joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use the correct function when validating google auth tokens (#5018)

Browse Source 
* Use the correct function when validating google auth tokens

httpsRequest.request expects the param postData and has no default value
or validation to check if it is missing before using it. As a result, an
error `TypeError: First argument must be a string or Buffer` is
thrown when an attempt is made to authenticate with Google.

A quick check on the LinkedIn, FB, and twitter authentication adapters
shows they are using httpsRequest.get for their validation calls.

* Correct google auth adapter tests
This commit is contained in:
orette
2018-08-30 20:17:46 -04:00
committed by Florent Vilmart
parent 8c0a4430e0
commit c7357ed109
2 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
spec/AuthenticationAdapters.spec.js
View File

@@ -430,35 +430,35 @@ describe('google auth adapter', () => {
const httpsRequest = require('../lib/Adapters/Auth/httpsRequest'); const httpsRequest = require('../lib/Adapters/Auth/httpsRequest');
it('should use id_token for validation is passed', async () => { it('should use id_token for validation is passed', async () => {
spyOn(httpsRequest, 'request').and.callFake(() => { spyOn(httpsRequest, 'get').and.callFake(() => {
return Promise.resolve({ sub: 'userId' }); return Promise.resolve({ sub: 'userId' });
}); });
await google.validateAuthData({ id: 'userId', id_token: 'the_token' }, {}); await google.validateAuthData({ id: 'userId', id_token: 'the_token' }, {});
}); });
it('should use id_token for validation is passed and responds with user_id', async () => { it('should use id_token for validation is passed and responds with user_id', async () => {
spyOn(httpsRequest, 'request').and.callFake(() => { spyOn(httpsRequest, 'get').and.callFake(() => {
return Promise.resolve({ user_id: 'userId' }); return Promise.resolve({ user_id: 'userId' });
}); });
await google.validateAuthData({ id: 'userId', id_token: 'the_token' }, {}); await google.validateAuthData({ id: 'userId', id_token: 'the_token' }, {});
}); });
it('should use access_token for validation is passed and responds with user_id', async () => { it('should use access_token for validation is passed and responds with user_id', async () => {
spyOn(httpsRequest, 'request').and.callFake(() => { spyOn(httpsRequest, 'get').and.callFake(() => {
return Promise.resolve({ user_id: 'userId' }); return Promise.resolve({ user_id: 'userId' });
}); });
await google.validateAuthData({ id: 'userId', access_token: 'the_token' }, {}); await google.validateAuthData({ id: 'userId', access_token: 'the_token' }, {});
}); });
it('should use access_token for validation is passed with sub', async () => { it('should use access_token for validation is passed with sub', async () => {
spyOn(httpsRequest, 'request').and.callFake(() => { spyOn(httpsRequest, 'get').and.callFake(() => {
return Promise.resolve({ sub: 'userId' }); return Promise.resolve({ sub: 'userId' });
}); });
await google.validateAuthData({ id: 'userId', id_token: 'the_token' }, {}); await google.validateAuthData({ id: 'userId', id_token: 'the_token' }, {});
}); });
it('should fail when the id_token is invalid', async () => { it('should fail when the id_token is invalid', async () => {
spyOn(httpsRequest, 'request').and.callFake(() => { spyOn(httpsRequest, 'get').and.callFake(() => {
return Promise.resolve({ sub: 'badId' }); return Promise.resolve({ sub: 'badId' });
}); });
try { try {
@@ -470,7 +470,7 @@ describe('google auth adapter', () => {
}); });
it('should fail when the access_token is invalid', async () => { it('should fail when the access_token is invalid', async () => {
spyOn(httpsRequest, 'request').and.callFake(() => { spyOn(httpsRequest, 'get').and.callFake(() => {
return Promise.resolve({ sub: 'badId' }); return Promise.resolve({ sub: 'badId' });
}); });
try { try {

2
src/Adapters/Auth/google.js
View File

@@ -48,7 +48,7 @@ function validateAppId() {
// A promisey wrapper for api requests // A promisey wrapper for api requests
function googleRequest(path) { function googleRequest(path) {
return httpsRequest.request("https://www.googleapis.com/oauth2/v3/" + path); return httpsRequest.get("https://www.googleapis.com/oauth2/v3/" + path);
} }
module.exports = { module.exports = {