Skip auth check when emulating task queue function. (#1154)

Fixes #1146
firebase · Jun 22, 2022 · 3737898 · 3737898
1 parent 76e0afd
commit 3737898
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 13 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1 +1,2 @@
 - Adds RTDB Triggers for v2 functions (#1127)
+- Fixes bug where emulated task queue function required auth header (#1154)
diff --git a/spec/common/providers/tasks.spec.ts b/spec/common/providers/tasks.spec.ts
@@ -83,7 +83,7 @@ describe('onEnqueueHandler', () => {
   function mockEnqueueRequest(
     data: unknown,
     contentType: string = 'application/json',
-    context: { authorization: string } = { authorization: 'Bearer abc' }
+    context: { authorization?: string } = { authorization: 'Bearer abc' }
   ): ReturnType<typeof mockRequest> {
     return mockRequest(data, contentType, context);
   }
@@ -239,4 +239,24 @@ describe('onEnqueueHandler', () => {
       expectedStatus: 204,
     });
   });
+
+  it('should skip auth in emulated environment', async () => {
+    const restore = process.env.FUNCTIONS_EMULATOR;
+    process.env.FUNCTIONS_EMULATOR = 'true';
+
+    await runTaskTest({
+      httpRequest: mockEnqueueRequest(null, 'application/json', {}),
+      expectedData: null,
+      taskFunction: (data, context) => {
+        expect(context.auth).to.be.undefined;
+        return null;
+      },
+      taskFunction2: (request) => {
+        expect(request.auth).to.be.undefined;
+      },
+      expectedStatus: 204,
+    });
+
+    process.env.FUNCTIONS_EMULATOR = restore;
+  });
 });
diff --git a/src/common/providers/tasks.ts b/src/common/providers/tasks.ts
@@ -117,20 +117,21 @@ export function onDispatchHandler<Req = any>(
         throw new https.HttpsError('invalid-argument', 'Bad Request');
       }
 
-      const authHeader = req.header('Authorization') || '';
-      const token = authHeader.match(/^Bearer (.*)$/)?.[1];
-      // Note: this should never happen since task queue functions are guarded by IAM.
-      if (!token) {
-        throw new https.HttpsError('unauthenticated', 'Unauthenticated');
-      }
-      // We skip authenticating the token since tq functions are guarded by IAM.
-      const authToken = await https.unsafeDecodeIdToken(token);
-      const context: TaskContext = {
-        auth: {
+      const context: TaskContext = {};
+      if (!process.env.FUNCTIONS_EMULATOR) {
+        const authHeader = req.header('Authorization') || '';
+        const token = authHeader.match(/^Bearer (.*)$/)?.[1];
+        // Note: this should never happen since task queue functions are guarded by IAM.
+        if (!token) {
+          throw new https.HttpsError('unauthenticated', 'Unauthenticated');
+        }
+        // We skip authenticating the token since tq functions are guarded by IAM.
+        const authToken = await https.unsafeDecodeIdToken(token);
+        context.auth = {
           uid: authToken.uid,
           token: authToken,
-        },
-      };
+        };
+      }
 
       const data: Req = https.decode(req.body.data);
       if (handler.length === 2) {