From 42f75d6d947a86c3987042a0cc1523e553b39ae0 Mon Sep 17 00:00:00 2001
From: Arjun Vedak <arjun.vedak07@hotmail.com>
Date: Wed, 29 Jul 2020 20:25:59 +0530
Subject: [PATCH] fix(auth): Properly handle google token issuer (#6836)

* Updated TOKEN_ISSUER to 'accounts.google.com'

Hi, I was getting this issue from today morning parse-server/Adapters/Auth/google.js was expecting the TOKEN_ISSUER to be prefixed with https:// but on debugging the original value was not having the prefix, removing https:// from TOKEN_ISSUER solved this bug. This issue is introduced in 4.3.0 as in 4.2.0 it is working fine currently I have downgraded the version to 4.2.0 for it to work properly and suggesting the changes please merge this PR.

* Update google.js

* Update AuthenticationAdapters.spec.js

* Update google.js

* Update google.js
---
 spec/AuthenticationAdapters.spec.js | 2 +-
 src/Adapters/Auth/google.js         | 7 ++++---
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/spec/AuthenticationAdapters.spec.js b/spec/AuthenticationAdapters.spec.js
index 53b701f5..a4201776 100644
--- a/spec/AuthenticationAdapters.spec.js
+++ b/spec/AuthenticationAdapters.spec.js
@@ -701,7 +701,7 @@ describe('google auth adapter', () => {
       fail();
     } catch (e) {
       expect(e.message).toBe(
-        'id token not issued by correct provider - expected: https://accounts.google.com | from: https://not.google.com'
+        'id token not issued by correct provider - expected: accounts.google.com or https://accounts.google.com | from: https://not.google.com'
       );
     }
   });
diff --git a/src/Adapters/Auth/google.js b/src/Adapters/Auth/google.js
index 267aebb6..e156eb1a 100644
--- a/src/Adapters/Auth/google.js
+++ b/src/Adapters/Auth/google.js
@@ -6,7 +6,8 @@ var Parse = require('parse/node').Parse;
 const https = require('https');
 const jwt = require('jsonwebtoken');
 
-const TOKEN_ISSUER = 'https://accounts.google.com';
+const TOKEN_ISSUER = 'accounts.google.com';
+const HTTPS_TOKEN_ISSUER = 'https://accounts.google.com';
 
 let cache = {};
 
@@ -67,8 +68,8 @@ async function verifyIdToken({id_token: token, id}, {clientId}) {
     throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `${message}`);
   }
 
-  if (jwtClaims.iss !== TOKEN_ISSUER) {
-    throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `id token not issued by correct provider - expected: ${TOKEN_ISSUER} | from: ${jwtClaims.iss}`);
+  if (jwtClaims.iss !== TOKEN_ISSUER && jwtClaims.iss !== HTTPS_TOKEN_ISSUER) {
+    throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `id token not issued by correct provider - expected: ${TOKEN_ISSUER} or ${HTTPS_TOKEN_ISSUER} | from: ${jwtClaims.iss}`);
   }
 
   if (jwtClaims.sub !== id) {