google-api-client 0.5.0 → 0.6.0

data/lib/google/api_client/auth/installed_app.rb

@@ -0,0 +1,115 @@
+# Copyright 2010 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'webrick'
+require 'launchy'
+
+module Google
+  class APIClient
+
+    # Small helper for the sample apps for performing OAuth 2.0 flows from the command
+    # line or in any other installed app environment.
+    #
+    # @example
+    #
+    #    client = Google::APIClient.new
+    #    flow = Google::APIClient::InstalledAppFlow.new(
+    #      :client_id => '691380668085.apps.googleusercontent.com',
+    #      :client_secret => '...,
+    #      :scope => 'https://www.googleapis.com/auth/drive'
+    #    )
+    #    client.authorization = flow.authorize
+    #
+    class InstalledAppFlow
+      
+      RESPONSE_BODY = <<-HTML
+        <html>
+          <head>
+            <script>
+              function closeWindow() { 
+                window.open('', '_self', '');
+                window.close();
+              }
+              setTimeout(closeWindow, 10);
+            </script>
+          </head>
+          <body>You may close this window.</body>
+        </html>
+      HTML
+      
+      ##
+      # Configure the flow
+      #
+      # @param [Hash] options The configuration parameters for the client.
+      # @option options [Fixnum] :port
+      #   Port to run the embedded server on. Defaults to 9292
+      # @option options [String] :client_id 
+      #   A unique identifier issued to the client to identify itself to the
+      #   authorization server.
+      # @option options [String] :client_secret
+      #   A shared symmetric secret issued by the authorization server,
+      #   which is used to authenticate the client.
+      # @option options [String] :scope
+      #   The scope of the access request, expressed either as an Array
+      #   or as a space-delimited String.
+      #
+      # @see Signet::OAuth2::Client
+      def initialize(options)
+        @port = options[:port] || 9292
+        @authorization = Signet::OAuth2::Client.new({
+          :authorization_uri => 'https://accounts.google.com/o/oauth2/auth',
+          :token_credential_uri => 'https://accounts.google.com/o/oauth2/token',
+          :redirect_uri => "http://localhost:#{@port}/"}.update(options)
+        )
+      end
+      
+      ##
+      # Request authorization. Opens a browser and waits for response.
+      #
+      # @return [Signet::OAuth2::Client]
+      #  Authorization instance, nil if user cancelled.
+      def authorize
+        auth = @authorization
+    
+        server = WEBrick::HTTPServer.new(
+          :Port => @port,
+          :BindAddress =>"localhost",
+          :Logger => WEBrick::Log.new(STDOUT, 0),
+          :AccessLog => []
+        )
+        trap("INT") { server.shutdown }
+        
+        server.mount_proc '/' do |req, res|
+            auth.code = req.query['code']
+            if auth.code
+              auth.fetch_access_token!
+            end
+            res.status = WEBrick::HTTPStatus::RC_ACCEPTED
+            res.body = RESPONSE_BODY
+            server.stop
+        end
+
+        Launchy.open(auth.authorization_uri.to_s)
+        server.start
+        if @authorization.access_token
+          return @authorization
+        else
+          return nil
+        end
+      end
+    end
+
+  end
+end
+

data/lib/google/api_client/auth/jwt_asserter.rb

@@ -22,17 +22,31 @@ module Google
     # Generates access tokens using the JWT assertion profile. Requires a
     # service account & access to the private key.
     #
-    # @example
+    # @example Using Signet
+    #
+    #   key = Google::APIClient::KeyUtils.load_from_pkcs12('client.p12', 'notasecret')
+    #   client.authorization = Signet::OAuth2::Client.new(
+    #     :token_credential_uri => 'https://accounts.google.com/o/oauth2/token',
+    #     :audience => 'https://accounts.google.com/o/oauth2/token',
+    #     :scope => 'https://www.googleapis.com/auth/prediction',
+    #     :issuer => '123456-abcdef@developer.gserviceaccount.com',
+    #     :signing_key => key)
+    #   client.authorization.fetch_access_token!
+    #   client.execute(...)
+    #
+    # @example Deprecated version
     #
     #    client = Google::APIClient.new
     #    key = Google::APIClient::PKCS12.load_key('client.p12', 'notasecret')
-    #    service_account = Google::APIClient::JWTAsserter(
-    #        '123456-abcdef@developer.gserviceaccount.com',
-    #        'https://www.googleapis.com/auth/prediction',
-    #        key)
+    #    service_account = Google::APIClient::JWTAsserter.new(
+    #     '123456-abcdef@developer.gserviceaccount.com',
+    #     'https://www.googleapis.com/auth/prediction',
+    #     key)
     #    client.authorization = service_account.authorize
     #    client.execute(...)
     #
+    # @deprecated
+    #  Service accounts are now supported directly in Signet
     # @see https://developers.google.com/accounts/docs/OAuth2ServiceAccount
     class JWTAsserter
       # @return [String] ID/email of the issuing party
@@ -43,9 +57,11 @@ module Google
       attr_accessor :skew
       # @return [String] Scopes to authorize
       attr_reader :scope
-      # @return [OpenSSL::PKey] key for signing assertions
+      # @return [String,OpenSSL::PKey] key for signing assertions
       attr_writer :key
-
+      # @return [String] Algorithm used for signing
+      attr_accessor :algorithm
+      
       ##
       # Initializes the asserter for a service account.
       #
@@ -53,14 +69,18 @@ module Google
       #    Name/ID of the client issuing the assertion
       # @param [String, Array] scope
       #   Scopes to authorize. May be a space delimited string or array of strings
-      # @param [OpenSSL::PKey] key
-      #   RSA private key for signing assertions
-      def initialize(issuer, scope, key)
+      # @param [String,OpenSSL::PKey] key
+      #   Key for signing assertions
+      # @param [String] algorithm
+      #   Algorithm to use, either 'RS256' for RSA with SHA-256 
+      #   or 'HS256' for HMAC with SHA-256
+      def initialize(issuer, scope, key, algorithm = "RS256")
         self.issuer = issuer
         self.scope = scope
         self.expiry = 60 # 1 min default 
         self.skew = 60      
         self.key = key
+        self.algorithm = algorithm
       end
 
       ##
@@ -81,25 +101,6 @@ module Google
         end
       end
       
-      ##
-      # Builds & signs the assertion.
-      # 
-      # @param [String] person
-      #   Email address of a user, if requesting a token to act on their behalf
-      # @return [String] Encoded JWT
-      def to_jwt(person=nil)
-        now = Time.new        
-        assertion = {
-          "iss" => @issuer,
-          "scope" => self.scope,
-          "aud" => "https://accounts.google.com/o/oauth2/token",
-          "exp" => (now + expiry).to_i,
-          "iat" => (now - skew).to_i
-        }
-        assertion['prn'] = person unless person.nil?
-        return JWT.encode(assertion, @key, "RS256")
-      end
-
       ##
       # Request a new access token.
       # 
@@ -109,31 +110,28 @@ module Google
       #   Pass through to Signet::OAuth2::Client.fetch_access_token
       # @return [Signet::OAuth2::Client] Access token 
       #
-      # @see Signet::OAuth2::Client.fetch_access_token
+      # @see Signet::OAuth2::Client.fetch_access_token!
       def authorize(person = nil, options={})
-        assertion = self.to_jwt(person)
-        authorization = Signet::OAuth2::Client.new(
-          :token_credential_uri => 'https://accounts.google.com/o/oauth2/token'
-        )
-        authorization.grant_type = 'urn:ietf:params:oauth:grant-type:jwt-bearer'
-        authorization.extension_parameters = { :assertion => assertion }
+        authorization = self.to_authorization
         authorization.fetch_access_token!(options)
-        return JWTAuthorization.new(authorization, self, person)
-      end
-    end
-    
-    class JWTAuthorization < DelegateClass(Signet::OAuth2::Client)
-      def initialize(authorization, asserter, person = nil)
-        @asserter = asserter
-        @person = person
-        super(authorization)
+        return authorization
       end
       
-      def fetch_access_token!(options={})
-        new_authorization = @asserter.authorize(@person, options)
-        __setobj__(new_authorization)
-        self
-      end
+      ##
+      # Builds a Signet OAuth2 client
+      #
+      # @return [Signet::OAuth2::Client] Access token 
+      def to_authorization(person = nil)
+        return Signet::OAuth2::Client.new(
+          :token_credential_uri => 'https://accounts.google.com/o/oauth2/token',
+          :audience => 'https://accounts.google.com/o/oauth2/token',
+          :scope => self.scope,
+          :issuer => @issuer,
+          :signing_key => @key,
+          :signing_algorithm => @algorithm,
+          :person => person
+        )
+      end      
     end
   end
 end

data/lib/google/api_client/auth/key_utils.rb

@@ -0,0 +1,93 @@
+# Copyright 2010 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+module Google
+  class APIClient
+    ##
+    # Helper for loading keys from the PKCS12 files downloaded when
+    # setting up service accounts at the APIs Console.
+    #
+    module KeyUtils
+      ##
+      # Loads a key from PKCS12 file, assuming a single private key
+      # is present.
+      #
+      # @param [String] keyfile
+      #    Path of the PKCS12 file to load. If not a path to an actual file,
+      #    assumes the string is the content of the file itself. 
+      # @param [String] passphrase
+      #   Passphrase for unlocking the private key
+      #
+      # @return [OpenSSL::PKey] The private key for signing assertions.
+      def self.load_from_pkcs12(keyfile, passphrase)
+        load_key(keyfile, passphrase) do |content, passphrase| 
+          OpenSSL::PKCS12.new(content, passphrase).key
+        end
+      end
+      
+
+      ##
+      # Loads a key from a PEM file.
+      #
+      # @param [String] keyfile
+      #    Path of the PEM file to load. If not a path to an actual file,
+      #    assumes the string is the content of the file itself. 
+      # @param [String] passphrase
+      #   Passphrase for unlocking the private key
+      #
+      # @return [OpenSSL::PKey] The private key for signing assertions.
+      #
+      def self.load_from_pem(keyfile, passphrase)
+        load_key(keyfile, passphrase) do | content, passphrase|
+          OpenSSL::PKey::RSA.new(content, passphrase)
+        end
+      end
+
+      private
+      
+      ##
+      # Helper for loading keys from file or memory. Accepts a block
+      # to handle the specific file format.
+      #
+      # @param [String] keyfile
+      #    Path of thefile to load. If not a path to an actual file,
+      #    assumes the string is the content of the file itself. 
+      # @param [String] passphrase
+      #   Passphrase for unlocking the private key
+      #
+      # @yield [String, String]
+      #   Key file & passphrase to extract key from
+      # @yieldparam [String] keyfile
+      #   Contents of the file
+      # @yieldparam [String] passphrase
+      #   Passphrase to unlock key
+      # @yieldreturn [OpenSSL::PKey]
+      #   Private key
+      #
+      # @return [OpenSSL::PKey] The private key for signing assertions.
+      def self.load_key(keyfile, passphrase, &block)
+        begin
+          begin
+            content = File.open(keyfile, 'rb') { |io| io.read }
+          rescue
+            content = keyfile
+          end
+          block.call(content, passphrase)
+        rescue OpenSSL::OpenSSLError
+          raise ArgumentError.new("Invalid keyfile or passphrase")
+        end        
+      end  
+    end
+  end
+end

data/lib/google/api_client/auth/pkcs12.rb

@@ -12,6 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+require 'google/api_client/auth/key_utils'
 module Google
   class APIClient
     ##
@@ -30,18 +31,10 @@ module Google
       #   Passphrase for unlocking the private key
       #
       # @return [OpenSSL::PKey] The private key for signing assertions.
+      # @deprecated 
+      #  Use {Google::APIClient::KeyUtils} instead
       def self.load_key(keyfile, passphrase)
-        begin
-          if File.exists?(keyfile)
-            content = File.read(keyfile)
-          else
-            content = keyfile
-          end  
-          pkcs12 = OpenSSL::PKCS12.new(content, passphrase)
-          return pkcs12.key
-        rescue OpenSSL::PKCS12::PKCS12Error
-          raise ArgumentError.new("Invalid keyfile or passphrase")
-        end
+        KeyUtils.load_from_pkcs12(keyfile, passphrase)
       end
     end
   end

data/lib/google/api_client/batch.rb

@@ -59,12 +59,11 @@ module Google
     #        puts result.data
     #     end
     # 
-    #     batch.add(:api_method=>urlshortener.url.insert, :body_object => { 'longUrl' => 'http://example.com/foo' })
-    #     batch.add(:api_method=>urlshortener.url.insert, :body_object => { 'longUrl' => 'http://example.com/bar' })
+    #     batch.add(:api_method => urlshortener.url.insert, :body_object => { 'longUrl' => 'http://example.com/foo' })
+    #     batch.add(:api_method => urlshortener.url.insert, :body_object => { 'longUrl' => 'http://example.com/bar' })
     #
     #     client.execute(batch)
     #
-    
     class BatchRequest < Request
       BATCH_BOUNDARY = "-----------RubyApiBatchRequest".freeze
 

data/lib/google/api_client/client_secrets.rb

@@ -63,7 +63,6 @@ module Google
         end
         while filename == nil
           search_path ||= File.expand_path('.')
-          puts search_path
           if File.exist?(File.join(search_path, 'client_secrets.json'))
             filename = File.join(search_path, 'client_secrets.json')
           elsif search_path == '/' || search_path =~ /[a-zA-Z]:[\/\\]/

data/lib/google/api_client/discovery/api.rb

@@ -14,7 +14,7 @@
 
 
 require 'addressable/uri'
-
+require 'multi_json'
 require 'google/inflection'
 require 'google/api_client/discovery/resource'
 require 'google/api_client/discovery/method'
@@ -281,6 +281,20 @@ module Google
           "#<%s:%#0x ID:%s>", self.class.to_s, self.object_id, self.id
         )
       end
+      
+      ##
+      # Marshalling support - serialize the API to a string (doc base + original 
+      # discovery document).
+      def _dump(level)
+        MultiJson.dump([@document_base.to_s, @discovery_document])
+      end
+      
+      ##
+      # Marshalling support - Restore an API instance from serialized form
+      def self._load(obj)
+        new(*MultiJson.load(obj)) 
+      end
+
     end
   end
 end

data/lib/google/api_client/logging.rb

@@ -0,0 +1,32 @@
+require 'logger'
+
+module Google
+  class APIClient
+    
+    class << self
+      ##
+      # Logger for the API client
+      #
+      # @return [Logger] logger instance.
+      attr_accessor :logger
+    end
+
+    self.logger = Logger.new(STDOUT)
+    self.logger.level = Logger::WARN  
+
+    ##
+    # Module to make accessing the logger simpler
+    module Logging
+      ##
+      # Logger for the API client
+      #
+      # @return [Logger] logger instance.
+      def logger
+        Google::APIClient.logger
+      end
+    end
+
+  end
+  
+  
+end