google-api-client 0.5.0 → 0.6.0

data/CHANGELOG.md

@@ -1,3 +1,17 @@
+# 0.6
+
+* Apps strongly encouraged to set :application_name & :application_version when
+  initializing a client
+* JWT/service accounts moved to signet
+* Added helper class for installed app OAuth flows, updated samples & CLI
+* Initial logging support for client
+* Fix PKCS12 loading on windows
+* Allow disabling auto-refresh of OAuth 2 access tokens
+* Compatibility with MultiJson >= 1.0.0 & Rails 3.2.8
+* Fix for body serialization when body doesn't respond to to_json
+* Remove OAuth 1.0 logins from CLI
+
+
 # 0.5.0
 
 * Beta candidate, potential incompatible changes with how requests are processed. 

data/Gemfile

@@ -2,11 +2,11 @@ source :rubygems
 
 gemspec
 
-gem 'signet', '>= 0.4.1'
+gem 'signet', '>= 0.4.4'
 gem 'addressable', '>= 2.3.2'
 gem 'uuidtools', '>= 2.1.0'
 gem 'autoparse', '>= 0.3.2'
-gem 'faraday', '~> 0.8.1'
+gem 'faraday', '~> 0.8.4'
 gem 'multi_json', '>= 1.0.0'
 gem 'extlib', '>= 0.9.15'
 gem 'jwt', '~> 0.1.5'

data/README.md

@@ -80,16 +80,19 @@ Most interactions with Google APIs require users to authorize applications via O
 
 Credentials can be managed at the connection level, as shown, or supplied on a per-request basis when calling `execute`.
     
-For server-to-server interactions, like those between a web application and Google Cloud Storage, Prediction, or BigQuery APIs, use service accounts. Assertions for service accounts are made with `Google::APIClient::JWTAsserter`.
-
-    client = Google::APIClient.new
-    key = Google::APIClient::PKCS12.load_key('client.p12', 'notasecret')
-    service_account = Google::APIClient::JWTAsserter(
-        '123456-abcdef@developer.gserviceaccount.com',
-        'https://www.googleapis.com/auth/prediction',
-        key)
-    client.authorization = service_account.authorize
-
+For server-to-server interactions, like those between a web application and Google Cloud Storage, Prediction, or BigQuery APIs, use service accounts.
+
+    key = Google::APIClient::KeyUtils.load_from_pkcs12('client.p12', 'notasecret')
+    client.authorization = Signet::OAuth2::Client.new(
+      :token_credential_uri => 'https://accounts.google.com/o/oauth2/token',
+      :audience => 'https://accounts.google.com/o/oauth2/token',
+      :scope => 'https://www.googleapis.com/auth/prediction',
+      :issuer => '123456-abcdef@developer.gserviceaccount.com',
+      :signing_key => key)
+    client.authorization.fetch_access_token!
+    client.execute(...)
+    
+    
 ### Batching Requests
 
 Some Google APIs support batching requests into a single HTTP request. Use `Google::APIClient::BatchRequest`
@@ -104,9 +107,9 @@ Example:
         puts result.data
     end
     
-    batch.add(:api_method=>urlshortener.url.insert, 
+    batch.add(:api_method => urlshortener.url.insert, 
               :body_object => { 'longUrl' => 'http://example.com/foo' })
-    batch.add(:api_method=>urlshortener.url.insert, 
+    batch.add(:api_method => urlshortener.url.insert, 
               :body_object => { 'longUrl' => 'http://example.com/bar' })
     client.execute(batch)
     
@@ -172,7 +175,7 @@ See the full list of [samples on Google Code](http://code.google.com/p/google-ap
 
 ## Support
 
-Please [report bugs at the project on Google Code](http://code.google.com/p/google-api-ruby-client/issues/entry). Don't hesitate to [ask questions](http://stackoverflow.com/questions/tagged/google-api) about the client or APIs on [StackOverflow](http://stackoverflow.com).
+Please [report bugs at the project on Google Code](http://code.google.com/p/google-api-ruby-client/issues/entry). Don't hesitate to [ask questions](http://stackoverflow.com/questions/tagged/google-api-ruby-client) about the client or APIs on [StackOverflow](http://stackoverflow.com).
 
 
 

data/Rakefile

@@ -23,11 +23,15 @@ The Google API Ruby Client makes it trivial to discover and access supported
 APIs.
 TEXT
 
-PKG_FILES = FileList[
+list = FileList[
     'lib/**/*', 'spec/**/*', 'vendor/**/*',
     'tasks/**/*', 'website/**/*',
     '[A-Z]*', 'Rakefile'
-].exclude(/database\.yml/).exclude(/[_\.]git$/)
+].exclude(/[_\.]git$/)
+(open(".gitignore") { |file| file.read }).split("\n").each do |pattern|
+  list.exclude(pattern)
+end
+PKG_FILES = list
 
 RCOV_ENABLED = !!(RUBY_PLATFORM != 'java' && RUBY_VERSION =~ /^1\.8/)
 if RCOV_ENABLED

data/bin/google-api

@@ -15,45 +15,13 @@ require 'faraday/utils'
 require 'webrick'
 require 'google/api_client/version'
 require 'google/api_client'
+require 'google/api_client/auth/installed_app'
 
 ARGV.unshift('--help') if ARGV.empty?
 
 module Google
   class APIClient
     class CLI
-      # Used for oauth login
-      class OAuthVerifierServlet < WEBrick::HTTPServlet::AbstractServlet
-        attr_reader :verifier
-
-        def do_GET(request, response)
-          $verifier ||= Addressable::URI.unencode_component(
-            request.request_uri.to_s[/\?.*oauth_verifier=([^&$]+)(&|$)/, 1] ||
-            request.request_uri.to_s[/\?.*code=([^&$]+)(&|$)/, 1]
-          )
-          response.status = WEBrick::HTTPStatus::RC_ACCEPTED
-          # This javascript will auto-close the tab after the
-          # verifier is obtained.
-          response.body = <<-HTML
-<html>
-  <head>
-    <script>
-      function closeWindow() { 
-        window.open('', '_self', '');
-        window.close();
-      }
-      setTimeout(closeWindow, 10);
-    </script>
-  </head>
-  <body>
-    You may close this window.
-  </body>
-</html>
-HTML
-          # Eww, hack!
-          server = self.instance_variable_get('@server')
-          server.stop if server
-        end
-      end
 
       # Initialize with default parameter values
       def initialize(argv)
@@ -164,8 +132,7 @@ HTML
 
           opts.separator(
             "\nAvailable commands:\n" +
-            "    oauth-1-login   Log a user into an API with OAuth 1.0a\n" +
-            "    oauth-2-login   Log a user into an API with OAuth 2.0 d10\n" +
+            "    oauth-2-login   Log a user into an API with OAuth 2.0\n" +
             "    list            List the methods available for an API\n" +
             "    execute         Execute a method on the API\n" +
             "    irb             Start an interactive client session"
@@ -184,9 +151,7 @@ HTML
       end
 
       def client
-        require 'signet/oauth_1/client'
         require 'yaml'
-        require 'irb'
         config_file = File.expand_path('~/.google-api.yaml')
         authorization = nil
         if File.exist?(config_file)
@@ -198,19 +163,14 @@ HTML
           authorization = config["mechanism"].to_sym
         end
 
-        client = Google::APIClient.new(:authorization => authorization)
+        client = Google::APIClient.new(
+          :application_name => 'Ruby CLI', 
+          :application_version => Google::APIClient::VERSION::STRING,
+          :authorization => authorization)
 
         case authorization
         when :oauth_1
-          if client.authorization &&
-              !client.authorization.kind_of?(Signet::OAuth1::Client)
-            STDERR.puts(
-              "Unexpected authorization mechanism: " +
-              "#{client.authorization.class}"
-            )
-            exit(1)
-          end
-          config = open(config_file, 'r') { |file| YAML.load(file.read) }
+          STDERR.puts('OAuth 1 is deprecated. Please reauthorize with OAuth 2.')
           client.authorization.client_credential_key =
             config["client_credential_key"]
           client.authorization.client_credential_secret =
@@ -220,15 +180,6 @@ HTML
           client.authorization.token_credential_secret =
             config["token_credential_secret"]
         when :oauth_2
-          if client.authorization &&
-              !client.authorization.kind_of?(Signet::OAuth2::Client)
-            STDERR.puts(
-              "Unexpected authorization mechanism: " +
-              "#{client.authorization.class}"
-            )
-            exit(1)
-          end
-          config = open(config_file, 'r') { |file| YAML.load(file.read) }
           client.authorization.scope = options[:scope]
           client.authorization.client_id = config["client_id"]
           client.authorization.client_secret = config["client_secret"]
@@ -268,84 +219,14 @@ HTML
       end
 
       COMMANDS = [
-        :oauth_1_login,
         :oauth_2_login,
         :list,
         :execute,
         :irb,
-        :fuzz
       ]
 
-      def oauth_1_login
-        require 'signet/oauth_1/client'
-        require 'launchy'
-        require 'yaml'
-        if options[:client_credential_key] &&
-            options[:client_credential_secret]
-          config = {
-            "mechanism" => "oauth_1",
-            "scope" => options[:scope],
-            "client_credential_key" => options[:client_credential_key],
-            "client_credential_secret" => options[:client_credential_secret],
-            "token_credential_key" => nil,
-            "token_credential_secret" => nil
-          }
-          config_file = File.expand_path('~/.google-api.yaml')
-          open(config_file, 'w') { |file| file.write(YAML.dump(config)) }
-          exit(0)
-        else
-          $verifier = nil
-          server = WEBrick::HTTPServer.new(
-            :Port => OAUTH_SERVER_PORT,
-            :Logger => WEBrick::Log.new,
-            :AccessLog => WEBrick::Log.new
-          )
-          server.logger.level = 0
-          trap("INT") { server.shutdown }
-
-          server.mount("/", OAuthVerifierServlet)
-
-          oauth_client = Signet::OAuth1::Client.new(
-            :temporary_credential_uri =>
-              'https://www.google.com/accounts/OAuthGetRequestToken',
-            :authorization_uri =>
-              'https://www.google.com/accounts/OAuthAuthorizeToken',
-            :token_credential_uri =>
-              'https://www.google.com/accounts/OAuthGetAccessToken',
-            :client_credential_key => 'anonymous',
-            :client_credential_secret => 'anonymous',
-            :callback => "http://localhost:#{OAUTH_SERVER_PORT}/"
-          )
-          oauth_client.fetch_temporary_credential!(:additional_parameters => {
-            :scope => options[:scope],
-            :xoauth_displayname => 'Google API Client'
-          })
-
-          # Launch browser
-          Launchy::Browser.run(oauth_client.authorization_uri.to_s)
-
-          server.start
-          oauth_client.fetch_token_credential!(:verifier => $verifier)
-          config = {
-            "scope" => options[:scope],
-            "client_credential_key" =>
-              oauth_client.client_credential_key,
-            "client_credential_secret" =>
-              oauth_client.client_credential_secret,
-            "token_credential_key" =>
-              oauth_client.token_credential_key,
-            "token_credential_secret" =>
-              oauth_client.token_credential_secret
-          }
-          config_file = File.expand_path('~/.google-api.yaml')
-          open(config_file, 'w') { |file| file.write(YAML.dump(config)) }
-          exit(0)
-        end
-      end
-
       def oauth_2_login
         require 'signet/oauth_2/client'
-        require 'launchy'
         require 'yaml'
         if !options[:client_credential_key] ||
             !options[:client_credential_secret]
@@ -365,45 +246,26 @@ HTML
           open(config_file, 'w') { |file| file.write(YAML.dump(config)) }
           exit(0)
         else
-          $verifier = nil
-          logger = WEBrick::Log.new
-          logger.level = 0
-          server = WEBrick::HTTPServer.new(
-            :Port => OAUTH_SERVER_PORT,
-            :Logger => logger,
-            :AccessLog => logger
-          )
-          trap("INT") { server.shutdown }
-
-          server.mount("/", OAuthVerifierServlet)
-
-          oauth_client = Signet::OAuth2::Client.new(
-            :authorization_uri =>
-              'https://www.google.com/accounts/o8/oauth2/authorization',
-            :token_credential_uri =>
-              'https://www.google.com/accounts/o8/oauth2/token',
+          flow = Google::APIClient::InstalledAppFlow.new(
+            :port => OAUTH_SERVER_PORT,
             :client_id => options[:client_credential_key],
             :client_secret => options[:client_credential_secret],
-            :redirect_uri => "http://localhost:#{OAUTH_SERVER_PORT}/",
             :scope => options[:scope]
           )
-
-          # Launch browser
-          Launchy.open(oauth_client.authorization_uri.to_s)
-
-          server.start
-          oauth_client.code = $verifier
-          oauth_client.fetch_access_token!
-          config = {
-            "mechanism" => "oauth_2",
-            "scope" => options[:scope],
-            "client_id" => oauth_client.client_id,
-            "client_secret" => oauth_client.client_secret,
-            "access_token" => oauth_client.access_token,
-            "refresh_token" => oauth_client.refresh_token
-          }
-          config_file = File.expand_path('~/.google-api.yaml')
-          open(config_file, 'w') { |file| file.write(YAML.dump(config)) }
+          
+          oauth_client = flow.authorize
+          if oauth_client
+            config = {
+              "mechanism" => "oauth_2",
+              "scope" => options[:scope],
+              "client_id" => oauth_client.client_id,
+              "client_secret" => oauth_client.client_secret,
+              "access_token" => oauth_client.access_token,
+              "refresh_token" => oauth_client.refresh_token
+            }
+            config_file = File.expand_path('~/.google-api.yaml')
+            open(config_file, 'w') { |file| file.write(YAML.dump(config)) }
+          end
           exit(0)
         end
       end
@@ -414,7 +276,7 @@ HTML
           STDERR.puts('No API name supplied.')
           exit(1)
         end
-        client = Google::APIClient.new(:authorization => nil)
+        #client = Google::APIClient.new(:authorization => nil)
         if options[:discovery_uri]
           if options[:api] && options[:version]
             client.register_discovery_uri(
@@ -517,16 +379,6 @@ HTML
         IRB.start(__FILE__)
       end
 
-      def fuzz
-        STDERR.puts('API fuzzing not yet supported.')
-        if self.rpcname
-          # Fuzz just one method
-        else
-          # Fuzz the entire API
-        end
-        exit(1)
-      end
-
       def help
         puts self.parser
         exit(0)

data/lib/compat/multi_json.rb

@@ -1,6 +1,9 @@
 require 'multi_json'
 
-if !MultiJson.respond_to?(:load) || MultiJson.method(:load).owner == Kernel
+if !MultiJson.respond_to?(:load) || [
+  Kernel,
+  defined?(ActiveSupport::Dependencies::Loadable) && ActiveSupport::Dependencies::Loadable
+].compact.include?(MultiJson.method(:load).owner)
   module MultiJson
     class <<self
       alias :load :decode

data/lib/google/api_client.rb

@@ -20,6 +20,7 @@ require 'compat/multi_json'
 require 'stringio'
 
 require 'google/api_client/version'
+require 'google/api_client/logging'
 require 'google/api_client/errors'
 require 'google/api_client/environment'
 require 'google/api_client/discovery'
@@ -29,11 +30,15 @@ require 'google/api_client/result'
 require 'google/api_client/media'
 require 'google/api_client/service_account'
 require 'google/api_client/batch'
+require 'google/api_client/railtie' if defined?(Rails)
 
 module Google
+
   ##
   # This class manages APIs communication.
   class APIClient
+    include Google::APIClient::Logging
+    
     ##
     # Creates a new Google API client.
     #
@@ -47,6 +52,10 @@ module Google
     #     <li><code>:oauth_1</code></li>
     #     <li><code>:oauth_2</code></li>
     #   </ul>
+    # @option options [Boolean] :auto_refresh_token (true)
+    #   The setting that controls whether or not the api client attempts to
+    #   refresh authorization when a 401 is hit in #execute. If the token does 
+    #   not support it, this option is ignored.
     # @option options [String] :application_name
     #   The name of the application using the client.
     # @option options [String] :application_version
@@ -62,6 +71,8 @@ module Google
     # @option options [String] :discovery_path ("/discovery/v1")
     #   The discovery base path. This rarely needs to be changed.
     def initialize(options={})
+      logger.debug { "#{self.class} - Initializing client with options #{options}" }
+      
       # Normalize key to String to allow indifferent access.
       options = options.inject({}) do |accu, (key, value)|
         accu[key.to_sym] = value
@@ -74,26 +85,29 @@ module Google
 
       # Most developers will want to leave this value alone and use the
       # application_name option.
-      application_string = (
-        options[:application_name] ? (
-          "#{options[:application_name]}/" +
-          "#{options[:application_version] || '0.0.0'}"
-        ) : ""
-      )
+      if options[:application_name]
+        app_name = options[:application_name]
+        app_version = options[:application_version]
+        application_string = "#{app_name}/#{app_version || '0.0.0'}"
+      else
+        logger.warn { "#{self.class} - Please provide :application_name and :application_version when initializing the client" }
+      end
       self.user_agent = options[:user_agent] || (
         "#{application_string} " +
-        "google-api-ruby-client/#{VERSION::STRING} " +
+        "google-api-ruby-client/#{Google::APIClient::VERSION::STRING} " +
          ENV::OS_VERSION
       ).strip
       # The writer method understands a few Symbols and will generate useful
       # default authentication mechanisms.
       self.authorization =
         options.key?(:authorization) ? options[:authorization] : :oauth_2
+      self.auto_refresh_token = options.fetch(:auto_refresh_token) { true }
       self.key = options[:key]
       self.user_ip = options[:user_ip]
       @discovery_uris = {}
       @discovery_documents = {}
       @discovered_apis = {}
+            
       return self
     end
 
@@ -153,6 +167,13 @@ module Google
       return @authorization
     end
 
+    ##
+    # The setting that controls whether or not the api client attempts to
+    # refresh authorization when a 401 is hit in #execute. 
+    #
+    # @return [Boolean]
+    attr_accessor :auto_refresh_token
+
     ##
     # The application's API key issued by the API console.
     #
@@ -540,8 +561,9 @@ module Google
       request.authorization = options[:authorization] || self.authorization unless options[:authenticated] == false
 
       result = request.send(connection)
-      if result.status == 401 && authorization.respond_to?(:refresh_token) 
+      if result.status == 401 && authorization.respond_to?(:refresh_token) && auto_refresh_token
         begin
+          logger.debug("Attempting refresh of access token & retry of request")
           authorization.fetch_access_token!
           result = request.send(connection)
         rescue Signet::AuthorizationError