parse-community · JiteshSinghShekhawat · Aug 5, 2024
diff --git a/src/Adapters/Auth/OAuth1Client.js b/src/Adapters/Auth/OAuth1Client.js
@@ -4,7 +4,8 @@ var Parse = require('parse/node').Parse;
 
 var OAuth = function (options) {
   if (!options) {
-    throw new Parse.Error(Parse.Error.INTERNAL_SERVER_ERROR, 'No options passed to OAuth');
+    console.error('No options passed to OAuth'); 
+    throw new Parse.Error(Parse.Error.INTERNAL_SERVER_ERROR, 'Configuration error.');
   }
   this.consumer_key = options.consumer_key;
   this.consumer_secret = options.consumer_secret;

diff --git a/src/Adapters/Auth/apple.js b/src/Adapters/Auth/apple.js
@@ -20,17 +20,19 @@ const getAppleKeyByKeyId = async (keyId, cacheMaxEntries, cacheMaxAge) => {
   try {
     key = await authUtils.getSigningKey(client, keyId);
   } catch (error) {
+    console.error(`Unable to find matching key for Key ID: ${keyId}. Error: ${error.message}`);
     throw new Parse.Error(
       Parse.Error.OBJECT_NOT_FOUND,
-      `Unable to find matching key for Key ID: ${keyId}`
+      `Unauthorized`
     );
   }
   return key;
 };
 
 const verifyIdToken = async ({ token, id }, { clientId, cacheMaxEntries, cacheMaxAge }) => {
   if (!token) {
-    throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `id token is invalid for this user.`);
+    console.error('Invalid token'); 
+    throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `Unauthorized`);
   }
 
   const { kid: keyId, alg: algorithm } = authUtils.getHeaderFromToken(token);
@@ -51,19 +53,21 @@ const verifyIdToken = async ({ token, id }, { clientId, cacheMaxEntries, cacheMa
     });
   } catch (exception) {
     const message = exception.message;
-
-    throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `${message}`);
+    console.error(`JWT verification failed. Error: ${message}`);
+    throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `Unauthorized`);
   }
 
   if (jwtClaims.iss !== TOKEN_ISSUER) {
+    console.error(`Token issuer mismatch. Expected: ${TOKEN_ISSUER}, Received: ${jwtClaims.iss}`);
     throw new Parse.Error(
       Parse.Error.OBJECT_NOT_FOUND,
-      `id token not issued by correct OpenID provider - expected: ${TOKEN_ISSUER} | from: ${jwtClaims.iss}`
+      `Unauthorized`
     );
   }
 
   if (jwtClaims.sub !== id) {
-    throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `auth data is invalid for this user.`);
+    console.error(`Token subject mismatch for user ID: ${id}.`);
+    throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `Unauthorized`);
   }
   return jwtClaims;
 };

diff --git a/src/Adapters/Auth/facebook.js b/src/Adapters/Auth/facebook.js
@@ -28,7 +28,8 @@ function validateGraphToken(authData, options) {
     if ((data && data.id == authData.id) || (process.env.TESTING && authData.id === 'test')) {
       return;
     }
-    throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Facebook auth is invalid for this user.');
+    console.error(`Invalid Facebook auth for user with ID: ${authData.id}`);
+    throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Unauthorized');
   });
 }
 
@@ -38,16 +39,19 @@ async function validateGraphAppId(appIds, authData, options) {
     return;
   }
   if (!Array.isArray(appIds)) {
-    throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'appIds must be an array.');
+    console.error('appIds must be an array.'); 
+    throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Unauthorized');
   }
   if (!appIds.length) {
-    throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Facebook auth is not configured.');
+    console.error('Authentication is not configured.')
+    throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Unauthorized');
   }
   const data = await graphRequest(
     `app?access_token=${access_token}${getAppSecretPath(authData, options)}`
   );
   if (!data || !appIds.includes(data.id)) {
-    throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Facebook auth is invalid for this user.');
+    console.error('Invalid authentication data.')
+    throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Unauthorized');
   }
 }
 
@@ -63,17 +67,18 @@ const getFacebookKeyByKeyId = async (keyId, cacheMaxEntries, cacheMaxAge) => {
   try {
     key = await authUtils.getSigningKey(client, keyId);
   } catch (error) {
+    console.error(`Unable to find matching key for Key ID: ${keyId}. Error: ${error.message}`);
     throw new Parse.Error(
       Parse.Error.OBJECT_NOT_FOUND,
-      `Unable to find matching key for Key ID: ${keyId}`
+      `Unable to validate authentication key.`
     );
   }
   return key;
 };
 
 const verifyIdToken = async ({ token, id }, { clientId, cacheMaxEntries, cacheMaxAge }) => {
   if (!token) {
-    throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'id token is invalid for this user.');
+    throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'invalid token.');
   }
 
   const { kid: keyId, alg: algorithm } = authUtils.getHeaderFromToken(token);
@@ -94,19 +99,22 @@ const verifyIdToken = async ({ token, id }, { clientId, cacheMaxEntries, cacheMa
     });
   } catch (exception) {
     const message = exception.message;
+    console.error(`JWT verification failed. Error: ${message}`);
 
-    throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `${message}`);
+    throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `Unauthorized access.`);
   }
 
   if (jwtClaims.iss !== TOKEN_ISSUER) {
+    console.error(`id token not issued by correct OpenID provider - expected: ${TOKEN_ISSUER} | from: ${jwtClaims.iss}`);
     throw new Parse.Error(
       Parse.Error.OBJECT_NOT_FOUND,
-      `id token not issued by correct OpenID provider - expected: ${TOKEN_ISSUER} | from: ${jwtClaims.iss}`
+      `Unauthorized access.`
     );
   }
 
   if (jwtClaims.sub !== id) {
-    throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'auth data is invalid for this user.');
+    console.error(`Token subject mismatch for user ID: ${id}.`);
+    throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Invalid authentication data.');
   }
   return jwtClaims;
 };

diff --git a/src/Adapters/Auth/gcenter.js b/src/Adapters/Auth/gcenter.js
@@ -39,9 +39,10 @@ function convertX509CertToPEM(X509Cert) {
 
 async function getAppleCertificate(publicKeyUrl) {
   if (!verifyPublicKeyUrl(publicKeyUrl)) {
+    console.error(`Invalid publicKeyUrl: ${publicKeyUrl}`);
     throw new Parse.Error(
       Parse.Error.OBJECT_NOT_FOUND,
-      `Apple Game Center - invalid publicKeyUrl: ${publicKeyUrl}`
+      `Unauthorized`
     );
   }
   if (cache[publicKeyUrl]) {
@@ -62,9 +63,10 @@ async function getAppleCertificate(publicKeyUrl) {
     cert_headers['content-length'] == null ||
     cert_headers['content-length'] > 10000
   ) {
+    console.error(`Invalid publicKeyUrl: ${publicKeyUrl}`);
     throw new Parse.Error(
       Parse.Error.OBJECT_NOT_FOUND,
-      `Apple Game Center - invalid publicKeyUrl: ${publicKeyUrl}`
+      `Unauthorized`
     );
   }
   const { certificate, headers } = await getCertificate(publicKeyUrl);
@@ -126,29 +128,33 @@ function verifySignature(publicKey, authData) {
   verifier.update(authData.salt, 'base64');
 
   if (!verifier.verify(publicKey, authData.signature, 'base64')) {
-    throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Apple Game Center - invalid signature');
+    console.error('Invalid signature during Apple Game Center verification.');
+    throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Unauthorized');
   }
 }
 
 function verifyPublicKeyIssuer(cert, publicKeyUrl) {
   const publicKeyCert = pki.certificateFromPem(cert);
   if (!ca.cert) {
+  console.error('Invalid root certificate during Apple Game Center verification.');
     throw new Parse.Error(
       Parse.Error.OBJECT_NOT_FOUND,
-      'Apple Game Center auth adapter parameter `rootCertificateURL` is invalid.'
+      'Unauthorized'
     );
   }
   try {
     if (!ca.cert.verify(publicKeyCert)) {
+      console.error(`Invalid publicKeyUrl issuer: ${publicKeyUrl}`);
       throw new Parse.Error(
         Parse.Error.OBJECT_NOT_FOUND,
-        `Apple Game Center - invalid publicKeyUrl: ${publicKeyUrl}`
+        `Unauthorized`
       );
     }
   } catch (e) {
+    console.error(`Error verifying publicKeyUrl issuer: ${e.message}`);
     throw new Parse.Error(
       Parse.Error.OBJECT_NOT_FOUND,
-      `Apple Game Center - invalid publicKeyUrl: ${publicKeyUrl}`
+      `Unauthorized`
     );
   }
   return cert;
@@ -157,7 +163,8 @@ function verifyPublicKeyIssuer(cert, publicKeyUrl) {
 // Returns a promise that fulfills if this user id is valid.
 async function validateAuthData(authData) {
   if (!authData.id) {
-    throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Apple Game Center - authData id missing');
+    console.error('Missing authData id during Apple Game Center validation.');
+    throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Unauthorized');
   }
   authData.playerId = authData.id;
   const publicKey = await getAppleCertificate(authData.publicKeyUrl);
@@ -179,9 +186,10 @@ async function validateAppId(appIds, authData, options = {}) {
     headers['content-length'] == null ||
     headers['content-length'] > 10000
   ) {
+    console.error('Invalid root certificate URL during Apple Game Center validation.');
     throw new Parse.Error(
       Parse.Error.OBJECT_NOT_FOUND,
-      'Apple Game Center auth adapter parameter `rootCertificateURL` is invalid.'
+      'Unauthorized'
     );
   }
   ca.cert = pki.certificateFromPem(certificate);

diff --git a/src/Adapters/Auth/github.js b/src/Adapters/Auth/github.js
@@ -8,7 +8,8 @@ function validateAuthData(authData) {
     if (data && data.id == authData.id) {
       return;
     }
-    throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Github auth is invalid for this user.');
+    console.error('Github auth is invalid for this user.'); 
+    throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Unauthorized');
   });
 }
 

diff --git a/src/Adapters/Auth/google.js b/src/Adapters/Auth/google.js
@@ -68,18 +68,22 @@ async function verifyIdToken({ id_token: token, id }, { clientId }) {
     });
   } catch (exception) {
     const message = exception.message;
-    throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `${message}`);
+    console.error(`Google Sign-In Validation Error: ${message}`);
+    throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `Unauthorized`);
   }
 
   if (jwtClaims.iss !== TOKEN_ISSUER && jwtClaims.iss !== HTTPS_TOKEN_ISSUER) {
+    console.error(`id token not issued by correct provider - expected: ${TOKEN_ISSUER} or ${HTTPS_TOKEN_ISSUER} | from: ${jwtClaims.iss}`);
     throw new Parse.Error(
       Parse.Error.OBJECT_NOT_FOUND,
-      `id token not issued by correct provider - expected: ${TOKEN_ISSUER} or ${HTTPS_TOKEN_ISSUER} | from: ${jwtClaims.iss}`
+      'Unauthorized'
     );
   }
 
   if (jwtClaims.sub !== id) {
-    throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, `auth data is invalid for this user.`);
+    const errMsg = `Token subject does not match user id.`;
+    console.error(`Google Sign-In Validation Error: ${errMsg}`);
+    throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Unauthorized');
   }
 
   if (clientId && jwtClaims.aud !== clientId) {

diff --git a/src/Adapters/Auth/gpgames.js b/src/Adapters/Auth/gpgames.js
@@ -15,9 +15,10 @@ async function validateAuthData(authData) {
     `https://www.googleapis.com/games/v1/players/${authData.id}?access_token=${authData.access_token}`
   );
   if (!(response && response.playerId === authData.id)) {
+    console.error('Google Play Games Services - authData is invalid for this user.'); 
     throw new Parse.Error(
       Parse.Error.OBJECT_NOT_FOUND,
-      'Google Play Games Services - authData is invalid for this user.'
+      'Authentication Failed'
     );
   }
 }

diff --git a/src/Adapters/Auth/instagram.js b/src/Adapters/Auth/instagram.js
@@ -12,7 +12,8 @@ function validateAuthData(authData) {
     if (user && user.id == authData.id) {
       return;
     }
-    throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Instagram auth is invalid for this user.');
+    console.error('Instagram auth is invalid for this user.')
+    throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Unauthorized');
   });
 }
 

diff --git a/src/Adapters/Auth/janraincapture.js b/src/Adapters/Auth/janraincapture.js
@@ -11,9 +11,10 @@ function validateAuthData(authData, options) {
     if (data && data.stat == 'ok' && data.result == authData.id) {
       return;
     }
+    console.error('Janrain capture auth is invalid for this user.')
     throw new Parse.Error(
       Parse.Error.OBJECT_NOT_FOUND,
-      'Janrain capture auth is invalid for this user.'
+      'Unauthorized'
     );
   });
 }

diff --git a/src/Adapters/Auth/janrainengage.js b/src/Adapters/Auth/janrainengage.js
@@ -11,9 +11,10 @@ function validateAuthData(authData, options) {
     if (data && data.stat == 'ok' && data.profile.identifier == authData.id) {
       return;
     }
+    console.error('Janrain engage auth is invalid for this user.'); 
     throw new Parse.Error(
       Parse.Error.OBJECT_NOT_FOUND,
-      'Janrain engage auth is invalid for this user.'
+      'Unauthorized'
     );
   });
 }

diff --git a/src/Adapters/Auth/keycloak.js b/src/Adapters/Auth/keycloak.js
@@ -51,10 +51,12 @@ const arraysEqual = (_arr1, _arr2) => {
 
 const handleAuth = async ({ access_token, id, roles, groups } = {}, { config } = {}) => {
   if (!(access_token && id)) {
-    throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Missing access token and/or User id');
+    console.error('Missing access token and/or User id'); 
+    throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Authentication failed');
   }
   if (!config || !(config['auth-server-url'] && config['realm'])) {
-    throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Missing keycloak configuration');
+    console.error('Missing Keycloak configuration');
+    throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Authentication failed');
   }
   try {
     const response = await httpsRequest.get({
@@ -73,18 +75,22 @@ const handleAuth = async ({ access_token, id, roles, groups } = {}, { config } =
     ) {
       return;
     }
-    throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Invalid authentication');
+    console.error('Invalid authentication: response data does not match');
+    throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Authentication failed');
   } catch (e) {
     if (e instanceof Parse.Error) {
+      console.error('Parse Error:', e.message);
       throw e;
     }
     const error = JSON.parse(e.text);
     if (error.error_description) {
-      throw new Parse.Error(Parse.Error.HOSTING_ERROR, error.error_description);
+      console.error('Authentication server error:', error.error_description);
+      throw new Parse.Error(Parse.Error.HOSTING_ERROR, 'Authentication failed');
     } else {
+      console.error('Could not connect to the authentication server');
       throw new Parse.Error(
         Parse.Error.HOSTING_ERROR,
-        'Could not connect to the authentication server'
+        'Authentication failed'
       );
     }
   }