Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add reCAPTCHA Enterprise support for Phone Auth #8568

Merged
merged 9 commits into from
Oct 16, 2024
Merged

Add reCAPTCHA Enterprise support for Phone Auth #8568

merged 9 commits into from
Oct 16, 2024

Conversation

NhienLam
Copy link
Contributor

Discussion

Currently, Firebase Auth Web SDK is relying on reCAPTCHA v2 to verify that the phone number verification request comes from one of the app's allowed domains to mitigate SMS abuse.

A downside of reCAPTCHA v2 is that end-users are required to solve a challenge. Therefore, we would like to give end-users a better user experience by integrating reCAPTCHA Enterprise with our phone auth flow. reCAPTCHA Enterprise is completely invisible to the user, so the phone auth flow will become seamless without user interaction.

Testing

  • CI
  • Manual testing with test app

NhienLam and others added 7 commits October 14, 2024 09:20
…to phone API requests (#7786)

* Update injectRecaptchaFields to inject recaptcha fields into phone API requests

* Fix lint

* Rename captchaResp and fakeToken params

* Format
* Update injectRecaptchaFields to inject recaptcha enterprise fields into phone API requests (#7786)

* Update injectRecaptchaFields to inject recaptcha fields into phone API requests

* Fix lint

* Rename captchaResp and fakeToken params

* Format

* Implement reCAPTCHA Enterprise flow for phone provider

* Cleanup tests

* Make recaptchaEnterpriseVerifier.verify return a mock when appVerificationDisabledForTesting is true

* Lint fix

* yarn docgen devsite

* Mark appVerifier param in Phone Auth APIs as required

* Update API reports

* Change RecaptchaProvider to RecaptchaAuthProvider

* Fix reference docs

* Add more unit tests

---------

Co-authored-by: NhienLam <NhienLam@users.noreply.github.com>
* Make ApplicationVerifier params optional in Phone APIs

* Add more unit tests for when ApplicationVerifier is not available
…ent state (#8500)

* Proceed to reCAPTCHA v2 if cannot get phone enablement state

* nit: Add a missing period.
* Add integration test for rCE ENFORCE

* format
Copy link

changeset-bot bot commented Oct 14, 2024

🦋 Changeset detected

Latest commit: 99e3475

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 3 packages
Name Type
@firebase/auth Minor
firebase Minor
@firebase/auth-compat Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

Copy link
Contributor

Vertex AI Mock Responses Check ⚠️

A newer major version of the mock responses for Vertex AI unit tests is available. update_vertexai_responses.sh should be updated to clone the latest version of the responses: v4.0

Copy link
Contributor

github-actions bot commented Oct 14, 2024

Changeset File Check ✅

  • No modified packages are missing from the changeset file.
  • No changeset formatting errors detected.

@google-oss-bot
Copy link
Contributor

google-oss-bot commented Oct 14, 2024

Size Report 1

Affected Products

  • @firebase/auth

    TypeBase (64db192)Merge (d572673)Diff
    browser182 kB188 kB+6.25 kB (+3.4%)
    cordova209 kB213 kB+3.68 kB (+1.8%)
    esm5236 kB244 kB+8.29 kB (+3.5%)
    main179 kB182 kB+3.69 kB (+2.1%)
    module182 kB188 kB+6.25 kB (+3.4%)
    react-native199 kB207 kB+8.38 kB (+4.2%)
  • @firebase/auth-cordova

    TypeBase (64db192)Merge (d572673)Diff
    browser209 kB213 kB+3.68 kB (+1.8%)
    module209 kB213 kB+3.68 kB (+1.8%)
  • @firebase/auth-web-extension

    TypeBase (64db192)Merge (d572673)Diff
    browser137 kB140 kB+2.78 kB (+2.0%)
    main152 kB157 kB+5.39 kB (+3.6%)
    module137 kB140 kB+2.78 kB (+2.0%)
  • @firebase/auth/internal

    TypeBase (64db192)Merge (d572673)Diff
    browser193 kB199 kB+6.25 kB (+3.2%)
    esm5249 kB258 kB+8.29 kB (+3.3%)
    main214 kB218 kB+3.70 kB (+1.7%)
    module193 kB199 kB+6.25 kB (+3.2%)
  • @firebase/data-connect

    TypeBase (64db192)Merge (d572673)Diff
    browser19.8 kB22.6 kB+2.83 kB (+14.3%)
    main24.3 kB24.4 kB+137 B (+0.6%)
    module19.8 kB22.6 kB+2.83 kB (+14.3%)
  • @firebase/functions

    TypeBase (64db192)Merge (d572673)Diff
    browser9.76 kB9.83 kB+68 B (+0.7%)
    esm512.1 kB12.2 kB+69 B (+0.6%)
    main12.8 kB12.9 kB+155 B (+1.2%)
    module9.76 kB9.83 kB+68 B (+0.7%)
  • bundle

    TypeBase (64db192)Merge (d572673)Diff
    auth (EmailAndPassword)84.6 kB86.4 kB+1.84 kB (+2.2%)
    auth (Phone)86.9 kB93.8 kB+6.88 kB (+7.9%)
    functions (call)32.0 kB32.1 kB+41 B (+0.1%)
  • firebase

    TypeBase (64db192)Merge (d572673)Diff
    firebase-auth-compat.js139 kB143 kB+3.69 kB (+2.7%)
    firebase-auth-cordova.js177 kB180 kB+2.55 kB (+1.4%)
    firebase-auth-web-extension.js117 kB119 kB+1.97 kB (+1.7%)
    firebase-auth.js151 kB155 kB+3.89 kB (+2.6%)
    firebase-compat.js788 kB792 kB+3.74 kB (+0.5%)
    firebase-data-connect.js16.5 kB20.5 kB+4.07 kB (+24.7%)
    firebase-functions-compat.js8.22 kB8.26 kB+40 B (+0.5%)
    firebase-functions.js12.0 kB12.0 kB+68 B (+0.6%)

Test Logs

  1. https://storage.googleapis.com/firebase-sdk-metric-reports/tMANFSKxLg.html

@google-oss-bot
Copy link
Contributor

google-oss-bot commented Oct 14, 2024

Size Analysis Report 1

This report is too large (105,607 characters) to be displayed here in a GitHub comment. Please use the below link to see the full report on Google Cloud Storage.

Test Logs

  1. https://storage.googleapis.com/firebase-sdk-metric-reports/hQMSEtnNJ9.html

Copy link

@Xiaoshouzi-gh Xiaoshouzi-gh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@NhienLam NhienLam merged commit b942e9e into main Oct 16, 2024
47 of 48 checks passed
@NhienLam NhienLam deleted the rce-phone branch October 16, 2024 23:32
@google-oss-bot google-oss-bot mentioned this pull request Oct 17, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants