feat(auth): Added Firebase Auth emulator support (#295)

* feat(auth): Add support for Firebase Authentication Emulator (#289)

* Add IdToolkitHostResolver with tests

* Add resolution for versions of the API with tests

* Simplify and reduce IdToolkitHostResolver to a Util method

* Add TestConfig for testing against FirebaseEmulatorHost

Add environment variable test that piggybacks on the already established
FirebaseUserManagerTest.

Also, to make it easier to access and set environment variables a
convenience class has been made to help out. This class utilizes the
neat builtin get and set mechanism provided by the C# language. By using
this class the code somewhat documents itself and prevents stupid
spelling mistakes that might occur when running code. Each environment
variable can conveniently be documented inside the class.

* Add license for new Utils class file

* Add documentation for ResolveIdToolkitHost with examples

* Use the EnvironmentVariable class to access env variables

* Fix formatting

* Use inheritance instead of TestConfig to set FirebaseUserManager tests

The TestConfig was not being disposed of when expected resulting in
the env variable being set in other tests as well and causing them to
fail.

* Cleanup and rename variable to more meaningful name

* Move Utils and EnvironmentVariable class to Auth namespace

* Move emulatorHostEnvVar to where it's used for readability

* Rename UtilTest to more appropriate name

* Rename expected...Host to expected...Url

* Use the FirebaseAuthEmulatorHostName const instead of string

* Add missing license head

* Add missing util import and fix stylecop complaints

* Rename AuthUtil to Util and move to Auth test folder

* Simplify emulator host environment variable to be a constant in Utils

* Use string literal for emulator host in FirebaseUserManagerTest

In case a constant values is changed such as the used environment
variable, this will cause the tests to fail, which is good to know.

* Remove unnecessary tests from FirebaseAuthTest

* Use string literal to ensure test fails if constant is changed

* Remove the environment simplification since there is only one callsite

* Cleanup GetIdToolkitHost documentation

* Correct typo in file name. Util -> Utils.

* Rename test cass to UtilsTest

* Add tenant resolution to GetIdToolkitHost

* Add function for resolving GoogleCredentials when in emulator mode

* Add test for tenant url resolution

* Use if statement instead of ternary for tenantIdPath

* Better formatting for GetIdToolkitHost

* Add periods to the end of documentation strings

* Remove nullable and provide empty string instead

* Change to only have one single line at end

* Add convenience funcs for getting and checking emulator host env variable

* Simplify GetEmulatorHost name

* fix(auth): Setting EmulatorHost programatically (#290)

* fix(auth): Setting EmulatorHost programatically

* fix: Cleaned up tests

* fix: Cleaned up user manager tests

* feat(auth): Supporting VerifyIdToken() API with emulator (#291)

* feat(auth): Emulator support for CreateCustomTokenAsync() API (#293)

* feat(auth): Emulator support for CreateCustomTokenAsync() API

* fix: Cleaned up unit tests

* fix: Removed extra punctuation

* feat(auth): Adding emulator support to TenantManager API (#294)

* feat(auth): Adding emulator support to TenantManager API

* fix: Updated test to check for credentials

Co-authored-by: Bjarke <[email protected]>

Author: hiranya911

FirebaseAdmin/FirebaseAdmin.Tests/Auth/AuthBuilder.cs

@@ -41,6 +41,10 @@ public sealed class AuthBuilder
 
         internal string TenantId { get; set; }
 
+        internal string EmulatorHost { get; set; }
+
+        internal ISigner Signer { get; set; }
+
         public AbstractFirebaseAuth Build(TestOptions options)
         {
             if (this.TenantId != null)
@@ -88,6 +92,11 @@ private void PopulateArgs(AbstractFirebaseAuth.Args args, TestOptions options)
                         $"Session cookie verification not supported on {args.GetType()}");
                 }
             }
+
+            if (options.TokenFactory)
+            {
+                args.TokenFactory = new Lazy<FirebaseTokenFactory>(this.CreateTokenFactory());
+            }
         }
 
         private FirebaseUserManager CreateUserManager(TestOptions options)
@@ -99,6 +108,7 @@ private FirebaseUserManager CreateUserManager(TestOptions options)
                 ProjectId = this.ProjectId,
                 ClientFactory = new MockHttpClientFactory(options.UserManagerRequestHandler),
                 TenantId = this.TenantId,
+                EmulatorHost = this.EmulatorHost,
             };
             return new FirebaseUserManager(args);
         }
@@ -107,7 +117,7 @@ private ProviderConfigManager CreateProviderConfigManager(TestOptions options)
         {
             var args = new ProviderConfigManager.Args
             {
-                RetryOptions = RetryOptions.NoBackOff,
+                RetryOptions = this.RetryOptions,
                 ProjectId = this.ProjectId,
                 ClientFactory = new MockHttpClientFactory(options.ProviderConfigRequestHandler),
                 TenantId = this.TenantId,
@@ -117,14 +127,31 @@ private ProviderConfigManager CreateProviderConfigManager(TestOptions options)
 
         private FirebaseTokenVerifier CreateIdTokenVerifier()
         {
-            return FirebaseTokenVerifier.CreateIdTokenVerifier(
-                this.ProjectId, this.KeySource, this.Clock, this.TenantId);
+            var args = FirebaseTokenVerifier.CreateIdTokenVerifierArgs();
+            args.ProjectId = this.ProjectId;
+            args.PublicKeySource = this.KeySource;
+            args.Clock = this.Clock;
+            args.TenantId = this.TenantId;
+            args.IsEmulatorMode = !string.IsNullOrWhiteSpace(this.EmulatorHost);
+            return new FirebaseTokenVerifier(args);
         }
 
         private FirebaseTokenVerifier CreateSessionCookieVerifier()
         {
             return FirebaseTokenVerifier.CreateSessionCookieVerifier(
                 this.ProjectId, this.KeySource, this.Clock);
         }
+
+        private FirebaseTokenFactory CreateTokenFactory()
+        {
+            var args = new FirebaseTokenFactory.Args
+            {
+                Signer = this.Signer,
+                Clock = this.Clock,
+                TenantId = this.TenantId,
+                IsEmulatorMode = !string.IsNullOrWhiteSpace(this.EmulatorHost),
+            };
+            return new FirebaseTokenFactory(args);
+        }
     }
 }

FirebaseAdmin/FirebaseAdmin.Tests/Auth/FirebaseAuthEmulatorTest.cs

@@ -0,0 +1,72 @@
+// Copyright 2021, Google Inc. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+using System;
+using Google.Apis.Auth.OAuth2;
+using Xunit;
+
+namespace FirebaseAdmin.Auth.Tests
+{
+    public class FirebaseAuthEmulatorTest : IDisposable
+    {
+        private const string AuthEmulatorHost = "FIREBASE_AUTH_EMULATOR_HOST";
+
+        private static readonly GoogleCredential MockCredential =
+            GoogleCredential.FromAccessToken("test-token");
+
+        public FirebaseAuthEmulatorTest()
+        {
+            Environment.SetEnvironmentVariable(AuthEmulatorHost, "localhost:9090");
+        }
+
+        [Fact]
+        public void DefaultFirebaseAuth()
+        {
+            var app = FirebaseApp.Create(new AppOptions
+            {
+                Credential = MockCredential,
+                ProjectId = "project1",
+            });
+
+            var auth = FirebaseAuth.DefaultInstance;
+
+            Assert.Equal("localhost:9090", auth.UserManager.EmulatorHost);
+            Assert.True(auth.IdTokenVerifier.IsEmulatorMode);
+            Assert.True(auth.TokenFactory.IsEmulatorMode);
+            Assert.Equal("localhost:9090", auth.TenantManager.EmulatorHost);
+        }
+
+        [Fact]
+        public void TenantAwareFirebseAuth()
+        {
+            var app = FirebaseApp.Create(new AppOptions
+            {
+                Credential = MockCredential,
+                ProjectId = "project1",
+            });
+
+            var auth = FirebaseAuth.DefaultInstance.TenantManager.AuthForTenant("tenant1");
+
+            Assert.Equal("localhost:9090", auth.UserManager.EmulatorHost);
+            Assert.True(auth.IdTokenVerifier.IsEmulatorMode);
+            Assert.True(auth.TokenFactory.IsEmulatorMode);
+        }
+
+        public virtual void Dispose()
+        {
+            FirebaseApp.DeleteAll();
+            Environment.SetEnvironmentVariable(AuthEmulatorHost, string.Empty);
+        }
+    }
+}

FirebaseAdmin/FirebaseAdmin.Tests/Auth/FirebaseAuthTest.cs

@@ -71,10 +71,10 @@ public void UseAfterDelete()
         public void NoTenantId()
         {
             var app = FirebaseApp.Create(new AppOptions
-                {
-                    Credential = MockCredential,
-                    ProjectId = "project1",
-                });
+            {
+                Credential = MockCredential,
+                ProjectId = "project1",
+            });
 
             FirebaseAuth auth = FirebaseAuth.DefaultInstance;
 
@@ -84,6 +84,23 @@ public void NoTenantId()
             Assert.Null(auth.UserManager.TenantId);
         }
 
+        [Fact]
+        public void NoEmulator()
+        {
+            var app = FirebaseApp.Create(new AppOptions
+            {
+                Credential = MockCredential,
+                ProjectId = "project1",
+            });
+
+            var auth = FirebaseAuth.DefaultInstance;
+
+            Assert.False(auth.TokenFactory.IsEmulatorMode);
+            Assert.False(auth.IdTokenVerifier.IsEmulatorMode);
+            Assert.Null(auth.UserManager.EmulatorHost);
+            Assert.Null(auth.TenantManager.EmulatorHost);
+        }
+
         [Fact]
         public void UserManagerNoProjectId()
         {
@@ -123,20 +140,57 @@ public void TenantManagerNoProjectId()
                 ex.Message);
         }
 
+        [Fact]
+        public void ServiceAccountCredential()
+        {
+            var options = new AppOptions
+            {
+                Credential = GoogleCredential.FromFile("./resources/service_account.json"),
+            };
+            var app = FirebaseApp.Create(options);
+
+            var tokenFactory = FirebaseAuth.DefaultInstance.TokenFactory;
+
+            Assert.IsType<ServiceAccountSigner>(tokenFactory.Signer);
+        }
+
         [Fact]
         public void ServiceAccountId()
         {
-            FirebaseApp.Create(new AppOptions
-                {
-                    Credential = MockCredential,
-                    ServiceAccountId = "test-service-account",
-                });
+            var options = new AppOptions
+            {
+                Credential = MockCredential,
+                ServiceAccountId = "test-service-account",
+            };
+            var app = FirebaseApp.Create(options);
 
             var tokenFactory = FirebaseAuth.DefaultInstance.TokenFactory;
 
             Assert.IsType<FixedAccountIAMSigner>(tokenFactory.Signer);
         }
 
+        [Fact]
+        public async void InvalidCredential()
+        {
+            var options = new AppOptions
+            {
+                Credential = MockCredential,
+            };
+            var app = FirebaseApp.Create(options);
+
+            var tokenFactory = FirebaseAuth.DefaultInstance.TokenFactory;
+
+            Assert.IsType<IAMSigner>(tokenFactory.Signer);
+            var ex = await Assert.ThrowsAsync<InvalidOperationException>(
+                () => FirebaseAuth.DefaultInstance.CreateCustomTokenAsync("user1"));
+            var errorMessage = "Failed to determine service account ID. Make sure to initialize the SDK "
+                + "with service account credentials or specify a service account "
+                + "ID with iam.serviceAccounts.signBlob permission. Please refer to "
+                + "https://firebase.google.com/docs/auth/admin/create-custom-tokens for "
+                + "more details on creating custom tokens.";
+            Assert.Equal(errorMessage, ex.Message);
+        }
+
         public void Dispose()
         {
             FirebaseApp.DeleteAll();

FirebaseAdmin/FirebaseAdmin.Tests/Auth/Jwt/CustomTokenTest.cs

@@ -16,17 +16,19 @@
 using System.Collections.Generic;
 using System.Threading;
 using System.Threading.Tasks;
-using Google.Apis.Auth.OAuth2;
+using FirebaseAdmin.Auth.Tests;
 using Xunit;
 
 namespace FirebaseAdmin.Auth.Jwt.Tests
 {
-    public class CustomTokenTest : IDisposable
+    public class CustomTokenTest
     {
         public static readonly IEnumerable<object[]> TestConfigs = new List<object[]>()
         {
-            new object[] { FirebaseAuthTestConfig.DefaultInstance },
-            new object[] { TenantAwareFirebaseAuthTestConfig.DefaultInstance },
+            new object[] { TestConfig.ForFirebaseAuth() },
+            new object[] { TestConfig.ForTenantAwareFirebaseAuth("tenant1") },
+            new object[] { TestConfig.ForFirebaseAuth().WithEmulator() },
+            new object[] { TestConfig.ForTenantAwareFirebaseAuth("tenant1").WithEmulator() },
         };
 
         [Theory]
@@ -66,78 +68,66 @@ await Assert.ThrowsAsync<OperationCanceledException>(
                 () => auth.CreateCustomTokenAsync("user1", canceller.Token));
         }
 
-        [Theory]
-        [MemberData(nameof(TestConfigs))]
-        public async Task CreateCustomTokenInvalidCredential(TestConfig config)
-        {
-            var options = new AppOptions
-            {
-                Credential = GoogleCredential.FromAccessToken("test-token"),
-                ProjectId = "project1",
-            };
-            var auth = config.CreateAuth(options);
-
-            var ex = await Assert.ThrowsAsync<InvalidOperationException>(
-                () => auth.CreateCustomTokenAsync("user1"));
-
-            var errorMessage = "Failed to determine service account ID. Make sure to initialize the SDK "
-                + "with service account credentials or specify a service account "
-                + "ID with iam.serviceAccounts.signBlob permission. Please refer to "
-                + "https://firebase.google.com/docs/auth/admin/create-custom-tokens for "
-                + "more details on creating custom tokens.";
-            Assert.Equal(errorMessage, ex.Message);
-        }
-
-        public void Dispose()
+        public sealed class TestConfig
         {
-            FirebaseApp.DeleteAll();
-        }
+            private readonly AuthBuilder authBuilder;
+            private readonly CustomTokenVerifier tokenVerifier;
 
-        public abstract class TestConfig
-        {
-            protected static readonly AppOptions DefaultOptions = new AppOptions
+            private TestConfig(AuthBuilder authBuilder, CustomTokenVerifier tokenVerifier)
             {
-                Credential = GoogleCredential.FromFile("./resources/service_account.json"),
-            };
-
-            internal abstract CustomTokenVerifier TokenVerifier { get; }
+                this.authBuilder = authBuilder;
+                this.tokenVerifier = tokenVerifier;
+            }
 
-            internal abstract AbstractFirebaseAuth CreateAuth(AppOptions options = null);
+            public string TenantId => this.authBuilder.TenantId;
 
-            internal void AssertCustomToken(
-                string token, string uid, Dictionary<string, object> claims = null)
+            public static TestConfig ForFirebaseAuth()
             {
-                this.TokenVerifier.Verify(token, uid, claims);
+                var authBuilder = new AuthBuilder
+                {
+                    Signer = JwtTestUtils.DefaultSigner,
+                };
+                var tokenVerifier = CustomTokenVerifier.ForServiceAccount(
+                    JwtTestUtils.DefaultClientEmail, JwtTestUtils.DefaultPublicKey);
+                return new TestConfig(authBuilder, tokenVerifier);
             }
-        }
 
-        private sealed class FirebaseAuthTestConfig : TestConfig
-        {
-            internal static readonly FirebaseAuthTestConfig DefaultInstance =
-                new FirebaseAuthTestConfig();
-
-            internal override CustomTokenVerifier TokenVerifier =>
-                CustomTokenVerifier.FromDefaultServiceAccount();
-
-            internal override AbstractFirebaseAuth CreateAuth(AppOptions options = null)
+            public static TestConfig ForTenantAwareFirebaseAuth(string tenantId)
             {
-                FirebaseApp.Create(options ?? DefaultOptions);
-                return FirebaseAuth.DefaultInstance;
+                var authBuilder = new AuthBuilder
+                {
+                    TenantId = tenantId,
+                    Signer = JwtTestUtils.DefaultSigner,
+                };
+                var tokenVerifier = CustomTokenVerifier.ForServiceAccount(
+                    JwtTestUtils.DefaultClientEmail, JwtTestUtils.DefaultPublicKey, tenantId);
+                return new TestConfig(authBuilder, tokenVerifier);
             }
-        }
 
-        private sealed class TenantAwareFirebaseAuthTestConfig : TestConfig
-        {
-            internal static readonly TenantAwareFirebaseAuthTestConfig DefaultInstance =
-                new TenantAwareFirebaseAuthTestConfig();
+            internal TestConfig WithEmulator()
+            {
+                var authBuilder = new AuthBuilder
+                {
+                    TenantId = this.TenantId,
+                    EmulatorHost = "localhost:9090",
+                };
+                var tokenVerifier = CustomTokenVerifier.ForEmulator(this.TenantId);
+                return new TestConfig(authBuilder, tokenVerifier);
+            }
 
-            internal override CustomTokenVerifier TokenVerifier =>
-                CustomTokenVerifier.FromDefaultServiceAccount("tenant1");
+            internal AbstractFirebaseAuth CreateAuth()
+            {
+                var options = new TestOptions
+                {
+                    TokenFactory = true,
+                };
+                return this.authBuilder.Build(options);
+            }
 
-            internal override AbstractFirebaseAuth CreateAuth(AppOptions options = null)
+            internal void AssertCustomToken(
+                string token, string uid, Dictionary<string, object> claims = null)
             {
-                FirebaseApp.Create(options ?? DefaultOptions);
-                return FirebaseAuth.DefaultInstance.TenantManager.AuthForTenant("tenant1");
+                this.tokenVerifier.Verify(token, uid, claims);
             }
         }
     }