Merge pull request #37 from firebase/add-snippets

Adding snippets for more Auth pages

Author: jenperson

auth/import_users.js

@@ -4,7 +4,7 @@ admin.initializeApp();
 
 //[START build_user_list]
 // Up to 1000 users can be imported at once.
-var userImportRecords = [
+let userImportRecords = [
   {
     uid: 'uid1',
     email: 'user1@example.com',
@@ -21,7 +21,7 @@ var userImportRecords = [
 ];
 //[END build_user_list]
 
-var userImportOptions = {
+let userImportOptions = {
   hash: {
     algorithm: 'HMAC_SHA256',
     key: Buffer.from('secretKey')

auth/manage_cookies.js

@@ -0,0 +1,108 @@
+'use strict';
+const admin = require('firebase-admin');
+admin.initializeApp();
+const express = require('express');
+const app = express();
+
+// [START session_login]
+app.post('/sessionLogin', (req, res) => {
+  // Get the ID token passed and the CSRF token.
+  const idToken = req.body.idToken.toString();
+  const csrfToken = req.body.csrfToken.toString();
+  // Guard against CSRF attacks.
+  if (csrfToken !== req.cookies.csrfToken) {
+    res.status(401).send('UNAUTHORIZED REQUEST!');
+    return;
+  }
+  // Set session expiration to 5 days.
+  const expiresIn = 60 * 60 * 24 * 5 * 1000;
+  // Create the session cookie. This will also verify the ID token in the process.
+  // The session cookie will have the same claims as the ID token.
+  // To only allow session cookie setting on recent sign-in, auth_time in ID token
+  // can be checked to ensure user was recently signed in before creating a session cookie.
+  admin.auth().createSessionCookie(idToken, {expiresIn}).then((sessionCookie) => {
+    // Set cookie policy for session cookie.
+    const options = {maxAge: expiresIn, httpOnly: true, secure: true};
+    res.cookie('session', sessionCookie, options);
+    res.end(JSON.stringify({status: 'success'}));
+  }, error => {
+    res.status(401).send('UNAUTHORIZED REQUEST!');
+  });
+});
+// [END session_login]
+
+app.post('/verifyToken', (req, res) => {
+  // Get the ID token.
+  const idToken = req.body.idToken.toString();
+  // Set session expiration to 5 days.
+  const expiresIn = 60 * 60 * 24 * 5 * 1000;
+  // [START check_auth_time]
+  admin.auth().verifyIdToken(idToken).then((decodedIdToken) => {
+    // Only process if the user just signed in in the last 5 minutes.
+    if (new Date().getTime() / 1000 - decodedIdToken.auth_time < 5 * 60) {
+      // Create session cookie and set it.
+      return admin.auth().createSessionCookie(idToken, {expiresIn});
+    }
+    // A user that was not recently signed in is trying to set a session cookie.
+    // To guard against ID token theft, require re-authentication.
+    res.status(401).send('Recent sign in required!');
+  });
+  // [END check_auth_time]
+});
+
+// [START session_verify]
+// Whenever a user is accessing restricted content that requires authentication.
+app.post('/profile', (req, res) => {
+  const sessionCookie = req.cookies.session || '';
+  // Verify the session cookie. In this case an additional check is added to detect
+  // if the user's Firebase session was revoked, user deleted/disabled, etc.
+  admin.auth().verifySessionCookie(
+    sessionCookie, true /** checkRevoked */).then((decodedClaims) => {
+    serveContentForUser('/profile', req, res, decodedClaims);
+  }).catch(error => {
+    // Session cookie is unavailable or invalid. Force user to login.
+    res.redirect('/login');
+  });
+});
+// [END session_verify]
+
+app.post('/verifySessionCookie', (req, res) => {
+  const sessionCookie = req.cookies.session || '';
+  // [START session_verify_with_permission_check]
+  admin.auth().verifySessionCookie(sessionCookie, true).then((decodedClaims) => {
+    // Check custom claims to confirm user is an admin.
+    if (decodedClaims.admin === true) {
+      return serveContentForAdmin('/admin', req, res, decodedClaims);
+    }
+    res.status(401).send('UNAUTHORIZED REQUEST!');
+  }).catch(error => {
+    // Session cookie is unavailable or invalid. Force user to login.
+    res.redirect('/login');
+  });
+  // [END session_verify_with_permission_check]
+});
+
+
+// [START session_clear]
+app.post('/sessionLogout', (req, res) => {
+  res.clearCookie('session');
+  res.redirect('/login');
+});
+// [END session_clear]
+
+// [START session_clear_and_revoke]
+app.post('/sessionLogout', (req, res) => {
+  const sessionCookie = req.cookies.session || '';
+  res.clearCookie('session');
+  admin.auth().verifySessionCookie(sessionCookie).then((decodedClaims) => {
+    return admin.auth().revokeRefreshTokens(decodedClaims.sub);
+  }).then(() => {
+    res.redirect('/login');
+  }).catch((error) => {
+    res.redirect('/login');
+  });
+});
+// [END session_clear_and_revoke]
+
+function serveContentForAdmin(){}
+function serveContentForUser(){}

auth/manage_sessions.js

@@ -0,0 +1,45 @@
+'use strict';
+const admin = require('firebase-admin');
+admin.initializeApp();
+
+// [START revoke_tokens]
+// Revoke all refresh tokens for a specified user for whatever reason.
+// Retrieve the timestamp of the revocation, in seconds since the epoch.
+admin.auth().revokeRefreshTokens(uid)
+    .then(() => {
+      return admin.auth().getUser(uid);
+    })
+    .then((userRecord) => {
+      return new Date(userRecord.tokensValidAfterTime).getTime() / 1000;
+    })
+    .then((timestamp) => {
+      console.log('Tokens revoked at: ', timestamp);
+  });
+// [END revoke_tokens]
+
+// [START save_revocation_in_db]
+const metadataRef = admin.database().ref('metadata/' + uid);
+metadataRef.set({revokeTime: utcRevocationTimeSecs})
+    .then(() => {
+      console.log('Database updated successfully.');
+    });
+// [END save_revocation_in_db]
+
+// [START verify_id_token_check_revoked]
+// Verify the ID token while checking if the token is revoked by passing
+// checkRevoked true.
+let checkRevoked = true;
+admin.auth().verifyIdToken(idToken, checkRevoked)
+  .then(payload => {
+    // Token is valid.
+  })
+  .catch(error => {
+    if (error.code == 'auth/id-token-revoked') {
+      // Token has been revoked. Inform the user to reauthenticate or signOut() the user.
+    } else {
+      // Token is invalid.
+    }
+  });
+// [END verify_id_token_check_revoked]
+
+let uid, idToken, utcRevocationTimeSecs;

auth/manage_users.js

@@ -0,0 +1,122 @@
+'use strict';
+const admin = require('firebase-admin');
+admin.initializeApp();
+
+// [START get_user_by_id]
+admin.auth().getUser(uid)
+.then(function(userRecord) {
+  // See the UserRecord reference doc for the contents of userRecord.
+  console.log('Successfully fetched user data:', userRecord.toJSON());
+})
+.catch(function(error) {
+  console.log('Error fetching user data:', error);
+});
+// [END get_user_by_id]
+
+// [START get_user_by_email]
+admin.auth().getUserByEmail(email)
+.then(function(userRecord) {
+  // See the UserRecord reference doc for the contents of userRecord.
+  console.log('Successfully fetched user data:', userRecord.toJSON());
+})
+.catch(function(error) {
+  console.log('Error fetching user data:', error);
+});
+// [END get_user_by_email]
+
+// [START get_user_by_phone]
+admin.auth().getUserByPhoneNumber(phoneNumber)
+.then(function(userRecord) {
+  // See the UserRecord reference doc for the contents of userRecord.
+  console.log('Successfully fetched user data:', userRecord.toJSON());
+})
+.catch(function(error) {
+  console.log('Error fetching user data:', error);
+});
+// [END get_user_by_phone]
+
+// [START create_user]
+admin.auth().createUser({
+  email: 'user@example.com',
+  emailVerified: false,
+  phoneNumber: '+11234567890',
+  password: 'secretPassword',
+  displayName: 'John Doe',
+  photoURL: 'http://www.example.com/12345678/photo.png',
+  disabled: false
+})
+  .then(function(userRecord) {
+    // See the UserRecord reference doc for the contents of userRecord.
+    console.log('Successfully created new user:', userRecord.uid);
+  })
+  .catch(function(error) {
+    console.log('Error creating new user:', error);
+  });
+  // [END create_user]
+
+// [START create_user_with_uid]
+admin.auth().createUser({
+  uid: 'some-uid',
+  email: 'user@example.com',
+  phoneNumber: '+11234567890'
+})
+  .then(function(userRecord) {
+    // See the UserRecord reference doc for the contents of userRecord.
+    console.log('Successfully created new user:', userRecord.uid);
+  })
+  .catch(function(error) {
+    console.log('Error creating new user:', error);
+  });
+// [END create_user_with_uid]
+
+// [START update_user]
+admin.auth().updateUser(uid, {
+  email: 'modifiedUser@example.com',
+  phoneNumber: '+11234567890',
+  emailVerified: true,
+  password: 'newPassword',
+  displayName: 'Jane Doe',
+  photoURL: 'http://www.example.com/12345678/photo.png',
+  disabled: true
+})
+  .then(function(userRecord) {
+    // See the UserRecord reference doc for the contents of userRecord.
+    console.log('Successfully updated user', userRecord.toJSON());
+  })
+  .catch(function(error) {
+    console.log('Error updating user:', error);
+  });
+// [END update_user]
+
+// [START delete_user]
+admin.auth().deleteUser(uid)
+.then(function() {
+  console.log('Successfully deleted user');
+})
+.catch(function(error) {
+  console.log('Error deleting user:', error);
+});
+// [END delete_user]
+
+// [START list_all_users]
+function listAllUsers(nextPageToken) {
+  // List batch of users, 1000 at a time.
+  admin.auth().listUsers(1000, nextPageToken)
+    .then(function(listUsersResult) {
+      listUsersResult.users.forEach(function(userRecord) {
+        console.log('user', userRecord.toJSON());
+      });
+      if (listUsersResult.pageToken) {
+        // List next batch of users.
+        listAllUsers(listUsersResult.pageToken);
+      }
+    })
+    .catch(function(error) {
+      console.log('Error listing users:', error);
+    });
+}
+// Start listing users from the beginning, 1000 at a time.
+listAllUsers();
+// [END list_all_users]
+
+let uid, email, phoneNumber;

auth/verify_id_tokens.js

@@ -0,0 +1,16 @@
+'use strict';
+const admin = require('firebase-admin');
+admin.initializeApp();
+
+// [START verify_id_token]
+// idToken comes from the client app
+admin.auth().verifyIdToken(idToken)
+  .then(function(decodedToken) {
+    var uid = decodedToken.uid;
+    // ...
+  }).catch(function(error) {
+    // Handle error
+  });
+// [END verify_id_token]
+
+let idToken;