From e1f5878419a674de4810ee3a9b711477f33f7381 Mon Sep 17 00:00:00 2001
From: Liubin Jiang <liubinj@google.com>
Date: Tue, 16 May 2023 13:52:39 -0700
Subject: [PATCH] fix Unsafe JavaScript Equality Checking

---
 src/auth/auth-api-request.ts                           | 2 +-
 src/auth/auth-config.ts                                | 4 ++--
 src/auth/tenant.ts                                     | 2 +-
 src/auth/token-verifier.ts                             | 2 +-
 src/remote-config/remote-config-api-client-internal.ts | 4 ++--
 5 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/auth/auth-api-request.ts b/src/auth/auth-api-request.ts
index 2893d49a9d..c4ba2ac811 100644
--- a/src/auth/auth-api-request.ts
+++ b/src/auth/auth-api-request.ts
@@ -1603,7 +1603,7 @@ export abstract class AbstractAuthRequestHandler {
    * @param email - The email of the user the link is being sent to.
    * @param actionCodeSettings - The optional action code setings which defines whether
    *     the link is to be handled by a mobile app and the additional state information to be passed in the
-   *     deep link, etc. Required when requestType == 'EMAIL_SIGNIN'
+   *     deep link, etc. Required when requestType === 'EMAIL_SIGNIN'
    * @param newEmail - The email address the account is being updated to.
    *     Required only for VERIFY_AND_CHANGE_EMAIL requests.
    * @returns A promise that resolves with the email action link.
diff --git a/src/auth/auth-config.ts b/src/auth/auth-config.ts
index 5ca4ed0b96..e5056660f4 100644
--- a/src/auth/auth-config.ts
+++ b/src/auth/auth-config.ts
@@ -1517,7 +1517,7 @@ export class OIDCConfig implements OIDCAuthProviderConfig {
       const allKeys = Object.keys(options.responseType).length;
       const enabledCount = Object.values(options.responseType).filter(Boolean).length;
       // Only one of OAuth response types can be set to true.
-      if (allKeys > 1 && enabledCount != 1) {
+      if (allKeys > 1 && enabledCount !== 1) {
         throw new FirebaseAuthError(
           AuthClientErrorCode.INVALID_OAUTH_RESPONSETYPE,
           'Only exactly one OAuth responseType should be set to true.',
@@ -1872,7 +1872,7 @@ export class RecaptchaAuthConfig implements RecaptchaConfig {
       });
     }
 
-    if (typeof options.useAccountDefender != 'undefined') {
+    if (typeof options.useAccountDefender !== 'undefined') {
       if (!validator.isBoolean(options.useAccountDefender)) {
         throw new FirebaseAuthError(
           AuthClientErrorCode.INVALID_CONFIG,
diff --git a/src/auth/tenant.ts b/src/auth/tenant.ts
index fdb7b1e199..bccf9083d6 100644
--- a/src/auth/tenant.ts
+++ b/src/auth/tenant.ts
@@ -271,7 +271,7 @@ export class Tenant {
       MultiFactorAuthConfig.buildServerRequest(request.multiFactorConfig);
     }
     // Validate SMS Regions Config if provided.
-    if (typeof request.smsRegionConfig != 'undefined') {
+    if (typeof request.smsRegionConfig !== 'undefined') {
       SmsRegionsAuthConfig.validate(request.smsRegionConfig);
     }
     // Validate reCAPTCHAConfig type if provided.
diff --git a/src/auth/token-verifier.ts b/src/auth/token-verifier.ts
index e57040e4de..05566205b5 100644
--- a/src/auth/token-verifier.ts
+++ b/src/auth/token-verifier.ts
@@ -466,7 +466,7 @@ export class FirebaseTokenVerifier {
   private safeDecode(jwtToken: string): Promise<DecodedToken> {
     return decodeJwt(jwtToken)
       .catch((err: JwtError) => {
-        if (err.code == JwtErrorCode.INVALID_ARGUMENT) {
+        if (err.code === JwtErrorCode.INVALID_ARGUMENT) {
           const verifyJwtTokenDocsMessage = ` See ${this.tokenInfo.url} ` +
             `for details on how to retrieve ${this.shortNameArticle} ${this.tokenInfo.shortName}.`;
           const errorMessage = `Decoding ${this.tokenInfo.jwtName} failed. Make sure you passed ` +
diff --git a/src/remote-config/remote-config-api-client-internal.ts b/src/remote-config/remote-config-api-client-internal.ts
index 9ea77bb532..b8cfe22fc4 100644
--- a/src/remote-config/remote-config-api-client-internal.ts
+++ b/src/remote-config/remote-config-api-client-internal.ts
@@ -110,7 +110,7 @@ export class RemoteConfigApiClient {
   public publishTemplate(template: RemoteConfigTemplate, options?: { force: boolean }): Promise<RemoteConfigTemplate> {
     template = this.validateInputRemoteConfigTemplate(template);
     let ifMatch: string = template.etag;
-    if (options && options.force == true) {
+    if (options && options.force === true) {
       // setting `If-Match: *` forces the Remote Config template to be updated
       // and circumvent the ETag, and the protection from that it provides.
       ifMatch = '*';
@@ -244,7 +244,7 @@ export class RemoteConfigApiClient {
    * @param {string} customEtag A custom etag to replace the etag fom the API response (Optional).
    */
   private toRemoteConfigTemplate(resp: HttpResponse, customEtag?: string): RemoteConfigTemplate {
-    const etag = (typeof customEtag == 'undefined') ? resp.headers['etag'] : customEtag;
+    const etag = (typeof customEtag === 'undefined') ? resp.headers['etag'] : customEtag;
     this.validateEtag(etag);
     return {
       conditions: resp.data.conditions,