diff --git a/packages/auth/__tests__/auth.test.ts b/packages/auth/__tests__/auth.test.ts index 36577e9c6b..61696dfc78 100644 --- a/packages/auth/__tests__/auth.test.ts +++ b/packages/auth/__tests__/auth.test.ts @@ -61,6 +61,7 @@ import auth, { verifyBeforeUpdateEmail, getAdditionalUserInfo, getCustomAuthDomain, + validatePassword, AppleAuthProvider, EmailAuthProvider, FacebookAuthProvider, @@ -72,6 +73,8 @@ import auth, { TwitterAuthProvider, } from '../lib'; +const PasswordPolicyImpl = require('../lib/password-policy/PasswordPolicyImpl').default; + // @ts-ignore test import FirebaseModule from '../../app/lib/internal/FirebaseModule'; // @ts-ignore - We don't mind missing types here @@ -133,13 +136,13 @@ describe('Auth', function () { const result = auth().useEmulator('http://my-host:9099'); expect(result).toEqual(['my-host', 9099]); }); - }); - describe('tenantId', function () { - it('should be able to set tenantId ', function () { - const auth = firebase.app().auth(); - auth.setTenantId('test-id').then(() => { - expect(auth.tenantId).toBe('test-id'); + describe('tenantId', function () { + it('should be able to set tenantId ', function () { + const auth = firebase.app().auth(); + auth.setTenantId('test-id').then(() => { + expect(auth.tenantId).toBe('test-id'); + }); }); }); @@ -201,6 +204,84 @@ describe('Auth', function () { expect(actual._auth).not.toBeNull(); }); }); + + describe('ActionCodeSettings', function () { + beforeAll(function () { + // @ts-ignore test + jest.spyOn(FirebaseModule.prototype, 'native', 'get').mockImplementation(() => { + return new Proxy( + {}, + { + get: () => jest.fn().mockResolvedValue({} as never), + }, + ); + }); + }); + + it('should allow linkDomain as `ActionCodeSettings.linkDomain`', function () { + const auth = firebase.app().auth(); + const actionCodeSettings: FirebaseAuthTypes.ActionCodeSettings = { + url: 'https://example.com', + handleCodeInApp: true, + linkDomain: 'example.com', + }; + const email = 'fake@example.com'; + auth.sendSignInLinkToEmail(email, actionCodeSettings); + auth.sendPasswordResetEmail(email, actionCodeSettings); + sendPasswordResetEmail(auth, email, actionCodeSettings); + sendSignInLinkToEmail(auth, email, actionCodeSettings); + + const user: FirebaseAuthTypes.User = new User(auth, {}); + + user.sendEmailVerification(actionCodeSettings); + user.verifyBeforeUpdateEmail(email, actionCodeSettings); + sendEmailVerification(user, actionCodeSettings); + verifyBeforeUpdateEmail(user, email, actionCodeSettings); + }); + + it('should warn using `ActionCodeSettings.dynamicLinkDomain`', function () { + const auth = firebase.app().auth(); + const actionCodeSettings: FirebaseAuthTypes.ActionCodeSettings = { + url: 'https://example.com', + handleCodeInApp: true, + linkDomain: 'example.com', + dynamicLinkDomain: 'example.com', + }; + const email = 'fake@example.com'; + let warnings = 0; + const consoleWarnSpy = jest.spyOn(console, 'warn'); + consoleWarnSpy.mockReset(); + consoleWarnSpy.mockImplementation(warnMessage => { + if ( + warnMessage.includes( + 'Instead, use ActionCodeSettings.linkDomain to set up a custom domain', + ) + ) { + warnings++; + } + }); + auth.sendSignInLinkToEmail(email, actionCodeSettings); + expect(warnings).toBe(1); + auth.sendPasswordResetEmail(email, actionCodeSettings); + expect(warnings).toBe(2); + sendPasswordResetEmail(auth, email, actionCodeSettings); + expect(warnings).toBe(3); + sendSignInLinkToEmail(auth, email, actionCodeSettings); + expect(warnings).toBe(4); + const user: FirebaseAuthTypes.User = new User(auth, {}); + + user.sendEmailVerification(actionCodeSettings); + expect(warnings).toBe(5); + user.verifyBeforeUpdateEmail(email, actionCodeSettings); + expect(warnings).toBe(6); + sendEmailVerification(user, actionCodeSettings); + expect(warnings).toBe(7); + verifyBeforeUpdateEmail(user, email, actionCodeSettings); + expect(warnings).toBe(8); + consoleWarnSpy.mockReset(); + consoleWarnSpy.mockRestore(); + }); + }); }); describe('modular', function () { @@ -420,6 +501,10 @@ describe('Auth', function () { expect(getCustomAuthDomain).toBeDefined(); }); + it('`validatePassword` function is properly exposed to end user', function () { + expect(validatePassword).toBeDefined(); + }); + it('`AppleAuthProvider` class is properly exposed to end user', function () { expect(AppleAuthProvider).toBeDefined(); }); @@ -456,81 +541,79 @@ describe('Auth', function () { expect(TwitterAuthProvider).toBeDefined(); }); - describe('ActionCodeSettings', function () { - beforeAll(function () { - // @ts-ignore test - jest.spyOn(FirebaseModule.prototype, 'native', 'get').mockImplementation(() => { - return new Proxy( - {}, - { - get: () => jest.fn().mockResolvedValue({} as never), - }, - ); - }); + describe('PasswordPolicyImpl', function () { + const TEST_MIN_PASSWORD_LENGTH = 6; + const TEST_SCHEMA_VERSION = 1; + + const testPolicy = { + customStrengthOptions: { + minPasswordLength: 6, + maxPasswordLength: 4096, + containsLowercaseCharacter: true, + containsUppercaseCharacter: true, + containsNumericCharacter: true, + containsNonAlphanumericCharacter: true, + }, + allowedNonAlphanumericCharacters: ['$', '*'], + schemaVersion: 1, + enforcementState: 'OFF', + }; + + it('should create a password policy', async () => { + let passwordPolicy = new PasswordPolicyImpl(testPolicy); + expect(passwordPolicy).toBeDefined(); + expect(passwordPolicy.customStrengthOptions.minPasswordLength).toEqual( + TEST_MIN_PASSWORD_LENGTH, + ); + expect(passwordPolicy.schemaVersion).toEqual(TEST_SCHEMA_VERSION); }); - it('should allow linkDomain as `ActionCodeSettings.linkDomain`', function () { - const auth = firebase.app().auth(); - const actionCodeSettings: FirebaseAuthTypes.ActionCodeSettings = { - url: 'https://example.com', - handleCodeInApp: true, - linkDomain: 'example.com', - }; - const email = 'fake@example.com'; - auth.sendSignInLinkToEmail(email, actionCodeSettings); - auth.sendPasswordResetEmail(email, actionCodeSettings); - sendPasswordResetEmail(auth, email, actionCodeSettings); - sendSignInLinkToEmail(auth, email, actionCodeSettings); + it('should return statusValid: true when the password satisfies the password policy', async () => { + const passwordPolicy = new PasswordPolicyImpl(testPolicy); + let password = 'Password$123'; + let status = passwordPolicy.validatePassword(password); + expect(status).toBeDefined(); + expect(status.isValid).toEqual(true); + }); - const user: FirebaseAuthTypes.User = new User(auth, {}); + it('should return statusValid: false when the password is too short', async () => { + const passwordPolicy = new PasswordPolicyImpl(testPolicy); + let password = 'Pa1$'; + let status = passwordPolicy.validatePassword(password); + expect(status).toBeDefined(); + expect(status.isValid).toEqual(false); + }); - user.sendEmailVerification(actionCodeSettings); - user.verifyBeforeUpdateEmail(email, actionCodeSettings); - sendEmailVerification(user, actionCodeSettings); - verifyBeforeUpdateEmail(user, email, actionCodeSettings); + it('should return statusValid: false when the password has no capital characters', async () => { + const passwordPolicy = new PasswordPolicyImpl(testPolicy); + let password = 'password123$'; + let status = passwordPolicy.validatePassword(password); + expect(status).toBeDefined(); + expect(status.isValid).toEqual(false); }); - it('should warn using `ActionCodeSettings.dynamicLinkDomain`', function () { - const auth = firebase.app().auth(); - const actionCodeSettings: FirebaseAuthTypes.ActionCodeSettings = { - url: 'https://example.com', - handleCodeInApp: true, - linkDomain: 'example.com', - dynamicLinkDomain: 'example.com', - }; - const email = 'fake@example.com'; - let warnings = 0; - const consoleWarnSpy = jest.spyOn(console, 'warn'); - consoleWarnSpy.mockReset(); - consoleWarnSpy.mockImplementation(warnMessage => { - if ( - warnMessage.includes( - 'Instead, use ActionCodeSettings.linkDomain to set up a custom domain', - ) - ) { - warnings++; - } - }); - auth.sendSignInLinkToEmail(email, actionCodeSettings); - expect(warnings).toBe(1); - auth.sendPasswordResetEmail(email, actionCodeSettings); - expect(warnings).toBe(2); - sendPasswordResetEmail(auth, email, actionCodeSettings); - expect(warnings).toBe(3); - sendSignInLinkToEmail(auth, email, actionCodeSettings); - expect(warnings).toBe(4); - const user: FirebaseAuthTypes.User = new User(auth, {}); + it('should return statusValid: false when the password has no lowercase characters', async () => { + const passwordPolicy = new PasswordPolicyImpl(testPolicy); + let password = 'PASSWORD123$'; + let status = passwordPolicy.validatePassword(password); + expect(status).toBeDefined(); + expect(status.isValid).toEqual(false); + }); - user.sendEmailVerification(actionCodeSettings); - expect(warnings).toBe(5); - user.verifyBeforeUpdateEmail(email, actionCodeSettings); - expect(warnings).toBe(6); - sendEmailVerification(user, actionCodeSettings); - expect(warnings).toBe(7); - verifyBeforeUpdateEmail(user, email, actionCodeSettings); - expect(warnings).toBe(8); - consoleWarnSpy.mockReset(); - consoleWarnSpy.mockRestore(); + it('should return statusValid: false when the password has no numbers', async () => { + const passwordPolicy = new PasswordPolicyImpl(testPolicy); + let password = 'Password$'; + let status = passwordPolicy.validatePassword(password); + expect(status).toBeDefined(); + expect(status.isValid).toEqual(false); + }); + + it('should return statusValid: false when the password has no special characters', async () => { + const passwordPolicy = new PasswordPolicyImpl(testPolicy); + let password = 'Password123'; + let status = passwordPolicy.validatePassword(password); + expect(status).toBeDefined(); + expect(status.isValid).toEqual(false); }); }); }); diff --git a/packages/auth/e2e/validatePassword.e2e.js b/packages/auth/e2e/validatePassword.e2e.js new file mode 100644 index 0000000000..0cb82746ce --- /dev/null +++ b/packages/auth/e2e/validatePassword.e2e.js @@ -0,0 +1,79 @@ +/* + * Copyright (c) 2016-present Invertase Limited & Contributors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this library except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +import { validatePassword, getAuth } from '../lib/'; + +describe('auth() -> validatePassword()', function () { + it('isValid is false if password is too short', async function () { + let status = await validatePassword(getAuth(), 'Pa1$'); + status.isValid.should.equal(false); + }); + + it('isValid is false if password is empty string', async function () { + let status = await validatePassword(getAuth(), ''); + status.isValid.should.equal(false); + }); + + it('isValid is false if password has no digits', async function () { + let status = await validatePassword(getAuth(), 'Password$'); + status.isValid.should.equal(false); + }); + + it('isValid is false if password has no capital letters', async function () { + let status = await validatePassword(getAuth(), 'password123$'); + status.isValid.should.equal(false); + }); + + it('isValid is false if password has no lowercase letters', async function () { + let status = await validatePassword(getAuth(), 'PASSWORD123$'); + status.isValid.should.equal(false); + }); + + it('isValid is true if given a password that satisfies the policy', async function () { + let status = await validatePassword(getAuth(), 'Password123$'); + status.isValid.should.equal(true); + }); + + it('validatePassword throws an error if password is null', async function () { + try { + await validatePassword(getAuth(), null); + } catch (e) { + e.message.should.equal( + "firebase.auth().validatePassword(*) expected 'password' to be a non-null or a defined value.", + ); + } + }); + + it('validatePassword throws an error if password is undefined', async function () { + try { + await validatePassword(getAuth(), undefined); + } catch (e) { + e.message.should.equal( + "firebase.auth().validatePassword(*) expected 'password' to be a non-null or a defined value.", + ); + } + }); + + it('validatePassword throws an error if given a bad auth instance', async function () { + try { + await validatePassword(undefined, 'Testing123$'); + } catch (e) { + e.message.should.containEql('app'); + e.message.should.containEql('undefined'); + } + }); +}); diff --git a/packages/auth/lib/modular/index.d.ts b/packages/auth/lib/modular/index.d.ts index ee4cb6c58e..4ebf3f784a 100644 --- a/packages/auth/lib/modular/index.d.ts +++ b/packages/auth/lib/modular/index.d.ts @@ -690,10 +690,85 @@ export function getAdditionalUserInfo( export function getCustomAuthDomain(auth: Auth): Promise; /** - * Various Providers. + * Validates the password against the password policy configured for the project or tenant. + * + * @remarks + * If no tenant ID is set on the `Auth` instance, then this method will use the password + * policy configured for the project. Otherwise, this method will use the policy configured + * for the tenant. If a password policy has not been configured, then the default policy + * configured for all projects will be used. + * + * If an auth flow fails because a submitted password does not meet the password policy + * requirements and this method has previously been called, then this method will use the + * most recent policy available when called again. + * + * When using this method, ensure you have the Identity Toolkit enabled on the + * Google Cloud Platform with the API Key for your application permitted to use it. + * + * @example + * ``` js + * import { getAuth, validatePassword } from "firebase/auth"; + * + * const status = await validatePassword(getAuth(), passwordFromUser); + * if (!status.isValid) { + * // Password could not be validated. Use the status to show what + * // requirements are met and which are missing. * + * // If a criterion is undefined, it is not required by policy. If the + * // criterion is defined but false, it is required but not fulfilled by + * // the given password. For example: + * const needsLowerCase = status.containsLowercaseLetter !== true; + * } + * ``` * + * @param auth The {@link Auth} instance. + * @param password The password to validate. + * + * @public */ +export function validatePassword(auth: Auth, password: string): Promise; + +/** + * A structure indicating which password policy requirements were met or violated and what the + * requirements are. + * + * @public + */ +export interface PasswordValidationStatus { + /** + * Whether the password meets all requirements. + */ + readonly isValid: boolean; + /** + * Whether the password meets the minimum password length, or undefined if not required. + */ + readonly meetsMinPasswordLength?: boolean; + /** + * Whether the password meets the maximum password length, or undefined if not required. + */ + readonly meetsMaxPasswordLength?: boolean; + /** + * Whether the password contains a lowercase letter, or undefined if not required. + */ + readonly containsLowercaseLetter?: boolean; + /** + * Whether the password contains an uppercase letter, or undefined if not required. + */ + readonly containsUppercaseLetter?: boolean; + /** + * Whether the password contains a numeric character, or undefined if not required. + */ + readonly containsNumericCharacter?: boolean; + /** + * Whether the password contains a non-alphanumeric character, or undefined if not required. + */ + readonly containsNonAlphanumericCharacter?: boolean; + /** + * The policy used to validate the password. + */ + readonly passwordPolicy: PasswordPolicy; +} + export { AppleAuthProvider, EmailAuthProvider, diff --git a/packages/auth/lib/modular/index.js b/packages/auth/lib/modular/index.js index 88ba375cac..959939f462 100644 --- a/packages/auth/lib/modular/index.js +++ b/packages/auth/lib/modular/index.js @@ -16,6 +16,8 @@ */ import { getApp } from '@react-native-firebase/app'; +import { fetchPasswordPolicy } from '../password-policy/passwordPolicyApi'; +import { PasswordPolicyImpl } from '../password-policy/PasswordPolicyImpl'; import FacebookAuthProvider from '../providers/FacebookAuthProvider'; export { FacebookAuthProvider }; @@ -353,17 +355,6 @@ export function useDeviceLanguage(auth) { throw new Error('useDeviceLanguage is unsupported by the native Firebase SDKs'); } -/** - * Validates the password against the password policy configured for the project or tenant. - * - * @param auth - The Auth instance. - * @param password - The password to validate. - * - */ -export function validatePassword(auth, password) { - throw new Error('validatePassword is only supported on Web'); -} //TO DO: ADD support. - /** * Sets the current language to the default device/browser preference. * @param {Auth} auth - The Auth instance. @@ -614,3 +605,23 @@ export function getAdditionalUserInfo(userCredential) { export function getCustomAuthDomain(auth) { return auth.getCustomAuthDomain(); } + +/** + * Returns a password validation status + * @param {Auth} auth - The Auth instance. + * @param {string} password - The password to validate. + * @returns {Promise} + */ +export async function validatePassword(auth, password) { + if (password === null || password === undefined) { + throw new Error( + "firebase.auth().validatePassword(*) expected 'password' to be a non-null or a defined value.", + ); + } + let passwordPolicy = await fetchPasswordPolicy(auth); + + const passwordPolicyImpl = await new PasswordPolicyImpl(passwordPolicy); + let status = passwordPolicyImpl.validatePassword(password); + + return status; +} diff --git a/packages/auth/lib/password-policy/PasswordPolicyImpl.js b/packages/auth/lib/password-policy/PasswordPolicyImpl.js new file mode 100644 index 0000000000..cdfb99a118 --- /dev/null +++ b/packages/auth/lib/password-policy/PasswordPolicyImpl.js @@ -0,0 +1,132 @@ +/* + * Copyright (c) 2016-present Invertase Limited & Contributors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this library except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +// Minimum min password length enforced by the backend, even if no minimum length is set. +const MINIMUM_MIN_PASSWORD_LENGTH = 6; + +/** + * Stores password policy requirements and provides password validation against the policy. + * + * @internal + */ +export class PasswordPolicyImpl { + constructor(response) { + // Only include custom strength options defined in the response. + const responseOptions = response.customStrengthOptions; + this.customStrengthOptions = {}; + this.customStrengthOptions.minPasswordLength = + responseOptions.minPasswordLength ?? MINIMUM_MIN_PASSWORD_LENGTH; + if (responseOptions.maxPasswordLength) { + this.customStrengthOptions.maxPasswordLength = responseOptions.maxPasswordLength; + } + if (responseOptions.containsLowercaseCharacter !== undefined) { + this.customStrengthOptions.containsLowercaseLetter = + responseOptions.containsLowercaseCharacter; + } + if (responseOptions.containsUppercaseCharacter !== undefined) { + this.customStrengthOptions.containsUppercaseLetter = + responseOptions.containsUppercaseCharacter; + } + if (responseOptions.containsNumericCharacter !== undefined) { + this.customStrengthOptions.containsNumericCharacter = + responseOptions.containsNumericCharacter; + } + if (responseOptions.containsNonAlphanumericCharacter !== undefined) { + this.customStrengthOptions.containsNonAlphanumericCharacter = + responseOptions.containsNonAlphanumericCharacter; + } + + this.enforcementState = + response.enforcementState === 'ENFORCEMENT_STATE_UNSPECIFIED' + ? 'OFF' + : response.enforcementState; + + // Use an empty string if no non-alphanumeric characters are specified in the response. + this.allowedNonAlphanumericCharacters = + response.allowedNonAlphanumericCharacters?.join('') ?? ''; + + this.forceUpgradeOnSignin = response.forceUpgradeOnSignin ?? false; + this.schemaVersion = response.schemaVersion; + } + + validatePassword(password) { + const status = { + isValid: true, + passwordPolicy: this, + }; + + this.validatePasswordLengthOptions(password, status); + this.validatePasswordCharacterOptions(password, status); + + status.isValid &&= status.meetsMinPasswordLength ?? true; + status.isValid &&= status.meetsMaxPasswordLength ?? true; + status.isValid &&= status.containsLowercaseLetter ?? true; + status.isValid &&= status.containsUppercaseLetter ?? true; + status.isValid &&= status.containsNumericCharacter ?? true; + status.isValid &&= status.containsNonAlphanumericCharacter ?? true; + + return status; + } + + validatePasswordLengthOptions(password, status) { + const minPasswordLength = this.customStrengthOptions.minPasswordLength; + const maxPasswordLength = this.customStrengthOptions.maxPasswordLength; + if (minPasswordLength) { + status.meetsMinPasswordLength = password.length >= minPasswordLength; + } + if (maxPasswordLength) { + status.meetsMaxPasswordLength = password.length <= maxPasswordLength; + } + } + + validatePasswordCharacterOptions(password, status) { + this.updatePasswordCharacterOptionsStatuses(status, false, false, false, false); + + for (let i = 0; i < password.length; i++) { + const passwordChar = password.charAt(i); + this.updatePasswordCharacterOptionsStatuses( + status, + passwordChar >= 'a' && passwordChar <= 'z', + passwordChar >= 'A' && passwordChar <= 'Z', + passwordChar >= '0' && passwordChar <= '9', + this.allowedNonAlphanumericCharacters.includes(passwordChar), + ); + } + } + + updatePasswordCharacterOptionsStatuses( + status, + containsLowercaseCharacter, + containsUppercaseCharacter, + containsNumericCharacter, + containsNonAlphanumericCharacter, + ) { + if (this.customStrengthOptions.containsLowercaseLetter) { + status.containsLowercaseLetter ||= containsLowercaseCharacter; + } + if (this.customStrengthOptions.containsUppercaseLetter) { + status.containsUppercaseLetter ||= containsUppercaseCharacter; + } + if (this.customStrengthOptions.containsNumericCharacter) { + status.containsNumericCharacter ||= containsNumericCharacter; + } + if (this.customStrengthOptions.containsNonAlphanumericCharacter) { + status.containsNonAlphanumericCharacter ||= containsNonAlphanumericCharacter; + } + } +} +export default PasswordPolicyImpl; diff --git a/packages/auth/lib/password-policy/passwordPolicyApi.js b/packages/auth/lib/password-policy/passwordPolicyApi.js new file mode 100644 index 0000000000..8f68cf9796 --- /dev/null +++ b/packages/auth/lib/password-policy/passwordPolicyApi.js @@ -0,0 +1,55 @@ +/* + * Copyright (c) 2016-present Invertase Limited & Contributors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this library except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +/** + * Performs an API request to Firebase Console to get password policy json. + * + * @param {Object} auth - The authentication instance + * @returns {Promise} A promise that resolves to the API response. + * @throws {Error} Throws an error if the request fails or encounters an issue. + */ +export async function fetchPasswordPolicy(auth) { + let schemaVersion = 1; + + try { + // Identity toolkit API endpoint for password policy. Ensure this is enabled on Google cloud. + const baseURL = 'https://identitytoolkit.googleapis.com/v2/passwordPolicy?key='; + const apiKey = auth.app.options.apiKey; + + const response = await fetch(`${baseURL}${apiKey}`); + if (!response.ok) { + const errorDetails = await response.text(); + throw new Error( + `firebase.auth().validatePassword(*) failed to fetch password policy from Firebase Console: ${response.statusText}. Details: ${errorDetails}`, + ); + } + const passwordPolicy = await response.json(); + + if (passwordPolicy.schemaVersion !== schemaVersion) { + throw new Error( + `Password policy schema version mismatch. Expected: ${schemaVersion}, received: ${passwordPolicy.schemaVersion}`, + ); + } + return passwordPolicy; + } catch (error) { + throw new Error( + `firebase.auth().validatePassword(*) Failed to fetch password policy: ${error.message}`, + ); + } +} + +module.exports = { fetchPasswordPolicy };