firebase
diff --git a/‎CHANGELOG.md
Lines changed: 1 addition & 1 deletion b/‎CHANGELOG.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎firebase_admin/_auth_utils.py
Lines changed: 3 additions & 3 deletions b/‎firebase_admin/_auth_utils.py
Lines changed: 3 additions & 3 deletions
diff --git a/‎firebase_admin/_user_mgt.py
Lines changed: 41 additions & 35 deletions b/‎firebase_admin/_user_mgt.py
Lines changed: 41 additions & 35 deletions
diff --git a/‎firebase_admin/auth.py
Lines changed: 3 additions & 3 deletions b/‎firebase_admin/auth.py
Lines changed: 3 additions & 3 deletions
diff --git a/‎integration/test_auth.py
Lines changed: 75 additions & 26 deletions b/‎integration/test_auth.py
Lines changed: 75 additions & 26 deletions
@@ -1,7 +1,7 @@
 # Unreleased
 
 - [added] Added `generate_password_reset_link()`, 
-  `generate_email_verification_link()` and `generate_email_sign_in_link()`
+  `generate_email_verification_link()` and `generate_sign_in_with_email_link()`
   methods to the `auth` API.
 - [added] Migrated the `auth` user management API to the
   new Identity Toolkit endpoint.
 
@@ -26,7 +26,7 @@
     'acr', 'amr', 'at_hash', 'aud', 'auth_time', 'azp', 'cnf', 'c_hash', 'exp', 'iat',
     'iss', 'jti', 'nbf', 'nonce', 'sub', 'firebase',
 ])
-VALID_ACTION_TYPE = set(['VERIFY_EMAIL', 'EMAIL_SIGNIN', 'PASSWORD_RESET'])
+VALID_EMAIL_ACTION_TYPES = set(['VERIFY_EMAIL', 'EMAIL_SIGNIN', 'PASSWORD_RESET'])
 
 
 def validate_uid(uid, required=False):
@@ -184,7 +184,7 @@ def validate_custom_claims(custom_claims, required=False):
     return claims_str
 
 def validate_action_type(action_type):
-    if action_type not in VALID_ACTION_TYPE:
+    if action_type not in VALID_EMAIL_ACTION_TYPES:
         raise ValueError('Invalid action type provided action_type: {0}. \
-            Valid values are {1}'.format(action_type, VALID_ACTION_TYPE))
+            Valid values are {1}'.format(action_type, ', '.join(VALID_EMAIL_ACTION_TYPES)))
     return action_type
@@ -31,7 +31,7 @@
 USER_DELETE_ERROR = 'USER_DELETE_ERROR'
 USER_IMPORT_ERROR = 'USER_IMPORT_ERROR'
 USER_DOWNLOAD_ERROR = 'LIST_USERS_ERROR'
-USER_LINK_GENERATE_ERROR = 'USER_LINK_GENERATE_ERROR'
+GENERATE_EMAIL_ACTION_LINK_ERROR = 'GENERATE_EMAIL_ACTION_LINK_ERROR'
 
 MAX_LIST_USERS_RESULTS = 1000
 MAX_IMPORT_USERS_SIZE = 1000
@@ -396,56 +396,64 @@ def encode_action_code_settings(settings):
     settings - ``ActionCodeSettings`` object provided to be encoded
     returns  - dict of parameters to be passed for link gereration.
     """
-    if not isinstance(settings, ActionCodeSettings):
-        raise ValueError('Invalid data argument: {0}. Must be a dictionary.'.format(settings))
 
     parameters = {}
-    # Validate url
-    if settings.url:
-        try:
-            parsed = urllib.parse.urlparse(settings.url)
-            if not parsed.netloc:
-                raise ValueError('Malformed dynamic action links url: "{0}".'.format(settings.url))
-            parameters['continueUrl'] = settings.url
-        except Exception:
-            raise ValueError('Malformed dynamic action links url: "{0}".'.format(settings.url))
+    # url
+    if not settings.url:
+        raise ValueError("Dynamic action links url is mandatory")
 
-    # Validate boolean types
-    for field in ['handle_code_in_app', 'android_install_app']:
-        value = getattr(settings, field, None)
-        if value != None and not isinstance(value, bool):
-            raise ValueError('Invalid value provided for {0}: {1}'.format(field, value))
-
-    # Validate string types
-    for field in ['dynamic_link_domain', 'ios_bundle_id',
-                  'android_package_name', 'android_minimum_version']:
-        value = getattr(settings, field, None)
-        if value != None and not isinstance(value, six.string_types):
-            raise ValueError('Invalid value provided for {0}: {1}'.format(field, value))
+    try:
+        parsed = urllib.parse.urlparse(settings.url)
+        if not parsed.netloc:
+            raise ValueError('Malformed dynamic action links url: "{0}".'.format(settings.url))
+        parameters['continueUrl'] = settings.url
+    except Exception:
+        raise ValueError('Malformed dynamic action links url: "{0}".'.format(settings.url))
 
     # handle_code_in_app
-    if settings.handle_code_in_app != None:
+    if settings.handle_code_in_app is not None:
+        if not isinstance(settings.handle_code_in_app, bool):
+            raise ValueError('Invalid value provided for handle_code_in_app: {0}'
+                             .format(settings.handle_code_in_app))
         parameters['canHandleCodeInApp'] = settings.handle_code_in_app
 
     # dynamic_link_domain
-    if settings.dynamic_link_domain != None:
+    if settings.dynamic_link_domain is not None:
+        if not isinstance(settings.dynamic_link_domain, six.string_types):
+            raise ValueError('Invalid value provided for dynamic_link_domain: {0}'
+                             .format(settings.dynamic_link_domain))
         parameters['dynamicLinkDomain'] = settings.dynamic_link_domain
 
     # ios_bundle_id
-    if settings.ios_bundle_id:
+    if settings.ios_bundle_id is not None:
+        if not isinstance(settings.ios_bundle_id, six.string_types):
+            raise ValueError('Invalid value provided for ios_bundle_id: {0}'
+                             .format(settings.ios_bundle_id))
         parameters['iosBundleId'] = settings.ios_bundle_id
 
     # android_* attributes
     if (settings.android_minimum_version or settings.android_install_app) \
         and not settings.android_package_name:
         raise ValueError("Android package name is required when specifying other Android settings")
 
-    if settings.android_package_name:
+    if settings.android_package_name is not None:
+        if not isinstance(settings.android_package_name, six.string_types):
+            raise ValueError('Invalid value provided for android_package_name: {0}'
+                             .format(settings.android_package_name))
         parameters['androidPackageName'] = settings.android_package_name
-    if settings.android_minimum_version:
+
+    if settings.android_minimum_version is not None:
+        if not isinstance(settings.android_minimum_version, six.string_types):
+            raise ValueError('Invalid value provided for android_minimum_version: {0}'
+                             .format(settings.android_minimum_version))
         parameters['androidMinimumVersion'] = settings.android_minimum_version
-    if settings.android_install_app:
+
+    if settings.android_install_app is not None:
+        if not isinstance(settings.android_install_app, bool):
+            raise ValueError('Invalid value provided for android_install_app: {0}'
+                             .format(settings.android_install_app))
         parameters['androidInstallApp'] = settings.android_install_app
+
     return parameters
 
 class UserManager(object):
@@ -635,18 +643,16 @@ def generate_email_action_link(self, action_type, email, action_code_settings=No
         }
 
         if action_code_settings:
-            if not isinstance(action_code_settings, ActionCodeSettings):
-                raise ValueError("'action_code_settings' parameter should be " + \
-                    "of type ActionCodeSettings")
             payload.update(encode_action_code_settings(action_code_settings))
 
         try:
             response = self._client.body('post', '/accounts:sendOobCode', json=payload)
         except requests.exceptions.RequestException as error:
-            self._handle_http_error(USER_LINK_GENERATE_ERROR, 'Failed to generate link.', error)
+            self._handle_http_error(GENERATE_EMAIL_ACTION_LINK_ERROR, 'Failed to generate link.',
+                                    error)
         else:
             if not response or not response.get('oobLink'):
-                raise ApiCallError(USER_LINK_GENERATE_ERROR, 'Failed to generate link.')
+                raise ApiCallError(GENERATE_EMAIL_ACTION_LINK_ERROR, 'Failed to generate link.')
             return response.get('oobLink')
 
     def _handle_http_error(self, code, msg, error):
 
@@ -461,7 +461,7 @@ def generate_password_reset_link(email, action_code_settings=None, app=None):
         email: The email of the user whose password is to be reset.
         action_code_settings: ``ActionCodeSettings`` instance (optional). Defines whether
             the link is to be handled by a mobile app and the additional state information to be
-            passed in the deep link, etc.
+            passed in the deep link.
         app: An App instance (optional).
     Returns:
         link: The password reset link created by API
@@ -485,7 +485,7 @@ def generate_email_verification_link(email, action_code_settings=None, app=None)
         email: The email of the user to be verified.
         action_code_settings: ``ActionCodeSettings`` instance (optional). Defines whether
             the link is to be handled by a mobile app and the additional state information to be
-            passed in the deep link, etc.
+            passed in the deep link.
         app: An App instance (optional).
     Returns:
         link: The email verification link created by API
@@ -509,7 +509,7 @@ def generate_sign_in_with_email_link(email, action_code_settings, app=None):
         email: The email of the user signing in.
         action_code_settings: ``ActionCodeSettings`` instance. Defines whether
             the link is to be handled by a mobile app and the additional state information to be
-            passed in the deep link, etc.
+            passed in the deep link.
         app: An App instance (optional).
     Returns:
         link: The email sign in link created by API
 
@@ -31,7 +31,11 @@
 
 _verify_token_url = 'https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyCustomToken'
 _verify_password_url = 'https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyPassword'
+_password_reset_url = 'https://www.googleapis.com/identitytoolkit/v3/relyingparty/resetPassword'
+_verify_email_url = 'https://www.googleapis.com/identitytoolkit/v3/relyingparty/setAccountInfo'
+_email_sign_in_url = 'https://www.googleapis.com/identitytoolkit/v3/relyingparty/emailLinkSignin'
 
+ACTION_LINK_CONTINUE_URL = 'http://localhost?a=1&b=5#f=1'
 
 def _sign_in(custom_token, api_key):
     body = {'token' : custom_token.decode(), 'returnSecureToken' : True}
@@ -55,6 +59,35 @@ def _random_id():
 def _random_phone():
     return '+1' + ''.join([str(random.randint(0, 9)) for _ in range(0, 10)])
 
+def _reset_password(oob_code, new_password, api_key):
+    body = {'oobCode': oob_code, 'newPassword': new_password}
+    params = {'key' : api_key}
+    resp = requests.request('post', _password_reset_url, params=params, json=body)
+    resp.raise_for_status()
+    return resp.json().get('email')
+
+def _verify_email(oob_code, api_key):
+    body = {'oobCode': oob_code}
+    params = {'key' : api_key}
+    resp = requests.request('post', _verify_email_url, params=params, json=body)
+    resp.raise_for_status()
+    return resp.json().get('email')
+
+def _sign_in_with_email_link(email, oob_code, api_key):
+    body = {'oobCode': oob_code, 'email': email}
+    params = {'key' : api_key}
+    resp = requests.request('post', _email_sign_in_url, params=params, json=body)
+    resp.raise_for_status()
+    return resp.json().get('idToken')
+
+def _validate_link_url(link, check_continue_url=True):
+    assert isinstance(link, six.string_types)
+    query = six.moves.urllib.parse.urlparse(link).query
+    query_dict = dict(six.moves.urllib.parse.parse_qsl(query))
+    if check_continue_url:
+        assert query_dict['continueUrl'] == ACTION_LINK_CONTINUE_URL
+    return query_dict['oobCode']
+
 def test_custom_token(api_key):
     custom_token = auth.create_custom_token('user1')
     id_token = _sign_in(custom_token, api_key)
@@ -152,6 +185,18 @@ def new_user_list():
     for uid in users:
         auth.delete_user(uid)
 
+@pytest.fixture
+def new_user_email_unverified():
+    random_id, email = _random_id()
+    user = auth.create_user(
+        uid=random_id,
+        email=email,
+        email_verified=False,
+        password='password'
+    )
+    yield user
+    auth.delete_user(user.uid)
+
 def test_get_user(new_user_with_params):
     user = auth.get_user(new_user_with_params.uid)
     assert user.uid == new_user_with_params.uid
@@ -373,37 +418,41 @@ def test_import_users_with_password(api_key):
     finally:
         auth.delete_user(uid)
 
-@pytest.fixture
-def action_code_settings():
-    return auth.ActionCodeSettings('http://localhost')
-
-def _validate_link_url(link):
-    assert isinstance(link, six.string_types)
-    six.moves.urllib.parse.urlparse(link)
-
-def test_password_reset(new_user_with_params):
-    link = auth.generate_password_reset_link(new_user_with_params.email)
-    _validate_link_url(link)
-
-def test_email_verification(new_user_with_params):
-    link = auth.generate_email_verification_link(new_user_with_params.email)
-    _validate_link_url(link)
-
-def test_password_reset_with_settings(new_user_with_params, action_code_settings):
-    link = auth.generate_password_reset_link(new_user_with_params.email,
+def test_password_reset(new_user_email_unverified, api_key):
+    link = auth.generate_password_reset_link(new_user_email_unverified.email)
+    oob_code = _validate_link_url(link, check_continue_url=False)
+    assert new_user_email_unverified.email == _reset_password(oob_code, "newPassword", api_key)
+    assert auth.get_user(new_user_email_unverified.uid).email_verified
+
+def test_email_verification(new_user_email_unverified, api_key):
+    link = auth.generate_email_verification_link(new_user_email_unverified.email)
+    oob_code = _validate_link_url(link, check_continue_url=False)
+    assert new_user_email_unverified.email == _verify_email(oob_code, api_key)
+    assert auth.get_user(new_user_email_unverified.uid).email_verified
+
+def test_password_reset_with_settings(new_user_email_unverified, api_key):
+    action_code_settings = auth.ActionCodeSettings(ACTION_LINK_CONTINUE_URL)
+    link = auth.generate_password_reset_link(new_user_email_unverified.email,
                                              action_code_settings=action_code_settings)
-    _validate_link_url(link)
+    oob_code = _validate_link_url(link)
+    assert new_user_email_unverified.email == _reset_password(oob_code, "newPassword", api_key)
+    assert auth.get_user(new_user_email_unverified.uid).email_verified
 
-def test_email_verification_with_settings(new_user_with_params, action_code_settings):
-    link = auth.generate_email_verification_link(new_user_with_params.email,
+def test_email_verification_with_settings(new_user_email_unverified, api_key):
+    action_code_settings = auth.ActionCodeSettings(ACTION_LINK_CONTINUE_URL)
+    link = auth.generate_email_verification_link(new_user_email_unverified.email,
                                                  action_code_settings=action_code_settings)
-    _validate_link_url(link)
+    oob_code = _validate_link_url(link)
+    assert new_user_email_unverified.email == _verify_email(oob_code, api_key)
+    assert auth.get_user(new_user_email_unverified.uid).email_verified
 
-def test_email_sign_in_with_settings(new_user_with_params, action_code_settings):
-    link = auth.generate_sign_in_with_email_link(new_user_with_params.email,
+def test_email_sign_in_with_settings(new_user_email_unverified, api_key):
+    action_code_settings = auth.ActionCodeSettings(ACTION_LINK_CONTINUE_URL)
+    link = auth.generate_sign_in_with_email_link(new_user_email_unverified.email,
                                                  action_code_settings=action_code_settings)
-    _validate_link_url(link)
-
+    oob_code = _validate_link_url(link)
+    assert _sign_in_with_email_link(new_user_email_unverified.email, oob_code, api_key)
+    assert auth.get_user(new_user_email_unverified.uid).email_verified
 
 class CredentialWrapper(credentials.Base):
     """A custom Firebase credential that wraps an OAuth2 token."""