feat(auth): Add TOTP support in Project and Tenant config

etc/firebase-admin.auth.api.md

@@ -267,6 +267,8 @@ export interface ListUsersResult {
 // @public
 export interface MultiFactorConfig {
     factorIds?: AuthFactorType[];
+    // Warning: (ae-forgotten-export) The symbol "MultiFactorProviderConfig" needs to be exported by the entry point index.d.ts
+    providerConfigs?: MultiFactorProviderConfig[];
     state: MultiFactorConfigState;
 }
 
@@ -336,6 +338,8 @@ export class PhoneMultiFactorInfo extends MultiFactorInfo {
 
 // @public
 export class ProjectConfig {
+    // (undocumented)
+    readonly multiFactorConfig?: MultiFactorConfig;
     readonly smsRegionConfig?: SmsRegionConfig;
     toJSON(): object;
 }
@@ -434,6 +438,7 @@ export interface UpdatePhoneMultiFactorInfoRequest extends BaseUpdateMultiFactor
 
 // @public
 export interface UpdateProjectConfigRequest {
+    multiFactorConfig?: MultiFactorConfig;
     smsRegionConfig?: SmsRegionConfig;
 }
 

src/auth/auth-config.ts

@@ -508,7 +508,8 @@ export interface MultiFactorConfig {
    */
   factorIds?: AuthFactorType[];
   /**
-   * A list of multi-factor provider specific config.
+   * A list of multi-factor provider specific config. 
+   * New MFA providers (except phone) will indicate enablement/disablement through this field.
    */
   providerConfigs?: MultiFactorProviderConfig[];
 }
@@ -524,8 +525,8 @@ export interface MultiFactorProviderConfig {
 
 export interface TotpMultiFactorProviderConfig {
   /**
-   *  The allowed number of adjacent intervals that will be used for verification
-  *  to avoid clock skew.
+    *  The allowed number of adjacent intervals that will be used for verification
+    *  to avoid clock skew.
    */
   adjacentIntervals?: number;
 }
@@ -567,12 +568,7 @@ export class MultiFactorAuthConfig implements MultiFactorConfig {
       }
     }
     if (Object.prototype.hasOwnProperty.call(options, 'providerConfigs')) {
-      (options.providerConfigs || []).forEach((providerConfig) => {
-        if (typeof request.providerConfigs === 'undefined') {
-          request.providerConfigs = []
-        }
-        request.providerConfigs.push(providerConfig);
-      });
+      request.providerConfigs = options.providerConfigs;
     }
     return request;
   }
@@ -582,7 +578,7 @@ export class MultiFactorAuthConfig implements MultiFactorConfig {
    *
    * @param options - The options object to validate.
    */
-  private static validate(options: MultiFactorConfig): void {
+  public static validate(options: MultiFactorConfig): void {
     const validKeys = {
       state: true,
       factorIds: true,
@@ -641,22 +637,29 @@ export class MultiFactorAuthConfig implements MultiFactorConfig {
       }
       //Validate content of array.
       options.providerConfigs.forEach((multiFactorProviderConfig) => {
-        if (typeof multiFactorProviderConfig === 'undefined') {
+        if (typeof multiFactorProviderConfig === 'undefined' || !validator.isObject(multiFactorProviderConfig)) {
           throw new FirebaseAuthError(
             AuthClientErrorCode.INVALID_CONFIG,
-            `"${multiFactorProviderConfig}" is not a valid "MultiFactorProviderConfigType".`
+            `"${multiFactorProviderConfig}" is not a valid "MultiFactorProviderConfig" type.`
           )
         }
-        if (typeof multiFactorProviderConfig.state !== 'undefined' &&
-          multiFactorProviderConfig.state !== 'ENABLED' &&
-          multiFactorProviderConfig.state !== 'DISABLED') {
+        if (typeof multiFactorProviderConfig.state === 'undefined' ||
+          (multiFactorProviderConfig.state !== 'ENABLED' &&
+            multiFactorProviderConfig.state !== 'DISABLED')) {
           throw new FirebaseAuthError(
             AuthClientErrorCode.INVALID_CONFIG,
             '"MultiFactorConfig.providerConfigs.state" must be either "ENABLED" or "DISABLED".',
           )
         }
-        if (typeof multiFactorProviderConfig.totpProviderConfig !== 'undefined') {
-          if (multiFactorProviderConfig.totpProviderConfig.adjacentIntervals !== undefined &&
+        // Since TOTP is the only provider config available right now, not defining it will lead into an error
+        if (multiFactorProviderConfig.state === 'ENABLED') {
+          if (typeof multiFactorProviderConfig.totpProviderConfig === 'undefined') {
+            throw new FirebaseAuthError(
+              AuthClientErrorCode.INVALID_CONFIG,
+              '"MultiFactorConfig.providerConfigs.totpProviderConfig" must be defined.'
+            )
+          }
+          if (typeof multiFactorProviderConfig.totpProviderConfig.adjacentIntervals !== 'undefined' &&
             !validator.isNumber(multiFactorProviderConfig.totpProviderConfig.adjacentIntervals)) {
             throw new FirebaseAuthError(
               AuthClientErrorCode.INVALID_ARGUMENT,

src/auth/project-config.ts

@@ -19,6 +19,7 @@ import {
   SmsRegionsAuthConfig,
   SmsRegionConfig,
   MultiFactorConfig,
+  MultiFactorAuthConfig,
 } from './auth-config';
 import { deepCopy } from '../utils/deep-copy';
 
@@ -42,6 +43,7 @@ export interface UpdateProjectConfigRequest {
  */
 export interface ProjectConfigServerResponse {
   smsRegionConfig?: SmsRegionConfig;
+  multiFactorConfig?: MultiFactorConfig;
 }
 
 /**
@@ -50,6 +52,7 @@ export interface ProjectConfigServerResponse {
  */
 export interface ProjectConfigClientRequest {
   smsRegionConfig?: SmsRegionConfig;
+  multiFactorConfig?: MultiFactorConfig;
 }
 
 /**
@@ -62,13 +65,13 @@ export class ProjectConfig {
    * This is based on the calling code of the destination phone number.
    */
   public readonly smsRegionConfig?: SmsRegionConfig;
-  private readonly multiFactorConfig_?: MultiFactorConfig;
-  /**
-   * The multi-factor auth configuration.
-   */
-  get multiFactorConfig(): MultiFactorConfig | undefined {
-    return this.multiFactorConfig_;
-  }
+  public readonly multiFactorConfig?: MultiFactorConfig;
+  // /**
+  //  * The multi-factor auth configuration.
+  //  */
+  // get multiFactorConfig(): MultiFactorConfig | undefined {
+  //   return this.multiFactorConfig_;
+  // }
 
   /**
    * Validates a project config options object. Throws an error on failure.
@@ -84,6 +87,7 @@ export class ProjectConfig {
     }
     const validKeys = {
       smsRegionConfig: true,
+      multiFactorConfig: true,
     }
     // Check for unsupported top level attributes.
     for (const key in request) {
@@ -98,6 +102,11 @@ export class ProjectConfig {
     if (typeof request.smsRegionConfig !== 'undefined') {
       SmsRegionsAuthConfig.validate(request.smsRegionConfig);
     }
+
+    // Validate Multi Factor Config if provided
+    if (typeof request.multiFactorConfig !== 'undefined') {
+      MultiFactorAuthConfig.validate(request.multiFactorConfig);
+    }
   }
 
   /**
@@ -123,6 +132,9 @@ export class ProjectConfig {
     if (typeof response.smsRegionConfig !== 'undefined') {
       this.smsRegionConfig = response.smsRegionConfig;
     }
+    if (typeof response.multiFactorConfig !== 'undefined') {
+      this.multiFactorConfig = response.multiFactorConfig;
+    }
   }
   /**
    * Returns a JSON-serializable representation of this object.
@@ -133,10 +145,14 @@ export class ProjectConfig {
     // JSON serialization
     const json = {
       smsRegionConfig: deepCopy(this.smsRegionConfig),
+      multiFactorConfig: deepCopy(this.multiFactorConfig),
     };
     if (typeof json.smsRegionConfig === 'undefined') {
       delete json.smsRegionConfig;
     }
+    if (typeof json.multiFactorConfig === 'undefined') {
+      delete json.multiFactorConfig;
+    }
     return json;
   }
 }