Merge branch 'master' into rosalyntan.limited

Author: rosalyntan

FirebaseAnonymousAuthUI/Podfile.lock

@@ -4,7 +4,7 @@ PODS:
     - GoogleUtilities/AppDelegateSwizzler (~> 7.4)
     - GoogleUtilities/Environment (~> 7.4)
     - GTMSessionFetcher/Core (~> 1.5)
-  - FirebaseAuthUI (11.0.3):
+  - FirebaseAuthUI (12.0.0):
     - FirebaseAuth (~> 8.0)
     - FirebaseCore
   - FirebaseCore (8.4.0):
@@ -66,7 +66,7 @@ EXTERNAL SOURCES:
 
 SPEC CHECKSUMS:
   FirebaseAuth: 8ef169751d795f20921d425f7b0131cc1c70935c
-  FirebaseAuthUI: 3f6dcb6f9e1af8e889916e2e0f0f971a70c2d303
+  FirebaseAuthUI: d4c70cf0d36744f519739da8776dae87340ded9f
   FirebaseCore: 31f389c37ac1ea52454a53d3081f2d7019485a4a
   FirebaseCoreDiagnostics: cad03be1904b975f845e632f2720c3337da27faf
   GoogleDataTransport: 85fd18ff3019bb85d3f2c551d04c481dedf71fc9

FirebaseAuthUI/FirebaseAuthUITests/FUIAuthTest.m

@@ -152,4 +152,13 @@ - (void)testUseEmulatorSetsFIRAuthEmulator {
   OCMVerify([mockAuth useEmulatorWithHost:@"host" port:12345]);
 }
 
+- (void)testStringBySHA256HashingString {
+  NSString *inputString = @"abc-123.ZYX_987";
+  NSString *expectedSHA256HashedString = @"d858d78754a50c8ccdc414946f656fe854e6ba76bf09a79a7e7d9ca135e4b58d";
+
+  NSString *actualSHA256HashedString = [FUIAuthUtils stringBySHA256HashingString:inputString];
+
+  XCTAssertEqualObjects(actualSHA256HashedString, expectedSHA256HashedString);
+}
+
 @end

FirebaseAuthUI/Sources/FUIAuthUtils.m

@@ -16,6 +16,8 @@
 
 #import "FirebaseAuthUI/Sources/Public/FirebaseAuthUI/FUIAuthUtils.h"
 
+#import <CommonCrypto/CommonCrypto.h>
+
 #if SWIFT_PACKAGE
 NSString *const FUIAuthBundleName = @"FirebaseUI_FirebaseAuthUI";
 #else
@@ -74,4 +76,51 @@ + (nullable UIImage *)imageNamed:(NSString *)name fromBundle:(nullable NSBundle
   }
 }
 
++ (NSString *)randomNonce {
+  // Adapted from https://auth0.com/docs/api-auth/tutorials/nonce#generate-a-cryptographically-random-nonce
+  NSString *characterSet = @"0123456789ABCDEFGHIJKLMNOPQRSTUVXYZabcdefghijklmnopqrstuvwxyz-._";
+  NSMutableString *result = [NSMutableString string];
+  NSInteger remainingLength = 32;
+
+  while (remainingLength > 0) {
+    NSMutableArray *randoms = [NSMutableArray arrayWithCapacity:16];
+    for (NSInteger i = 0; i < 16; i++) {
+      uint8_t random = 0;
+      int errorCode = SecRandomCopyBytes(kSecRandomDefault, 1, &random);
+      if (errorCode != errSecSuccess) {
+        [NSException raise:@"FUIAuthGenerateRandomNonce"
+                    format:@"Unable to generate nonce: OSStatus %i", errorCode];
+      }
+
+      [randoms addObject:@(random)];
+    }
+
+    for (NSNumber *random in randoms) {
+      if (remainingLength == 0) {
+        break;
+      }
+
+      if (random.unsignedIntValue < characterSet.length) {
+        unichar character = [characterSet characterAtIndex:random.unsignedIntValue];
+        [result appendFormat:@"%C", character];
+        remainingLength--;
+      }
+    }
+  }
+
+  return result;
+}
+
++ (NSString *)stringBySHA256HashingString:(NSString *)input {
+  const char *string = [input UTF8String];
+  unsigned char result[CC_SHA256_DIGEST_LENGTH];
+  CC_SHA256(string, (CC_LONG)strlen(string), result);
+
+  NSMutableString *hashed = [NSMutableString stringWithCapacity:CC_SHA256_DIGEST_LENGTH * 2];
+  for (NSInteger i = 0; i < CC_SHA256_DIGEST_LENGTH; i++) {
+    [hashed appendFormat:@"%02x", result[i]];
+  }
+  return hashed;
+}
+
 @end

FirebaseAuthUI/Sources/Public/FirebaseAuthUI/FUIAuthUtils.h

@@ -47,6 +47,17 @@ extern NSString *const FUIAuthBundleName;
  */
 + (nullable UIImage *)imageNamed:(NSString *)name fromBundle:(nullable NSBundle *)bundle;
 
+/** @fn randomNonce
+    @brief Generates a random 32-character nonce.
+ */
++ (NSString *)randomNonce;
+
+/** @fn stringBySHA256HashingString:
+    @brief Generates the SHA-256 hash of the input string.
+    @param input The input string to be hashed.
+ */
++ (NSString *)stringBySHA256HashingString:(NSString *)input;
+
 @end
 
 NS_ASSUME_NONNULL_END

FirebaseAuthUI/Sources/Strings/en.lproj/FirebaseAuthUI.strings

@@ -80,7 +80,7 @@
 "EmailAlreadyInUseError" = "The email address is already in use by another account.";
 
 /* Error message displayed when the password is too weak. */
-"WeakPasswordError" = "Strong passwords have at least 6 characters and a mix of letters and numbers.";
+"WeakPasswordError" = "Password must be at least 6 characters long.";
 
 /* Error message displayed when many accounts have been created from same IP address. */
 "SignUpTooManyTimesError" = "Too many account requests are coming from your IP address. Try again in a few minutes.";

FirebaseEmailAuthUI/Podfile.lock

@@ -4,7 +4,7 @@ PODS:
     - GoogleUtilities/AppDelegateSwizzler (~> 7.4)
     - GoogleUtilities/Environment (~> 7.4)
     - GTMSessionFetcher/Core (~> 1.5)
-  - FirebaseAuthUI (11.0.3):
+  - FirebaseAuthUI (12.0.0):
     - FirebaseAuth (~> 8.0)
     - FirebaseCore
   - FirebaseCore (8.4.0):
@@ -69,7 +69,7 @@ EXTERNAL SOURCES:
 
 SPEC CHECKSUMS:
   FirebaseAuth: 8ef169751d795f20921d425f7b0131cc1c70935c
-  FirebaseAuthUI: 3f6dcb6f9e1af8e889916e2e0f0f971a70c2d303
+  FirebaseAuthUI: d4c70cf0d36744f519739da8776dae87340ded9f
   FirebaseCore: 31f389c37ac1ea52454a53d3081f2d7019485a4a
   FirebaseCoreDiagnostics: cad03be1904b975f845e632f2720c3337da27faf
   GoogleDataTransport: 85fd18ff3019bb85d3f2c551d04c481dedf71fc9

FirebaseFacebookAuthUI/Podfile.lock

@@ -16,7 +16,7 @@ PODS:
     - GoogleUtilities/AppDelegateSwizzler (~> 7.4)
     - GoogleUtilities/Environment (~> 7.4)
     - GTMSessionFetcher/Core (~> 1.5)
-  - FirebaseAuthUI (11.0.3):
+  - FirebaseAuthUI (12.0.0):
     - FirebaseAuth (~> 8.0)
     - FirebaseCore
   - FirebaseCore (8.4.0):
@@ -86,7 +86,7 @@ SPEC CHECKSUMS:
   FBSDKCoreKit_Basics: 06780a4a12e16596bde8406add02c6aa1bf38616
   FBSDKLoginKit: 8243e04c590c38b85c69fcf09d1234514d2475c3
   FirebaseAuth: 8ef169751d795f20921d425f7b0131cc1c70935c
-  FirebaseAuthUI: 3f6dcb6f9e1af8e889916e2e0f0f971a70c2d303
+  FirebaseAuthUI: d4c70cf0d36744f519739da8776dae87340ded9f
   FirebaseCore: 31f389c37ac1ea52454a53d3081f2d7019485a4a
   FirebaseCoreDiagnostics: cad03be1904b975f845e632f2720c3337da27faf
   GoogleDataTransport: 85fd18ff3019bb85d3f2c551d04c481dedf71fc9

FirebaseGoogleAuthUI/Podfile.lock

@@ -9,7 +9,7 @@ PODS:
     - GoogleUtilities/AppDelegateSwizzler (~> 7.4)
     - GoogleUtilities/Environment (~> 7.4)
     - GTMSessionFetcher/Core (~> 1.5)
-  - FirebaseAuthUI (11.0.3):
+  - FirebaseAuthUI (12.0.0):
     - FirebaseAuth (~> 8.0)
     - FirebaseCore
   - FirebaseCore (8.4.0):
@@ -83,7 +83,7 @@ EXTERNAL SOURCES:
 SPEC CHECKSUMS:
   AppAuth: 31bcec809a638d7bd2f86ea8a52bd45f6e81e7c7
   FirebaseAuth: 8ef169751d795f20921d425f7b0131cc1c70935c
-  FirebaseAuthUI: 3f6dcb6f9e1af8e889916e2e0f0f971a70c2d303
+  FirebaseAuthUI: d4c70cf0d36744f519739da8776dae87340ded9f
   FirebaseCore: 31f389c37ac1ea52454a53d3081f2d7019485a4a
   FirebaseCoreDiagnostics: cad03be1904b975f845e632f2720c3337da27faf
   GoogleDataTransport: 85fd18ff3019bb85d3f2c551d04c481dedf71fc9

FirebaseOAuthUI/Podfile.lock

@@ -4,7 +4,7 @@ PODS:
     - GoogleUtilities/AppDelegateSwizzler (~> 7.4)
     - GoogleUtilities/Environment (~> 7.4)
     - GTMSessionFetcher/Core (~> 1.5)
-  - FirebaseAuthUI (11.0.3):
+  - FirebaseAuthUI (12.0.0):
     - FirebaseAuth (~> 8.0)
     - FirebaseCore
   - FirebaseCore (8.4.0):
@@ -66,7 +66,7 @@ EXTERNAL SOURCES:
 
 SPEC CHECKSUMS:
   FirebaseAuth: 8ef169751d795f20921d425f7b0131cc1c70935c
-  FirebaseAuthUI: 3f6dcb6f9e1af8e889916e2e0f0f971a70c2d303
+  FirebaseAuthUI: d4c70cf0d36744f519739da8776dae87340ded9f
   FirebaseCore: 31f389c37ac1ea52454a53d3081f2d7019485a4a
   FirebaseCoreDiagnostics: cad03be1904b975f845e632f2720c3337da27faf
   GoogleDataTransport: 85fd18ff3019bb85d3f2c551d04c481dedf71fc9

FirebaseOAuthUI/Sources/FUIOAuth.m

@@ -99,6 +99,8 @@ @interface FUIOAuth () <ASAuthorizationControllerDelegate, ASAuthorizationContro
  */
 @property(nonatomic, copy, nullable) NSString *loginHintKey;
 
+@property(nonatomic, copy, nullable) NSString *currentNonce;
+
 /** @property provider
     @brief The OAuth provider that does the actual sign in.
  */
@@ -292,8 +294,11 @@ - (void)signInWithDefaultValue:(nullable NSString *)defaultValue
 
   if ([self.providerID isEqualToString:@"apple.com"] && !self.authUI.isEmulatorEnabled) {
     if (@available(iOS 13.0, *)) {
+      NSString *nonce = [FUIAuthUtils randomNonce];
+      self.currentNonce = nonce;
       ASAuthorizationAppleIDRequest *request = [[[ASAuthorizationAppleIDProvider alloc] init] createRequest];
       request.requestedScopes = @[ASAuthorizationScopeFullName, ASAuthorizationScopeEmail];
+      request.nonce = [FUIAuthUtils stringBySHA256HashingString:nonce];
       ASAuthorizationController* controller = [[ASAuthorizationController alloc] initWithAuthorizationRequests:@[request]];
       controller.delegate = self;
       controller.presentationContextProvider = self;
@@ -368,9 +373,10 @@ - (void)authorizationController:(ASAuthorizationController *)controller didCompl
     _providerSignInCompletion(nil, nil, nil, nil);
   }
   NSString *idToken = [[NSString alloc] initWithData:appleIDCredential.identityToken encoding:NSUTF8StringEncoding];
+  NSString *rawNonce = self.currentNonce;
   FIROAuthCredential *credential = [FIROAuthProvider credentialWithProviderID:@"apple.com"
                                                                       IDToken:idToken
-                                                                  accessToken:nil];
+                                                                     rawNonce:rawNonce];
   FIRAuthResultCallback result;
   NSPersonNameComponents *nameComponents = appleIDCredential.fullName;
   if (nameComponents != nil) {