google-sa-auth 0.0.5

data/Gemfile

@@ -0,0 +1,4 @@
+source "http://rubygems.org"
+
+# Specify your gem's dependencies in google-jwt.gemspec
+gemspec

data/README.md

@@ -0,0 +1,4 @@
+google-sa-auth
+==============
+
+Ruby library for obtaining OAuth 2.0 authorization tokens for Google API service accounts.

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/google-sa-auth.gemspec

@@ -0,0 +1,25 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+
+Gem::Specification.new do |s|
+  s.name        = "google-sa-auth"
+  s.version     = "0.0.5"
+  s.authors     = ["Jon Durbin"]
+  s.email       = ["jond@greenviewdata.com"]
+  s.homepage    = "https://github.com/gdi/google-sa-auth"
+  s.summary     = %q{Simple gem for generating authorization tokens for google service accounts}
+  s.description = %q{Simple gem for generating authorization tokens for google service accounts}
+
+  s.rubyforge_project = "google-sa-auth"
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+
+  s.add_dependency 'rspec'
+  s.add_dependency 'bundler'
+  s.add_dependency 'curb-fu'
+  s.add_dependency 'google-jwt'
+  s.add_dependency 'json'
+end

data/lib/google-sa-auth.rb

@@ -0,0 +1,88 @@
+require 'google-jwt'
+require 'curb-fu'
+require 'google-sa-auth/scope'
+require 'google-sa-auth/token'
+require 'google-sa-auth/client'
+
+class GoogleSAAuth
+  attr_accessor :claim_set, :pkcs12, :token
+  def initialize(args)
+    # Symbolize keys.
+    args = args.inject({}){|item,(k,v)| item[k.to_sym] = v; item}
+
+    # Remove unknown keys and make sure we have all the required keys.
+    args.delete_if {|k,v| ![:email_address, :scope, :key, :password, :audience].include?(k)}
+    [:email_address, :scope, :key].each do |required|
+      raise RuntimeError, "Missing required argument key #{required}" unless args[required]
+    end
+
+    # Setup default password and audience.
+    args[:password] ||= 'notasecret'
+    args[:audience] ||= 'https://accounts.google.com/o/oauth2/token'
+
+    # Create the claim set.
+    self.claim_set = {:iss => args[:email_address], :aud => args[:audience]}
+
+    # Determine the scope.
+    if args[:scope].class == String
+      if args[:scope] =~ /^http/i
+        self.claim_set[:scope] = args[:scope]
+      else
+        self.claim_set[:scope] = GoogleSAAuth::Scope.new(args[:scope]).url
+      end
+    elsif args[:scope].class == Array
+      scopes = args[:scope].each.collect do |scope|
+        if scope =~ /http/i
+          scope
+        else
+          GoogleSAAuth::Scope.new(scope).url
+        end
+      end
+      self.claim_set[:scope] = scopes.join(' ')
+    elsif args[:scope].class == Hash
+      # Specify extension, e.g. => {:fusiontables => 'readonly'}
+      scopes = []
+      args[:scope].each do |scope,extension|
+        if scope =~ /^http/i
+          url = scope
+        else
+          url = GoogleSAAuth::Scope.new(scope).by_extension(extension)
+        end
+        scopes.push(url) unless url.nil?
+      end
+      self.claim_set[:scope] = scopes.join(' ')
+    end
+
+    # Set other attributes.
+    self.pkcs12 = {:key => args[:key], :password => args[:password]}
+
+    # Get our authorization.
+    auth_token
+    self
+  end
+
+  def auth_token
+    # Make sure this token isn't expired.
+    self.token = nil if self.token.nil? || self.token.expired?
+    self.token ||= GoogleSAAuth::Token.new(jwt)
+    self.token
+  end
+
+  def token_string
+    # Return only the string for the token.
+    auth_token.token
+  end
+
+  def jwt
+    # Make sure the jwt isn't already expired.
+    @json_web_token = nil if @json_web_token.nil? || Time.now.to_i >= @json_web_token.claim_set[:exp]
+
+    # (Re)create the JSON web token.
+    @json_web_token ||= GoogleJWT.new(
+      self.claim_set,
+      self.pkcs12[:key],
+      self.pkcs12[:password]
+    )
+    @json_web_token
+  end
+end

data/lib/google-sa-auth/client.rb

@@ -0,0 +1,43 @@
+class GoogleSAAuth
+  class Client
+    class << self
+      def run(args)
+        # Clean up our arguments.
+        args = args.inject({}){|item,(k,v)| item[k.to_sym] = v; item}
+        args = args.delete_if {|k,v| ![:uri, :data, :headers, :method].include?(k)}
+        args[:data] ||= {}
+        args[:headers] ||= {}
+
+        # Parse the uri.
+        protocol, host, path = parse_uri(args[:uri])
+
+        # Set up a nice host info hash.
+        host_info = {
+          :host => host,
+          :path => path,
+          :protocol => protocol,
+          :headers => args[:headers]
+        }
+
+        # Perform the request.
+        if args[:method] == 'get'
+          CurbFu.get(host_info, args[:data])
+        elsif args[:method] == 'post'
+          CurbFu.post(host_info, args[:data])
+        elsif args[:method] == 'put'
+          CurbFu.put(host_info, args[:data])
+        elsif args[:method] == 'delete'
+          CurbFu.delete(host_info, args[:data])
+        else
+          raise 'InvalidRequestType', "Unknown method: #{method}"
+        end
+      end
+
+  private
+      def parse_uri(uri)
+        return [$1, $2, $3] if uri =~ /^(https?):\/\/([a-z0-9\.\-]+)(\/.*)$/i
+        raise ArgumentError "Error parsing URI: #{uri}"
+      end
+    end
+  end
+end

data/lib/google-sa-auth/scope.rb

@@ -0,0 +1,78 @@
+class GoogleSAAuth
+  class Scope
+    $KNOWN_APIS = {}
+
+    attr_accessor :scope_urls, :api_info
+    def initialize(name)
+      get_api_info(name.to_s)
+    end
+
+    def url
+      full_access
+    end
+
+    def full_access
+      # Get the shortest scope, which theoretically will be full permissions.
+      self.scope_urls.sort_by {|url| url.length}.first
+    end
+
+    def read_only
+      # Simply wrapper for .readonly permissions.
+      by_extension('readonly')
+    end
+
+    def by_extension(extension)
+      # If extension is nil, then we can just return full access.
+      return full_access if extension.nil?
+
+      # Try to find a scope by extension, e.g. ".readonly"
+      self.scope_urls.each do |url|
+        return url if url =~ /\.#{extension}$/i
+      end
+      nil
+    end
+
+  private
+    def known_apis
+      return $KNOWN_APIS unless $KNOWN_APIS.empty?
+
+      # Get the list of known APIs using the Google's API Discovery
+      response =  GoogleSAAuth::Client.run(
+        :uri => 'https://www.googleapis.com/discovery/v1/apis',
+        :method => 'get'
+      )
+
+      # Make sure we got a 200 response.
+      raise RuntimeError unless response.status == 200
+
+      # Parse the json and store the known apis.
+      result = JSON.parse(response.body)
+      apis = {}
+      result['items'].each {|item| apis[item['name']] = item}
+      $KNOWN_APIS = apis
+      apis
+    end
+
+    def get_api_info(scope_name)
+      return if self.scope_urls
+
+      # Make sure google listed this API.
+      api_info = known_apis[scope_name]
+      return nil unless api_info && api_info['discoveryRestUrl']
+
+      # Get the OAuth 2.0 scope url.
+      response = GoogleSAAuth::Client.run(
+        :uri => api_info['discoveryRestUrl'],
+        :method => 'get'
+      )
+
+      # Make sure we got a 200 response.
+      raise RuntimeError unless response.status == 200
+
+      # Parse the result and try to determine scope URLs.
+      result = JSON.parse(response.body)
+      self.scope_urls = result['auth']['oauth2']['scopes'].keys rescue nil
+      self.api_info = result
+    end
+  end
+end

data/lib/google-sa-auth/token.rb

@@ -0,0 +1,34 @@
+class GoogleSAAuth
+  class Token
+    attr_accessor :token, :response, :expires_at
+    def initialize(jwt)
+      # Get the token upon initialization and symbolize the keys.
+      self.response = get_auth_token(jwt.jwt).inject({}){|item,(k,v)| item[k.to_sym] = v; item}
+      self.token = self.response[:access_token]
+      self.expires_at = jwt.claim_set[:exp]
+    end
+
+    def expired?
+      Time.now.to_i >= self.expires_at
+    end
+
+  private
+    def get_auth_token(jwt)
+      # Post to the google oauth2 token URL.
+      result = GoogleSAAuth::Client.run(
+        :uri => 'https://accounts.google.com/o/oauth2/token',
+        :headers => {
+          'Content-Type' => 'application/x-www-form-urlencoded'
+        },
+        :data => "grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion=#{jwt}",
+        :method => 'post'
+      )
+
+      # Throw an exception unless we got a 200 response.
+      raise RuntimeError, "Error getting authentication token: #{result.body}" unless result.status == 200
+
+      # Parse the results.
+      JSON.parse(result.body.to_s)
+    end
+  end
+end

metadata

@@ -0,0 +1,134 @@
+--- !ruby/object:Gem::Specification
+name: google-sa-auth
+version: !ruby/object:Gem::Version
+  version: 0.0.5
+  prerelease: 
+platform: ruby
+authors:
+- Jon Durbin
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-11-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: curb-fu
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: google-jwt
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: json
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Simple gem for generating authorization tokens for google service accounts
+email:
+- jond@greenviewdata.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- Gemfile
+- README.md
+- Rakefile
+- google-sa-auth.gemspec
+- lib/google-sa-auth.rb
+- lib/google-sa-auth/client.rb
+- lib/google-sa-auth/scope.rb
+- lib/google-sa-auth/token.rb
+homepage: https://github.com/gdi/google-sa-auth
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: google-sa-auth
+rubygems_version: 1.8.24
+signing_key: 
+specification_version: 3
+summary: Simple gem for generating authorization tokens for google service accounts
+test_files: []
+has_rdoc: