feat: add FPNV

[boikoa-gl]

Hey there! So you want to contribute to a Firebase SDK?
Before you file this pull request, please read these guidelines:

Discussion

• Read the contribution guidelines (CONTRIBUTING.md).
• If this has been discussed in an issue, make sure to link to the issue here.
  If not, go file an issue about this before creating a pull request to discuss.

Testing

• Make sure all existing tests in the repository pass after your change.
• If you fixed a bug or added a feature, add a new test to cover your code.

API Changes

• At this time we cannot accept changes that affect the public API. If you'd like to help
  us make Firebase APIs better, please propose your change in an issue so that we
  can discuss it together.

[gemini-code-assist]

Summary of Changes

Hello @boikoa-gl, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request integrates the Firebase Phone Number Verification (FPNV) feature into the SDK. It provides a new set of APIs and internal logic for verifying FPNV JWTs, allowing applications to securely authenticate users based on phone number verification. This enhancement streamlines the process of validating tokens issued by Firebase's phone authentication services, ensuring data integrity and user trust.

Highlights

• New FPNV Service Introduction: Introduced the Firebase Phone Number Verification (FPNV) service, providing a dedicated entry point for verifying FPNV tokens within the SDK.
• Core FPNV Classes: Added essential classes including FirebasePnv (service entry point), FirebasePnvToken (representation of a verified token), FirebasePnvException (custom exception handling), and FirebasePnvErrorCode (specific error codes for FPNV operations).
• Robust Token Verification Logic: Implemented FirebasePnvTokenVerifier to handle the complex process of FPNV JWT validation, encompassing header checks (algorithm, key ID, type), signature verification, and claims validation (issuer, audience, expiration, subject) using the nimbusds library and fetching JWKS from a Google endpoint.
• Comprehensive Unit Testing: Included extensive unit tests for all new FPNV components, ensuring the correctness of the service, token handling, error propagation, and the intricate token verification logic under various scenarios.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces the Firebase Phone Number Verification (FPNV) feature, including the main service entry point, token and exception types, and the internal token verification logic. The overall structure is sound and follows existing patterns in the Firebase Admin SDK.

However, I've identified several critical issues, particularly concerning type safety in the FirebasePnvToken class that will lead to ClassCastException at runtime. There are also security-related gaps in the token validation logic, such as incomplete issuer verification. Additionally, there are inconsistencies in exception handling and some issues in the test suite that make it less robust.

My detailed comments below provide specific suggestions to address these points, which should be resolved before merging.

[boikoa-gl]

/gemini review

[boikoa-gl]

/gemini review

[gemini-code-assist]

Code Review

This pull request introduces a new Firebase Phone Number Verification (FPNV) service. The implementation follows the established patterns of the Firebase Admin SDK, with a clear entry point and a dedicated token verifier. The code is well-structured and includes a good suite of unit tests. However, I have identified a critical dependency issue that will prevent the project from building, as well as several high-severity issues related to exception handling that would impede debugging. I have provided detailed comments and suggestions to address these points.

[gemini-code-assist]

Code Review

This pull request introduces the Firebase Phone Number Verification (FPNV) feature, including the main service entry point, token and exception classes, and the internal token verification logic. The implementation follows the existing Firebase service pattern well. However, I've identified a critical security vulnerability in the token verification logic where the issuer is not validated against the project ID. Additionally, there are a few correctness issues in the FirebasePnvToken class regarding return value units and type safety, as well as opportunities to improve exception handling by preserving the original cause of errors. My detailed comments provide specific suggestions to address these points.

[boikoa-gl]

/gemini review

[gemini-code-assist]

Code Review

This pull request introduces the Firebase Phone Number Verification (FPNV) service, a new feature for the Admin SDK. The changes include adding the main service entry point, token and exception classes, and the internal token verification logic. The implementation follows existing patterns in the SDK, and the addition of unit tests is great.

My review includes a few critical fixes related to time unit conversion in FirebasePnvToken, which currently returns milliseconds instead of the documented seconds. I've also suggested improvements to error handling in the token verifier to provide more accurate feedback to developers, and some minor Javadoc and test setup enhancements. Overall, this is a solid addition, and addressing these points will improve its correctness and usability.

[boikoa-gl]

/gemini review

[gemini-code-assist]

Code Review

This pull request introduces a new Firebase Phone Number Verification (FPNV) service. The implementation is well-structured, following existing patterns for Firebase services. The core token verification logic is robust, with explicit checks for JWT headers and claims. The addition of the nimbus-jose-jwt dependency is appropriate for this feature. The unit tests are comprehensive, covering various success and failure scenarios.

I have two main suggestions:

1. The new FirebasePnvException should extend the base FirebaseException to maintain consistency across the SDK, which will improve the developer experience for error handling.
2. A minor documentation update in FirebasePnvToken to improve clarity.

Overall, this is a solid contribution.

[gemini-code-assist]

For consistency with the rest of the SDK, this exception should extend com.google.firebase.FirebaseException instead of java.lang.Exception. This allows consumers of the SDK to catch a common base exception type for all Firebase-related errors.

You will need to map the FirebasePnvErrorCode to the platform-wide ErrorCode enum required by the FirebaseException constructor. You can add a private static mapping method for this.

public class FirebasePnvException extends com.google.firebase.FirebaseException {
  private final FirebasePnvErrorCode fpnvErrorCode;

  /**
   * Exception that created from {@link FirebasePnvErrorCode},
   * {@link String} message and {@link Throwable} cause.
   *
   * @param errorCode {@link FirebasePnvErrorCode}
   * @param message {@link String}
   * @param cause {@link Throwable}
   */
  public FirebasePnvException(
      FirebasePnvErrorCode errorCode,
      String message,
      Throwable cause
  ) {
    super(mapToFirebaseError(errorCode), message, cause);
    this.fpnvErrorCode = errorCode;
  }

  /**
   * Exception that created from {@link FirebasePnvErrorCode} and {@link String} message.
   *
   * @param errorCode {@link FirebasePnvErrorCode}
   * @param message {@link String}
   */
  public FirebasePnvException(
      FirebasePnvErrorCode errorCode,
      String message
  ) {
    this(errorCode, message, null);
  }

  public FirebasePnvErrorCode getFpnvErrorCode() {
    return fpnvErrorCode;
  }

  private static com.google.firebase.ErrorCode mapToFirebaseError(FirebasePnvErrorCode code) {
    // TODO: Implement a more complete mapping from FirebasePnvErrorCode to a suitable platform ErrorCode.
    if (code == null) {
      return com.google.firebase.ErrorCode.INTERNAL;
    }
    switch (code) {
      case INVALID_ARGUMENT:
        return com.google.firebase.ErrorCode.INVALID_ARGUMENT;
      case TOKEN_EXPIRED:
      case INVALID_TOKEN:
        // Consider mapping to UNAUTHENTICATED or a more specific code if available.
        return com.google.firebase.ErrorCode.UNAUTHENTICATED;
      case SERVICE_ERROR:
        return com.google.firebase.ErrorCode.UNAVAILABLE;
      case INTERNAL_ERROR:
      default:
        return com.google.firebase.ErrorCode.INTERNAL;
    }
  }
}

[gemini-code-assist]

The Javadoc for the constructor mentions JWTClaimsSet, but the parameter is a Map<String, Object>. To avoid confusion, it would be clearer to state that it's created from a map of claims.

Suggested change

	* Create an instance of {@link FirebasePnvToken} from {@link JWTClaimsSet} claims.
	*
	* @param claims Map claims.
	* Create an instance of {@link FirebasePnvToken} from a map of JWT claims.
	*
	* @param claims A map of JWT claims.