Remove (base64) 'REDACTED' passwords from user records. (#119)

These values *look* like password hashes, but aren't, leading to
potential confusion.

Additionally, added docs to CONTRIBUTING.md detailing how to add the
permission that causes password hashes to be properly returned as well
as adjusting the test failure message should the developer not add that
permission.

b/141189502

Author: rsgowman

CONTRIBUTING.md

@@ -144,8 +144,16 @@ test suite makes a large number of writes to the Firebase realtime database. Dow
 account key file from the "Settings > Service Accounts" page of the project, and copy it to
 `FirebaseAdmin/FirebaseAdmin.IntegrationTests/resources/integration_cert.json`. Also obtain the
 API key for the same project from "Settings > General", and save it to
-`FirebaseAdmin/FirebaseAdmin.IntegrationTests/resources/integration_apikey.txt`. Finally, to run
-the integration test suite:
+`FirebaseAdmin/FirebaseAdmin.IntegrationTests/resources/integration_apikey.txt`.
+
+You'll also need to grant your service account the 'Firebase Authentication Admin' role. This is
+required to ensure that exported user records contain the password hashes of the user accounts:
+1. Go to [Google Cloud Platform Console / IAM & admin](https://console.cloud.google.com/iam-admin).
+2. Find your service account in the list, and click the 'pencil' icon to edit it's permissions.
+3. Click 'ADD ANOTHER ROLE' and choose 'Firebase Authentication Admin'.
+4. Click 'SAVE'.
+
+Finally, to run the integration test suite:
 
 ```bash
 $ dotnet test FirebaseAdmin.IntegrationTests

FirebaseAdmin/FirebaseAdmin.IntegrationTests/FirebaseAuthTest.cs

@@ -324,8 +324,15 @@ public async Task ListUsers()
                     if (users.Contains(uid) && !listedUsers.Contains(uid))
                     {
                         listedUsers.Add(uid);
-                        Assert.NotNull(enumerator.Current.PasswordHash);
-                        Assert.NotNull(enumerator.Current.PasswordSalt);
+                        var errMsgTemplate = "Missing {0} field. A common cause would be "
+                            + "forgetting to add the 'Firebase Authentication Admin' permission. "
+                            + "See instructions in CONTRIBUTING.md";
+                        AssertWithMessage.NotNull(
+                            enumerator.Current.PasswordHash,
+                            string.Format(errMsgTemplate, "PasswordHash"));
+                        AssertWithMessage.NotNull(
+                            enumerator.Current.PasswordSalt,
+                            string.Format(errMsgTemplate, "PasswordSalt"));
                     }
                 }
 
@@ -365,6 +372,20 @@ private static async Task<string> SignInWithCustomTokenAsync(string customToken)
         }
     }
 
+    /**
+     * Additional Xunit style asserts that allow specifying an error message upon failure.
+     */
+    internal static class AssertWithMessage
+    {
+        internal static void NotNull(object obj, string msg)
+        {
+            if (obj == null)
+            {
+                throw new Xunit.Sdk.XunitException("Assert.NotNull() Failure: " + msg);
+            }
+        }
+    }
+
     internal class SignInRequest
     {
         [Newtonsoft.Json.JsonProperty("token")]

FirebaseAdmin/FirebaseAdmin.Tests/Auth/ExportedUserRecordTest.cs

@@ -14,6 +14,7 @@
 
 using System;
 using System.Collections.Generic;
+using System.Text;
 using Xunit;
 
 namespace FirebaseAdmin.Auth.Tests
@@ -151,5 +152,17 @@ public void AllProperties()
             Assert.Equal(UserRecord.UnixEpoch.AddMilliseconds(100), metadata.CreationTimestamp);
             Assert.Equal(UserRecord.UnixEpoch.AddMilliseconds(150), metadata.LastSignInTimestamp);
         }
+
+        [Fact]
+        public void RedactedPasswordCleared()
+        {
+            var user = new ExportedUserRecord(new GetAccountInfoResponse.User()
+            {
+                UserId = "user1",
+                PasswordHash = Convert.ToBase64String(Encoding.UTF8.GetBytes("REDACTED")),
+            });
+
+            Assert.Null(user.PasswordHash);
+        }
     }
 }

FirebaseAdmin/FirebaseAdmin/Auth/ExportedUserRecord.cs

@@ -12,6 +12,9 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+using System;
+using System.Text;
+
 namespace FirebaseAdmin.Auth
 {
     /// <summary>
@@ -20,10 +23,16 @@ namespace FirebaseAdmin.Auth
     /// </summary>
     public sealed class ExportedUserRecord : UserRecord
     {
+        private static readonly string B64Redacted =
+            Convert.ToBase64String(Encoding.UTF8.GetBytes("REDACTED"));
+
         internal ExportedUserRecord(GetAccountInfoResponse.User user)
             : base(user)
         {
-            this.PasswordHash = user.PasswordHash;
+            // If the password hash is redacted (probably due to missing permissions) then clear it
+            // out, similar to how the salt is returned. (Otherwise, it *looks* like a b64-encoded
+            // hash is present, which is confusing.)
+            this.PasswordHash = user.PasswordHash == B64Redacted ? null : user.PasswordHash;
             this.PasswordSalt = user.PasswordSalt;
         }