Merge pull request #17 from tekrama/feature-custom-claims

Implemented CustomUserClaims

Author: hiranya911

FirebaseAdmin/FirebaseAdmin.IntegrationTests/FirebaseAuthTest.cs

@@ -93,6 +93,34 @@ public async Task CreateCustomTokenWithoutServiceAccount()
             }
         }
 
+        [Fact]
+        public async Task SetCustomUserClaims()
+        {
+            var customClaims = new Dictionary<string, object>()
+            {
+                {"admin", true}
+            };
+
+            await FirebaseAuth.DefaultInstance.SetCustomUserClaimsAsync("testuser", customClaims);
+        }
+
+        [Fact]
+        public async Task SetCustomUserClaimsWithEmptyClaims()
+        {
+            var customClaims = new Dictionary<string, object>();
+
+            await FirebaseAuth.DefaultInstance.SetCustomUserClaimsAsync("testuser", customClaims);
+        }
+
+        [Fact]
+        public async Task SetCustomUserClaimsWithWrongUid()
+        {
+            var customClaims = new Dictionary<string, object>();
+
+            await Assert.ThrowsAsync<FirebaseException>(
+                async () => await FirebaseAuth.DefaultInstance.SetCustomUserClaimsAsync("mock-uid", customClaims));
+        }
+
         private static async Task<string> SignInWithCustomTokenAsync(string customToken)
         {
             var rb = new Google.Apis.Requests.RequestBuilder()

FirebaseAdmin/FirebaseAdmin.Tests/Auth/FirebaseAuthTest.cs

@@ -21,8 +21,6 @@
 using System.Threading;
 using System.Threading.Tasks;
 using Xunit;
-using FirebaseAdmin.Auth;
-using Google.Apis.Auth;
 using Google.Apis.Auth.OAuth2;
 
 [assembly: CollectionBehavior(DisableTestParallelization = true)]
@@ -173,6 +171,18 @@ private static void VerifyCustomToken(string token, string uid, Dictionary<strin
             Assert.True(verified);
         }
 
+        [Fact]
+        public async Task SetCustomUserClaimsNoProjectId()
+        {
+            FirebaseApp.Create(new AppOptions() { Credential = mockCredential });
+            var customClaims = new Dictionary<string, object>()
+            {
+                {"admin", true}
+            };
+            await Assert.ThrowsAsync<ArgumentException>(
+                async () => await FirebaseAuth.DefaultInstance.SetCustomUserClaimsAsync("user1", customClaims));
+        }
+
         public void Dispose()
         {
             FirebaseApp.DeleteAll();

FirebaseAdmin/FirebaseAdmin.Tests/Auth/FirebaseUserManagerTest.cs

@@ -0,0 +1,162 @@
+// Copyright 2019, Google Inc. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+using System;
+using System.Collections.Generic;
+using Xunit;
+using Google.Apis.Auth.OAuth2;
+using FirebaseAdmin.Tests;
+using System.Threading.Tasks;
+using System.Net;
+
+namespace FirebaseAdmin.Auth.Tests
+{
+    public class FirebaseUserManagerTest
+    {
+        private static readonly GoogleCredential mockCredential =
+            GoogleCredential.FromAccessToken("test-token");
+        private const string mockProjectId = "project1";
+
+        [Fact]
+        public void InvalidUidForUserRecord()
+        {
+            Assert.Throws<ArgumentException>(() => new UserRecord(null));
+            Assert.Throws<ArgumentException>(() => new UserRecord(""));
+            Assert.Throws<ArgumentException>(() => new UserRecord(new string('a', 129)));
+        }
+
+        [Fact]
+        public void ReservedClaims()
+        {
+            foreach (var key in FirebaseTokenFactory.ReservedClaims)
+            {
+                var customClaims = new Dictionary<string, object>(){
+                    {key, "value"},
+                };
+                Assert.Throws<ArgumentException>(() => new UserRecord("user1") { CustomClaims = customClaims});
+            }
+        }
+
+        [Fact]
+        public void EmptyClaims()
+        {
+            var emptyClaims = new Dictionary<string, object>(){
+                    {"", "value"},
+            };
+            Assert.Throws<ArgumentException>(() => new UserRecord("user1") { CustomClaims = emptyClaims });
+        }
+
+        [Fact]
+        public void TooLargeClaimsPayload()
+        {
+            var customClaims = new Dictionary<string, object>()
+            {
+                { "testClaim", new string('a', 1001) },
+            };
+
+            Assert.Throws<ArgumentException>(() => new UserRecord("user1") { CustomClaims = customClaims });
+        }
+
+        [Fact]
+        public async Task UpdateUser()
+        {
+            var handler = new MockMessageHandler()
+            {
+                Response = new UserRecord("user1")
+            };
+            var factory = new MockHttpClientFactory(handler);
+            var userManager = new FirebaseUserManager(
+                new FirebaseUserManagerArgs
+                {
+                    Credential = mockCredential,
+                    ProjectId = mockProjectId,
+                    ClientFactory = factory
+                });
+            var customClaims = new Dictionary<string, object>(){
+                    {"admin", true},
+            };
+
+            await userManager.UpdateUserAsync(new UserRecord("user1") { CustomClaims = customClaims });
+        }
+
+        [Fact]
+        public async Task UpdateUserIncorrectResponseObject()
+        {
+            var handler = new MockMessageHandler()
+            {
+                Response = new object()
+            };
+            var factory = new MockHttpClientFactory(handler);
+            var userManager = new FirebaseUserManager(
+                new FirebaseUserManagerArgs
+                {
+                    Credential = mockCredential,
+                    ProjectId = mockProjectId,
+                    ClientFactory = factory
+                });
+            var customClaims = new Dictionary<string, object>(){
+                    {"admin", true},
+            };
+
+            await Assert.ThrowsAsync<FirebaseException>(
+                async () => await userManager.UpdateUserAsync(new UserRecord("user1") { CustomClaims = customClaims }));
+        }
+
+        [Fact]
+        public async Task UpdateUserIncorrectResponseUid()
+        {
+            var handler = new MockMessageHandler()
+            {
+                Response = new UserRecord("testuser")
+            };
+            var factory = new MockHttpClientFactory(handler);
+            var userManager = new FirebaseUserManager(
+                new FirebaseUserManagerArgs
+                {
+                    Credential = mockCredential,
+                    ProjectId = mockProjectId,
+                    ClientFactory = factory
+                });
+            var customClaims = new Dictionary<string, object>(){
+                    {"admin", true},
+            };
+
+            await Assert.ThrowsAsync<FirebaseException>(
+                async () => await userManager.UpdateUserAsync(new UserRecord("user1") { CustomClaims = customClaims }));
+        }
+
+        [Fact]
+        public async Task UpdateUserHttpError()
+        {
+            var handler = new MockMessageHandler()
+            {
+                StatusCode = HttpStatusCode.InternalServerError
+            };
+            var factory = new MockHttpClientFactory(handler);
+            var userManager = new FirebaseUserManager(
+                new FirebaseUserManagerArgs
+                {
+                    Credential = mockCredential,
+                    ProjectId = mockProjectId,
+                    ClientFactory = factory
+                });
+            var customClaims = new Dictionary<string, object>(){
+                    {"admin", true},
+            };
+
+            await Assert.ThrowsAsync<FirebaseException>(
+                async () => await userManager.UpdateUserAsync(new UserRecord("user1") { CustomClaims = customClaims }));
+        }
+    }
+}

FirebaseAdmin/FirebaseAdmin/Auth/FirebaseAuth.cs

@@ -29,15 +29,18 @@ public sealed class FirebaseAuth: IFirebaseService
         private bool _deleted;
         private readonly Lazy<FirebaseTokenFactory> _tokenFactory;
         private readonly Lazy<FirebaseTokenVerifier> _idTokenVerifier;
+        private readonly Lazy<FirebaseUserManager> _userManager;
         private readonly Object _lock = new Object();
 
         private FirebaseAuth(FirebaseApp app)
         {
             _app = app;
-            _tokenFactory = new Lazy<FirebaseTokenFactory>(() => 
+            _tokenFactory = new Lazy<FirebaseTokenFactory>(() =>
                 FirebaseTokenFactory.Create(_app), true);
-            _idTokenVerifier = new Lazy<FirebaseTokenVerifier>(() => 
+            _idTokenVerifier = new Lazy<FirebaseTokenVerifier>(() =>
                 FirebaseTokenVerifier.CreateIDTokenVerifier(_app), true);
+            _userManager = new Lazy<FirebaseUserManager>(() =>
+                FirebaseUserManager.Create(_app));
         }
 
         /// <summary>
@@ -236,6 +239,38 @@ public async Task<FirebaseToken> VerifyIdTokenAsync(
                 .ConfigureAwait(false);
         }
 
+        /// <summary>
+        /// Sets the specified custom claims on an existing user account. A null claims value 
+        /// removes any claims currently set on the user account. The claims should serialize into
+        /// a valid JSON string. The serialized claims must not be larger than 1000 characters.
+        /// </summary>
+        /// <exception cref="ArgumentException">If <paramref name="uid"/> is null, empty or longer
+        /// than 128 characters. Or, if the serialized <paramref name="claims"/> is larger than 1000 
+        /// characters.</exception>
+        /// <param name="uid">The user ID string for the custom claims will be set. Must not be null 
+        /// or longer than 128 characters.
+        /// </param>
+        /// <param name="claims">The claims to be stored on the user account, and made
+        /// available to Firebase security rules. These must be serializable to JSON, and after
+        /// serialization it should not be larger than 1000 characters.</param>
+        public async Task SetCustomUserClaimsAsync(string uid, IReadOnlyDictionary<string, object> claims)
+        {
+            lock (_lock)
+            {
+                if (_deleted)
+                {
+                    throw new InvalidOperationException("Cannot invoke after deleting the app.");
+                }
+            }
+
+            var user = new UserRecord(uid)
+            {
+                CustomClaims = claims
+            };
+
+            await _userManager.Value.UpdateUserAsync(user);
+        }
+
         void IFirebaseService.Delete()
         {
             lock (_lock)
@@ -278,7 +313,7 @@ public static FirebaseAuth GetAuth(FirebaseApp app)
             {
                 throw new ArgumentNullException("App argument must not be null.");
             }
-            return app.GetOrInit<FirebaseAuth>(typeof(FirebaseAuth).Name, () => 
+            return app.GetOrInit<FirebaseAuth>(typeof(FirebaseAuth).Name, () =>
             {
                 return new FirebaseAuth(app);
             });