tidy

Code-Hex · Code-Hex · commit 57a4b630a793 · 2024-02-24T00:49:10.000+09:00
diff --git a/src/auth.ts b/src/auth.ts
@@ -154,6 +154,9 @@ export class BaseAuth {
    * for code samples and detailed documentation.
    *
    * @param uid - The `uid` corresponding to the user whose data to fetch.
+   * @param env - An optional parameter specifying the environment in which the function is running.
+   *   If the function is running in an emulator environment, this should be set to `EmulatorEnv`.
+   *   If not specified, the function will assume it is running in a production environment.
    *
    * @returns A promise fulfilled with the user
    *   data corresponding to the provided `uid`.
@@ -162,41 +165,6 @@ export class BaseAuth {
     return await this.authApiClient.getAccountInfoByUid(uid, env);
   }
 
-  /**
-   * Verifies the decoded Firebase issued JWT is not revoked or disabled. Returns a promise that
-   * resolves with the decoded claims on success. Rejects the promise with revocation error if revoked
-   * or user disabled.
-   *
-   * @param decodedIdToken - The JWT's decoded claims.
-   * @param revocationErrorInfo - The revocation error info to throw on revocation
-   *     detection.
-   * @returns A promise that will be fulfilled after a successful verification.
-   */
-  private async verifyDecodedJWTNotRevokedOrDisabled(
-    decodedIdToken: FirebaseIdToken,
-    revocationErrorInfo: ErrorInfo,
-    env?: EmulatorEnv
-  ): Promise<FirebaseIdToken> {
-    // Get tokens valid after time for the corresponding user.
-    const user = await this.getUser(decodedIdToken.sub, env);
-    if (user.disabled) {
-      throw new FirebaseAuthError(AuthClientErrorCode.USER_DISABLED, 'The user record is disabled.');
-    }
-    // If no tokens valid after time available, token is not revoked.
-    if (user.tokensValidAfterTime) {
-      // Get the ID token authentication time and convert to milliseconds UTC.
-      const authTimeUtc = decodedIdToken.auth_time * 1000;
-      // Get user tokens valid after time in milliseconds UTC.
-      const validSinceUtc = new Date(user.tokensValidAfterTime).getTime();
-      // Check if authentication time is older than valid since time.
-      if (authTimeUtc < validSinceUtc) {
-        throw new FirebaseAuthError(revocationErrorInfo);
-      }
-    }
-    // All checks above passed. Return the decoded token.
-    return decodedIdToken;
-  }
-
   /**
    * Revokes all refresh tokens for an existing user.
    *
@@ -212,6 +180,9 @@ export class BaseAuth {
    *
    * @param uid - The `uid` corresponding to the user whose refresh tokens
    *   are to be revoked.
+   * @param env - An optional parameter specifying the environment in which the function is running.
+   *   If the function is running in an emulator environment, this should be set to `EmulatorEnv`.
+   *   If not specified, the function will assume it is running in a production environment.
    *
    * @returns An empty promise fulfilled once the user's refresh
    *   tokens have been revoked.
@@ -240,12 +211,50 @@ export class BaseAuth {
    *   user's ID token which is transmitted on every authenticated request.
    *   For profile non-access related user attributes, use database or other
    *   separate storage systems.
+   * @param env - An optional parameter specifying the environment in which the function is running.
+   *   If the function is running in an emulator environment, this should be set to `EmulatorEnv`.
+   *   If not specified, the function will assume it is running in a production environment.
    * @returns A promise that resolves when the operation completes
    *   successfully.
    */
   public async setCustomUserClaims(uid: string, customUserClaims: object | null, env?: EmulatorEnv): Promise<void> {
     await this.authApiClient.setCustomUserClaims(uid, customUserClaims, env);
   }
+
+  /**
+   * Verifies the decoded Firebase issued JWT is not revoked or disabled. Returns a promise that
+   * resolves with the decoded claims on success. Rejects the promise with revocation error if revoked
+   * or user disabled.
+   *
+   * @param decodedIdToken - The JWT's decoded claims.
+   * @param revocationErrorInfo - The revocation error info to throw on revocation
+   *     detection.
+   * @returns A promise that will be fulfilled after a successful verification.
+   */
+  private async verifyDecodedJWTNotRevokedOrDisabled(
+    decodedIdToken: FirebaseIdToken,
+    revocationErrorInfo: ErrorInfo,
+    env?: EmulatorEnv
+  ): Promise<FirebaseIdToken> {
+    // Get tokens valid after time for the corresponding user.
+    const user = await this.getUser(decodedIdToken.sub, env);
+    if (user.disabled) {
+      throw new FirebaseAuthError(AuthClientErrorCode.USER_DISABLED, 'The user record is disabled.');
+    }
+    // If no tokens valid after time available, token is not revoked.
+    if (user.tokensValidAfterTime) {
+      // Get the ID token authentication time and convert to milliseconds UTC.
+      const authTimeUtc = decodedIdToken.auth_time * 1000;
+      // Get user tokens valid after time in milliseconds UTC.
+      const validSinceUtc = new Date(user.tokensValidAfterTime).getTime();
+      // Check if authentication time is older than valid since time.
+      if (authTimeUtc < validSinceUtc) {
+        throw new FirebaseAuthError(revocationErrorInfo);
+      }
+    }
+    // All checks above passed. Return the decoded token.
+    return decodedIdToken;
+  }
 }
 
 /**
