FIRAuthBackend.m

/*
 * Copyright 2017 Google
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
*/

#import"FirebaseAuth/Sources/Backend/FIRAuthBackend.h"

#if SWIFT_PACKAGE
@import GTMSessionFetcherCore;
#else
#import<GTMSessionFetcher/GTMSessionFetcher.h>
#import<GTMSessionFetcher/GTMSessionFetcherService.h>
#endif

#import<FirebaseAppCheckInterop/FirebaseAppCheckInterop.h>

#import"FirebaseAuth/Sources/Public/FirebaseAuth/FirebaseAuth.h"

#import"FirebaseAuth/Sources/Auth/FIRAuthGlobalWorkQueue.h"
#import"FirebaseAuth/Sources/Auth/FIRAuth_Internal.h"
#import"FirebaseAuth/Sources/AuthProvider/OAuth/FIROAuthCredential_Internal.h"
#import"FirebaseAuth/Sources/Backend/RPC/FIRCreateAuthURIRequest.h"
#import"FirebaseAuth/Sources/Backend/RPC/FIRCreateAuthURIResponse.h"
#import"FirebaseAuth/Sources/Backend/RPC/FIRDeleteAccountRequest.h"
#import"FirebaseAuth/Sources/Backend/RPC/FIRDeleteAccountResponse.h"
#import"FirebaseAuth/Sources/Backend/RPC/FIREmailLinkSignInRequest.h"
#import"FirebaseAuth/Sources/Backend/RPC/FIREmailLinkSignInResponse.h"
#import"FirebaseAuth/Sources/Backend/RPC/FIRGetAccountInfoRequest.h"
#import"FirebaseAuth/Sources/Backend/RPC/FIRGetAccountInfoResponse.h"
#import"FirebaseAuth/Sources/Backend/RPC/FIRGetOOBConfirmationCodeRequest.h"
#import"FirebaseAuth/Sources/Backend/RPC/FIRGetOOBConfirmationCodeResponse.h"
#import"FirebaseAuth/Sources/Backend/RPC/FIRGetProjectConfigRequest.h"
#import"FirebaseAuth/Sources/Backend/RPC/FIRGetProjectConfigResponse.h"
#import"FirebaseAuth/Sources/Backend/RPC/FIRGetRecaptchaConfigRequest.h"
#import"FirebaseAuth/Sources/Backend/RPC/FIRGetRecaptchaConfigResponse.h"
#import"FirebaseAuth/Sources/Backend/RPC/FIRResetPasswordRequest.h"
#import"FirebaseAuth/Sources/Backend/RPC/FIRResetPasswordResponse.h"
#import"FirebaseAuth/Sources/Backend/RPC/FIRRevokeTokenRequest.h"
#import"FirebaseAuth/Sources/Backend/RPC/FIRRevokeTokenResponse.h"
#import"FirebaseAuth/Sources/Backend/RPC/FIRSecureTokenRequest.h"
#import"FirebaseAuth/Sources/Backend/RPC/FIRSecureTokenResponse.h"
#import"FirebaseAuth/Sources/Backend/RPC/FIRSendVerificationCodeRequest.h"
#import"FirebaseAuth/Sources/Backend/RPC/FIRSendVerificationCodeResponse.h"
#import"FirebaseAuth/Sources/Backend/RPC/FIRSetAccountInfoRequest.h"
#import"FirebaseAuth/Sources/Backend/RPC/FIRSetAccountInfoResponse.h"
#import"FirebaseAuth/Sources/Backend/RPC/FIRSignInWithGameCenterRequest.h"
#import"FirebaseAuth/Sources/Backend/RPC/FIRSignInWithGameCenterResponse.h"
#import"FirebaseAuth/Sources/Backend/RPC/FIRSignUpNewUserRequest.h"
#import"FirebaseAuth/Sources/Backend/RPC/FIRSignUpNewUserResponse.h"
#import"FirebaseAuth/Sources/Backend/RPC/FIRVerifyAssertionRequest.h"
#import"FirebaseAuth/Sources/Backend/RPC/FIRVerifyAssertionResponse.h"
#import"FirebaseAuth/Sources/Backend/RPC/FIRVerifyClientRequest.h"
#import"FirebaseAuth/Sources/Backend/RPC/FIRVerifyClientResponse.h"
#import"FirebaseAuth/Sources/Backend/RPC/FIRVerifyCustomTokenRequest.h"
#import"FirebaseAuth/Sources/Backend/RPC/FIRVerifyCustomTokenResponse.h"
#import"FirebaseAuth/Sources/Backend/RPC/FIRVerifyPasswordRequest.h"
#import"FirebaseAuth/Sources/Backend/RPC/FIRVerifyPasswordResponse.h"
#import"FirebaseAuth/Sources/Backend/RPC/FIRVerifyPhoneNumberRequest.h"
#import"FirebaseAuth/Sources/Backend/RPC/FIRVerifyPhoneNumberResponse.h"
#import"FirebaseAuth/Sources/Utilities/FIRAuthErrorUtils.h"
#import"FirebaseCore/Extension/FirebaseCoreInternal.h"

#if TARGET_OS_IOS
#import"FirebaseAuth/Sources/Public/FirebaseAuth/FIRPhoneAuthProvider.h"

#import"FirebaseAuth/Sources/AuthProvider/Phone/FIRPhoneAuthCredential_Internal.h"
#import"FirebaseAuth/Sources/MultiFactor/Phone/FIRPhoneMultiFactorInfo+Internal.h"
#import"FirebaseAuth/Sources/MultiFactor/TOTP/FIRTOTPMultiFactorInfo.h"

#endif

NS_ASSUME_NONNULL_BEGIN

/** @var kClientVersionHeader
 @brief HTTP header name for the client version.
*/
staticNSString *constkClientVersionHeader = @"X-Client-Version";

/** @var kIosBundleIdentifierHeader
 @brief HTTP header name for iOS bundle ID.
*/
staticNSString *constkIosBundleIdentifierHeader = @"X-Ios-Bundle-Identifier";

/** @var kFirebaseLocalHeader
 @brief HTTP header name for the firebase locale.
*/
staticNSString *constkFirebaseLocalHeader = @"X-Firebase-Locale";

/** @var kFirebaseAppIDHeader
 @brief HTTP header name for the Firebase app ID.
*/
staticNSString *constkFirebaseAppIDHeader = @"X-Firebase-GMPID";

/** @var kFirebaseHeartbeatHeader
 @brief HTTP header name for a Firebase heartbeats payload.
*/
staticNSString *constkFirebaseHeartbeatHeader = @"X-Firebase-Client";

/** @var kFirebaseAuthCoreFrameworkMarker
 @brief The marker in the HTTP header that indicates the request comes from Firebase Auth Core.
*/
staticNSString *constkFirebaseAuthCoreFrameworkMarker = @"FirebaseCore-iOS";

/** @var kJSONContentType
 @brief The value of the HTTP content-type header for JSON payloads.
*/
staticNSString *constkJSONContentType = @"application/json";

/** @var kErrorDataKey
 @brief Key for error data in NSError returned by @c GTMSessionFetcher.
*/
staticNSString *constkErrorDataKey = @"data";

/** @var kErrorKey
 @brief The key for the "error" value in JSON responses from the server.
*/
staticNSString *constkErrorKey = @"error";

/** @var kErrorsKey
 @brief The key for the "errors" value in JSON responses from the server.
*/
staticNSString *constkErrorsKey = @"errors";

/** @var kReasonKey
 @brief The key for the "reason" value in JSON responses from the server.
*/
staticNSString *constkReasonKey = @"reason";

/** @var kInvalidKeyReasonValue
 @brief The value for the "reason" key indicating an invalid API Key was received by the server.
*/
staticNSString *constkInvalidKeyReasonValue = @"keyInvalid";

/** @var kAppNotAuthorizedReasonValue
 @brief The value for the "reason" key indicating the App is not authorized to use Firebase
 Authentication.
*/
staticNSString *constkAppNotAuthorizedReasonValue = @"ipRefererBlocked";

/** @var kErrorMessageKey
 @brief The key for an error's "message" value in JSON responses from the server.
*/
staticNSString *constkErrorMessageKey = @"message";

/** @var kReturnIDPCredentialErrorMessageKey
 @brief The key for "errorMessage" value in JSON responses from the server, In case
 returnIDPCredential of a verifyAssertion request is set to @YES.
*/
staticNSString *constkReturnIDPCredentialErrorMessageKey = @"errorMessage";

/** @var kUserNotFoundErrorMessage
 @brief This is the error message returned when the user is not found, which means the user
 account has been deleted given the token was once valid.
*/
staticNSString *constkUserNotFoundErrorMessage = @"USER_NOT_FOUND";

/** @var kUserDeletedErrorMessage
 @brief This is the error message the server will respond with if the user entered an invalid
 email address.
*/
staticNSString *constkUserDeletedErrorMessage = @"EMAIL_NOT_FOUND";

/** @var kInvalidLocalIDErrorMessage
 @brief This is the error message the server responds with if the user local id in the id token
 does not exit.
*/
staticNSString *constkInvalidLocalIDErrorMessage = @"INVALID_LOCAL_ID";

/** @var kUserTokenExpiredErrorMessage
 @brief The error returned by the server if the token issue time is older than the account's
 valid_since time.
*/
staticNSString *constkUserTokenExpiredErrorMessage = @"TOKEN_EXPIRED";

/** @var kTooManyRequestsErrorMessage
 @brief This is the error message the server will respond with if too many requests were made to
 a server method.
*/
staticNSString *constkTooManyRequestsErrorMessage = @"TOO_MANY_ATTEMPTS_TRY_LATER";

/** @var kInvalidCustomTokenErrorMessage
 @brief This is the error message the server will respond with if there is a validation error
 with the custom token.
*/
staticNSString *constkInvalidCustomTokenErrorMessage = @"INVALID_CUSTOM_TOKEN";

/** @var kCustomTokenMismatch
 @brief This is the error message the server will respond with if the service account and API key
 belong to different projects.
*/
staticNSString *constkCustomTokenMismatch = @"CREDENTIAL_MISMATCH";

/** @var kInvalidCredentialErrorMessage
 @brief This is the error message the server responds with if the IDP token or requestUri is
 invalid.
*/
staticNSString *constkInvalidCredentialErrorMessage = @"INVALID_IDP_RESPONSE";

/** @var kUserDisabledErrorMessage
 @brief The error returned by the server if the user account is diabled.
*/
staticNSString *constkUserDisabledErrorMessage = @"USER_DISABLED";

/** @var kOperationNotAllowedErrorMessage
 @brief This is the error message the server will respond with if Admin disables IDP specified by
 provider.
*/
staticNSString *constkOperationNotAllowedErrorMessage = @"OPERATION_NOT_ALLOWED";

/** @var kPasswordLoginDisabledErrorMessage
 @brief This is the error message the server responds with if password login is disabled.
*/
staticNSString *constkPasswordLoginDisabledErrorMessage = @"PASSWORD_LOGIN_DISABLED";

/** @var kEmailAlreadyInUseErrorMessage
 @brief This is the error message the server responds with if the email address already exists.
*/
staticNSString *constkEmailAlreadyInUseErrorMessage = @"EMAIL_EXISTS";

/** @var kInvalidEmailErrorMessage
 @brief The error returned by the server if the email is invalid.
*/
staticNSString *constkInvalidEmailErrorMessage = @"INVALID_EMAIL";

/** @var kInvalidIdentifierErrorMessage
 @brief The error returned by the server if the identifier is invalid.
*/
staticNSString *constkInvalidIdentifierErrorMessage = @"INVALID_IDENTIFIER";

/** @var kWrongPasswordErrorMessage
 @brief This is the error message the server will respond with if the user entered a wrong
 password.
*/
staticNSString *constkWrongPasswordErrorMessage = @"INVALID_PASSWORD";

/** @var kCredentialTooOldErrorMessage
 @brief This is the error message the server responds with if account change is attempted 5
 minutes after signing in.
*/
staticNSString *constkCredentialTooOldErrorMessage = @"CREDENTIAL_TOO_OLD_LOGIN_AGAIN";

/** @var kFederatedUserIDAlreadyLinkedMessage
 @brief This is the error message the server will respond with if the federated user ID has been
 already linked with another account.
*/
staticNSString *constkFederatedUserIDAlreadyLinkedMessage = @"FEDERATED_USER_ID_ALREADY_LINKED";

/** @var kInvalidUserTokenErrorMessage
 @brief This is the error message the server responds with if user's saved auth credential is
 invalid, and the user needs to sign in again.
*/
staticNSString *constkInvalidUserTokenErrorMessage = @"INVALID_ID_TOKEN";

/** @var kWeakPasswordErrorMessagePrefix
 @brief This is the prefix for the error message the server responds with if user's new password
 to be set is too weak.
*/
staticNSString *constkWeakPasswordErrorMessagePrefix = @"WEAK_PASSWORD";

/** @var kExpiredActionCodeErrorMessage
 @brief This is the error message the server will respond with if the action code is expired.
*/
staticNSString *constkExpiredActionCodeErrorMessage = @"EXPIRED_OOB_CODE";

/** @var kInvalidActionCodeErrorMessage
 @brief This is the error message the server will respond with if the action code is invalid.
*/
staticNSString *constkInvalidActionCodeErrorMessage = @"INVALID_OOB_CODE";

/** @var kMissingEmailErrorMessage
 @brief This is the error message the server will respond with if the email address is missing
 during a "send password reset email" attempt.
*/
staticNSString *constkMissingEmailErrorMessage = @"MISSING_EMAIL";

/** @var kInvalidSenderEmailErrorMessage
 @brief This is the error message the server will respond with if the sender email is invalid
 during a "send password reset email" attempt.
*/
staticNSString *constkInvalidSenderEmailErrorMessage = @"INVALID_SENDER";

/** @var kInvalidMessagePayloadErrorMessage
 @brief This is the error message the server will respond with if there are invalid parameters in
 the payload during a "send password reset email" attempt.
*/
staticNSString *constkInvalidMessagePayloadErrorMessage = @"INVALID_MESSAGE_PAYLOAD";

/** @var kInvalidRecipientEmailErrorMessage
 @brief This is the error message the server will respond with if the recipient email is invalid.
*/
staticNSString *constkInvalidRecipientEmailErrorMessage = @"INVALID_RECIPIENT_EMAIL";

/** @var kMissingIosBundleIDErrorMessage
 @brief This is the error message the server will respond with if iOS bundle ID is missing but
 the iOS App store ID is provided.
*/
staticNSString *constkMissingIosBundleIDErrorMessage = @"MISSING_IOS_BUNDLE_ID";

/** @var kMissingAndroidPackageNameErrorMessage
 @brief This is the error message the server will respond with if Android Package Name is missing
 but the flag indicating the app should be installed is set to true.
*/
staticNSString *constkMissingAndroidPackageNameErrorMessage = @"MISSING_ANDROID_PACKAGE_NAME";

/** @var kUnauthorizedDomainErrorMessage
 @brief This is the error message the server will respond with if the domain of the continue URL
 specified is not allowlisted in the Firebase console.
*/
staticNSString *constkUnauthorizedDomainErrorMessage = @"UNAUTHORIZED_DOMAIN";

/** @var kInvalidProviderIDErrorMessage
 @brief This is the error message the server will respond with if the provider id given for the
 web operation is invalid.
*/
staticNSString *constkInvalidProviderIDErrorMessage = @"INVALID_PROVIDER_ID";

/** @var kInvalidDynamicLinkDomainErrorMessage
 @brief This is the error message the server will respond with if the dynamic link domain
 provided in the request is invalid.
*/
staticNSString *constkInvalidDynamicLinkDomainErrorMessage = @"INVALID_DYNAMIC_LINK_DOMAIN";

/** @var kInvalidContinueURIErrorMessage
 @brief This is the error message the server will respond with if the continue URL provided in
 the request is invalid.
*/
staticNSString *constkInvalidContinueURIErrorMessage = @"INVALID_CONTINUE_URI";

/** @var kMissingContinueURIErrorMessage
 @brief This is the error message the server will respond with if there was no continue URI
 present in a request that required one.
*/
staticNSString *constkMissingContinueURIErrorMessage = @"MISSING_CONTINUE_URI";

/** @var kInvalidPhoneNumberErrorMessage
 @brief This is the error message the server will respond with if an incorrectly formatted phone
 number is provided.
*/
staticNSString *constkInvalidPhoneNumberErrorMessage = @"INVALID_PHONE_NUMBER";

/** @var kInvalidVerificationCodeErrorMessage
 @brief This is the error message the server will respond with if an invalid verification code is
 provided.
*/
staticNSString *constkInvalidVerificationCodeErrorMessage = @"INVALID_CODE";

/** @var kInvalidSessionInfoErrorMessage
 @brief This is the error message the server will respond with if an invalid session info
 (verification ID) is provided.
*/
staticNSString *constkInvalidSessionInfoErrorMessage = @"INVALID_SESSION_INFO";

/** @var kSessionExpiredErrorMessage
 @brief This is the error message the server will respond with if the SMS code has expired before
 it is used.
*/
staticNSString *constkSessionExpiredErrorMessage = @"SESSION_EXPIRED";

/** @var kMissingOrInvalidNonceErrorMessage
 @brief This is the error message the server will respond with if the nonce is missing or
 invalid.
*/
staticNSString *constkMissingOrInvalidNonceErrorMessage = @"MISSING_OR_INVALID_NONCE";

/** @var kMissingAppTokenErrorMessage
 @brief This is the error message the server will respond with if the APNS token is missing in a
 verifyClient request.
*/
staticNSString *constkMissingAppTokenErrorMessage = @"MISSING_IOS_APP_TOKEN";

/** @var kMissingAppCredentialErrorMessage
 @brief This is the error message the server will respond with if the app token is missing in a
 sendVerificationCode request.
*/
staticNSString *constkMissingAppCredentialErrorMessage = @"MISSING_APP_CREDENTIAL";

/** @var kInvalidAppCredentialErrorMessage
 @brief This is the error message the server will respond with if the app credential in a
 sendVerificationCode request is invalid.
*/
staticNSString *constkInvalidAppCredentialErrorMessage = @"INVALID_APP_CREDENTIAL";

/** @var kQuoutaExceededErrorMessage
 @brief This is the error message the server will respond with if the quota for SMS text messages
 has been exceeded for the project.
*/
staticNSString *constkQuoutaExceededErrorMessage = @"QUOTA_EXCEEDED";

/** @var kAppNotVerifiedErrorMessage
 @brief This is the error message the server will respond with if Firebase could not verify the
 app during a phone authentication flow.
*/
staticNSString *constkAppNotVerifiedErrorMessage = @"APP_NOT_VERIFIED";

/** @var kCaptchaCheckFailedErrorMessage
 @brief This is the error message the server will respond with if the reCAPTCHA token provided is
 invalid.
*/
staticNSString *constkCaptchaCheckFailedErrorMessage = @"CAPTCHA_CHECK_FAILED";

/** @var kTenantIDMismatch
 @brief This is the error message the server will respond with if the tenant id mismatches.
*/
staticNSString *constkTenantIDMismatch = @"TENANT_ID_MISMATCH";

/** @var kUnsupportedTenantOperation
 @brief This is the error message the server will respond with if the operation does not support
 multi-tenant.
*/
staticNSString *constkUnsupportedTenantOperation = @"UNSUPPORTED_TENANT_OPERATION";

/** @var kMissingMFAPendingCredentialErrorMessage
 @brief This is the error message the server will respond with if the MFA pending credential is
 missing.
*/
staticNSString *constkMissingMFAPendingCredentialErrorMessage = @"MISSING_MFA_PENDING_CREDENTIAL";

/** @var kMissingMFAEnrollmentIDErrorMessage
 @brief This is the error message the server will respond with if the MFA enrollment ID is missing.
*/
staticNSString *constkMissingMFAEnrollmentIDErrorMessage = @"MISSING_MFA_ENROLLMENT_ID";

/** @var kInvalidMFAPendingCredentialErrorMessage
 @brief This is the error message the server will respond with if the MFA pending credential is
 invalid.
*/
staticNSString *constkInvalidMFAPendingCredentialErrorMessage = @"INVALID_MFA_PENDING_CREDENTIAL";

/** @var kMFAEnrollmentNotFoundErrorMessage
 @brief This is the error message the server will respond with if the MFA enrollment info is not
 found.
*/
staticNSString *constkMFAEnrollmentNotFoundErrorMessage = @"MFA_ENROLLMENT_NOT_FOUND";

/** @var kAdminOnlyOperationErrorMessage
 @brief This is the error message the server will respond with if the operation is admin only.
*/
staticNSString *constkAdminOnlyOperationErrorMessage = @"ADMIN_ONLY_OPERATION";

/** @var kUnverifiedEmailErrorMessage
 @brief This is the error message the server will respond with if the email is unverified.
*/
staticNSString *constkUnverifiedEmailErrorMessage = @"UNVERIFIED_EMAIL";

/** @var kSecondFactorExistsErrorMessage
 @brief This is the error message the server will respond with if the second factor already exsists.
*/
staticNSString *constkSecondFactorExistsErrorMessage = @"SECOND_FACTOR_EXISTS";

/** @var kSecondFactorLimitExceededErrorMessage
 @brief This is the error message the server will respond with if the number of second factor
 reaches the limit.
*/
staticNSString *constkSecondFactorLimitExceededErrorMessage = @"SECOND_FACTOR_LIMIT_EXCEEDED";

/** @var kUnsupportedFirstFactorErrorMessage
 @brief This is the error message the server will respond with if the first factor doesn't support
 MFA.
*/
staticNSString *constkUnsupportedFirstFactorErrorMessage = @"UNSUPPORTED_FIRST_FACTOR";

/** @var kBlockingCloudFunctionErrorResponse
 @brief This is the error message blocking Cloud Functions.
*/
staticNSString *constkBlockingCloudFunctionErrorResponse = @"BLOCKING_FUNCTION_ERROR_RESPONSE";

/** @var kEmailChangeNeedsVerificationErrorMessage
 @brief This is the error message the server will respond with if changing an unverified email.
*/
staticNSString *constkEmailChangeNeedsVerificationErrorMessage =
@"EMAIL_CHANGE_NEEDS_VERIFICATION";

/** @var kInvalidPendingToken
 @brief Generic IDP error codes.
*/
staticNSString *constkInvalidPendingToken = @"INVALID_PENDING_TOKEN";

/** @var kInvalidRecaptchaScore
 @brief This is the error message the server will respond with if the recaptcha score is invalid.
*/
staticNSString *constkInvalidRecaptchaScore = @"INVALID_RECAPTCHA_SCORE";

/** @var kMissingRecaptchaToken
 @brief This is the error message the server will respond with if the recaptcha token is missing
 in the request.
*/
staticNSString *constkMissingRecaptchaToken = @"MISSING_RECAPTCHA_TOKEN";

/** @var kInvalidRecaptchaToken
 @brief This is the error message the server will respond with if the recaptcha token is invalid.
*/
staticNSString *constkInvalidRecaptchaToken = @"INVALID_RECAPTCHA_TOKEN";

/** @var kInvalidRecaptchaAction
 @brief This is the error message the server will respond with if the recaptcha action is
 invalid.
*/
staticNSString *constkInvalidRecaptchaAction = @"INVALID_RECAPTCHA_ACTION";

/** @var kInvalidRecaptchaEnforcementState
 @brief This is the error message the server will respond with if the recaptcha enforcement state
 is invalid.
*/
staticNSString *constkInvalidRecaptchaEnforcementState = @"INVALID_RECAPTCHA_ENFORCEMENT_STATE";

/** @var kRecaptchaNotEnabled
 @brief This is the error message the server will respond with if recaptcha is not enabled.
*/
staticNSString *constkRecaptchaNotEnabled = @"RECAPTCHA_NOT_ENABLED";

/** @var kMissingClientIdentifier
 @brief This is the error message the server will respond with if Firebase could not verify the
 app during a phone authentication flow when a real phone number is used and app verification
 is disabled for testing.
*/
staticNSString *constkMissingClientIdentifier = @"MISSING_CLIENT_IDENTIFIER";

/** @var kMissingClientType
 @brief This is the error message the server will respond with if Firebase could not verify the
 app during a phone authentication flow when a real phone number is used and app verification
 is disabled for testing.
*/
staticNSString *constkMissingClientType = @"MISSING_CLIENT_TYPE";

/** @var kMissingRecaptchaToken
 @brief This is the error message the server will respond with if the recaptcha token is missing
 in the request.
*/
staticNSString *constkMissingRecaptchaVersion = @"MISSING_RECAPTCHA_VERSION";

/** @var kMissingRecaptchaToken
 @brief This is the error message the server will respond with if the recaptcha token is missing
 in the request.
*/
staticNSString *constkMissingInvalidReqType = @"INVALID_REQ_TYPE";

/** @var kMissingRecaptchaToken
 @brief This is the error message the server will respond with if the recaptcha token is missing
 in the request.
*/
staticNSString *constkInvalidRecaptchaVersion = @"INVALID_RECAPTCHA_VERSION";

/** @var kInvalidLoginCredentials
 @brief This is the error message the server will respond with if the login credentials is
 invalid. in the request.
*/
staticNSString *constkInvalidLoginCredentials = @"INVALID_LOGIN_CREDENTIALS";

/** @var gBackendImplementation
 @brief The singleton FIRAuthBackendImplementation instance to use.
*/
staticid<FIRAuthBackendImplementation> gBackendImplementation;

/** @class FIRAuthBackendRPCImplementation
 @brief The default RPC-based backend implementation.
*/
@interfaceFIRAuthBackendRPCImplementation : NSObject <FIRAuthBackendImplementation>

/** @property RPCIssuer
 @brief An instance of FIRAuthBackendRPCIssuer for making RPC requests. Allows the RPC
 requests/responses to be easily faked.
*/
@property(nonatomic, strong) id<FIRAuthBackendRPCIssuer> RPCIssuer;

@end

@implementationFIRAuthBackend

+ (id<FIRAuthBackendImplementation>)implementation {
if (!gBackendImplementation) {
gBackendImplementation = [[FIRAuthBackendRPCImplementation alloc] init];
 }
returngBackendImplementation;
}

+ (void)setBackendImplementation:(id<FIRAuthBackendImplementation>)backendImplementation {
gBackendImplementation = backendImplementation;
}

+ (void)setDefaultBackendImplementationWithRPCIssuer:
 (nullable id<FIRAuthBackendRPCIssuer>)RPCIssuer {
 FIRAuthBackendRPCImplementation *defaultImplementation =
 [[FIRAuthBackendRPCImplementation alloc] init];
if (RPCIssuer) {
 defaultImplementation.RPCIssuer = RPCIssuer;
 }
gBackendImplementation = defaultImplementation;
}

+ (void)createAuthURI:(FIRCreateAuthURIRequest *)request
callback:(FIRCreateAuthURIResponseCallback)callback {
 [[selfimplementation] createAuthURI:request callback:callback];
}

+ (void)getAccountInfo:(FIRGetAccountInfoRequest *)request
callback:(FIRGetAccountInfoResponseCallback)callback {
 [[selfimplementation] getAccountInfo:request callback:callback];
}

+ (void)getProjectConfig:(FIRGetProjectConfigRequest *)request
callback:(FIRGetProjectConfigResponseCallback)callback {
 [[selfimplementation] getProjectConfig:request callback:callback];
}

+ (void)setAccountInfo:(FIRSetAccountInfoRequest *)request
callback:(FIRSetAccountInfoResponseCallback)callback {
 [[selfimplementation] setAccountInfo:request callback:callback];
}

+ (void)verifyAssertion:(FIRVerifyAssertionRequest *)request
callback:(FIRVerifyAssertionResponseCallback)callback {
 [[selfimplementation] verifyAssertion:request callback:callback];
}

+ (void)verifyCustomToken:(FIRVerifyCustomTokenRequest *)request
callback:(FIRVerifyCustomTokenResponseCallback)callback {
 [[selfimplementation] verifyCustomToken:request callback:callback];
}

+ (void)verifyPassword:(FIRVerifyPasswordRequest *)request
callback:(FIRVerifyPasswordResponseCallback)callback {
 [[selfimplementation] verifyPassword:request callback:callback];
}

+ (void)emailLinkSignin:(FIREmailLinkSignInRequest *)request
callback:(FIREmailLinkSigninResponseCallback)callback {
 [[selfimplementation] emailLinkSignin:request callback:callback];
}

+ (void)secureToken:(FIRSecureTokenRequest *)request
callback:(FIRSecureTokenResponseCallback)callback {
 [[selfimplementation] secureToken:request callback:callback];
}

+ (void)getOOBConfirmationCode:(FIRGetOOBConfirmationCodeRequest *)request
callback:(FIRGetOOBConfirmationCodeResponseCallback)callback {
 [[selfimplementation] getOOBConfirmationCode:request callback:callback];
}

+ (void)signUpNewUser:(FIRSignUpNewUserRequest *)request
callback:(FIRSignupNewUserCallback)callback {
 [[selfimplementation] signUpNewUser:request callback:callback];
}

+ (void)deleteAccount:(FIRDeleteAccountRequest *)requestcallback:(FIRDeleteCallBack)callback {
 [[selfimplementation] deleteAccount:request callback:callback];
}

+ (void)signInWithGameCenter:(FIRSignInWithGameCenterRequest *)request
callback:(FIRSignInWithGameCenterResponseCallback)callback {
 [[selfimplementation] signInWithGameCenter:request callback:callback];
}

#if TARGET_OS_IOS
+ (void)sendVerificationCode:(FIRSendVerificationCodeRequest *)request
callback:(FIRSendVerificationCodeResponseCallback)callback {
 [[selfimplementation] sendVerificationCode:request callback:callback];
}

+ (void)verifyPhoneNumber:(FIRVerifyPhoneNumberRequest *)request
callback:(FIRVerifyPhoneNumberResponseCallback)callback {
 [[selfimplementation] verifyPhoneNumber:request callback:callback];
}

+ (void)verifyClient:(id)requestcallback:(FIRVerifyClientResponseCallback)callback {
 [[selfimplementation] verifyClient:request callback:callback];
}

#endif

+ (void)revokeToken:(FIRRevokeTokenRequest *)request
callback:(FIRRevokeTokenResponseCallback)callback {
 [[selfimplementation] revokeToken:request callback:callback];
}

+ (void)resetPassword:(FIRResetPasswordRequest *)request
callback:(FIRResetPasswordCallback)callback {
 [[selfimplementation] resetPassword:request callback:callback];
}

+ (void)getRecaptchaConfig:(FIRGetRecaptchaConfigRequest *)request
callback:(FIRGetRecaptchaConfigResponseCallback)callback {
 [[selfimplementation] getRecaptchaConfig:request callback:callback];
}

+ (NSString *)authUserAgent {
return [NSStringstringWithFormat:@"FirebaseAuth.iOS/%@%@", FIRFirebaseVersion(),
GTMFetcherStandardUserAgentString(nil)];
}

+ (void)requestWithURL:(NSURL *)URL
contentType:(NSString *)contentType
requestConfiguration:(FIRAuthRequestConfiguration *)requestConfiguration
completionHandler:(void (^)(NSMutableURLRequest *_Nullable))completionHandler {
NSMutableURLRequest *request = [NSMutableURLRequestrequestWithURL:URL];
 [request setValue:contentType forHTTPHeaderField:@"Content-Type"];
NSString *additionalFrameworkMarker =
 requestConfiguration.additionalFrameworkMarker ?: kFirebaseAuthCoreFrameworkMarker;
NSString *clientVersion = [NSString
stringWithFormat:@"iOS/FirebaseSDK/%@/%@", FIRFirebaseVersion(), additionalFrameworkMarker];
 [request setValue:clientVersion forHTTPHeaderField:kClientVersionHeader];
NSString *bundleID = [[NSBundlemainBundle] bundleIdentifier];
 [request setValue:bundleID forHTTPHeaderField:kIosBundleIdentifierHeader];
NSString *appID = requestConfiguration.appID;
 [request setValue:appID forHTTPHeaderField:kFirebaseAppIDHeader];
 [request setValue:FIRHeaderValueFromHeartbeatsPayload(
 [requestConfiguration.heartbeatLogger flushHeartbeatsIntoPayload])
forHTTPHeaderField:kFirebaseHeartbeatHeader];
NSString *HTTPMethod = requestConfiguration.HTTPMethod;
 [request setValue:HTTPMethod forKey:@"HTTPMethod"];
NSArray<NSString *> *preferredLocalizations = [NSBundlemainBundle].preferredLocalizations;
if (preferredLocalizations.count) {
NSString *acceptLanguage = preferredLocalizations.firstObject;
 [request setValue:acceptLanguage forHTTPHeaderField:@"Accept-Language"];
 }
NSString *languageCode = requestConfiguration.languageCode;
if (languageCode.length) {
 [request setValue:languageCode forHTTPHeaderField:kFirebaseLocalHeader];
 }
if (requestConfiguration.appCheck) {
 [requestConfiguration.appCheck
getTokenForcingRefresh:false
completion:^(id<FIRAppCheckTokenResultInterop> _Nonnull tokenResult) {
if (tokenResult.error) {
FIRLogWarning(kFIRLoggerAuth, @"I-AUT000018",
@"Error getting App Check token; using placeholder token "
@"instead. Error: %@",
 tokenResult.error);
 }
 [request setValue:tokenResult.token
forHTTPHeaderField:@"X-Firebase-AppCheck"];
completionHandler(request);
 }];
 } else {
completionHandler(request);
 }
}

@end

@interfaceFIRAuthBackendRPCIssuerImplementation : NSObject <FIRAuthBackendRPCIssuer>
@end

@implementationFIRAuthBackendRPCIssuerImplementation {
/** @var The session fetcher service.
*/
 GTMSessionFetcherService *_fetcherService;
}

- (instancetype)init {
 self = [superinit];
if (self) {
 _fetcherService = [[GTMSessionFetcherService alloc] init];
 _fetcherService.userAgent = [FIRAuthBackend authUserAgent];
 _fetcherService.callbackQueue = FIRAuthGlobalWorkQueue();

// Avoid reusing the session to prevent
// https://github.com/firebase/firebase-ios-sdk/issues/1261
 _fetcherService.reuseSession = NO;
 }
return self;
}

- (void)asyncCallToURLWithRequestConfiguration:(FIRAuthRequestConfiguration *)requestConfiguration
URL:(NSURL *)URL
body:(nullable NSData *)body
contentType:(NSString *)contentType
completionHandler:
 (void (^)(NSData *_Nullable, NSError *_Nullable))handler {
 [FIRAuthBackend requestWithURL:URL
contentType:contentType
requestConfiguration:requestConfiguration
completionHandler:^(NSMutableURLRequest *request) {
 GTMSessionFetcher *fetcher = [self->_fetcherService fetcherWithRequest:request];
NSString *emulatorHostAndPort = requestConfiguration.emulatorHostAndPort;
if (emulatorHostAndPort) {
 fetcher.allowLocalhostRequest = YES;
 fetcher.allowedInsecureSchemes = @[ @"http" ];
 }
 fetcher.bodyData = body;
 [fetcher beginFetchWithCompletionHandler:handler];
 }];
}

@end

@implementationFIRAuthBackendRPCImplementation

- (instancetype)init {
 self = [superinit];
if (self) {
 _RPCIssuer = [[FIRAuthBackendRPCIssuerImplementation alloc] init];
 }
return self;
}

- (void)createAuthURI:(FIRCreateAuthURIRequest *)request
callback:(FIRCreateAuthURIResponseCallback)callback {
 FIRCreateAuthURIResponse *response = [[FIRCreateAuthURIResponse alloc] init];
 [selfcallWithRequest:request
response:response
callback:^(NSError *error) {
if (error) {
callback(nil, error);
 } else {
callback(response, nil);
 }
 }];
}

- (void)getAccountInfo:(FIRGetAccountInfoRequest *)request
callback:(FIRGetAccountInfoResponseCallback)callback {
 FIRGetAccountInfoResponse *response = [[FIRGetAccountInfoResponse alloc] init];
 [selfcallWithRequest:request
response:response
callback:^(NSError *error) {
if (error) {
callback(nil, error);
 } else {
callback(response, nil);
 }
 }];
}

- (void)getProjectConfig:(FIRGetProjectConfigRequest *)request
callback:(FIRGetProjectConfigResponseCallback)callback {
 FIRGetProjectConfigResponse *response = [[FIRGetProjectConfigResponse alloc] init];
 [selfcallWithRequest:request
response:response
callback:^(NSError *error) {
if (error) {
callback(nil, error);
 } else {
callback(response, nil);
 }
 }];
}

- (void)setAccountInfo:(FIRSetAccountInfoRequest *)request
callback:(FIRSetAccountInfoResponseCallback)callback {
 FIRSetAccountInfoResponse *response = [[FIRSetAccountInfoResponse alloc] init];
 [selfcallWithRequest:request
response:response
callback:^(NSError *error) {
if (error) {
callback(nil, error);
 } else {
callback(response, nil);
 }
 }];
}

- (void)verifyAssertion:(FIRVerifyAssertionRequest *)request
callback:(FIRVerifyAssertionResponseCallback)callback {
 FIRVerifyAssertionResponse *response = [[FIRVerifyAssertionResponse alloc] init];
 [self
callWithRequest:request
response:response
callback:^(NSError *error) {
if (error) {
callback(nil, error);
 } else {
if (!response.IDToken && response.MFAInfo) {
#if TARGET_OS_IOS
NSMutableArray<FIRMultiFactorInfo *> *multiFactorInfoArray =
 [[NSMutableArrayalloc] init];
for (FIRAuthProtoMFAEnrollment *MFAEnrollment in response.MFAInfo) {
if (MFAEnrollment.phoneInfo) {
 FIRMultiFactorInfo *multiFactorInfo =
 [[FIRPhoneMultiFactorInfo alloc] initWithProto:MFAEnrollment];
 [multiFactorInfoArray addObject:multiFactorInfo];
 } elseif (MFAEnrollment.TOTPInfo) {
 FIRMultiFactorInfo *multiFactorInfo =
 [[FIRTOTPMultiFactorInfo alloc] initWithProto:MFAEnrollment];
 [multiFactorInfoArray addObject:multiFactorInfo];
 } else {
FIRLogError(kFIRLoggerAuth, @"I-AUT000020",
@"Multifactor type is not supported");
 }
 }
NSError *multiFactorRequiredError = [FIRAuthErrorUtils
secondFactorRequiredErrorWithPendingCredential:response.MFAPendingCredential
hints:multiFactorInfoArray
auth:request.requestConfiguration
 .auth];
callback(nil, multiFactorRequiredError);
#endif
 } else {
callback(response, nil);
 }
 }
 }];
}

- (void)verifyCustomToken:(FIRVerifyCustomTokenRequest *)request
callback:(FIRVerifyCustomTokenResponseCallback)callback {
 FIRVerifyCustomTokenResponse *response = [[FIRVerifyCustomTokenResponse alloc] init];
 [selfcallWithRequest:request
response:response
callback:^(NSError *error) {
if (error) {
callback(nil, error);
 } else {
callback(response, nil);
 }
 }];
}

- (void)verifyPassword:(FIRVerifyPasswordRequest *)request
callback:(FIRVerifyPasswordResponseCallback)callback {
 FIRVerifyPasswordResponse *response = [[FIRVerifyPasswordResponse alloc] init];
 [self
callWithRequest:request
response:response
callback:^(NSError *error) {
if (error) {
callback(nil, error);
 } else {
if (!response.IDToken && response.MFAInfo) {
#if TARGET_OS_IOS
NSMutableArray<FIRMultiFactorInfo *> *multiFactorInfo = [NSMutableArrayarray];
for (FIRAuthProtoMFAEnrollment *MFAEnrollment in response.MFAInfo) {
// check which MFA factors are enabled.
if (MFAEnrollment.phoneInfo != nil) {
 FIRPhoneMultiFactorInfo *info =
 [[FIRPhoneMultiFactorInfo alloc] initWithProto:MFAEnrollment];
 [multiFactorInfo addObject:info];
 } elseif (MFAEnrollment.TOTPInfo != nil) {
 FIRTOTPMultiFactorInfo *info =
 [[FIRTOTPMultiFactorInfo alloc] initWithProto:MFAEnrollment];
 [multiFactorInfo addObject:info];
 } else {
FIRLogError(kFIRLoggerAuth, @"I-AUT000021",
@"Multifactor type is not supported");
 }
 }
NSError *multiFactorRequiredError = [FIRAuthErrorUtils
secondFactorRequiredErrorWithPendingCredential:response.MFAPendingCredential
hints:multiFactorInfo
auth:request.requestConfiguration
 .auth];
callback(nil, multiFactorRequiredError);
#endif
 } else {
callback(response, nil);
 }
 }
 }];
}

- (void)emailLinkSignin:(FIREmailLinkSignInRequest *)request
callback:(FIREmailLinkSigninResponseCallback)callback {
 FIREmailLinkSignInResponse *response = [[FIREmailLinkSignInResponse alloc] init];
 [self
callWithRequest:request
response:response
callback:^(NSError *error) {
if (error) {
callback(nil, error);
 } else {
if (!response.IDToken && response.MFAInfo) {
#if TARGET_OS_IOS
NSMutableArray<FIRMultiFactorInfo *> *multiFactorInfoArray =
 [[NSMutableArrayalloc] init];
for (FIRAuthProtoMFAEnrollment *MFAEnrollment in response.MFAInfo) {
if (MFAEnrollment.phoneInfo) {
 FIRMultiFactorInfo *multiFactorInfo =
 [[FIRPhoneMultiFactorInfo alloc] initWithProto:MFAEnrollment];
 [multiFactorInfoArray addObject:multiFactorInfo];
 } elseif (MFAEnrollment.TOTPInfo) {
 FIRMultiFactorInfo *multiFactorInfo =
 [[FIRTOTPMultiFactorInfo alloc] initWithProto:MFAEnrollment];
 [multiFactorInfoArray addObject:multiFactorInfo];
 } else {
FIRLogError(kFIRLoggerAuth, @"I-AUT000022",
@"Multifactor type is not supported");
 }
 }
NSError *multiFactorRequiredError = [FIRAuthErrorUtils
secondFactorRequiredErrorWithPendingCredential:response.MFAPendingCredential
hints:multiFactorInfoArray
auth:request.requestConfiguration
 .auth];
callback(nil, multiFactorRequiredError);
#endif
 } else {
callback(response, nil);
 }
 }