feat: support disable new email user sign up (#826)

* Add support for disabling new email user sign up.

Author: xil222

CHANGELOG.md

@@ -1,2 +1 @@
-* Fixes `signInFailure` return type to also include void to match external documentation. Fixes
-  https://github.com/firebase/firebaseui-web/issues/770
+* Adds support for disabling new user sign up in email providers, disable new user sign up via project settings and blocking functions.

README.md

@@ -878,6 +878,19 @@ You can configure either email/password or email/link sign-in with FirebaseUI by
 providing the relevant object in the configuration <code>signInOptions</code>
 array.
 
+You can disable new user sign up with email providers by setting the flag
+`disableSignUp.status` to `true`. This will display an error message when new
+users attempt to sign up.
+
+Note that this flag will only disable sign up from the UI and will not prevent
+sign up via REST API. It is highly recommended that Identity Platform projects
+enforce this policy via one of these 2 mechanisms:
+
+- Blocking functions: Set a `beforeCreate` trigger to disable sign up for email
+  providers.
+- In the Cloud Console / Settings / USERS tab, uncheck `Enable create (sign-up)`
+  checkbox. Though for this setting, sign up for all providers will be disabled.
+
 <table>
 <thead>
 <tr>
@@ -949,6 +962,21 @@ array.
   This is only relevant to email link sign-in.
 </td>
 </tr>
+<tr>
+<td>disableSignUp</td>
+<td><code>firebaseui.auth.DisableSignUpConfig</code></td>
+<td>No</td>
+<td>
+  The object for configuring `disableSignUp` options, contains 3 fields:
+  `status(boolean)`: Whether disable user from signing up with email providers
+  (email/password or email link).
+  `adminEmail(string|undefined)`: The optional site administrator email to
+  contact for access when sign up is disabled, for example: `[email protected]`.
+  `helpLink(string|undefined)`: The optional help link to provide information
+  on how to get access to the site when sign up is disabled. For example:
+  `https://www.example.com/trouble_signing_in`.
+</td>
+</tr>
 </tbody>
 </table>
 

demo/public/app.js

@@ -60,7 +60,10 @@ function getUiConfig() {
         provider: firebase.auth.EmailAuthProvider.PROVIDER_ID,
         // Whether the display name should be displayed in Sign Up page.
         requireDisplayName: true,
-        signInMethod: getEmailSignInMethod()
+        signInMethod: getEmailSignInMethod(),
+        disableSignUp: {
+          status: getDisableSignUpStatus()
+        }
       },
       {
         provider: firebase.auth.PhoneAuthProvider.PROVIDER_ID,
@@ -183,17 +186,20 @@ var deleteAccount = function() {
 
 
 /**
- * Handles when the user changes the reCAPTCHA or email signInMethod config.
+ * Handles when the user changes the reCAPTCHA, email signInMethod or email
+ * disableSignUp config.
  */
 function handleConfigChange() {
   var newRecaptchaValue = document.querySelector(
       'input[name="recaptcha"]:checked').value;
   var newEmailSignInMethodValue = document.querySelector(
       'input[name="emailSignInMethod"]:checked').value;
+  var currentDisableSignUpStatus =
+      document.getElementById("email-disableSignUp-status").checked;
   location.replace(
       location.pathname + '#recaptcha=' + newRecaptchaValue +
-      '&emailSignInMethod=' + newEmailSignInMethodValue);
-
+      '&emailSignInMethod=' + newEmailSignInMethodValue +
+      '&disableEmailSignUpStatus=' + currentDisableSignUpStatus);
   // Reset the inline widget so the config changes are reflected.
   ui.reset();
   ui.start('#firebaseui-container', getUiConfig());
@@ -233,6 +239,10 @@ var initApp = function() {
   document.querySelector(
       'input[name="emailSignInMethod"][value="' + getEmailSignInMethod() + '"]')
       .checked = true;
+  document.getElementById('email-disableSignUp-status').addEventListener(
+      'change', handleConfigChange);
+  document.getElementById("email-disableSignUp-status").checked =
+      getDisableSignUpStatus();  
 };
 
 window.addEventListener('load', initApp);

demo/public/common.js

@@ -36,6 +36,15 @@ function getEmailSignInMethod() {
 }
 
 
+/**
+ * @return {boolean} The disable sign up status from the configuration.
+ */
+function getDisableSignUpStatus() {
+  var config = parseQueryString(location.hash);
+  return config['disableEmailSignUpStatus'] === 'true';
+}
+
+
 /**
  * @param {string} queryString The full query string.
  * @return {!Object<string, string>} The parsed query parameters.

demo/public/index.html

@@ -57,7 +57,9 @@ <h4>You are signed out.</h4>
                 <input type="radio" id="email-signInMethod-emailLink" name="emailSignInMethod"
                        value="emailLink">
                 Email Link
-              </label>
+              </label><br>
+              <label for="disableEmailSignUpStatus">Disable email sign up:</label>
+              <input type="checkbox" id="email-disableSignUp-status" name="disableEmailSignUpStatus">
             </fieldset>
             <p>
               <button id="sign-in-with-redirect">Sign In with Redirect</button>

demo/public/widget.html

@@ -44,7 +44,10 @@
           firebase.auth.GithubAuthProvider.PROVIDER_ID,
           {
             provider: firebase.auth.EmailAuthProvider.PROVIDER_ID,
-            signInMethod: getEmailSignInMethod()
+            signInMethod: getEmailSignInMethod(),
+            disableSignUp: {
+              status: getDisableSignUpStatus()
+            }
           },
           {
             provider: firebase.auth.PhoneAuthProvider.PROVIDER_ID,

externs/firebaseui-externs.js

@@ -930,6 +930,38 @@ firebaseui.auth.OidcSignInOption.prototype.iconUrl;
 firebaseui.auth.OidcSignInOption.prototype.customParameters;
 
 
+/**
+ * Defines configurations for disabling email sign up.
+ *
+ * @interface
+ */
+firebaseui.auth.DisableSignUpConfig = function() {};
+
+/**
+ * Whether new user sign up with email/password or email link is disabled.
+ * The default is false.
+ *
+ * @type {boolean}
+ */
+firebaseui.auth.DisableSignUp.prototype.status;
+
+/**
+ * The optional site administrator email to contact for access when sign up is
+ * disabled.
+ *
+ * @type {string|undefined}
+ */
+firebaseui.auth.DisableSignUp.prototype.adminEmail;
+
+/**
+ * The optional help link to provide information on how to get access to the
+ * site when sign up is disabled.
+ *
+ * @type {string|undefined}
+ */
+firebaseui.auth.DisableSignUp.prototype.helpLink;
+
+
 /**
  * Defines the sign-in option needed to configure the FirebaseUI email sign-in
  * widget.
@@ -964,6 +996,12 @@ firebaseui.auth.EmailSignInOption.prototype.signInMethod;
  */
 firebaseui.auth.EmailSignInOption.prototype.forceSameDevice;
 
+/**
+ * The object for configuring disableSignUp options.
+ * @type {firebaseui.auth.DisableSignUpConfig|undefined}
+ */
+firebaseui.auth.EmailSignInOption.prototype.disableSignUp;
+
 /**
  * Defines the optional callback function to return
  * `firebase.auth.ActionCodeSettings` configuration to use when sending the

javascript/testing/auth.js

@@ -25,7 +25,6 @@ const MockHelper = goog.require('firebaseui.auth.testing.MockHelper');
 const Uri = goog.require('goog.Uri');
 const array = goog.require('goog.array');
 
-
 /**
  * Fake Auth API client class.
  */

javascript/ui/element/dialog_test.js

@@ -17,7 +17,9 @@ goog.setTestOnly('firebaseui.auth.ui.dialogTest');
 goog.require('firebaseui.auth.soy2.element');
 goog.require('firebaseui.auth.ui.element');
 goog.require('firebaseui.auth.ui.element.dialog');
+goog.require('firebaseui.auth.ui.mdl');
 goog.require('goog.dom');
+goog.require('goog.dom.TagName');
 goog.require('goog.math.Coordinate');
 goog.require('goog.soy');
 goog.require('goog.testing.MockControl');

javascript/ui/element/elementtesthelper.js

@@ -28,6 +28,7 @@ goog.require('goog.object');
 goog.require('goog.testing.events');
 goog.require('goog.testing.events.Event');
 goog.require('goog.ui.Component');
+goog.requireType('goog.events.KeyCodes');