Add withMultiFactors and tests

ThijsLacquet · ThijsLacquet · commit 45e1dff2dd42 · 2025-02-28T15:17:23.000+01:00
diff --git a/docs/user-management.rst b/docs/user-management.rst
@@ -269,7 +269,8 @@ Property               Type         Description
 ``deletePhotoUrl``     boolean      Whether or not to delete the user's photo.
 ``deleteDisplayName``  boolean      Whether or not to delete the user's display name.
 ``deletePhoneNumber``  boolean      Whether or not to delete the user's phone number.
-``resetMultiFactor``   boolean      Whether or not to reset all of the user's enrolled factors.
+``resetMultiFactor``   boolean      Whether or not to reset all of the user's enrolled factors. Including phone and TOTP factors.
+``multiFactors``       array        An array of multi-factor factors.
 ``deleteProvider``     string|array One or more identity providers to delete.
 ``customAttributes``   array        A list of custom attributes which will be available in a User's ID token.
 ====================== ============ ===========
@@ -323,18 +324,6 @@ Enable a user
 
     $updatedUser = $auth->enableUser($uid);
 
-*********************************
-Reset multi factor authentication
-*********************************
-
-The Firebase Admin SDK allows removing all enrolled factors for multi factor authentication for a user:
-
-.. code-block:: php
-
-    $uid = 'some-uid';
-
-    $updatedUser = $auth->resetMultiFactor($uid);
-
 ******************
 Custom user claims
 ******************
@@ -409,6 +398,25 @@ This method always returns an instance of ``Kreait\Firebase\Auth\DeleteUsersResu
     Cloud Functions for Firebase. This is because batch deletes do not trigger a user deletion event on each user.
     Delete users one at a time if you want user deletion events to fire for each deleted user.
 
+*********************************
+Set multi factor authentication
+*********************************
+
+The Firebase Admin SDK allows setting multi-factor authentication for a user, consisting of phone factors. Setting the
+multi-factor authentication overwrites all existing factors. Setting the `mfaEnrollmentId` and `enrolledAt` properties is
+optional. For example:
+
+.. code-block:: php
+
+    $uid = 'some-uid';
+
+    $updatedUser = $auth->updateUser($uid, ['multifactors' => [[
+        'mfaEnrollmentId' => '85dc3f7b-7bef-45b9-b9e6-0a1c2c656fed',
+        'phoneInfo' => '+31123456789',
+        'displayName' => 'foo',
+        'enrolledAt' => '2025-02-28T15:30:00Z',
+    ]]);
+
 **************************************
 Duplicate/Unregistered email addresses
 **************************************
diff --git a/src/Firebase/Auth.php b/src/Firebase/Auth.php
@@ -235,11 +235,6 @@ public function disableUser(Stringable|string $uid): UserRecord
         return $this->updateUser($uid, UpdateUser::new()->markAsDisabled());
     }
 
-    public function resetMultiFactor(Stringable|string $uid): UserRecord
-    {
-        return $this->updateUser($uid, UpdateUser::new()->resetMultiFactor());
-    }
-
     public function deleteUser(Stringable|string $uid): void
     {
         $uid = Uid::fromString($uid)->value;
diff --git a/src/Firebase/Contract/Auth.php b/src/Firebase/Contract/Auth.php
@@ -165,14 +165,6 @@ public function enableUser(Stringable|string $uid): UserRecord;
      */
     public function disableUser(Stringable|string $uid): UserRecord;
 
-    /**
-     * @param Stringable|non-empty-string $uid
-     *
-     * @throws Exception\AuthException
-     * @throws Exception\FirebaseException
-     */
-    public function resetMultiFactor(Stringable|string $uid): UserRecord;
-
     /**
      * @param Stringable|non-empty-string $uid
      *
diff --git a/src/Firebase/Request/UpdateUser.php b/src/Firebase/Request/UpdateUser.php
@@ -159,6 +159,11 @@ public static function withProperties(array $properties): self
                         $request = $request->resetMultiFactor();
                     }
 
+                    break;
+
+                case 'multifactors':
+                    $request = $request->withMultiFactors($value);
+
                     break;
             }
         }
@@ -212,6 +217,27 @@ public function withRemovedEmail(): self
         return $request;
     }
 
+    /**
+     * @param array<array-key, array{
+     *     'mfaEnrollmentId'?: string,
+     *     'displayName': string,
+     *     'phoneInfo': string,
+     *     'enrolledAt'?: string,
+     * }> $enrollments
+     */
+    public function withMultiFactors(array $enrollments): self
+    {
+        $request = clone $this;
+
+        if (is_null($request->multiFactor)) {
+            $request->multiFactor = [];
+        }
+
+        $request->multiFactor['enrollments'] = $enrollments;
+
+        return $request;
+    }
+
     public function resetMultiFactor(): self
     {
         $request = clone $this;
@@ -220,7 +246,7 @@ public function resetMultiFactor(): self
             $request->multiFactor = [];
         }
 
-        $request->multiFactor['enrolledFactors'] = [];
+        $request->multiFactor['enrollments'] = [];
 
         return $request;
     }
diff --git a/tests/Integration/Request/UpdateUserTest.php b/tests/Integration/Request/UpdateUserTest.php
@@ -203,4 +203,45 @@ public function timeOfLastPasswordUpdateIsIncluded(): void
             $this->auth->deleteUser($user->uid);
         }
     }
+
+    #[Test]
+    public function setMultiFactor(): void
+    {
+        $user = $this->auth->createUser(CreateUser::new());
+
+        $factor = [
+            'mfaEnrollmentId' => '85dc3f7b-7bef-45b9-b9e6-0a1c2c656fed',
+            'phoneInfo' => '+31123456789',
+            'displayName' => '',
+            'enrolledAt' => '2025-02-28T15:30:00Z',
+        ];
+
+        $check = $this->auth->updateUser($user->uid, ['enrolledfactors' => [$factor]]);
+
+        $this->assertEquals($factor['mfaEnrollmentId'], $check->mfaInfo?->mfaEnrollmentId);
+        $this->assertEquals($factor['phoneInfo'], $check->mfaInfo?->phoneInfo);
+        $this->assertEquals($factor['displayName'], $check->mfaInfo?->displayName);
+        $this->assertEquals($factor['enrolledAt'], $check->mfaInfo?->enrolledAt);
+    }
+
+    #[Test]
+    public function resetMultiFactor(): void
+    {
+        $user = $this->auth->createUser(CreateUser::new());
+
+        $factor = [
+            'mfaEnrollmentId' => '85dc3f7b-7bef-45b9-b9e6-0a1c2c656fed',
+            'phoneInfo' => '+31123456789',
+            'displayName' => '',
+            'enrolledAt' => '2025-02-28T15:30:00Z',
+        ];
+
+        $updatedUser = $this->auth->updateUser($user->uid, ['enrolledfactors' => [$factor]]);
+
+        $this->assertNotNull($updatedUser->mfaInfo);
+
+        $check = $this->auth->updateUser($user->uid, ['resetmultifactor' => true]);
+
+        $this->assertNull($check->mfaInfo);
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -235,11 +235,6 @@ public function disableUser(Stringable\|string $uid): UserRecord`
`235`	`235`	`return $this->updateUser($uid, UpdateUser::new()->markAsDisabled());`
`236`	`236`	`}`
`237`	`237`
`238`		`- public function resetMultiFactor(Stringable\|string $uid): UserRecord`
`239`		`- {`
`240`		`- return $this->updateUser($uid, UpdateUser::new()->resetMultiFactor());`
`241`		`- }`
`242`		`-`
`243`	`238`	`public function deleteUser(Stringable\|string $uid): void`
`244`	`239`	`{`
`245`	`240`	`$uid = Uid::fromString($uid)->value;`