Merge remote-tracking branch 'upstream/master'

.github/ISSUE_TEMPLATE/bug_report.md

@@ -7,8 +7,6 @@ assignees: ''
 
 ---
 
-**Thank you for submitting your issue. We are operating at reduced capacity from Dec 18 2020 to Jan 4 2021. Please expect delayed responses. For more urgent requests please reach us via our  support channels https://firebase.google.com/support**
-
 ### [READ] Step 1: Are you in the right place?
 
   * For issues related to __the code in this repository__ file a Github issue.

.github/scripts/run_integration_tests.ps1 → .github/scripts/run_integration_tests.sh

@@ -1,3 +1,5 @@
+#!/bin/bash
+
 # Copyright 2020 Google Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -12,12 +14,15 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+set -e
+set -u
+
 mkdir -p FirebaseAdmin/FirebaseAdmin.IntegrationTests/resources
 
-gpg --quiet --batch --yes --decrypt --passphrase=$Env:FIREBASE_SERVICE_ACCT_KEY `
---output FirebaseAdmin/FirebaseAdmin.IntegrationTests/resources/integration_cert.json `
+gpg --quiet --batch --yes --decrypt --passphrase="${FIREBASE_SERVICE_ACCT_KEY}" \
+--output FirebaseAdmin/FirebaseAdmin.IntegrationTests/resources/integration_cert.json \
 .github/resources/integ-service-account.json.gpg
 
-echo $Env:FIREBASE_API_KEY > FirebaseAdmin/FirebaseAdmin.IntegrationTests/resources/integration_apikey.txt
+echo "${FIREBASE_API_KEY}" > FirebaseAdmin/FirebaseAdmin.IntegrationTests/resources/integration_apikey.txt
 
 dotnet test FirebaseAdmin/FirebaseAdmin.IntegrationTests

.github/workflows/ci.yml

@@ -6,29 +6,32 @@ jobs:
   build:
     strategy:
       matrix:
-        os: [ubuntu-latest, windows-latest]
+        os: [ubuntu-latest]
 
     env:
       DOTNET_SKIP_FIRST_TIME_EXPERIENCE: 1
       DOTNET_CLI_TELEMETRY_OPTOUT: 1
+      DOTNET_NOLOGO: 1
 
     runs-on: ${{ matrix.os }}
 
     steps:
     - name: Checkout code
       uses: actions/checkout@v1
 
-    - name: Setup .NET Core
-      if: matrix.os == 'ubuntu-latest'
+    - name: Setup .NET Core 2.1
       uses: actions/setup-dotnet@v1
       with:
-        dotnet-version: 2.2.108
+        dotnet-version: 2.1.x
+
+    - name: Install dependencies
+      run: dotnet msbuild /t:restore FirebaseAdmin
 
     - name: Build with dotnet
       run: |
-        dotnet build FirebaseAdmin/FirebaseAdmin
-        dotnet build FirebaseAdmin/FirebaseAdmin.Snippets
-        dotnet build FirebaseAdmin/FirebaseAdmin.IntegrationTests
+        dotnet msbuild FirebaseAdmin/FirebaseAdmin
+        dotnet msbuild FirebaseAdmin/FirebaseAdmin.Snippets
+        dotnet msbuild FirebaseAdmin/FirebaseAdmin.IntegrationTests
 
     - name: Run unit tests
       run: dotnet test FirebaseAdmin/FirebaseAdmin.Tests

.github/workflows/nightly.yml

@@ -0,0 +1,100 @@
+# Copyright 2021 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: Nightly Builds
+
+on:
+  # Runs every day at 06:40 AM (PT) and 08:40 PM (PT) / 04:40 AM (UTC) and 02:40 PM (UTC)
+  # or on 'firebase_nightly_build' repository dispatch event.
+  schedule:
+    - cron: "40 4,14 * * *"
+  repository_dispatch:
+    types: [firebase_nightly_build]
+
+jobs:
+  nightly:
+
+    runs-on: ubuntu-latest
+
+    env:
+      DOTNET_SKIP_FIRST_TIME_EXPERIENCE: 1
+      DOTNET_CLI_TELEMETRY_OPTOUT: 1
+      DOTNET_NOLOGO: 1
+
+    steps:
+    - name: Checkout source for staging
+      uses: actions/checkout@v2
+      with:
+        ref: ${{ github.event.client_payload.ref || github.ref }}
+
+    - name: Setup .NET Core 2.1
+      uses: actions/setup-dotnet@v1
+      with:
+        dotnet-version: 2.1.x
+
+    - name: Install dependencies
+      run: dotnet msbuild /t:restore FirebaseAdmin
+
+    - name: Build with dotnet
+      run: dotnet msbuild FirebaseAdmin/FirebaseAdmin
+
+    - name: Run unit tests
+      run: dotnet test FirebaseAdmin/FirebaseAdmin.Tests
+
+    - name: Run integration tests
+      run: ./.github/scripts/run_integration_tests.sh
+      env:
+        FIREBASE_SERVICE_ACCT_KEY: ${{ secrets.FIREBASE_SERVICE_ACCT_KEY }}
+        FIREBASE_API_KEY: ${{ secrets.FIREBASE_API_KEY }}
+
+    - name: Package release artifacts
+      run: dotnet pack -c Release FirebaseAdmin/FirebaseAdmin
+
+    # Attach the packaged artifacts to the workflow output. These can be manually
+    # downloaded for later inspection if necessary.
+    - name: Archive artifacts
+      uses: actions/upload-artifact@v1
+      with:
+        name: Release
+        path: FirebaseAdmin/FirebaseAdmin/bin/Release
+
+    - name: Send email on failure
+      if: failure()
+      uses: firebase/firebase-admin-node/.github/actions/send-email@master
+      with:
+        api-key: ${{ secrets.OSS_BOT_MAILGUN_KEY }}
+        domain: ${{ secrets.OSS_BOT_MAILGUN_DOMAIN }}
+        from: 'GitHub <admin-github@${{ secrets.OSS_BOT_MAILGUN_DOMAIN }}>'
+        to: ${{ secrets.FIREBASE_ADMIN_GITHUB_EMAIL }}
+        subject: 'Nightly build ${{github.run_id}} of ${{github.repository}} failed!'
+        html: >
+          <b>Nightly workflow ${{github.run_id}} failed on: ${{github.repository}}</b>
+          <br /><br />Navigate to the
+          <a href="https://github.com/firebase/firebase-admin-dotnet/actions/runs/${{github.run_id}}">failed workflow</a>.
+      continue-on-error: true
+
+    - name: Send email on cancelled
+      if: cancelled()
+      uses: firebase/firebase-admin-node/.github/actions/send-email@master
+      with:
+        api-key: ${{ secrets.OSS_BOT_MAILGUN_KEY }}
+        domain: ${{ secrets.OSS_BOT_MAILGUN_DOMAIN }}
+        from: 'GitHub <admin-github@${{ secrets.OSS_BOT_MAILGUN_DOMAIN }}>'
+        to: ${{ secrets.FIREBASE_ADMIN_GITHUB_EMAIL }}
+        subject: 'Nightly build ${{github.run_id}} of ${{github.repository}} cancelled!'
+        html: >
+          <b>Nightly workflow ${{github.run_id}} cancelled on: ${{github.repository}}</b>
+          <br /><br />Navigate to the
+          <a href="https://github.com/firebase/firebase-admin-dotnet/actions/runs/${{github.run_id}}">cancelled workflow</a>.
+      continue-on-error: true

.github/workflows/release.yml

@@ -35,11 +35,12 @@ jobs:
         contains(github.event.pull_request.labels.*.name, 'release:publish'))
 
     # Build and package artifacts on Windows.
-    runs-on: windows-latest
+    runs-on: ubuntu-latest
 
     env:
       DOTNET_SKIP_FIRST_TIME_EXPERIENCE: 1
       DOTNET_CLI_TELEMETRY_OPTOUT: 1
+      DOTNET_NOLOGO: 1
 
     # When manually triggering the build, the requester can specify a target branch or a tag
     # via the 'ref' client parameter.
@@ -49,14 +50,22 @@ jobs:
       with:
         ref: ${{ github.event.client_payload.ref || github.ref }}
 
+    - name: Setup .NET Core 2.1
+      uses: actions/setup-dotnet@v1
+      with:
+        dotnet-version: 2.1.x
+
+    - name: Install dependencies
+      run: dotnet msbuild /t:restore FirebaseAdmin
+
     - name: Build with dotnet
-      run: dotnet build FirebaseAdmin/FirebaseAdmin
+      run: dotnet msbuild FirebaseAdmin/FirebaseAdmin
 
     - name: Run unit tests
       run: dotnet test FirebaseAdmin/FirebaseAdmin.Tests
 
     - name: Run integration tests
-      run: ./.github/scripts/run_integration_tests
+      run: ./.github/scripts/run_integration_tests.sh
       env:
         FIREBASE_SERVICE_ACCT_KEY: ${{ secrets.FIREBASE_SERVICE_ACCT_KEY }}
         FIREBASE_API_KEY: ${{ secrets.FIREBASE_API_KEY }}
@@ -81,7 +90,7 @@ jobs:
     #   3. with the label 'release:publish', and
     #   4. the title prefix '[chore] Release '.
     if: github.event.pull_request.merged &&
-      github.ref == 'master' &&
+      github.ref == 'refs/heads/master' &&
       contains(github.event.pull_request.labels.*.name, 'release:publish') &&
       startsWith(github.event.pull_request.title, '[chore] Release ')
 

.gitignore

@@ -3,3 +3,4 @@ obj/
 .vscode/
 .vs/
 .idea/
+.DS_Store

CONTRIBUTING.md

@@ -137,28 +137,90 @@ $ dotnet path/to/ReportGenerator.dll -reports:./FirebaseAdmin.Tests/coverage.ope
 This generates a collection of HTML code coverage reports in a local subdirectory named
 `reports/`.
 
-The integration test suite requires a service account JSON key file, and an API key for a Firebase
-project. Create a new project in the [Firebase console](https://console.firebase.google.com) if
-you do not already have one. Use a separate, dedicated project for integration tests since the
-test suite makes a large number of writes to the Firebase realtime database. Download the service
-account key file from the "Settings > Service Accounts" page of the project, and copy it to
-`FirebaseAdmin/FirebaseAdmin.IntegrationTests/resources/integration_cert.json`. Also obtain the
-API key for the same project from "Settings > General", and save it to
-`FirebaseAdmin/FirebaseAdmin.IntegrationTests/resources/integration_apikey.txt`.
-
-You'll also need to grant your service account the 'Firebase Authentication Admin' role. This is
-required to ensure that exported user records contain the password hashes of the user accounts:
-1. Go to [Google Cloud Platform Console / IAM & admin](https://console.cloud.google.com/iam-admin).
-2. Find your service account in the list, and click the 'pencil' icon to edit it's permissions.
-3. Click 'ADD ANOTHER ROLE' and choose 'Firebase Authentication Admin'.
-4. Click 'SAVE'.
-
-For some of the Firebase Auth integration tests, it is required to enable the Email/Password
-sign-in method:
-1. Go to the [Firebase console](https://console.firebase.google.com).
-2. Click on 'Authentication', and select the 'Sign-in method' tab. 
-3. Enable 'Email/Password'.
-4. Enable 'Email link (passwordless sign-in)'.
+
+Integration tests are executed against a real life Firebase project. If you do not already
+have one suitable for running the tests against, you can create a new project in the
+[Firebase Console](https://console.firebase.google.com) following the setup guide below.
+If you already have a Firebase project, you'll need to obtain credentials to communicate and
+authorize access to your Firebase project:
+
+
+1. Service account certificate: This allows access to your Firebase project through a service account
+which is required for all integration tests. This can be downloaded as a JSON file from the 
+**Settings > Service Accounts** tab of the Firebase console when you click the
+**Generate new private key** button. Copy the file into the repo so it's available at 
+`FirebaseAdmin/FirebaseAdmin.IntegrationTests/resources/integration_cert.json`.
+   > **Note:** Service accounts should be carefully managed and their keys should never be stored in publicly accessible source code or repositories.
+
+
+2. Web API key: This allows for Auth sign-in needed for some Authentication and Tenant Management
+integration tests. This is displayed in the **Settings > General** tab of the Firebase console
+after enabling Authentication as described in the steps below. Copy it and save to a new text
+file at `FirebaseAdmin/FirebaseAdmin.IntegrationTests/resources/integration_apikey.txt`.
+
+
+Set up your Firebase project as follows:
+
+
+1. Enable Authentication:
+   1. Go to the Firebase Console, and select **Authentication** from the **Build** menu.
+   2. Click on **Get Started**.
+   3. Select **Sign-in method > Add new provider > Email/Password** then enable both the
+   **Email/Password** and **Email link (passwordless sign-in)** options.
+
+
+2. Enable Firestore:
+   1. Go to the Firebase Console, and select **Firestore Database** from the **Build** menu.
+   2. Click on the **Create database** button. You can choose to set up Firestore either in
+   the production mode or in the test mode.
+
+
+3. Enable Realtime Database:
+   1. Go to the Firebase Console, and select **Realtime Database** from the **Build** menu.
+   2. Click on the **Create Database** button. You can choose to set up the Realtime Database
+   either in the locked mode or in the test mode.
+
+   > **Note:** Integration tests are not run against the default Realtime Database reference and are
+   instead run against a database created at `https://{PROJECT_ID}.firebaseio.com`.
+   This second Realtime Database reference is created in the following steps.
+
+   3. In the **Data** tab click on the kebab menu (3 dots) and select **Create Database**.
+   4. Enter your Project ID (Found in the **General** tab in **Account Settings**) as the
+   **Realtime Database reference**. Again, you can choose to set up the Realtime Database
+   either in the locked mode or in the test mode.
+
+
+4. Enable Storage:
+   1. Go to the Firebase Console, and select **Storage** from the **Build** menu.
+   2. Click on the **Get started** button. You can choose to set up Cloud Storage
+   either in the production mode or in the test mode.
+
+
+5. Enable the IAM API:
+   1. Go to the [Google Cloud console](https://console.cloud.google.com)
+   and make sure your Firebase project is selected.
+   2. Select **APIs & Services** from the main menu, and click the
+   **ENABLE APIS AND SERVICES** button.
+   3. Search for and enable **Identity and Access Management (IAM) API** by Google Enterprise API.
+
+
+6. Enable Tenant Management:
+   1. Go to
+   [Google Cloud console | Identity Platform](https://console.cloud.google.com/customer-identity/)
+   and if it is not already enabled, click **Enable**.
+   2. Then
+   [enable multi-tenancy](https://cloud.google.com/identity-platform/docs/multi-tenancy-quickstart#enabling_multi-tenancy)
+   for your project.
+
+
+7. Ensure your service account has the **Firebase Authentication Admin** role. This is required
+to ensure that exported user records contain the password hashes of the user accounts:
+   1. Go to [Google Cloud console | IAM & admin](https://console.cloud.google.com/iam-admin).
+   2. Find your service account in the list. If not added click the pencil icon to edit its
+   permissions.
+   3. Click **ADD ANOTHER ROLE** and choose **Firebase Authentication Admin**.
+   4. Click **SAVE**.
+
 
 Finally, to run the integration test suite:
 

FirebaseAdmin/FirebaseAdmin.IntegrationTests/Auth/AbstractOidcProviderConfigTest.cs

@@ -46,6 +46,9 @@ public void CreateProviderConfig()
             Assert.True(config.Enabled);
             Assert.Equal("OIDC_CLIENT_ID", config.ClientId);
             Assert.Equal("https://oidc.com/issuer", config.Issuer);
+            Assert.Equal("OIDC_CLIENT_SECRET", config.ClientSecret);
+            Assert.True(config.CodeResponseType);
+            Assert.False(config.IdTokenResponseType);
         }
 
         [Fact]
@@ -59,6 +62,9 @@ public async Task GetProviderConfig()
             Assert.True(config.Enabled);
             Assert.Equal("OIDC_CLIENT_ID", config.ClientId);
             Assert.Equal("https://oidc.com/issuer", config.Issuer);
+            Assert.Equal("OIDC_CLIENT_SECRET", config.ClientSecret);
+            Assert.True(config.CodeResponseType);
+            Assert.False(config.IdTokenResponseType);
         }
 
         [Fact]
@@ -84,6 +90,9 @@ public async Task ListProviderConfig()
             Assert.True(config.Enabled);
             Assert.Equal("OIDC_CLIENT_ID", config.ClientId);
             Assert.Equal("https://oidc.com/issuer", config.Issuer);
+            Assert.Equal("OIDC_CLIENT_SECRET", config.ClientSecret);
+            Assert.True(config.CodeResponseType);
+            Assert.False(config.IdTokenResponseType);
         }
 
         [Fact]
@@ -97,6 +106,9 @@ public async Task UpdateProviderConfig()
                 Enabled = false,
                 ClientId = "UPDATED_OIDC_CLIENT_ID",
                 Issuer = "https://oidc.com/updated-issuer",
+                ClientSecret = "UPDATED_OIDC_CLIENT_SECRET",
+                CodeResponseType = false,
+                IdTokenResponseType = true,
             };
 
             var config = await this.auth.UpdateProviderConfigAsync(args);
@@ -106,6 +118,9 @@ public async Task UpdateProviderConfig()
             Assert.False(config.Enabled);
             Assert.Equal("UPDATED_OIDC_CLIENT_ID", config.ClientId);
             Assert.Equal("https://oidc.com/updated-issuer", config.Issuer);
+            Assert.Equal("UPDATED_OIDC_CLIENT_SECRET", config.ClientSecret);
+            Assert.False(config.CodeResponseType);
+            Assert.True(config.IdTokenResponseType);
         }
 
         [Fact]