File tree Expand file tree Collapse file tree 3 files changed +41
-16
lines changed Expand file tree Collapse file tree 3 files changed +41
-16
lines changed Original file line number Diff line number Diff line change @@ -441,6 +441,29 @@ describe('AuthenticationProviders', function () {
441
441
expect(httpsRequest.get.calls.first().args[0].includes('appsecret_proof')).toBe(true);
442
442
});
443
443
444
+ it('should throw error when Facebook request appId is wrong data type', async () => {
445
+ const httpsRequest = require('../lib/Adapters/Auth/httpsRequest');
446
+ spyOn(httpsRequest, 'get').and.callFake(() => {
447
+ return Promise.resolve({ id: 'a' });
448
+ });
449
+ const options = {
450
+ facebook: {
451
+ appIds: 'abcd',
452
+ appSecret: 'secret_sauce',
453
+ },
454
+ };
455
+ const authData = {
456
+ access_token: 'badtoken',
457
+ };
458
+ const { adapter, appIds, providerOptions } = authenticationLoader.loadAuthAdapter(
459
+ 'facebook',
460
+ options
461
+ );
462
+ await expectAsync(adapter.validateAppId(appIds, authData, providerOptions)).toBeRejectedWith(
463
+ new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'appIds must be an array.')
464
+ );
465
+ });
466
+
444
467
it('should handle Facebook appSecret for validating auth data', async () => {
445
468
const httpsRequest = require('../lib/Adapters/Auth/httpsRequest');
446
469
spyOn(httpsRequest, 'get').and.callFake(() => {
Original file line number Diff line number Diff line change @@ -32,22 +32,23 @@ function validateGraphToken(authData, options) {
32
32
});
33
33
}
34
34
35
- function validateGraphAppId(appIds, authData, options) {
35
+ async function validateGraphAppId(appIds, authData, options) {
36
36
var access_token = authData.access_token;
37
37
if (process.env.TESTING && access_token === 'test') {
38
- return Promise.resolve();
38
+ return;
39
+ }
40
+ if (!Array.isArray(appIds)) {
41
+ throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'appIds must be an array.');
39
42
}
40
43
if (!appIds.length) {
41
44
throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Facebook auth is not configured.');
42
45
}
43
- return graphRequest(
44
- 'app?access_token=' + access_token + getAppSecretPath(authData, options)
45
- ).then(data => {
46
- if (data && appIds.indexOf(data.id) != -1) {
47
- return;
48
- }
46
+ const data = await graphRequest(
47
+ `app?access_token=${access_token}${getAppSecretPath(authData, options)}`
48
+ );
49
+ if (!data || !appIds.includes(data.id)) {
49
50
throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Facebook auth is invalid for this user.');
50
- });
51
+ }
51
52
}
52
53
53
54
const getFacebookKeyByKeyId = async (keyId, cacheMaxEntries, cacheMaxAge) => {
Original file line number Diff line number Diff line change @@ -13,17 +13,18 @@ function validateAuthData(authData) {
13
13
}
14
14
15
15
// Returns a promise that fulfills if this app id is valid.
16
- function validateAppId(appIds, authData) {
17
- var access_token = authData.access_token;
16
+ async function validateAppId(appIds, authData) {
17
+ const access_token = authData.access_token;
18
+ if (!Array.isArray(appIds)) {
19
+ throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'appIds must be an array.');
20
+ }
18
21
if (!appIds.length) {
19
22
throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Spotify auth is not configured.');
20
23
}
21
- return request('me', access_token).then(data => {
22
- if (data && appIds.indexOf(data.id) != -1) {
23
- return;
24
- }
24
+ const data = await request('me', access_token);
25
+ if (!data || !appIds.includes(data.id)) {
25
26
throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Spotify auth is invalid for this user.');
26
- });
27
+ }
27
28
}
28
29
29
30
// A promisey wrapper for Spotify API requests.
You can’t perform that action at this time.
0 commit comments