firebase
diff --git a/‎ISSUE_TEMPLATE.md‎ ‎.github/ISSUE_TEMPLATE/bug_report.md‎ISSUE_TEMPLATE.md renamed to .github/ISSUE_TEMPLATE/bug_report.md
Lines changed: 17 additions & 5 deletions b/‎ISSUE_TEMPLATE.md‎ ‎.github/ISSUE_TEMPLATE/bug_report.md‎ISSUE_TEMPLATE.md renamed to .github/ISSUE_TEMPLATE/bug_report.md
Lines changed: 17 additions & 5 deletions
diff --git a/‎.github/ISSUE_TEMPLATE/feature_request.md‎
Lines changed: 20 additions & 0 deletions b/‎.github/ISSUE_TEMPLATE/feature_request.md‎
Lines changed: 20 additions & 0 deletions
diff --git a/‎.github/workflows/ci.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/ci.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/nightly.yml‎
Lines changed: 98 additions & 0 deletions b/‎.github/workflows/nightly.yml‎
Lines changed: 98 additions & 0 deletions
diff --git a/‎CONTRIBUTING.md‎
Lines changed: 1 addition & 1 deletion b/‎CONTRIBUTING.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎README.md‎
Lines changed: 3 additions & 2 deletions b/‎README.md‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎firebase_admin/__about__.py‎
Lines changed: 1 addition & 1 deletion b/‎firebase_admin/__about__.py‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎firebase_admin/_auth_client.py‎
Lines changed: 39 additions & 10 deletions b/‎firebase_admin/_auth_client.py‎
Lines changed: 39 additions & 10 deletions
diff --git a/‎firebase_admin/_auth_providers.py‎
Lines changed: 3 additions & 2 deletions b/‎firebase_admin/_auth_providers.py‎
Lines changed: 3 additions & 2 deletions
@@ -1,10 +1,21 @@
+---
+name: Bug report
+about: Bug reports related to any component in this repo
+title: ''
+labels: ''
+assignees: ''
+
+---
+
 ### [READ] Step 1: Are you in the right place?
 
-  * For issues or feature requests related to __the code in this repository__
-    file a Github issue.
-    * If this is a __feature request__ make sure the issue title starts with "FR:".
+  * For issues related to __the code in this repository__ file a GitHub issue.
+  * If the issue pertains to __Cloud Firestore__, report directly in the
+    [Python Firestore](https://github.com/googleapis/python-firestore) GitHub repo. Firestore
+    bugs reported in this repo will be closed with a reference to the Python Firestore
+    project.
   * For general technical questions, post a question on [StackOverflow](http://stackoverflow.com/)
-    with the firebase tag.
+    with the `firebase` tag.
   * For general Firebase discussion, use the [firebase-talk](https://groups.google.com/forum/#!forum/firebase-talk)
     google group.
   * For help troubleshooting your application that does not fall under one
@@ -15,8 +26,9 @@
 
   * Operating System version: _____
   * Firebase SDK version: _____
-  * Library version: _____
   * Firebase Product: _____ (auth, database, storage, etc)
+  * Python version: _____
+  * Pip version: _____
 
 ### [REQUIRED] Step 3: Describe the problem
 
 
@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: "[FR]"
+labels: 'type: feature request'
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context, code samples or screenshots about the feature request here.
@@ -8,7 +8,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        python: [3.5, 3.6, 3.7, pypy3]
+        python: [3.6, 3.7, 3.8, 3.9, pypy3]
 
     steps:
     - uses: actions/checkout@v1
 
@@ -0,0 +1,98 @@
+# Copyright 2021 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: Nightly Builds
+
+on:
+  # Runs every day at 06:20 AM (PT) and 08:20 PM (PT) / 04:20 AM (UTC) and 02:20 PM (UTC)
+  # or on 'firebase_nightly_build' repository dispatch event.
+  schedule:
+    - cron: "20 4,14 * * *"
+  repository_dispatch:
+    types: [firebase_nightly_build]
+
+jobs:
+  nightly:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout source for staging
+      uses: actions/checkout@v2
+      with:
+        ref: ${{ github.event.client_payload.ref || github.ref }}
+
+    - name: Set up Python
+      uses: actions/setup-python@v1
+      with:
+        python-version: 3.6
+
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install -r requirements.txt
+        pip install setuptools wheel
+        pip install tensorflow
+        pip install keras
+
+    - name: Run unit tests
+      run: pytest
+
+    - name: Run integration tests
+      run: ./.github/scripts/run_integration_tests.sh
+      env:
+        FIREBASE_SERVICE_ACCT_KEY: ${{ secrets.FIREBASE_SERVICE_ACCT_KEY }}
+        FIREBASE_API_KEY: ${{ secrets.FIREBASE_API_KEY }}
+
+    # Build the Python Wheel and the source distribution.
+    - name: Package release artifacts
+      run: python setup.py bdist_wheel sdist
+
+    # Attach the packaged artifacts to the workflow output. These can be manually
+    # downloaded for later inspection if necessary.
+    - name: Archive artifacts
+      uses: actions/upload-artifact@v1
+      with:
+        name: dist
+        path: dist
+
+    - name: Send email on failure
+      if: failure()
+      uses: firebase/firebase-admin-node/.github/actions/send-email@master
+      with:
+        api-key: ${{ secrets.OSS_BOT_MAILGUN_KEY }}
+        domain: ${{ secrets.OSS_BOT_MAILGUN_DOMAIN }}
+        from: 'GitHub <admin-github@${{ secrets.OSS_BOT_MAILGUN_DOMAIN }}>'
+        to: ${{ secrets.FIREBASE_ADMIN_GITHUB_EMAIL }}
+        subject: 'Nightly build ${{github.run_id}} of ${{github.repository}} failed!'
+        html: >
+          <b>Nightly workflow ${{github.run_id}} failed on: ${{github.repository}}</b>
+          <br /><br />Navigate to the 
+          <a href="https://github.com/firebase/firebase-admin-python/actions/runs/${{github.run_id}}">failed workflow</a>.
+      continue-on-error: true
+
+    - name: Send email on cancelled
+      if: cancelled()
+      uses: firebase/firebase-admin-node/.github/actions/send-email@master
+      with:
+        api-key: ${{ secrets.OSS_BOT_MAILGUN_KEY }}
+        domain: ${{ secrets.OSS_BOT_MAILGUN_DOMAIN }}
+        from: 'GitHub <admin-github@${{ secrets.OSS_BOT_MAILGUN_DOMAIN }}>'
+        to: ${{ secrets.FIREBASE_ADMIN_GITHUB_EMAIL }}
+        subject: 'Nightly build ${{github.run_id}} of ${{github.repository}} cancelled!'
+        html: >
+          <b>Nightly workflow ${{github.run_id}} cancelled on: ${{github.repository}}</b>
+          <br /><br />Navigate to the 
+          <a href="https://github.com/firebase/firebase-admin-python/actions/runs/${{github.run_id}}">cancelled workflow</a>.
+      continue-on-error: true
@@ -85,7 +85,7 @@ information on using pull requests.
 
 ### Initial Setup
 
-You need Python 3.4+ to build and test the code in this repo.
+You need Python 3.6+ to build and test the code in this repo.
 
 We recommend using [pip](https://pypi.python.org/pypi/pip) for installing the necessary tools and
 project dependencies. Most recent versions of Python ship with pip. If your development environment
 
@@ -43,8 +43,9 @@ requests, code review feedback, and also pull requests.
 
 ## Supported Python Versions
 
-We currently support Python 3.5+. Firebase Admin Python SDK is also tested on
-PyPy and [Google App Engine](https://cloud.google.com/appengine/) environments.
+We currently support Python 3.6+. Firebase
+Admin Python SDK is also tested on PyPy and
+[Google App Engine](https://cloud.google.com/appengine/) environments.
 
 
 ## Documentation
 
@@ -14,7 +14,7 @@
 
 """About information (version, etc) for Firebase Admin SDK."""
 
-__version__ = '4.3.0'
+__version__ = '5.0.3'
 __title__ = 'firebase_admin'
 __author__ = 'Firebase'
 __license__ = 'Apache License 2.0'
 
@@ -24,6 +24,7 @@
 from firebase_admin import _user_identifier
 from firebase_admin import _user_import
 from firebase_admin import _user_mgt
+from firebase_admin import _utils
 
 
 class Client:
@@ -36,17 +37,37 @@ def __init__(self, app, tenant_id=None):
             2. set the project ID explicitly via Firebase App options, or
             3. set the project ID via the GOOGLE_CLOUD_PROJECT environment variable.""")
 
-        credential = app.credential.get_credential()
+        credential = None
         version_header = 'Python/Admin/{0}'.format(firebase_admin.__version__)
+        timeout = app.options.get('httpTimeout', _http_client.DEFAULT_TIMEOUT_SECONDS)
+        # Non-default endpoint URLs for emulator support are set in this dict later.
+        endpoint_urls = {}
+        self.emulated = False
+
+        # If an emulator is present, check that the given value matches the expected format and set
+        # endpoint URLs to use the emulator. Additionally, use a fake credential.
+        emulator_host = _auth_utils.get_emulator_host()
+        if emulator_host:
+            base_url = 'http://{0}/identitytoolkit.googleapis.com'.format(emulator_host)
+            endpoint_urls['v1'] = base_url + '/v1'
+            endpoint_urls['v2beta1'] = base_url + '/v2beta1'
+            credential = _utils.EmulatorAdminCredentials()
+            self.emulated = True
+        else:
+            # Use credentials if provided
+            credential = app.credential.get_credential()
+
         http_client = _http_client.JsonHttpClient(
-            credential=credential, headers={'X-Client-Version': version_header})
+            credential=credential, headers={'X-Client-Version': version_header}, timeout=timeout)
 
         self._tenant_id = tenant_id
-        self._token_generator = _token_gen.TokenGenerator(app, http_client)
+        self._token_generator = _token_gen.TokenGenerator(
+            app, http_client, url_override=endpoint_urls.get('v1'))
         self._token_verifier = _token_gen.TokenVerifier(app)
-        self._user_manager = _user_mgt.UserManager(http_client, app.project_id, tenant_id)
+        self._user_manager = _user_mgt.UserManager(
+            http_client, app.project_id, tenant_id, url_override=endpoint_urls.get('v1'))
         self._provider_manager = _auth_providers.ProviderConfigClient(
-            http_client, app.project_id, tenant_id)
+            http_client, app.project_id, tenant_id, url_override=endpoint_urls.get('v2beta1'))
 
     @property
     def tenant_id(self):
@@ -79,7 +100,8 @@ def verify_id_token(self, id_token, check_revoked=False):
 
         Args:
             id_token: A string of the encoded JWT.
-            check_revoked: Boolean, If true, checks whether the token has been revoked (optional).
+            check_revoked: Boolean, If true, checks whether the token has been revoked or
+                the user disabled (optional).
 
         Returns:
             dict: A dictionary of key-value pairs parsed from the decoded JWT.
@@ -94,6 +116,8 @@ def verify_id_token(self, id_token, check_revoked=False):
                 this ``Client`` instance.
             CertificateFetchError: If an error occurs while fetching the public key certificates
                 required to verify the ID token.
+            UserDisabledError: If ``check_revoked`` is ``True`` and the corresponding user
+                record is disabled.
         """
         if not isinstance(check_revoked, bool):
             # guard against accidental wrong assignment.
@@ -108,7 +132,8 @@ def verify_id_token(self, id_token, check_revoked=False):
                     'Invalid tenant ID: {0}'.format(token_tenant_id))
 
         if check_revoked:
-            self._check_jwt_revoked(verified_claims, _token_gen.RevokedIdTokenError, 'ID token')
+            self._check_jwt_revoked_or_disabled(
+                verified_claims, _token_gen.RevokedIdTokenError, 'ID token')
         return verified_claims
 
     def revoke_refresh_tokens(self, uid):
@@ -160,7 +185,7 @@ def get_user_by_email(self, email):
 
         Raises:
             ValueError: If the email is None, empty or malformed.
-            UserNotFoundError: If no user exists by the specified email address.
+            UserNotFoundError: If no user exists for the specified email address.
             FirebaseError: If an error occurs while retrieving the user.
         """
         response = self._user_manager.get_user(email=email)
@@ -177,7 +202,7 @@ def get_user_by_phone_number(self, phone_number):
 
         Raises:
             ValueError: If the phone number is ``None``, empty or malformed.
-            UserNotFoundError: If no user exists by the specified phone number.
+            UserNotFoundError: If no user exists for the specified phone number.
             FirebaseError: If an error occurs while retrieving the user.
         """
         response = self._user_manager.get_user(phone_number=phone_number)
@@ -423,6 +448,7 @@ def generate_password_reset_link(self, email, action_code_settings=None):
 
         Raises:
             ValueError: If the provided arguments are invalid
+            EmailNotFoundError: If no user exists for the specified email address.
             FirebaseError: If an error occurs while generating the link
         """
         return self._user_manager.generate_email_action_link(
@@ -443,6 +469,7 @@ def generate_email_verification_link(self, email, action_code_settings=None):
 
         Raises:
             ValueError: If the provided arguments are invalid
+            UserNotFoundError: If no user exists for the specified email address.
             FirebaseError: If an error occurs while generating the link
         """
         return self._user_manager.generate_email_action_link(
@@ -697,7 +724,9 @@ def list_saml_provider_configs(
         """
         return self._provider_manager.list_saml_provider_configs(page_token, max_results)
 
-    def _check_jwt_revoked(self, verified_claims, exc_type, label):
+    def _check_jwt_revoked_or_disabled(self, verified_claims, exc_type, label):
         user = self.get_user(verified_claims.get('uid'))
+        if user.disabled:
+            raise _auth_utils.UserDisabledError('The user record is disabled.')
         if verified_claims.get('iat') * 1000 < user.tokens_valid_after_timestamp:
             raise exc_type('The Firebase {0} has been revoked.'.format(label))
@@ -166,9 +166,10 @@ class ProviderConfigClient:
 
     PROVIDER_CONFIG_URL = 'https://identitytoolkit.googleapis.com/v2beta1'
 
-    def __init__(self, http_client, project_id, tenant_id=None):
+    def __init__(self, http_client, project_id, tenant_id=None, url_override=None):
         self.http_client = http_client
-        self.base_url = '{0}/projects/{1}'.format(self.PROVIDER_CONFIG_URL, project_id)
+        url_prefix = url_override or self.PROVIDER_CONFIG_URL
+        self.base_url = '{0}/projects/{1}'.format(url_prefix, project_id)
         if tenant_id:
             self.base_url += '/tenants/{0}'.format(tenant_id)