googleauth 0.14.0 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (80) hide show
  1. checksums.yaml +4 -4
  2. data/.yardopts +11 -0
  3. data/CHANGELOG.md +72 -10
  4. data/README.md +48 -13
  5. data/SECURITY.md +7 -0
  6. data/lib/googleauth/application_default.rb +10 -25
  7. data/lib/googleauth/client_id.rb +10 -25
  8. data/lib/googleauth/compute_engine.rb +16 -30
  9. data/lib/googleauth/credentials.rb +178 -74
  10. data/lib/googleauth/credentials_loader.rb +23 -44
  11. data/lib/googleauth/default_credentials.rb +10 -25
  12. data/lib/googleauth/iam.rb +11 -26
  13. data/lib/googleauth/id_tokens/errors.rb +9 -23
  14. data/lib/googleauth/id_tokens/key_sources.rb +26 -38
  15. data/lib/googleauth/id_tokens/verifier.rb +16 -32
  16. data/lib/googleauth/id_tokens.rb +9 -23
  17. data/lib/googleauth/json_key_reader.rb +10 -25
  18. data/lib/googleauth/scope_util.rb +11 -26
  19. data/lib/googleauth/service_account.rb +60 -59
  20. data/lib/googleauth/signet.rb +22 -28
  21. data/lib/googleauth/stores/file_token_store.rb +11 -25
  22. data/lib/googleauth/stores/redis_token_store.rb +11 -25
  23. data/lib/googleauth/token_store.rb +10 -25
  24. data/lib/googleauth/user_authorizer.rb +10 -25
  25. data/lib/googleauth/user_refresh.rb +15 -27
  26. data/lib/googleauth/version.rb +11 -26
  27. data/lib/googleauth/web_user_authorizer.rb +14 -32
  28. data/lib/googleauth.rb +10 -25
  29. metadata +26 -97
  30. data/.github/CODEOWNERS +0 -7
  31. data/.github/CONTRIBUTING.md +0 -74
  32. data/.github/ISSUE_TEMPLATE/bug_report.md +0 -36
  33. data/.github/ISSUE_TEMPLATE/feature_request.md +0 -21
  34. data/.github/ISSUE_TEMPLATE/support_request.md +0 -7
  35. data/.gitignore +0 -36
  36. data/.kokoro/build.bat +0 -16
  37. data/.kokoro/build.sh +0 -4
  38. data/.kokoro/continuous/common.cfg +0 -24
  39. data/.kokoro/continuous/linux.cfg +0 -25
  40. data/.kokoro/continuous/osx.cfg +0 -8
  41. data/.kokoro/continuous/post.cfg +0 -30
  42. data/.kokoro/continuous/windows.cfg +0 -29
  43. data/.kokoro/osx.sh +0 -4
  44. data/.kokoro/presubmit/common.cfg +0 -24
  45. data/.kokoro/presubmit/linux.cfg +0 -24
  46. data/.kokoro/presubmit/osx.cfg +0 -8
  47. data/.kokoro/presubmit/windows.cfg +0 -29
  48. data/.kokoro/release.cfg +0 -94
  49. data/.kokoro/trampoline.bat +0 -10
  50. data/.kokoro/trampoline.sh +0 -4
  51. data/.repo-metadata.json +0 -5
  52. data/.rspec +0 -2
  53. data/.rubocop.yml +0 -19
  54. data/Gemfile +0 -30
  55. data/Rakefile +0 -132
  56. data/googleauth.gemspec +0 -38
  57. data/integration/helper.rb +0 -31
  58. data/integration/id_tokens/key_source_test.rb +0 -74
  59. data/rakelib/devsite_builder.rb +0 -45
  60. data/rakelib/link_checker.rb +0 -64
  61. data/rakelib/repo_metadata.rb +0 -59
  62. data/spec/googleauth/apply_auth_examples.rb +0 -171
  63. data/spec/googleauth/client_id_spec.rb +0 -160
  64. data/spec/googleauth/compute_engine_spec.rb +0 -160
  65. data/spec/googleauth/credentials_spec.rb +0 -478
  66. data/spec/googleauth/get_application_default_spec.rb +0 -286
  67. data/spec/googleauth/iam_spec.rb +0 -80
  68. data/spec/googleauth/scope_util_spec.rb +0 -77
  69. data/spec/googleauth/service_account_spec.rb +0 -489
  70. data/spec/googleauth/signet_spec.rb +0 -142
  71. data/spec/googleauth/stores/file_token_store_spec.rb +0 -57
  72. data/spec/googleauth/stores/redis_token_store_spec.rb +0 -50
  73. data/spec/googleauth/stores/store_examples.rb +0 -58
  74. data/spec/googleauth/user_authorizer_spec.rb +0 -343
  75. data/spec/googleauth/user_refresh_spec.rb +0 -359
  76. data/spec/googleauth/web_user_authorizer_spec.rb +0 -172
  77. data/spec/spec_helper.rb +0 -92
  78. data/test/helper.rb +0 -33
  79. data/test/id_tokens/key_sources_test.rb +0 -240
  80. data/test/id_tokens/verifier_test.rb +0 -269
@@ -1,160 +0,0 @@
1
- # Copyright 2015, Google Inc.
2
- # All rights reserved.
3
- #
4
- # Redistribution and use in source and binary forms, with or without
5
- # modification, are permitted provided that the following conditions are
6
- # met:
7
- #
8
- # * Redistributions of source code must retain the above copyright
9
- # notice, this list of conditions and the following disclaimer.
10
- # * Redistributions in binary form must reproduce the above
11
- # copyright notice, this list of conditions and the following disclaimer
12
- # in the documentation and/or other materials provided with the
13
- # distribution.
14
- # * Neither the name of Google Inc. nor the names of its
15
- # contributors may be used to endorse or promote products derived from
16
- # this software without specific prior written permission.
17
- #
18
- # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19
- # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20
- # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21
- # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
22
- # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
23
- # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
24
- # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25
- # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26
- # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27
- # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
28
- # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29
-
30
- spec_dir = File.expand_path File.join(File.dirname(__FILE__))
31
- $LOAD_PATH.unshift spec_dir
32
- $LOAD_PATH.uniq!
33
-
34
- require "spec_helper"
35
- require "fakefs/safe"
36
- require "googleauth"
37
-
38
- describe Google::Auth::ClientId do
39
- shared_examples "it has a valid config" do
40
- it "should include a valid id" do
41
- expect(client_id.id).to eql "abc@example.com"
42
- end
43
-
44
- it "should include a valid secret" do
45
- expect(client_id.secret).to eql "notasecret"
46
- end
47
- end
48
-
49
- shared_examples "it can successfully load client_id" do
50
- context "loaded from hash" do
51
- let(:client_id) { Google::Auth::ClientId.from_hash config }
52
-
53
- it_behaves_like "it has a valid config"
54
- end
55
-
56
- context "loaded from file" do
57
- file_path = "/client_secrets.json"
58
-
59
- let :client_id do
60
- FakeFS do
61
- content = MultiJson.dump config
62
- File.write file_path, content
63
- Google::Auth::ClientId.from_file file_path
64
- end
65
- end
66
-
67
- it_behaves_like "it has a valid config"
68
- end
69
- end
70
-
71
- describe "with web config" do
72
- let :config do
73
- {
74
- "web" => {
75
- "client_id" => "abc@example.com",
76
- "client_secret" => "notasecret"
77
- }
78
- }
79
- end
80
- it_behaves_like "it can successfully load client_id"
81
- end
82
-
83
- describe "with installed app config" do
84
- let :config do
85
- {
86
- "installed" => {
87
- "client_id" => "abc@example.com",
88
- "client_secret" => "notasecret"
89
- }
90
- }
91
- end
92
- it_behaves_like "it can successfully load client_id"
93
- end
94
-
95
- context "with missing top level property" do
96
- let :config do
97
- {
98
- "notvalid" => {
99
- "client_id" => "abc@example.com",
100
- "client_secret" => "notasecret"
101
- }
102
- }
103
- end
104
-
105
- it "should raise error" do
106
- expect { Google::Auth::ClientId.from_hash config }.to raise_error(
107
- /Expected top level property/
108
- )
109
- end
110
- end
111
-
112
- context "with missing client id" do
113
- let :config do
114
- {
115
- "web" => {
116
- "client_secret" => "notasecret"
117
- }
118
- }
119
- end
120
-
121
- it "should raise error" do
122
- expect { Google::Auth::ClientId.from_hash config }.to raise_error(
123
- /Client id can not be nil/
124
- )
125
- end
126
- end
127
-
128
- context "with missing client secret" do
129
- let :config do
130
- {
131
- "web" => {
132
- "client_id" => "abc@example.com"
133
- }
134
- }
135
- end
136
-
137
- it "should raise error" do
138
- expect { Google::Auth::ClientId.from_hash config }.to raise_error(
139
- /Client secret can not be nil/
140
- )
141
- end
142
- end
143
-
144
- context "with cloud sdk credentials" do
145
- let :config do
146
- {
147
- "web" => {
148
- "client_id" => Google::Auth::CredentialsLoader::CLOUD_SDK_CLIENT_ID,
149
- "client_secret" => "notasecret"
150
- }
151
- }
152
- end
153
-
154
- it "should raise warning" do
155
- expect { Google::Auth::ClientId.from_hash config }.to output(
156
- Google::Auth::CredentialsLoader::CLOUD_SDK_CREDENTIALS_WARNING + "\n"
157
- ).to_stderr
158
- end
159
- end
160
- end
@@ -1,160 +0,0 @@
1
- # Copyright 2015, Google Inc.
2
- # All rights reserved.
3
- #
4
- # Redistribution and use in source and binary forms, with or without
5
- # modification, are permitted provided that the following conditions are
6
- # met:
7
- #
8
- # * Redistributions of source code must retain the above copyright
9
- # notice, this list of conditions and the following disclaimer.
10
- # * Redistributions in binary form must reproduce the above
11
- # copyright notice, this list of conditions and the following disclaimer
12
- # in the documentation and/or other materials provided with the
13
- # distribution.
14
- # * Neither the name of Google Inc. nor the names of its
15
- # contributors may be used to endorse or promote products derived from
16
- # this software without specific prior written permission.
17
- #
18
- # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19
- # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20
- # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21
- # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
22
- # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
23
- # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
24
- # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25
- # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26
- # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27
- # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
28
- # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29
-
30
- spec_dir = File.expand_path File.join(File.dirname(__FILE__))
31
- $LOAD_PATH.unshift spec_dir
32
- $LOAD_PATH.uniq!
33
-
34
- require "apply_auth_examples"
35
- require "faraday"
36
- require "googleauth/compute_engine"
37
- require "spec_helper"
38
-
39
- describe Google::Auth::GCECredentials do
40
- MD_ACCESS_URI = "http://169.254.169.254/computeMetadata/v1/instance/service-accounts/default/token".freeze
41
- MD_ID_URI = "http://169.254.169.254/computeMetadata/v1/instance/service-accounts/default/identity?audience=https://pubsub.googleapis.com/&format=full".freeze
42
- GCECredentials = Google::Auth::GCECredentials
43
-
44
- before :example do
45
- @client = GCECredentials.new
46
- @id_client = GCECredentials.new target_audience: "https://pubsub.googleapis.com/"
47
- end
48
-
49
- def make_auth_stubs opts
50
- if opts[:access_token]
51
- body = MultiJson.dump("access_token" => opts[:access_token],
52
- "token_type" => "Bearer",
53
- "expires_in" => 3600)
54
-
55
- uri = MD_ACCESS_URI
56
- uri += "?scopes=#{Array(opts[:scope]).join ','}" if opts[:scope]
57
-
58
- stub_request(:get, uri)
59
- .with(headers: { "Metadata-Flavor" => "Google" })
60
- .to_return(body: body,
61
- status: 200,
62
- headers: { "Content-Type" => "application/json" })
63
- elsif opts[:id_token]
64
- stub_request(:get, MD_ID_URI)
65
- .with(headers: { "Metadata-Flavor" => "Google" })
66
- .to_return(body: opts[:id_token],
67
- status: 200,
68
- headers: { "Content-Type" => "text/html" })
69
- end
70
- end
71
-
72
- it_behaves_like "apply/apply! are OK"
73
-
74
- context "metadata is unavailable" do
75
- describe "#fetch_access_token" do
76
- it "should pass scopes when requesting an access token" do
77
- scopes = ["https://www.googleapis.com/auth/drive", "https://www.googleapis.com/auth/bigtable.data"]
78
- stub = make_auth_stubs access_token: "1/abcdef1234567890", scope: scopes
79
- @client = GCECredentials.new(scope: scopes)
80
- @client.fetch_access_token!
81
- expect(stub).to have_been_requested
82
- end
83
-
84
- it "should fail if the metadata request returns a 404" do
85
- stub = stub_request(:get, MD_ACCESS_URI)
86
- .to_return(status: 404,
87
- headers: { "Metadata-Flavor" => "Google" })
88
- expect { @client.fetch_access_token! }
89
- .to raise_error Signet::AuthorizationError
90
- expect(stub).to have_been_requested
91
- end
92
-
93
- it "should fail if the metadata request returns an unexpected code" do
94
- stub = stub_request(:get, MD_ACCESS_URI)
95
- .to_return(status: 503,
96
- headers: { "Metadata-Flavor" => "Google" })
97
- expect { @client.fetch_access_token! }
98
- .to raise_error Signet::AuthorizationError
99
- expect(stub).to have_been_requested
100
- end
101
-
102
- it "should fail with Signet::AuthorizationError if request times out" do
103
- allow_any_instance_of(Faraday::Connection).to receive(:get)
104
- .and_raise(Faraday::TimeoutError)
105
- expect { @client.fetch_access_token! }
106
- .to raise_error Signet::AuthorizationError
107
- end
108
-
109
- it "should fail with Signet::AuthorizationError if request fails" do
110
- allow_any_instance_of(Faraday::Connection).to receive(:get)
111
- .and_raise(Faraday::ConnectionFailed, nil)
112
- expect { @client.fetch_access_token! }
113
- .to raise_error Signet::AuthorizationError
114
- end
115
- end
116
- end
117
-
118
- describe "#on_gce?" do
119
- it "should be true when Metadata-Flavor is Google" do
120
- stub = stub_request(:get, "http://169.254.169.254")
121
- .with(headers: { "Metadata-Flavor" => "Google" })
122
- .to_return(status: 200,
123
- headers: { "Metadata-Flavor" => "Google" })
124
- expect(GCECredentials.on_gce?({}, true)).to eq(true)
125
- expect(stub).to have_been_requested
126
- end
127
-
128
- it "should be false when Metadata-Flavor is not Google" do
129
- stub = stub_request(:get, "http://169.254.169.254")
130
- .with(headers: { "Metadata-Flavor" => "Google" })
131
- .to_return(status: 200,
132
- headers: { "Metadata-Flavor" => "NotGoogle" })
133
- expect(GCECredentials.on_gce?({}, true)).to eq(false)
134
- expect(stub).to have_been_requested
135
- end
136
-
137
- it "should be false if the response is not 200" do
138
- stub = stub_request(:get, "http://169.254.169.254")
139
- .with(headers: { "Metadata-Flavor" => "Google" })
140
- .to_return(status: 404,
141
- headers: { "Metadata-Flavor" => "NotGoogle" })
142
- expect(GCECredentials.on_gce?({}, true)).to eq(false)
143
- expect(stub).to have_been_requested
144
- end
145
-
146
- it "should honor GCE_METADATA_HOST environment variable" do
147
- ENV["GCE_METADATA_HOST"] = "mymetadata.example.com"
148
- begin
149
- stub = stub_request(:get, "http://mymetadata.example.com")
150
- .with(headers: { "Metadata-Flavor" => "Google" })
151
- .to_return(status: 200,
152
- headers: { "Metadata-Flavor" => "Google" })
153
- expect(GCECredentials.on_gce?({}, true)).to eq(true)
154
- expect(stub).to have_been_requested
155
- ensure
156
- ENV.delete "GCE_METADATA_HOST"
157
- end
158
- end
159
- end
160
- end