multi-tenant support in firebaseui (#621)

Added support for multi-tenancy

Author: wti806

.travis.yml

@@ -5,12 +5,12 @@ install: npm install
 script: npm test -- --saucelabs
 before_install:
   - export CHROME_BIN=/usr/bin/google-chrome
-  - export DISPLAY=:99.0
-  - sh -e /etc/init.d/xvfb start
   - sudo apt-get update
   - sudo apt-get install -y libappindicator1 fonts-liberation
   - wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
   - sudo dpkg -i google-chrome*.deb
   - unset _JAVA_OPTIONS
+services:
+  - xvfb
 addons:
   sauce_connect: true

README.md

@@ -70,17 +70,17 @@ Localized versions of the widget are available through the CDN. To use a localiz
 localized JS library instead of the default library:
 
 ```html
-<script src="https://www.gstatic.com/firebasejs/ui/4.1.0/firebase-ui-auth__{LANGUAGE_CODE}.js"></script>
-<link type="text/css" rel="stylesheet" href="https://www.gstatic.com/firebasejs/ui/4.1.0/firebase-ui-auth.css" />
+<script src="https://www.gstatic.com/firebasejs/ui/4.2.0/firebase-ui-auth__{LANGUAGE_CODE}.js"></script>
+<link type="text/css" rel="stylesheet" href="https://www.gstatic.com/firebasejs/ui/4.2.0/firebase-ui-auth.css" />
 ```
 
 where `{LANGUAGE_CODE}` is replaced by the code of the language you want. For example, the French
 version of the library is available at
-`https://www.gstatic.com/firebasejs/ui/4.1.0/firebase-ui-auth__fr.js`. The list of available
+`https://www.gstatic.com/firebasejs/ui/4.2.0/firebase-ui-auth__fr.js`. The list of available
 languages and their respective language codes can be found at [LANGUAGES.md](LANGUAGES.md).
 
 Right-to-left languages also require the right-to-left version of the stylesheet, available at
-`https://www.gstatic.com/firebasejs/ui/4.1.0/firebase-ui-auth-rtl.css`, instead of the default
+`https://www.gstatic.com/firebasejs/ui/4.2.0/firebase-ui-auth-rtl.css`, instead of the default
 stylesheet. The supported right-to-left languages are Arabic (ar), Farsi (fa), and Hebrew (iw).
 
 ### Option 2: npm Module
@@ -1449,6 +1449,42 @@ ui.start('#firebaseui-auth-container', {
 });
 ```
 
+### Multi-tenancy support
+
+For [GCIP](https://cloud.google.com/identity-platform) customers, you can build a
+tenant-specific sign-in page with FirebaseUI. Make sure you've enabled
+multi-tenancy for your project and configured your tenants. See the
+[Multi-tenancy quickstart](https://cloud.google.com/identity-platform/docs/quickstart-multi-tenancy)
+to learn how.
+
+This feature requires [firebase](https://www.npmjs.com/package/firebase) version 6.6.0 or higher.
+
+
+To use FirebaseUI with multi-tenancy, you need to set the tenant ID on the
+Auth instance being passed to FirebaseUI before calling `ui.start()`.
+
+```javascript
+// The Firebase Auth instance.
+var auth = firebase.auth();
+// Initialize FirebaseUI.
+var ui = new firebaseui.auth.AuthUI(auth);
+// Set the tenant ID on Auth instance.
+auth.tenantId = selectedTenantId;
+// Start the sign-in flow in selected tenant.
+// All sign-in attempts will now use this tenant ID.
+ui.start('#firebaseui-auth-container', selectedTenantConfig);
+```
+
+FirebaseUI only handles the sign-in flows for you, you will still need to build
+your own UI to let the end users select a tenant to sign in with.
+You can refer to the example in this
+[guide](https://cloud.google.com/identity-platform/docs/multi-tenancy-ui).
+
+There is also a
+[quickstart](https://github.com/firebase/quickstart-js/blob/master/auth/multi-tenant-ui.html)
+app available to demonstrate how to build a single sign-in page with the
+FirebaseUI for two tenants which have different sets of identity providers enabled.
+
 
 ## Customizing FirebaseUI for authentication
 

changelog.txt

@@ -0,0 +1 @@
+feature - Added multi-tenancy support for Google Cloud's Identity Platform developers.

javascript/utils/account_test.js

@@ -21,7 +21,7 @@ goog.provide('firebaseui.auth.AccountTest');
 goog.require('firebaseui.auth.Account');
 goog.require('goog.testing.jsunit');
 
-goog.setTestOnly('firebaseui.auth.idpTest');
+goog.setTestOnly('firebaseui.auth.AccountTest');
 
 
 var account = new firebaseui.auth.Account(

javascript/utils/actioncodeurlbuilder.js

@@ -65,7 +65,8 @@ firebaseui.auth.ActionCodeUrlBuilder.Parameter = {
   MODE: 'mode',
   OOB_CODE: 'oobCode',
   PROVIDER_ID: 'ui_pid',
-  SESSION_ID: 'ui_sid'
+  SESSION_ID: 'ui_sid',
+  TENANT_ID: 'tenantId'
 };
 
 
@@ -112,6 +113,30 @@ firebaseui.auth.ActionCodeUrlBuilder.prototype.getApiKey = function() {
 };
 
 
+/**
+ * Sets the tenant ID of the tenant project.
+ * @param {?string} tenantId The tenant ID to be set.
+ */
+firebaseui.auth.ActionCodeUrlBuilder.prototype.setTenantId =
+    function(tenantId) {
+  if (tenantId) {
+    this.uri_.setParameterValue(
+        firebaseui.auth.ActionCodeUrlBuilder.Parameter.TENANT_ID,
+        tenantId);
+  } else {
+    this.uri_.removeParameter(
+        firebaseui.auth.ActionCodeUrlBuilder.Parameter.TENANT_ID);
+  }
+};
+
+
+/** @return {?string} The tenant ID if available. */
+firebaseui.auth.ActionCodeUrlBuilder.prototype.getTenantId = function() {
+  return this.uri_.getParameterValue(
+      firebaseui.auth.ActionCodeUrlBuilder.Parameter.TENANT_ID) || null;
+};
+
+
 /**
  * Defines whether to force same device flow.
  * @param {?boolean} forceSameDevice Whether to force same device flow.

javascript/utils/actioncodeurlbuilder_test.js

@@ -36,13 +36,15 @@ function testActionCodeUrlBuilder_outgoing() {
   assertNull(builder.getOobCode());
   assertNull(builder.getMode());
   assertNull(builder.getApiKey());
+  assertNull(builder.getTenantId());
   assertEquals(url, builder.toString());
 
   // Set new parameters.
   builder.setAnonymousUid('ANONYMOUS_UID');
   builder.setForceSameDevice(true);
   builder.setSessionId('SESSION_ID');
   builder.setProviderId('PROVIDER_ID');
+  builder.setTenantId('TENANT_ID');
 
   // Confirm new parameters.
   assertEquals('ANONYMOUS_UID', builder.getAnonymousUid());
@@ -52,12 +54,14 @@ function testActionCodeUrlBuilder_outgoing() {
   assertNull(builder.getOobCode());
   assertNull(builder.getMode());
   assertNull(builder.getApiKey());
+  assertEquals('TENANT_ID', builder.getTenantId());
   assertEquals(
       'https://www.example.com/path/api?a=1&b=2&' +
       'ui_auid=ANONYMOUS_UID&' +
       'ui_sd=1&' +
       'ui_sid=SESSION_ID&' +
-      'ui_pid=PROVIDER_ID' +
+      'ui_pid=PROVIDER_ID&' +
+      'tenantId=TENANT_ID' +
       '#c=2',
       builder.toString());
 }
@@ -70,6 +74,7 @@ function testActionCodeUrlBuilder_incoming() {
       'https://www.example.com/path/api?' +
       // Incoming link would also have API key, mode and oobCode fields.
       'apiKey=API_KEY&mode=signIn&oobCode=EMAIL_ACTION_CODE&' +
+      'tenantId=TENANT_ID&' +
       'ui_auid=ANONYMOUS_UID&' +
       'ui_sd=1&' +
       'ui_sid=SESSION_ID&' +
@@ -83,12 +88,14 @@ function testActionCodeUrlBuilder_incoming() {
   assertEquals('EMAIL_ACTION_CODE', builder.getOobCode());
   assertEquals('signIn', builder.getMode());
   assertEquals('API_KEY', builder.getApiKey());
+  assertEquals('TENANT_ID', builder.getTenantId());
 
   // Clear all values.
   builder.setAnonymousUid(null);
   builder.setForceSameDevice(null);
   builder.setSessionId(null);
   builder.setProviderId(null);
+  builder.setTenantId(null);
   // Confirm updated URL has relevant parameters cleared.
   assertEquals(url, builder.toString());
 
@@ -97,6 +104,7 @@ function testActionCodeUrlBuilder_incoming() {
   builder.setForceSameDevice(false);
   builder.setSessionId('SESSION_ID2');
   builder.setProviderId('PROVIDER_ID2');
+  builder.setTenantId('TENANT_ID2');
 
   // Confirm new expected values.
   assertEquals('ANONYMOUS_UID2', builder.getAnonymousUid());
@@ -110,7 +118,8 @@ function testActionCodeUrlBuilder_incoming() {
       'ui_auid=ANONYMOUS_UID2&' +
       'ui_sd=0&' +
       'ui_sid=SESSION_ID2&' +
-      'ui_pid=PROVIDER_ID2' +
+      'ui_pid=PROVIDER_ID2&' +
+      'tenantId=TENANT_ID2' +
       '#c=2',
       builder.toString());
 }
@@ -126,6 +135,7 @@ function testActionCodeUrlBuilder_clearState() {
       'ui_sd=1&' +
       'ui_sid=SESSION_ID&' +
       'ui_pid=PROVIDER_ID&' +
+      'tenantId=TENANT_ID&' +
       'lang=en&a=1&b=2#c=2');
 
   // Confirm expected values parsed from url.
@@ -136,6 +146,7 @@ function testActionCodeUrlBuilder_clearState() {
   assertEquals('EMAIL_ACTION_CODE', builder.getOobCode());
   assertEquals('signIn', builder.getMode());
   assertEquals('API_KEY', builder.getApiKey());
+  assertEquals('TENANT_ID', builder.getTenantId());
 
   // Clear state of URL from anything related to email action codes.
   builder.clearState();
@@ -148,5 +159,6 @@ function testActionCodeUrlBuilder_clearState() {
   assertNull(builder.getOobCode());
   assertNull(builder.getMode());
   assertNull(builder.getApiKey());
+  assertNull(builder.getTenantId());
   assertEquals(url, builder.toString());
 }

javascript/utils/redirectstatus.js

@@ -0,0 +1,65 @@
+/*
+ * Copyright 2019 Google Inc. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the
+ * License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * @fileoverview Defines the redirect status object. This is used to save the
+ * state of a sign-in attempt before a redirect operation. It holds the
+ * original tenant ID used to sign in with and also indicates there is a pending
+ * redirect operation to be resolved.
+ */
+
+goog.provide('firebaseui.auth.RedirectStatus');
+
+
+
+/**
+ * The redirect status. It indicates there is a pending redirect operation to be
+ * resolved.
+ * @param {?string=} opt_tenantId The optional tenant ID.
+ * @constructor
+ */
+firebaseui.auth.RedirectStatus = function(opt_tenantId) {
+  /** @const @private {?string} The tenant ID. */
+  this.tenantId_ = opt_tenantId || null;
+};
+
+
+/** @return {?string} The tenant ID. */
+firebaseui.auth.RedirectStatus.prototype.getTenantId = function() {
+  return this.tenantId_;
+};
+
+
+/**
+ * @return {!Object} The plain object representation of redirect status.
+ */
+firebaseui.auth.RedirectStatus.prototype.toPlainObject = function() {
+  return {
+    'tenantId': this.tenantId_
+  };
+};
+
+
+/**
+ * @param {?Object} response The plain object presentation of a potential
+ *     redirect status object.
+ * @return {?firebaseui.auth.RedirectStatus} The redirect status representation
+ *     of the provided object.
+ */
+firebaseui.auth.RedirectStatus.fromPlainObject = function(response) {
+  if (response && typeof response['tenantId'] !== 'undefined') {
+    return new firebaseui.auth.RedirectStatus(response['tenantId']);
+  }
+  return null;
+};

javascript/utils/redirectstatus_test.js

@@ -0,0 +1,55 @@
+/*
+ * Copyright 2019 Google Inc. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the
+ * License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * @fileoverview Tests for redirectstatus.js.
+ */
+
+goog.provide('firebaseui.auth.RedirectStatusTest');
+
+goog.require('firebaseui.auth.RedirectStatus');
+goog.require('goog.testing.jsunit');
+
+goog.setTestOnly('firebaseui.auth.RedirectStatusTest');
+
+
+var redirectStatus1 = new firebaseui.auth.RedirectStatus('TENANT_ID');
+var redirectStatus2 = new firebaseui.auth.RedirectStatus();
+var obj1 = {
+  'tenantId': 'TENANT_ID'
+};
+var obj2 = {
+  'tenantId': null
+};
+
+
+function testRedirectStatus() {
+  assertEquals('TENANT_ID', redirectStatus1.getTenantId());
+  assertNull(redirectStatus2.getTenantId());
+}
+
+
+function testToPlainObject() {
+  assertObjectEquals(obj1, redirectStatus1.toPlainObject());
+  assertObjectEquals(obj2, redirectStatus2.toPlainObject());
+}
+
+
+function testFromPlainObject() {
+  assertObjectEquals(redirectStatus1,
+                     firebaseui.auth.RedirectStatus.fromPlainObject(obj1));
+  assertObjectEquals(redirectStatus2,
+                     firebaseui.auth.RedirectStatus.fromPlainObject(obj2));
+  assertNull(firebaseui.auth.RedirectStatus.fromPlainObject({}));
+}