fix: Facebook Standard Login missing app ID validation (#10429)

Author: mtrezza

spec/AuthenticationAdapters.spec.js

@@ -1732,6 +1732,24 @@ describe('facebook limited auth adapter', () => {
       expect(e.message).toBe('Facebook auth is not configured.');
     }
   });
+
+  it('should throw error when appIds is not configured for Standard Login', async () => {
+    try {
+      await facebook.validateAuthData({ id: 'the_user_id', access_token: 'the_token' }, {});
+      fail('should have thrown');
+    } catch (e) {
+      expect(e.message).toBe('Facebook auth is not configured.');
+    }
+  });
+
+  it('should throw error when appIds is empty array for Standard Login', async () => {
+    try {
+      await facebook.validateAuthData({ id: 'the_user_id', access_token: 'the_token' }, { appIds: [] });
+      fail('should have thrown');
+    } catch (e) {
+      expect(e.message).toBe('Facebook auth is not configured.');
+    }
+  });
 });
 
 describe('OTP TOTP auth adatper', () => {

src/Adapters/Auth/facebook.js

@@ -79,7 +79,10 @@ function getAppSecretPath(authData, options = {}) {
   return `&appsecret_proof=${appsecret_proof}`;
 }
 
-function validateGraphToken(authData, options) {
+function validateGraphToken(authData, options = {}) {
+  if (!Array.isArray(options.appIds) || !options.appIds.length) {
+    throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'Facebook auth is not configured.');
+  }
   return graphRequest(
     'me?fields=id&access_token=' + authData.access_token + getAppSecretPath(authData, options)
   ).then(data => {