Add handling of null auth events

Author: sam-gc

packages-exp/auth-exp/src/platform_browser/popup_redirect.test.ts

@@ -247,6 +247,22 @@ describe('src/platform_browser/popup_redirect', () => {
       });
     });
 
+    it('errors with invalid event if null event', async () => {
+      const manager = (await resolver._initialize(auth)) as AuthEventManager;
+      sinon.stub(manager, 'onEvent').returns(true);
+
+      expect(() => onIframeMessage({
+        type: 'authEvent',
+        authEvent: null as unknown as AuthEvent,
+      })).to.throw(FirebaseError, 'auth/invalid-auth-event');
+    });
+
+    it('errors with invalid event if everything is null', async () => {
+      const manager = (await resolver._initialize(auth)) as AuthEventManager;
+      sinon.stub(manager, 'onEvent').returns(true);
+      expect(() => onIframeMessage(null as unknown as GapiAuthEvent)).to.throw(FirebaseError, 'auth/invalid-auth-event');
+    });
+
     it('returns error to the iframe if the event was not handled', async () => {
       const manager = (await resolver._initialize(auth)) as AuthEventManager;
       sinon.stub(manager, 'onEvent').returns(false);

packages-exp/auth-exp/src/platform_browser/popup_redirect.ts

@@ -111,9 +111,11 @@ class BrowserPopupRedirectResolver implements PopupRedirectResolver {
     const manager = new AuthEventManager(auth.name);
     iframe.register<GapiAuthEvent>(
       'authEvent',
-      ({ authEvent }: GapiAuthEvent) => {
+      (iframeEvent: GapiAuthEvent|null) => {
+        assert(iframeEvent?.authEvent, AuthErrorCode.INVALID_AUTH_EVENT, {appName: auth.name});
         // TODO: Consider splitting redirect and popup events earlier on
-        const handled = manager.onEvent(authEvent);
+
+        const handled = manager.onEvent(iframeEvent.authEvent);
         return { status: handled ? GapiOutcome.ACK : GapiOutcome.ERROR };
       },
       gapi.iframes.CROSS_ORIGIN_IFRAMES_FILTER