_jobs, 'MAX_USERS_FIREBASE_CAN_IMPORT_PER_CALL', 3)) - mock_import_users_error = self.sdk_stub.mock_import_users_error( - user_error_sequence=(False, True, False, False)) + self.exit_stack.enter_context(self.swap( + auth_jobs.PopulateFirebaseAccountsOneOffJob, + 'MAX_USERS_FIREBASE_CAN_IMPORT_PER_CALL', 3)) + mock_import_users_error = ( + self.firebase_sdk_stub.mock_import_users_error( + individual_error_pattern=[None, 'uh-oh!', None, None])) auth_assocs = self.create_multi_oppia_users(10) with mock_import_users_error: self.assertItemsEqual(self.run_one_off_job(), [ - ['FAILURE: Failed to create Firebase accounts', - 'Import user_id=\'uid_aid1\' failed: FirebaseError'], - ['FAILURE: Failed to create Firebase accounts', - 'Import user_id=\'uid_aid5\' failed: FirebaseError'], - ['FAILURE: Failed to create Firebase accounts', - 'Import user_id=\'uid_aid9\' failed: FirebaseError'], + ['ERROR: Failed to create Firebase accounts', + 'Import user_id=\'uid_aid_index_1\' failed: uh-oh!'], + ['ERROR: Failed to create Firebase accounts', + 'Import user_id=\'uid_aid_index_5\' failed: uh-oh!'], + ['ERROR: Failed to create Firebase accounts', + 'Import user_id=\'uid_aid_index_9\' failed: uh-oh!'], ['SUCCESS: Created Firebase accounts', 7], ]) successful_assocs = ( - auth_assocs[:1] + auth_assocs[2:5] + auth_assocs[6:9]) - self.assert_multi_auth_mappings_exist(successful_assocs) - self.sdk_stub.assert_multi_firebase_users_exist( + auth_assocs[0:1] + auth_assocs[2:5] + auth_assocs[6:9]) + self.assert_firebase_assoc_exists_multi(successful_assocs) + self.firebase_sdk_stub.assert_is_user_multi( [a.auth_id for a in successful_assocs]) failed_assocs = [auth_assocs[1], auth_assocs[5], auth_assocs[9]] - self.assert_multi_auth_mappings_do_not_exist(failed_assocs) - self.sdk_stub.assert_multi_firebase_users_do_not_exist( + self.assert_firebase_assoc_does_not_exist_multi(failed_assocs) + self.firebase_sdk_stub.assert_is_not_user_multi( [a.auth_id for a in failed_assocs]) self.assertItemsEqual(self.run_one_off_job(), [ @@ -421,14 +409,29 @@ def test_individual_user_import_errors_are_reported(self): ['SUCCESS: Created Firebase accounts', 3], ]) - self.assert_multi_auth_mappings_exist(auth_assocs) - self.sdk_stub.assert_multi_firebase_users_exist( + self.assert_firebase_assoc_exists_multi(auth_assocs) + self.firebase_sdk_stub.assert_is_user_multi( [a.auth_id for a in auth_assocs]) self.assertItemsEqual(self.run_one_off_job(), [ ['INFO: Pre-existing Firebase accounts', 10], ]) + def test_super_admin_is_created(self): + auth_assoc = self.create_oppia_user(email=feconf.ADMIN_EMAIL_ADDRESS) + + self.assertItemsEqual(self.run_one_off_job(), [ + ['SUCCESS: Created Firebase accounts', 1], + ['INFO: Super admin created', [auth_assoc.user_id]], + ]) + + self.assert_firebase_assoc_exists(*auth_assoc) + self.firebase_sdk_stub.assert_is_super_admin(auth_assoc.auth_id) + + self.assertItemsEqual(self.run_one_off_job(), [ + ['INFO: Pre-existing Firebase accounts', 1], + ]) + def test_system_comitter_is_ignored(self): auth_assoc = self.create_oppia_user() auth_models.UserAuthDetailsModel( @@ -442,5 +445,160 @@ def test_system_comitter_is_ignored(self): ['INFO: SYSTEM_COMMITTER_ID skipped', [auth_assoc.user_id]], ]) - self.assert_auth_mapping_does_not_exist(auth_assoc) - self.sdk_stub.assert_firebase_user_does_not_exist(auth_assoc.auth_id) + self.assert_firebase_assoc_does_not_exist(*auth_assoc) + self.firebase_sdk_stub.assert_is_not_user(auth_assoc.auth_id) + + +class SeedFirebaseOneOffJobTests(FirebaseOneOffJobTestBase): + + JOB_CLASS = auth_jobs.SeedFirebaseOneOffJob + + def run_one_off_job(self, include_seed_ack=False): + output = super(SeedFirebaseOneOffJobTests, self).run_one_off_job() + if include_seed_ack: + return output + return [o for o in output if o[0] != 'INFO: Found FirebaseSeedModel'] + + def put_firebase_seed_model(self): + """Creates the sole expected FirebaseSeedModel into storage.""" + auth_models.FirebaseSeedModel( + id=auth_models.ONLY_FIREBASE_SEED_MODEL_ID).put() + + def test_with_no_models(self): + self.assertItemsEqual(self.run_one_off_job(), []) + + def test_wipes_firebase_auth_models_of_non_admin_user(self): + self.create_user_auth_models('uid_abc', firebase_auth_id='123') + + self.assert_firebase_assoc_exists('123', 'uid_abc') + self.assertItemsEqual(self.run_one_off_job(), [ + ['SUCCESS: UserAuthDetailsModel wiped', 1], + ['SUCCESS: UserIdByFirebaseAuthIdModel wiped', 1], + ]) + self.assert_firebase_assoc_does_not_exist('123', 'uid_abc') + + def test_ignores_users_without_firebase_auth_models(self): + self.create_user_auth_models('uid_abc', gae_id='123') + + self.assert_gae_assoc_exists('123', 'uid_abc') + self.assertItemsEqual(self.run_one_off_job(), [ + ['SUCCESS: UserAuthDetailsModel already wiped', 1], + ]) + self.assert_gae_assoc_exists('123', 'uid_abc') + + def test_acknowledges_admin_email_address_without_modifying_it(self): + self.create_user_auth_models( + 'uid_abc', email=feconf.ADMIN_EMAIL_ADDRESS, firebase_auth_id='123') + self.firebase_sdk_stub.create_user( + '123', email=feconf.ADMIN_EMAIL_ADDRESS) + + self.assert_firebase_assoc_exists('123', 'uid_abc') + + self.assertItemsEqual(self.run_one_off_job(), [ + ['INFO: Found feconf.ADMIN_EMAIL_ADDRESS in UserAuthDetailsModel', + ['user_id=uid_abc']], + ['INFO: Found feconf.ADMIN_EMAIL_ADDRESS in ' + 'UserIdByFirebaseAuthIdModel', ['user_id=uid_abc']], + ]) + + self.assert_firebase_assoc_exists('123', 'uid_abc') + + def test_acknowledges_system_comitter_id_without_modifying_it(self): + self.create_user_auth_models( + 'uid_abc', firebase_auth_id='123', + gae_id=feconf.SYSTEM_COMMITTER_ID, email=feconf.ADMIN_EMAIL_ADDRESS) + self.firebase_sdk_stub.create_user( + '123', email=feconf.ADMIN_EMAIL_ADDRESS) + + self.assert_firebase_assoc_exists('123', 'uid_abc') + self.assert_gae_assoc_exists(feconf.SYSTEM_COMMITTER_ID, 'uid_abc') + + self.assertItemsEqual(self.run_one_off_job(), [ + ['INFO: Found feconf.SYSTEM_COMMITTER_ID in UserAuthDetailsModel', + ['user_id=uid_abc']], + ['INFO: Found feconf.SYSTEM_COMMITTER_ID in ' + 'UserIdByFirebaseAuthIdModel', ['user_id=uid_abc']], + ]) + + self.assert_firebase_assoc_exists('123', 'uid_abc') + + def test_acknowledges_firebase_seed_model(self): + self.put_firebase_seed_model() + + self.assertItemsEqual(self.run_one_off_job(include_seed_ack=True), [ + ['INFO: Found FirebaseSeedModel', ['1']], + ]) + + def test_deletes_many_users(self): + self.put_firebase_seed_model() + + self.exit_stack.enter_context(self.swap( + self.JOB_CLASS, 'MAX_USERS_FIREBASE_CAN_DELETE_PER_CALL', 3)) + + uids = ['aid_%d' % i for i in python_utils.RANGE(10)] + self.firebase_sdk_stub.import_users( + [firebase_admin.auth.ImportUserRecord(uid) for uid in uids]) + + self.firebase_sdk_stub.assert_is_user_multi(uids) + self.assertItemsEqual(self.run_one_off_job(), [ + ['SUCCESS: Firebase accounts deleted', 10], + ]) + self.firebase_sdk_stub.assert_is_not_user_multi(uids) + + def test_acknowledges_firebase_super_admin(self): + self.put_firebase_seed_model() + + self.firebase_sdk_stub.create_user( + '123', email=feconf.ADMIN_EMAIL_ADDRESS) + + self.assertItemsEqual(self.run_one_off_job(), [ + ['INFO: Found feconf.ADMIN_EMAIL_ADDRESS in Firebase account', + ['firebase_auth_id=123']], + ]) + + def test_reports_error_if_user_batch_failed(self): + self.put_firebase_seed_model() + + uh_oh = Exception('uh-oh!') + unlucky = Exception('unlucky') + self.exit_stack.enter_context( + self.firebase_sdk_stub.mock_delete_users_error( + batch_error_pattern=[None, uh_oh, None, unlucky])) + self.exit_stack.enter_context(self.swap( + self.JOB_CLASS, 'MAX_USERS_FIREBASE_CAN_DELETE_PER_CALL', 3)) + + uids = ['aid_%d' % i for i in python_utils.RANGE(10)] + self.firebase_sdk_stub.import_users( + [firebase_admin.auth.ImportUserRecord(uid) for uid in uids]) + + self.firebase_sdk_stub.assert_is_user_multi(uids) + self.assertItemsEqual(self.run_one_off_job(), [ + ['ERROR: Failed to delete a batch of Firebase accounts', + 'count=4, reasons=[%r, %r]' % (uh_oh, unlucky)], + ['SUCCESS: Firebase accounts deleted', 6], + ]) + self.firebase_sdk_stub.assert_is_not_user_multi(uids[:3] + uids[6:9]) + self.firebase_sdk_stub.assert_is_user_multi(uids[3:6] + uids[9:]) + + def test_reports_error_if_individual_users_failed(self): + self.put_firebase_seed_model() + + self.exit_stack.enter_context( + self.firebase_sdk_stub.mock_delete_users_error( + individual_error_pattern=[None, 'uh-oh!', None, None])) + self.exit_stack.enter_context(self.swap( + self.JOB_CLASS, 'MAX_USERS_FIREBASE_CAN_DELETE_PER_CALL', 3)) + + uids = ['aid_%d' % i for i in python_utils.RANGE(10)] + self.firebase_sdk_stub.import_users( + [firebase_admin.auth.ImportUserRecord(uid) for uid in uids]) + + self.firebase_sdk_stub.assert_is_user_multi(uids) + self.assertItemsEqual(self.run_one_off_job(), [ + ['ERROR: Failed to delete an individual Firebase account', + ['firebase_auth_id=aid_1, reason=uh-oh!', + 'firebase_auth_id=aid_5, reason=uh-oh!', + 'firebase_auth_id=aid_9, reason=uh-oh!'] + ], + ['SUCCESS: Firebase accounts deleted', 7], + ]) diff --git a/core/domain/auth_services.py b/core/domain/auth_services.py index e291f009e042..adca876702f9 100644 --- a/core/domain/auth_services.py +++ b/core/domain/auth_services.py @@ -21,6 +21,7 @@ from core.domain import auth_domain from core.platform import models +from core.platform.auth import firebase_auth_services auth_models, = models.Registry.import_models([models.NAMES.auth]) @@ -225,3 +226,28 @@ def associate_multi_auth_ids_with_user_ids(auth_id_user_id_pairs): """ platform_auth_services.associate_multi_auth_ids_with_user_ids( auth_id_user_id_pairs) + + +def grant_super_admin_privileges(user_id): + """Grants the user super admin privileges. + + Args: + user_id: str. The Oppia user ID to promote to super admin. + """ + firebase_auth_services.grant_super_admin_privileges(user_id) + + +def revoke_super_admin_privileges(user_id): + """Revokes the user's super admin privileges. + + Args: + user_id: str. The Oppia user ID to revoke privileges from. + """ + firebase_auth_services.revoke_super_admin_privileges(user_id) + + +# TODO(#11462): Delete this handler once the Firebase migration logic is +# rollback-safe and all backup data is using post-migration data. +def seed_firebase(): + """Prepares Oppia and Firebase to run the SeedFirebaseOneOffJob.""" + firebase_auth_services.seed_firebase() diff --git a/core/domain/auth_validators.py b/core/domain/auth_validators.py index 0a2d8f3ab26d..e61ab0199b24 100644 --- a/core/domain/auth_validators.py +++ b/core/domain/auth_validators.py @@ -78,6 +78,16 @@ def _get_model_id_regex(cls, unused_item): @classmethod def _get_external_id_relationships(cls, item): + """Returns a mapping of external id to model class. + + Args: + item: auth_models.UserIdentifiersModel. Entity to validate. + + Returns: + list(ExternalModelFetcherDetails). A list whose values are + ExternalModelFetcherDetails instances each representing + the class and ids for a single type of external model to fetch. + """ return [ base_model_validators.UserSettingsModelFetcherDetails( 'user_settings_ids', [item.user_id], @@ -113,6 +123,16 @@ def _get_model_id_regex(cls, unused_item): @classmethod def _get_external_id_relationships(cls, item): + """Returns a mapping of external id to model class. + + Args: + item: auth_models.UserIdByFirebaseAuthIdModel. Entity to validate. + + Returns: + list(ExternalModelFetcherDetails). A list whose values are + ExternalModelFetcherDetails instances each representing + the class and ids for a single type of external model to fetch. + """ return [ base_model_validators.UserSettingsModelFetcherDetails( 'user_settings_ids', [item.user_id], @@ -123,3 +143,35 @@ def _get_external_id_relationships(cls, item): auth_models.UserAuthDetailsModel, [item.user_id]), ] + + +class FirebaseSeedModelValidator(base_model_validators.BaseModelValidator): + """Class for validating FirebaseSeedModel.""" + + @classmethod + def _validate_model_id(cls, item): + """Checks whether the id of model matches the regex specified for + the model. + + Args: + item: datastore_services.Model. Entity to validate. + """ + if item.id != auth_models.ONLY_FIREBASE_SEED_MODEL_ID: + cls._add_error( + 'model %s' % base_model_validators.ERROR_CATEGORY_ID_CHECK, + 'Entity id %s: Entity id must be %s' % ( + item.id, auth_models.ONLY_FIREBASE_SEED_MODEL_ID)) + + @classmethod + def _get_external_id_relationships(cls, item): + """Returns a mapping of external id to model class. + + Args: + item: auth_models.FirebaseSeedModel. Entity to validate. + + Returns: + list(ExternalModelFetcherDetails). A list whose values are + ExternalModelFetcherDetails instances each representing + the class and ids for a single type of external model to fetch. + """ + return [] diff --git a/core/domain/auth_validators_test.py b/core/domain/auth_validators_test.py index e953ecb48bf0..d570ac4b5a70 100644 --- a/core/domain/auth_validators_test.py +++ b/core/domain/auth_validators_test.py @@ -459,3 +459,26 @@ def test_audit_with_missing_user_auth_details_model_fails(self): 'doesn\'t exist' % (self.auth_id, self.user_id, self.user_id)], ], ]) + + +class FirebaseSeedModelValidatorTests(AuthValidatorTestBase): + + JOB_CLASS = prod_validation_jobs_one_off.FirebaseSeedModelAuditOneOffJob + + def test_audit_with_valid_id_reports_success(self): + auth_models.FirebaseSeedModel( + id=auth_models.ONLY_FIREBASE_SEED_MODEL_ID).put() + + self.assertItemsEqual(self.run_job_and_get_output(), [ + ['fully-validated FirebaseSeedModel', 1], + ]) + + def test_audit_with_invalid_id_reports_an_error(self): + invalid_id = 'abc' + auth_models.FirebaseSeedModel(id=invalid_id).put() + + self.assertItemsEqual(self.run_job_and_get_output(), [ + ['failed validation check for model id check of FirebaseSeedModel', + ['Entity id %s: Entity id must be 1' % (invalid_id,)], + ], + ]) diff --git a/core/domain/prod_validation_jobs_one_off.py b/core/domain/prod_validation_jobs_one_off.py index 8833aa3c46e5..c0725c81a259 100644 --- a/core/domain/prod_validation_jobs_one_off.py +++ b/core/domain/prod_validation_jobs_one_off.py @@ -1001,6 +1001,14 @@ def entity_classes_to_map_over(cls): return [auth_models.UserIdByFirebaseAuthIdModel] +class FirebaseSeedModelAuditOneOffJob(ProdValidationAuditOneOffJob): + """Job that audits and validates FirebaseSeedModel.""" + + @classmethod + def entity_classes_to_map_over(cls): + return [auth_models.FirebaseSeedModel] + + class PlatformParameterModelAuditOneOffJob(ProdValidationAuditOneOffJob): """Job that audits and validates PlatformParameterModel.""" diff --git a/core/domain/user_services.py b/core/domain/user_services.py index 34cef434bb52..abb0c49e16a4 100644 --- a/core/domain/user_services.py +++ b/core/domain/user_services.py @@ -2156,13 +2156,18 @@ def log_username_change(committer_id, old_username, new_username): new_username=new_username).put() -def create_login_url(target_url): +def create_login_url(return_url): """Creates a login url. Args: - target_url: str. The URL to redirect to after login. + return_url: str. The URL to redirect to after login. Returns: str. The correct login URL that includes the page to redirect to. """ - return current_user_services.create_login_url(target_url) + # TODO(#11462): Delete this function. Pre-#11462, we needed this because we + # didn't control the page or URL responsible for user authentication. + # This is no longer the case. We've implemented our own user authentication + # flow on top of the Firebase SDK in "core/templates/pages/login-page", and + # this function will always redirect to its static location ("/login"). + return '/login?%s' % python_utils.url_encode({'return_url': return_url}) diff --git a/core/jobs_registry.py b/core/jobs_registry.py index 3c2e87592191..ae89e021896c 100644 --- a/core/jobs_registry.py +++ b/core/jobs_registry.py @@ -53,7 +53,7 @@ activity_jobs_one_off.ValidateSnapshotMetadataModelsJob, activity_jobs_one_off.SnapshotMetadataCommitMsgAuditOneOffJob, activity_jobs_one_off.SnapshotMetadataCommitMsgShrinkOneOffJob, - auth_jobs_one_off.AuditFirebaseImportReadinessOneOffJob, + auth_jobs_one_off.SeedFirebaseOneOffJob, auth_jobs_one_off.PopulateFirebaseAccountsOneOffJob, collection_jobs_one_off.CollectionMigrationOneOffJob, collection_jobs_one_off.RemoveCollectionRightsTranslatorIdsOneOffJob, @@ -278,6 +278,7 @@ prod_validation_jobs_one_off.UserContributionsModelAuditOneOffJob, prod_validation_jobs_one_off.UserEmailPreferencesModelAuditOneOffJob, prod_validation_jobs_one_off.UserIdByFirebaseAuthIdModelAuditOneOffJob, + prod_validation_jobs_one_off.FirebaseSeedModelAuditOneOffJob, prod_validation_jobs_one_off.UserNormalizedNameAuditOneOffJob, prod_validation_jobs_one_off.UserQueryModelAuditOneOffJob, prod_validation_jobs_one_off.UserRecentChangesBatchModelAuditOneOffJob, diff --git a/core/platform/auth/firebase_auth_services.py b/core/platform/auth/firebase_auth_services.py index e87d2e0b54c3..18cea427aa24 100644 --- a/core/platform/auth/firebase_auth_services.py +++ b/core/platform/auth/firebase_auth_services.py @@ -54,7 +54,6 @@ from __future__ import absolute_import # pylint: disable=import-only-modules from __future__ import unicode_literals # pylint: disable=import-only-modules -import contextlib import logging from constants import constants @@ -67,11 +66,36 @@ from firebase_admin import auth as firebase_auth from firebase_admin import exceptions as firebase_exceptions -auth_models, = models.Registry.import_models([models.NAMES.auth]) +auth_models, user_models = ( + models.Registry.import_models([models.NAMES.auth, models.NAMES.user])) transaction_services = models.Registry.import_transaction_services() +def establish_firebase_connection(): + """Establishes the connection to Firebase needed by the rest of the SDK. + + All Firebase operations require an "app", the abstraction used for a + Firebase server connection. The initialize_app() function raises an error + when it's called more than once, however, so we make this function + idempotent by trying to "get" the app first. + + Returns: + firebase_admin.App. The App being by the Firebase SDK. + + Raises: + Exception. The Firebase app has a genuine problem. + """ + try: + firebase_admin.get_app() + except ValueError as error: + if 'initialize_app' in python_utils.UNICODE(error): + firebase_admin.initialize_app( + options={'projectId': feconf.OPPIA_PROJECT_ID}) + else: + raise + + def establish_auth_session(request, response): """Sets login cookies to maintain a user's sign-in session. @@ -89,9 +113,8 @@ def establish_auth_session(request, response): if cookie_claims is not None: return - with _firebase_admin_context(): - fresh_cookie = firebase_auth.create_session_cookie( - _get_id_token(request), feconf.FIREBASE_SESSION_COOKIE_MAX_AGE) + fresh_cookie = firebase_auth.create_session_cookie( + _get_id_token(request), feconf.FIREBASE_SESSION_COOKIE_MAX_AGE) response.set_cookie( feconf.FIREBASE_SESSION_COOKIE_NAME, @@ -100,7 +123,7 @@ def establish_auth_session(request, response): overwrite=True, # Toggles https vs http. The production server uses https, but the local # developement server uses http. - secure=(not constants.DEV_MODE), + secure=(not constants.EMULATOR_MODE), # Using the HttpOnly flag when generating a cookie helps mitigate the # risk of client side script accessing the protected cookie (if the # browser supports it). @@ -158,10 +181,13 @@ def mark_user_for_deletion(user_id): assoc_by_auth_id_model.deleted = True assoc_by_auth_id_model.update_timestamps() assoc_by_auth_id_model.put() + else: + logging.error( + '[WIPEOUT] User with user_id=%s has no Firebase account' % user_id) + return try: - with _firebase_admin_context(): - firebase_auth.update_user(assoc_by_auth_id_model.id, disabled=True) + firebase_auth.update_user(assoc_by_auth_id_model.id, disabled=True) except (firebase_exceptions.FirebaseError, ValueError): # NOTE: logging.exception appends the stack trace automatically. The # errors are not re-raised because wipeout_services, the user of this @@ -182,8 +208,9 @@ def delete_external_auth_associations(user_id): if auth_id is None: return try: - with _firebase_admin_context(): - firebase_auth.delete_user(auth_id) + firebase_auth.delete_user(auth_id) + except firebase_auth.UserNotFoundError: + logging.exception('[WIPEOUT] Firebase account already deleted') except (firebase_exceptions.FirebaseError, ValueError): # NOTE: logging.exception appends the stack trace automatically. The # errors are not re-raised because wipeout_services, the user of this @@ -208,8 +235,7 @@ def verify_external_auth_associations_are_deleted(user_id): if auth_id is None: return True try: - with _firebase_admin_context(): - firebase_auth.get_user(auth_id) + firebase_auth.get_user(auth_id) except firebase_auth.UserNotFoundError: return True except (firebase_exceptions.FirebaseError, ValueError): @@ -393,24 +419,103 @@ def associate_multi_auth_ids_with_user_ids(auth_id_user_id_pairs): auth_models.UserAuthDetailsModel.put_multi(assoc_by_user_id_models) -@contextlib.contextmanager -def _firebase_admin_context(): - """Returns a context for calling the Firebase Admin SDK. +def grant_super_admin_privileges(user_id): + """Grants the user super admin privileges. - Yields: - None. No relevent context expression. + Args: + user_id: str. The Oppia user ID to promote to super admin. + """ + auth_id = get_auth_id_from_user_id(user_id) + if auth_id is None: + raise ValueError('user_id=%s has no Firebase account' % user_id) + firebase_admin.auth.set_custom_user_claims( + auth_id, '{"role":"%s"}' % feconf.FIREBASE_ROLE_SUPER_ADMIN) + + +def revoke_super_admin_privileges(user_id): + """Revokes the user's super admin privileges. + + Args: + user_id: str. The Oppia user ID to revoke privileges from. """ - # NOTE: "app" is the term Firebase uses for the "entry point" to the - # Firebase SDK. Oppia only has one server, so it only needs to instantiate - # one app. - firebase_connection = firebase_admin.initialize_app( - options={'projectId': feconf.OPPIA_PROJECT_ID}) + auth_id = get_auth_id_from_user_id(user_id) + if auth_id is None: + raise ValueError('user_id=%s has no Firebase account' % user_id) + firebase_admin.auth.set_custom_user_claims(auth_id, None) + + +def seed_firebase(): + """Prepares Oppia and Firebase to run the SeedFirebaseOneOffJob. + + NOTE: This function is idempotent. + + TODO(#11462): Delete this handler once the Firebase migration logic is + rollback-safe and all backup data is using post-migration data. + """ + seed_model = auth_models.FirebaseSeedModel.get( + auth_models.ONLY_FIREBASE_SEED_MODEL_ID, strict=False) + if seed_model is None: # Exactly 1 seed model must exist. + auth_models.FirebaseSeedModel( + id=auth_models.ONLY_FIREBASE_SEED_MODEL_ID).put() + + user_ids_with_admin_email = [ + key.id() for key in user_models.UserSettingsModel.query( + user_models.UserSettingsModel.email == feconf.ADMIN_EMAIL_ADDRESS + ).iter(keys_only=True) + ] + assoc_by_user_id_models = [ + model for model in auth_models.UserAuthDetailsModel.get_multi( + user_ids_with_admin_email) + if model is not None and model.gae_id != feconf.SYSTEM_COMMITTER_ID + ] + if len(assoc_by_user_id_models) != 1: + raise Exception( + '%s must correspond to exactly 1 user (excluding user_id=%s), but ' + 'found user_ids=[%s]' % ( + feconf.ADMIN_EMAIL_ADDRESS, feconf.SYSTEM_COMMITTER_ID, + ', '.join(m.id for m in assoc_by_user_id_models))) + else: + assoc_by_user_id_model = assoc_by_user_id_models[0] + user_id = assoc_by_user_id_model.id + + auth_id = assoc_by_user_id_model.firebase_auth_id + if auth_id is None: + auth_id = user_id[4:] if user_id.startswith('uid_') else user_id + assoc_by_user_id_model.firebase_auth_id = auth_id + assoc_by_user_id_model.update_timestamps(update_last_updated_time=False) + assoc_by_user_id_model.put() + + assoc_by_auth_id_model = ( + auth_models.UserIdByFirebaseAuthIdModel.get(auth_id, strict=False)) + if assoc_by_auth_id_model is None: + auth_models.UserIdByFirebaseAuthIdModel( + id=auth_id, user_id=user_id).put() + elif assoc_by_auth_id_model.user_id != user_id: + assoc_by_auth_id_model.user_id = user_id + assoc_by_auth_id_model.update_timestamps(update_last_updated_time=False) + assoc_by_auth_id_model.put() + + custom_claims = '{"role":"%s"}' % feconf.FIREBASE_ROLE_SUPER_ADMIN + try: - yield - finally: - # NOTE: This is not dangerous. We are just deleting the resources used - # to form a connection to Firebase servers. - firebase_admin.delete_app(firebase_connection) + user = firebase_admin.auth.get_user_by_email(feconf.ADMIN_EMAIL_ADDRESS) + except firebase_admin.auth.UserNotFoundError: + create_new_firebase_account = True + else: + if user.uid != auth_id: + firebase_admin.auth.update_user(user.uid, disabled=True) + firebase_admin.auth.delete_user(user.uid) + create_new_firebase_account = True + else: + firebase_admin.auth.set_custom_user_claims(user.uid, custom_claims) + create_new_firebase_account = False + + if create_new_firebase_account: + firebase_admin.auth.import_users([ + firebase_admin.auth.ImportUserRecord( + auth_id, email=feconf.ADMIN_EMAIL_ADDRESS, + custom_claims=custom_claims) + ]) def _get_session_cookie(request): @@ -471,9 +576,8 @@ def _get_auth_claims_from_session_cookie(cookie): # isn't authenticated. if cookie: try: - with _firebase_admin_context(): - return _create_auth_claims( - firebase_auth.verify_session_cookie(cookie)) + return _create_auth_claims( + firebase_auth.verify_session_cookie(cookie)) # NOTE: Session cookies only provide temporary authentication, so they # are expected to become obsolete over time. The following errors are # situations where this can happen. @@ -498,6 +602,7 @@ def _create_auth_claims(firebase_claims): auth_id = firebase_claims.get('sub') email = firebase_claims.get('email') role_is_super_admin = ( + email == feconf.ADMIN_EMAIL_ADDRESS or firebase_claims.get('role') == feconf.FIREBASE_ROLE_SUPER_ADMIN) return auth_domain.AuthClaims( auth_id, email, role_is_super_admin=role_is_super_admin) diff --git a/core/platform/auth/firebase_auth_services_test.py b/core/platform/auth/firebase_auth_services_test.py index fd764c5f94bc..f28f3273505b 100644 --- a/core/platform/auth/firebase_auth_services_test.py +++ b/core/platform/auth/firebase_auth_services_test.py @@ -32,13 +32,16 @@ from core.tests import test_utils import feconf import python_utils +import utils import contextlib2 import firebase_admin from firebase_admin import exceptions as firebase_exceptions +import mock import webapp2 -auth_models, = models.Registry.import_models([models.NAMES.auth]) +auth_models, user_models = ( + models.Registry.import_models([models.NAMES.auth, models.NAMES.user])) class FirebaseAdminSdkStub(python_utils.OBJECT): @@ -73,17 +76,28 @@ def test_sdk(self): self.assertEqual(user_record.uid, 'uid') """ + _IMPLEMENTED_SDK_FUNCTION_NAMES = [ + 'create_session_cookie', + 'create_user', + 'delete_user', + 'delete_users', + 'get_user', + 'get_user_by_email', + 'import_users', + 'list_users', + 'set_custom_user_claims', + 'update_user', + 'verify_id_token', + 'verify_session_cookie', + ] + _UNIMPLEMENTED_SDK_FUNCTION_NAMES = [ 'create_custom_token', - 'create_user', 'generate_email_verification_link', 'generate_password_reset_link', 'generate_sign_in_with_email_link', - 'get_user_by_email', 'get_user_by_phone_number', - 'list_users', 'revoke_refresh_tokens', - 'set_custom_user_claims', ] def __init__(self): @@ -93,65 +107,62 @@ def __init__(self): self._test = None def install(self, test): - """Installs a new instance of the stub on the given test class. - - The stub will emulate an initially-empty Firebase authentication server. + """Installs the stub on the given test instance. Idempotent. Args: test: test_utils.TestBase. The test to install the stub on. """ + self.uninstall() + self._test = test with contextlib2.ExitStack() as swap_stack: - swap_stack.enter_context(test.swap_to_always_return( - firebase_admin, 'initialize_app', value=object())) - swap_stack.enter_context(test.swap_to_always_return( - firebase_admin, 'delete_app')) - swap_stack.enter_context(test.swap( - firebase_admin.auth, - 'create_session_cookie', self._create_session_cookie)) - swap_stack.enter_context(test.swap( - firebase_admin.auth, - 'verify_session_cookie', self._verify_session_cookie)) - swap_stack.enter_context(test.swap( - firebase_admin.auth, 'import_users', self._import_users)) - swap_stack.enter_context(test.swap( - firebase_admin.auth, 'verify_id_token', self._verify_id_token)) - swap_stack.enter_context(test.swap( - firebase_admin.auth, 'get_user', self._get_user)) - swap_stack.enter_context(test.swap( - firebase_admin.auth, 'delete_user', self._delete_user)) - swap_stack.enter_context(test.swap( - firebase_admin.auth, 'update_user', self._update_user)) - - for function_name in self._UNIMPLEMENTED_SDK_FUNCTION_NAMES: + for name in self._IMPLEMENTED_SDK_FUNCTION_NAMES: + swap_stack.enter_context( + test.swap(firebase_admin.auth, name, getattr(self, name))) + + for name in self._UNIMPLEMENTED_SDK_FUNCTION_NAMES: swap_stack.enter_context(test.swap_to_always_raise( - firebase_admin.auth, function_name, NotImplementedError)) - - # Standard usage of ExitStack: enter a bunch of context managers - # from the safety of an ExitStack's context. Once they've all been - # opened, pop_all() of them off of the original context so they can - # *stay* open. Calling the function returned will exit all of them - # in reverse order. - # https://docs.python.org/3/library/contextlib.html#cleaning-up-in-an-enter-implementation + firebase_admin.auth, name, NotImplementedError)) + + # Allows us to exit the current context manager without closing the + # entered contexts. They will be exited later by the uninstall() + # method. self._swap_stack = swap_stack.pop_all() def uninstall(self): - """Uninstalls the stub.""" + """Uninstalls the stub. Idempotent.""" if self._swap_stack: self._swap_stack.close() self._swap_stack = None - def create_user( - self, uid, email=None, disabled=False, role_is_super_admin=False): + def create_session_cookie(self, id_token, max_age): + """Creates a new session cookie which expires after given duration. + + Args: + id_token: str. The ID Token to generate the cookie from. + max_age: datetime.timedelta. The duration the cookie remains valid. + + Returns: + str. A session cookie that can validate the user. + """ + if not id_token: + raise firebase_admin.auth.InvalidIdTokenError('missing id_token') + if max_age > datetime.timedelta(days=0): + self._session_cookie_duration_by_id_token[id_token] = max_age + # NOTE: Session cookies are often completely different, in terms of + # encoding and security, to ID Tokens. Regardless, for the purposes of + # this stub, we treat them the same. + session_cookie = id_token + return session_cookie + + def create_user(self, uid, email=None, disabled=False): """Adds user to storage if new, otherwise raises an error. Args: uid: str. The unique Firebase account ID for the user. email: str|None. The email address for the user, or None. disabled: bool. Whether the user account is to be disabled. - role_is_super_admin: bool. Whether the user account has super admin - privilages. Returns: str. An ID token that represents the given user's authorization. @@ -161,73 +172,231 @@ def create_user( UidAlreadyExistsError. The uid has already been assigned to a user. """ if uid in self._users_by_uid: - raise ValueError('uid=%r already exists' % uid) - custom_claims = ( - {'role': feconf.FIREBASE_ROLE_SUPER_ADMIN} - if role_is_super_admin else None) - self._set_user_fragile(uid, email, disabled, custom_claims) - return self._encode_user_claims(self._get_user(uid)) + raise firebase_admin.auth.UidAlreadyExistsError( + 'uid=%r already exists' % uid, None, None) + self._set_user_fragile(uid, email, disabled, None) + return self._encode_user_claims(self.get_user(uid)) - def mock_initialize_app_error(self): - """Returns a context in which `initialize_app` raises an exception.""" - return self._test.swap_to_always_raise( - firebase_admin, 'initialize_app', - error=firebase_exceptions.UnknownError('could not init')) + def delete_user(self, uid): + """Removes user from storage if found, otherwise raises an error. - def mock_delete_app_error(self): - """Returns a context in which `delete_app` raises an exception.""" - return self._test.swap_to_always_raise( - firebase_admin, 'delete_app', - error=firebase_exceptions.UnknownError('could not delete app')) + Args: + uid: str. The Firebase account ID of the user. - def mock_import_users_error( - self, call_error_sequence=(False,), user_error_sequence=(False,)): - """Returns a context in which `import_users` raises an exception. + Raises: + UserNotFoundError. The Firebase account has not been created yet. + """ + if uid not in self._users_by_uid: + raise firebase_admin.auth.UserNotFoundError('%s not found' % uid) + del self._users_by_uid[uid] - Example: - with mock_import_users_error(call_error_sequence=(False, True)): - import_users() # OK - import_users() # Raises! - import_users() # OK - import_users() # Raises! - import_users() # OK + def delete_users(self, uids, force_delete=False): + """Deletes the users identified by the specified user ids. + + Deleting a non-existing user does not generate an error (the method is + idempotent). Non-existing users are considered to be successfully + deleted and are therefore not reported as errors. + + A maximum of 1000 identifiers may be supplied. If more than 1000 + identifiers are supplied, this method raises a `ValueError`. Args: - call_error_sequence: tuple(bool). Enumerates which successive calls - will raise an exception. The pattern is cycled. - user_error_sequence: tuple(bool). Enumerates which individual users - will cause an error. The pattern is cycled. + uids: A list of strings indicating the uids of the users to be + deleted. Must have <= 1000 entries. + force_delete: Optional parameter that indicates if users should be + deleted, even if they're not disabled. Defaults to False. Returns: - Context manager. The context manager with the mocked implementation. + BatchDeleteAccountsResponse. Holds the errors encountered, if any. + + Raises: + ValueError. If any of the identifiers are invalid or if more than + 1000 identifiers are specified. """ - call_error_sequence = itertools.cycle(call_error_sequence) - user_error_sequence = itertools.cycle(user_error_sequence) - def mock_import_users(user_records): - """Mock function that fails according to the given input values.""" - if python_utils.NEXT(call_error_sequence): - raise firebase_exceptions.DataLossError('Failed to connect') - - total_records = len(user_records) - - kept_records, error_indices = [], [] - for i, (record, error) in enumerate( - python_utils.ZIP(user_records, user_error_sequence)): - if error: - error_indices.append(i) - else: - kept_records.append(record) - - if kept_records: - self._import_users(kept_records) + if len(uids) > 1000: + raise ValueError('`uids` paramter must have <= 1000 entries.') + + if force_delete: + uids_to_delete = set(uids) + errors = [] + else: + disabled_uids, enabled_uids = utils.partition( + uids, predicate=lambda uid: self._users_by_uid[uid].disabled, + enumerated=True) + uids_to_delete = {uid for _, uid in disabled_uids} + errors = [(i, 'uid=%r must be disabled first' % uid) + for i, uid in enabled_uids] + + for uid in uids_to_delete.intersection(self._users_by_uid): + del self._users_by_uid[uid] + return self._create_delete_users_result_fragile(errors) + + def get_user(self, uid): + """Returns user with given ID if found, otherwise raises an error. - return self._create_user_import_result_fragile( - total_records, error_indices=error_indices) + Args: + uid: str. The Firebase account ID of the user. - return self._test.swap( - firebase_admin.auth, 'import_users', mock_import_users) + Returns: + UserRecord. The UserRecord object of the user. + + Raises: + UserNotFoundError. The Firebase account has not been created yet. + """ + if uid not in self._users_by_uid: + raise firebase_admin.auth.UserNotFoundError('%s not found' % uid) + return self._users_by_uid[uid] + + def get_user_by_email(self, email): + """Returns user with given email if found, otherwise raises an error. + + Args: + email: str. The email address of the user. + + Returns: + UserRecord. The UserRecord object of the user. + + Raises: + UserNotFoundError. The Firebase account has not been created yet. + """ + matches = (u for u in self._users_by_uid.values() if u.email == email) + user = python_utils.NEXT(matches, None) + if user is None: + raise firebase_admin.auth.UserNotFoundError('%s not found' % email) + return user + + def import_users(self, records): + """Adds the given user records to the stub's storage. + + Args: + records: list(firebase_admin.auth.ImportUserRecord). The users to + add. + + Returns: + firebase_admin.auth.UserImportResult. Object with details about the + operation. + """ + for record in records: + self._set_user_fragile( + record.uid, record.email, record.disabled, record.custom_claims) + return self._create_user_import_result_fragile(len(records), []) + + def list_users(self, page_token=None, max_results=1000): + """Retrieves a page of user accounts from a Firebase project. + + The `page_token` argument governs the starting point of the page. The + `max_results` argument governs the maximum number of user accounts that + may be included in the returned page. This function never returns None. + If there are no user accounts in the Firebase project, this returns an + empty page. + + Args: + page_token: str|None. A non-empty page token string, which indicates + the starting point of the page (optional). Defaults to `None`, + which will retrieve the first page of users. + max_results: int|None. A positive integer indicating the maximum + number of users to include in the returned page (optional). + Defaults to 1000, which is also the maximum number allowed. + + Returns: + ListUsersPage. A ListUsersPage instance. + + Raises: + ValueError. If max_results or page_token are invalid. + FirebaseError. If an error occurs while retrieving the user + accounts. + """ + if max_results > 1000: + raise ValueError('max_results=%r must be <= 1000' % max_results) + + # NOTE: This is only sorted to make unit testing easier. + all_users = sorted(self._users_by_uid.values(), key=lambda u: u.uid) + page_list = [ + [user for user in user_group if user is not None] + for user_group in utils.grouper(all_users, max_results) + ] + + if not page_list: + return self._create_list_users_page_fragile([], 0) + + try: + page_index = int(page_token) if page_token is not None else 0 + except (ValueError, TypeError): + raise ValueError('page_token=%r is invalid' % page_token) + + if 0 <= page_index < len(page_list): + return self._create_list_users_page_fragile(page_list, page_index) + else: + raise ValueError('page_token=%r is invalid' % page_token) + + def set_custom_user_claims(self, uid, custom_claims): + """Updates the custom claims of the given user. + + Args: + uid: str. The Firebase account ID of the user. + custom_claims: str|None. A string-encoded JSON with string keys and + values, e.g. '{"role":"admin"}', or None. + + Returns: + str. The uid of the user. + + Raises: + UserNotFoundError. The Firebase account has not been created yet. + """ + return self.update_user(uid, custom_claims=custom_claims) + + def update_user(self, uid, email=None, disabled=False, custom_claims=None): + """Updates the user in storage if found, otherwise raises an error. + + Args: + uid: str. The Firebase account ID of the user. + email: str|None. The email address for the user, or None. + disabled: bool. Whether the user account is to be disabled. + custom_claims: str|None. A string-encoded JSON with string keys and + values, e.g. '{"role":"admin"}', or None. + + Returns: + str. The uid of the user. - def assert_firebase_user_exists(self, uid): + Raises: + UserNotFoundError. The Firebase account has not been created yet. + """ + if uid not in self._users_by_uid: + raise firebase_admin.auth.UserNotFoundError('%s not found' % uid) + self._set_user_fragile(uid, email, disabled, custom_claims) + return uid + + def verify_id_token(self, token): + """Returns claims for the corresponding user if the ID token is valid. + + Args: + token: str. The ID token. + + Returns: + dict(str: *). Claims for the user corresponding to the ID token. + """ + return self._decode_user_claims(token) + + def verify_session_cookie(self, session_cookie): + """Returns claims for the corresponding user if the cookie is valid. + + Args: + session_cookie: str. The session cookie. + + Returns: + dict(str: *). Claims for the user corresponding to the session + cookie. + """ + # NOTE: Session cookies are often completely different, in terms of + # encoding and security, to ID Tokens. Regardless, for the purposes of + # this stub, we treat them the same. + id_token = session_cookie + if id_token not in self._session_cookie_duration_by_id_token: + raise firebase_admin.auth.ExpiredSessionCookieError( + 'The provided Firebase session cookie is invalid', None) + return self._decode_user_claims(id_token) + + def assert_is_user(self, uid): """Asserts that an account with the given id exists. NOTE: This method can only be called after the instance has been @@ -240,7 +409,7 @@ def assert_firebase_user_exists(self, uid): uid, self._users_by_uid, msg='Firebase account not found: uid=%r' % uid) - def assert_firebase_user_does_not_exist(self, uid): + def assert_is_not_user(self, uid): """Asserts that an account with the given id does not exist. NOTE: This method can only be called after the instance has been @@ -253,7 +422,35 @@ def assert_firebase_user_does_not_exist(self, uid): uid, self._users_by_uid, msg='Unexpected Firebase account exists: uid=%r' % uid) - def assert_multi_firebase_users_exist(self, uids): + def assert_is_super_admin(self, uid): + """Asserts that the given ID has super admin privileges. + + NOTE: This method can only be called after the instance has been + installed to a test case! + + Args: + uid: str. The ID of the user to confirm. + """ + self.assert_is_user(uid) + custom_claims = self.get_user(uid).custom_claims or {} + self._test.assertEqual( + custom_claims.get('role', None), feconf.FIREBASE_ROLE_SUPER_ADMIN) + + def assert_is_not_super_admin(self, uid): + """Asserts that the given ID does not have super admin privileges. + + NOTE: This method can only be called after the instance has been + installed to a test case! + + Args: + uid: str. The ID of the user to confirm. + """ + self.assert_is_user(uid) + custom_claims = self.get_user(uid).custom_claims or {} + self._test.assertNotEqual( + custom_claims.get('role', None), feconf.FIREBASE_ROLE_SUPER_ADMIN) + + def assert_is_user_multi(self, uids): """Asserts that every account with the given ids exist. NOTE: This method can only be called after the instance has been @@ -267,7 +464,7 @@ def assert_multi_firebase_users_exist(self, uids): not_found, [], msg='Firebase accounts not found: uids=%r' % (not_found,)) - def assert_multi_firebase_users_do_not_exist(self, uids): + def assert_is_not_user_multi(self, uids): """Asserts that every account with the given ids do not exist. NOTE: This method can only be called after the instance has been @@ -281,95 +478,134 @@ def assert_multi_firebase_users_do_not_exist(self, uids): found, [], msg='Unexpected Firebase accounts exists: uids=%r' % (found,)) - def _import_users(self, user_records): - """Adds the given user records to the stub's storage. + def mock_delete_users_error( + self, + batch_error_pattern=(None,), individual_error_pattern=(None,)): + """Returns a context in which `delete_users` fails according to the + given patterns. + + Example: + with mock_delete_users_error(batch_error_pattern=(None, Exception)): + delete_users(...) # OK. + delete_users(...) # Raises Exception. + delete_users(...) # OK. + delete_users(...) # Raises Exception. + delete_users(...) # OK. Args: - user_records: list(firebase_admin.auth.ImportUserRecord). The users - to add. + batch_error_pattern: tuple(Exception|None). Enumerates which + successive calls will raise an exception. For values of None, no + exception is raised. The pattern is cycled. By default, an error + will never be raised. + individual_error_pattern: tuple(bool). Enumerates which individual + users will cause an error. The pattern is cycled. By default, an + error will never be raised. Returns: - firebase_admin.auth.UserImportResult. Object with details about the - operation. + Context manager. The context manager with the mocked implementation. """ - for record in user_records: - self._set_user_fragile( - record.uid, record.email, record.disabled, record.custom_claims) - return self._create_user_import_result_fragile(len(user_records)) + batch_error_pattern = itertools.cycle(batch_error_pattern) + individual_error_pattern = itertools.cycle(individual_error_pattern) - def _create_session_cookie(self, id_token, max_age): - """Creates a new session cookie which expires after given duration. + def mock_delete_users(uids, force_delete=False): + """Mock function that fails according to the input patterns.""" + error_to_raise = python_utils.NEXT(batch_error_pattern) + if error_to_raise is not None: + raise error_to_raise - Args: - id_token: str. The ID Token to generate the cookie from. - max_age: datetime.timedelta. The duration the cookie remains valid. + uids_to_delete, uids_to_fail = utils.partition( + python_utils.ZIP(uids, individual_error_pattern), + predicate=lambda uid_and_error: uid_and_error[1] is None, + enumerated=True) - Returns: - str. A session cookie that can validate the user. - """ - if not id_token: - raise firebase_admin.auth.InvalidIdTokenError('missing id_token') - if max_age > datetime.timedelta(days=0): - self._session_cookie_duration_by_id_token[id_token] = max_age - # NOTE: Session cookies are often completely different, in terms of - # encoding and security, to ID Tokens. Regardless, for the purposes of - # this stub, we treat them the same. - session_cookie = id_token - return session_cookie + uids_to_delete = [uid for _, (uid, _) in uids_to_delete] + errors = [(i, error) for i, (_, error) in uids_to_fail] - def _verify_session_cookie(self, session_cookie): - """Returns claims for the corresponding user if the cookie is valid. + self.delete_users(uids_to_delete, force_delete=force_delete) + + return self._create_delete_users_result_fragile(errors) + + return self._test.swap( + firebase_admin.auth, 'delete_users', mock_delete_users) + + def mock_import_users_error( + self, + batch_error_pattern=(None,), individual_error_pattern=(None,)): + """Returns a context in which `import_users` fails according to the + given patterns. + + Example: + with mock_import_users_error(batch_error_pattern=(False, True)): + import_users(...) # OK + import_users(...) # Raises! + import_users(...) # OK + import_users(...) # Raises! + import_users(...) # OK Args: - session_cookie: str. The session cookie. + batch_error_pattern: tuple(Exception|None). Enumerates which + successive calls will raise an exception. For values of None, no + exception is raised. The pattern is cycled. By default, an error + will never be raised. + individual_error_pattern: tuple(str|None). Enumerates which + individual users will cause an error. Each value is either the + error reason (a string), or None. The pattern is cycled. By + default, an error will never be raised. Returns: - dict(str: *). Claims for the user corresponding to the session - cookie. + Context manager. The context manager with the mocked implementation. """ - # NOTE: Session cookies are often completely different, in terms of - # encoding and security, to ID Tokens. Regardless, for the purposes of - # this stub, we treat them the same. - id_token = session_cookie - if id_token not in self._session_cookie_duration_by_id_token: - raise firebase_admin.auth.ExpiredSessionCookieError( - 'The provided Firebase session cookie is invalid', None) - return self._decode_user_claims(id_token) + batch_error_pattern = itertools.cycle(batch_error_pattern) + individual_error_pattern = itertools.cycle(individual_error_pattern) - def _verify_id_token(self, token): - """Returns claims for the corresponding user if the ID token is valid. + def mock_import_users(records): + """Mock function that fails according to the input patterns.""" + error_to_raise = python_utils.NEXT(batch_error_pattern) + if error_to_raise is not None: + raise error_to_raise + + records_to_import, records_to_fail = utils.partition( + python_utils.ZIP(records, individual_error_pattern), + predicate=lambda record_and_error: record_and_error[1] is None, + enumerated=True) + + self.import_users([record for _, (record, _) in records_to_import]) + + return self._create_user_import_result_fragile( + len(records), [(i, error) for i, (_, error) in records_to_fail]) + + return self._test.swap( + firebase_admin.auth, 'import_users', mock_import_users) + + def _encode_user_claims(self, user): + """Returns encoded claims for the given user. Args: - token: str. The ID token. + user: firebase_admin.auth.UserRecord. The source of the claims. Returns: - dict(str: *). Claims for the user corresponding to the ID token. + str. An encoded representation of the user's claims. """ - return self._decode_user_claims(token) - - def _create_user_import_result_fragile(self, total, error_indices=None): - """Creates a new UserImportResult instance with the given values. + claims = {'sub': user.uid} + if user.email: + claims['email'] = user.email + if user.custom_claims: + claims.update(user.custom_claims) + return json.dumps(claims) - FRAGILE! The dict keys used by the UserImportResult constructor are an - implementation detail that may break in future versions of the SDK. + def _decode_user_claims(self, encoded_claims): + """Returns the given decoded claims. Args: - total: int. The total number of records initially requested. - error_indices: list(int)|None. The indicies of the records which - have failed. If None, then the result will not contain any - errors. + encoded_claims: str. The encoded claims. Returns: - firebase_admin.auth.UserImportResult. A UserImportResult with the - given results. + dict(str: *). The decoded claims. """ - if error_indices is None: - error_indices = [] - return firebase_admin.auth.UserImportResult({ - 'error': [ - {'index': i, 'message': 'FirebaseError'} for i in error_indices - ], - }, total) + try: + return json.loads(encoded_claims) + except ValueError: + return None def _set_user_fragile(self, uid, email, disabled, custom_claims): """Sets the given properties for the corresponding user. @@ -389,85 +625,131 @@ def _set_user_fragile(self, uid, email, disabled, custom_claims): 'customAttributes': custom_claims, }) - def _get_user(self, uid): - """Returns the user with given ID if found, otherwise raises an error. + def _create_list_users_page_fragile(self, page_list, page_index): + """Creates a new ListUsersPage mock. + + FRAGILE! The mock is not from the real SDK, so it's vulnerable to + becoming out-of-sync with the interface of the real ListUsersPage. Args: - uid: str. The Firebase account ID of the user. + page_list: list(list(UserRecord)). The pages of users. + page_index: int. The starting index of the page. Returns: - UserRecord. The UserRecord object of the user. - - Raises: - UserNotFoundError. The Firebase account has not been created yet. + Mock. A mock implementation of ListUsersPage. """ - if uid not in self._users_by_uid: - raise firebase_admin.auth.UserNotFoundError('%s not found' % uid) - return self._users_by_uid[uid] - - def _update_user(self, uid, email=None, disabled=False, custom_claims=None): - """Updates the user in storage if found, otherwise raises an error. + page = mock.Mock() + if page_index < len(page_list): + page.users = page_list[page_index] + page.has_next_page = (page_index + 1) < len(page_list) + page.next_page_token = ( + '' if not page.has_next_page else + python_utils.UNICODE(page_index + 1)) + page.get_next_page = lambda: ( + None if not page.has_next_page else + self._create_list_users_page_fragile(page_list, page_index + 1)) + page.iterate_all = lambda: ( + itertools.chain.from_iterable(page_list[page_index:])) + else: + page.users = [] + page.has_next_page = False + page.next_page_token = '' + page.get_next_page = lambda: None + page.iterate_all = lambda: iter([]) + return page + + def _create_delete_users_result_fragile(self, errors): + """Creates a new BatchDeleteAccountsResponse instance with the given + values. + + FRAGILE! The dict keys used by the BatchDeleteAccountsResponse + constructor are an implementation detail that may break in future + versions of the SDK. Args: - uid: str. The Firebase account ID of the user. - email: str|None. The email address for the user, or None. - disabled: bool. Whether the user account is to be disabled. - custom_claims: str|None. A string-encoded JSON with string keys and - values, e.g. '{"role":"admin"}', or None. + errors: list(tuple(int, str)). A list of (index, error) pairs. Returns: - str. The uid of the user. - - Raises: - UserNotFoundError. The Firebase account has not been created yet. + firebase_admin.auth.BatchDeleteAccountsResponse. The response. """ - if uid not in self._users_by_uid: - raise firebase_admin.auth.UserNotFoundError('%s not found' % uid) - self._set_user_fragile(uid, email, disabled, custom_claims) - return uid + return firebase_admin.auth.BatchDeleteAccountsResponse( + errors=[{'index': i, 'message': error} for i, error in errors]) - def _delete_user(self, uid): - """Removes user from storage if found, otherwise raises an error. + def _create_user_import_result_fragile(self, total, errors): + """Creates a new UserImportResult instance with the given values. + + FRAGILE! The dict keys used by the UserImportResult constructor are an + implementation detail that may break in future versions of the SDK. Args: - uid: str. The Firebase account ID of the user. + total: int. The total number of records initially requested. + errors: list(tuple(int, str)). A list of (index, error) pairs. - Raises: - UserNotFoundError. The Firebase account has not been created yet. + Returns: + firebase_admin.auth.UserImportResult. The response. """ - if uid not in self._users_by_uid: - raise firebase_admin.auth.UserNotFoundError('%s not found' % uid) - del self._users_by_uid[uid] + return firebase_admin.auth.UserImportResult({ + 'error': [{'index': i, 'message': error} for i, error in errors], + }, total) - def _encode_user_claims(self, user): - """Returns encoded claims for the given user. - Args: - user: firebase_admin.auth.UserRecord. The source of the claims. +class EstablishFirebaseConnectionTests(test_utils.TestBase): - Returns: - str. An encoded representation of the user's claims. - """ - claims = {'sub': user.uid} - if user.email: - claims['email'] = user.email - if user.custom_claims: - claims.update(user.custom_claims) - return json.dumps(claims) + APP = object() - def _decode_user_claims(self, encoded_claims): - """Returns the given decoded claims. + def test_initializes_when_connection_does_not_exist(self): + get_app_swap = self.swap_with_call_counter( + firebase_admin, 'get_app', raises=ValueError('initialize_app')) + init_app_swap = self.swap_with_call_counter( + firebase_admin, 'initialize_app', returns=self.APP) - Args: - encoded_claims: str. The encoded claims. + with get_app_swap as get_app_counter, init_app_swap as init_app_counter: + firebase_auth_services.establish_firebase_connection() - Returns: - dict(str: *). The decoded claims. - """ - try: - return json.loads(encoded_claims) - except ValueError: - return None + self.assertEqual(get_app_counter.times_called, 1) + self.assertEqual(init_app_counter.times_called, 1) + + def test_returns_existing_connection(self): + get_app_swap = self.swap_with_call_counter( + firebase_admin, 'get_app', returns=self.APP) + init_app_swap = self.swap_with_call_counter( + firebase_admin, 'initialize_app', + raises=Exception('unexpected call')) + + with get_app_swap as get_app_counter, init_app_swap as init_app_counter: + firebase_auth_services.establish_firebase_connection() + + self.assertEqual(get_app_counter.times_called, 1) + self.assertEqual(init_app_counter.times_called, 0) + + def test_raises_authentic_get_app_error(self): + get_app_swap = self.swap_with_call_counter( + firebase_admin, 'get_app', raises=ValueError('uh-oh!')) + init_app_swap = self.swap_with_call_counter( + firebase_admin, 'initialize_app', + raises=Exception('unexpected call')) + + with get_app_swap as get_app_counter, init_app_swap as init_app_counter: + self.assertRaisesRegexp( + ValueError, 'uh-oh!', + firebase_auth_services.establish_firebase_connection) + + self.assertEqual(get_app_counter.times_called, 1) + self.assertEqual(init_app_counter.times_called, 0) + + def test_raises_authentic_initialize_app_error(self): + get_app_swap = self.swap_with_call_counter( + firebase_admin, 'get_app', raises=ValueError('initialize_app')) + init_app_swap = self.swap_with_call_counter( + firebase_admin, 'initialize_app', raises=ValueError('uh-oh!')) + + with get_app_swap as get_app_counter, init_app_swap as init_app_counter: + self.assertRaisesRegexp( + ValueError, 'uh-oh!', + firebase_auth_services.establish_firebase_connection) + + self.assertEqual(get_app_counter.times_called, 1) + self.assertEqual(init_app_counter.times_called, 1) class FirebaseAuthServicesTestBase(test_utils.AppEngineTestBase): @@ -538,6 +820,193 @@ def create_response(self, session_cookie=None): return res +class SuperAdminPrivilegesTests(FirebaseAuthServicesTestBase): + + def test_updates_user_successfully(self): + auth_models.UserAuthDetailsModel(id='uid', firebase_auth_id='aid').put() + self.firebase_sdk_stub.create_user('aid') + + self.firebase_sdk_stub.assert_is_not_super_admin('aid') + + firebase_auth_services.grant_super_admin_privileges('uid') + + self.firebase_sdk_stub.assert_is_super_admin('aid') + + firebase_auth_services.revoke_super_admin_privileges('uid') + + self.firebase_sdk_stub.assert_is_not_super_admin('aid') + + def test_raises_error_when_user_does_not_exist(self): + auth_models.UserAuthDetailsModel(id='uid', firebase_auth_id=None).put() + + self.assertRaisesRegexp( + ValueError, 'user_id=uid has no Firebase account', + lambda: firebase_auth_services.grant_super_admin_privileges('uid')) + + self.assertRaisesRegexp( + ValueError, 'user_id=uid has no Firebase account', + lambda: firebase_auth_services.revoke_super_admin_privileges('uid')) + + +class SeedFirebaseTests(FirebaseAuthServicesTestBase): + + def set_up_models(self, user_id=None, gae_id=None, firebase_auth_id=None): + """Creates user and auth models to emulate a real admin account. + + Args: + user_id: str|None. The Oppia ID of the user. If None, no models are + created. + gae_id: str|None. The GAE ID of the user. If None, no GAE auth + associations are created. + firebase_auth_id: str|None. The Firebase account ID of the user. If + None, no Firebase associations are created. + """ + if user_id is None: + return + user_models.UserSettingsModel( + id=user_id, email=feconf.ADMIN_EMAIL_ADDRESS).put() + auth_models.UserAuthDetailsModel( + id=user_id, gae_id=gae_id, firebase_auth_id=firebase_auth_id).put() + if gae_id is not None: + auth_models.UserIdentifiersModel(id=gae_id, user_id=user_id).put() + if firebase_auth_id is not None: + auth_models.UserIdByFirebaseAuthIdModel( + id=firebase_auth_id, user_id=user_id).put() + + def test_fails_when_no_admin_exists(self): + self.assertRaisesRegexp( + Exception, + 'testadmin@example.com must correspond to exactly 1 user', + firebase_auth_services.seed_firebase) + + def test_creates_firebase_account_and_models_if_none_exists(self): + self.set_up_models(user_id='abc') + + self.assertIsNone( + firebase_auth_services.get_auth_id_from_user_id('abc')) + self.assertIsNone( + firebase_auth_services.get_user_id_from_auth_id('abc')) + self.firebase_sdk_stub.assert_is_not_user('abc') + + firebase_auth_services.seed_firebase() + + self.assertEqual( + firebase_auth_services.get_auth_id_from_user_id('abc'), 'abc') + self.assertEqual( + firebase_auth_services.get_user_id_from_auth_id('abc'), 'abc') + self.firebase_sdk_stub.assert_is_super_admin('abc') + + def test_assigns_firebase_auth_id_to_user_id_with_uid_prefix_stripped(self): + self.set_up_models(user_id='uid_abc') + + self.assertIsNone( + firebase_auth_services.get_auth_id_from_user_id('uid_abc')) + self.assertIsNone( + firebase_auth_services.get_user_id_from_auth_id('abc')) + self.firebase_sdk_stub.assert_is_not_user('abc') + + firebase_auth_services.seed_firebase() + + self.assertEqual( + firebase_auth_services.get_auth_id_from_user_id('uid_abc'), 'abc') + self.assertEqual( + firebase_auth_services.get_user_id_from_auth_id('abc'), 'uid_abc') + self.firebase_sdk_stub.assert_is_super_admin('abc') + + def test_updates_existing_firebase_account(self): + self.set_up_models(user_id='abc') + self.firebase_sdk_stub.create_user('abc') + + self.assertIsNone( + firebase_auth_services.get_auth_id_from_user_id('abc')) + self.assertIsNone( + firebase_auth_services.get_user_id_from_auth_id('abc')) + self.firebase_sdk_stub.assert_is_not_super_admin('abc') + + firebase_auth_services.seed_firebase() + + self.assertEqual( + firebase_auth_services.get_auth_id_from_user_id('abc'), 'abc') + self.assertEqual( + firebase_auth_services.get_user_id_from_auth_id('abc'), 'abc') + self.firebase_sdk_stub.assert_is_super_admin('abc') + + def test_creates_firebase_assoc_if_missing(self): + self.set_up_models(user_id='uid_abc', gae_id='jkl') + + self.assertIsNone( + firebase_auth_services.get_auth_id_from_user_id('uid_abc')) + self.assertIsNone( + firebase_auth_services.get_user_id_from_auth_id('abc')) + self.assertIsNone( + firebase_auth_services.get_user_id_from_auth_id('jkl')) + + firebase_auth_services.seed_firebase() + + self.assertEqual( + firebase_auth_services.get_auth_id_from_user_id('uid_abc'), 'abc') + self.assertEqual( + firebase_auth_services.get_user_id_from_auth_id('abc'), 'uid_abc') + self.assertIsNone( + firebase_auth_services.get_user_id_from_auth_id('jkl')) + + def test_reuses_existing_firebase_id_if_association_exists(self): + self.set_up_models(user_id='abc', firebase_auth_id='xyz') + + self.assertEqual( + firebase_auth_services.get_auth_id_from_user_id('abc'), 'xyz') + self.assertEqual( + firebase_auth_services.get_user_id_from_auth_id('xyz'), 'abc') + self.firebase_sdk_stub.assert_is_not_user('xyz') + + firebase_auth_services.seed_firebase() + + self.assertEqual( + firebase_auth_services.get_auth_id_from_user_id('abc'), 'xyz') + self.assertEqual( + firebase_auth_services.get_user_id_from_auth_id('xyz'), 'abc') + self.firebase_sdk_stub.assert_is_super_admin('xyz') + + def test_recreates_firebase_account_if_auth_id_is_wrong(self): + self.set_up_models(user_id='abc', firebase_auth_id='xyz') + self.firebase_sdk_stub.create_user( + 'jkl', email=feconf.ADMIN_EMAIL_ADDRESS) + + self.firebase_sdk_stub.assert_is_not_super_admin('jkl') + self.firebase_sdk_stub.assert_is_not_user('xyz') + + firebase_auth_services.seed_firebase() + + self.firebase_sdk_stub.assert_is_not_user('jkl') + self.firebase_sdk_stub.assert_is_super_admin('xyz') + + def test_grants_super_admin_priviliges_if_firebase_account_exists(self): + self.set_up_models(user_id='abc', firebase_auth_id='xyz') + self.firebase_sdk_stub.create_user( + 'xyz', email=feconf.ADMIN_EMAIL_ADDRESS) + + self.firebase_sdk_stub.assert_is_not_super_admin('xyz') + + firebase_auth_services.seed_firebase() + + self.firebase_sdk_stub.assert_is_super_admin('xyz') + + def test_updates_user_id_if_assoc_model_is_inconsistent(self): + self.set_up_models(user_id='abc', firebase_auth_id='xyz') + assoc_model = auth_models.UserIdByFirebaseAuthIdModel.get('xyz') + assoc_model.user_id = 'jkl' + assoc_model.update_timestamps(update_last_updated_time=False) + assoc_model.put() + + self.assertEqual( + firebase_auth_services.get_user_id_from_auth_id('xyz'), 'jkl') + + firebase_auth_services.seed_firebase() + + self.assertEqual( + firebase_auth_services.get_user_id_from_auth_id('xyz'), 'abc') + + class EstablishAuthSessionTests(FirebaseAuthServicesTestBase): def setUp(self): @@ -623,6 +1092,18 @@ def test_logs_error_when_cookie_is_invalid(self): self.assertTrue( logs[0].startswith('User session has ended and must be renewed')) + def test_grants_super_admin_privileges_to_feconf_admin_email_address(self): + cookie = firebase_admin.auth.create_session_cookie( + self.firebase_sdk_stub.create_user( + self.AUTH_ID, email=feconf.ADMIN_EMAIL_ADDRESS), + datetime.timedelta(days=1)) + + self.assertEqual( + firebase_auth_services.get_auth_claims_from_request( + self.create_request(session_cookie=cookie)), + auth_domain.AuthClaims( + self.AUTH_ID, feconf.ADMIN_EMAIL_ADDRESS, True)) + class GenericAssociationTests(FirebaseAuthServicesTestBase): @@ -783,26 +1264,6 @@ def test_disable_association_marks_user_for_deletion(self): auth_models.UserIdByFirebaseAuthIdModel.get('aid', strict=False)) self.assertTrue(firebase_admin.auth.get_user('aid').disabled) - def test_disable_association_warns_when_firebase_fails_to_init(self): - self.firebase_sdk_stub.create_user('aid') - firebase_auth_services.associate_auth_id_with_user_id( - auth_domain.AuthIdUserIdPair('aid', 'uid')) - init_swap = self.swap_to_always_raise( - firebase_admin, 'initialize_app', - error=firebase_exceptions.UnknownError('could not init')) - - self.assertIsNotNone( - auth_models.UserIdByFirebaseAuthIdModel.get('aid', strict=False)) - self.assertFalse(firebase_admin.auth.get_user('aid').disabled) - - with init_swap, self.capture_logging() as logs: - firebase_auth_services.mark_user_for_deletion('uid') - - self.assert_matches_regexps(logs, ['could not init']) - self.assertIsNone( - auth_models.UserIdByFirebaseAuthIdModel.get('aid', strict=False)) - self.assertFalse(firebase_admin.auth.get_user('aid').disabled) - def test_disable_association_warns_when_firebase_fails_to_update_user(self): self.firebase_sdk_stub.create_user('aid') firebase_auth_services.associate_auth_id_with_user_id( @@ -824,6 +1285,14 @@ def test_disable_association_warns_when_firebase_fails_to_update_user(self): auth_models.UserIdByFirebaseAuthIdModel.get('aid', strict=False)) self.assertFalse(firebase_admin.auth.get_user('aid').disabled) + def test_disable_association_gives_up_when_auth_assocs_do_not_exist(self): + with self.capture_logging() as logs: + firebase_auth_services.mark_user_for_deletion('uid') + + self.assert_matches_regexps(logs, [ + r'\[WIPEOUT\] User with user_id=uid has no Firebase account' + ]) + class FirebaseSpecificAssociationTests(FirebaseAuthServicesTestBase): @@ -836,32 +1305,6 @@ def setUp(self): firebase_auth_services.associate_auth_id_with_user_id( auth_domain.AuthIdUserIdPair(self.AUTH_ID, self.USER_ID)) - def test_delete_user_without_firebase_initialization_returns_false(self): - init_swap = self.swap_to_always_raise( - firebase_admin, 'initialize_app', - error=firebase_exceptions.UnknownError('could not init')) - - with init_swap, self.capture_logging() as logs: - firebase_auth_services.delete_external_auth_associations( - self.USER_ID) - - self.assertFalse( - firebase_auth_services - .verify_external_auth_associations_are_deleted(self.USER_ID)) - self.assert_matches_regexps(logs, ['could not init']) - - def test_is_associated_auth_id_deleted_without_init_returns_false(self): - init_swap = self.swap_to_always_raise( - firebase_admin, 'initialize_app', - error=firebase_exceptions.UnknownError('could not init')) - - with init_swap, self.capture_logging() as logs: - self.assertFalse( - firebase_auth_services - .verify_external_auth_associations_are_deleted(self.USER_ID)) - - self.assert_matches_regexps(logs, ['could not init']) - def test_delete_user_when_firebase_raises_an_error(self): delete_swap = self.swap_to_always_raise( firebase_admin.auth, 'delete_user', @@ -900,29 +1343,6 @@ def setUp(self): self.firebase_sdk_stub.create_user(self.AUTH_ID) user_settings = user_services.create_new_user(self.AUTH_ID, self.EMAIL) self.user_id = user_settings.user_id - firebase_auth_services.associate_auth_id_with_user_id( - auth_domain.AuthIdUserIdPair(self.AUTH_ID, self.user_id)) - - def delete_external_auth_associations(self): - """Runs delete_external_auth_associations on the test user.""" - firebase_auth_services.delete_external_auth_associations(self.user_id) - - def assert_firebase_account_is_deleted(self): - """Asserts that the Firebase account has been deleted.""" - self.assertRaisesRegexp( - firebase_admin.auth.UserNotFoundError, 'not found', - lambda: firebase_admin.auth.get_user(self.AUTH_ID)) - - def assert_firebase_account_is_not_deleted(self): - """Asserts that the Firebase account still exists.""" - user = firebase_admin.auth.get_user(self.AUTH_ID) - self.assertIsNotNone(user) - self.assertEqual(user.uid, self.AUTH_ID) - - def swap_initialize_sdk_to_always_fail(self): - """Swaps the initialize_app function so that it always fails.""" - return self.swap_to_always_raise( - firebase_admin, 'initialize_app', error=self.UNKNOWN_ERROR) def swap_get_user_to_always_fail(self): """Swaps the get_user function so that it always fails.""" @@ -935,60 +1355,39 @@ def swap_delete_user_to_always_fail(self): firebase_admin.auth, 'delete_user', error=self.UNKNOWN_ERROR) def test_delete_external_auth_associations_happy_path(self): - self.delete_external_auth_associations() - - self.assert_firebase_account_is_deleted() - self.assertTrue( - firebase_auth_services - .verify_external_auth_associations_are_deleted(self.user_id)) - - def test_delete_external_auth_associations_after_failed_attempt(self): - with self.swap_initialize_sdk_to_always_fail(): - self.delete_external_auth_associations() - - self.assert_firebase_account_is_not_deleted() - self.assertFalse( - firebase_auth_services - .verify_external_auth_associations_are_deleted(self.user_id)) - - self.delete_external_auth_associations() + firebase_auth_services.delete_external_auth_associations(self.user_id) - self.assert_firebase_account_is_deleted() + self.firebase_sdk_stub.assert_is_not_user(self.AUTH_ID) self.assertTrue( firebase_auth_services .verify_external_auth_associations_are_deleted(self.user_id)) - def test_verify_delete_external_auth_associations_after_failed_attempt( - self): - self.delete_external_auth_associations() - - self.assert_firebase_account_is_deleted() - - with self.swap_initialize_sdk_to_always_fail(): - self.assertFalse( - firebase_auth_services - .verify_external_auth_associations_are_deleted(self.user_id)) + def test_delete_external_auth_associations_when_user_not_found(self): + firebase_admin.auth.delete_user(self.AUTH_ID) - self.delete_external_auth_associations() + with self.capture_logging() as logs: + firebase_auth_services.delete_external_auth_associations( + self.user_id) - self.assertTrue( - firebase_auth_services - .verify_external_auth_associations_are_deleted(self.user_id)) + self.assert_matches_regexps(logs, [ + r'\[WIPEOUT\] Firebase account already deleted', + ]) def test_delete_external_auth_associations_when_delete_user_fails(self): with self.swap_delete_user_to_always_fail(): - self.delete_external_auth_associations() + firebase_auth_services.delete_external_auth_associations( + self.user_id) - self.assert_firebase_account_is_not_deleted() + self.firebase_sdk_stub.assert_is_user(self.AUTH_ID) self.assertFalse( firebase_auth_services .verify_external_auth_associations_are_deleted(self.user_id)) def test_delete_external_auth_associations_when_get_user_fails(self): - self.delete_external_auth_associations() + firebase_auth_services.delete_external_auth_associations(self.user_id) - self.assert_firebase_account_is_deleted() + self.firebase_sdk_stub.assert_is_not_user(self.AUTH_ID) with self.swap_get_user_to_always_fail(): self.assertFalse( @@ -998,29 +1397,3 @@ def test_delete_external_auth_associations_when_get_user_fails(self): self.assertTrue( firebase_auth_services .verify_external_auth_associations_are_deleted(self.user_id)) - - def test_delete_external_auth_associations_when_init_fails_during_delete( - self): - with self.swap_initialize_sdk_to_always_fail(): - self.delete_external_auth_associations() - - self.assert_firebase_account_is_not_deleted() - - self.assertFalse( - firebase_auth_services - .verify_external_auth_associations_are_deleted(self.user_id)) - - def test_delete_external_auth_associations_when_init_fails_during_verify( - self): - self.delete_external_auth_associations() - - self.assert_firebase_account_is_deleted() - - with self.swap_initialize_sdk_to_always_fail(): - self.assertFalse( - firebase_auth_services - .verify_external_auth_associations_are_deleted(self.user_id)) - - self.assertTrue( - firebase_auth_services - .verify_external_auth_associations_are_deleted(self.user_id)) diff --git a/core/platform/models.py b/core/platform/models.py index a2cd9745b75f..9a50ad23b91f 100644 --- a/core/platform/models.py +++ b/core/platform/models.py @@ -191,13 +191,13 @@ def get_all_storage_model_classes(cls): @classmethod def import_auth_services(cls): - """Imports and returns gae_auth_services module. + """Imports and returns firebase_auth_services module. Returns: - module. The gae_auth_services module. + module. The firebase_auth_services module. """ - from core.platform.auth import gae_auth_services - return gae_auth_services + from core.platform.auth import firebase_auth_services + return firebase_auth_services @classmethod def import_transaction_services(cls): diff --git a/core/platform/models_test.py b/core/platform/models_test.py index fc942b3004f3..a466a60a7189 100644 --- a/core/platform/models_test.py +++ b/core/platform/models_test.py @@ -244,10 +244,10 @@ def test_import_transaction_services(self): def test_import_auth_services(self): """Tests import auth services function.""" - from core.platform.auth import gae_auth_services + from core.platform.auth import firebase_auth_services self.assertIs( self.registry_instance.import_auth_services(), - gae_auth_services) + firebase_auth_services) def test_import_app_identity_services(self): """Tests import app identity services function.""" diff --git a/core/storage/auth/gae_models.py b/core/storage/auth/gae_models.py index acdf306c1e86..0c7ca11ed9b5 100644 --- a/core/storage/auth/gae_models.py +++ b/core/storage/auth/gae_models.py @@ -26,6 +26,8 @@ [models.NAMES.base_model, models.NAMES.user]) datastore_services = models.Registry.import_datastore_services() +ONLY_FIREBASE_SEED_MODEL_ID = '1' + class UserAuthDetailsModel(base_models.BaseModel): """Stores the authentication details for a particular user. @@ -292,3 +294,22 @@ def get_by_user_id(cls, user_id): to user_id argument. """ return cls.query(cls.user_id == user_id).get() + + +class FirebaseSeedModel(base_models.BaseModel): + """Dummy model used to kick-off the DestroyFirebaseAccountsOneOffJob.""" + + @staticmethod + def get_deletion_policy(): + """Model should never be erased.""" + return base_models.DELETION_POLICY.KEEP + + @staticmethod + def get_model_association_to_user(): + """Model does not correspond to any users.""" + return base_models.MODEL_ASSOCIATION_TO_USER.NOT_CORRESPONDING_TO_USER + + @classmethod + def has_reference_to_user_id(cls, unused_user_id): + """Model does not correspond to any users.""" + return False diff --git a/core/storage/auth/gae_models_test.py b/core/storage/auth/gae_models_test.py index c07046f84c8d..7ef57b25ac00 100644 --- a/core/storage/auth/gae_models_test.py +++ b/core/storage/auth/gae_models_test.py @@ -292,3 +292,24 @@ def test_get_export_policy(self): 'last_updated': base_models.EXPORT_POLICY.NOT_APPLICABLE, 'user_id': base_models.EXPORT_POLICY.NOT_APPLICABLE, }) + + +class FirebaseSeedModelTests(test_utils.GenericTestBase): + """Tests for auth_models.FirebaseSeedModel.""" + + USER_ID = 'user_id' + + def test_get_deletion_policy(self): + self.assertEqual( + auth_models.FirebaseSeedModel.get_deletion_policy(), + base_models.DELETION_POLICY.KEEP) + + def test_get_model_association_to_user(self): + self.assertEqual( + auth_models.FirebaseSeedModel.get_model_association_to_user(), + base_models.MODEL_ASSOCIATION_TO_USER.NOT_CORRESPONDING_TO_USER) + + def test_has_reference_to_existing_user_id(self): + self.assertFalse( + auth_models.FirebaseSeedModel.has_reference_to_user_id( + self.USER_ID)) diff --git a/core/templates/components/common-layout-directives/navigation-bars/top-navigation-bar.directive.html b/core/templates/components/common-layout-directives/navigation-bars/top-navigation-bar.directive.html index 427a57d38d50..dca7e65321ae 100644 --- a/core/templates/components/common-layout-directives/navigation-bars/top-navigation-bar.directive.html +++ b/core/templates/components/common-layout-directives/navigation-bars/top-navigation-bar.directive.html @@ -269,7 +269,7 @@
  • diff --git a/core/templates/domain/admin/admin-backend-api.service.spec.ts b/core/templates/domain/admin/admin-backend-api.service.spec.ts index 3ee112c729d5..0b18ba648647 100644 --- a/core/templates/domain/admin/admin-backend-api.service.spec.ts +++ b/core/templates/domain/admin/admin-backend-api.service.spec.ts @@ -1184,6 +1184,34 @@ describe('Admin backend api service', () => { } )); + it('should grant super admin privileges to user', fakeAsync(() => { + abas.grantSuperAdminPrivilegesAsync('abc') + .then(successHandler, failHandler); + let req = httpTestingController.expectOne('/adminsuperadminhandler'); + expect(req.request.body).toEqual({username: 'abc'}); + expect(req.request.method).toEqual('PUT'); + req.flush(200); + flushMicrotasks(); + + expect(successHandler).toHaveBeenCalled(); + expect(failHandler).not.toHaveBeenCalled(); + } + )); + + it('should revoke super admin privileges to user', fakeAsync(() => { + abas.revokeSuperAdminPrivilegesAsync('abc') + .then(successHandler, failHandler); + let req = httpTestingController.expectOne( + '/adminsuperadminhandler?username=abc'); + expect(req.request.method).toEqual('DELETE'); + req.flush(200); + flushMicrotasks(); + + expect(successHandler).toHaveBeenCalled(); + expect(failHandler).not.toHaveBeenCalled(); + } + )); + it('should fail to get the data of number of pending deleter requests' + 'when calling getNumberOfPendingDeletionRequestAsync', fakeAsync(() => { abas.getNumberOfPendingDeletionRequestAsync() diff --git a/core/templates/domain/admin/admin-backend-api.service.ts b/core/templates/domain/admin/admin-backend-api.service.ts index 1428bc19190d..4b3079272543 100644 --- a/core/templates/domain/admin/admin-backend-api.service.ts +++ b/core/templates/domain/admin/admin-backend-api.service.ts @@ -488,6 +488,20 @@ export class AdminBackendApiService { }); } + async grantSuperAdminPrivilegesAsync(username: string): Promise { + return this.http.put( + AdminPageConstants.ADMIN_SUPER_ADMIN_PRIVILEGES_HANDLER_URL, {username} + ).toPromise(); + } + + async revokeSuperAdminPrivilegesAsync(username: string): Promise { + return this.http['delete']( + AdminPageConstants.ADMIN_SUPER_ADMIN_PRIVILEGES_HANDLER_URL, { + params: {username}, + } + ).toPromise(); + } + async getModelsRelatedToUserAsync(userId: string): Promise { return new Promise((resolve, reject) => { this.http.get( diff --git a/core/templates/pages/admin-page/admin-page.constants.ts b/core/templates/pages/admin-page/admin-page.constants.ts index aa3166a4db63..d8a60ff4a28b 100644 --- a/core/templates/pages/admin-page/admin-page.constants.ts +++ b/core/templates/pages/admin-page/admin-page.constants.ts @@ -35,6 +35,7 @@ export const AdminPageConstants = { ADMIN_VERIFY_USER_MODELS_DELETED_HANDLER_URL: '/verifyusermodelsdeletedhandler', ADMIN_DELETE_USER_HANDLER_URL: '/deleteuserhandler', + ADMIN_SUPER_ADMIN_PRIVILEGES_HANDLER_URL: '/adminsuperadminhandler', ADMIN_TAB_URLS: { ACTIVITIES: '#activities', diff --git a/core/templates/pages/admin-page/misc-tab/admin-misc-tab.directive.html b/core/templates/pages/admin-page/misc-tab/admin-misc-tab.directive.html index a4a3dcf97939..0d02dc4b23de 100644 --- a/core/templates/pages/admin-page/misc-tab/admin-misc-tab.directive.html +++ b/core/templates/pages/admin-page/misc-tab/admin-misc-tab.directive.html @@ -185,6 +185,36 @@

    Regenerate missing exploration stats:

    + +

    Grant super admin privileges to Firebase account

    +
    +
    +
    + + +
    +
    + +
    +
    +
    +     + + +

    Revoke super admin privileges from Firebase account

    +
    +
    +
    + + +
    +
    + +
    +
    +
    +     + diff --git a/core/templates/pages/login-page/login-page.component.spec.ts b/core/templates/pages/login-page/login-page.component.spec.ts new file mode 100644 index 000000000000..cb0bfb4e3d62 --- /dev/null +++ b/core/templates/pages/login-page/login-page.component.spec.ts @@ -0,0 +1,314 @@ +// Copyright 2020 The Oppia Authors. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS-IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +/** + * @fileoverview Unit tests for the login page. + */ + +import { ComponentFixture, fakeAsync, flush, flushMicrotasks, TestBed, tick } from '@angular/core/testing'; +import { ReactiveFormsModule } from '@angular/forms'; +import { MatAutocompleteModule } from '@angular/material/autocomplete'; +import { MatButtonModule } from '@angular/material/button'; +import { MatCardModule } from '@angular/material/card'; +import { MatFormFieldModule } from '@angular/material/form-field'; +import { MatInputModule } from '@angular/material/input'; +import { AlertsService } from 'services/alerts.service'; +import { AuthService } from 'services/auth.service'; +import { WindowRef } from 'services/contextual/window-ref.service'; +import { LoaderService } from 'services/loader.service'; +import { LoginPageComponent } from './login-page.component'; + +class MockWindowRef { + constructor( + public location: string = null, public searchParams: string = '') {} + + get nativeWindow() { + const that = this; + return { + location: { + get search() { + return that.searchParams; + }, + assign: (url: string) => { + that.location = url; + }, + } + }; + } +} + +class PendingPromise { + public readonly promise: Promise; + public readonly resolve: (_: T | PromiseLike) => void; + public readonly reject: (_?) => void; + + constructor() { + let resolve: (_: T | PromiseLike) => void; + let reject: (_?) => void; + this.promise = new Promise((res, rej) => { + // Can't assign to this directly because resolve and reject are readonly. + resolve = res; + reject = rej; + }); + this.resolve = resolve; + this.reject = reject; + } +} + +describe('Login Page', () => { + let alertsService: jasmine.SpyObj; + let authService: jasmine.SpyObj; + let loaderService: jasmine.SpyObj; + let windowRef: MockWindowRef; + + let loginPageComponent: LoginPageComponent; + let fixture: ComponentFixture; + + const spyOnHandleRedirectResultAsync = () => { + const pending = new PendingPromise(); + authService.handleRedirectResultAsync.and.returnValue(pending.promise); + return pending; + }; + + const spyOnSignInWithEmail = () => { + const pending = new PendingPromise(); + authService.signInWithEmail.and.returnValue(pending.promise); + return pending; + }; + + beforeEach(() => { + alertsService = jasmine.createSpyObj('AlertsService', [ + 'addWarning', + ]); + authService = jasmine.createSpyObj('AuthService', { + handleRedirectResultAsync: Promise.resolve(false), + signInWithRedirectAsync: Promise.resolve(), + signInWithEmail: Promise.resolve(), + }); + loaderService = jasmine.createSpyObj('LoaderService', [ + 'showLoadingScreen', + 'hideLoadingScreen', + ]); + windowRef = new MockWindowRef(); + + TestBed.configureTestingModule({ + imports: [ + MatAutocompleteModule, + MatCardModule, + MatButtonModule, + MatInputModule, + MatFormFieldModule, + ReactiveFormsModule, + ], + declarations: [LoginPageComponent], + providers: [ + { provide: AlertsService, useValue: alertsService }, + { provide: AuthService, useValue: authService }, + { provide: LoaderService, useValue: loaderService }, + { provide: WindowRef, useValue: windowRef }, + ], + }).compileComponents(); + + fixture = TestBed.createComponent(LoginPageComponent); + loginPageComponent = fixture.componentInstance; + }); + + it('should be enabled by default', () => { + expect(loginPageComponent.enabled).toBeTrue(); + }); + + it('should be in emulator mode by default', () => { + expect(loginPageComponent.emulatorModeIsEnabled).toBeTrue(); + }); + + it('should redirect immediately if login page disabled', fakeAsync(() => { + spyOnProperty(loginPageComponent, 'enabled', 'get').and.returnValue(false); + + loginPageComponent.ngOnInit(); + flush(); + + expect(alertsService.addWarning).toHaveBeenCalledWith( + 'Sign-in is temporarily disabled. Please try again later.'); + expect(windowRef.location).toEqual('/'); + expect(authService.handleRedirectResultAsync).not.toHaveBeenCalled(); + expect(authService.signInWithRedirectAsync).not.toHaveBeenCalled(); + })); + + describe('Emulator mode', function() { + beforeEach(() => { + this.email = 'a@a.com'; + spyOnProperty(loginPageComponent, 'emulatorModeIsEnabled', 'get') + .and.returnValue(true); + }); + + it('should not handle redirect results', fakeAsync(() => { + loginPageComponent.ngOnInit(); + + expect(loaderService.showLoadingScreen).not.toHaveBeenCalled(); + expect(authService.handleRedirectResultAsync).not.toHaveBeenCalled(); + })); + + it('should redirect to sign up after successful sign in', fakeAsync(() => { + const signInPromise = spyOnSignInWithEmail(); + + loginPageComponent.onClickSignInButtonAsync(this.email); + + flushMicrotasks(); + + expect(loaderService.showLoadingScreen).toHaveBeenCalled(); + expect(authService.signInWithEmail).toHaveBeenCalled(); + expect(windowRef.location).toBeNull(); + + signInPromise.resolve(); + flush(); + + expect(windowRef.location).toEqual('/signup?return_url=/'); + })); + + it('should acknowledge a user pending account deletion', fakeAsync(() => { + const signInPromise = spyOnSignInWithEmail(); + + loginPageComponent.onClickSignInButtonAsync(this.email); + + expect(windowRef.location).toBeNull(); + + signInPromise.reject({code: 'auth/user-disabled', message: '!'}); + flushMicrotasks(); + + expect(windowRef.location).toEqual('/pending-account-deletion'); + + flush(); + })); + + it('should add a warning message when signin fails', fakeAsync(() => { + const signInPromise = spyOnSignInWithEmail(); + + loginPageComponent.onClickSignInButtonAsync(this.email); + + expect(windowRef.location).toBeNull(); + + signInPromise.reject({code: 'auth/unknown-error', message: '?'}); + flush(); + + expect(windowRef.location).toBeNull(); + expect(alertsService.addWarning).toHaveBeenCalledWith('?'); + expect(loaderService.hideLoadingScreen).toHaveBeenCalled(); + + flush(); + })); + + it('should redirect to given url', fakeAsync(() => { + const signInPromise = spyOnSignInWithEmail(); + windowRef.searchParams = '?return_url=/admin'; + + loginPageComponent.onClickSignInButtonAsync(this.email); + + expect(windowRef.location).toBeNull(); + + signInPromise.resolve(); + flushMicrotasks(); + + expect(windowRef.location).toEqual('/signup?return_url=/admin'); + + flush(); + })); + }); + + describe('Production mode', () => { + beforeEach(() => { + spyOnProperty(loginPageComponent, 'emulatorModeIsEnabled', 'get') + .and.returnValue(false); + }); + + it('should redirect to sign-up after successful redirect', fakeAsync(() => { + const redirectResultPromise = spyOnHandleRedirectResultAsync(); + + loginPageComponent.ngOnInit(); + + expect(windowRef.location).toBeNull(); + + redirectResultPromise.resolve(true); + flushMicrotasks(); + + expect(windowRef.location).toEqual('/signup?return_url=/'); + + flush(); + })); + + it('should acknowledge a user pending account deletion', fakeAsync(() => { + const redirectResultPromise = spyOnHandleRedirectResultAsync(); + + loginPageComponent.ngOnInit(); + + expect(windowRef.location).toBeNull(); + + redirectResultPromise.reject({code: 'auth/user-disabled', message: '!'}); + flushMicrotasks(); + + expect(windowRef.location).toEqual('/pending-account-deletion'); + + flush(); + })); + + it('should redirect to home page after failed login', fakeAsync(() => { + const redirectResultPromise = spyOnHandleRedirectResultAsync(); + + loginPageComponent.ngOnInit(); + + expect(windowRef.location).toBeNull(); + + redirectResultPromise.reject({code: 'auth/unknown-error', message: '?'}); + + // An error should have appeared, but it will not redirect immediately. + flushMicrotasks(); + expect(windowRef.location).toBeNull(); + expect(alertsService.addWarning).toHaveBeenCalledWith('?'); + + // The user will be given 2 seconds to acknowledge the warning. + tick(2000); + expect(windowRef.location).toEqual('/'); + + flush(); + })); + + it('should redirect to auth service when not logged in', fakeAsync(() => { + const redirectResultPromise = spyOnHandleRedirectResultAsync(); + + loginPageComponent.ngOnInit(); + + expect(authService.signInWithRedirectAsync).not.toHaveBeenCalled(); + + redirectResultPromise.resolve(null); + flushMicrotasks(); + + expect(authService.signInWithRedirectAsync).toHaveBeenCalled(); + + flush(); + })); + + it('should redirect to given url', fakeAsync(() => { + const redirectResultPromise = spyOnHandleRedirectResultAsync(); + windowRef.searchParams = '?return_url=/admin'; + + loginPageComponent.ngOnInit(); + + expect(windowRef.location).toBeNull(); + + redirectResultPromise.resolve(true); + flushMicrotasks(); + + expect(windowRef.location).toEqual('/signup?return_url=/admin'); + })); + }); +}); diff --git a/core/templates/pages/login-page/login-page.component.ts b/core/templates/pages/login-page/login-page.component.ts new file mode 100644 index 000000000000..618a0f5d7e0c --- /dev/null +++ b/core/templates/pages/login-page/login-page.component.ts @@ -0,0 +1,108 @@ +// Copyright 2016 The Oppia Authors. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS-IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +/** + * @fileoverview Component for the login page. + */ + +import { Component, OnInit } from '@angular/core'; +import { FormControl, FormGroup, Validators } from '@angular/forms'; +import { downgradeComponent } from '@angular/upgrade/static'; +import { AppConstants } from 'app.constants'; +import { AlertsService } from 'services/alerts.service'; +import { LoaderService } from 'services/loader.service'; +import firebase from 'firebase/app'; + +import { AuthService } from 'services/auth.service'; +import { WindowRef } from 'services/contextual/window-ref.service.ts'; + +@Component({ + selector: 'login-page', + templateUrl: './login-page.component.html' +}) +export class LoginPageComponent implements OnInit { + email = new FormControl('', [Validators.email]); + formGroup = new FormGroup({email: this.email}); + + constructor( + private alertsService: AlertsService, private authService: AuthService, + private loaderService: LoaderService, private windowRef: WindowRef) {} + + get enabled(): boolean { + return AppConstants.ENABLE_LOGIN_PAGE; + } + + get emulatorModeIsEnabled(): boolean { + return AppConstants.EMULATOR_MODE; + } + + ngOnInit(): void { + if (!this.enabled) { + this.alertsService.addWarning( + 'Sign-in is temporarily disabled. Please try again later.'); + this.redirectToHomePage(); + return; + } + + if (this.emulatorModeIsEnabled) { + return; + } + + this.loaderService.showLoadingScreen('Signing in'); + this.authService.handleRedirectResultAsync().then( + redirectSucceeded => redirectSucceeded ? + this.redirectToSignUp() : this.authService.signInWithRedirectAsync(), + error => this.onSignInError(error)); + } + + async onClickSignInButtonAsync(email: string): Promise { + this.loaderService.showLoadingScreen('Signing in'); + await this.authService.signInWithEmail(email).then( + () => this.redirectToSignUp(), error => this.onSignInError(error)); + } + + private onSignInError(error: firebase.auth.Error): void { + if (error.code === 'auth/user-disabled') { + this.redirectToPendingAccountDeletionPage(); + return; + } + + this.alertsService.addWarning(error.message); + this.loaderService.hideLoadingScreen(); + if (this.emulatorModeIsEnabled) { + this.email.setValue(''); + } else { + setTimeout(() => this.redirectToHomePage(), 2000); + } + } + + private redirectToSignUp(): void { + const searchParams = ( + new URLSearchParams(this.windowRef.nativeWindow.location.search)); + const returnUrl = searchParams.get('return_url') ?? '/'; + this.windowRef.nativeWindow.location.assign( + `/signup?return_url=${returnUrl}`); + } + + private redirectToHomePage(): void { + this.windowRef.nativeWindow.location.assign('/'); + } + + private redirectToPendingAccountDeletionPage(): void { + this.windowRef.nativeWindow.location.assign('/pending-account-deletion'); + } +} + +angular.module('oppia').directive( + 'loginPage', downgradeComponent({component: LoginPageComponent})); diff --git a/core/templates/pages/login-page/login-page.import.ts b/core/templates/pages/login-page/login-page.import.ts new file mode 100644 index 000000000000..9194c3d942dc --- /dev/null +++ b/core/templates/pages/login-page/login-page.import.ts @@ -0,0 +1,36 @@ +// Copyright 2021 The Oppia Authors. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS-IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +/** + * @fileoverview Directive scripts for the login page. + */ + +import 'core-js/es7/reflect'; +import 'zone.js'; + +angular.module('oppia', [ + require('angular-cookies'), 'headroom', 'ngAnimate', + 'ngMaterial', 'ngSanitize', 'ngTouch', 'pascalprecht.translate', + 'toastr', 'ui.bootstrap' +]); + +require('Polyfills.ts'); + +// The module needs to be loaded directly after jquery since it defines the +// main module the elements are attached to. +require('pages/login-page/login-page.module.ts'); +require('App.ts'); +require('base-components/oppia-root.directive.ts'); + +require('base-components/base-content.directive.ts'); diff --git a/core/templates/pages/login-page/login-page.mainpage.html b/core/templates/pages/login-page/login-page.mainpage.html new file mode 100644 index 000000000000..ae5021f5b5c9 --- /dev/null +++ b/core/templates/pages/login-page/login-page.mainpage.html @@ -0,0 +1,26 @@ + + + + @load('base-components/header.template.html', {"title": "Login | Oppia"}) + + + +
    + + +
      +
    • + + Login +
      • +
    +     + + + +     +
    +     + @load('pages/footer_js_libs.html') + + diff --git a/core/templates/pages/login-page/login-page.module.ts b/core/templates/pages/login-page/login-page.module.ts new file mode 100644 index 000000000000..6d9fa6d8e71f --- /dev/null +++ b/core/templates/pages/login-page/login-page.module.ts @@ -0,0 +1,118 @@ +// Copyright 2021 The Oppia Authors. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS-IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +/** + * @fileoverview Module for the login page. + */ + +import { HttpClientModule, HTTP_INTERCEPTORS } from '@angular/common/http'; +import { APP_INITIALIZER, ErrorHandler, NgModule } from '@angular/core'; +import { ReactiveFormsModule } from '@angular/forms'; +import { MatAutocompleteModule } from '@angular/material/autocomplete'; +import { MatButtonModule } from '@angular/material/button'; +import { MatCardModule } from '@angular/material/card'; +import { MatFormFieldModule } from '@angular/material/form-field'; +import { MatInputModule } from '@angular/material/input'; +import { BrowserModule } from '@angular/platform-browser'; +import { platformBrowserDynamic } from '@angular/platform-browser-dynamic'; +import { downgradeComponent, downgradeModule } from '@angular/upgrade/static'; +import firebase from 'firebase/app'; + +import { OppiaAngularRootComponent } from 'components/oppia-angular-root.component'; +import { SharedComponentsModule } from 'components/shared-component.module'; +import { LoginPageComponent } from 'pages/login-page/login-page.component'; +import { platformFeatureInitFactory, PlatformFeatureService } from 'services/platform-feature.service'; +import { RequestInterceptor } from 'services/request-interceptor.service'; + +class FirebaseErrorFilterHandler extends ErrorHandler { + // AngularFire throws duplicate errors because it uses setTimeout() to manage + // promises internally. Errors thrown from those setTimeout() calls are not + // accessible to our code. Because of this, even though LoginPageComponent + // catches errors thrown by AngularFire, their duplicates are treated as + // "Unhandled Promise Rejections" and result in top-level error messages. + // + // To prevent these errors from interfering with end-to-end tests and from + // polluting the server, we ignore the following list of EXPECTED error codes. + private static readonly EXPECTED_ERROR_CODES = [ + // Users pending deletion have their Firebase accounts disabled. When they + // try to sign in anyway, we redirect them to the /pending-account-deletion + // page. + 'auth/user-disabled', + // In emulator mode we use signInWithEmailAndPassword() and, if that throws + // an 'auth/user-not-found' error, createUserWithEmailAndPassword() for + // convenience. In production mode we use signInWithRedirect(), which + // doesn't throw 'auth/user-not-found' because it handles both signing in + // and creating users in the same way. + 'auth/user-not-found', + ]; + + handleError(error: firebase.auth.Error): void { + if (FirebaseErrorFilterHandler.EXPECTED_ERROR_CODES.includes(error.code)) { + return; + } + super.handleError(error); + } +} + +@NgModule({ + imports: [ + BrowserModule, + HttpClientModule, + MatAutocompleteModule, + MatCardModule, + MatButtonModule, + MatInputModule, + MatFormFieldModule, + ReactiveFormsModule, + SharedComponentsModule, + ], + declarations: [ + LoginPageComponent, + OppiaAngularRootComponent, + ], + entryComponents: [ + LoginPageComponent, + OppiaAngularRootComponent, + ], + providers: [ + { + provide: HTTP_INTERCEPTORS, + useClass: RequestInterceptor, + multi: true, + }, + { + provide: ErrorHandler, + useClass: FirebaseErrorFilterHandler, + }, + { + provide: APP_INITIALIZER, + useFactory: platformFeatureInitFactory, + deps: [PlatformFeatureService], + multi: true, + }, + ], +}) +class LoginPageModule { + ngDoBootstrap() {} +} + +declare var angular: ng.IAngularStatic; + +angular.module('oppia').requires.push(downgradeModule(providers => { + return platformBrowserDynamic(providers).bootstrapModule(LoginPageModule); +})); + +angular.module('oppia').directive('oppiaAngularRoot', downgradeComponent({ + component: OppiaAngularRootComponent, +}) as angular.IDirectiveFactory); diff --git a/core/templates/pages/logout-page/logout-page.component.spec.ts b/core/templates/pages/logout-page/logout-page.component.spec.ts new file mode 100644 index 000000000000..5e98e47859bc --- /dev/null +++ b/core/templates/pages/logout-page/logout-page.component.spec.ts @@ -0,0 +1,163 @@ +// Copyright 2020 The Oppia Authors. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS-IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +/** + * @fileoverview Unit tests for the logout page. + */ + +import { ComponentFixture, fakeAsync, flush, flushMicrotasks, TestBed, tick } from '@angular/core/testing'; + +import { LogoutPageComponent } from 'pages/logout-page/logout-page.component'; +import { AlertsService } from 'services/alerts.service'; +import { AuthService } from 'services/auth.service'; +import { WindowRef } from 'services/contextual/window-ref.service'; +import { LoaderService } from 'services/loader.service'; + +class MockWindowRef { + constructor( + public location: string = null, public searchParams: string = '') {} + + get nativeWindow() { + const that = this; + return { + location: { + get search() { + return that.searchParams; + }, + assign: (url: string) => { + that.location = url; + }, + } + }; + } +} + +class PendingPromise { + public readonly promise: Promise; + public readonly resolve: (_: T | PromiseLike) => void; + public readonly reject: (_?) => void; + + constructor() { + let resolve: (_: T | PromiseLike) => void; + let reject: (_?) => void; + this.promise = new Promise((res, rej) => { + // Can't assign to this directly because resolve and reject are readonly. + resolve = res; + reject = rej; + }); + this.resolve = resolve; + this.reject = reject; + } +} + +describe('Logout Page', function() { + let alertsService: jasmine.SpyObj; + let authService: jasmine.SpyObj; + let loaderService: jasmine.SpyObj; + let windowRef: MockWindowRef; + + let component: LogoutPageComponent; + let fixture: ComponentFixture; + + const spyOnSignOutAsync = () => { + const pending = new PendingPromise(); + authService.signOutAsync.and.returnValue(pending.promise); + return pending; + }; + + beforeEach(() => { + alertsService = jasmine.createSpyObj('AlertsService', [ + 'addWarning', + ]); + authService = jasmine.createSpyObj('AuthService', { + signOutAsync: Promise.resolve(), + }); + loaderService = jasmine.createSpyObj('LoaderService', [ + 'showLoadingScreen', + 'hideLoadingScreen', + ]); + windowRef = new MockWindowRef(); + + TestBed.configureTestingModule({ + declarations: [LogoutPageComponent], + providers: [ + { provide: AlertsService, useValue: alertsService }, + { provide: AuthService, useValue: authService }, + { provide: LoaderService, useValue: loaderService }, + { provide: WindowRef, useValue: windowRef } + ], + }).compileComponents(); + + fixture = TestBed.createComponent(LogoutPageComponent); + component = fixture.componentInstance; + }); + + it('should call to signOutAsync and then redirect', fakeAsync(() => { + const signOutPromise = spyOnSignOutAsync(); + + expect(windowRef.location).toBeNull(); + + component.ngOnInit(); + + expect(loaderService.showLoadingScreen).toHaveBeenCalledWith('Signing out'); + expect(authService.signOutAsync).toHaveBeenCalled(); + + signOutPromise.resolve(); + flushMicrotasks(); + + expect(windowRef.location).toEqual('/'); + })); + + it('should redirect to specified url', fakeAsync(() => { + windowRef.searchParams = '?redirect_url=/test'; + + component.ngOnInit(); + flush(); + + expect(windowRef.location).toEqual('/test'); + })); + + it('should add warning on error and redirect anyway', fakeAsync(() => { + const signOutPromise = spyOnSignOutAsync(); + + expect(windowRef.location).toBeNull(); + + component.ngOnInit(); + + expect(loaderService.showLoadingScreen).toHaveBeenCalledWith('Signing out'); + expect(authService.signOutAsync).toHaveBeenCalled(); + + signOutPromise.reject(new Error('uh-oh!')); + flushMicrotasks(); + + expect(loaderService.hideLoadingScreen).toHaveBeenCalled(); + expect(alertsService.addWarning).toHaveBeenCalledWith('uh-oh!'); + // We should still be on the same page for an opportunity to read the error. + expect(windowRef.location).toBeNull(); + + tick(3000); + + expect(windowRef.location).toEqual('/'); + })); + + it('should redirect to specified url after error', fakeAsync(() => { + windowRef.searchParams = '?redirect_url=/test'; + authService.signOutAsync.and.rejectWith(new Error('uh-oh!')); + + component.ngOnInit(); + flush(); + + expect(windowRef.location).toEqual('/test'); + })); +}); diff --git a/core/templates/pages/logout-page/logout-page.component.ts b/core/templates/pages/logout-page/logout-page.component.ts new file mode 100644 index 000000000000..1a2127923252 --- /dev/null +++ b/core/templates/pages/logout-page/logout-page.component.ts @@ -0,0 +1,58 @@ +// Copyright 2016 The Oppia Authors. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS-IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +/** + * @fileoverview Component for the logout page. + */ + +import { Component, OnInit } from '@angular/core'; +import { downgradeComponent } from '@angular/upgrade/static'; +import firebase from 'firebase/app'; + +import { AlertsService } from 'services/alerts.service'; +import { AuthService } from 'services/auth.service'; +import { WindowRef } from 'services/contextual/window-ref.service.ts'; +import { LoaderService } from 'services/loader.service'; + +@Component({ + selector: 'logout-page', + template: '', +}) +export class LogoutPageComponent implements OnInit { + constructor( + private alertsService: AlertsService, private authService: AuthService, + private loaderService: LoaderService, private windowRef: WindowRef) {} + + ngOnInit(): void { + this.loaderService.showLoadingScreen('Signing out'); + this.authService.signOutAsync() + .then(() => this.redirect(), error => this.onSignOutError(error)); + } + + private redirect(): void { + const searchParams = ( + new URLSearchParams(this.windowRef.nativeWindow.location.search)); + const redirectUrl = searchParams.get('redirect_url') ?? '/'; + this.windowRef.nativeWindow.location.assign(redirectUrl); + } + + private onSignOutError(error: firebase.auth.Error): void { + this.loaderService.hideLoadingScreen(); + this.alertsService.addWarning(error.message); + setTimeout(() => this.redirect(), 3000); + } +} + +angular.module('oppia').directive( + 'logoutPage', downgradeComponent({component: LogoutPageComponent})); diff --git a/core/templates/pages/logout-page/logout-page.import.ts b/core/templates/pages/logout-page/logout-page.import.ts new file mode 100644 index 000000000000..db7b7074ca5f --- /dev/null +++ b/core/templates/pages/logout-page/logout-page.import.ts @@ -0,0 +1,36 @@ +// Copyright 2019 The Oppia Authors. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS-IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +/** + * @fileoverview Directive scripts for the logout page. + */ + +import 'core-js/es7/reflect'; +import 'zone.js'; + +angular.module('oppia', [ + require('angular-cookies'), 'headroom', 'ngAnimate', + 'ngMaterial', 'ngSanitize', 'ngTouch', 'pascalprecht.translate', + 'toastr', 'ui.bootstrap' +]); + +require('Polyfills.ts'); + +// The module needs to be loaded directly after jquery since it defines the +// main module the elements are attached to. +require('pages/logout-page/logout-page.module.ts'); +require('App.ts'); +require('base-components/oppia-root.directive.ts'); + +require('base-components/base-content.directive.ts'); diff --git a/core/templates/pages/logout-page/logout-page.mainpage.html b/core/templates/pages/logout-page/logout-page.mainpage.html new file mode 100644 index 000000000000..fd8e784d17d5 --- /dev/null +++ b/core/templates/pages/logout-page/logout-page.mainpage.html @@ -0,0 +1,26 @@ + + + + @load('base-components/header.template.html', {"title": "Logout | Oppia"}) + + + +
    + + +
      +
    • + + Logout +
      • +
    +     + + + +     +
    +     + @load('pages/footer_js_libs.html') + + diff --git a/core/templates/pages/logout-page/logout-page.module.ts b/core/templates/pages/logout-page/logout-page.module.ts new file mode 100644 index 000000000000..0d670de0613e --- /dev/null +++ b/core/templates/pages/logout-page/logout-page.module.ts @@ -0,0 +1,71 @@ +// Copyright 2021 The Oppia Authors. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS-IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +/** + * @fileoverview Module for the logout page. + */ + +import { HttpClientModule, HTTP_INTERCEPTORS } from '@angular/common/http'; +import { APP_INITIALIZER, NgModule } from '@angular/core'; +import { BrowserModule } from '@angular/platform-browser'; +import { platformBrowserDynamic } from '@angular/platform-browser-dynamic'; +import { downgradeComponent, downgradeModule } from '@angular/upgrade/static'; + +import { OppiaAngularRootComponent } from 'components/oppia-angular-root.component'; +import { SharedComponentsModule } from 'components/shared-component.module'; +import { LogoutPageComponent } from 'pages/logout-page/logout-page.component'; +import { platformFeatureInitFactory, PlatformFeatureService } from 'services/platform-feature.service'; +import { RequestInterceptor } from 'services/request-interceptor.service'; + +@NgModule({ + imports: [ + BrowserModule, + HttpClientModule, + SharedComponentsModule, + ], + declarations: [ + LogoutPageComponent, + OppiaAngularRootComponent, + ], + entryComponents: [ + LogoutPageComponent, + OppiaAngularRootComponent, + ], + providers: [ + { + provide: HTTP_INTERCEPTORS, + useClass: RequestInterceptor, + multi: true, + }, + { + provide: APP_INITIALIZER, + useFactory: platformFeatureInitFactory, + deps: [PlatformFeatureService], + multi: true, + }, + ], +}) +class LogoutPageModule { + ngDoBootstrap() {} +} + +declare var angular: ng.IAngularStatic; + +angular.module('oppia').requires.push(downgradeModule(providers => { + return platformBrowserDynamic(providers).bootstrapModule(LogoutPageModule); +})); + +angular.module('oppia').directive('oppiaAngularRoot', downgradeComponent({ + component: OppiaAngularRootComponent, +}) as angular.IDirectiveFactory); diff --git a/core/templates/services/alerts.service.ts b/core/templates/services/alerts.service.ts index 3e9cc8d1cd80..81345d8168b5 100644 --- a/core/templates/services/alerts.service.ts +++ b/core/templates/services/alerts.service.ts @@ -43,20 +43,29 @@ export class AlertsService { * - content: a string containing the warning or message. */ - /** - * Array of "warning" messages. - */ - warnings: Warning[] = new Array(); - /** - * Array of "success" or "info" messages. - */ - messages: Message[] = new Array(); + // TODO(#8472): Remove static when migration is complete. + // Until then, we need to use static so that the two instances of the service + // created by our hybrid app (one for Angular, the other for AngularJS) can + // refer to the same objects. + private static warnings: Warning[] = []; + get warnings(): Warning[] { + return AlertsService.warnings; + } + private static messages: Message[] = []; + get messages(): Message[] { + return AlertsService.messages; + } // This is to prevent infinite loops. MAX_TOTAL_WARNINGS: number = 10; MAX_TOTAL_MESSAGES: number = 10; - constructor(private log: LoggerService) {} + constructor(private log: LoggerService) { + // Since warnings and messages are static, clearing them in the constructor + // retain "instance-like" behavior. + this.clearWarnings(); + this.clearMessages(); + } /** * Adds a warning message. @@ -85,24 +94,19 @@ export class AlertsService { /** * Deletes the warning from the warnings list. - * @param {Object} warningObject - The warning message to be deleted. + * @param {Object} warningToDelete - The warning message to be deleted. */ - deleteWarning(warningObject: Warning): void { - var warnings = this.warnings; - var newWarnings = []; - for (var i = 0; i < warnings.length; i++) { - if (warnings[i].content !== warningObject.content) { - newWarnings.push(warnings[i]); - } - } - this.warnings = newWarnings; + deleteWarning(warningToDelete: Warning): void { + const filteredWarnings = ( + this.warnings.filter(w => w.content !== warningToDelete.content)); + this.warnings.splice(0, this.warnings.length, ...filteredWarnings); } /** * Clears all warnings. */ clearWarnings(): void { - this.warnings = []; + this.warnings.splice(0, this.warnings.length); } /** @@ -124,18 +128,13 @@ export class AlertsService { /** * Deletes the message from the messages list. - * @param {Object} messageObject - Message to be deleted. + * @param {Object} messageToDelete - Message to be deleted. */ - deleteMessage(messageObject: Message): void { - var messages = this.messages; - var newMessages = []; - for (var i = 0; i < messages.length; i++) { - if (messages[i].type !== messageObject.type || - messages[i].content !== messageObject.content) { - newMessages.push(messages[i]); - } - } - this.messages = newMessages; + deleteMessage(messageToDelete: Message): void { + const isMessageToKeep = (m: Message) => ( + m.type !== messageToDelete.type || m.content !== messageToDelete.content); + const filteredMessages = this.messages.filter(isMessageToKeep); + this.messages.splice(0, this.messages.length, ...filteredMessages); } /** @@ -166,7 +165,7 @@ export class AlertsService { * Clears all messages. */ clearMessages(): void { - this.messages = []; + this.messages.splice(0, this.messages.length); } } diff --git a/core/templates/services/auth-backend-api.service.spec.ts b/core/templates/services/auth-backend-api.service.spec.ts index cfb5297d8830..42e16fca5321 100644 --- a/core/templates/services/auth-backend-api.service.spec.ts +++ b/core/templates/services/auth-backend-api.service.spec.ts @@ -33,7 +33,7 @@ describe('Auth Backend Api Service', () => { afterEach(() => httpTestingController.verify()); - it('should return userInfo data', fakeAsync(async() => { + it('should call /session_begin', fakeAsync(async() => { const response = authBackendApiService.beginSessionAsync('TKN'); flushMicrotasks(); @@ -45,4 +45,16 @@ describe('Auth Backend Api Service', () => { await expectAsync(response).toBeResolved(); })); + + it('should call /session_end', fakeAsync(async() => { + const response = authBackendApiService.endSessionAsync(); + flushMicrotasks(); + + const ping = httpTestingController.expectOne('/session_end'); + expect(ping.request.method).toEqual('GET'); + ping.flush({}); + flushMicrotasks(); + + await expectAsync(response).toBeResolved(); + })); }); diff --git a/core/templates/services/auth-backend-api.service.ts b/core/templates/services/auth-backend-api.service.ts index c2ef7305cb8c..de56b9de0292 100644 --- a/core/templates/services/auth-backend-api.service.ts +++ b/core/templates/services/auth-backend-api.service.ts @@ -31,6 +31,10 @@ export class AuthBackendApiService { headers: {Authorization: `Bearer ${idToken}`} }).toPromise(); } + + async endSessionAsync(): Promise { + await this.httpClient.get('/session_end').toPromise(); + } } angular.module('oppia').factory( diff --git a/core/templates/services/auth.service.spec.ts b/core/templates/services/auth.service.spec.ts index e5c4a479145a..990774fac310 100644 --- a/core/templates/services/auth.service.spec.ts +++ b/core/templates/services/auth.service.spec.ts @@ -24,13 +24,13 @@ import { AppConstants } from 'app.constants'; import { AuthService } from 'services/auth.service'; import { AuthBackendApiService } from 'services/auth-backend-api.service'; -describe('Auth service', () => { +describe('Auth service', function() { let authService: AuthService; let authBackendApiService: jasmine.SpyObj; let angularFireAuth: jasmine.SpyObj; - beforeEach(() => { + beforeEach(async() => { angularFireAuth = jasmine.createSpyObj([ 'createUserWithEmailAndPassword', 'getRedirectResult', @@ -38,8 +38,10 @@ describe('Auth service', () => { 'signInWithRedirect', 'signOut', ]); - authBackendApiService = ( - jasmine.createSpyObj(['beginSessionAsync'])); + authBackendApiService = jasmine.createSpyObj({ + beginSessionAsync: Promise.resolve(), + endSessionAsync: Promise.resolve(), + }); TestBed.configureTestingModule({ providers: [ @@ -49,10 +51,19 @@ describe('Auth service', () => { }); authService = TestBed.inject(AuthService); + + this.email = 'a@a.com'; + this.password = await md5(this.email); + this.idToken = 'TKN'; + this.creds = { + user: jasmine.createSpyObj({getIdToken: Promise.resolve(this.idToken)}), + credential: null, + additionalUserInfo: null, + }; }); - it('should not use firebase auth in unit tests', () => { - expect(AuthService.firebaseAuthIsEnabled).toBeFalse(); + it('should use firebase auth in unit tests', () => { + expect(AuthService.firebaseAuthIsEnabled).toBeTrue(); }); it('should be in emulator mode by default', () => { @@ -115,117 +126,147 @@ describe('Auth service', () => { ).toBeRejectedWithError('AngularFireAuth is not available'); }); - it('should throw if signInAsync is called without angular fire', async() => { - await expectAsync( - new AuthService(null, authBackendApiService).signInAsync() - ).toBeRejectedWithError('AngularFireAuth is not available'); - }); - - describe('Sign In Behavior', function() { - beforeEach(async() => { - authBackendApiService.beginSessionAsync.and.resolveTo(); + it('should throw if signInWithRedirectAsync is called without angular fire', + async() => { + await expectAsync( + new AuthService(null, authBackendApiService).signInWithRedirectAsync() + ).toBeRejectedWithError('AngularFireAuth is not available'); + }); - this.email = 'email@test.com'; - this.password = await md5(this.email); - this.creds = { - user: jasmine.createSpyObj(['getIdToken']), - credential: null, - additionalUserInfo: {isNewUser: false, profile: {}, providerId: null}, - }; + it('should throw if handleRedirectResultAsync is called without angular fire', + async() => { + await expectAsync( + new AuthService(null, authBackendApiService).handleRedirectResultAsync() + ).toBeRejectedWithError('AngularFireAuth is not available'); }); - describe('Production enabled', () => { - beforeEach(() => { - spyOnProperty(AuthService, 'firebaseEmulatorIsEnabled', 'get') - .and.returnValue(false); - }); + it('should delegate to signInWithEmailAndPassword', async() => { + angularFireAuth.signInWithEmailAndPassword + .and.rejectWith({code: 'auth/user-not-found'}); + angularFireAuth.createUserWithEmailAndPassword.and.resolveTo(this.creds); - it('should sign in using redirect', async() => { - angularFireAuth.signInWithRedirect.and.resolveTo(); + await expectAsync(authService.signInWithEmail(this.email)) + .toBeResolvedTo(); - this.creds.user.getIdToken.and.resolveTo('TKN'); - this.creds.additionalUserInfo.isNewUser = false; - angularFireAuth.getRedirectResult.and.resolveTo(this.creds); + expect(angularFireAuth.signInWithEmailAndPassword) + .toHaveBeenCalledWith(this.email, this.password); + expect(angularFireAuth.createUserWithEmailAndPassword) + .toHaveBeenCalledWith(this.email, this.password); + expect(authBackendApiService.beginSessionAsync) + .toHaveBeenCalledWith(this.idToken); + }); - const signInPromise = authService.signInAsync(); + it('should propogate signInWithEmailAndPassword errors', async() => { + const unknownError = {code: 'auth/unknown-error'}; + spyOn(window, 'prompt').and.returnValue(this.email); + angularFireAuth.signInWithEmailAndPassword.and.rejectWith(unknownError); - await expectAsync(signInPromise).toBeResolvedTo(false); + await expectAsync(authService.signInWithEmail(this.email)) + .toBeRejectedWith(unknownError); + }); - expect(angularFireAuth.signInWithRedirect).toHaveBeenCalled(); - }); + it('should propogate createUserWithEmailAndPassword errors', async() => { + const unknownError = {code: 'auth/unknown-error'}; + spyOn(window, 'prompt').and.returnValue(this.email); + angularFireAuth.signInWithEmailAndPassword + .and.rejectWith({code: 'auth/user-not-found'}); + angularFireAuth.createUserWithEmailAndPassword + .and.rejectWith(unknownError); + + await expectAsync(authService.signInWithEmail(this.email)) + .toBeRejectedWith(unknownError); + expect(authBackendApiService.beginSessionAsync).not.toHaveBeenCalled(); + }); - it('should recognize new users', async() => { - angularFireAuth.signInWithRedirect.and.resolveTo(); + describe('Production mode', function() { + beforeEach(async() => { + spyOnProperty(AuthService, 'firebaseEmulatorIsEnabled', 'get') + .and.returnValue(false); - this.creds.user.getIdToken.and.resolveTo('TKN'); - this.creds.additionalUserInfo.isNewUser = true; - angularFireAuth.getRedirectResult.and.resolveTo(this.creds); + this.idToken = 'TKN'; + this.creds = { + user: jasmine.createSpyObj({getIdToken: Promise.resolve(this.idToken)}), + credential: null, + additionalUserInfo: null, + }; - const signInPromise = authService.signInAsync(); + authService = new AuthService(angularFireAuth, authBackendApiService); + }); - await expectAsync(signInPromise).toBeResolvedTo(true); + it('should fail to call signInWithEmail', async() => { + await expectAsync(authService.signInWithEmail(this.email)) + .toBeRejectedWithError( + 'signInWithEmail can only be called in emulator mode'); - expect(angularFireAuth.signInWithRedirect).toHaveBeenCalled(); - }); + expect(angularFireAuth.signInWithEmailAndPassword).not.toHaveBeenCalled(); + expect(angularFireAuth.createUserWithEmailAndPassword) + .not.toHaveBeenCalled(); + }); - it('should propogate errors', async() => { - angularFireAuth.signInWithRedirect.and.resolveTo(); + it('should delegate to AngularFireAuth.signInWithRedirect', async() => { + angularFireAuth.signInWithRedirect.and.resolveTo(); - const error = {code: 'auth/operation-not-allowed'}; - angularFireAuth.getRedirectResult.and.rejectWith(error); + await expectAsync(authService.signInWithRedirectAsync()).toBeResolvedTo(); - await expectAsync(authService.signInAsync()).toBeRejectedWith(error); - }); + expect(angularFireAuth.signInWithRedirect).toHaveBeenCalled(); }); - describe('Emulator enabled', () => { - beforeEach(() => { - spyOnProperty(AuthService, 'firebaseEmulatorIsEnabled', 'get') - .and.returnValue(true); - }); + it('should delegate to AngularFireAuth.getRedirectResult', async() => { + angularFireAuth.getRedirectResult.and.resolveTo(this.creds); - it('should sign in using prompt', async() => { - spyOn(window, 'prompt').and.returnValue(this.email); + await expectAsync(authService.handleRedirectResultAsync()) + .toBeResolvedTo(true); - this.creds.user.getIdToken.and.resolveTo('TKN'); - this.creds.additionalUserInfo.isNewUser = false; - angularFireAuth.signInWithEmailAndPassword.and.resolveTo(this.creds); + expect(angularFireAuth.getRedirectResult).toHaveBeenCalled(); + expect(authBackendApiService.beginSessionAsync) + .toHaveBeenCalledWith(this.idToken); + }); - const signInPromise = authService.signInAsync(); + it('should delegate to AngularFireAuth.signOut', async() => { + angularFireAuth.signOut.and.resolveTo(); - await expectAsync(signInPromise).toBeResolvedTo(false); + await expectAsync(authService.signOutAsync()).toBeResolvedTo(); - expect(angularFireAuth.signInWithEmailAndPassword.calls.first().args) - .toEqual([this.email, this.password]); - }); + expect(angularFireAuth.signOut).toHaveBeenCalled(); + expect(authBackendApiService.endSessionAsync).toHaveBeenCalled(); + }); - it('should recognize new users', async() => { - spyOn(window, 'prompt').and.returnValue(this.email); + it('should resolve to false if user is missing', async() => { + this.creds.user = null; + angularFireAuth.getRedirectResult.and.resolveTo(this.creds); - angularFireAuth.signInWithEmailAndPassword - .and.rejectWith({code: 'auth/user-not-found'}); + await expectAsync(authService.handleRedirectResultAsync()) + .toBeResolvedTo(false); + }); + }); - this.creds.user.getIdToken.and.resolveTo('TKN'); - this.creds.additionalUserInfo.isNewUser = true; - angularFireAuth.createUserWithEmailAndPassword - .and.resolveTo(this.creds); + describe('Emulator mode', function() { + beforeEach(async() => { + spyOnProperty(AuthService, 'firebaseEmulatorIsEnabled', 'get') + .and.returnValue(true); - const signInPromise = authService.signInAsync(); + authService = new AuthService(angularFireAuth, authBackendApiService); + }); - await expectAsync(signInPromise).toBeResolvedTo(true); + it('should not delegate to signInWithRedirectAsync', async() => { + await expectAsync(authService.signInWithRedirectAsync()) + .toBeResolvedTo(); - expect(angularFireAuth.signInWithEmailAndPassword.calls.first().args) - .toEqual([this.email, this.password]); - }); + expect(angularFireAuth.signInWithRedirect).not.toHaveBeenCalled(); + }); - it('should propogate errors', async() => { - spyOn(window, 'prompt').and.returnValue(this.email); + it('should not delegate to handleRedirectResultAsync', async() => { + await expectAsync(authService.handleRedirectResultAsync()) + .toBeResolvedTo(false); - const error = {code: 'auth/operation-not-allowed'}; - angularFireAuth.signInWithEmailAndPassword.and.rejectWith(error); + expect(angularFireAuth.getRedirectResult).not.toHaveBeenCalled(); + }); - await expectAsync(authService.signInAsync()).toBeRejectedWith(error); - }); + it('should sign out and end session', async() => { + await expectAsync(authService.signOutAsync()).toBeResolvedTo(); + expect(angularFireAuth.signOut).toHaveBeenCalled(); + expect(authBackendApiService.endSessionAsync).toHaveBeenCalled(); + expect(authBackendApiService.beginSessionAsync).not.toHaveBeenCalled(); }); }); }); diff --git a/core/templates/services/auth.service.ts b/core/templates/services/auth.service.ts index 32733154bb76..18a28e4b83b1 100644 --- a/core/templates/services/auth.service.ts +++ b/core/templates/services/auth.service.ts @@ -20,28 +20,101 @@ import { Injectable, Optional } from '@angular/core'; import { FirebaseOptions } from '@angular/fire'; import { AngularFireAuth } from '@angular/fire/auth'; import { downgradeInjectable } from '@angular/upgrade/static'; -import { AppConstants } from 'app.constants'; - import firebase from 'firebase/app'; import { md5 } from 'hash-wasm'; + +import { AppConstants } from 'app.constants'; import { AuthBackendApiService } from 'services/auth-backend-api.service'; +abstract class AuthServiceImpl { + abstract getRedirectResultAsync(): Promise; + abstract signInWithRedirectAsync(): Promise; + abstract signOutAsync(): Promise; +} + +class NullAuthServiceImpl extends AuthServiceImpl { + private error = new Error('AngularFireAuth is not available'); + + async signInWithRedirectAsync(): Promise { + throw this.error; + } + + async getRedirectResultAsync(): Promise { + throw this.error; + } + + async signOutAsync(): Promise { + throw this.error; + } +} + +class DevAuthServiceImpl extends AuthServiceImpl { + constructor(private angularFireAuth: AngularFireAuth) { + super(); + } + + async signInWithRedirectAsync(): Promise { + } + + async getRedirectResultAsync(): Promise { + return null; + } + + async signOutAsync(): Promise { + return this.angularFireAuth.signOut(); + } +} + +class ProdAuthServiceImpl extends AuthServiceImpl { + private provider: firebase.auth.GoogleAuthProvider; + + constructor(private angularFireAuth: AngularFireAuth) { + super(); + this.provider = new firebase.auth.GoogleAuthProvider(); + // Oppia only needs an email address for account management. + this.provider.addScope('email'); + // Always prompt the user to select an account, even when they only own one. + this.provider.setCustomParameters({prompt: 'select_account'}); + } + + /** Returns a promise that never resolves or rejects. */ + async signInWithRedirectAsync(): Promise { + return this.angularFireAuth.signInWithRedirect(this.provider); + } + + async getRedirectResultAsync(): Promise { + return this.angularFireAuth.getRedirectResult(); + } + + async signOutAsync(): Promise { + return this.angularFireAuth.signOut(); + } +} + @Injectable({ providedIn: 'root' }) export class AuthService { + private authServiceImpl: AuthServiceImpl; + constructor( @Optional() private angularFireAuth: AngularFireAuth, - private authBackendApiService: AuthBackendApiService) {} + private authBackendApiService: AuthBackendApiService) { + if (!this.angularFireAuth) { + this.authServiceImpl = new NullAuthServiceImpl(); + } else if (AuthService.firebaseEmulatorIsEnabled) { + this.authServiceImpl = new DevAuthServiceImpl(this.angularFireAuth); + } else { + this.authServiceImpl = new ProdAuthServiceImpl(this.angularFireAuth); + } + } static get firebaseAuthIsEnabled(): boolean { return AppConstants.FIREBASE_AUTH_ENABLED; } static get firebaseEmulatorIsEnabled(): boolean { - return ( - AuthService.firebaseAuthIsEnabled && - AppConstants.FIREBASE_EMULATOR_ENABLED); + return AuthService.firebaseAuthIsEnabled && AppConstants.EMULATOR_MODE; } static get firebaseConfig(): FirebaseOptions { @@ -60,58 +133,55 @@ export class AuthService { ['localhost', 9099] : undefined; } - /** - * Prompts the user to sign-in with a trusted identity provider, then fulfills - * with true if the user is new, otherwise fulfills with false. - * Rejects when sign-in failed. - */ - async signInAsync(): Promise { - if (!this.angularFireAuth) { - throw new Error('AngularFireAuth is not available'); + async handleRedirectResultAsync(): Promise { + const creds = await this.authServiceImpl.getRedirectResultAsync(); + if (creds?.user) { + const idToken = await creds.user.getIdToken(); + this.authBackendApiService.beginSessionAsync(idToken); + return true; + } else { + return false; } - - const creds = AuthService.firebaseEmulatorIsEnabled ? - await this.emulatorSignInAsync() : await this.productionSignInAsync(); - - const idToken = await creds.user.getIdToken(); - await this.authBackendApiService.beginSessionAsync(idToken); - - return creds.additionalUserInfo.isNewUser; } - async signOutAsync(): Promise { - if (!this.angularFireAuth) { - throw new Error('AngularFireAuth is not available'); + async signInWithEmail(email: string): Promise { + if (!AuthService.firebaseEmulatorIsEnabled) { + throw new Error('signInWithEmail can only be called in emulator mode'); } - - await this.angularFireAuth.signOut(); - } - - /** Assumes that angularFireAuth is not null. */ - private async emulatorSignInAsync(): Promise { - const email = prompt('Please enter the email address to sign-in with'); + // The Firebase Admin SDK, used by our end-to-end tests, stores all emails + // in lower case. To ensure that the developer email used to sign in is + // consistent with these accounts, we manually change them to lower case. + email = email.toLowerCase(); + // We've configured the Firebase emulator to use email/password for user + // authentication. To save developers and end-to-end test authors the + // trouble of providing passwords, we always use the md5 hash of the email + // address instead. This will never be done in production, where the + // emulator DOES NOT run. Instead, production takes the user to the Google + // sign-in page, which eventually redirects them back to Oppia. const password = await md5(email); + let creds: firebase.auth.UserCredential; try { - return await this.angularFireAuth.signInWithEmailAndPassword( + creds = await this.angularFireAuth.signInWithEmailAndPassword( email, password); } catch (err) { - if (err.code !== 'auth/user-not-found') { + if (err.code === 'auth/user-not-found') { + creds = await this.angularFireAuth.createUserWithEmailAndPassword( + email, password); + } else { throw err; } } - return await this.angularFireAuth.createUserWithEmailAndPassword( - email, password); + const idToken = await creds.user.getIdToken(); + await this.authBackendApiService.beginSessionAsync(idToken); } - /** Assumes that angularFireAuth is not null. */ - private async productionSignInAsync(): Promise { - const provider = new firebase.auth.GoogleAuthProvider(); - // Oppia only needs an email address for account management. - provider.addScope('email'); - // Always prompt the user to select an account, even when they only own one. - provider.setCustomParameters({prompt: 'select_account'}); - await this.angularFireAuth.signInWithRedirect(provider); - return await this.angularFireAuth.getRedirectResult(); + async signInWithRedirectAsync(): Promise { + return this.authServiceImpl.signInWithRedirectAsync(); + } + + async signOutAsync(): Promise { + await this.authServiceImpl.signOutAsync(); + await this.authBackendApiService.endSessionAsync(); } } diff --git a/core/templates/services/loader.service.ts b/core/templates/services/loader.service.ts index 14c02fa76d38..7163991a9edd 100644 --- a/core/templates/services/loader.service.ts +++ b/core/templates/services/loader.service.ts @@ -23,20 +23,16 @@ import { EventEmitter, Injectable } from '@angular/core'; providedIn: 'root' }) export class LoaderService { - // TODO(#9154): Remove static when migration is complete. - /** - * The static keyword is used here because this service is used in both - * angular and angularjs. Since we are using upgradedServices.ts, where a new - * instance is created for angularjs and angular will creates a new instance - * for the angular part, we end up having two instances of the service. - * In order to keep the variables same, static is used until migration is - * complete. - */ + // TODO(#8472): Remove static when migration is complete. + // Until then, we need to use static so that the two instances of the service + // created by our hybrid app (one for Angular, the other for AngularJS) can + // refer to the same objects. static loadingMessageChangedEventEmitter = new EventEmitter(); get onLoadingMessageChange(): EventEmitter { // TODO(#9154): Change LoaderService to "this". return LoaderService.loadingMessageChangedEventEmitter; } + constructor() {} showLoadingScreen(message: string): void { diff --git a/core/templates/services/user.service.spec.ts b/core/templates/services/user.service.spec.ts index 7dd874ad58b3..0d590ca1acbb 100644 --- a/core/templates/services/user.service.spec.ts +++ b/core/templates/services/user.service.spec.ts @@ -119,6 +119,26 @@ describe('User Api Service', () => { }); })); + it('should return new userInfo data when url path is logout', + fakeAsync(() => { + spyOn(urlService, 'getPathname').and.returnValue('/logout'); + const sampleUserInfo = UserInfo.createDefault(); + + userService.getUserInfoAsync().then((userInfo) => { + expect(userInfo).toEqual(sampleUserInfo); + }); + })); + + it('should return new userInfo data when url path is login', + fakeAsync(() => { + spyOn(urlService, 'getPathname').and.returnValue('/login'); + const sampleUserInfo = UserInfo.createDefault(); + + userService.getUserInfoAsync().then((userInfo) => { + expect(userInfo).toEqual(sampleUserInfo); + }); + })); + it('should not fetch userInfo if it is was fetched before', fakeAsync(() => { // Creating a test user for checking profile picture of user. const sampleUserInfoBackendObject = { diff --git a/core/templates/services/user.service.ts b/core/templates/services/user.service.ts index 335d99c51f73..25a326d1c93d 100644 --- a/core/templates/services/user.service.ts +++ b/core/templates/services/user.service.ts @@ -41,21 +41,14 @@ export class UserService { private returnUrl = ''; async getUserInfoAsync(): Promise { - if (this.urlService.getPathname() === '/signup') { - return new Promise((resolve, reject) => { - resolve(UserInfo.createDefault()); - }); + const pathname = this.urlService.getPathname(); + if (['/login', '/logout', '/signup'].includes(pathname)) { + return UserInfo.createDefault(); } - if (this.userInfo) { - return new Promise((resolve, reject) => { - resolve(this.userInfo); - }); + if (!this.userInfo) { + this.userInfo = await this.userBackendApiService.getUserInfoAsync(); } - return this.userBackendApiService.getUserInfoAsync().then( - (userInfo) => { - this.userInfo = userInfo; - return this.userInfo; - }); + return this.userInfo; } async getProfileImageDataUrlAsync(): Promise { diff --git a/core/tests/data/third_party/ignorable_requirements_test.txt b/core/tests/data/third_party/requirements_invalid_git_test.txt similarity index 75% rename from core/tests/data/third_party/ignorable_requirements_test.txt rename to core/tests/data/third_party/requirements_invalid_git_test.txt index 3971166b6482..603730c96075 100644 --- a/core/tests/data/third_party/ignorable_requirements_test.txt +++ b/core/tests/data/third_party/requirements_invalid_git_test.txt @@ -4,8 +4,9 @@ dependency1==1.6.1 # via -r requirements.in, dependency3 dependency2==4.9.1 # via -r requirements.in -git+git://github.com/oppia/third-party-clone@#egg=dependency3 -dependency4==0.3.0.1 # via -r requirements.in +dependency3==3.1.5 # via -r requirements.in +dependency4==0.3.0.1 # via -r requirements.in, dependency3 +git+git://github.com/oppia/dependency5@v3.2.1#egg=dependency5 # Developers: Please do not add to this auto-generated file. If # you want to add, remove, upgrade, or downgrade libraries, diff --git a/core/tests/protractor.conf.js b/core/tests/protractor.conf.js index c2c196d1868a..5ac9978b01b2 100755 --- a/core/tests/protractor.conf.js +++ b/core/tests/protractor.conf.js @@ -1,3 +1,4 @@ +var FirebaseAdmin = require('firebase-admin'); var HtmlScreenshotReporter = require('protractor-jasmine2-screenshot-reporter'); var glob = require('glob'); var path = require('path'); @@ -346,6 +347,13 @@ exports.config = { // Set a wide enough window size for the navbar in the library pages to // display fully. browser.driver.manage().window().setSize(1285, 1000); + + // Configure the Firebase Admin SDK to communicate with the emulator. + process.env.FIREBASE_AUTH_EMULATOR_HOST = 'localhost:9099'; + FirebaseAdmin.initializeApp({projectId: 'dev-project-id'}); + + // Navigate to the splash page so that tests can begin on an Angular page. + browser.driver.get('http://localhost:9001'); }, // The params object will be passed directly to the protractor instance, diff --git a/core/tests/protractor/featureGatingFlow.js b/core/tests/protractor/featureGatingFlow.js index 044680c8e26b..c62d81905f07 100644 --- a/core/tests/protractor/featureGatingFlow.js +++ b/core/tests/protractor/featureGatingFlow.js @@ -27,11 +27,6 @@ describe('Feature Gating Flow', function() { const agDummyFeatureIndicator = element( by.css('.protractor-test-angular-dummy-feature-indicator')); - // Indicator in Angular component that is visible if the dummy_feature - // is enabled, and the backend dummy handler is also enabled. - const agDummyHandlerIndicator = agDummyFeatureIndicator.element( - by.css('.protractor-test-angular-dummy-handler-indicator')); - // Indicator in AngularJS directive that is visible if the dummy_feature // is enabled, and the feature status is successfully loaded in the // AngularJS directive. @@ -85,24 +80,4 @@ describe('Feature Gating Flow', function() { expect(await dummy.isPresent()).toBe(true); await users.logout(); }); - - it('should show indicators after enabling dummy_feature', async() => { - await users.createAndLoginAdminUser( - 'admin4@featureGatingFlow.com', 'featuregating4'); - await adminPage.getFeaturesTab(); - const dummy = await adminPage.getDummyFeatureElement(); - await adminPage.enableFeatureForDev(dummy); - - await users.logout(); - - await users.createAndLoginAdminUser( - 'admin5@featureGatingFlow.com', 'featuregating5'); - await adminPage.getFeaturesTab(); - - expect(await agDummyFeatureIndicator.isPresent()).toBe(true); - expect(await agDummyHandlerIndicator.isPresent()).toBe(true); - expect(await ajsDummyFeatureIndicator.isPresent()).toBe(true); - - await users.logout(); - }); }); diff --git a/core/tests/protractor_desktop/topicAndStoryViewer.js b/core/tests/protractor_desktop/topicAndStoryViewer.js index 4700953236a4..938f5ae04af0 100644 --- a/core/tests/protractor_desktop/topicAndStoryViewer.js +++ b/core/tests/protractor_desktop/topicAndStoryViewer.js @@ -16,6 +16,7 @@ * @fileoverview End-to-end tests for the story viewer. */ +var action = require('../protractor_utils/action.js'); var forms = require('../protractor_utils/forms.js'); var general = require('../protractor_utils/general.js'); var users = require('../protractor_utils/users.js'); @@ -163,8 +164,14 @@ describe('Topic and Story viewer functionality', function() { await topicAndStoryViewerPage.goToChapterIndex(0); await explorationPlayerPage.submitAnswer('Continue', null); - await topicAndStoryViewerPage.login( - 'newStoryViewer@storyviewer.com', 'newStoryViewer'); + // Signing up with the login button should redirect the user back to the + // exploration. + const loginButton = element(by.css('.protractor-test-login-button')); + await action.click('Login button', loginButton); + const useManualNavigation = false; + await users.createAndLoginUser( + 'newStoryViewer@storyviewer.com', 'newStoryViewer', useManualNavigation); + await explorationPlayerPage.submitAnswer('Continue', null); await topicAndStoryViewerPage.get( 'math', 'topic-tasv-one', 'story-player-tasv-one'); diff --git a/core/tests/protractor_desktop/wipeout.js b/core/tests/protractor_desktop/wipeout.js index 7fb7c5c7b584..0cd9e4d34b90 100644 --- a/core/tests/protractor_desktop/wipeout.js +++ b/core/tests/protractor_desktop/wipeout.js @@ -37,7 +37,13 @@ describe('When account is deleted it', function() { deleteAccountPage = new DeleteAccountPage.DeleteAccountPage(); explorationEditorPage = new ExplorationEditorPage.ExplorationEditorPage(); explorationEditorSettingsTab = explorationEditorPage.getSettingsTab(); - expectedConsoleErrors = []; + expectedConsoleErrors = [ + // NOTE: Wipeout disables the Firebase account of users. When we try to + // login to a disabled user, the Firebase SDK emits an error log. We + // cannot suppress the error without patching the library, so instead we + // just ignore it here. + 'The user account has been disabled by an administrator', + ]; }); it('should request account deletion', async function() { @@ -46,10 +52,8 @@ describe('When account is deleted it', function() { await deleteAccountPage.requestAccountDeletion('userToDelete1'); expect(await browser.getCurrentUrl()).toEqual( 'http://localhost:9001/pending-account-deletion'); - await users.logout(); await users.login('user1@delete.com'); - await browser.get('/signup?return_url=http%3A%2F%2Flocalhost%3A9001%2F'); expect(await browser.getCurrentUrl()).toEqual( 'http://localhost:9001/pending-account-deletion'); }); @@ -66,13 +70,13 @@ describe('When account is deleted it', function() { await deleteAccountPage.requestAccountDeletion('userToDelete2'); expect(await browser.getCurrentUrl()).toEqual( 'http://localhost:9001/pending-account-deletion'); - await users.logout(); await users.login('voiceArtist@oppia.com'); await general.openEditor(explorationId, false); await general.expect404Error(); - expectedConsoleErrors = [ - 'Failed to load resource: the server responded with a status of 404']; + expectedConsoleErrors.push( + 'Failed to load resource: the server responded with a status of 404'); + await users.logout(); }); it('should set published exploration as community owned', async function() { @@ -90,11 +94,11 @@ describe('When account is deleted it', function() { await deleteAccountPage.requestAccountDeletion('userToDelete3'); expect(await browser.getCurrentUrl()).toEqual( 'http://localhost:9001/pending-account-deletion'); - await users.logout(); await users.login('user@check.com'); await general.openEditor(explorationId, true); await workflow.isExplorationCommunityOwned(); + await users.logout(); }); it('should keep published exploration with other owner', async function() { @@ -109,16 +113,15 @@ describe('When account is deleted it', function() { await deleteAccountPage.requestAccountDeletion('userToDelete4'); expect(await browser.getCurrentUrl()).toEqual( 'http://localhost:9001/pending-account-deletion'); - await users.logout(); await users.login('secondOwner@check.com'); await general.openEditor(explorationId, true); await explorationEditorPage.navigateToSettingsTab(); expect(await workflow.getExplorationManagers()).toEqual(['secondOwner']); + await users.logout(); }); afterEach(async function() { await general.checkForConsoleErrors(expectedConsoleErrors); - await users.logout(); }); }); diff --git a/core/tests/protractor_mobile/navigation.js b/core/tests/protractor_mobile/navigation.js index 81a32dc75dc4..528347b25a2c 100644 --- a/core/tests/protractor_mobile/navigation.js +++ b/core/tests/protractor_mobile/navigation.js @@ -191,7 +191,7 @@ describe('Navigation features on mobile', function() { // We should not wait for angular here since // the login page is non-angular. expect(await browser.getCurrentUrl()).toEqual( - 'http://localhost:9001/_ah/login?continue=http%3A//localhost%3A9001/signup%3Freturn_url%3Dhttp%253A%252F%252Flocalhost%253A9001%252Flibrary'); + 'http://localhost:9001/login?return_url=http%253A%252F%252Flocalhost%253A9001%252Flibrary'); // As soon as this page loads up, we are again // setting browser.ignoreSynchronization = false // to prevent any flakiness. diff --git a/core/tests/protractor_utils/TopicAndStoryViewerPage.js b/core/tests/protractor_utils/TopicAndStoryViewerPage.js index e934096e4f4a..c6f55c808055 100644 --- a/core/tests/protractor_utils/TopicAndStoryViewerPage.js +++ b/core/tests/protractor_utils/TopicAndStoryViewerPage.js @@ -18,12 +18,10 @@ */ var action = require('../protractor_utils/action.js'); -var users = require('../protractor_utils/users.js'); var waitFor = require('./waitFor.js'); var TopicAndStoryViewerPage = function() { var chapterTitleList = element.all(by.css('.protractor-chapter-title')); - var loginButton = element(by.css('.protractor-test-login-button')); var lessonCompletedIcons = element.all( by.css('.protractor-test-lesson-icon-completed')); var lessonUncompletedIcons = element.all( @@ -55,11 +53,6 @@ var TopicAndStoryViewerPage = function() { lessonTrack, 'Lesson track takes too long to be visible.'); expect(await lessonUncompletedIcons.count()).toEqual(count); }; - - this.login = async function(email, username) { - await action.click('Login button', loginButton); - await users.completeLoginFlowFromStoryViewerPage(email, username); - }; }; exports.TopicAndStoryViewerPage = TopicAndStoryViewerPage; diff --git a/core/tests/protractor_utils/general.js b/core/tests/protractor_utils/general.js index 2639e7b4c336..1e8bf7c0b0d0 100644 --- a/core/tests/protractor_utils/general.js +++ b/core/tests/protractor_utils/general.js @@ -17,6 +17,8 @@ * with protractor. */ +var _ = require('lodash'); + var ExplorationEditorPage = require( '../protractor_utils/ExplorationEditorPage.js'); var waitFor = require('./waitFor.js'); @@ -37,37 +39,34 @@ var scrollToTop = async function() { await browser.executeScript('window.scrollTo(0,0);'); }; -// We will report all console logs of level greater than this. +// The minimum log level we will report as an error. var CONSOLE_LOG_THRESHOLD = 900; -var CONSOLE_ERRORS_TO_IGNORE = []; +var CONSOLE_ERRORS_TO_IGNORE = [ + // These "localhost:9099" are errors related to communicating with the + // Firebase emulator, which would never occur in production, so we just ignore + // them. + _.escapeRegExp( + 'http://localhost:9099/www.googleapis.com/identitytoolkit/v3/' + + 'relyingparty/getAccountInfo?key=fake-api-key'), + _.escapeRegExp( + 'http://localhost:9099/www.googleapis.com/identitytoolkit/v3/' + + 'relyingparty/verifyPassword?key=fake-api-key'), +]; var checkForConsoleErrors = async function(errorsToIgnore) { - var irrelevantErrors = errorsToIgnore.concat(CONSOLE_ERRORS_TO_IGNORE); - var browserLogs = await browser.manage().logs().get('browser'); - var fatalErrors = []; + errorsToIgnore = errorsToIgnore.concat(CONSOLE_ERRORS_TO_IGNORE); // The mobile tests run on the latest version of Chrome. // The newer versions report 'Slow Network' as a console error. // This causes the tests to fail, therefore, we remove such logs. if (browser.isMobile) { - browserLogs = browserLogs.filter(function(browserLog) { - return !(browserLog.message.includes(' Slow network is detected.')); - }); + errorsToIgnore.push(_.escapeRegExp(' Slow network is detected.')); } - for (var i = 0; i < browserLogs.length; i++) { - if (browserLogs[i].level.value > CONSOLE_LOG_THRESHOLD) { - var errorFatal = true; - for (var j = 0; j < irrelevantErrors.length; j++) { - if (browserLogs[i].message.match(irrelevantErrors[j])) { - errorFatal = false; - } - } - if (errorFatal) { - fatalErrors.push(browserLogs[i]); - } - } - } - expect(fatalErrors).toEqual([]); + const browserLogs = await browser.manage().logs().get('browser'); + const browserErrors = browserLogs.filter(logEntry => ( + logEntry.level.value > CONSOLE_LOG_THRESHOLD && + errorsToIgnore.every(e => logEntry.message.match(e) === null))); + expect(browserErrors).toEqual([]); }; var isInDevMode = function() { @@ -78,7 +77,8 @@ var SERVER_URL_PREFIX = 'http://localhost:9001'; var EDITOR_URL_SLICE = '/create/'; var PLAYER_URL_SLICE = '/explore/'; var USER_PREFERENCES_URL = '/preferences'; -var LOGIN_URL_SUFFIX = '/_ah/login'; +var LOGIN_URL_SUFFIX = '/login'; +var LOGOUT_URL_SUFFIX = '/logout'; var MODERATOR_URL_SUFFIX = '/moderator'; // Note that this only works in dev, due to the use of cache slugs in prod. var SCRIPTS_URL_SLICE = '/assets/scripts/'; @@ -167,6 +167,14 @@ var ensurePageHasNoTranslationIds = async function() { .replace(REGEX_NG_TOP_NAV_VISIBILITY, '')).not.toContain('I18N'); }; +var acceptPrompt = async function(promptResponse) { + await waitFor.alertToBePresent(); + const alert = await browser.switchTo().alert(); + await alert.sendKeys(promptResponse); + await alert.accept(); + await waitFor.pageToFullyLoad(); +}; + var acceptAlert = async function() { await waitFor.alertToBePresent(); await (await browser.switchTo().alert()).accept(); @@ -233,6 +241,7 @@ var navigateToTopicsAndSkillsDashboardPage = async function() { }; exports.acceptAlert = acceptAlert; +exports.acceptPrompt = acceptPrompt; exports.scrollToTop = scrollToTop; exports.checkForConsoleErrors = checkForConsoleErrors; exports.isInDevMode = isInDevMode; @@ -241,6 +250,7 @@ exports.SERVER_URL_PREFIX = SERVER_URL_PREFIX; exports.USER_PREFERENCES_URL = USER_PREFERENCES_URL; exports.EDITOR_URL_SLICE = EDITOR_URL_SLICE; exports.LOGIN_URL_SUFFIX = LOGIN_URL_SUFFIX; +exports.LOGOUT_URL_SUFFIX = LOGOUT_URL_SUFFIX; exports.MODERATOR_URL_SUFFIX = MODERATOR_URL_SUFFIX; exports.SCRIPTS_URL_SLICE = SCRIPTS_URL_SLICE; exports.FIRST_STATE_DEFAULT_NAME = FIRST_STATE_DEFAULT_NAME; diff --git a/core/tests/protractor_utils/users.js b/core/tests/protractor_utils/users.js index 26f5e3555279..0405a8e8504a 100644 --- a/core/tests/protractor_utils/users.js +++ b/core/tests/protractor_utils/users.js @@ -17,85 +17,70 @@ * carrying out end-to-end testing with protractor. */ +var FirebaseAdmin = require('firebase-admin'); +var HashWasm = require('hash-wasm'); var general = require('./general.js'); var waitFor = require('./waitFor.js'); var action = require('./action.js'); var AdminPage = require('./AdminPage.js'); var adminPage = new AdminPage.AdminPage(); -var _login = async function( - email, isSuperAdmin = false, manualNavigation = true) { - // Use of element and action is not possible because the login page - // is non-angular. - // The full url is also necessary. - var driver = browser.driver; - // The manualNavigation argument is used to determine whether to navigate to - // the login URL using driver.get() or not. If false, the calling method - // should handle navigation to the login page. - if (manualNavigation) { - await driver.get(general.SERVER_URL_PREFIX + general.LOGIN_URL_SUFFIX); - } - // The statement below uses a browser.wait() to determine if the user has - // logged in. Use of waitFor is not possible because the active page is - // non-angular. - await browser.wait( - async() => { - try { - await driver.findElement(protractor.By.name('email')); - } catch (error) { - return false; - } - return true; - }, waitFor.DEFAULT_WAIT_TIME_MSECS, 'Login takes too long.'); - await (await driver.findElement(protractor.By.name('email'))).clear(); - await (await driver.findElement(protractor.By.name('email'))).sendKeys(email); +var _createFirebaseAccount = async function(email, isSuperAdmin = false) { + // The Firebase Admin SDK stores all emails in lower case. To ensure that the + // developer email used to sign in is consistent with these accounts, we + // manually change them to lower case. + email = email.toLowerCase(); + var user = await FirebaseAdmin.auth().createUser({ + email: email, + emailVerified: true, + // We've configured the Firebase emulator to use email/password for user + // authentication. To save developers and end-to-end test authors the + // trouble of providing passwords, we always use the md5 hash of the email + // address instead. This will never be done in production, where the + // emulator DOES NOT run. Instead, production takes the user to the Google + // sign-in page, which eventually redirects them back to Oppia. + password: await HashWasm.md5(email), + }); if (isSuperAdmin) { - await (await driver.findElement(protractor.By.name('admin'))).click(); - let adminCheckboxStatus = await driver.findElement( - protractor.By.name('admin')).getAttribute('checked'); - expect(adminCheckboxStatus).toBeTruthy(); - } - await (await driver.findElement(protractor.By.id('submit-login'))).click(); - if (manualNavigation) { - // The statement below uses a browser.wait() to determine if the user has - // logged in. Use of waitFor is not possible because the active page is - // non-angular. - await browser.wait( - async() => { - let loginStatusHeaderElement = ( - await driver.findElement(protractor.By.tagName('h3'))); - let text = await loginStatusHeaderElement.getText(); - return text !== 'Logged In'; - }, waitFor.DEFAULT_WAIT_TIME_MSECS, 'Login takes too long.'); + await FirebaseAdmin.auth().setCustomUserClaims( + user.uid, {role: 'super_admin'}); } }; -var login = async function(email, manualNavigation = true) { - await _login(email, false, manualNavigation); +// Logs in to Oppia through the interface provided by AuthService.signInAsync(). +// +// Specfically, we pass the email argument into the prompt generated by +// signInAsync(), and then wait for the page to be redirected with login +// credentials. +// +// When manual navigation is enabled, the function will explicitly redirect the +// browser to the login page. If disabled, then the function will assume that +// the browser is already on the login page. +var login = async function(email, useManualNavigation = true) { + if (useManualNavigation) { + await browser.get(general.SERVER_URL_PREFIX + general.LOGIN_URL_SUFFIX); + } + + var emailInput = element(by.css('.protractor-test-sign-in-email-input')); + await action.sendKeys('Email input', emailInput, email); + + var signInButton = element(by.css('.protractor-test-sign-in-button')); + await action.click('Sign in button', signInButton); + + await waitFor.pageToFullyLoad(); }; var logout = async function() { - // Use of action is not possible because logout page is non-angular. - var driver = browser.driver; - await driver.get(general.SERVER_URL_PREFIX + general.LOGIN_URL_SUFFIX); - await (await driver.findElement(protractor.By.id('submit-logout'))).click(); + await browser.get(general.SERVER_URL_PREFIX + general.LOGOUT_URL_SUFFIX); + // Wait for logout page to load. + await waitFor.pageToFullyLoad(); + // Wait for redirection to occur. + await waitFor.pageToFullyLoad(); }; // The user needs to log in immediately before this method is called. Note // that this will fail if the user already has a username. -var _completeSignup = async function(username, manualNavigation = true) { - // The manualNavigation argument is used to determine whether to navigate to - // the sign-up URL using browser.get() or not. If false, the calling method - // should handle navigation to the sign-up page. - if (manualNavigation) { - // This is required since there is a redirect which can be considered - // as a client side navigation and the tests fail since Angular is - // not found due to the navigation interfering with protractor's - // bootstrapping. - await browser.waitForAngularEnabled(false); - await browser.get('/signup?return_url=http%3A%2F%2Flocalhost%3A9001%2F'); - await browser.waitForAngularEnabled(true); - } +var _completeSignup = async function(username) { await waitFor.pageToFullyLoad(); var usernameInput = element(by.css('.protractor-test-username-input')); var agreeToTermsCheckbox = element( @@ -107,49 +92,49 @@ var _completeSignup = async function(username, manualNavigation = true) { await waitFor.pageToFullyLoad(); }; -var completeLoginFlowFromStoryViewerPage = async function(email, username) { - await _login(email, false, false); - await _completeSignup(username, false); +var createAndLoginUser = async function( + email, username, useManualNavigation = true) { + await _createFirebaseAccount(email); + await login(email, useManualNavigation); + await _completeSignup(username); }; -var createUser = async function(email, username) { - await createAndLoginUser(email, username); - await logout(); +var createAndLoginAdminUser = async function(email, username) { + await _createFirebaseAccount(email, true); + await login(email); + await _completeSignup(username); + await adminPage.get(); + await adminPage.updateRole(username, 'admin'); }; -var createAndLoginUser = async function(email, username) { +var createAndLoginAdminUserMobile = async function(email, username) { + await _createFirebaseAccount(email, true); await login(email); await _completeSignup(username); }; -var createModerator = async function(email, username) { - await _login(email, true); - await _completeSignup(username); - await adminPage.get(); - await adminPage.updateRole(username, 'moderator'); +var createAdminMobile = async function(email, username) { + await createAndLoginAdminUserMobile(email, username); await logout(); }; -var createAdmin = async function(email, username) { - await createAndLoginAdminUser(email, username); +var createUser = async function(email, username) { + await createAndLoginUser(email, username); await logout(); }; -var createAndLoginAdminUser = async function(email, username) { - await _login(email, true); +var createModerator = async function(email, username) { + await _createFirebaseAccount(email, true); + await login(email); await _completeSignup(username); await adminPage.get(); - await adminPage.updateRole(username, 'admin'); -}; - -var createAdminMobile = async function(email, username) { - await createAndLoginAdminUserMobile(email, username); + await adminPage.updateRole(username, 'moderator'); await logout(); }; -var createAndLoginAdminUserMobile = async function(email, username) { - await _login(email, true); - await _completeSignup(username); +var createAdmin = async function(email, username) { + await createAndLoginAdminUser(email, username); + await logout(); }; var isAdmin = async function() { @@ -159,8 +144,6 @@ var isAdmin = async function() { exports.isAdmin = isAdmin; exports.login = login; exports.logout = logout; -exports.completeLoginFlowFromStoryViewerPage = ( - completeLoginFlowFromStoryViewerPage); exports.createUser = createUser; exports.createAndLoginUser = createAndLoginUser; exports.createModerator = createModerator; diff --git a/core/tests/puppeteer/lighthouse_setup.js b/core/tests/puppeteer/lighthouse_setup.js index 866897f426c7..5d639ac8115b 100644 --- a/core/tests/puppeteer/lighthouse_setup.js +++ b/core/tests/puppeteer/lighthouse_setup.js @@ -16,6 +16,7 @@ * @fileoverview Puppeteer script to collects dynamic urls for lighthouse tests. */ +var FirebaseAdmin = require('firebase-admin'); const process = require('process'); const puppeteer = require('puppeteer'); @@ -32,6 +33,8 @@ var topicEditorUrl = 'Topic editor not loaded'; var skillEditorUrl = 'Skill editor not loaded'; var storyEditorUrl = 'Story editor not loaded'; +var emailInput = '.protractor-test-sign-in-email-input'; +var signInButton = '.protractor-test-sign-in-button'; var usernameInput = '.protractor-test-username-input'; var agreeToTermsCheckBox = '.protractor-test-agree-to-terms-checkbox'; var registerUser = '.protractor-test-register-user:not([disabled])'; @@ -83,9 +86,9 @@ const login = async function(browser, page) { // eslint-disable-next-line dot-notation await page.goto( ADMIN_URL, { waitUntil: networkIdle}); - await page.waitForSelector('#admin', {visible: true}); - await page.click('#admin'); - await page.click('#submit-login'); + await page.waitForSelector(emailInput, {visible: true}); + await page.type(emailInput, 'testadmin@example.com'); + await page.click(signInButton); // Checks if the user's account was already made. try { await page.waitForSelector(usernameInput, {visible: true}); @@ -275,6 +278,8 @@ const getSkillEditorUrl = async function(browser, page) { }; const main = async function() { + process.env.FIREBASE_AUTH_EMULATOR_HOST = 'localhost:9099'; + FirebaseAdmin.initializeApp({projectId: 'dev-project-id'}); // Change headless to false to see the puppeteer actions. const browser = await puppeteer.launch({headless: true}); const page = await browser.newPage(); diff --git a/core/tests/test_utils.py b/core/tests/test_utils.py index 5611cbf04803..1ab072076820 100644 --- a/core/tests/test_utils.py +++ b/core/tests/test_utils.py @@ -1096,6 +1096,39 @@ def function_that_always_raises(*unused_args, **unused_kwargs): with self.swap(obj, attr, function_that_always_raises): yield + @contextlib.contextmanager + def swap_with_call_counter( + self, obj, attr, raises=None, returns=None, call_through=False): + """Swap obj.attr with a CallCounter instance. + + Args: + obj: *. The Python object whose attribute you want to swap. + attr: str. The name of the function to be swapped. + raises: Exception|None. The exception raised by the swapped + function. If None, then no exception is raised. + returns: *. The return value of the swapped function. + call_through: bool. Whether to call through to the real function, + rather than use a stub implementation. If True, the `raises` and + `returns` arguments will be ignored. + + Yields: + CallCounter. A CallCounter instance that's installed as obj.attr's + implementation while within the context manager returned. + """ + if call_through: + impl = obj.attr + else: + def impl(*_, **__): + """Behaves according to the given values.""" + if raises is not None: + # Pylint thinks we're trying to raise `None` even though + # we've explicitly checked for it above. + raise raises # pylint: disable=raising-bad-type + return returns + call_counter = CallCounter(impl) + with self.swap(obj, attr, call_counter): + yield call_counter + @contextlib.contextmanager def swap_with_checks( self, obj, attr, new_value, expected_args=None, @@ -1308,6 +1341,8 @@ def setUp(self): self.mail_testapp = webtest.TestApp(main_mail.app) def tearDown(self): + datastore_services.delete_multi( + datastore_services.query_everything().iter(keys_only=True)) self.testbed.deactivate() super(AppEngineTestBase, self).tearDown() @@ -1464,7 +1499,7 @@ class GenericTestBase(AppEngineTestBase): TODO(#12135): Split this enormous test base into smaller, focused pieces. """ - # NOTE: For tests that do not/can not use the default super-admin, authors + # NOTE: For tests that do not/can not use the default super admin, authors # can override the following class-level constant. AUTO_CREATE_DEFAULT_SUPERADMIN_USER = True @@ -1821,11 +1856,6 @@ def setUp(self): if self.AUTO_CREATE_DEFAULT_SUPERADMIN_USER: self.signup_superadmin_user() - def tearDown(self): - datastore_services.delete_multi( - datastore_services.query_everything().iter(keys_only=True)) - super(GenericTestBase, self).tearDown() - def login(self, email, is_super_admin=False): """Sets the environment variables to simulate a login. diff --git a/core/tests/test_utils_test.py b/core/tests/test_utils_test.py index 23fca65509ad..a357b854d857 100644 --- a/core/tests/test_utils_test.py +++ b/core/tests/test_utils_test.py @@ -32,6 +32,7 @@ import feconf import python_utils +import mock import webapp2 exp_models, = models.Registry.import_models([models.NAMES.exploration]) @@ -451,77 +452,51 @@ def test_capture_logging_with_min_level(self): logging.warn('3') logging.error('4') python_utils.PRINT('5') - logging.info('6') + logging.error('6') self.assertEqual(logs, ['3', '4']) - def test_swap_to_always_return_uses_none_by_default(self): - class MockClass(python_utils.OBJECT): - """Test-only class.""" - - def method(self): - """Returns self.""" - return self + def test_swap_to_always_return_without_value_uses_none(self): + obj = mock.Mock() + obj.func = lambda: obj - mock = MockClass() - self.assertIs(mock.method(), mock) + self.assertIs(obj.func(), obj) - with self.swap_to_always_return(mock, 'method'): - self.assertIsNone(mock.method()) + with self.swap_to_always_return(obj, 'func'): + self.assertIsNone(obj.func()) def test_swap_to_always_return_with_value(self): - right_obj = python_utils.OBJECT() - wrong_obj = python_utils.OBJECT() - self.assertIsNot(right_obj, wrong_obj) + obj = mock.Mock() + obj.func = lambda: 0 - class MockClass(python_utils.OBJECT): - """Test-only class.""" + self.assertEqual(obj.func(), 0) - def method(self): - """Returns self.""" - return wrong_obj + with self.swap_to_always_return(obj, 'func', value=123): + self.assertEqual(obj.func(), 123) - mock = MockClass() - self.assertIs(mock.method(), wrong_obj) - - with self.swap_to_always_return(mock, 'method', value=right_obj): - self.assertIs(mock.method(), right_obj) - - def test_swap_to_always_raise_empty_exception_by_default(self): - class MockClass(python_utils.OBJECT): - """Test-only class.""" + def test_swap_to_always_raise_without_error_uses_empty_exception(self): + obj = mock.Mock() + obj.func = lambda: None + self.assertIsNone(obj.func()) - def method(self): - """Returns self.""" - return self - - mock = MockClass() - self.assertIs(mock.method(), mock) - - with self.swap_to_always_raise(mock, 'method'): + with self.swap_to_always_raise(obj, 'func'): try: - mock.method() - except Exception: - pass + obj.func() + except Exception as e: + self.assertIs(type(e), Exception) + self.assertEqual(python_utils.UNICODE(e), '') else: - self.fail(msg='Exception was not raise as expected') + self.fail(msg='obj.func() did not raise an Exception') def test_swap_to_always_raise_with_error(self): - right_error = Exception('right error') - wrong_error = Exception('wrong error') - - class MockClass(python_utils.OBJECT): - """Test-only class.""" - - def method(self): - """Returns self.""" - raise wrong_error + obj = mock.Mock() + obj.func = lambda: python_utils.divide(1, 0) - mock = MockClass() - self.assertRaisesRegexp(Exception, 'wrong error', mock.method) + self.assertRaisesRegexp( + ZeroDivisionError, 'integer division or modulo by zero', obj.func) - with self.swap_to_always_raise(mock, 'method', error=right_error): - self.assertRaisesRegexp(Exception, 'right error', mock.method) + with self.swap_to_always_raise(obj, 'func', error=ValueError('abc')): + self.assertRaisesRegexp(ValueError, 'abc', obj.func) def test_swap_with_check_on_method_called(self): def mock_getcwd(): diff --git a/feconf.py b/feconf.py index 190804ccdebd..bc92406b5a5a 100644 --- a/feconf.py +++ b/feconf.py @@ -1113,8 +1113,13 @@ def get_empty_ratings(): # Firebase-specific role specified for users with super admin privileges. FIREBASE_ROLE_SUPER_ADMIN = 'super_admin' +FIREBASE_EMULATOR_CONFIG_PATH = '.firebase.json' + +# TODO(#11462): Delete this after Firebase authentication has been deployed. +ENABLE_USER_CREATION = True + # The name of the cookie Oppia will place the session cookie into. The name is -# arbitrary. If it is changed later on, then the cookie will live-on in the +# arbitrary. If it is changed later on, then the cookie will live on in the # users' browsers as garbage (although it would expire eventually, see MAX_AGE). FIREBASE_SESSION_COOKIE_NAME = 'session' # The duration a session cookie from Firebase should remain valid for. After the diff --git a/main.py b/main.py index bfd5f07ee54a..2b630ab1bd9c 100644 --- a/main.py +++ b/main.py @@ -63,6 +63,7 @@ from core.controllers import voice_artist from core.domain import user_services from core.platform import models +from core.platform.auth import firebase_auth_services import feconf from mapreduce import main as mapreduce_main @@ -220,6 +221,8 @@ def ui_access_wrapper(self, *args, **kwargs): get_redirect_route(r'%s' % feconf.ADMIN_URL, admin.AdminPage), get_redirect_route(r'/adminhandler', admin.AdminHandler), get_redirect_route(r'/adminrolehandler', admin.AdminRoleHandler), + get_redirect_route( + r'/adminsuperadminhandler', admin.AdminSuperAdminPrivilegesHandler), get_redirect_route( r'/memorycacheadminhandler', admin.MemoryCacheAdminHandler), get_redirect_route(r'/adminjoboutput', admin.AdminJobOutputHandler), @@ -802,8 +805,10 @@ def ui_access_wrapper(self, *args, **kwargs): admin.VerifyUserModelsDeletedHandler), get_redirect_route(r'/deleteuserhandler', admin.DeleteUserHandler), get_redirect_route(r'/frontend_errors', FrontendErrorHandler), - get_redirect_route(r'/logout', base.LogoutPage), + get_redirect_route(r'/session_begin', base.SessionBeginHandler), + get_redirect_route(r'/session_end', base.SessionEndHandler), + get_redirect_route(r'/seed_firebase', base.SeedFirebaseHandler), get_redirect_route( r'%s/%s/' % ( @@ -863,3 +868,5 @@ def ui_access_wrapper(self, *args, **kwargs): app = transaction_services.toplevel_wrapper( # pylint: disable=invalid-name webapp2.WSGIApplication(URLS, debug=feconf.DEBUG)) + +firebase_auth_services.establish_firebase_connection() diff --git a/package.json b/package.json index 7658b367a228..1bf84b8b0a00 100644 --- a/package.json +++ b/package.json @@ -64,7 +64,8 @@ "eslint-plugin-oppia": "file:./scripts/linters/custom_eslint_checks", "eslint-plugin-unused-imports": "^1.0.0", "file-loader": "^6.0.0", - "firebase-tools": "^9.1.0", + "firebase-admin": "^9.5.0", + "firebase-tools": "https://github.com/oppia/firebase-tools/releases/download/v9.6.0-PATCH/firebase-tools-9.6.0-PATCH.tgz", "html-dnd": "^1.2.1", "html-loader": "^1.1.0", "html-webpack-plugin": "^4.0.3", diff --git a/puppeteer-login-script.js b/puppeteer-login-script.js index 437b9a6b1853..44b6ca4fcfee 100644 --- a/puppeteer-login-script.js +++ b/puppeteer-login-script.js @@ -22,6 +22,8 @@ const ADMIN_URL = 'http://127.0.0.1:8181/admin'; const CREATOR_DASHBOARD_URL = 'http://127.0.0.1:8181/creator-dashboard'; const networkIdle = 'networkidle0'; +var emailInput = '.protractor-test-sign-in-email-input'; +var signInButton = '.protractor-test-sign-in-button'; var usernameInput = '.protractor-test-username-input'; var agreeToTermsCheckBox = '.protractor-test-agree-to-terms-checkbox'; var registerUser = '.protractor-test-register-user:not([disabled])'; @@ -52,11 +54,10 @@ module.exports = async(browser, context) => { const login = async function(context, page) { try { // eslint-disable-next-line dot-notation - await page.goto( - ADMIN_URL, { waitUntil: networkIdle}); - await page.waitForSelector('#admin', {visible: true}); - await page.click('#admin'); - await page.click('#submit-login'); + await page.goto(ADMIN_URL, {waitUntil: networkIdle}); + await page.waitForSelector(emailInput, {visible: true}); + await page.type(emailInput, 'testadmin@example.com'); + await page.click(signInButton); // Checks if the user's account was already made. try { await page.waitForSelector(usernameInput, {visible: true}); diff --git a/scripts/build.py b/scripts/build.py index c82037ba1465..183e208213df 100644 --- a/scripts/build.py +++ b/scripts/build.py @@ -121,6 +121,8 @@ 'webpack_bundles/contact-page.mainpage.html', 'webpack_bundles/donate-page.mainpage.html', 'webpack_bundles/get-started-page.mainpage.html', + 'webpack_bundles/login-page.mainpage.html', + 'webpack_bundles/logout-page.mainpage.html', 'webpack_bundles/privacy-page.mainpage.html', 'webpack_bundles/playbook.mainpage.html', 'webpack_bundles/teach-page.mainpage.html', @@ -200,12 +202,15 @@ def generate_app_yaml(deploy_mode=False, maintenance_mode=False): content = content.replace( file_path, prod_file_prefix + file_path) - # The version: default line is required to run jobs on a local server ( - # both in prod & non-prod env). This line is not required when app.yaml - # is generated during deployment. So, we remove this if the build process - # is being run from the deploy script. if deploy_mode: + # The version: default line is required to run jobs on a local server ( + # both in prod & non-prod env). This line is not required when app.yaml + # is generated during deployment. So, we remove this if the build + # process is being run from the deploy script. content = content.replace('version: default', '') + # The FIREBASE_AUTH_EMULATOR_HOST environment variable is only needed to + # test locally, and MUST NOT be included in the deployed file. + content = re.sub(' FIREBASE_AUTH_EMULATOR_HOST: ".*"\n', '', content) if os.path.isfile(APP_YAML_FILEPATH): os.remove(APP_YAML_FILEPATH) with python_utils.open_file(APP_YAML_FILEPATH, 'w+') as prod_yaml_file: diff --git a/scripts/build_test.py b/scripts/build_test.py index 85649d9b663c..1baf4afa8089 100644 --- a/scripts/build_test.py +++ b/scripts/build_test.py @@ -751,6 +751,7 @@ def test_generate_app_yaml_with_deploy_mode(self): app_dev_yaml_temp_file.name = mock_dev_yaml_filepath with python_utils.open_file(mock_dev_yaml_filepath, 'w') as tmp: tmp.write(u'Some content in mock_app_dev.yaml\n') + tmp.write(u' FIREBASE_AUTH_EMULATOR_HOST: "localhost:9099"\n') tmp.write(u'version: default') app_yaml_temp_file = tempfile.NamedTemporaryFile() diff --git a/scripts/common.py b/scripts/common.py index aa5529635ea9..7c5619c9f8e1 100644 --- a/scripts/common.py +++ b/scripts/common.py @@ -925,6 +925,7 @@ def managed_firebase_auth_emulator(): emulator_args = [ FIREBASE_PATH, 'emulators:start', '--only', 'auth', '--project', feconf.OPPIA_PROJECT_ID, + '--config', feconf.FIREBASE_EMULATOR_CONFIG_PATH, ] with contextlib2.ExitStack() as stack: # OK to use shell=True here because we are passing string literals and diff --git a/scripts/pre_commit_hook.py b/scripts/pre_commit_hook.py index 6d948318e1c4..0befb4093075 100755 --- a/scripts/pre_commit_hook.py +++ b/scripts/pre_commit_hook.py @@ -52,9 +52,8 @@ 'CAN_SEND_ANALYTICS_EVENTS', 'SITE_FEEDBACK_FORM_URL', 'ANALYTICS_ID', 'SITE_NAME_FOR_ANALYTICS', 'FIREBASE_CONFIG_API_KEY', 'FIREBASE_CONFIG_APP_ID', 'FIREBASE_CONFIG_AUTH_DOMAIN', - 'FIREBASE_CONFIG_DATABASE_URL', 'FIREBASE_CONFIG_MESSAGING_SENDER_ID', - 'FIREBASE_CONFIG_PROJECT_ID', 'FIREBASE_CONFIG_STORAGE_BUCKET', - 'FIREBASE_CONFIG_GOOGLE_CLIENT_ID', 'FIREBASE_EMULATOR_ENABLED'] + 'FIREBASE_CONFIG_MESSAGING_SENDER_ID', 'FIREBASE_CONFIG_PROJECT_ID', + 'FIREBASE_CONFIG_STORAGE_BUCKET', 'FIREBASE_CONFIG_GOOGLE_CLIENT_ID'] def install_hook(): diff --git a/webpack.common.config.ts b/webpack.common.config.ts index 9c0727d653ca..a54ef76c9dc1 100644 --- a/webpack.common.config.ts +++ b/webpack.common.config.ts @@ -101,6 +101,8 @@ module.exports = { commonPrefix + '/pages/learner-dashboard-page/' + 'learner-dashboard-page.import.ts', library: commonPrefix + '/pages/library-page/library-page.import.ts', + login: commonPrefix + '/pages/login-page/login-page.import.ts', + logout: commonPrefix + '/pages/logout-page/logout-page.import.ts', maintenance: commonPrefix + '/pages/maintenance-page/maintenance-page.import.ts', moderator: @@ -429,6 +431,22 @@ module.exports = { minify: htmlMinifyConfig, inject: false }), + new HtmlWebpackPlugin({ + chunks: ['login'], + filename: 'login-page.mainpage.html', + meta: defaultMeta, + template: commonPrefix + '/pages/login-page/login-page.mainpage.html', + minify: htmlMinifyConfig, + inject: false + }), + new HtmlWebpackPlugin({ + chunks: ['logout'], + filename: 'logout-page.mainpage.html', + meta: defaultMeta, + template: commonPrefix + '/pages/logout-page/logout-page.mainpage.html', + minify: htmlMinifyConfig, + inject: false + }), new HtmlWebpackPlugin({ chunks: ['maintenance'], filename: 'maintenance-page.mainpage.html', diff --git a/yarn.lock b/yarn.lock index 5816734ef2f1..fdc663100c84 100644 --- a/yarn.lock +++ b/yarn.lock @@ -420,6 +420,13 @@ "@firebase/util" "0.3.4" tslib "^1.11.1" +"@firebase/database-types@0.6.1", "@firebase/database-types@^0.6.1": + version "0.6.1" + resolved "https://registry.yarnpkg.com/@firebase/database-types/-/database-types-0.6.1.tgz#cf1cfc03e617ed4c2561703781f85ba4c707ff65" + integrity sha512-JtL3FUbWG+bM59iYuphfx9WOu2Mzf0OZNaqWiQ7lJR8wBe7bS9rIm9jlBFtksB7xcya1lZSQPA/GAy2jIlMIkA== + dependencies: + "@firebase/app-types" "0.6.1" + "@firebase/database-types@0.7.0": version "0.7.0" resolved "https://registry.yarnpkg.com/@firebase/database-types/-/database-types-0.7.0.tgz#ab140d178ded676e60d8ade8c8f13de8e01e7e1e" @@ -440,6 +447,19 @@ faye-websocket "0.11.3" tslib "^1.11.1" +"@firebase/database@^0.8.1": + version "0.8.3" + resolved "https://registry.yarnpkg.com/@firebase/database/-/database-0.8.3.tgz#4e5efa8fc8df00d6febfd9c8d6d6e409596659f7" + integrity sha512-i29rr3kcPltIkA8La9M1lgsSxx9bfu5lCQ0T+tbJptZ3UpqpcL1NzCcZa24cJjiLgq3HQNPyLvUvCtcPSFDlRg== + dependencies: + "@firebase/auth-interop-types" "0.1.5" + "@firebase/component" "0.1.21" + "@firebase/database-types" "0.6.1" + "@firebase/logger" "0.2.6" + "@firebase/util" "0.3.4" + faye-websocket "0.11.3" + tslib "^1.11.1" + "@firebase/firestore-types@2.1.0": version "2.1.0" resolved "https://registry.yarnpkg.com/@firebase/firestore-types/-/firestore-types-2.1.0.tgz#ad406c6fd7f0eae7ea52979f712daa0166aef665" @@ -584,6 +604,31 @@ resolved "https://registry.yarnpkg.com/@firebase/webchannel-wrapper/-/webchannel-wrapper-0.4.1.tgz#600f2275ff54739ad5ac0102f1467b8963cd5f71" integrity sha512-0yPjzuzGMkW1GkrC8yWsiN7vt1OzkMIi9HgxRmKREZl2wnNPOKo/yScTjXf/O57HM8dltqxPF6jlNLFVtc2qdw== +"@google-cloud/common@^3.6.0": + version "3.6.0" + resolved "https://registry.yarnpkg.com/@google-cloud/common/-/common-3.6.0.tgz#c2f6da5f79279a4a9ac7c71fc02d582beab98e8b" + integrity sha512-aHIFTqJZmeTNO9md8XxV+ywuvXF3xBm5WNmgWeeCK+XN5X+kGW0WEX94wGwj+/MdOnrVf4dL2RvSIt9J5yJG6Q== + dependencies: + "@google-cloud/projectify" "^2.0.0" + "@google-cloud/promisify" "^2.0.0" + arrify "^2.0.1" + duplexify "^4.1.1" + ent "^2.2.0" + extend "^3.0.2" + google-auth-library "^7.0.2" + retry-request "^4.1.1" + teeny-request "^7.0.0" + +"@google-cloud/firestore@^4.5.0": + version "4.9.7" + resolved "https://registry.yarnpkg.com/@google-cloud/firestore/-/firestore-4.9.7.tgz#8fb9080ba0f6e074013412835b60db926515d139" + integrity sha512-s5W6rRxD5y3Oe3KJUNztIy4eIi9dBwJU36jd/QM3L8frpCuSh1fn6z0BD8IAV0AirQAg6aOzSlcwAwd/yeXCkw== + dependencies: + fast-deep-equal "^3.1.1" + functional-red-black-tree "^1.0.1" + google-gax "^2.9.2" + protobufjs "^6.8.6" + "@google-cloud/paginator@^3.0.0": version "3.0.5" resolved "https://registry.yarnpkg.com/@google-cloud/paginator/-/paginator-3.0.5.tgz#9d6b96c421a89bd560c1bc2c197c7611ef21db6c" @@ -628,7 +673,34 @@ lodash.snakecase "^4.1.1" p-defer "^3.0.0" -"@grpc/grpc-js@^1.0.0", "@grpc/grpc-js@~1.2.0": +"@google-cloud/storage@^5.3.0": + version "5.8.1" + resolved "https://registry.yarnpkg.com/@google-cloud/storage/-/storage-5.8.1.tgz#00e627723614bcf97e6e29f9a59ec39339171847" + integrity sha512-qP8gCJ2myyMN3JMJN12d82Oo8VBSDO8vO4/x56dtQZX9+WISqcagurntnJVyFX885tIOtS97bsyv8qR1xv6HMg== + dependencies: + "@google-cloud/common" "^3.6.0" + "@google-cloud/paginator" "^3.0.0" + "@google-cloud/promisify" "^2.0.0" + arrify "^2.0.0" + async-retry "^1.3.1" + compressible "^2.0.12" + date-and-time "^0.14.2" + duplexify "^4.0.0" + extend "^3.0.2" + gaxios "^4.0.0" + gcs-resumable-upload "^3.1.3" + get-stream "^6.0.0" + hash-stream-validation "^0.2.2" + mime "^2.2.0" + mime-types "^2.0.8" + onetime "^5.1.0" + p-limit "^3.0.1" + pumpify "^2.0.0" + snakeize "^0.1.0" + stream-events "^1.0.1" + xdg-basedir "^4.0.0" + +"@grpc/grpc-js@^1.0.0": version "1.2.7" resolved "https://registry.yarnpkg.com/@grpc/grpc-js/-/grpc-js-1.2.7.tgz#d291c23ed4dfd794366d91c016e9bef2b5f7663e" integrity sha512-hBkR/vZTodu/dA/kcKpiQtPQdjMbpfKv7RKfEByT5/7qOQNpIh2O6Sr1aldLMzstFqmGrufmR7XTc56VCMH7LA== @@ -637,6 +709,15 @@ google-auth-library "^6.1.1" semver "^6.2.0" +"@grpc/grpc-js@~1.2.0": + version "1.2.11" + resolved "https://registry.yarnpkg.com/@grpc/grpc-js/-/grpc-js-1.2.11.tgz#68faa56bded64844294dc6429185503376f05ff1" + integrity sha512-DZqx3nHBm2OGY7NKq4sppDEfx4nBAsQH/d/H/yxo/+BwpVLWLGs+OorpwQ+Fqd6EgpDEoi4MhqndjGUeLl/5GA== + dependencies: + "@types/node" ">=12.12.47" + google-auth-library "^6.1.1" + semver "^6.2.0" + "@grpc/proto-loader@^0.5.0", "@grpc/proto-loader@^0.5.1": version "0.5.6" resolved "https://registry.yarnpkg.com/@grpc/proto-loader/-/proto-loader-0.5.6.tgz#1dea4b8a6412b05e2d58514d507137b63a52a98d" @@ -912,6 +993,13 @@ resolved "https://registry.yarnpkg.com/@types/anymatch/-/anymatch-1.3.1.tgz#336badc1beecb9dacc38bea2cf32adf627a8421a" integrity sha512-/+CRPXpBDpo2RK9C68N3b2cOvO0Cf5B9aPijHsoDQTHivnGSObdOF2BRQOYjojWTDy6nQvMjmqRXIxH55VjxxA== +"@types/archiver@^5.1.0": + version "5.1.0" + resolved "https://registry.yarnpkg.com/@types/archiver/-/archiver-5.1.0.tgz#869f4ce4028e49cf9a0243cf914415f4cc3d1f3d" + integrity sha512-baFOhanb/hxmcOd1Uey2TfFg43kTSmM6py1Eo7Rjbv/ivcl7PXLhY0QgXGf50Hx/eskGCFqPfhs/7IZLb15C5g== + dependencies: + "@types/glob" "*" + "@types/ckeditor@^4.9.8": version "4.9.10" resolved "https://registry.yarnpkg.com/@types/ckeditor/-/ckeditor-4.9.10.tgz#f4d252821c52c2b903b21801c8469ead756122b3" @@ -1170,7 +1258,7 @@ resolved "https://registry.yarnpkg.com/@types/geojson/-/geojson-7946.0.7.tgz#c8fa532b60a0042219cdf173ca21a975ef0666ad" integrity sha512-wE2v81i4C4Ol09RtsWFAqg3BUitWbHSpSlIo+bNdsCJijO9sjme+zm+73ZMCa/qMC8UEERxzGbvmr1cffo2SiQ== -"@types/glob@^7.1.1": +"@types/glob@*", "@types/glob@^7.1.1": version "7.1.3" resolved "https://registry.yarnpkg.com/@types/glob/-/glob-7.1.3.tgz#e6ba80f36b7daad2c685acd9266382e68985c183" integrity sha512-SEYeGAIQIQX8NN6LDKprLjbrd5dARM5EXsd8GI/A5l0apYI1fGMWgPHSe4ZKL4eozlAyI+doUE9XbYS4xCkQ1w== @@ -1275,20 +1363,30 @@ resolved "https://registry.yarnpkg.com/@types/mousetrap/-/mousetrap-1.6.5.tgz#e95569aa6273dbe0ed1814f86287547cc06e93c9" integrity sha512-OwVhKFim9Y/MprzCe4I6a59p31pMy8+LrtP6qS7J0kaOxYmW6VVJPBw5NYm+g7nSbgPUz22FvqU1F1hC5YGTfg== -"@types/node@*", "@types/node@>=12.12.47", "@types/node@^14.0.5", "@types/node@^14.14.10": +"@types/node@*", "@types/node@^14.0.5", "@types/node@^14.14.10": version "14.14.27" resolved "https://registry.yarnpkg.com/@types/node/-/node-14.14.27.tgz#c7127f8da0498993e13b1a42faf1303d3110d2f2" integrity sha512-Ecfmo4YDQPwuqTCl1yBxLV5ihKfRlkBmzUEDcfIRvDxOTGQEeikr317Ln7Gcv0tjA8dVgKI3rniqW2G1OyKDng== +"@types/node@>=12.12.47": + version "14.14.35" + resolved "https://registry.yarnpkg.com/@types/node/-/node-14.14.35.tgz#42c953a4e2b18ab931f72477e7012172f4ffa313" + integrity sha512-Lt+wj8NVPx0zUmUwumiVXapmaLUcAk3yPuHCFVXras9k5VT9TdhJqKqGVUQCD60OTMCl0qxJ57OiTL0Mic3Iag== + +"@types/node@^10.10.0": + version "10.17.55" + resolved "https://registry.yarnpkg.com/@types/node/-/node-10.17.55.tgz#a147f282edec679b894d4694edb5abeb595fecbd" + integrity sha512-koZJ89uLZufDvToeWO5BrC4CR4OUfHnUz2qoPs/daQH6qq3IN62QFxCTZ+bKaCE0xaoCAJYE4AXre8AbghCrhg== + "@types/node@^12.12.29": version "12.20.0" resolved "https://registry.yarnpkg.com/@types/node/-/node-12.20.0.tgz#692dfdecd6c97f5380c42dd50f19261f9f604deb" integrity sha512-0/41wHcurotvSOTHQUFkgL702c3pyWR1mToSrrX3pGPvGfpHTv3Ksx0M4UVuU5VJfjVb62Eyr1eKO1tWNUCg2Q== "@types/node@^13.7.0": - version "13.13.41" - resolved "https://registry.yarnpkg.com/@types/node/-/node-13.13.41.tgz#045a4981318d31a581650ce70f340a32c3461198" - integrity sha512-qLT9IvHiXJfdrje9VmsLzun7cQ65obsBTmtU3EOnCSLFOoSHx1hpiRHoBnpdbyFqnzqdUUIv81JcEJQCB8un9g== + version "13.13.47" + resolved "https://registry.yarnpkg.com/@types/node/-/node-13.13.47.tgz#6eca42c3462821309b26edbc2eff0db1e37ab9bc" + integrity sha512-R6851wTjN1YJza8ZIeX6puNBSi/ZULHVh4WVleA7q256l+cP2EtXnKbO455fTs2ytQk3dL9qkU+Wh8l/uROdKg== "@types/normalize-package-data@^2.4.0": version "2.4.0" @@ -1918,18 +2016,18 @@ archiver-utils@^2.1.0: normalize-path "^3.0.0" readable-stream "^2.0.0" -archiver@^3.0.0: - version "3.1.1" - resolved "https://registry.yarnpkg.com/archiver/-/archiver-3.1.1.tgz#9db7819d4daf60aec10fe86b16cb9258ced66ea0" - integrity sha512-5Hxxcig7gw5Jod/8Gq0OneVgLYET+oNHcxgWItq4TbhOzRLKNAFUb9edAftiMKXvXfCB0vbGrJdZDNq0dWMsxg== +archiver@^5.0.0: + version "5.3.0" + resolved "https://registry.yarnpkg.com/archiver/-/archiver-5.3.0.tgz#dd3e097624481741df626267564f7dd8640a45ba" + integrity sha512-iUw+oDwK0fgNpvveEsdQ0Ase6IIKztBJU2U0E9MzszMfmVVUyv1QJhS2ITW9ZCqx8dktAxVAjWWkKehuZE8OPg== dependencies: archiver-utils "^2.1.0" - async "^2.6.3" + async "^3.2.0" buffer-crc32 "^0.2.1" - glob "^7.1.4" - readable-stream "^3.4.0" - tar-stream "^2.1.0" - zip-stream "^2.1.2" + readable-stream "^3.6.0" + readdir-glob "^1.0.0" + tar-stream "^2.2.0" + zip-stream "^4.1.0" archy@^1.0.0: version "1.0.0" @@ -2023,7 +2121,7 @@ arrify@^1.0.0, arrify@^1.0.1: resolved "https://registry.yarnpkg.com/arrify/-/arrify-1.0.1.tgz#898508da2226f380df904728456849c1501a4b0d" integrity sha1-iYUI2iIm84DfkEcoRWhJwVAaSw0= -arrify@^2.0.0: +arrify@^2.0.0, arrify@^2.0.1: version "2.0.1" resolved "https://registry.yarnpkg.com/arrify/-/arrify-2.0.1.tgz#c9655e9331e0abcd588d2a7cad7e9956f66701fa" integrity sha512-3duEwti880xqi4eAMN8AyR4a0ByT90zoYdLlevfrvU43vb0YZwZVfxOgxWrLXXXpyugL0hNZc9G6BiB5B3nUug== @@ -2109,19 +2207,26 @@ async-limiter@~1.0.0: resolved "https://registry.yarnpkg.com/async-limiter/-/async-limiter-1.0.1.tgz#dd379e94f0db8310b08291f9d64c3209766617fd" integrity sha512-csOlWGAcRFJaI6m+F2WKdnMKr4HhdhFVBk0H/QbJFMCr+uO2kwohwXQPxw/9OCxp05r5ghVBFSyioixx3gfkNQ== +async-retry@^1.3.1: + version "1.3.1" + resolved "https://registry.yarnpkg.com/async-retry/-/async-retry-1.3.1.tgz#139f31f8ddce50c0870b0ba558a6079684aaed55" + integrity sha512-aiieFW/7h3hY0Bq5d+ktDBejxuwR78vRu9hDUdR8rNhSaQ29VzPL4AoIRG7D/c7tdenwOcKvgPM6tIxB3cB6HA== + dependencies: + retry "0.12.0" + async@^1.3.0: version "1.5.2" resolved "https://registry.yarnpkg.com/async/-/async-1.5.2.tgz#ec6a61ae56480c0c3cb241c95618e20892f9672a" integrity sha1-7GphrlZIDAw8skHJVhjiCJL5Zyo= -async@^2.6.2, async@^2.6.3: +async@^2.6.2: version "2.6.3" resolved "https://registry.yarnpkg.com/async/-/async-2.6.3.tgz#d72625e2344a3656e3a3ad4fa749fa83299d82ff" integrity sha512-zflvls11DCy+dQWzTW2dzuilv8Z5X/pjfmZOWba6TNIVDm+2UDaJmXSOXlasHKfNBs8oo3M0aT50fDEWfKZjXg== dependencies: lodash "^4.17.14" -async@^3.1.0: +async@^3.1.0, async@^3.2.0: version "3.2.0" resolved "https://registry.yarnpkg.com/async/-/async-3.2.0.tgz#b3a2685c5ebb641d3de02d161002c60fc9f85720" integrity sha512-TR2mEZFVOj2pLStYxLht7TyfuRzaydfpxr3k9RpHIzMgw7A64dzsdqCxH1WJyQdoe8T10nDXd9wnEigmiuHIZw== @@ -2642,7 +2747,7 @@ buffer@^4.3.0: ieee754 "^1.1.4" isarray "^1.0.0" -buffer@^5.1.0, buffer@^5.2.1, buffer@^5.5.0: +buffer@^5.2.1, buffer@^5.5.0: version "5.7.1" resolved "https://registry.yarnpkg.com/buffer/-/buffer-5.7.1.tgz#ba62e7c13133053582197160851a8f648e99eed0" integrity sha512-EHcyIPBQ4BSGlvjB16k5KgAJ27CIsHY/2JBmCRReo48y9rQ3MaUzWX3KVlBa4U7MyX02HdVj0K7C3WaB3ju7FQ== @@ -3335,17 +3440,17 @@ component-emitter@^1.2.1, component-emitter@~1.3.0: resolved "https://registry.yarnpkg.com/component-emitter/-/component-emitter-1.3.0.tgz#16e4070fba8ae29b679f2215853ee181ab2eabc0" integrity sha512-Rd3se6QB+sO1TwqZjscQrurpEPIfO0/yYnSin6Q/rD3mOutHvUrCAhJub3r90uNb+SESBuE0QYoB90YdfatsRg== -compress-commons@^2.1.1: - version "2.1.1" - resolved "https://registry.yarnpkg.com/compress-commons/-/compress-commons-2.1.1.tgz#9410d9a534cf8435e3fbbb7c6ce48de2dc2f0610" - integrity sha512-eVw6n7CnEMFzc3duyFVrQEuY1BlHR3rYsSztyG32ibGMW722i3C6IizEGMFmfMU+A+fALvBIwxN3czffTcdA+Q== +compress-commons@^4.1.0: + version "4.1.0" + resolved "https://registry.yarnpkg.com/compress-commons/-/compress-commons-4.1.0.tgz#25ec7a4528852ccd1d441a7d4353cd0ece11371b" + integrity sha512-ofaaLqfraD1YRTkrRKPCrGJ1pFeDG/MVCkVVV2FNGeWquSlqw5wOrwOfPQ1xF2u+blpeWASie5EubHz+vsNIgA== dependencies: buffer-crc32 "^0.2.13" - crc32-stream "^3.0.1" + crc32-stream "^4.0.1" normalize-path "^3.0.0" - readable-stream "^2.3.6" + readable-stream "^3.6.0" -compressible@~2.0.16: +compressible@^2.0.12, compressible@~2.0.16: version "2.0.18" resolved "https://registry.yarnpkg.com/compressible/-/compressible-2.0.18.tgz#af53cca6b070d4c3c0750fbd77286a6d7cc46fba" integrity sha512-AF3r7P5dWxL8MxyITRMlORQNaOA2IkAFaTr4k7BUumjPtRpGDTZpl0Pb1XCO6JeDCBdp126Cgs9sMxqSjgYyRg== @@ -3397,7 +3502,7 @@ configstore@^4.0.0: write-file-atomic "^2.0.0" xdg-basedir "^3.0.0" -configstore@^5.0.1: +configstore@^5.0.0, configstore@^5.0.1: version "5.0.1" resolved "https://registry.yarnpkg.com/configstore/-/configstore-5.0.1.tgz#d365021b5df4b98cdd187d6a3b0e3f6a7cc5ed96" integrity sha512-aMKprgk5YhBNyH25hj8wGt2+D52Sw1DRRIzqBwLp2Ya9mFmY8KPvvtvmna8SxVR9JMZ4kzMD68N22vlaRpkeFA== @@ -3531,20 +3636,21 @@ cosmiconfig@^7.0.0: path-type "^4.0.0" yaml "^1.10.0" -crc32-stream@^3.0.1: - version "3.0.1" - resolved "https://registry.yarnpkg.com/crc32-stream/-/crc32-stream-3.0.1.tgz#cae6eeed003b0e44d739d279de5ae63b171b4e85" - integrity sha512-mctvpXlbzsvK+6z8kJwSJ5crm7yBwrQMTybJzMw1O4lLGJqjlDCXY2Zw7KheiA6XBEcBmfLx1D88mjRGVJtY9w== +crc-32@^1.2.0: + version "1.2.0" + resolved "https://registry.yarnpkg.com/crc-32/-/crc-32-1.2.0.tgz#cb2db6e29b88508e32d9dd0ec1693e7b41a18208" + integrity sha512-1uBwHxF+Y/4yF5G48fwnKq6QsIXheor3ZLPT80yGBV1oEUwpPojlEhQbWKVw1VwcTQyMGHK1/XMmTjmlsmTTGA== dependencies: - crc "^3.4.4" - readable-stream "^3.4.0" + exit-on-epipe "~1.0.1" + printj "~1.1.0" -crc@^3.4.4: - version "3.8.0" - resolved "https://registry.yarnpkg.com/crc/-/crc-3.8.0.tgz#ad60269c2c856f8c299e2c4cc0de4556914056c6" - integrity sha512-iX3mfgcTMIq3ZKLIsVFAbv7+Mc10kxabAGQb8HvjA1o3T1PIYprbakQ65d3I+2HGHt6nSKkM9PYjgoJO2KcFBQ== +crc32-stream@^4.0.1: + version "4.0.2" + resolved "https://registry.yarnpkg.com/crc32-stream/-/crc32-stream-4.0.2.tgz#c922ad22b38395abe9d3870f02fa8134ed709007" + integrity sha512-DxFZ/Hk473b/muq1VJ///PMNLj0ZMnzye9thBpmjpJKCc5eMgB95aK8zCGrGfQ90cWo561Te6HK9D+j4KPdM6w== dependencies: - buffer "^5.1.0" + crc-32 "^1.2.0" + readable-stream "^3.4.0" create-ecdh@^4.0.0: version "4.0.4" @@ -4070,6 +4176,11 @@ data-urls@^1.1.0: whatwg-mimetype "^2.2.0" whatwg-url "^7.0.0" +date-and-time@^0.14.2: + version "0.14.2" + resolved "https://registry.yarnpkg.com/date-and-time/-/date-and-time-0.14.2.tgz#a4266c3dead460f6c231fe9674e585908dac354e" + integrity sha512-EFTCh9zRSEpGPmJaexg7HTuzZHh6cnJj1ui7IGCFNXzd2QdpsNh05Db5TF3xzJm30YN+A8/6xHSuRcQqoc3kFA== + date-format@^2.1.0: version "2.1.0" resolved "https://registry.yarnpkg.com/date-format/-/date-format-2.1.0.tgz#31d5b5ea211cf5fd764cd38baf9d033df7e125cf" @@ -4323,6 +4434,13 @@ di@^0.0.1: resolved "https://registry.yarnpkg.com/di/-/di-0.0.1.tgz#806649326ceaa7caa3306d75d985ea2748ba913c" integrity sha1-gGZJMmzqp8qjMG112YXqJ0i6kTw= +dicer@^0.3.0: + version "0.3.0" + resolved "https://registry.yarnpkg.com/dicer/-/dicer-0.3.0.tgz#eacd98b3bfbf92e8ab5c2fdb71aaac44bb06b872" + integrity sha512-MdceRRWqltEG2dZqO769g27N/3PXfcKl04VhYnBlo2YhH7zPi88VebsjTKclaOyiuMaGU72hTfw3VkUitGcVCA== + dependencies: + streamsearch "0.1.2" + diff@5.0.0: version "5.0.0" resolved "https://registry.yarnpkg.com/diff/-/diff-5.0.0.tgz#7ed6ad76d859d030787ec35855f5b1daf31d852b" @@ -4542,7 +4660,7 @@ duplexify@^3.4.2, duplexify@^3.6.0: readable-stream "^2.0.0" stream-shift "^1.0.0" -duplexify@^4.0.0: +duplexify@^4.0.0, duplexify@^4.1.1: version "4.1.1" resolved "https://registry.yarnpkg.com/duplexify/-/duplexify-4.1.1.tgz#7027dc374f157b122a8ae08c2d3ea4d2d953aa61" integrity sha512-DY3xVEmVHTv1wSzKNbwoU6nVjzI369Y6sPoqfYr0/xlx3IdX2n94xIszTcjPO8W8ZIv0Wb0PXNcjuZyT4wiICA== @@ -4670,7 +4788,7 @@ enquirer@^2.3.5: dependencies: ansi-colors "^4.1.1" -ent@~2.2.0: +ent@^2.2.0, ent@~2.2.0: version "2.2.0" resolved "https://registry.yarnpkg.com/ent/-/ent-2.2.0.tgz#e964219325a21d05f44466a2f686ed6ce5f5dd1d" integrity sha1-6WQhkyWiHQX0RGai9obtbOX13R0= @@ -5102,6 +5220,11 @@ exit-code@^1.0.2: resolved "https://registry.yarnpkg.com/exit-code/-/exit-code-1.0.2.tgz#ce165811c9f117af6a5f882940b96ae7f9aecc34" integrity sha1-zhZYEcnxF69qX4gpQLlq5/muzDQ= +exit-on-epipe@~1.0.1: + version "1.0.1" + resolved "https://registry.yarnpkg.com/exit-on-epipe/-/exit-on-epipe-1.0.1.tgz#0bdd92e87d5285d267daa8171d0eb06159689692" + integrity sha512-h2z5mrROTxce56S+pnvAV890uu7ls7f1kEvVGJbw1OlFH3/mlJ5bkXu0KRyW94v37zzHPiUd55iLn3DA7TjWpw== + exit@^0.1.2: version "0.1.2" resolved "https://registry.yarnpkg.com/exit/-/exit-0.1.2.tgz#0632638f8d877cc82107d30a0fff1a17cba1cd0c" @@ -5376,10 +5499,10 @@ file-uri-to-path@2: resolved "https://registry.yarnpkg.com/file-uri-to-path/-/file-uri-to-path-2.0.0.tgz#7b415aeba227d575851e0a5b0c640d7656403fba" integrity sha512-hjPFI8oE/2iQPVe4gbrJ73Pp+Xfub2+WI2LlXDbsaJBwT5wuMh35WNWVYYTpnz895shtwfyutMFLFywpQAFdLg== -filesize@^3.1.3: - version "3.6.1" - resolved "https://registry.yarnpkg.com/filesize/-/filesize-3.6.1.tgz#090bb3ee01b6f801a8a8be99d31710b3422bb317" - integrity sha512-7KjR1vv6qnicaPMi1iiTcI85CyYwRO/PSFCu6SvqL8jN2Wjt/NIYQTFtFs7fSDCYOstUkEWIQGFUg5YZQfjlcg== +filesize@^6.1.0: + version "6.1.0" + resolved "https://registry.yarnpkg.com/filesize/-/filesize-6.1.0.tgz#e81bdaa780e2451d714d71c0d7a4f3238d37ad00" + integrity sha512-LpCHtPQ3sFx67z+uh2HnSyWSLLu5Jxo21795uRDuar/EOuYWXib5EmPaGIBuSnRqH2IODiKA2k5re/K9OnN/Yg== fill-range@^4.0.0: version "4.0.0" @@ -5473,15 +5596,30 @@ fined@^1.0.1: object.pick "^1.2.0" parse-filepath "^1.0.1" -firebase-tools@^9.1.0: - version "9.3.0" - resolved "https://registry.yarnpkg.com/firebase-tools/-/firebase-tools-9.3.0.tgz#8bb8dec8218a0cd8db8694ebd5f5a6c9bf495ce7" - integrity sha512-tLg1GKpf8Jxlgqq3JttWTOHsOKIyNpro0Ic5sOabmxd1XSeXdK0XW3r3INASoSpy1SYPQn5EEyR1Vs/a0gCu2w== +firebase-admin@^9.5.0: + version "9.5.0" + resolved "https://registry.yarnpkg.com/firebase-admin/-/firebase-admin-9.5.0.tgz#438bc343f1fa0644c2bdbeb36eefec3eda3bf966" + integrity sha512-OPXFOTDcAE+NORpfhq7YMEDk+vFClBtjfpkrjm2JHRxb8DpMm+K3AcusonFPU/WOH4FhiVN9JHB0+NPE20S3gQ== + dependencies: + "@firebase/database" "^0.8.1" + "@firebase/database-types" "^0.6.1" + "@types/node" "^10.10.0" + dicer "^0.3.0" + jsonwebtoken "^8.5.1" + node-forge "^0.10.0" + optionalDependencies: + "@google-cloud/firestore" "^4.5.0" + "@google-cloud/storage" "^5.3.0" + +"firebase-tools@https://github.com/oppia/firebase-tools/releases/download/v9.6.0-PATCH/firebase-tools-9.6.0-PATCH.tgz": + version "9.6.0" + resolved "https://github.com/oppia/firebase-tools/releases/download/v9.6.0-PATCH/firebase-tools-9.6.0-PATCH.tgz#6dcb2d6969c66cb8ea124827ad4b51fa9ed159f0" dependencies: "@google-cloud/pubsub" "^2.7.0" + "@types/archiver" "^5.1.0" JSONStream "^1.2.1" abort-controller "^3.0.0" - archiver "^3.0.0" + archiver "^5.0.0" body-parser "^1.19.0" chokidar "^3.0.2" cjson "^0.3.1" @@ -5496,7 +5634,7 @@ firebase-tools@^9.1.0: exegesis-express "^2.0.0" exit-code "^1.0.2" express "^4.16.4" - filesize "^3.1.3" + filesize "^6.1.0" fs-extra "^0.23.1" glob "^7.1.2" google-auth-library "^6.1.3" @@ -5801,9 +5939,9 @@ gauge@~2.7.3: wide-align "^1.1.0" gaxios@^4.0.0: - version "4.1.0" - resolved "https://registry.yarnpkg.com/gaxios/-/gaxios-4.1.0.tgz#e8ad466db5a4383c70b9d63bfd14dfaa87eb0099" - integrity sha512-vb0to8xzGnA2qcgywAjtshOKKVDf2eQhJoiL6fHhgW5tVN7wNk7egnYIO9zotfn3lQ3De1VPdf7V5/BWfCtCmg== + version "4.2.0" + resolved "https://registry.yarnpkg.com/gaxios/-/gaxios-4.2.0.tgz#33bdc4fc241fc33b8915a4b8c07cfb368b932e46" + integrity sha512-Ms7fNifGv0XVU+6eIyL9LB7RVESeML9+cMvkwGS70xyD6w2Z80wl6RiqiJ9k1KFlJCUTQqFFc8tXmPQfSKUe8g== dependencies: abort-controller "^3.0.0" extend "^3.0.2" @@ -5819,6 +5957,19 @@ gcp-metadata@^4.2.0: gaxios "^4.0.0" json-bigint "^1.0.0" +gcs-resumable-upload@^3.1.3: + version "3.1.3" + resolved "https://registry.yarnpkg.com/gcs-resumable-upload/-/gcs-resumable-upload-3.1.3.tgz#1e38e1339600b85812e6430a5ab455453c64cce3" + integrity sha512-LjVrv6YVH0XqBr/iBW0JgRA1ndxhK6zfEFFJR4im51QVTj/4sInOXimY2evDZuSZ75D3bHxTaQAdXRukMc1y+w== + dependencies: + abort-controller "^3.0.0" + configstore "^5.0.0" + extend "^3.0.2" + gaxios "^4.0.0" + google-auth-library "^7.0.0" + pumpify "^2.0.0" + stream-events "^1.0.4" + gensync@^1.0.0-beta.1: version "1.0.0-beta.2" resolved "https://registry.yarnpkg.com/gensync/-/gensync-1.0.0-beta.2.tgz#32a6ee76c3d7f52d46b2b1ae5d93fea8580a25e0" @@ -5899,6 +6050,11 @@ get-stream@^5.1.0: dependencies: pump "^3.0.0" +get-stream@^6.0.0: + version "6.0.0" + resolved "https://registry.yarnpkg.com/get-stream/-/get-stream-6.0.0.tgz#3e0012cb6827319da2706e601a1583e8629a6718" + integrity sha512-A1B3Bh1UmL0bidM/YX2NsCOTnGJePL9rO/M+Mw3m9f2gUpfokS0hi5Eah0WSUEWZdZhIZtMjkIYS7mDfOqNHbg== + get-uri@3: version "3.0.2" resolved "https://registry.yarnpkg.com/get-uri/-/get-uri-3.0.2.tgz#f0ef1356faabc70e1f9404fa3b66b2ba9bfc725c" @@ -6052,6 +6208,13 @@ globals@^9.18.0: resolved "https://registry.yarnpkg.com/globals/-/globals-9.18.0.tgz#aa3896b3e69b487f17e31ed2143d69a8e30c2d8a" integrity sha512-S0nG3CLEQiY/ILxqtztTWH/3iRRdyBLw6KMDxnKMchrtbj2OFmehVh0WUCfW3DUrIgx/qFrJPICrq4Z4sTR9UQ== +globalthis@^1.0.2: + version "1.0.2" + resolved "https://registry.yarnpkg.com/globalthis/-/globalthis-1.0.2.tgz#2a235d34f4d8036219f7e34929b5de9e18166b8b" + integrity sha512-ZQnSFO1la8P7auIOQECnm0sSuoMeaSq0EEdXMBFF2QJO4uNcwbyhSgG3MruWNbFTqCLmxVwGOl7LZ9kASvHdeQ== + dependencies: + define-properties "^1.1.3" + globby@^11.0.1, globby@^11.0.2: version "11.0.2" resolved "https://registry.yarnpkg.com/globby/-/globby-11.0.2.tgz#1af538b766a3b540ebfb58a32b2e2d5897321d83" @@ -6130,9 +6293,9 @@ google-auth-library@^7.0.0, google-auth-library@^7.0.2: lru-cache "^6.0.0" google-gax@^2.9.2: - version "2.10.3" - resolved "https://registry.yarnpkg.com/google-gax/-/google-gax-2.10.3.tgz#53278bb5cc4b654876ade774a249f0241fdb15cc" - integrity sha512-jESs/ME9WgMzfGQKJDu9ea2mEKjznKByRL+5xb8mKfHlbUfS/LxNLNCg/35RgXwVXcNSCqkEY90z8wHxvgdd/Q== + version "2.11.2" + resolved "https://registry.yarnpkg.com/google-gax/-/google-gax-2.11.2.tgz#9ef7773b94aaa61c4588fb2408d62e8444995026" + integrity sha512-PNqXv7Oi5XBMgoMWVxLZHUidfMv7cPHrDSDXqLyEd6kY6pqFnVKC8jt2T1df4JPSc2+VLPdeo6L7X9mbdQG8Xw== dependencies: "@grpc/grpc-js" "~1.2.0" "@grpc/proto-loader" "^0.5.1" @@ -6296,6 +6459,11 @@ hash-base@^3.0.0: readable-stream "^3.6.0" safe-buffer "^5.2.0" +hash-stream-validation@^0.2.2: + version "0.2.4" + resolved "https://registry.yarnpkg.com/hash-stream-validation/-/hash-stream-validation-0.2.4.tgz#ee68b41bf822f7f44db1142ec28ba9ee7ccb7512" + integrity sha512-Gjzu0Xn7IagXVkSu9cSFuK1fqzwtLwFhNhVL8IFJijRNMgUttFbBSIAzKuSIrsFMO1+g1RlsoN49zPIbwPDMGQ== + hash-wasm@^4.4.1: version "4.4.1" resolved "https://registry.yarnpkg.com/hash-wasm/-/hash-wasm-4.4.1.tgz#9b09b728ab17c2f312639c044ac6f4f98496a090" @@ -7412,7 +7580,7 @@ istanbul-reports@^3.0.0, istanbul-reports@^3.0.2: html-escaper "^2.0.0" istanbul-lib-report "^3.0.0" -jasmine-core@^3.5.0, jasmine-core@^3.6.0: +jasmine-core@^3.6.0: version "3.6.0" resolved "https://registry.yarnpkg.com/jasmine-core/-/jasmine-core-3.6.0.tgz#491f3bb23941799c353ceb7a45b38a950ebc5a20" integrity sha512-8uQYa7zJN8hq9z+g8z1bqCfdC8eoDAeVnM5sfqs7KHv9/ifoJ500m018fpFc7RDaO6SWCLCXwo/wPSNcdYTgcw== @@ -7709,7 +7877,7 @@ jsonschema@^1.0.2: resolved "https://registry.yarnpkg.com/jsonschema/-/jsonschema-1.4.0.tgz#1afa34c4bc22190d8e42271ec17ac8b3404f87b2" integrity sha512-/YgW6pRMr6M7C+4o8kS+B/2myEpHCrxO4PEWnqJNBFMjn7EWXqlQ4tGwL6xTHeRplwuZmcAncdvfOad1nT2yMw== -jsonwebtoken@^8.2.1: +jsonwebtoken@^8.2.1, jsonwebtoken@^8.5.1: version "8.5.1" resolved "https://registry.yarnpkg.com/jsonwebtoken/-/jsonwebtoken-8.5.1.tgz#00e71e0b8df54c2121a1f26137df2280673bcc0d" integrity sha512-XjwVfRS6jTMsqYs0EsuJ4LGxXV14zQybNd4L2r0UvbVnSF9Af8x7p5MzbJ90Ioz/9TI41/hTCvznF/loiSzn8w== @@ -8650,7 +8818,7 @@ mime-db@1.45.0: resolved "https://registry.yarnpkg.com/mime-db/-/mime-db-1.45.0.tgz#cceeda21ccd7c3a745eba2decd55d4b73e7879ea" integrity sha512-CkqLUxUk15hofLoLyljJSrukZi8mAtgd+yE5uO4tqRZsdsAJKv0O+rFMhVDRJgozy+yG6md5KwuXhD4ocIoP+w== -"mime-db@>= 1.43.0 < 2": +mime-db@1.46.0, "mime-db@>= 1.43.0 < 2": version "1.46.0" resolved "https://registry.yarnpkg.com/mime-db/-/mime-db-1.46.0.tgz#6267748a7f799594de3cbc8cde91def349661cee" integrity sha512-svXaP8UQRZ5K7or+ZmfNhg2xX3yKDMUzqadsSqi4NCH/KomcH75MAMYAGVlvXn4+b/xOPhS3I2uHKRUzvjY7BQ== @@ -8662,11 +8830,23 @@ mime-types@^2.0.1, mime-types@^2.1.12, mime-types@^2.1.16, mime-types@~2.1.19, m dependencies: mime-db "1.45.0" +mime-types@^2.0.8: + version "2.1.29" + resolved "https://registry.yarnpkg.com/mime-types/-/mime-types-2.1.29.tgz#1d4ab77da64b91f5f72489df29236563754bb1b2" + integrity sha512-Y/jMt/S5sR9OaqteJtslsFZKWOIIqMACsJSiHghlCAyhf7jfVYjKBmLiX8OgpWeW+fjJ2b+Az69aPFPkUOY6xQ== + dependencies: + mime-db "1.46.0" + mime@1.6.0: version "1.6.0" resolved "https://registry.yarnpkg.com/mime/-/mime-1.6.0.tgz#32cd9e5c64553bd58d19a568af452acff04981b1" integrity sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg== +mime@^2.2.0: + version "2.5.2" + resolved "https://registry.yarnpkg.com/mime/-/mime-2.5.2.tgz#6e3dc6cc2b9510643830e5f19d5cb753da5eeabe" + integrity sha512-tqkh47FzKeCPD2PUiPB6pkbMzsCasjxAfC62/Wap5qrUWcb+sFasXUC5I3gYM5iBM8v/Qpn4UK0x+j0iHyFPDg== + mime@^2.4.4, mime@^2.4.5: version "2.5.0" resolved "https://registry.yarnpkg.com/mime/-/mime-2.5.0.tgz#2b4af934401779806ee98026bb42e8c1ae1876b1" @@ -9582,7 +9762,7 @@ p-limit@^2.0.0, p-limit@^2.2.0: dependencies: p-try "^2.0.0" -p-limit@^3.0.2: +p-limit@^3.0.1, p-limit@^3.0.2: version "3.1.0" resolved "https://registry.yarnpkg.com/p-limit/-/p-limit-3.1.0.tgz#e1daccbe78d0d1388ca18c64fea38e3e57e3706b" integrity sha512-TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ== @@ -10133,6 +10313,11 @@ pretty-error@^2.1.1: lodash "^4.17.20" renderkid "^2.0.4" +printj@~1.1.0: + version "1.1.2" + resolved "https://registry.yarnpkg.com/printj/-/printj-1.1.2.tgz#d90deb2975a8b9f600fb3a1c94e3f4c53c78a222" + integrity sha512-zA2SmoLaxZyArQTOPj5LXecR+RagfPSU5Kw1qP+jkWeNlrq+eJZyY2oS68SU1Z/7/myXM4lo9716laOFAVStCQ== + process-nextick-args@~1.0.6: version "1.0.7" resolved "https://registry.yarnpkg.com/process-nextick-args/-/process-nextick-args-1.0.7.tgz#150e20b756590ad3f91093f25a4f2ad8bff30ba3" @@ -10333,6 +10518,15 @@ pumpify@^1.3.3: inherits "^2.0.3" pump "^2.0.0" +pumpify@^2.0.0: + version "2.0.1" + resolved "https://registry.yarnpkg.com/pumpify/-/pumpify-2.0.1.tgz#abfc7b5a621307c728b551decbbefb51f0e4aa1e" + integrity sha512-m7KOje7jZxrmutanlkS1daj1dS6z6BgslzOXmcSEpIlCxM3VJH7lG5QLeck/6hgF6F4crFf01UtQmNsJfweTAw== + dependencies: + duplexify "^4.1.1" + inherits "^2.0.3" + pump "^3.0.0" + punycode@1.3.2: version "1.3.2" resolved "https://registry.yarnpkg.com/punycode/-/punycode-1.3.2.tgz#9653a036fb7c1ee42342f2325cceefea3926c48d" @@ -10574,6 +10768,13 @@ readable-stream@~2.0.0: string_decoder "~0.10.x" util-deprecate "~1.0.1" +readdir-glob@^1.0.0: + version "1.1.1" + resolved "https://registry.yarnpkg.com/readdir-glob/-/readdir-glob-1.1.1.tgz#f0e10bb7bf7bfa7e0add8baffdc54c3f7dbee6c4" + integrity sha512-91/k1EzZwDx6HbERR+zucygRFfiPl2zkIYZtv3Jjr6Mn7SkKcVct8aVO+sSRiGMc6fLf72du3d92/uY63YPdEA== + dependencies: + minimatch "^3.0.4" + readdirp@^2.2.1: version "2.2.1" resolved "https://registry.yarnpkg.com/readdirp/-/readdirp-2.2.1.tgz#0e87622a3325aa33e892285caf8b4e846529a525" @@ -10860,13 +11061,18 @@ ret@~0.1.10: resolved "https://registry.yarnpkg.com/ret/-/ret-0.1.15.tgz#b8a4825d5bdb1fc3f6f53c2bc33f81388681c7bc" integrity sha512-TTlYpa+OL+vMMNG24xSlQGEJ3B/RzEfUlLct7b5G/ytav+wPrplCpVMFuwzXbkecJrb6IYo1iFb0S9v37754mg== -retry-request@^4.0.0: +retry-request@^4.0.0, retry-request@^4.1.1: version "4.1.3" resolved "https://registry.yarnpkg.com/retry-request/-/retry-request-4.1.3.tgz#d5f74daf261372cff58d08b0a1979b4d7cab0fde" integrity sha512-QnRZUpuPNgX0+D1xVxul6DbJ9slvo4Rm6iV/dn63e048MvGbUZiKySVt6Tenp04JqmchxjiLltGerOJys7kJYQ== dependencies: debug "^4.1.1" +retry@0.12.0: + version "0.12.0" + resolved "https://registry.yarnpkg.com/retry/-/retry-0.12.0.tgz#1b42a6266a21f07421d1b0b54b7dc167b01c013b" + integrity sha1-G0KmJmoh8HQh0bC1S33BZ7AcATs= + retry@^0.10.0: version "0.10.1" resolved "https://registry.yarnpkg.com/retry/-/retry-0.10.1.tgz#e76388d217992c252750241d3d3956fed98d8ff4" @@ -11292,6 +11498,11 @@ smart-buffer@^4.1.0: resolved "https://registry.yarnpkg.com/smart-buffer/-/smart-buffer-4.1.0.tgz#91605c25d91652f4661ea69ccf45f1b331ca21ba" integrity sha512-iVICrxOzCynf/SNaBQCw34eM9jROU/s5rzIhpOvzhzuYHfJR/DhZfDkXiZSgKXfgv26HT3Yni3AV/DGw0cGnnw== +snakeize@^0.1.0: + version "0.1.0" + resolved "https://registry.yarnpkg.com/snakeize/-/snakeize-0.1.0.tgz#10c088d8b58eb076b3229bb5a04e232ce126422d" + integrity sha1-EMCI2LWOsHazIpu1oE4jLOEmQi0= + snapdragon-node@^2.0.1: version "2.1.1" resolved "https://registry.yarnpkg.com/snapdragon-node/-/snapdragon-node-2.1.1.tgz#6c175f86ff14bdb0724563e8f3c1b021a286853b" @@ -11589,6 +11800,13 @@ stream-each@^1.1.0: end-of-stream "^1.1.0" stream-shift "^1.0.0" +stream-events@^1.0.1, stream-events@^1.0.4, stream-events@^1.0.5: + version "1.0.5" + resolved "https://registry.yarnpkg.com/stream-events/-/stream-events-1.0.5.tgz#bbc898ec4df33a4902d892333d47da9bf1c406d5" + integrity sha512-E1GUzBSgvct8Jsb3v2X15pjzN1tYebtbLaMg+eBOUOAxgbLoSbT2NS91ckc5lJD1KfLjId+jXJRgo0qnV5Nerg== + dependencies: + stubs "^3.0.0" + stream-http@^2.7.2: version "2.8.3" resolved "https://registry.yarnpkg.com/stream-http/-/stream-http-2.8.3.tgz#b2d242469288a5a27ec4fe8933acf623de6514fc" @@ -11614,6 +11832,11 @@ streamroller@^2.2.4: debug "^4.1.1" fs-extra "^8.1.0" +streamsearch@0.1.2: + version "0.1.2" + resolved "https://registry.yarnpkg.com/streamsearch/-/streamsearch-0.1.2.tgz#808b9d0e56fc273d809ba57338e929919a1a9f1a" + integrity sha1-gIudDlb8Jz2Am6VzOOkpkZoanxo= + string-length@^1.0.0: version "1.0.1" resolved "https://registry.yarnpkg.com/string-length/-/string-length-1.0.1.tgz#56970fb1c38558e9e70b728bf3de269ac45adfac" @@ -11758,6 +11981,11 @@ strip-json-comments@^2.0.1, strip-json-comments@~2.0.1: resolved "https://registry.yarnpkg.com/strip-json-comments/-/strip-json-comments-2.0.1.tgz#3c531942e908c2697c0ec344858c286c7ca0a60a" integrity sha1-PFMZQukIwml8DsNEhYwobHygpgo= +stubs@^3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/stubs/-/stubs-3.0.0.tgz#e8d2ba1fa9c90570303c030b6900f7d5f89abe5b" + integrity sha1-6NK6H6nJBXAwPAMLaQD31fiavls= + style-loader@^2.0.0: version "2.0.0" resolved "https://registry.yarnpkg.com/style-loader/-/style-loader-2.0.0.tgz#9669602fd4690740eaaec137799a03addbbc393c" @@ -11961,7 +12189,7 @@ tar-fs@^2.0.0: pump "^3.0.0" tar-stream "^2.1.4" -tar-stream@^2.1.0, tar-stream@^2.1.4: +tar-stream@^2.1.4, tar-stream@^2.2.0: version "2.2.0" resolved "https://registry.yarnpkg.com/tar-stream/-/tar-stream-2.2.0.tgz#acad84c284136b060dc3faa64474aa9aebd77287" integrity sha512-ujeqbceABgwMZxEJnk2HDY2DlnUZ+9oEcb1KzTVfYHio0UE6dG71n60d8D2I4qNvleWrrXpmjpt7vZeF1LnMZQ== @@ -12014,6 +12242,17 @@ tcp-port-used@^1.0.1: debug "4.3.1" is2 "^2.0.6" +teeny-request@^7.0.0: + version "7.0.1" + resolved "https://registry.yarnpkg.com/teeny-request/-/teeny-request-7.0.1.tgz#bdd41fdffea5f8fbc0d29392cb47bec4f66b2b4c" + integrity sha512-sasJmQ37klOlplL4Ia/786M5YlOcoLGQyq2TE4WHSRupbAuDaQW0PfVxV4MtdBtRJ4ngzS+1qim8zP6Zp35qCw== + dependencies: + http-proxy-agent "^4.0.0" + https-proxy-agent "^5.0.0" + node-fetch "^2.6.1" + stream-events "^1.0.5" + uuid "^8.0.0" + temp-fs@^0.9.9: version "0.9.9" resolved "https://registry.yarnpkg.com/temp-fs/-/temp-fs-0.9.9.tgz#8071730437870720e9431532fe2814364f8803d7" @@ -12763,6 +13002,11 @@ uuid@^3.0.0, uuid@^3.3.2, uuid@^3.3.3: resolved "https://registry.yarnpkg.com/uuid/-/uuid-3.4.0.tgz#b23e4358afa8a202fe7a100af1f5f883f02007ee" integrity sha512-HjSDRw6gZE5JMggctHBcjVak08+KEVhSIiDzFnT9S9aegmp85S/bReBVTb4QTFaRNptJ9kuYaNhnbNEOkbKb/A== +uuid@^8.0.0: + version "8.3.2" + resolved "https://registry.yarnpkg.com/uuid/-/uuid-8.3.2.tgz#80d5b5ced271bb9af6c445f21a1a04c606cefbe2" + integrity sha512-+NYs2QeMWy+GWFOEm9xnn6HCDp0l7QBD7ml8zLUmJ+93Q5NF0NocErnwkTkXVFNiX3/fpC6afS8Dhb/gz7R7eg== + v8-compile-cache@^2.0.3, v8-compile-cache@^2.1.1, v8-compile-cache@^2.2.0: version "2.2.0" resolved "https://registry.yarnpkg.com/v8-compile-cache/-/v8-compile-cache-2.2.0.tgz#9471efa3ef9128d2f7c6a7ca39c4dd6b5055b132" @@ -13429,14 +13673,14 @@ yocto-queue@^0.1.0: resolved "https://registry.yarnpkg.com/yocto-queue/-/yocto-queue-0.1.0.tgz#0294eb3dee05028d31ee1a5fa2c556a6aaf10a1b" integrity sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q== -zip-stream@^2.1.2: - version "2.1.3" - resolved "https://registry.yarnpkg.com/zip-stream/-/zip-stream-2.1.3.tgz#26cc4bdb93641a8590dd07112e1f77af1758865b" - integrity sha512-EkXc2JGcKhO5N5aZ7TmuNo45budRaFGHOmz24wtJR7znbNqDPmdZtUauKX6et8KAVseAMBOyWJqEpXcHTBsh7Q== +zip-stream@^4.1.0: + version "4.1.0" + resolved "https://registry.yarnpkg.com/zip-stream/-/zip-stream-4.1.0.tgz#51dd326571544e36aa3f756430b313576dc8fc79" + integrity sha512-zshzwQW7gG7hjpBlgeQP9RuyPGNxvJdzR8SUM3QhxCnLjWN2E7j3dOvpeDcQoETfHx0urRS7EtmVToql7YpU4A== dependencies: archiver-utils "^2.1.0" - compress-commons "^2.1.1" - readable-stream "^3.4.0" + compress-commons "^4.1.0" + readable-stream "^3.6.0" zone.js@^0.10.3: version "0.10.3"