From c7357ed1095d5cbc2be2211ac3e483076bdeac6f Mon Sep 17 00:00:00 2001 From: orette Date: Thu, 30 Aug 2018 20:17:46 -0400 Subject: [PATCH] Use the correct function when validating google auth tokens (#5018) * Use the correct function when validating google auth tokens httpsRequest.request expects the param postData and has no default value or validation to check if it is missing before using it. As a result, an error `TypeError: First argument must be a string or Buffer` is thrown when an attempt is made to authenticate with Google. A quick check on the LinkedIn, FB, and twitter authentication adapters shows they are using httpsRequest.get for their validation calls. * Correct google auth adapter tests --- spec/AuthenticationAdapters.spec.js | 12 ++++++------ src/Adapters/Auth/google.js | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/spec/AuthenticationAdapters.spec.js b/spec/AuthenticationAdapters.spec.js index b63a5136..3819028e 100644 --- a/spec/AuthenticationAdapters.spec.js +++ b/spec/AuthenticationAdapters.spec.js @@ -430,35 +430,35 @@ describe('google auth adapter', () => { const httpsRequest = require('../lib/Adapters/Auth/httpsRequest'); it('should use id_token for validation is passed', async () => { - spyOn(httpsRequest, 'request').and.callFake(() => { + spyOn(httpsRequest, 'get').and.callFake(() => { return Promise.resolve({ sub: 'userId' }); }); await google.validateAuthData({ id: 'userId', id_token: 'the_token' }, {}); }); it('should use id_token for validation is passed and responds with user_id', async () => { - spyOn(httpsRequest, 'request').and.callFake(() => { + spyOn(httpsRequest, 'get').and.callFake(() => { return Promise.resolve({ user_id: 'userId' }); }); await google.validateAuthData({ id: 'userId', id_token: 'the_token' }, {}); }); it('should use access_token for validation is passed and responds with user_id', async () => { - spyOn(httpsRequest, 'request').and.callFake(() => { + spyOn(httpsRequest, 'get').and.callFake(() => { return Promise.resolve({ user_id: 'userId' }); }); await google.validateAuthData({ id: 'userId', access_token: 'the_token' }, {}); }); it('should use access_token for validation is passed with sub', async () => { - spyOn(httpsRequest, 'request').and.callFake(() => { + spyOn(httpsRequest, 'get').and.callFake(() => { return Promise.resolve({ sub: 'userId' }); }); await google.validateAuthData({ id: 'userId', id_token: 'the_token' }, {}); }); it('should fail when the id_token is invalid', async () => { - spyOn(httpsRequest, 'request').and.callFake(() => { + spyOn(httpsRequest, 'get').and.callFake(() => { return Promise.resolve({ sub: 'badId' }); }); try { @@ -470,7 +470,7 @@ describe('google auth adapter', () => { }); it('should fail when the access_token is invalid', async () => { - spyOn(httpsRequest, 'request').and.callFake(() => { + spyOn(httpsRequest, 'get').and.callFake(() => { return Promise.resolve({ sub: 'badId' }); }); try { diff --git a/src/Adapters/Auth/google.js b/src/Adapters/Auth/google.js index a042aeee..89b0dcf5 100644 --- a/src/Adapters/Auth/google.js +++ b/src/Adapters/Auth/google.js @@ -48,7 +48,7 @@ function validateAppId() { // A promisey wrapper for api requests function googleRequest(path) { - return httpsRequest.request("https://www.googleapis.com/oauth2/v3/" + path); + return httpsRequest.get("https://www.googleapis.com/oauth2/v3/" + path); } module.exports = {