Don't send placeholder FAC token to Cloud Functions (#2948)

* Do not send the placeholder token to the functions backend in the error case.

* Add tests.

Author: rosalyntan

firebase-functions/src/androidTest/java/com/google/firebase/functions/FirebaseContextProviderTest.java

@@ -33,6 +33,7 @@ public class FirebaseContextProviderTest {
   private static final String AUTH_TOKEN = "authToken";
   private static final String IID_TOKEN = "iidToken";
   private static final String APP_CHECK_TOKEN = "appCheckToken";
+  private static final String ERROR = "errorString";
 
   private static final InternalAuthProvider fixedAuthProvider =
       new TestInternalAuthProvider(() -> AUTH_TOKEN);
@@ -45,6 +46,8 @@ public class FirebaseContextProviderTest {
       new TestFirebaseInstanceIdInternal(IID_TOKEN);
   private static final InternalAppCheckTokenProvider fixedAppCheckProvider =
       new TestInternalAppCheckTokenProvider(APP_CHECK_TOKEN);
+  private static final InternalAppCheckTokenProvider errorAppCheckProvider =
+      new TestInternalAppCheckTokenProvider(APP_CHECK_TOKEN, ERROR);
 
   @Test
   public void getContext_whenAuthAndAppCheckAreNotAvailable_shouldContainOnlyIid()
@@ -98,6 +101,19 @@ public void getContext_whenOnlyAuthIsAvailableAndNotSignedIn_shouldContainOnlyIi
     assertThat(context.getInstanceIdToken()).isEqualTo(IID_TOKEN);
   }
 
+  @Test
+  public void getContext_whenOnlyAppCheckIsAvailableAndHasError_shouldContainOnlyIid()
+      throws ExecutionException, InterruptedException {
+    FirebaseContextProvider contextProvider =
+        new FirebaseContextProvider(
+            absentProvider(), providerOf(fixedIidProvider), deferredOf(errorAppCheckProvider));
+
+    HttpsCallableContext context = Tasks.await(contextProvider.getContext());
+    assertThat(context.getAuthToken()).isNull();
+    assertThat(context.getInstanceIdToken()).isEqualTo(IID_TOKEN);
+    assertThat(context.getAppCheckToken()).isNull();
+  }
+
   @Test
   public void getContext_whenAuthAndAppCheckAreAvailable_shouldContainAuthAppCheckTokensAndIid()
       throws ExecutionException, InterruptedException {

firebase-functions/src/androidTest/java/com/google/firebase/functions/TestInternalAppCheckTokenProvider.java

@@ -43,6 +43,23 @@ public FirebaseException getError() {
         };
   }
 
+  public TestInternalAppCheckTokenProvider(String testToken, String error) {
+    this.testToken =
+        new AppCheckTokenResult() {
+          @NonNull
+          @Override
+          public String getToken() {
+            return testToken;
+          }
+
+          @Nullable
+          @Override
+          public FirebaseException getError() {
+            return new FirebaseException(error);
+          }
+        };
+  }
+
   @NonNull
   @Override
   public Task<AppCheckTokenResult> getToken(boolean forceRefresh) {

firebase-functions/src/main/java/com/google/firebase/functions/FirebaseContextProvider.java

@@ -100,10 +100,10 @@ private Task<String> getAppCheckToken() {
         .onSuccessTask(
             result -> {
               if (result.getError() != null) {
-                Log.w(
-                    TAG,
-                    "Error getting App Check token; using placeholder token instead. Error: "
-                        + result.getError());
+                // If there was an error getting the App Check token, do NOT send the placeholder
+                // token. Only valid App Check tokens should be sent to the functions backend.
+                Log.w(TAG, "Error getting App Check token. Error: " + result.getError());
+                return Tasks.forResult(null);
               }
               return Tasks.forResult(result.getToken());
             });