Skip to content

Commit

Permalink
Add back a google verification for old access_token
Browse files Browse the repository at this point in the history
  • Loading branch information
SebC99 committed Apr 20, 2021
1 parent 94b7b32 commit 262f12e
Showing 1 changed file with 38 additions and 6 deletions.
44 changes: 38 additions & 6 deletions src/Adapters/Auth/google.js
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ var Parse = require('parse/node').Parse;

const https = require('https');
const jwt = require('jsonwebtoken');
const httpsRequest = require('./httpsRequest');

const TOKEN_ISSUER = 'accounts.google.com';
const HTTPS_TOKEN_ISSUER = 'https://accounts.google.com';
Expand All @@ -25,7 +26,7 @@ function getGoogleKeyByKeyId(keyId) {
data += chunk.toString('utf8');
});
res.on('end', () => {
const { keys } = JSON.parse(data);
const {keys} = JSON.parse(data);
const pems = keys.reduce(
(pems, { n: modulus, e: exposant, kid }) =>
Object.assign(pems, {
Expand All @@ -52,7 +53,7 @@ function getGoogleKeyByKeyId(keyId) {
}

function getHeaderFromToken(token) {
const decodedToken = jwt.decode(token, { complete: true });
const decodedToken = jwt.decode(token, {complete: true});

if (!decodedToken) {
throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `provided token does not decode as JWT`);
Expand All @@ -61,7 +62,7 @@ function getHeaderFromToken(token) {
return decodedToken.header;
}

async function verifyIdToken({ id_token: token, id }, { clientId }) {
async function verifyIdToken({id_token: token, id}, {clientId}) {
if (!token) {
throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `id token is invalid for this user.`);
}
Expand Down Expand Up @@ -101,9 +102,34 @@ async function verifyIdToken({ id_token: token, id }, { clientId }) {
return jwtClaims;
}

// Old way to validate an auth_token, only used for development purpose
function validateAuthToken({id,access_token}) {
return googleRequest('tokeninfo?access_token=' + access_token).then(response => {
if (response && (response.sub == id || response.user_id == id)) {
return;
}
throw new Parse.Error(
Parse.Error.OBJECT_NOT_FOUND, 'Google auth is invalid for this user.');
});
}

// Returns a promise that fulfills if this user id is valid.
function validateAuthData(authData, options = {}) {
return verifyIdToken(authData, options);
function validateAuthData({id, id_token, access_token}, options) {
// Returns a promise that fulfills if this user id is valid.
if (id_token) {
return verifyIdToken({id, id_token}, options);
} else {
return validateAuthToken({id, access_token}).then(
() => {
// Validation with auth token worked
return;
},
() => {
// Try with the id_token param
return verifyIdToken({id, id_token: access_token}, options);
}
);
}
}

// Returns a promise that fulfills if this app id is valid.
Expand All @@ -113,9 +139,10 @@ function validateAppId() {

module.exports = {
validateAppId: validateAppId,
validateAuthData: validateAuthData,
validateAuthData: validateAuthData
};


// Helpers functions to convert the RSA certs to PEM (from jwks-rsa)
function rsaPublicKeyToPEM(modulusB64, exponentB64) {
const modulus = new Buffer(modulusB64, 'base64');
Expand Down Expand Up @@ -169,3 +196,8 @@ function encodeLengthHex(n) {
const lengthOfLengthByte = 128 + nHex.length / 2;
return toHex(lengthOfLengthByte) + nHex;
}

// A promisey wrapper for api requests
function googleRequest(path) {
return httpsRequest.get('https://www.googleapis.com/oauth2/v3/' + path);
}

0 comments on commit 262f12e

Please sign in to comment.