fix: validate listenerOrObserver callbacks in auth, app-check, remote-config

previously these sorts of callback reservations were not validated to make sure
that they had a valid callback or observer, they were just blindly used

this would lead to native perhaps getting events, emitting them to javascript,
and javascript attempting to blindly execute an undefined function, then crashing

Author: mikehardy

packages/app-check/lib/index.js

@@ -23,6 +23,7 @@ import {
   isFunction,
   isUndefined,
   isOther,
+  parseListenerOrObserver,
 } from '@react-native-firebase/app/lib/common';
 import {
   createModuleNamespace,
@@ -179,12 +180,6 @@ class FirebaseAppCheckModule extends FirebaseModule {
     return this.native.getLimitedUseToken();
   }
 
-  _parseListener(listenerOrObserver) {
-    return typeof listenerOrObserver === 'object'
-      ? listenerOrObserver.next.bind(listenerOrObserver)
-      : listenerOrObserver;
-  }
-
   // eslint-disable-next-line @typescript-eslint/no-unused-vars
   onTokenChanged(onNextOrObserver, onError, onCompletion) {
     // iOS does not provide any native listening feature
@@ -193,7 +188,7 @@ class FirebaseAppCheckModule extends FirebaseModule {
       console.warn('onTokenChanged is not implemented on IOS, only for Android');
       return () => {};
     }
-    const nextFn = this._parseListener(onNextOrObserver);
+    const nextFn = parseListenerOrObserver(onNextOrObserver);
     // let errorFn = function () { };
     // if (onNextOrObserver.error != null) {
     //   errorFn = onNextOrObserver.error.bind(onNextOrObserver);

packages/app/lib/common/index.js

@@ -16,7 +16,7 @@
  */
 import { Platform } from 'react-native';
 import Base64 from './Base64';
-import { isString } from './validate';
+import { isFunction, isObject, isString } from './validate';
 
 export * from './id';
 export * from './path';
@@ -103,6 +103,19 @@ export function tryJSONStringify(data) {
   }
 }
 
+export function parseListenerOrObserver(listenerOrObserver) {
+  if (!isFunction(listenerOrObserver) && !isObject(listenerOrObserver)) {
+  }
+  if (isFunction(listenerOrObserver)) {
+    return listenerOrObserver;
+  }
+  if (isObject(listenerOrObserver) && isFunction(listenerOrObserver.next)) {
+    return listenerOrObserver.next.bind(listenerOrObserver);
+  }
+
+  throw new Error("'listenerOrObserver' expected a function or an object with 'next' function.");
+}
+
 // Used to indicate if there is no corresponding modular function
 const NO_REPLACEMENT = true;
 

packages/auth/lib/index.js

@@ -23,6 +23,7 @@ import {
   isOther,
   isString,
   isValidUrl,
+  parseListenerOrObserver,
 } from '@react-native-firebase/app/lib/common';
 import { setReactNativeModule } from '@react-native-firebase/app/lib/internal/nativeModule';
 import {
@@ -225,14 +226,8 @@ class FirebaseAuthModule extends FirebaseModule {
     await this.native.setTenantId(tenantId);
   }
 
-  _parseListener(listenerOrObserver) {
-    return typeof listenerOrObserver === 'object'
-      ? listenerOrObserver.next.bind(listenerOrObserver)
-      : listenerOrObserver;
-  }
-
   onAuthStateChanged(listenerOrObserver) {
-    const listener = this._parseListener(listenerOrObserver);
+    const listener = parseListenerOrObserver(listenerOrObserver);
     const subscription = this.emitter.addListener(
       this.eventNameForApp('onAuthStateChanged'),
       listener,
@@ -247,7 +242,7 @@ class FirebaseAuthModule extends FirebaseModule {
   }
 
   onIdTokenChanged(listenerOrObserver) {
-    const listener = this._parseListener(listenerOrObserver);
+    const listener = parseListenerOrObserver(listenerOrObserver);
     const subscription = this.emitter.addListener(
       this.eventNameForApp('onIdTokenChanged'),
       listener,
@@ -262,7 +257,7 @@ class FirebaseAuthModule extends FirebaseModule {
   }
 
   onUserChanged(listenerOrObserver) {
-    const listener = this._parseListener(listenerOrObserver);
+    const listener = parseListenerOrObserver(listenerOrObserver);
     const subscription = this.emitter.addListener(this.eventNameForApp('onUserChanged'), listener);
     if (this._authResult) {
       Promise.resolve().then(() => {

packages/remote-config/e2e/config.e2e.js

@@ -781,11 +781,29 @@ describe('remoteConfig()', function () {
       });
     });
 
+    describe('onConfigUpdated parameter verification', function () {
+      it('throws an error if no callback provided', async function () {
+        const { getRemoteConfig, onConfigUpdated } = remoteConfigModular;
+        try {
+          onConfigUpdated(getRemoteConfig());
+        } catch (error) {
+          error.message.should.containEql(
+            "'listenerOrObserver' expected a function or an object with 'next' function.",
+          );
+        }
+      });
+    });
+
     describe('onConfigUpdated on un-supported platforms', function () {
+      if (!Platform.other) {
+        // Supported on non-other, tests are in the following describe block
+        return;
+      }
+
       it('returns a descriptive error message if called', async function () {
         const { getRemoteConfig, onConfigUpdated } = remoteConfigModular;
         try {
-          onConfigUpdated(getRemoteConfig());
+          onConfigUpdated(getRemoteConfig(), () => {});
         } catch (error) {
           error.message.should.containEql('Not supported by the Firebase Javascript SDK');
         }
@@ -794,7 +812,7 @@ describe('remoteConfig()', function () {
 
     xdescribe('onConfigUpdated on supported platforms', function () {
       if (Platform.other) {
-        // Not supported on Web, verify we get a nice error
+        // Not supported on Web
         return;
       }
 

packages/remote-config/lib/index.js

@@ -22,6 +22,7 @@ import {
   isString,
   isUndefined,
   isIOS,
+  parseListenerOrObserver,
 } from '@react-native-firebase/app/lib/common';
 import Value from './RemoteConfigValue';
 import {
@@ -247,7 +248,7 @@ class FirebaseConfigModule extends FirebaseModule {
    * @returns {function} unsubscribe listener
    */
   onConfigUpdated(listenerOrObserver) {
-    const listener = this._parseListener(listenerOrObserver);
+    const listener = parseListenerOrObserver(listenerOrObserver);
     let unsubscribed = false;
     const subscription = this.emitter.addListener(
       this.eventNameForApp('on_config_updated'),
@@ -287,12 +288,6 @@ class FirebaseConfigModule extends FirebaseModule {
     };
   }
 
-  _parseListener(listenerOrObserver) {
-    return typeof listenerOrObserver === 'object'
-      ? listenerOrObserver.next.bind(listenerOrObserver)
-      : listenerOrObserver;
-  }
-
   _updateFromConstants(constants) {
     // Wrapped this as we update using sync getters initially for `defaultConfig` & `settings`
     if (constants.lastFetchTime) {