Handle null auth events from the iframe (#3818)

sam-gc · avolkovi · commit b66a0ce090f6 · 2020-09-30T11:22:52.000-07:00
* Add handling of null auth events

* Formatting
diff --git a/packages-exp/auth-exp/src/platform_browser/popup_redirect.test.ts b/packages-exp/auth-exp/src/platform_browser/popup_redirect.test.ts
@@ -247,6 +247,26 @@ describe('src/platform_browser/popup_redirect', () => {
       });
     });
 
+    it('errors with invalid event if null event', async () => {
+      const manager = (await resolver._initialize(auth)) as AuthEventManager;
+      sinon.stub(manager, 'onEvent').returns(true);
+
+      expect(() =>
+        onIframeMessage({
+          type: 'authEvent',
+          authEvent: (null as unknown) as AuthEvent
+        })
+      ).to.throw(FirebaseError, 'auth/invalid-auth-event');
+    });
+
+    it('errors with invalid event if everything is null', async () => {
+      const manager = (await resolver._initialize(auth)) as AuthEventManager;
+      sinon.stub(manager, 'onEvent').returns(true);
+      expect(() =>
+        onIframeMessage((null as unknown) as GapiAuthEvent)
+      ).to.throw(FirebaseError, 'auth/invalid-auth-event');
+    });
+
     it('returns error to the iframe if the event was not handled', async () => {
       const manager = (await resolver._initialize(auth)) as AuthEventManager;
       sinon.stub(manager, 'onEvent').returns(false);
diff --git a/packages-exp/auth-exp/src/platform_browser/popup_redirect.ts b/packages-exp/auth-exp/src/platform_browser/popup_redirect.ts
@@ -111,9 +111,13 @@ class BrowserPopupRedirectResolver implements PopupRedirectResolver {
     const manager = new AuthEventManager(auth.name);
     iframe.register<GapiAuthEvent>(
       'authEvent',
-      ({ authEvent }: GapiAuthEvent) => {
+      (iframeEvent: GapiAuthEvent | null) => {
+        assert(iframeEvent?.authEvent, AuthErrorCode.INVALID_AUTH_EVENT, {
+          appName: auth.name
+        });
         // TODO: Consider splitting redirect and popup events earlier on
-        const handled = manager.onEvent(authEvent);
+
+        const handled = manager.onEvent(iframeEvent.authEvent);
         return { status: handled ? GapiOutcome.ACK : GapiOutcome.ERROR };
       },
       gapi.iframes.CROSS_ORIGIN_IFRAMES_FILTER
