Add getIdTokenResult implementation (#3014)

Author: sam-gc

packages-exp/auth-exp/src/core/user/id_token_result.test.ts

@@ -0,0 +1,142 @@
+/**
+ * @license
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import { expect, use } from 'chai';
+import * as chaiAsPromised from 'chai-as-promised';
+import * as sinon from 'sinon';
+
+import { FirebaseError } from '@firebase/util';
+
+import { makeJWT } from '../../../test/jwt';
+import { testUser } from '../../../test/mock_auth';
+import { User } from '../../model/user';
+import { ProviderId } from '../providers';
+import { getIdTokenResult } from './id_token_result';
+
+use(chaiAsPromised);
+
+const MAY_1 = new Date('May 1, 2020');
+const MAY_2 = new Date('May 2, 2020');
+const MAY_3 = new Date('May 3, 2020');
+
+describe('/core/user/id_token_result', () => {
+  let user: User;
+
+  beforeEach(() => {
+    user = testUser('uid');
+  });
+
+  function setup(token: string): void {
+    sinon.stub(user, 'getIdToken').returns(Promise.resolve(token));
+  }
+
+  it('throws an internal error when the token is malformed', async () => {
+    setup('not.valid');
+    await expect(getIdTokenResult(user)).to.be.rejectedWith(
+      FirebaseError,
+      'Firebase: An internal AuthError has occurred. (auth/internal-error).'
+    );
+  });
+
+  it('builds the result properly w/ timestamps', async () => {
+    const token = {
+      'iat': (MAY_1.getTime() / 1000).toString(),
+      'auth_time': (MAY_2.getTime() / 1000).toString(),
+      'exp': (MAY_3.getTime() / 1000).toString()
+    };
+
+    const encodedStr = makeJWT(token);
+    setup(encodedStr);
+    const result = await getIdTokenResult(user);
+    expect(result).to.eql({
+      claims: token,
+      token: encodedStr,
+      issuedAtTime: MAY_1.toUTCString(),
+      authTime: MAY_2.toUTCString(),
+      expirationTime: MAY_3.toUTCString(),
+      signInProvider: null,
+      signInSecondFactor: null
+    });
+  });
+
+  it('sets provider and second factor if available', async () => {
+    const token = {
+      'iat': (MAY_1.getTime() / 1000).toString(),
+      'auth_time': (MAY_2.getTime() / 1000).toString(),
+      'exp': (MAY_3.getTime() / 1000).toString(),
+      'firebase': {
+        'sign_in_provider': ProviderId.GOOGLE,
+        'sign_in_second_factor': 'sure'
+      }
+    };
+
+    const encodedStr = makeJWT(token);
+    setup(encodedStr);
+    const result = await getIdTokenResult(user);
+    expect(result).to.eql({
+      claims: token,
+      token: encodedStr,
+      issuedAtTime: MAY_1.toUTCString(),
+      authTime: MAY_2.toUTCString(),
+      expirationTime: MAY_3.toUTCString(),
+      signInProvider: ProviderId.GOOGLE,
+      signInSecondFactor: 'sure'
+    });
+  });
+
+  it('errors if iat is missing', async () => {
+    const token = {
+      'auth_time': (MAY_2.getTime() / 1000).toString(),
+      'exp': (MAY_3.getTime() / 1000).toString()
+    };
+
+    const encodedStr = makeJWT(token);
+    setup(encodedStr);
+    await expect(getIdTokenResult(user)).to.be.rejectedWith(
+      FirebaseError,
+      'Firebase: An internal AuthError has occurred. (auth/internal-error).'
+    );
+  });
+
+  it('errors if auth_time is missing', async () => {
+    const token = {
+      'iat': (MAY_1.getTime() / 1000).toString(),
+      'exp': (MAY_3.getTime() / 1000).toString()
+    };
+
+    const encodedStr = makeJWT(token);
+    setup(encodedStr);
+    await expect(getIdTokenResult(user)).to.be.rejectedWith(
+      FirebaseError,
+      'Firebase: An internal AuthError has occurred. (auth/internal-error).'
+    );
+  });
+
+  it('errors if exp is missing', async () => {
+    const token = {
+      'iat': (MAY_1.getTime() / 1000).toString(),
+      'auth_time': (MAY_2.getTime() / 1000).toString()
+    };
+
+    const encodedStr = makeJWT(token);
+    setup(encodedStr);
+    await expect(getIdTokenResult(user)).to.be.rejectedWith(
+      FirebaseError,
+      'Firebase: An internal AuthError has occurred. (auth/internal-error).'
+    );
+  });
+});

packages-exp/auth-exp/src/core/user/id_token_result.ts

@@ -0,0 +1,104 @@
+/**
+ * @license
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import { base64Decode } from '@firebase/util';
+
+import { IdTokenResult, ParsedToken } from '../../model/id_token';
+import { User } from '../../model/user';
+import { ProviderId } from '../providers';
+import { assert } from '../util/assert';
+import { _logError } from '../util/log';
+
+export async function getIdTokenResult(
+  user: User,
+  forceRefresh = false
+): Promise<IdTokenResult> {
+  const token = await user.getIdToken(forceRefresh);
+  const claims = parseToken(token);
+
+  assert(
+    claims && claims.exp && claims.auth_time && claims.iat,
+    user.auth.name
+  );
+  const firebase =
+    typeof claims.firebase === 'object' ? claims.firebase : undefined;
+
+  const signInProvider: ProviderId | undefined = firebase?.[
+    'sign_in_provider'
+  ] as ProviderId;
+  assert(
+    !signInProvider || Object.values(ProviderId).includes(signInProvider),
+    user.auth.name
+  );
+
+  return {
+    claims,
+    token,
+    authTime: utcTimestampToDateString(
+      secondsStringToMilliseconds(claims.auth_time)
+    ),
+    issuedAtTime: utcTimestampToDateString(
+      secondsStringToMilliseconds(claims.iat)
+    ),
+    expirationTime: utcTimestampToDateString(
+      secondsStringToMilliseconds(claims.exp)
+    ),
+    signInProvider: signInProvider || null,
+    signInSecondFactor: firebase?.['sign_in_second_factor'] || null
+  };
+}
+
+function secondsStringToMilliseconds(seconds: string): number {
+  return Number(seconds) * 1000;
+}
+
+function utcTimestampToDateString(timestamp: string | number): string | null {
+  try {
+    const date = new Date(Number(timestamp));
+    if (!isNaN(date.getTime())) {
+      return date.toUTCString();
+    }
+  } catch {
+    // Do nothing, return null
+  }
+
+  return null;
+}
+
+function parseToken(token: string): ParsedToken | null {
+  const [algorithm, payload, signature] = token.split('.');
+  if (
+    algorithm === undefined ||
+    payload === undefined ||
+    signature === undefined
+  ) {
+    _logError('JWT malformed, contained fewer than 3 sections');
+    return null;
+  }
+
+  try {
+    const decoded = base64Decode(payload);
+    if (!decoded) {
+      _logError('Failed to decode base64 JWT payload');
+      return null;
+    }
+    return JSON.parse(decoded);
+  } catch (e) {
+    _logError('Caught error parsing JWT payload as JSON', e);
+    return null;
+  }
+}

packages-exp/auth-exp/src/core/user/user_impl.test.ts

@@ -20,6 +20,7 @@ import * as chaiAsPromised from 'chai-as-promised';
 
 import { FirebaseError } from '@firebase/util';
 
+import { makeJWT } from '../../../test/jwt';
 import { mockAuth } from '../../../test/mock_auth';
 import { IdTokenResponse } from '../../model/id_token';
 import { StsTokenManager } from './token_manager';
@@ -84,9 +85,33 @@ describe('core/user/user_impl', () => {
   });
 
   describe('#getIdTokenResult', () => {
-    it('throws', async () => {
+    // Smoke test; comprehensive tests in id_token_result.test.ts
+    it('calls through to getIdTokenResult', async () => {
+      const token = {
+        'iat': String(new Date('May 1, 2020').getTime() / 1000),
+        'auth_time': String(new Date('May 2, 2020').getTime() / 1000),
+        'exp': String(new Date('May 3, 2020').getTime() / 1000)
+      };
+
+      const jwt = makeJWT(token);
+
+      stsTokenManager.updateFromServerResponse({
+        idToken: jwt,
+        refreshToken: 'refresh-token-string',
+        expiresIn: '100000'
+      } as IdTokenResponse);
+
       const user = new UserImpl({ uid: 'uid', auth, stsTokenManager });
-      await expect(user.getIdTokenResult()).to.be.rejectedWith(Error);
+      const tokenResult = await user.getIdTokenResult();
+      expect(tokenResult).to.eql({
+        issuedAtTime: new Date('May 1, 2020').toUTCString(),
+        authTime: new Date('May 2, 2020').toUTCString(),
+        expirationTime: new Date('May 3, 2020').toUTCString(),
+        token: jwt,
+        claims: token,
+        signInProvider: null,
+        signInSecondFactor: null
+      });
     });
   });
 

packages-exp/auth-exp/src/core/user/user_impl.ts

@@ -21,6 +21,7 @@ import { User } from '../../model/user';
 import { PersistedBlob } from '../persistence';
 import { ProviderId } from '../providers';
 import { assert } from '../util/assert';
+import { getIdTokenResult } from './id_token_result';
 import { reload } from './reload';
 import { StsTokenManager } from './token_manager';
 
@@ -78,22 +79,18 @@ export class UserImpl implements User {
     const tokens = await this.stsTokenManager.getToken(this.auth, forceRefresh);
     assert(tokens, this.auth.name);
 
-    // TODO: remove ! after #2934 is merged --
-    const { refreshToken, accessToken /* wasRefreshed */ } = tokens!;
+    const { refreshToken, accessToken, wasRefreshed } = tokens;
     this.refreshToken = refreshToken || '';
 
-    // TODO: Uncomment after #2961 is merged
-    // if (wasRefreshed && this.auth.currentUser === this) {
-    //   this.auth._notifyListeners();
-    // }
+    if (wasRefreshed && this.auth.currentUser === this) {
+      this.auth._notifyStateListeners();
+    }
 
     return accessToken;
   }
 
-  async getIdTokenResult(forceRefresh?: boolean): Promise<IdTokenResult> {
-    await this.getIdToken(forceRefresh);
-    // TODO: Parse token
-    throw new Error('Method not implemented');
+  getIdTokenResult(forceRefresh?: boolean): Promise<IdTokenResult> {
+    return getIdTokenResult(this, forceRefresh);
   }
 
   reload(): Promise<void> {

packages-exp/auth-exp/src/model/id_token.d.ts

@@ -78,12 +78,21 @@ export interface APIMFAInfo {
  */
 export interface IdTokenResult {
   token: string;
-  authTime: string;
-  expirationTime: string;
-  issuedAtTime: string;
+  authTime: string | null;
+  expirationTime: string | null;
+  issuedAtTime: string | null;
   signInProvider: ProviderId | null;
   signInSecondFactor: string | null;
-  claims: {
-    [claim: string]: string;
+  claims: ParsedToken;
+}
+
+export interface ParsedToken {
+  'exp'?: string;
+  'auth_time'?: string;
+  'iat'?: string;
+  'firebase'?: {
+    'sign_in_provider'?: string;
+    'sign_in_second_factor'?: string;
   };
+  [key: string]: string | object | undefined;
 }

packages-exp/auth-exp/test/jwt.ts

@@ -0,0 +1,23 @@
+/**
+ * @license
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import { base64Encode } from '@firebase/util';
+
+export function makeJWT(claims: object): string {
+  const payload = base64Encode(JSON.stringify(claims));
+  return `algorithm.${payload}.signature`;
+}