googleauth 0.17.0 → 1.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.yardopts +11 -0
- data/CHANGELOG.md +23 -19
- data/README.md +24 -2
- data/lib/googleauth/application_default.rb +10 -25
- data/lib/googleauth/client_id.rb +10 -25
- data/lib/googleauth/compute_engine.rb +10 -25
- data/lib/googleauth/credentials.rb +11 -26
- data/lib/googleauth/credentials_loader.rb +11 -26
- data/lib/googleauth/default_credentials.rb +10 -25
- data/lib/googleauth/iam.rb +10 -25
- data/lib/googleauth/id_tokens/errors.rb +9 -23
- data/lib/googleauth/id_tokens/key_sources.rb +10 -23
- data/lib/googleauth/id_tokens/verifier.rb +9 -23
- data/lib/googleauth/id_tokens.rb +9 -23
- data/lib/googleauth/json_key_reader.rb +10 -25
- data/lib/googleauth/scope_util.rb +10 -25
- data/lib/googleauth/service_account.rb +10 -25
- data/lib/googleauth/signet.rb +21 -27
- data/lib/googleauth/stores/file_token_store.rb +10 -25
- data/lib/googleauth/stores/redis_token_store.rb +10 -25
- data/lib/googleauth/token_store.rb +10 -25
- data/lib/googleauth/user_authorizer.rb +10 -25
- data/lib/googleauth/user_refresh.rb +15 -27
- data/lib/googleauth/version.rb +11 -26
- data/lib/googleauth/web_user_authorizer.rb +10 -25
- data/lib/googleauth.rb +10 -25
- metadata +22 -90
- data/.github/CODEOWNERS +0 -7
- data/.github/CONTRIBUTING.md +0 -74
- data/.github/ISSUE_TEMPLATE/bug_report.md +0 -36
- data/.github/ISSUE_TEMPLATE/feature_request.md +0 -21
- data/.github/ISSUE_TEMPLATE/support_request.md +0 -7
- data/.github/renovate.json +0 -6
- data/.github/sync-repo-settings.yaml +0 -18
- data/.github/workflows/ci.yml +0 -55
- data/.github/workflows/release-please.yml +0 -39
- data/.gitignore +0 -39
- data/.kokoro/populate-secrets.sh +0 -76
- data/.kokoro/release.cfg +0 -52
- data/.kokoro/release.sh +0 -18
- data/.kokoro/trampoline_v2.sh +0 -489
- data/.repo-metadata.json +0 -5
- data/.rspec +0 -2
- data/.rubocop.yml +0 -17
- data/.toys/.toys.rb +0 -45
- data/.toys/ci.rb +0 -43
- data/.toys/kokoro/.toys.rb +0 -66
- data/.toys/kokoro/publish-docs.rb +0 -67
- data/.toys/kokoro/publish-gem.rb +0 -53
- data/.toys/linkinator.rb +0 -43
- data/.trampolinerc +0 -48
- data/Gemfile +0 -25
- data/googleauth.gemspec +0 -39
- data/integration/helper.rb +0 -31
- data/integration/id_tokens/key_source_test.rb +0 -74
- data/spec/googleauth/apply_auth_examples.rb +0 -171
- data/spec/googleauth/client_id_spec.rb +0 -160
- data/spec/googleauth/compute_engine_spec.rb +0 -178
- data/spec/googleauth/credentials_spec.rb +0 -600
- data/spec/googleauth/get_application_default_spec.rb +0 -286
- data/spec/googleauth/iam_spec.rb +0 -80
- data/spec/googleauth/scope_util_spec.rb +0 -77
- data/spec/googleauth/service_account_spec.rb +0 -511
- data/spec/googleauth/signet_spec.rb +0 -142
- data/spec/googleauth/stores/file_token_store_spec.rb +0 -57
- data/spec/googleauth/stores/redis_token_store_spec.rb +0 -50
- data/spec/googleauth/stores/store_examples.rb +0 -58
- data/spec/googleauth/user_authorizer_spec.rb +0 -343
- data/spec/googleauth/user_refresh_spec.rb +0 -359
- data/spec/googleauth/web_user_authorizer_spec.rb +0 -172
- data/spec/spec_helper.rb +0 -92
- data/test/helper.rb +0 -33
- data/test/id_tokens/key_sources_test.rb +0 -240
- data/test/id_tokens/verifier_test.rb +0 -269
@@ -1,67 +0,0 @@
|
|
1
|
-
# Copyright 2021 Google LLC
|
2
|
-
#
|
3
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
-
# you may not use this file except in compliance with the License.
|
5
|
-
# You may obtain a copy of the License at
|
6
|
-
#
|
7
|
-
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
-
#
|
9
|
-
# Unless required by applicable law or agreed to in writing, software
|
10
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
-
# See the License for the specific language governing permissions and
|
13
|
-
# limitations under the License.
|
14
|
-
|
15
|
-
require "json"
|
16
|
-
|
17
|
-
include "kokoro-tools"
|
18
|
-
include :exec, e: true
|
19
|
-
include :fileutils
|
20
|
-
|
21
|
-
flag :credentials, "--credentials=PATH"
|
22
|
-
flag :bucket, "--bucket=NAME"
|
23
|
-
flag :dry_run, default: ["true", "docs"].include?(::ENV["RELEASE_DRY_RUN"].to_s)
|
24
|
-
|
25
|
-
def run
|
26
|
-
::Dir.chdir package_directory
|
27
|
-
load_env
|
28
|
-
build_docs
|
29
|
-
write_metadata
|
30
|
-
if dry_run
|
31
|
-
puts "DRY RUN: Skipping doc uploading for #{package_name}"
|
32
|
-
else
|
33
|
-
upload_docs
|
34
|
-
end
|
35
|
-
end
|
36
|
-
|
37
|
-
def build_docs
|
38
|
-
rm_rf "doc"
|
39
|
-
exec ["toys", "yardoc"]
|
40
|
-
end
|
41
|
-
|
42
|
-
def write_metadata
|
43
|
-
allowed_fields = [
|
44
|
-
"name", "version", "language", "distribution-name",
|
45
|
-
"product-page", "github-repository", "issue-tracker"
|
46
|
-
]
|
47
|
-
metadata = ::JSON.parse ::File.read ".repo-metadata.json"
|
48
|
-
metadata.transform_keys! { |k| k.tr "_", "-" }
|
49
|
-
metadata.keep_if { |k, _v| allowed_fields.include? k }
|
50
|
-
metadata["version"] = package_version
|
51
|
-
metadata["name"] = metadata["distribution-name"]
|
52
|
-
args = metadata.transform_keys { |k| "--#{k}" }.to_a.flatten
|
53
|
-
cmd = ["python3", "-m", "docuploader", "create-metadata"] + args
|
54
|
-
exec cmd, chdir: "doc"
|
55
|
-
end
|
56
|
-
|
57
|
-
def upload_docs
|
58
|
-
creds = credentials || "#{::ENV['KOKORO_KEYSTORE_DIR']}/73713_docuploader_service_account"
|
59
|
-
buck = bucket || ::ENV["STAGING_BUCKET"] || "docs-staging"
|
60
|
-
cmd = [
|
61
|
-
"python3", "-m", "docuploader", "upload", ".",
|
62
|
-
"--credentials=#{creds}",
|
63
|
-
"--staging-bucket=#{buck}",
|
64
|
-
"--metadata-file=./docs.metadata"
|
65
|
-
]
|
66
|
-
exec cmd, chdir: "doc"
|
67
|
-
end
|
data/.toys/kokoro/publish-gem.rb
DELETED
@@ -1,53 +0,0 @@
|
|
1
|
-
# Copyright 2021 Google LLC
|
2
|
-
#
|
3
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
-
# you may not use this file except in compliance with the License.
|
5
|
-
# You may obtain a copy of the License at
|
6
|
-
#
|
7
|
-
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
-
#
|
9
|
-
# Unless required by applicable law or agreed to in writing, software
|
10
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
-
# See the License for the specific language governing permissions and
|
13
|
-
# limitations under the License.
|
14
|
-
|
15
|
-
include "kokoro-tools"
|
16
|
-
include :exec, e: true
|
17
|
-
include :fileutils
|
18
|
-
include :gems
|
19
|
-
|
20
|
-
flag :rubygems_token, "--rubygems-token=TOKEN"
|
21
|
-
flag :dry_run, default: ["true", "gem"].include?(::ENV["RELEASE_DRY_RUN"].to_s)
|
22
|
-
|
23
|
-
def run
|
24
|
-
gem "gems", "~> 1.2"
|
25
|
-
require "gems"
|
26
|
-
::Dir.chdir package_directory
|
27
|
-
load_env
|
28
|
-
configure_gems
|
29
|
-
gem_path = build_gem
|
30
|
-
if dry_run
|
31
|
-
puts "DRY RUN: Skipping Rubygems push of #{gem_path}"
|
32
|
-
else
|
33
|
-
push_gem gem_path
|
34
|
-
end
|
35
|
-
end
|
36
|
-
|
37
|
-
def configure_gems
|
38
|
-
token = rubygems_token || ::ENV["RUBYGEMS_API_TOKEN"]
|
39
|
-
::Gems.configure { |config| config.key = token } if token
|
40
|
-
end
|
41
|
-
|
42
|
-
def build_gem
|
43
|
-
gem_path = "pkg/#{package_name}-#{package_version}.gem"
|
44
|
-
rm_rf gem_path
|
45
|
-
exec ["toys", "build"]
|
46
|
-
gem_path
|
47
|
-
end
|
48
|
-
|
49
|
-
def push_gem gem_path
|
50
|
-
response = ::Gems.push ::File.new gem_path
|
51
|
-
puts response
|
52
|
-
raise "Gem push didn't report success" unless response.include? "Successfully registered gem:"
|
53
|
-
end
|
data/.toys/linkinator.rb
DELETED
@@ -1,43 +0,0 @@
|
|
1
|
-
# Copyright 2021 Google LLC
|
2
|
-
#
|
3
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
-
# you may not use this file except in compliance with the License.
|
5
|
-
# You may obtain a copy of the License at
|
6
|
-
#
|
7
|
-
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
-
#
|
9
|
-
# Unless required by applicable law or agreed to in writing, software
|
10
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
-
# See the License for the specific language governing permissions and
|
13
|
-
# limitations under the License.
|
14
|
-
|
15
|
-
desc "Run Link checks"
|
16
|
-
|
17
|
-
flag :install, desc: "Install linkinator instead of running checks"
|
18
|
-
|
19
|
-
include :exec, e: true
|
20
|
-
include :terminal
|
21
|
-
|
22
|
-
def run
|
23
|
-
::Dir.chdir context_directory
|
24
|
-
if install
|
25
|
-
Kernel.exec "npm install linkinator"
|
26
|
-
else
|
27
|
-
exec_tool ["yardoc"]
|
28
|
-
check_links
|
29
|
-
end
|
30
|
-
end
|
31
|
-
|
32
|
-
def check_links
|
33
|
-
result = exec ["npx", "linkinator", "./doc"], out: :capture
|
34
|
-
puts result.captured_out
|
35
|
-
checked_links = result.captured_out.split "\n"
|
36
|
-
checked_links.select! { |link| link =~ /^\[(\d+)\]/ && ::Regexp.last_match[1] != "200" }
|
37
|
-
unless checked_links.empty?
|
38
|
-
checked_links.each do |link|
|
39
|
-
puts link, :yellow
|
40
|
-
end
|
41
|
-
exit 1
|
42
|
-
end
|
43
|
-
end
|
data/.trampolinerc
DELETED
@@ -1,48 +0,0 @@
|
|
1
|
-
# Copyright 2021 Google LLC
|
2
|
-
#
|
3
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
-
# you may not use this file except in compliance with the License.
|
5
|
-
# You may obtain a copy of the License at
|
6
|
-
#
|
7
|
-
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
-
#
|
9
|
-
# Unless required by applicable law or agreed to in writing, software
|
10
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
-
# See the License for the specific language governing permissions and
|
13
|
-
# limitations under the License.
|
14
|
-
|
15
|
-
# Add required env vars here.
|
16
|
-
required_envvars+=(
|
17
|
-
)
|
18
|
-
|
19
|
-
# Add env vars which are passed down into the container here.
|
20
|
-
pass_down_envvars+=(
|
21
|
-
"AUTORELEASE_PR" "RELEASE_DRY_RUN"
|
22
|
-
)
|
23
|
-
|
24
|
-
# Prevent unintentional override on the default image.
|
25
|
-
if [[ "${TRAMPOLINE_IMAGE_UPLOAD:-false}" == "true" ]] && [[ -z "${TRAMPOLINE_IMAGE:-}" ]]; then
|
26
|
-
echo "Please set TRAMPOLINE_IMAGE if you want to upload the Docker image."
|
27
|
-
exit 1
|
28
|
-
fi
|
29
|
-
|
30
|
-
# Define the default value if it makes sense.
|
31
|
-
if [[ -z "${TRAMPOLINE_IMAGE_UPLOAD:-}" ]]; then
|
32
|
-
TRAMPOLINE_IMAGE_UPLOAD=""
|
33
|
-
fi
|
34
|
-
|
35
|
-
if [[ -z "${TRAMPOLINE_IMAGE:-}" ]]; then
|
36
|
-
TRAMPOLINE_IMAGE=""
|
37
|
-
fi
|
38
|
-
|
39
|
-
if [[ -z "${TRAMPOLINE_DOCKERFILE:-}" ]]; then
|
40
|
-
TRAMPOLINE_DOCKERFILE=""
|
41
|
-
fi
|
42
|
-
|
43
|
-
if [[ -z "${TRAMPOLINE_BUILD_FILE:-}" ]]; then
|
44
|
-
TRAMPOLINE_BUILD_FILE=""
|
45
|
-
fi
|
46
|
-
|
47
|
-
# Secret Manager secrets.
|
48
|
-
source ${PROJECT_ROOT}/.kokoro/populate-secrets.sh
|
data/Gemfile
DELETED
@@ -1,25 +0,0 @@
|
|
1
|
-
source "https://rubygems.org"
|
2
|
-
|
3
|
-
# Specify your gem's dependencies in googleauth.gemspec
|
4
|
-
gemspec
|
5
|
-
|
6
|
-
group :development do
|
7
|
-
gem "bundler", ">= 1.9"
|
8
|
-
gem "coveralls", "~> 0.7"
|
9
|
-
gem "fakefs", "~> 0.6"
|
10
|
-
gem "fakeredis", "~> 0.5"
|
11
|
-
gem "google-style", "~> 1.25.1"
|
12
|
-
gem "logging", "~> 2.0"
|
13
|
-
gem "minitest", "~> 5.14"
|
14
|
-
gem "minitest-focus", "~> 1.1"
|
15
|
-
gem "rack-test", "~> 0.6"
|
16
|
-
gem "rake", "~> 13.0"
|
17
|
-
gem "redis", "~> 3.2"
|
18
|
-
gem "rspec", "~> 3.0"
|
19
|
-
gem "simplecov", "~> 0.9"
|
20
|
-
gem "sinatra"
|
21
|
-
gem "webmock", "~> 3.8"
|
22
|
-
end
|
23
|
-
|
24
|
-
gem "faraday", ">= 0.17.3", "< 2.0"
|
25
|
-
gem "gems", "~> 1.2"
|
data/googleauth.gemspec
DELETED
@@ -1,39 +0,0 @@
|
|
1
|
-
# -*- ruby -*-
|
2
|
-
# encoding: utf-8
|
3
|
-
|
4
|
-
$LOAD_PATH.push File.expand_path("lib", __dir__)
|
5
|
-
require "googleauth/version"
|
6
|
-
|
7
|
-
Gem::Specification.new do |gem|
|
8
|
-
gem.name = "googleauth"
|
9
|
-
gem.version = Google::Auth::VERSION
|
10
|
-
gem.authors = ["Tim Emiola"]
|
11
|
-
gem.email = "temiola@google.com"
|
12
|
-
gem.homepage = "https://github.com/googleapis/google-auth-library-ruby"
|
13
|
-
gem.summary = "Google Auth Library for Ruby"
|
14
|
-
gem.license = "Apache-2.0"
|
15
|
-
gem.description = <<-DESCRIPTION
|
16
|
-
Allows simple authorization for accessing Google APIs.
|
17
|
-
Provide support for Application Default Credentials, as described at
|
18
|
-
https://developers.google.com/accounts/docs/application-default-credentials
|
19
|
-
DESCRIPTION
|
20
|
-
|
21
|
-
gem.files = `git ls-files`.split "\n"
|
22
|
-
gem.test_files = `git ls-files -- spec/*`.split "\n"
|
23
|
-
gem.executables = `git ls-files -- bin/*.rb`.split("\n").map do |f|
|
24
|
-
File.basename f
|
25
|
-
end
|
26
|
-
gem.require_paths = ["lib"]
|
27
|
-
|
28
|
-
gem.platform = Gem::Platform::RUBY
|
29
|
-
gem.required_ruby_version = ">= 2.5"
|
30
|
-
|
31
|
-
gem.add_dependency "faraday", ">= 0.17.3", "< 2.0"
|
32
|
-
gem.add_dependency "jwt", ">= 1.4", "< 3.0"
|
33
|
-
gem.add_dependency "memoist", "~> 0.16"
|
34
|
-
gem.add_dependency "multi_json", "~> 1.11"
|
35
|
-
gem.add_dependency "os", ">= 0.9", "< 2.0"
|
36
|
-
gem.add_dependency "signet", "~> 0.14"
|
37
|
-
|
38
|
-
gem.add_development_dependency "yard", "~> 0.9"
|
39
|
-
end
|
data/integration/helper.rb
DELETED
@@ -1,31 +0,0 @@
|
|
1
|
-
# Copyright 2020 Google LLC
|
2
|
-
#
|
3
|
-
# Redistribution and use in source and binary forms, with or without
|
4
|
-
# modification, are permitted provided that the following conditions are
|
5
|
-
# met:
|
6
|
-
#
|
7
|
-
# * Redistributions of source code must retain the above copyright
|
8
|
-
# notice, this list of conditions and the following disclaimer.
|
9
|
-
# * Redistributions in binary form must reproduce the above
|
10
|
-
# copyright notice, this list of conditions and the following disclaimer
|
11
|
-
# in the documentation and/or other materials provided with the
|
12
|
-
# distribution.
|
13
|
-
# * Neither the name of Google Inc. nor the names of its
|
14
|
-
# contributors may be used to endorse or promote products derived from
|
15
|
-
# this software without specific prior written permission.
|
16
|
-
#
|
17
|
-
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
18
|
-
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
19
|
-
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
20
|
-
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
21
|
-
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
22
|
-
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
23
|
-
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
24
|
-
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
25
|
-
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
26
|
-
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
27
|
-
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
28
|
-
|
29
|
-
require "minitest/autorun"
|
30
|
-
require "minitest/focus"
|
31
|
-
require "googleauth"
|
@@ -1,74 +0,0 @@
|
|
1
|
-
# Copyright 2020 Google LLC
|
2
|
-
#
|
3
|
-
# Redistribution and use in source and binary forms, with or without
|
4
|
-
# modification, are permitted provided that the following conditions are
|
5
|
-
# met:
|
6
|
-
#
|
7
|
-
# * Redistributions of source code must retain the above copyright
|
8
|
-
# notice, this list of conditions and the following disclaimer.
|
9
|
-
# * Redistributions in binary form must reproduce the above
|
10
|
-
# copyright notice, this list of conditions and the following disclaimer
|
11
|
-
# in the documentation and/or other materials provided with the
|
12
|
-
# distribution.
|
13
|
-
# * Neither the name of Google Inc. nor the names of its
|
14
|
-
# contributors may be used to endorse or promote products derived from
|
15
|
-
# this software without specific prior written permission.
|
16
|
-
#
|
17
|
-
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
18
|
-
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
19
|
-
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
20
|
-
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
21
|
-
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
22
|
-
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
23
|
-
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
24
|
-
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
25
|
-
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
26
|
-
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
27
|
-
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
28
|
-
|
29
|
-
require "helper"
|
30
|
-
|
31
|
-
describe Google::Auth::IDTokens do
|
32
|
-
describe "key source" do
|
33
|
-
let(:legacy_oidc_key_source) {
|
34
|
-
Google::Auth::IDTokens::X509CertHttpKeySource.new "https://www.googleapis.com/oauth2/v1/certs"
|
35
|
-
}
|
36
|
-
let(:oidc_key_source) { Google::Auth::IDTokens.oidc_key_source }
|
37
|
-
let(:iap_key_source) { Google::Auth::IDTokens.iap_key_source }
|
38
|
-
|
39
|
-
it "Gets real keys from the OAuth2 V1 cert URL" do
|
40
|
-
keys = legacy_oidc_key_source.refresh_keys
|
41
|
-
refute_empty keys
|
42
|
-
keys.each do |key|
|
43
|
-
assert_kind_of OpenSSL::PKey::RSA, key.key
|
44
|
-
refute key.key.private?
|
45
|
-
assert_equal "RS256", key.algorithm
|
46
|
-
end
|
47
|
-
end
|
48
|
-
|
49
|
-
it "Gets real keys from the OAuth2 V3 cert URL" do
|
50
|
-
keys = oidc_key_source.refresh_keys
|
51
|
-
refute_empty keys
|
52
|
-
keys.each do |key|
|
53
|
-
assert_kind_of OpenSSL::PKey::RSA, key.key
|
54
|
-
refute key.key.private?
|
55
|
-
assert_equal "RS256", key.algorithm
|
56
|
-
end
|
57
|
-
end
|
58
|
-
|
59
|
-
it "Gets the same keys from the OAuth2 V1 and V3 cert URLs" do
|
60
|
-
keys_v1 = legacy_oidc_key_source.refresh_keys.map(&:key).map(&:export).sort
|
61
|
-
keys_v3 = oidc_key_source.refresh_keys.map(&:key).map(&:export).sort
|
62
|
-
assert_equal keys_v1, keys_v3
|
63
|
-
end
|
64
|
-
|
65
|
-
it "Gets real keys from the IAP public key URL" do
|
66
|
-
keys = iap_key_source.refresh_keys
|
67
|
-
refute_empty keys
|
68
|
-
keys.each do |key|
|
69
|
-
assert_kind_of OpenSSL::PKey::EC, key.key
|
70
|
-
assert_equal "ES256", key.algorithm
|
71
|
-
end
|
72
|
-
end
|
73
|
-
end
|
74
|
-
end
|
@@ -1,171 +0,0 @@
|
|
1
|
-
# Copyright 2015, Google Inc.
|
2
|
-
# All rights reserved.
|
3
|
-
#
|
4
|
-
# Redistribution and use in source and binary forms, with or without
|
5
|
-
# modification, are permitted provided that the following conditions are
|
6
|
-
# met:
|
7
|
-
#
|
8
|
-
# * Redistributions of source code must retain the above copyright
|
9
|
-
# notice, this list of conditions and the following disclaimer.
|
10
|
-
# * Redistributions in binary form must reproduce the above
|
11
|
-
# copyright notice, this list of conditions and the following disclaimer
|
12
|
-
# in the documentation and/or other materials provided with the
|
13
|
-
# distribution.
|
14
|
-
# * Neither the name of Google Inc. nor the names of its
|
15
|
-
# contributors may be used to endorse or promote products derived from
|
16
|
-
# this software without specific prior written permission.
|
17
|
-
#
|
18
|
-
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
19
|
-
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
20
|
-
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
21
|
-
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
22
|
-
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
23
|
-
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
24
|
-
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
25
|
-
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
26
|
-
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
27
|
-
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
28
|
-
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
29
|
-
|
30
|
-
spec_dir = File.expand_path File.join(File.dirname(__FILE__))
|
31
|
-
$LOAD_PATH.unshift spec_dir
|
32
|
-
$LOAD_PATH.uniq!
|
33
|
-
|
34
|
-
require "faraday"
|
35
|
-
require "spec_helper"
|
36
|
-
|
37
|
-
shared_examples "apply/apply! are OK" do
|
38
|
-
let(:auth_key) { :authorization }
|
39
|
-
|
40
|
-
# tests that use these examples need to define
|
41
|
-
#
|
42
|
-
# @client which should be an auth client
|
43
|
-
#
|
44
|
-
# @make_auth_stubs, which should stub out the expected http behaviour of the
|
45
|
-
# auth client
|
46
|
-
describe "#fetch_access_token" do
|
47
|
-
let(:token) { "1/abcdef1234567890" }
|
48
|
-
let :access_stub do
|
49
|
-
make_auth_stubs access_token: token
|
50
|
-
end
|
51
|
-
let :id_stub do
|
52
|
-
make_auth_stubs id_token: token
|
53
|
-
end
|
54
|
-
|
55
|
-
it "should set access_token to the fetched value" do
|
56
|
-
access_stub
|
57
|
-
@client.fetch_access_token!
|
58
|
-
expect(@client.access_token).to eq(token)
|
59
|
-
expect(access_stub).to have_been_requested
|
60
|
-
end
|
61
|
-
|
62
|
-
it "should set id_token to the fetched value" do
|
63
|
-
skip unless @id_client
|
64
|
-
id_stub
|
65
|
-
@id_client.fetch_access_token!
|
66
|
-
expect(@id_client.id_token).to eq(token)
|
67
|
-
expect(id_stub).to have_been_requested
|
68
|
-
end
|
69
|
-
|
70
|
-
it "should notify refresh listeners after updating" do
|
71
|
-
access_stub
|
72
|
-
expect do |b|
|
73
|
-
@client.on_refresh(&b)
|
74
|
-
@client.fetch_access_token!
|
75
|
-
end.to yield_with_args(have_attributes(
|
76
|
-
access_token: "1/abcdef1234567890"
|
77
|
-
))
|
78
|
-
expect(access_stub).to have_been_requested
|
79
|
-
end
|
80
|
-
end
|
81
|
-
|
82
|
-
describe "#apply!" do
|
83
|
-
it "should update the target hash with fetched access token" do
|
84
|
-
token = "1/abcdef1234567890"
|
85
|
-
stub = make_auth_stubs access_token: token
|
86
|
-
|
87
|
-
md = { foo: "bar" }
|
88
|
-
@client.apply! md
|
89
|
-
want = { :foo => "bar", auth_key => "Bearer #{token}" }
|
90
|
-
expect(md).to eq(want)
|
91
|
-
expect(stub).to have_been_requested
|
92
|
-
end
|
93
|
-
|
94
|
-
it "should update the target hash with fetched ID token" do
|
95
|
-
skip unless @id_client
|
96
|
-
token = "1/abcdef1234567890"
|
97
|
-
stub = make_auth_stubs id_token: token
|
98
|
-
|
99
|
-
md = { foo: "bar" }
|
100
|
-
@id_client.apply! md
|
101
|
-
want = { :foo => "bar", auth_key => "Bearer #{token}" }
|
102
|
-
expect(md).to eq(want)
|
103
|
-
expect(stub).to have_been_requested
|
104
|
-
end
|
105
|
-
end
|
106
|
-
|
107
|
-
describe "updater_proc" do
|
108
|
-
it "should provide a proc that updates a hash with the access token" do
|
109
|
-
token = "1/abcdef1234567890"
|
110
|
-
stub = make_auth_stubs access_token: token
|
111
|
-
md = { foo: "bar" }
|
112
|
-
the_proc = @client.updater_proc
|
113
|
-
got = the_proc.call md
|
114
|
-
want = { :foo => "bar", auth_key => "Bearer #{token}" }
|
115
|
-
expect(got).to eq(want)
|
116
|
-
expect(stub).to have_been_requested
|
117
|
-
end
|
118
|
-
end
|
119
|
-
|
120
|
-
describe "#apply" do
|
121
|
-
it "should not update the original hash with the access token" do
|
122
|
-
token = "1/abcdef1234567890"
|
123
|
-
stub = make_auth_stubs access_token: token
|
124
|
-
|
125
|
-
md = { foo: "bar" }
|
126
|
-
@client.apply md
|
127
|
-
want = { foo: "bar" }
|
128
|
-
expect(md).to eq(want)
|
129
|
-
expect(stub).to have_been_requested
|
130
|
-
end
|
131
|
-
|
132
|
-
it "should add the token to the returned hash" do
|
133
|
-
token = "1/abcdef1234567890"
|
134
|
-
stub = make_auth_stubs access_token: token
|
135
|
-
|
136
|
-
md = { foo: "bar" }
|
137
|
-
got = @client.apply md
|
138
|
-
want = { :foo => "bar", auth_key => "Bearer #{token}" }
|
139
|
-
expect(got).to eq(want)
|
140
|
-
expect(stub).to have_been_requested
|
141
|
-
end
|
142
|
-
|
143
|
-
it "should not fetch a new token if the current is not expired" do
|
144
|
-
token = "1/abcdef1234567890"
|
145
|
-
stub = make_auth_stubs access_token: token
|
146
|
-
|
147
|
-
n = 5 # arbitrary
|
148
|
-
n.times do |_t|
|
149
|
-
md = { foo: "bar" }
|
150
|
-
got = @client.apply md
|
151
|
-
want = { :foo => "bar", auth_key => "Bearer #{token}" }
|
152
|
-
expect(got).to eq(want)
|
153
|
-
end
|
154
|
-
expect(stub).to have_been_requested
|
155
|
-
end
|
156
|
-
|
157
|
-
it "should fetch a new token if the current one is expired" do
|
158
|
-
token1 = "1/abcdef1234567890"
|
159
|
-
token2 = "2/abcdef1234567891"
|
160
|
-
|
161
|
-
[token1, token2].each do |t|
|
162
|
-
make_auth_stubs access_token: t
|
163
|
-
md = { foo: "bar" }
|
164
|
-
got = @client.apply md
|
165
|
-
want = { :foo => "bar", auth_key => "Bearer #{t}" }
|
166
|
-
expect(got).to eq(want)
|
167
|
-
@client.expires_at -= 3601 # default is to expire in 1hr
|
168
|
-
end
|
169
|
-
end
|
170
|
-
end
|
171
|
-
end
|