Old bug still here: unwanted authData validation

[SebC99]

This bug #3867 is still here even with #3783 and #3872 fixes.
The reason why is in the RestWrite.js file:

if (!_.isEqual(providerData, userAuthData)) {
    mutatedAuthData[provider] = providerData;
}

When tested with facebook, the userAuthData comes from the saved user (MongoDB in my case), and it includes a token and an expiration date which is a Date object.
But the providerData which comes from the rest request from the SDK includes the same token and expiration date, but the expiration date is a string in that case. So we don't have equality of object.

There should be a conversion somewhere, but what's the best place to do it?

[dplewis]

Probably on the server side. Can you write a test case?

[SebC99]

I don't see how, there's no test for this very internal process so I don't know how I would write it...

[dplewis]

@SebC99 What does your authData look like in mongo?

Mine is a string and it returns as a string when I query or debug RestWrite.js

"_auth_data_facebook": {
        "id": "...",
        "access_token": "...",
        "expiration_date": "2019-03-16T02:00:00.185Z"
    },

[SebC99]

@dplewis for most users, it's the same as yours, but for others (old ones) it's a date:

"_auth_data_facebook" : {
        "access_token" : "....", 
        "expiration_date" : ISODate("2016-06-04T22:31:38.412+0000"), 
        "id" : "..."
    }

[dplewis]

There are 2 solutions for this

1. you write a script that converts your Date objects into strings in your DB
2. convert in RestWrite before checking isEqual

Which do you prefer? Your problem will be immediately solve with option 1. Option 2 is for this specific use case.

Open a PR we are more than welcome to review it.

Closing as this is an old issue.

[SebC99]

I've patched the RestWrite, adding an equality method in Auth Adapters, but you're right, a script might be safer ;)
I'll do that!
Thanks a lot

[santiagosemhan]

I found this problem with my custom auth. Every time that I update the user object, auth data validation is triggered.