chenwenyi
/
firebase-ios-sdk


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278
							// Copyright 2023 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

import Foundation

/** @class FIRVerifyAssertionResponse
 @brief Represents the response from the verifyAssertion endpoint.
 @see https://developers.google.com/identity/toolkit/web/reference/relyingparty/verifyAssertion
 */
class VerifyAssertionResponse: AuthRPCResponse, AuthMFAResponse {
  required init() {}

  /** @property federatedID
   @brief The unique ID identifies the IdP account.
   */
  var federatedID: String?

  /** @property providerID
   @brief The IdP ID. For white listed IdPs it's a short domain name e.g. google.com, aol.com,
   live.net and yahoo.com. If the "providerId" param is set to OpenID OP identifer other than
   the whilte listed IdPs the OP identifier is returned. If the "identifier" param is federated
   ID in the createAuthUri request. The domain part of the federated ID is returned.
   */
  var providerID: String?

  /** @property localID
   @brief The RP local ID if it's already been mapped to the IdP account identified by the
   federated ID.
   */
  var localID: String?

  /** @property email
   @brief The email returned by the IdP. NOTE: The federated login user may not own the email.
   */
  var email: String?

  /** @property inputEmail
   @brief It's the identifier param in the createAuthUri request if the identifier is an email. It
   can be used to check whether the user input email is different from the asserted email.
   */
  var inputEmail: String?

  /** @property originalEmail
   @brief The original email stored in the mapping storage. It's returned when the federated ID is
   associated to a different email.
   */
  var originalEmail: String?

  /** @property oauthRequestToken
   @brief The user approved request token for the OpenID OAuth extension.
   */
  var oauthRequestToken: String?

  /** @property oauthScope
   @brief The scope for the OpenID OAuth extension.
   */
  var oauthScope: String?

  /** @property firstName
   @brief The first name of the user.
   */
  var firstName: String?

  /** @property lastName
   @brief The last name of the user.
   */
  var lastName: String?

  /** @property fullName
   @brief The full name of the user.
   */
  var fullName: String?

  /** @property nickName
   @brief The nick name of the user.
   */
  var nickName: String?

  /** @property displayName
   @brief The display name of the user.
   */
  var displayName: String?

  /** @property idToken
   @brief Either an authorization code suitable for performing an STS token exchange, or the
   access token from Secure Token Service, depending on whether @c returnSecureToken is set
   on the request.
   */
  private(set) var idToken: String?

  /** @property approximateExpirationDate
   @brief The approximate expiration date of the access token.
   */
  var approximateExpirationDate: Date?

  /** @property refreshToken
   @brief The refresh token from Secure Token Service.
   */
  var refreshToken: String?

  /** @property action
   @brief The action code.
   */
  var action: String?

  /** @property language
   @brief The language preference of the user.
   */
  var language: String?

  /** @property timeZone
   @brief The timezone of the user.
   */
  var timeZone: String?

  /** @property photoURL
   @brief The URI of the accessible profile picture.
   */
  var photoURL: URL?

  /** @property dateOfBirth
   @brief The birth date of the IdP account.
   */
  var dateOfBirth: String?

  /** @property context
   @brief The opaque value used by the client to maintain context info between the authentication
   request and the IDP callback.
   */
  var context: String?

  /** @property verifiedProvider
   @brief When action is 'map', contains the idps which can be used for confirmation.
   */
  var verifiedProvider: [String]?

  /** @property needConfirmation
   @brief Whether the assertion is from a non-trusted IDP and need account linking confirmation.
   */
  var needConfirmation: Bool = false

  /** @property emailRecycled
   @brief It's true if the email is recycled.
   */
  var emailRecycled: Bool = false

  /** @property emailVerified
   @brief The value is true if the IDP is also the email provider. It means the user owns the
   email.
   */
  var emailVerified: Bool = false

  /** @property isNewUser
   @brief Flag indicating that the user signing in is a new user and not a returning user.
   */
  var isNewUser: Bool = false

  /** @property profile
   @brief Dictionary containing the additional IdP specific information.
   */
  var profile: [String: Any]?

  /** @property username
   @brief The name of the user.
   */
  var username: String?

  /** @property oauthIDToken
   @brief The ID token for the OpenID OAuth extension.
   */
  var oauthIDToken: String?

  /** @property oauthExpirationDate
   @brief The approximate expiration date of the oauth access token.
   */
  var oauthExpirationDate: Date?

  /** @property oauthAccessToken
   @brief The access token for the OpenID OAuth extension.
   */
  var oauthAccessToken: String?

  /** @property oauthSecretToken
   @brief The secret for the OpenID OAuth extention.
   */
  var oauthSecretToken: String?

  /** @property pendingToken
   @brief The pending ID Token string.
   */
  var pendingToken: String?

  // MARK: - AuthMFAResponse

  private(set) var mfaPendingCredential: String?

  private(set) var mfaInfo: [AuthProtoMFAEnrollment]?

  func setFields(dictionary: [String: AnyHashable]) throws {
    federatedID = dictionary["federatedId"] as? String
    providerID = dictionary["providerId"] as? String
    localID = dictionary["localId"] as? String
    emailRecycled = dictionary["emailRecycled"] as? Bool ?? false
    emailVerified = dictionary["emailVerified"] as? Bool ?? false
    email = dictionary["email"] as? String
    inputEmail = dictionary["inputEmail"] as? String
    originalEmail = dictionary["originalEmail"] as? String
    oauthRequestToken = dictionary["oauthRequestToken"] as? String
    oauthScope = dictionary["oauthScope"] as? String
    firstName = dictionary["firstName"] as? String
    lastName = dictionary["lastName"] as? String
    fullName = dictionary["fullName"] as? String
    nickName = dictionary["nickName"] as? String
    displayName = dictionary["displayName"] as? String
    idToken = dictionary["idToken"] as? String
    if let expiresIn = dictionary["expiresIn"] as? String {
      approximateExpirationDate = Date(timeIntervalSinceNow: (expiresIn as NSString)
        .doubleValue)
    }
    refreshToken = dictionary["refreshToken"] as? String
    isNewUser = dictionary["isNewUser"] as? Bool ?? false
    if let rawUserInfo = dictionary["rawUserInfo"] as? String,
       let data = rawUserInfo.data(using: .utf8) {
      if let info = try? JSONSerialization.jsonObject(with: data, options: .mutableLeaves),
         let profile = info as? [String: Any] {
        self.profile = profile
      }
    } else if let profile = dictionary["rawUserInfo"] as? [String: Any] {
      self.profile = profile
    }
    username = dictionary["username"] as? String
    action = dictionary["action"] as? String
    language = dictionary["language"] as? String
    timeZone = dictionary["timeZone"] as? String
    photoURL = URL(string: dictionary["photoUrl"] as? String ?? "")
    dateOfBirth = dictionary["dateOfBirth"] as? String
    context = dictionary["context"] as? String
    needConfirmation = dictionary["needConfirmation"] as? Bool ?? false

    if let verifiedProvider = dictionary["verifiedProvider"] as? String,
       let data = verifiedProvider.data(using: .utf8) {
      if let decoded = try? JSONSerialization.jsonObject(with: data, options: .mutableLeaves),
         let provider = decoded as? [String] {
        self.verifiedProvider = provider
      }
    } else if let verifiedProvider = dictionary["verifiedProvider"] as? [String] {
      self.verifiedProvider = verifiedProvider
    }

    oauthIDToken = dictionary["oauthIdToken"] as? String
    if let oauthExpirationDate = dictionary["oauthExpireIn"] as? String {
      self
        .oauthExpirationDate = Date(timeIntervalSinceNow: (oauthExpirationDate as NSString)
          .doubleValue)
    }
    oauthAccessToken = dictionary["oauthAccessToken"] as? String
    oauthSecretToken = dictionary["oauthTokenSecret"] as? String
    pendingToken = dictionary["pendingToken"] as? String

    if let mfaInfoDicts = dictionary["mfaInfo"] as? [[String: AnyHashable]] {
      mfaInfo = mfaInfoDicts.map {
        AuthProtoMFAEnrollment(dictionary: $0)
      }
    }
    mfaPendingCredential = dictionary["mfaPendingCredential"] as? String
  }
}