From c3017a5e27e7241bab14e8dc472f9e3fb8c03fbb Mon Sep 17 00:00:00 2001
From: Liubin Jiang <liubinj@google.com>
Date: Mon, 2 May 2022 09:45:44 -0700
Subject: [PATCH 1/4] add more integ test for account defender

---
 src/auth/auth-api-request.ts  |  1 +
 test/integration/auth.spec.ts | 39 +++++++++++++++++++++++++++++++++++
 2 files changed, 40 insertions(+)

diff --git a/src/auth/auth-api-request.ts b/src/auth/auth-api-request.ts
index 2e9c22fc83..c792c4bb16 100644
--- a/src/auth/auth-api-request.ts
+++ b/src/auth/auth-api-request.ts
@@ -1890,6 +1890,7 @@ export abstract class AbstractAuthRequestHandler {
     requestData: object | undefined, additionalResourceParams?: object): Promise<object> {
     return urlBuilder.getUrl(apiSettings.getEndpoint(), additionalResourceParams)
       .then((url) => {
+        console.log(url);
         // Validate request.
         if (requestData) {
           const requestValidator = apiSettings.getRequestValidator();
diff --git a/test/integration/auth.spec.ts b/test/integration/auth.spec.ts
index 08d75e42c7..a84bcb6319 100644
--- a/test/integration/auth.spec.ts
+++ b/test/integration/auth.spec.ts
@@ -1219,6 +1219,18 @@ describe('admin.auth', () => {
       return getAuth().projectConfigManager().updateProjectConfig(projectConfigOption3)
         .should.eventually.be.rejected.and.have.property('code', 'auth/racaptcha-not-enabled');
     });
+
+    it('updateProjectConfig() should reject when trying to disable Account Defender while reCAPTCHA is enabled', () => {
+      // enable account defender first.
+      return getAuth().projectConfigManager().updateProjectConfig(projectConfigOption1)
+        .then((actualProjectConfig) => {
+          // verify account defender is enabled.
+          expect(actualProjectConfig.recaptchaConfig.useAccountDefender).to.be.true;
+          // attempt to disable reCAPTCHA.
+          return getAuth().projectConfigManager().updateProjectConfig(projectConfigOption3)
+            .should.eventually.be.rejected.and.have.property('code', 'auth/invalid-config');
+        });
+    });
   });
 
   describe('Tenant management operations', () => {
@@ -1784,6 +1796,33 @@ describe('admin.auth', () => {
     });
 
     it('updateTenant() enable Account Defender should be rejected when tenant reCAPTCHA is disabled',
+      function () {
+        // Skipping for now as Emulator resolves this operation, which is not expected.
+        // TODO: investigate with Rest API and Access team for this behavior.
+        if (authEmulatorHost) {
+          return this.skip();
+        }
+        expectedUpdatedTenant.tenantId = createdTenantId;
+        const updatedOptions: UpdateTenantRequest = {
+          displayName: expectedUpdatedTenant2.displayName,
+          recaptchaConfig: {
+            emailPasswordEnforcementState: 'AUDIT',
+            useAccountDefender: true,
+          },
+        };
+        const updatedOptions2: UpdateTenantRequest = deepCopy(updatedOptions);
+        updatedOptions2.recaptchaConfig.emailPasswordEnforcementState = 'OFF';
+        // enable account defender first.
+        return getAuth().tenantManager().updateTenant(createdTenantId, updatedOptions)
+        .then((actualTenant) => {
+          expect(actualTenant.recaptchaConfig.useAccountDefender).to.be.true;
+          // attempt to disable reCAPTCHA.
+          return getAuth().tenantManager().updateTenant(createdTenantId, updatedOptions2)
+            .should.eventually.be.rejected.and.have.property('code', 'auth/invalid-config');
+        });
+      });
+
+      it('updateTenant() disable reCAPTCHA should be rejected when Account Defender is enabled',
       function () {
         // Skipping for now as Emulator resolves this operation, which is not expected.
         // TODO: investigate with Rest API and Access team for this behavior.

From eb2b8a3a1ca5db08e0f8c541a8a4f285957a682e Mon Sep 17 00:00:00 2001
From: Liubin Jiang <liubinj@google.com>
Date: Tue, 3 May 2022 15:53:17 -0700
Subject: [PATCH 2/4] remove console log

---
 src/auth/auth-api-request.ts | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/auth/auth-api-request.ts b/src/auth/auth-api-request.ts
index c792c4bb16..2e9c22fc83 100644
--- a/src/auth/auth-api-request.ts
+++ b/src/auth/auth-api-request.ts
@@ -1890,7 +1890,6 @@ export abstract class AbstractAuthRequestHandler {
     requestData: object | undefined, additionalResourceParams?: object): Promise<object> {
     return urlBuilder.getUrl(apiSettings.getEndpoint(), additionalResourceParams)
       .then((url) => {
-        console.log(url);
         // Validate request.
         if (requestData) {
           const requestValidator = apiSettings.getRequestValidator();

From e8a9275712c99f2e536899b739f9ea99f9fa55e6 Mon Sep 17 00:00:00 2001
From: Liubin Jiang <liubinj@google.com>
Date: Tue, 3 May 2022 16:12:52 -0700
Subject: [PATCH 3/4] fix test build

---
 test/integration/auth.spec.ts | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/test/integration/auth.spec.ts b/test/integration/auth.spec.ts
index a84bcb6319..a80c7c9cad 100644
--- a/test/integration/auth.spec.ts
+++ b/test/integration/auth.spec.ts
@@ -1225,7 +1225,7 @@ describe('admin.auth', () => {
       return getAuth().projectConfigManager().updateProjectConfig(projectConfigOption1)
         .then((actualProjectConfig) => {
           // verify account defender is enabled.
-          expect(actualProjectConfig.recaptchaConfig.useAccountDefender).to.be.true;
+          expect(actualProjectConfig.recaptchaConfig?.useAccountDefender).to.be.true;
           // attempt to disable reCAPTCHA.
           return getAuth().projectConfigManager().updateProjectConfig(projectConfigOption3)
             .should.eventually.be.rejected.and.have.property('code', 'auth/invalid-config');
@@ -1810,12 +1810,17 @@ describe('admin.auth', () => {
             useAccountDefender: true,
           },
         };
-        const updatedOptions2: UpdateTenantRequest = deepCopy(updatedOptions);
-        updatedOptions2.recaptchaConfig.emailPasswordEnforcementState = 'OFF';
+        const updatedOptions2: UpdateTenantRequest = {
+          displayName: expectedUpdatedTenant2.displayName,
+          recaptchaConfig: {
+            emailPasswordEnforcementState: 'OFF',
+            useAccountDefender: true,
+          },
+        };
         // enable account defender first.
         return getAuth().tenantManager().updateTenant(createdTenantId, updatedOptions)
         .then((actualTenant) => {
-          expect(actualTenant.recaptchaConfig.useAccountDefender).to.be.true;
+          expect(actualTenant.recaptchaConfig?.useAccountDefender).to.be.true;
           // attempt to disable reCAPTCHA.
           return getAuth().tenantManager().updateTenant(createdTenantId, updatedOptions2)
             .should.eventually.be.rejected.and.have.property('code', 'auth/invalid-config');

From bfc4292eb77954440aacbc1749ca0195d8fd7593 Mon Sep 17 00:00:00 2001
From: Liubin Jiang <liubinj@google.com>
Date: Tue, 3 May 2022 16:17:04 -0700
Subject: [PATCH 4/4] fix lint

---
 test/integration/auth.spec.ts | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/test/integration/auth.spec.ts b/test/integration/auth.spec.ts
index a80c7c9cad..2cab5685c8 100644
--- a/test/integration/auth.spec.ts
+++ b/test/integration/auth.spec.ts
@@ -1819,15 +1819,15 @@ describe('admin.auth', () => {
         };
         // enable account defender first.
         return getAuth().tenantManager().updateTenant(createdTenantId, updatedOptions)
-        .then((actualTenant) => {
-          expect(actualTenant.recaptchaConfig?.useAccountDefender).to.be.true;
-          // attempt to disable reCAPTCHA.
-          return getAuth().tenantManager().updateTenant(createdTenantId, updatedOptions2)
-            .should.eventually.be.rejected.and.have.property('code', 'auth/invalid-config');
-        });
+          .then((actualTenant) => {
+            expect(actualTenant.recaptchaConfig?.useAccountDefender).to.be.true;
+            // attempt to disable reCAPTCHA.
+            return getAuth().tenantManager().updateTenant(createdTenantId, updatedOptions2)
+              .should.eventually.be.rejected.and.have.property('code', 'auth/invalid-config');
+          });
       });
 
-      it('updateTenant() disable reCAPTCHA should be rejected when Account Defender is enabled',
+    it('updateTenant() disable reCAPTCHA should be rejected when Account Defender is enabled',
       function () {
         // Skipping for now as Emulator resolves this operation, which is not expected.
         // TODO: investigate with Rest API and Access team for this behavior.