googleauth 0.4.2 → 0.5.0

data/spec/googleauth/client_id_spec.rb

@@ -0,0 +1,140 @@
+# Copyright 2015, Google Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#     * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+spec_dir = File.expand_path(File.join(File.dirname(__FILE__)))
+$LOAD_PATH.unshift(spec_dir)
+$LOAD_PATH.uniq!
+
+require 'spec_helper'
+require 'fakefs/safe'
+require 'googleauth'
+
+describe Google::Auth::ClientId do
+  shared_examples 'it has a valid config' do
+    it 'should include a valid id' do
+      expect(client_id.id).to eql 'abc@example.com'
+    end
+
+    it 'should include a valid secret' do
+      expect(client_id.secret).to eql 'notasecret'
+    end
+  end
+
+  shared_examples 'it can successfully load client_id' do
+    context 'loaded from hash' do
+      let(:client_id) { Google::Auth::ClientId.from_hash(config) }
+
+      it_behaves_like 'it has a valid config'
+    end
+
+    context 'loaded from file' do
+      file_path = '/client_secrets.json'
+
+      let(:client_id) do
+        FakeFS do
+          content = MultiJson.dump(config)
+          File.write(file_path, content)
+          Google::Auth::ClientId.from_file(file_path)
+        end
+      end
+
+      it_behaves_like 'it has a valid config'
+    end
+  end
+
+  describe 'with web config' do
+    let(:config) do
+      {
+        'web' => {
+          'client_id' => 'abc@example.com',
+          'client_secret' => 'notasecret'
+        }
+      }
+    end
+    it_behaves_like 'it can successfully load client_id'
+  end
+
+  describe 'with installed app config' do
+    let(:config) do
+      {
+        'installed' => {
+          'client_id' => 'abc@example.com',
+          'client_secret' => 'notasecret'
+        }
+      }
+    end
+    it_behaves_like 'it can successfully load client_id'
+  end
+
+  context 'with missing top level property' do
+    let(:config) do
+      {
+        'notvalid' => {
+          'client_id' => 'abc@example.com',
+          'client_secret' => 'notasecret'
+        }
+      }
+    end
+
+    it 'should raise error' do
+      expect { Google::Auth::ClientId.from_hash(config) }.to raise_error(
+        /Expected top level property/)
+    end
+  end
+
+  context 'with missing client id' do
+    let(:config) do
+      {
+        'web' => {
+          'client_secret' => 'notasecret'
+        }
+      }
+    end
+
+    it 'should raise error' do
+      expect { Google::Auth::ClientId.from_hash(config) }.to raise_error(
+        /Client id can not be nil/)
+    end
+  end
+
+  context 'with missing client secret' do
+    let(:config) do
+      {
+        'web' => {
+          'client_id' => 'abc@example.com'
+        }
+      }
+    end
+
+    it 'should raise error' do
+      expect { Google::Auth::ClientId.from_hash(config) }.to raise_error(
+        /Client secret can not be nil/)
+    end
+  end
+end

data/spec/googleauth/compute_engine_spec.rb

@@ -37,7 +37,7 @@ require 'googleauth/compute_engine'
 require 'spec_helper'
 
 describe Google::Auth::GCECredentials do
-  MD_URI = '/computeMetadata/v1/instance/service-accounts/default/token'
+  MD_URI = 'http://169.254.169.254/computeMetadata/v1/instance/service-accounts/default/token'
   GCECredentials = Google::Auth::GCECredentials
 
   before(:example) do
@@ -46,16 +46,14 @@ describe Google::Auth::GCECredentials do
 
   def make_auth_stubs(opts = {})
     access_token = opts[:access_token] || ''
-    Faraday::Adapter::Test::Stubs.new do |stub|
-      stub.get(MD_URI) do |env|
-        headers = env[:request_headers]
-        expect(headers['Metadata-Flavor']).to eq('Google')
-        build_json_response(
-          'access_token' => access_token,
-          'token_type' => 'Bearer',
-          'expires_in' => 3600)
-      end
-    end
+    body = MultiJson.dump('access_token' => access_token,
+                          'token_type' => 'Bearer',
+                          'expires_in' => 3600)
+    stub_request(:get, MD_URI)
+      .with(headers: { 'Metadata-Flavor' => 'Google' })
+      .to_return(body: body,
+                 status: 200,
+                 headers: { 'Content-Type' => 'application/json' })
   end
 
   it_behaves_like 'apply/apply! are OK'
@@ -63,83 +61,48 @@ describe Google::Auth::GCECredentials do
   context 'metadata is unavailable' do
     describe '#fetch_access_token' do
       it 'should fail if the metadata request returns a 404' do
-        stubs = Faraday::Adapter::Test::Stubs.new do |stub|
-          stub.get(MD_URI) do |_env|
-            [404,
-             { 'Metadata-Flavor' => 'Google' },
-             '']
-          end
-        end
-        c = Faraday.new do |b|
-          b.adapter(:test, stubs)
-        end
-        blk = proc { @client.fetch_access_token!(connection: c) }
+        stub = stub_request(:get, MD_URI)
+               .to_return(status: 404,
+                          headers: { 'Metadata-Flavor' => 'Google' })
+        blk = proc { @client.fetch_access_token! }
         expect(&blk).to raise_error Signet::AuthorizationError
-        stubs.verify_stubbed_calls
+        expect(stub).to have_been_requested
       end
 
       it 'should fail if the metadata request returns an unexpected code' do
-        stubs = Faraday::Adapter::Test::Stubs.new do |stub|
-          stub.get(MD_URI) do |_env|
-            [503,
-             { 'Metadata-Flavor' => 'Google' },
-             '']
-          end
-        end
-        c = Faraday.new do |b|
-          b.adapter(:test, stubs)
-        end
-        blk = proc { @client.fetch_access_token!(connection: c) }
+        stub = stub_request(:get, MD_URI)
+               .to_return(status: 503,
+                          headers: { 'Metadata-Flavor' => 'Google' })
+        blk = proc { @client.fetch_access_token! }
         expect(&blk).to raise_error Signet::AuthorizationError
-        stubs.verify_stubbed_calls
+        expect(stub).to have_been_requested
       end
     end
   end
 
   describe '#on_gce?' do
     it 'should be true when Metadata-Flavor is Google' do
-      stubs = Faraday::Adapter::Test::Stubs.new do |stub|
-        stub.get('/') do |_env|
-          [200,
-           { 'Metadata-Flavor' => 'Google' },
-           '']
-        end
-      end
-      c = Faraday.new do |b|
-        b.adapter(:test, stubs)
-      end
-      expect(GCECredentials.on_gce?(connection: c)).to eq(true)
-      stubs.verify_stubbed_calls
+      stub = stub_request(:get, 'http://169.254.169.254')
+             .to_return(status: 200,
+                        headers: { 'Metadata-Flavor' => 'Google' })
+      expect(GCECredentials.on_gce?({}, true)).to eq(true)
+      expect(stub).to have_been_requested
     end
 
     it 'should be false when Metadata-Flavor is not Google' do
-      stubs = Faraday::Adapter::Test::Stubs.new do |stub|
-        stub.get('/') do |_env|
-          [200,
-           { 'Metadata-Flavor' => 'NotGoogle' },
-           '']
-        end
-      end
-      c = Faraday.new do |b|
-        b.adapter(:test, stubs)
-      end
-      expect(GCECredentials.on_gce?(connection: c)).to eq(false)
-      stubs.verify_stubbed_calls
+      stub = stub_request(:get, 'http://169.254.169.254')
+             .to_return(status: 200,
+                        headers: { 'Metadata-Flavor' => 'NotGoogle' })
+      expect(GCECredentials.on_gce?({}, true)).to eq(false)
+      expect(stub).to have_been_requested
     end
 
     it 'should be false if the response is not 200' do
-      stubs = Faraday::Adapter::Test::Stubs.new do |stub|
-        stub.get('/') do |_env|
-          [404,
-           { 'Metadata-Flavor' => 'Google' },
-           '']
-        end
-      end
-      c = Faraday.new do |b|
-        b.adapter(:test, stubs)
-      end
-      expect(GCECredentials.on_gce?(connection: c)).to eq(false)
-      stubs.verify_stubbed_calls
+      stub = stub_request(:get, 'http://169.254.169.254')
+             .to_return(status: 404,
+                        headers: { 'Metadata-Flavor' => 'NotGoogle' })
+      expect(GCECredentials.on_gce?({}, true)).to eq(false)
+      expect(stub).to have_been_requested
     end
   end
 end

data/spec/googleauth/get_application_default_spec.rb

@@ -37,6 +37,9 @@ require 'googleauth'
 require 'spec_helper'
 
 describe '#get_application_default' do
+  # Pass unique options each time to bypass memoization
+  let(:options) { |example| { dememoize: example } }
+
   before(:example) do
     @key = OpenSSL::PKey::RSA.new(2048)
     @var_name = ENV_VAR
@@ -59,31 +62,24 @@ describe '#get_application_default' do
       Dir.mktmpdir do |dir|
         key_path = File.join(dir, 'does-not-exist')
         ENV[@var_name] = key_path
-        expect { Google::Auth.get_application_default(@scope) }
+        expect { Google::Auth.get_application_default(@scope, options) }
           .to raise_error RuntimeError
       end
     end
 
     it 'fails without default file or env if not on compute engine' do
-      stubs = Faraday::Adapter::Test::Stubs.new do |stub|
-        stub.get('/') do |_env|
-          [404,
-           { 'Metadata-Flavor' => 'Google' },
-           '']
-        end
-      end # GCE not detected
+      stub = stub_request(:get, 'http://169.254.169.254')
+             .to_return(status: 404,
+                        headers: { 'Metadata-Flavor' => 'NotGoogle' })
       Dir.mktmpdir do |dir|
         ENV.delete(@var_name) unless ENV[@var_name].nil? # no env var
         ENV['HOME'] = dir # no config present in this tmp dir
-        c = Faraday.new do |b|
-          b.adapter(:test, stubs)
-        end
         blk = proc do
-          Google::Auth.get_application_default(@scope, connection: c)
+          Google::Auth.get_application_default(@scope, options)
         end
         expect(&blk).to raise_error RuntimeError
       end
-      stubs.verify_stubbed_calls
+      expect(stub).to have_been_requested
     end
   end
 
@@ -94,7 +90,8 @@ describe '#get_application_default' do
         FileUtils.mkdir_p(File.dirname(key_path))
         File.write(key_path, cred_json_text)
         ENV[@var_name] = key_path
-        expect(Google::Auth.get_application_default(@scope)).to_not be_nil
+        expect(Google::Auth.get_application_default(@scope, options))
+          .to_not be_nil
       end
     end
 
@@ -105,7 +102,8 @@ describe '#get_application_default' do
         FileUtils.mkdir_p(File.dirname(key_path))
         File.write(key_path, cred_json_text)
         ENV['HOME'] = dir
-        expect(Google::Auth.get_application_default(@scope)).to_not be_nil
+        expect(Google::Auth.get_application_default(@scope, options))
+          .to_not be_nil
       end
     end
 
@@ -116,30 +114,21 @@ describe '#get_application_default' do
         FileUtils.mkdir_p(File.dirname(key_path))
         File.write(key_path, cred_json_text)
         ENV['HOME'] = dir
-        expect(Google::Auth.get_application_default).to_not be_nil
+        expect(Google::Auth.get_application_default(nil, options)).to_not be_nil
       end
     end
 
     it 'succeeds without default file or env if on compute engine' do
-      stubs = Faraday::Adapter::Test::Stubs.new do |stub|
-        stub.get('/') do |_env|
-          [200,
-           { 'Metadata-Flavor' => 'Google' },
-           '']
-        end
-      end # GCE detected
+      stub = stub_request(:get, 'http://169.254.169.254')
+             .to_return(status: 200,
+                        headers: { 'Metadata-Flavor' => 'Google' })
       Dir.mktmpdir do |dir|
         ENV.delete(@var_name) unless ENV[@var_name].nil? # no env var
         ENV['HOME'] = dir # no config present in this tmp dir
-        c = Faraday.new do |b|
-          b.adapter(:test, stubs)
-        end
-        creds = Google::Auth.get_application_default(
-          @scope,
-          connection: c)
+        creds = Google::Auth.get_application_default(@scope, options)
         expect(creds).to_not be_nil
       end
-      stubs.verify_stubbed_calls
+      expect(stub).to have_been_requested
     end
 
     it 'succeeds with system default file' do
@@ -148,7 +137,8 @@ describe '#get_application_default' do
         key_path = File.join('/etc/google/auth/', CREDENTIALS_FILE_NAME)
         FileUtils.mkdir_p(File.dirname(key_path))
         File.write(key_path, cred_json_text)
-        expect(Google::Auth.get_application_default(@scope)).to_not be_nil
+        expect(Google::Auth.get_application_default(@scope, options))
+          .to_not be_nil
         File.delete(key_path)
       end
     end
@@ -161,7 +151,8 @@ describe '#get_application_default' do
       ENV[CLIENT_SECRET_VAR] = cred_json[:client_secret]
       ENV[REFRESH_TOKEN_VAR] = cred_json[:refresh_token]
       ENV[ACCOUNT_TYPE_VAR] = cred_json[:type]
-      expect(Google::Auth.get_application_default(@scope)).to_not be_nil
+      expect(Google::Auth.get_application_default(@scope, options))
+        .to_not be_nil
     end
   end
 
@@ -225,7 +216,7 @@ describe '#get_application_default' do
         File.write(key_path, cred_json_text)
         ENV[@var_name] = key_path
         blk = proc do
-          Google::Auth.get_application_default(@scope)
+          Google::Auth.get_application_default(@scope, options)
         end
         expect(&blk).to raise_error RuntimeError
       end
@@ -239,7 +230,7 @@ describe '#get_application_default' do
         File.write(key_path, cred_json_text)
         ENV['HOME'] = dir
         blk = proc do
-          Google::Auth.get_application_default(@scope)
+          Google::Auth.get_application_default(@scope, options)
         end
         expect(&blk).to raise_error RuntimeError
       end
@@ -249,7 +240,7 @@ describe '#get_application_default' do
       ENV[PRIVATE_KEY_VAR] = cred_json[:private_key]
       ENV[CLIENT_EMAIL_VAR] = cred_json[:client_email]
       blk = proc do
-        Google::Auth.get_application_default(@scope)
+        Google::Auth.get_application_default(@scope, options)
       end
       expect(&blk).to raise_error RuntimeError
     end

data/spec/googleauth/scope_util_spec.rb

@@ -0,0 +1,75 @@
+# Copyright 2015, Google Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#     * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+spec_dir = File.expand_path(File.join(File.dirname(__FILE__)))
+$LOAD_PATH.unshift(spec_dir)
+$LOAD_PATH.uniq!
+
+require 'googleauth/scope_util'
+
+describe Google::Auth::ScopeUtil do
+  shared_examples 'normalizes scopes' do
+    let(:normalized) { Google::Auth::ScopeUtil.normalize(source) }
+
+    it 'normalizes the email scope' do
+      expect(normalized).to include(
+        'https://www.googleapis.com/auth/userinfo.email')
+      expect(normalized).to_not include 'email'
+    end
+
+    it 'normalizes the profile scope' do
+      expect(normalized).to include(
+        'https://www.googleapis.com/auth/userinfo.profile')
+      expect(normalized).to_not include 'profile'
+    end
+
+    it 'normalizes the openid scope' do
+      expect(normalized).to include 'https://www.googleapis.com/auth/plus.me'
+      expect(normalized).to_not include 'openid'
+    end
+
+    it 'leaves other other scopes as-is' do
+      expect(normalized).to include 'https://www.googleapis.com/auth/drive'
+    end
+  end
+
+  context 'with scope as string' do
+    let(:source) do
+      'email profile openid https://www.googleapis.com/auth/drive'
+    end
+    it_behaves_like 'normalizes scopes'
+  end
+
+  context 'with scope as Array' do
+    let(:source) do
+      %w(email profile openid https://www.googleapis.com/auth/drive)
+    end
+    it_behaves_like 'normalizes scopes'
+  end
+end