From 7951e66d6a9bbd4032cb60b5deb13a8157987db1 Mon Sep 17 00:00:00 2001
From: Florent Vilmart <florentvilmart@me.com>
Date: Mon, 17 Oct 2016 11:44:15 -0400
Subject: [PATCH 1/2] ADds validation for id_token and access_token

---
 src/authDataManager/google.js | 34 ++++++++++++++++++++++++++++++----
 1 file changed, 30 insertions(+), 4 deletions(-)

diff --git a/src/authDataManager/google.js b/src/authDataManager/google.js
index ee82d278bd..32f1148f96 100644
--- a/src/authDataManager/google.js
+++ b/src/authDataManager/google.js
@@ -2,11 +2,22 @@
 var https = require('https');
 var Parse = require('parse/node').Parse;
 
-// Returns a promise that fulfills iff this user id is valid.
-function validateAuthData(authData) {
-  return request("tokeninfo?id_token="+authData.access_token)
+function validateIdToken(id, token) {
+  return request("tokeninfo?id_token="+token)
+    .then((response) => {
+      if (response && response.sub == id) {
+        return;
+      }
+      throw new Parse.Error(
+        Parse.Error.OBJECT_NOT_FOUND,
+        'Google auth is invalid for this user.');
+    });
+}
+
+function validateAuthToken(id, token) {
+  return request("tokeninfo?access_token="+token)
     .then((response) => {
-      if (response && response.sub == authData.id) {
+      if (response && response.user_id == id) {
         return;
       }
       throw new Parse.Error(
@@ -15,6 +26,21 @@ function validateAuthData(authData) {
     });
 }
 
+// Returns a promise that fulfills iff this user id is valid.
+function validateAuthData(authData) {
+  if (authData.id_token) {
+    return validateIdToken(authData.id, authData.id_token); 
+  } else {
+    return validateAuthToken(authData.id, authData.access_token).then(() => {
+      // Validation with auth token worked
+      return;
+    }, () => {
+      // Try with the id_token param
+      return validateIdToken(authData.id, authData.access_token);
+    });
+  }
+}
+
 // Returns a promise that fulfills iff this app id is valid.
 function validateAppId() {
   return Promise.resolve();

From ebb71110821c093d219e772f477e6892108195ba Mon Sep 17 00:00:00 2001
From: Florent Vilmart <florentvilmart@me.com>
Date: Mon, 17 Oct 2016 12:15:25 -0400
Subject: [PATCH 2/2] nit

---
 src/authDataManager/google.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/authDataManager/google.js b/src/authDataManager/google.js
index 32f1148f96..7fd066a59d 100644
--- a/src/authDataManager/google.js
+++ b/src/authDataManager/google.js
@@ -26,7 +26,7 @@ function validateAuthToken(id, token) {
     });
 }
 
-// Returns a promise that fulfills iff this user id is valid.
+// Returns a promise that fulfills if this user id is valid.
 function validateAuthData(authData) {
   if (authData.id_token) {
     return validateIdToken(authData.id, authData.id_token); 
@@ -41,7 +41,7 @@ function validateAuthData(authData) {
   }
 }
 
-// Returns a promise that fulfills iff this app id is valid.
+// Returns a promise that fulfills if this app id is valid.
 function validateAppId() {
   return Promise.resolve();
 }