Adds validation for id_token and access_token (#2878)

flovilmart · web-flow · commit d8ba9e8b7d2f · 2016-10-17T12:44:24.000-04:00
* ADds validation for id_token and access_token

* nit
diff --git a/src/authDataManager/google.js b/src/authDataManager/google.js
@@ -2,11 +2,22 @@
 var https = require('https');
 var Parse = require('parse/node').Parse;
 
-// Returns a promise that fulfills iff this user id is valid.
-function validateAuthData(authData) {
-  return request("tokeninfo?id_token="+authData.access_token)
+function validateIdToken(id, token) {
+  return request("tokeninfo?id_token="+token)
+    .then((response) => {
+      if (response && response.sub == id) {
+        return;
+      }
+      throw new Parse.Error(
+        Parse.Error.OBJECT_NOT_FOUND,
+        'Google auth is invalid for this user.');
+    });
+}
+
+function validateAuthToken(id, token) {
+  return request("tokeninfo?access_token="+token)
     .then((response) => {
-      if (response && response.sub == authData.id) {
+      if (response && response.user_id == id) {
         return;
       }
       throw new Parse.Error(
@@ -15,7 +26,22 @@ function validateAuthData(authData) {
     });
 }
 
-// Returns a promise that fulfills iff this app id is valid.
+// Returns a promise that fulfills if this user id is valid.
+function validateAuthData(authData) {
+  if (authData.id_token) {
+    return validateIdToken(authData.id, authData.id_token); 
+  } else {
+    return validateAuthToken(authData.id, authData.access_token).then(() => {
+      // Validation with auth token worked
+      return;
+    }, () => {
+      // Try with the id_token param
+      return validateIdToken(authData.id, authData.access_token);
+    });
+  }
+}
+
+// Returns a promise that fulfills if this app id is valid.
 function validateAppId() {
   return Promise.resolve();
 }
