diff --git a/.changeset/fluffy-carrots-jam.md b/.changeset/fluffy-carrots-jam.md new file mode 100644 index 00000000000..1664c667790 --- /dev/null +++ b/.changeset/fluffy-carrots-jam.md @@ -0,0 +1,5 @@ +--- +"@firebase/auth": patch +--- + +Decode UTF-8 in ID Token. Fix #4174. diff --git a/packages/auth/gulpfile.js b/packages/auth/gulpfile.js index cc4cca0a2e7..aa9e76b8de3 100644 --- a/packages/auth/gulpfile.js +++ b/packages/auth/gulpfile.js @@ -1,6 +1,6 @@ /** * @license - * Copyright 2017 Google Inc. + * Copyright 2017 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -114,7 +114,7 @@ gulp.task('serve', () => { ); app.use(express.static(__dirname)); - app.listen(4000); + app.listen(4001); }); gulp.task('default', gulp.parallel('cjs', 'esm')); diff --git a/packages/auth/protractor_spec.js b/packages/auth/protractor_spec.js index 27dbbf72e7d..9fc09df4055 100644 --- a/packages/auth/protractor_spec.js +++ b/packages/auth/protractor_spec.js @@ -1,6 +1,6 @@ /** * @license - * Copyright 2017 Google Inc. + * Copyright 2017 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -17,7 +17,7 @@ var allTests = require('./generated/all_tests'); -var TEST_SERVER = 'http://localhost:4000'; +var TEST_SERVER = 'http://localhost:4001'; var FLAKY_TEST_RETRIAL = 3; diff --git a/packages/auth/src/idtoken.js b/packages/auth/src/idtoken.js index 27abe52c28a..4a87364b6a6 100644 --- a/packages/auth/src/idtoken.js +++ b/packages/auth/src/idtoken.js @@ -21,6 +21,7 @@ goog.provide('fireauth.IdToken'); +goog.require('goog.crypt'); goog.require('goog.crypt.base64'); @@ -244,7 +245,9 @@ fireauth.IdToken.parseIdTokenClaims = function(tokenString) { jsonInfo += '.'; } try { - const token = JSON.parse(goog.crypt.base64.decodeString(jsonInfo, true)); + const decodedClaims = goog.crypt.utf8ByteArrayToString( + goog.crypt.base64.decodeStringToByteArray(jsonInfo)); + const token = JSON.parse(decodedClaims); return /** @type {?Object} */ (token); } catch (e) {} return null; diff --git a/packages/auth/test/idtoken_test.js b/packages/auth/test/idtoken_test.js index ffc14a14de9..ec63dd8e680 100644 --- a/packages/auth/test/idtoken_test.js +++ b/packages/auth/test/idtoken_test.js @@ -147,6 +147,34 @@ var tokenCustomClaim = 'HEAD.eyJpc3MiOiJodHRwczovL3NlY3VyZXRva2VuLmdvb2dsZS5j' + 'bl9pbl9wcm92aWRlciI6InBhc3N3b3JkIn19.SIGNATURE'; +// "iss": "https://securetoken.google.com/projectId", +// "name": "John Doe", +// "role": "Админ", // <---- Note non-ascii characters here +// "aud": "projectId", +// "auth_time": 1522715325, +// "sub": "nep2uwNCK4PqjvoKjb0InVJHlGi1", +// "iat": 1522776807, +// "exp": 1522780575, +// "email": "testuser@gmail.com", +// "email_verified": true, +// "firebase": { +// "identities": { +// "email": [ +// "testuser@gmail.com" +// ] +// }, +// "sign_in_provider": "custom" +// } +var tokenCustomClaimWithUnicodeChar = 'HEAD.eyJpc3MiOiJodHRwczovL3NlY3VyZXRv' + + 'a2VuLmdvb2dsZS5jb20vcHJvamVjdElkIiwibmFtZSI6IkpvaG4gRG9lIiwicm9sZSI6ItC' + + 'Q0LTQvNC40L0iLCJhdWQiOiJwcm9qZWN0SWQiLCJhdXRoX3RpbWUiOjE1MjI3MTUzMjUsIn' + + 'N1YiI6Im5lcDJ1d05DSzRQcWp2b0tqYjBJblZKSGxHaTEiLCJpYXQiOjE1MjI3NzY4MDcsI' + + 'mV4cCI6MTUyMjc4MDU3NSwiZW1haWwiOiJ0ZXN0dXNlckBnbWFpbC5jb20iLCJlbWFpbF92' + + 'ZXJpZmllZCI6dHJ1ZSwiZmlyZWJhc2UiOnsiaWRlbnRpdGllcyI6eyJlbWFpbCI6WyJ0ZXN' + + '0dXNlckBnbWFpbC5jb20iXX0sInNpZ25faW5fcHJvdmlkZXIiOiJjdXN0b20ifX0=.SIGNA' + + 'TURE'; + + // "iss": "https://securetoken.google.com/projectId", // "name": "John Doe", // "aud": "projectId", @@ -405,3 +433,31 @@ function testParseIdTokenClaims_customClaims() { }, tokenJSON); } + + +function testParseIdTokenClaims_tokenCustomClaimWithUnicodeChar() { + const tokenJSON = fireauth.IdToken.parseIdTokenClaims( + tokenCustomClaimWithUnicodeChar); + assertObjectEquals( + { + 'iss': 'https://securetoken.google.com/projectId', + 'name': 'John Doe', + 'role': 'Админ', + 'aud': 'projectId', + 'auth_time': 1522715325, + 'sub': 'nep2uwNCK4PqjvoKjb0InVJHlGi1', + 'iat': 1522776807, + 'exp': 1522780575, + 'email': "testuser@gmail.com", + 'email_verified': true, + 'firebase': { + 'identities': { + 'email': [ + 'testuser@gmail.com' + ] + }, + 'sign_in_provider': 'custom' + } + }, + tokenJSON); +}