From 05afaef3544e6f2091bf9314f12e79b149243331 Mon Sep 17 00:00:00 2001
From: Zino Hofmann <zino@hofmann.amsterdam>
Date: Sun, 10 Oct 2021 08:10:21 +0000
Subject: [PATCH] feat(#174): handle additional errors from `verifyIdToken`

---
 src/firebaseAdmin.js | 38 +++++++++++++++++++++++---------------
 1 file changed, 23 insertions(+), 15 deletions(-)

diff --git a/src/firebaseAdmin.js b/src/firebaseAdmin.js
index 11f42f02..2309f7b9 100644
--- a/src/firebaseAdmin.js
+++ b/src/firebaseAdmin.js
@@ -2,10 +2,6 @@ import getFirebaseAdminApp from 'src/initFirebaseAdminSDK'
 import createAuthUser from 'src/createAuthUser'
 import { getConfig } from 'src/config'
 
-// https://firebase.google.com/docs/auth/admin/errors
-const FIREBASE_ERROR_TOKEN_EXPIRED = 'auth/id-token-expired'
-const FIREBASE_ERROR_ARGUMENT_ERROR = 'auth/argument-error'
-
 // If the FIREBASE_AUTH_EMULATOR_HOST variable is set, send the token request to the emulator
 const getTokenPrefix = () =>
   process.env.FIREBASE_AUTH_EMULATOR_HOST
@@ -60,17 +56,29 @@ export const verifyIdToken = async (token, refreshToken = null) => {
   try {
     firebaseUser = await admin.auth().verifyIdToken(token)
   } catch (e) {
-    // If the user's ID token has expired, refresh it if possible.
-    if (
-      refreshToken &&
-      (e.code === FIREBASE_ERROR_TOKEN_EXPIRED ||
-        e.code === FIREBASE_ERROR_ARGUMENT_ERROR)
-    ) {
-      newToken = refreshExpiredIdToken(refreshToken)
-      firebaseUser = await admin.auth().verifyIdToken(newToken)
-    } else {
-      // Otherwise, throw.
-      throw e
+    // https://firebase.google.com/docs/auth/admin/errors
+    switch (e.code) {
+      case 'auth/id-token-expired':
+      case 'auth/argument-error':
+        // If the user's ID token has expired, refresh it if possible.
+        if (refreshToken) {
+          newToken = await refreshExpiredIdToken(refreshToken)
+          firebaseUser = await admin.auth().verifyIdToken(newToken)
+        } else {
+          // Otherwise, throw.
+          throw e
+        }
+        break
+      case 'auth/invalid-user-token':
+      case 'auth/user-token-expired':
+      case 'auth/user-disabled':
+        // Return an unauthenticated user
+        newToken = null
+        firebaseUser = null
+        break
+      default:
+        // Otherwise, throw.
+        throw e
     }
   }
   const AuthUser = createAuthUser({