From 8ba829fd8e694db58b6209c90a5468e8a65cc30e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miroslav=20Svi=CC=81tok?= Date: Tue, 5 Oct 2021 09:41:39 +0200 Subject: [PATCH] Do not break Google sign-in in case of invalid auth_code and valid id_token --- src/api/GoogleTokenSignInHandler.php | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/src/api/GoogleTokenSignInHandler.php b/src/api/GoogleTokenSignInHandler.php index a18b283..70258c9 100644 --- a/src/api/GoogleTokenSignInHandler.php +++ b/src/api/GoogleTokenSignInHandler.php @@ -13,6 +13,9 @@ use Crm\UsersModule\Repository\UsersRepository; use Nette\Database\Table\IRow; use Nette\Http\Response; +use Nette\Utils\Json; +use Tracy\Debugger; +use Tracy\ILogger; /** * Implements validation of Google Token ID @@ -99,17 +102,12 @@ public function handle(ApiAuthorizationInterface $authorization): ?JsonResponse if ($gsiAuthCode) { $creds = $this->googleSignIn->exchangeAuthCode($gsiAuthCode); if (!isset($creds['id_token']) || !isset($creds['access_token'])) { - $response = new JsonResponse([ - 'status' => 'error', - 'code' => 'invalid_auth_code', - 'message' => 'Unable to exchange auth code for access_token and id_token', - ]); - $response->setHttpCode(Response::S400_BAD_REQUEST); - return $response; + // do not break login process if access_token is invalid (and id_token possibly valid) + Debugger::log('Unable to exchange auth code for access_token and id_token, creds: ' . Json::encode($creds), ILogger::ERROR); + } else { + $idToken = $creds['id_token']; + $gsiAccessToken = $creds['access_token']; } - - $idToken = $creds['id_token']; - $gsiAccessToken = $creds['access_token']; } $user = $this->googleSignIn->signInUsingIdToken($idToken, $gsiAccessToken);