From 18666619fea27a57e925ede05cf34768c3983539 Mon Sep 17 00:00:00 2001 From: Joe Hanley Date: Thu, 21 Jul 2022 10:00:38 -0700 Subject: [PATCH] PR fixes from #1812 --- src/app/credential-internal.ts | 10 ++++++++-- src/functions/functions-api-client-internal.ts | 2 +- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/src/app/credential-internal.ts b/src/app/credential-internal.ts index 569bc05899..dd9f23aeab 100644 --- a/src/app/credential-internal.ts +++ b/src/app/credential-internal.ts @@ -21,7 +21,7 @@ import path = require('path'); import { Agent } from 'http'; import { Credential, GoogleOAuthAccessToken } from './credential'; -import { AppErrorCodes, FirebaseAppError } from '../utils/error'; +import { AppErrorCodes, FirebaseAppError, FirebaseError } from '../utils/error'; import { HttpClient, HttpRequestConfig, HttpError, HttpResponse } from '../utils/api-request'; import * as util from '../utils/validator'; @@ -437,7 +437,13 @@ function requestAccessToken(client: HttpClient, request: HttpRequestConfig): Pro */ function requestIDToken(client: HttpClient, request: HttpRequestConfig): Promise { return client.send(request).then((resp) => { - return resp.text || ''; + if (!resp.text) { + throw new FirebaseAppError( + AppErrorCodes.INVALID_CREDENTIAL, + `Unexpected response while fetching id token: response.text is undefined`, + ); + } + return resp.text; }).catch((err) => { throw new FirebaseAppError(AppErrorCodes.INVALID_CREDENTIAL, getErrorMessage(err)); }); diff --git a/src/functions/functions-api-client-internal.ts b/src/functions/functions-api-client-internal.ts index 1ca6c9d28e..3dcbf4e3c6 100644 --- a/src/functions/functions-api-client-internal.ts +++ b/src/functions/functions-api-client-internal.ts @@ -231,7 +231,7 @@ export class FunctionsApiClient { : await this.getUrl(resources, FIREBASE_FUNCTION_URL_FORMAT); task.httpRequest.url = functionUrl; // When run from a deployed extension, we should be using ComputeEngineCredentials - if (extensionId && this.app.options.credential instanceof ComputeEngineCredential) { + if (validator.isNonEmptyString(extensionId) && this.app.options.credential instanceof ComputeEngineCredential) { const idToken = await this.app.options.credential.getIDToken(functionUrl); task.httpRequest.headers = { ...task.httpRequest.headers, 'Authorization': `Bearer ${idToken}` }; // Don't send httpRequest.oidcToken if we set Authorization header, or Cloud Tasks will overwrite it.