From 21116161f92eda06389daaef670aa593aa588bcd Mon Sep 17 00:00:00 2001
From: Morgan Chen <morganchen12@gmail.com>
Date: Thu, 21 Jun 2018 12:10:05 -0700
Subject: Fix bad parsing of JWT dates

---
 Firebase/Auth/Source/FIRUser.m | 27 ++++++++++++++++++++-------
 1 file changed, 20 insertions(+), 7 deletions(-)

(limited to 'Firebase/Auth/Source/FIRUser.m')

diff --git a/Firebase/Auth/Source/FIRUser.m b/Firebase/Auth/Source/FIRUser.m
index 9bae744..ad0b1d4 100644
--- a/Firebase/Auth/Source/FIRUser.m
+++ b/Firebase/Auth/Source/FIRUser.m
@@ -851,9 +851,17 @@ static void callInMainThreadWithAuthDataResultAndError(
         "error" out parameter.
  */
 - (FIRAuthTokenResult *)parseIDToken:(NSString *)token error:(NSError **)error {
+  // Though this is an internal method, errors returned here are surfaced in user-visible
+  // callbacks.
   *error = nil;
   NSArray *tokenStringArray = [token componentsSeparatedByString:@"."];
 
+  // The JWT should have three parts, though we only use the second in this method.
+  if (tokenStringArray.count != 3) {
+    *error = [FIRAuthErrorUtils malformedJWTErrorWithToken:token underlyingError:nil];
+    return nil;
+  }
+
   // The token payload is always the second index of the array.
   NSString *idToken = tokenStringArray[1];
 
@@ -863,8 +871,10 @@ static void callInMainThreadWithAuthDataResultAndError(
       [[idToken stringByReplacingOccurrencesOfString:@"_" withString:@"/"] mutableCopy];
 
   // Replace "-" with "+"
-  tokenPayload =
-      [[tokenPayload stringByReplacingOccurrencesOfString:@"-" withString:@"+"] mutableCopy];
+  [tokenPayload replaceOccurrencesOfString:@"-"
+                                withString:@"+"
+                                   options:kNilOptions
+                                     range:NSMakeRange(0, tokenPayload.length)];
 
   // Pad the token payload with "=" signs if the payload's length is not a multiple of 4.
   while ((tokenPayload.length % 4) != 0) {
@@ -874,19 +884,22 @@ static void callInMainThreadWithAuthDataResultAndError(
       [[NSData alloc] initWithBase64EncodedString:tokenPayload
                                           options:NSDataBase64DecodingIgnoreUnknownCharacters];
   if (!decodedTokenPayloadData) {
-    *error = [FIRAuthErrorUtils unexpectedResponseWithDeserializedResponse:token];
+    *error = [FIRAuthErrorUtils malformedJWTErrorWithToken:token underlyingError:nil];
     return nil;
   }
+  NSError *jsonError = nil;
+  NSJSONReadingOptions options = NSJSONReadingMutableContainers|NSJSONReadingAllowFragments;
   NSDictionary *tokenPayloadDictionary =
       [NSJSONSerialization JSONObjectWithData:decodedTokenPayloadData
-                                      options:NSJSONReadingMutableContainers|NSJSONReadingAllowFragments
-                                        error:error];
-  if (*error) {
+                                      options:options
+                                        error:&jsonError];
+  if (jsonError != nil) {
+    *error = [FIRAuthErrorUtils malformedJWTErrorWithToken:token underlyingError:jsonError];
     return nil;
   }
 
   if (!tokenPayloadDictionary) {
-    *error = [FIRAuthErrorUtils unexpectedResponseWithDeserializedResponse:token];
+    *error = [FIRAuthErrorUtils malformedJWTErrorWithToken:token underlyingError:nil];
     return nil;
   }
 
-- 
cgit v1.2.3