firebase · xil222 · Aug 16, 2021 · Aug 4, 2021 · Aug 5, 2021 · Aug 10, 2021
diff --git a/src/auth/auth.ts b/src/auth/auth.ts
@@ -104,9 +104,9 @@ export class BaseAuth<T extends AbstractAuthRequestHandler> implements BaseAuthI
   }
 
   /**
-   * Verifies a JWT auth token. Returns a Promise with the tokens claims.
-   * Rejects the promise if the token could not be verified.
-   * If checkRevoked is set to true, first verifies whether the corresponding
+   * Verifies a JWT auth token. Returns a promise with the tokens claims.
+   * Rejects the promise if the token cannot be verified.
+   * If `checkRevoked` is set to true, first verifies whether the corresponding
    * user is disabled.
    * If yes, an auth/user-disabled error is thrown.
    * If no, verifies if the session corresponding to the ID token was revoked.
@@ -116,7 +116,7 @@ export class BaseAuth<T extends AbstractAuthRequestHandler> implements BaseAuthI
    *
    * @param {string} idToken The JWT to verify.
    * @param {boolean=} checkRevoked Whether to check if the ID token is revoked.
-   * @return {Promise<DecodedIdToken>} A Promise that will be fulfilled after
+   * @return {Promise<DecodedIdToken>} A promise that will be fulfilled after
    *   a successful verification.
    */
   public verifyIdToken(idToken: string, checkRevoked = false): Promise<DecodedIdToken> {
@@ -510,10 +510,10 @@ export class BaseAuth<T extends AbstractAuthRequestHandler> implements BaseAuthI
   }
 
   /**
-   * Verifies a Firebase session cookie. Returns a Promise with the tokens claims.
+   * Verifies a Firebase session cookie. Returns a promise with the tokens claims.
    * Rejects the promise if the cookie could not be verified. 
-   * If checkRevoked is set to true, first verifies whether the corresponding
-   * user is true:
+   * If `checkRevoked` is set to true, first verifies whether the corresponding
+   * user is disabled:
    * If yes, an auth/user-disabled error is thrown.
    * If no, verifies if the session corresponding to the session cookie was
    * revoked.
@@ -524,7 +524,7 @@ export class BaseAuth<T extends AbstractAuthRequestHandler> implements BaseAuthI
    * @param {string} sessionCookie The session cookie to verify.
    * @param {boolean=} checkRevoked Whether to check if the session cookie is
    *     revoked.
-   * @return {Promise<DecodedIdToken>} A Promise that will be fulfilled after
+   * @return {Promise<DecodedIdToken>} A promise that will be fulfilled after
    *     a successful verification.
    */
   public verifySessionCookie(
@@ -740,7 +740,7 @@ export class BaseAuth<T extends AbstractAuthRequestHandler> implements BaseAuthI
    * @param {DecodedIdToken} decodedIdToken The JWT's decoded claims.
    * @param {ErrorInfo} revocationErrorInfo The revocation error info to throw on revocation
    *     detection.
-   * @return {Promise<DecodedIdToken>} A Promise that will be fulfilled after a successful
+   * @return {Promise<DecodedIdToken>} A promise that will be fulfilled after a successful
    *     verification.
    */
   private verifyDecodedJWTNotRevokedOrDisabled(
@@ -794,15 +794,15 @@ export class TenantAwareAuth
   }
 
   /**
-   * Verifies a JWT auth token. Returns a Promise with the tokens claims. Rejects
+   * Verifies a JWT auth token. Returns a promise with the tokens claims. Rejects
    * the promise if the token could not be verified. If checkRevoked is set to true,
    * verifies if the session corresponding to the ID token was revoked. If the corresponding
    * user's session was invalidated, an auth/id-token-revoked error is thrown. If not specified
    * the check is not applied.
    *
    * @param {string} idToken The JWT to verify.
    * @param {boolean=} checkRevoked Whether to check if the ID token is revoked.
-   * @return {Promise<DecodedIdToken>} A Promise that will be fulfilled after a successful
+   * @return {Promise<DecodedIdToken>} A promise that will be fulfilled after a successful
    *     verification.
    */
   public verifyIdToken(idToken: string, checkRevoked = false): Promise<DecodedIdToken> {
@@ -845,15 +845,15 @@ export class TenantAwareAuth
   }
 
   /**
-   * Verifies a Firebase session cookie. Returns a Promise with the tokens claims. Rejects
+   * Verifies a Firebase session cookie. Returns a promise with the tokens claims. Rejects
    * the promise if the token could not be verified. If checkRevoked is set to true,
    * verifies if the session corresponding to the session cookie was revoked. If the corresponding
    * user's session was invalidated, an auth/session-cookie-revoked error is thrown. If not
    * specified the check is not performed.
    *
    * @param {string} sessionCookie The session cookie to verify.
    * @param {boolean=} checkRevoked Whether to check if the session cookie is revoked.
-   * @return {Promise<DecodedIdToken>} A Promise that will be fulfilled after a successful
+   * @return {Promise<DecodedIdToken>} A promise that will be fulfilled after a successful
    *     verification.
    */
   public verifySessionCookie(

diff --git a/test/integration/auth.spec.ts b/test/integration/auth.spec.ts
@@ -877,42 +877,38 @@ describe('admin.auth', () => {
         .should.eventually.be.rejected.and.have.property('code', 'auth/argument-error');
     });
 
-    it('verifyIdToken() fails with checkRevoked set to true and corresponding user disabled', () => {
-      let currentIdToken: string;
-      return clientAuth().signInWithEmailAndPassword(email, password)
-        .then(({ user }) => {
-          expect(user).to.exist;
-          expect(user!.email).to.equal(email);
-          return user!.getIdToken();
-        })
-        .then((idToken) => {
-          currentIdToken = idToken;
-          return admin.auth().verifyIdToken(currentIdToken, true);
-        })
-        .then((decodedIdToken) => {
-          expect(decodedIdToken.sub).to.equal(uid);
-          expect(decodedIdToken.uid).to.equal(uid);
-          expect(decodedIdToken.email).to.equal(email);
-          return admin.auth().updateUser(uid, { disabled: true });
-        })
-        .then((userRecord) => {
-          // Ensure disabled field has been updated.
-          expect(userRecord.uid).to.equal(uid);
-          expect(userRecord.email).to.equal(email);
-          expect(userRecord.disabled).to.equal(true);
-          return admin.auth().verifyIdToken(currentIdToken, false);
-        })
-        .then((decodedIdToken) => {
-          expect(decodedIdToken.sub).to.equal(uid);
-          expect(decodedIdToken.uid).to.equal(uid);
-          expect(decodedIdToken.email).to.equal(email);
-          return admin.auth().verifyIdToken(currentIdToken, true);
-        })
-        .then(() => {
-          throw new Error('Unexpected success');
-        }, (error) => {
+    it('verifyIdToken() fails with checkRevoked set to true and corresponding user disabled', async () => {
+      const { user } = await clientAuth().signInWithEmailAndPassword(email, password);
+      expect(user).to.exist;
+      expect(user!.email).to.equal(email);
+
+      const idToken = await user!.getIdToken();
+      let decodedIdToken = await admin.auth().verifyIdToken(idToken, true);
+      expect(decodedIdToken.uid).to.equal(uid);
+      expect(decodedIdToken.email).to.equal(email);
+
+      const userRecord = await admin.auth().updateUser(uid, { disabled: true });
+      expect(userRecord.uid).to.equal(uid);
+      expect(userRecord.email).to.equal(email);
+      expect(userRecord.disabled).to.equal(true);
+
+      try {
+        // If it is in emulator mode, a user-disabled error will be thrown.
+        decodedIdToken = await admin.auth().verifyIdToken(idToken, false);
+        expect(decodedIdToken.uid).to.equal(uid);
+      } catch (error) {
+        if (authEmulatorHost) {
           expect(error).to.have.property('code', 'auth/user-disabled');
-        });
+        } else {
+          throw error;
+        }
+      }
+
+      try {
+        await admin.auth().verifyIdToken(idToken, true);
+      } catch (error) {
+        expect(error).to.have.property('code', 'auth/user-disabled');
+      }
     });
 
     if (authEmulatorHost) {
@@ -2061,50 +2057,42 @@ describe('admin.auth', () => {
         });
     });
 
-    it('fails with checkRevoked set to true and corresponding user disabled', () => {
+    it('fails with checkRevoked set to true and corresponding user disabled', async () => {
       const expiresIn = 24 * 60 * 60 * 1000;
-      let currentIdToken: string;
-      let currentSessioncookie: string;
-      return admin.auth().createCustomToken(uid, { admin: true, groupId: '1234' })
-        .then((customToken) => {
-          return clientAuth().signInWithCustomToken(customToken);
-        })
-        .then(({ user }) => {
-          expect(user).to.exist;
-          return user!.getIdToken();
-        })
-        .then((idToken) => {
-          currentIdToken = idToken;
-          return admin.auth().verifyIdToken(idToken);
-        }).then((decodedIdTokenClaims) => {
-          expect(decodedIdTokenClaims.uid).to.be.equal(uid);
-          // One day long session cookie.
-          return admin.auth().createSessionCookie(currentIdToken, { expiresIn });
-        })
-        .then((sessionCookie) => {
-          currentSessioncookie = sessionCookie;
-          return admin.auth().verifySessionCookie(sessionCookie, true);
-        })
-        .then((decodedIdToken) => {
-          expect(decodedIdToken.sub).to.equal(uid);
-          expect(decodedIdToken.uid).to.equal(uid);
-          return admin.auth().updateUser(uid, { disabled : true });
-        })
-        .then((userRecord) => {
-          // Ensure disabled field has been updated.
-          expect(userRecord.uid).to.equal(uid);
-          expect(userRecord.disabled).to.equal(true);
-          return admin.auth().verifySessionCookie(currentSessioncookie, false);
-        }).then((decodedIdToken) => {
-          expect(decodedIdToken.sub).to.equal(uid);
-          expect(decodedIdToken.uid).to.equal(uid);
-          return admin.auth().verifySessionCookie(currentSessioncookie, true);
-        })
-        .then(() => {
-          throw new Error('Unexpected success');
-        }, (error) => {
+      const customToken = await admin.auth().createCustomToken(uid, { admin: true, groupId: '1234' });
+      const { user } = await clientAuth().signInWithCustomToken(customToken);
+      expect(user).to.exist;
+
+      const idToken = await user!.getIdToken();
+      const decodedIdTokenClaims = await admin.auth().verifyIdToken(idToken);
+      expect(decodedIdTokenClaims.uid).to.be.equal(uid);
+
+      const sessionCookie = await admin.auth().createSessionCookie(idToken, { expiresIn });
+      let decodedIdToken = await admin.auth().verifySessionCookie(sessionCookie, true);
+      expect(decodedIdToken.uid).to.equal(uid);
+
+      const userRecord = await admin.auth().updateUser(uid, { disabled : true });
+      // Ensure disabled field has been updated.
+      expect(userRecord.uid).to.equal(uid);
+      expect(userRecord.disabled).to.equal(true);
+
+      try {
+        // If it is in emulator mode, a user-disabled error will be thrown.
+        decodedIdToken = await admin.auth().verifySessionCookie(sessionCookie, false);
+        expect(decodedIdToken.uid).to.equal(uid);
+      } catch (error) {
+        if (authEmulatorHost) {
           expect(error).to.have.property('code', 'auth/user-disabled');
-        });
+        } else {
+          throw error;
+        }
+      }
+
+      try {
+        await admin.auth().verifySessionCookie(sessionCookie, true);
+      } catch (error) {
+        expect(error).to.have.property('code', 'auth/user-disabled');
+      }
     });
   });