Use the correct function when validating google auth tokens

[orette]

httpsRequest.request expects the param postData and has no default value
or validation to check if it is missing before using it. As a result, an
error TypeError: First argument must be a string or Buffer is
thrown when an attempt is made to authenticate with Google.

A quick check on the LinkedIn, FB, and twitter authentication adapters shows they are
using httpsRequest.get for their validation calls.

[flovilmart]

You are right, can you update the tests please?

[codecov]

Codecov Report

Merging #5018 into master will increase coverage by 0.01%.
The diff coverage is 100%.

@@            Coverage Diff             @@
##           master    #5018      +/-   ##
==========================================
+ Coverage   94.28%   94.29%   +0.01%     
==========================================
  Files         121      121              
  Lines        8760     8760              
==========================================
+ Hits         8259     8260       +1     
+ Misses        501      500       -1

Impacted Files	Coverage Δ
src/Adapters/Auth/google.js	100% <100%> (ø)	⬆️
src/RestWrite.js	93.33% <0%> (+0.18%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 8c0a443...3ba06bd. Read the comment docs.

[orette]

@flovilmart I fixed the tests, but also notice two were passing even though the incorrect function was faked. Is it worth adding a check to ensure the correct function is called? eg. expect(httpsRequest.get).toHaveBeenCalledWith('https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=the_token'); or expect(httpsRequest.get).toHaveBeenCalled();

[flovilmart]

notice two were passing even though the incorrect function was faked.

What do you mean by that?

[orette]

The two tests 'should fail when the access_token is invalid' and 'should fail when the id_token is invalid' were passing when they should have failed in my opinion. The below code was being used to setup a fake response, but wasn't being called because the call was changed from httpsRequest.request to httpsRequest.get in the function googleRequest from google.js. The tests passed because they are only checking for the exception, but had taken a different execution path from what it should have.

    spyOn(httpsRequest, 'request').and.callFake(() => {
      return Promise.resolve({ sub: 'badId' });
    });

[flovilmart]

Yeah sure, I have been a bit quick when I refactored all the Auth adapters to improve testability. If this is something you want to improve you’re very welcome to do so!