Skip to content

Commit 062223d

Browse files
authored
fix(auth): Support verifying tenant ID tokens in FirebaseAuth (#475)
* fix(auth): Support verifying tenant ID tokens in FirebaseAuth * fix: Fixing the error message for null tenant ID
1 parent 47d4347 commit 062223d

File tree

4 files changed

+56
-21
lines changed

4 files changed

+56
-21
lines changed

src/main/java/com/google/firebase/auth/FirebaseTokenVerifierImpl.java

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -71,7 +71,7 @@ private FirebaseTokenVerifierImpl(Builder builder) {
7171
this.docUrl = builder.docUrl;
7272
this.invalidTokenErrorCode = checkNotNull(builder.invalidTokenErrorCode);
7373
this.expiredTokenErrorCode = checkNotNull(builder.expiredTokenErrorCode);
74-
this.tenantId = Strings.nullToEmpty(builder.tenantId);
74+
this.tenantId = builder.tenantId;
7575
}
7676

7777
/**
@@ -323,11 +323,11 @@ private boolean containsLegacyUidField(IdToken.Payload payload) {
323323
}
324324

325325
private void checkTenantId(final FirebaseToken firebaseToken) throws FirebaseAuthException {
326-
String tokenTenantId = Strings.nullToEmpty(firebaseToken.getTenantId());
327-
if (!this.tenantId.equals(tokenTenantId)) {
326+
String tokenTenantId = firebaseToken.getTenantId();
327+
if (this.tenantId != null && !this.tenantId.equals(tokenTenantId)) {
328328
String message = String.format(
329329
"The tenant ID ('%s') of the token did not match the expected value ('%s')",
330-
tokenTenantId,
330+
Strings.nullToEmpty(tokenTenantId),
331331
tenantId);
332332
throw newException(message, AuthErrorCode.TENANT_ID_MISMATCH);
333333
}

src/test/java/com/google/firebase/FirebaseAppTest.java

Lines changed: 13 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -66,7 +66,7 @@
6666
import org.junit.Test;
6767
import org.mockito.Mockito;
6868

69-
/**
69+
/**
7070
* Unit tests for {@link com.google.firebase.FirebaseApp}.
7171
*/
7272
public class FirebaseAppTest {
@@ -472,16 +472,16 @@ public void testAppWithAuthVariableOverrides() {
472472
public void testEmptyFirebaseConfigFile() {
473473
setFirebaseConfigEnvironmentVariable("firebase_config_empty.json");
474474
FirebaseApp.initializeApp();
475-
}
476-
475+
}
476+
477477
@Test
478478
public void testEmptyFirebaseConfigString() {
479479
setFirebaseConfigEnvironmentVariable("");
480480
FirebaseApp firebaseApp = FirebaseApp.initializeApp();
481481
assertNull(firebaseApp.getOptions().getProjectId());
482482
assertNull(firebaseApp.getOptions().getStorageBucket());
483483
assertNull(firebaseApp.getOptions().getDatabaseUrl());
484-
assertTrue(firebaseApp.getOptions().getDatabaseAuthVariableOverride().isEmpty());
484+
assertTrue(firebaseApp.getOptions().getDatabaseAuthVariableOverride().isEmpty());
485485
}
486486

487487
@Test
@@ -542,20 +542,20 @@ public void testEnvironmentVariableIgnored() {
542542

543543
@Test
544544
public void testValidFirebaseConfigString() {
545-
setFirebaseConfigEnvironmentVariable("{"
546-
+ "\"databaseAuthVariableOverride\": {"
547-
+ "\"uid\":"
548-
+ "\"testuser\""
549-
+ "},"
550-
+ "\"databaseUrl\": \"https://hipster-chat.firebaseio.mock\","
551-
+ "\"projectId\": \"hipster-chat-mock\","
552-
+ "\"storageBucket\": \"hipster-chat.appspot.mock\""
545+
setFirebaseConfigEnvironmentVariable("{"
546+
+ "\"databaseAuthVariableOverride\": {"
547+
+ "\"uid\":"
548+
+ "\"testuser\""
549+
+ "},"
550+
+ "\"databaseUrl\": \"https://hipster-chat.firebaseio.mock\","
551+
+ "\"projectId\": \"hipster-chat-mock\","
552+
+ "\"storageBucket\": \"hipster-chat.appspot.mock\""
553553
+ "}");
554554
FirebaseApp firebaseApp = FirebaseApp.initializeApp();
555555
assertEquals("hipster-chat-mock", firebaseApp.getOptions().getProjectId());
556556
assertEquals("hipster-chat.appspot.mock", firebaseApp.getOptions().getStorageBucket());
557557
assertEquals("https://hipster-chat.firebaseio.mock", firebaseApp.getOptions().getDatabaseUrl());
558-
assertEquals("testuser",
558+
assertEquals("testuser",
559559
firebaseApp.getOptions().getDatabaseAuthVariableOverride().get("uid"));
560560
}
561561

src/test/java/com/google/firebase/auth/FirebaseTokenVerifierImplTest.java

Lines changed: 34 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -328,6 +328,17 @@ public void testMalformedToken() {
328328

329329
@Test
330330
public void testVerifyTokenWithTenantId() throws FirebaseAuthException {
331+
FirebaseTokenVerifierImpl verifier = fullyPopulatedBuilder().build();
332+
333+
FirebaseToken firebaseToken = verifier.verifyToken(createTokenWithTenantId("TENANT_1"));
334+
335+
assertEquals(TEST_TOKEN_ISSUER, firebaseToken.getIssuer());
336+
assertEquals(TestTokenFactory.UID, firebaseToken.getUid());
337+
assertEquals("TENANT_1", firebaseToken.getTenantId());
338+
}
339+
340+
@Test
341+
public void testVerifyTokenWithMatchingTenantId() throws FirebaseAuthException {
331342
FirebaseTokenVerifierImpl verifier = fullyPopulatedBuilder()
332343
.setTenantId("TENANT_1")
333344
.build();
@@ -341,11 +352,13 @@ public void testVerifyTokenWithTenantId() throws FirebaseAuthException {
341352

342353
@Test
343354
public void testVerifyTokenDifferentTenantIds() {
344-
try {
345-
fullyPopulatedBuilder()
355+
FirebaseTokenVerifierImpl verifier = fullyPopulatedBuilder()
346356
.setTenantId("TENANT_1")
347-
.build()
348-
.verifyToken(createTokenWithTenantId("TENANT_2"));
357+
.build();
358+
String token = createTokenWithTenantId("TENANT_2");
359+
360+
try {
361+
verifier.verifyToken(token);
349362
} catch (FirebaseAuthException e) {
350363
assertEquals(AuthErrorCode.TENANT_ID_MISMATCH, e.getAuthErrorCode());
351364
assertEquals(
@@ -354,6 +367,23 @@ public void testVerifyTokenDifferentTenantIds() {
354367
}
355368
}
356369

370+
@Test
371+
public void testVerifyTokenNoTenantId() {
372+
FirebaseTokenVerifierImpl verifier = fullyPopulatedBuilder()
373+
.setTenantId("TENANT_1")
374+
.build();
375+
String token = tokenFactory.createToken();
376+
377+
try {
378+
verifier.verifyToken(token);
379+
} catch (FirebaseAuthException e) {
380+
assertEquals(AuthErrorCode.TENANT_ID_MISMATCH, e.getAuthErrorCode());
381+
assertEquals(
382+
"The tenant ID ('') of the token did not match the expected value ('TENANT_1')",
383+
e.getMessage());
384+
}
385+
}
386+
357387
@Test
358388
public void testVerifyTokenMissingTenantId() {
359389
try {

src/test/java/com/google/firebase/auth/multitenancy/TenantAwareFirebaseAuthIT.java

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -261,6 +261,11 @@ public void testVerifyTokenWithWrongTenantAwareClient() throws Exception {
261261
assertEquals(AuthErrorCode.TENANT_ID_MISMATCH,
262262
((FirebaseAuthException) e.getCause()).getAuthErrorCode());
263263
}
264+
265+
// Verifies with FirebaseAuth
266+
FirebaseToken decoded = FirebaseAuth.getInstance().verifyIdToken(idToken);
267+
assertEquals("user", decoded.getUid());
268+
assertEquals(tenantId, decoded.getTenantId());
264269
}
265270

266271
@Test

0 commit comments

Comments
 (0)