joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(auth): Properly handle google token issuer (#6836)

Browse Source 
* Updated TOKEN_ISSUER to 'accounts.google.com'

Hi, I was getting this issue from today morning parse-server/Adapters/Auth/google.js was expecting the TOKEN_ISSUER to be prefixed with https:// but on debugging the original value was not having the prefix, removing https:// from TOKEN_ISSUER solved this bug. This issue is introduced in 4.3.0 as in 4.2.0 it is working fine currently I have downgraded the version to 4.2.0 for it to work properly and suggesting the changes please merge this PR.

* Update google.js

* Update AuthenticationAdapters.spec.js

* Update google.js

* Update google.js
This commit is contained in:
Arjun Vedak
2020-07-29 20:25:59 +05:30
committed by GitHub
parent 92afcca4ee
commit 42f75d6d94
2 changed files with 5 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
spec/AuthenticationAdapters.spec.js
View File

@@ -701,7 +701,7 @@ describe('google auth adapter', () => {
fail();
} catch (e) {
expect(e.message).toBe(
'id token not issued by correct provider - expected: https://accounts.google.com | from: https://not.google.com'
'id token not issued by correct provider - expected: accounts.google.com or https://accounts.google.com | from: https://not.google.com'
);
}
});

7
src/Adapters/Auth/google.js
View File

@@ -6,7 +6,8 @@ var Parse = require('parse/node').Parse;
const https = require('https');
const jwt = require('jsonwebtoken');
const TOKEN_ISSUER = 'https://accounts.google.com';
const TOKEN_ISSUER = 'accounts.google.com';
const HTTPS_TOKEN_ISSUER = 'https://accounts.google.com';
let cache = {};
@@ -67,8 +68,8 @@ async function verifyIdToken({id_token: token, id}, {clientId}) {
throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `${message}`);
}
if (jwtClaims.iss !== TOKEN_ISSUER) {
throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `id token not issued by correct provider - expected: ${TOKEN_ISSUER} | from: ${jwtClaims.iss}`);
if (jwtClaims.iss !== TOKEN_ISSUER && jwtClaims.iss !== HTTPS_TOKEN_ISSUER) {
throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `id token not issued by correct provider - expected: ${TOKEN_ISSUER} or ${HTTPS_TOKEN_ISSUER} | from: ${jwtClaims.iss}`);
}
if (jwtClaims.sub !== id) {