Add back a google verification for old access_token

Author: SebC99

src/Adapters/Auth/google.js

@@ -5,6 +5,7 @@ var Parse = require('parse/node').Parse;
 
 const https = require('https');
 const jwt = require('jsonwebtoken');
+const httpsRequest = require('./httpsRequest');
 
 const TOKEN_ISSUER = 'accounts.google.com';
 const HTTPS_TOKEN_ISSUER = 'https://accounts.google.com';
@@ -25,7 +26,7 @@ function getGoogleKeyByKeyId(keyId) {
           data += chunk.toString('utf8');
         });
         res.on('end', () => {
-          const { keys } = JSON.parse(data);
+          const {keys} = JSON.parse(data);
           const pems = keys.reduce(
             (pems, { n: modulus, e: exposant, kid }) =>
               Object.assign(pems, {
@@ -54,7 +55,7 @@ function getGoogleKeyByKeyId(keyId) {
 }
 
 function getHeaderFromToken(token) {
-  const decodedToken = jwt.decode(token, { complete: true });
+  const decodedToken = jwt.decode(token, {complete: true});
 
   if (!decodedToken) {
     throw new Parse.Error(
@@ -66,7 +67,7 @@ function getHeaderFromToken(token) {
   return decodedToken.header;
 }
 
-async function verifyIdToken({ id_token: token, id }, { clientId }) {
+async function verifyIdToken({id_token: token, id}, {clientId}) {
   if (!token) {
     throw new Parse.Error(
       Parse.Error.OBJECT_NOT_FOUND,
@@ -112,9 +113,34 @@ async function verifyIdToken({ id_token: token, id }, { clientId }) {
   return jwtClaims;
 }
 
+// Old way to validate an auth_token, only used for development purpose
+function validateAuthToken({id,access_token}) {
+  return googleRequest('tokeninfo?access_token=' + access_token).then(response => {
+    if (response && (response.sub == id || response.user_id == id)) {
+      return;
+    }
+    throw new Parse.Error(
+      Parse.Error.OBJECT_NOT_FOUND, 'Google auth is invalid for this user.');
+  });
+}
+
 // Returns a promise that fulfills if this user id is valid.
-function validateAuthData(authData, options = {}) {
-  return verifyIdToken(authData, options);
+function validateAuthData({id, id_token, access_token}, options) {
+  // Returns a promise that fulfills if this user id is valid.
+  if (id_token) {
+    return verifyIdToken({id, id_token}, options);
+  } else {
+    return validateAuthToken({id, access_token}).then(
+      () => {
+        // Validation with auth token worked
+        return;
+      },
+      () => {
+        // Try with the id_token param
+        return verifyIdToken({id, id_token: access_token}, options);
+      }
+    );
+  }
 }
 
 // Returns a promise that fulfills if this app id is valid.
@@ -124,9 +150,10 @@ function validateAppId() {
 
 module.exports = {
   validateAppId: validateAppId,
-  validateAuthData: validateAuthData,
+  validateAuthData: validateAuthData
 };
 
+
 // Helpers functions to convert the RSA certs to PEM (from jwks-rsa)
 function rsaPublicKeyToPEM(modulusB64, exponentB64) {
   const modulus = new Buffer(modulusB64, 'base64');
@@ -182,3 +209,8 @@ function encodeLengthHex(n) {
   const lengthOfLengthByte = 128 + nHex.length / 2;
   return toHex(lengthOfLengthByte) + nHex;
 }
+
+// A promisey wrapper for api requests
+function googleRequest(path) {
+  return httpsRequest.get('https://www.googleapis.com/oauth2/v3/' + path);
+}