RubyGems - googleauth - Versions diffs - 0.4.2 → 0.5.0 - Mend

googleauth 0.4.2 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (34) hide show

checksums.yaml +4 -4
data/.rubocop_todo.yml +23 -6
data/.travis.yml +3 -0
data/CHANGELOG.md +8 -1
data/Gemfile +20 -0
data/README.md +80 -1
data/googleauth.gemspec +1 -9
data/lib/googleauth.rb +6 -3
data/lib/googleauth/client_id.rb +102 -0
data/lib/googleauth/scope_util.rb +61 -0
data/lib/googleauth/service_account.rb +23 -18
data/lib/googleauth/signet.rb +20 -1
data/lib/googleauth/stores/file_token_store.rb +64 -0
data/lib/googleauth/stores/redis_token_store.rb +95 -0
data/lib/googleauth/token_store.rb +69 -0
data/lib/googleauth/user_authorizer.rb +273 -0
data/lib/googleauth/user_refresh.rb +53 -16
data/lib/googleauth/version.rb +1 -1
data/lib/googleauth/web_user_authorizer.rb +289 -0
data/spec/googleauth/apply_auth_examples.rb +36 -58
data/spec/googleauth/client_id_spec.rb +140 -0
data/spec/googleauth/compute_engine_spec.rb +34 -71
data/spec/googleauth/get_application_default_spec.rb +26 -35
data/spec/googleauth/scope_util_spec.rb +75 -0
data/spec/googleauth/service_account_spec.rb +16 -11
data/spec/googleauth/signet_spec.rb +14 -9
data/spec/googleauth/stores/file_token_store_spec.rb +58 -0
data/spec/googleauth/stores/redis_token_store_spec.rb +50 -0
data/spec/googleauth/stores/store_examples.rb +58 -0
data/spec/googleauth/user_authorizer_spec.rb +314 -0
data/spec/googleauth/user_refresh_spec.rb +77 -13
data/spec/googleauth/web_user_authorizer_spec.rb +159 -0
data/spec/spec_helper.rb +33 -1
metadata +37 -113

data/spec/googleauth/user_refresh_spec.rb CHANGED

@@ -57,7 +57,7 @@ describe Google::Auth::UserRefreshCredentials do
   before(:example) do
     @key = OpenSSL::PKey::RSA.new(2048)
-    @client = UserRefreshCredentials.new(
+    @client = UserRefreshCredentials.make_creds(
       json_key_io: StringIO.new(cred_json_text),
       scope: 'https://www.googleapis.com/auth/userinfo.profile'
     )
@@ -65,14 +65,14 @@ describe Google::Auth::UserRefreshCredentials do
   def make_auth_stubs(opts = {})
     access_token = opts[:access_token] || ''
-    Faraday::Adapter::Test::Stubs.new do |stub|
-      stub.post('/oauth2/v3/token') do |env|
-        params = Addressable::URI.form_unencode(env[:body])
-        want = %w(grant_type refresh_token)
-        expect(params.assoc('grant_type')).to eq(want)
-        build_access_token_json(access_token)
-      end
-    end
+    body = MultiJson.dump('access_token' => access_token,
+                          'token_type' => 'Bearer',
+                          'expires_in' => 3600)
+    stub_request(:post, 'https://www.googleapis.com/oauth2/v3/token')
+      .with(body: hash_including('grant_type' => 'refresh_token'))
+      .to_return(body: body,
+                 status: 200,
+                 headers: { 'Content-Type' => 'application/json' })
   end
   def cred_json_text(missing = nil)
@@ -142,10 +142,11 @@ describe Google::Auth::UserRefreshCredentials do
       ENV[CLIENT_SECRET_VAR] = cred_json[:client_secret]
       ENV[REFRESH_TOKEN_VAR] = cred_json[:refresh_token]
       ENV[ACCOUNT_TYPE_VAR] = cred_json[:type]
-      expect(@clz.from_env(@scope)).to_not be_nil
-      expect(subject.client_id).to eq(cred_json[:client_id])
-      expect(subject.client_secret).to eq(cred_json[:client_secret])
-      expect(subject.refresh_token).to eq(cred_json[:refresh_token])
+      creds = @clz.from_env(@scope)
+      expect(creds).to_not be_nil
+      expect(creds.client_id).to eq(cred_json[:client_id])
+      expect(creds.client_secret).to eq(cred_json[:client_secret])
+      expect(creds.refresh_token).to eq(cred_json[:refresh_token])
     end
   end
@@ -227,4 +228,67 @@ describe Google::Auth::UserRefreshCredentials do
       end
     end
   end
+  shared_examples 'revoked token' do
+    it 'should nil the refresh token' do
+      expect(@client.refresh_token).to be_nil
+    end
+    it 'should nil the access token' do
+      expect(@client.access_token).to be_nil
+    end
+    it 'should mark the token as expired' do
+      expect(@client.expired?).to be_truthy
+    end
+  end
+  describe 'when revoking a refresh token' do
+    let(:stub) do
+      stub_request(:get, 'https://accounts.google.com/o/oauth2/revoke' \
+                         '?token=refreshtoken')
+        .to_return(status: 200,
+                   headers: { 'Content-Type' => 'application/json' })
+    end
+    before(:example) do
+      stub
+      @client.revoke!
+    end
+    it_behaves_like 'revoked token'
+  end
+  describe 'when revoking an access token' do
+    let(:stub) do
+      stub_request(:get, 'https://accounts.google.com/o/oauth2/revoke' \
+                         '?token=accesstoken')
+        .to_return(status: 200,
+                   headers: { 'Content-Type' => 'application/json' })
+    end
+    before(:example) do
+      stub
+      @client.refresh_token = nil
+      @client.access_token = 'accesstoken'
+      @client.revoke!
+    end
+    it_behaves_like 'revoked token'
+  end
+  describe 'when revoking an invalid token' do
+    let(:stub) do
+      stub_request(:get, 'https://accounts.google.com/o/oauth2/revoke' \
+                         '?token=refreshtoken')
+        .to_return(status: 400,
+                   headers: { 'Content-Type' => 'application/json' })
+    end
+    it 'raises an authorization error' do
+      stub
+      expect { @client.revoke! }.to raise_error(
+        Signet::AuthorizationError)
+    end
+  end
 end

data/spec/googleauth/web_user_authorizer_spec.rb ADDED

@@ -0,0 +1,159 @@
+# Copyright 2015, Google Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#     * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+spec_dir = File.expand_path(File.join(File.dirname(__FILE__)))
+$LOAD_PATH.unshift(spec_dir)
+$LOAD_PATH.uniq!
+require 'googleauth'
+require 'googleauth/web_user_authorizer'
+require 'uri'
+require 'multi_json'
+require 'spec_helper'
+require 'rack'
+describe Google::Auth::WebUserAuthorizer do
+  include TestHelpers
+  let(:client_id) { Google::Auth::ClientId.new('testclient', 'notasecret') }
+  let(:scope) { %w(email profile) }
+  let(:token_store) { DummyTokenStore.new }
+  let(:authorizer) do
+    Google::Auth::WebUserAuthorizer.new(client_id, scope, token_store)
+  end
+  describe '#get_authorization_url' do
+    let(:env) do
+      Rack::MockRequest.env_for(
+        'http://example.com:8080/test',
+        'REMOTE_ADDR' => '10.10.10.10')
+    end
+    let(:request) { Rack::Request.new(env) }
+    it 'should include current url in state' do
+      url = authorizer.get_authorization_url(request: request)
+      expect(url).to match(
+        %r{%22current_uri%22:%22http://example.com:8080/test%22})
+    end
+    it 'should include request forgery token in state' do
+      expect(SecureRandom).to receive(:base64).and_return('aGVsbG8=')
+      url = authorizer.get_authorization_url(request: request)
+      expect(url).to match(/%22session_id%22:%22aGVsbG8=%22/)
+    end
+    it 'should include request forgery token in session' do
+      expect(SecureRandom).to receive(:base64).and_return('aGVsbG8=')
+      authorizer.get_authorization_url(request: request)
+      expect(request.session['g-xsrf-token']).to eq 'aGVsbG8='
+    end
+    it 'should resolve callback against base URL' do
+      url = authorizer.get_authorization_url(request: request)
+      expect(url).to match(
+        %r{redirect_uri=http://example.com:8080/oauth2callback})
+    end
+    it 'should allow overriding the current URL' do
+      url = authorizer.get_authorization_url(
+        request: request,
+        redirect_to: '/foo')
+      expect(url).to match %r{%22current_uri%22:%22/foo%22}
+    end
+    it 'should pass through login hint' do
+      url = authorizer.get_authorization_url(
+        request: request,
+        login_hint: 'user@example.com')
+      expect(url).to match(/login_hint=user@example.com/)
+    end
+  end
+  shared_examples 'handles callback' do
+    let(:token_json) do
+      MultiJson.dump('access_token' => '1/abc123',
+                     'token_type' => 'Bearer',
+                     'expires_in' => 3600)
+    end
+    before(:example) do
+      stub_request(:post, 'https://www.googleapis.com/oauth2/v3/token')
+        .to_return(body: token_json,
+                   status: 200,
+                   headers: { 'Content-Type' => 'application/json' })
+    end
+    let(:env) do
+      Rack::MockRequest.env_for(
+        'http://example.com:8080/oauth2callback?code=authcode&'\
+        'state=%7B%22current_uri%22%3A%22%2Ffoo%22%2C%22'\
+        'session_id%22%3A%22abc%22%7D',
+        'REMOTE_ADDR' => '10.10.10.10')
+    end
+    let(:request) { Rack::Request.new(env) }
+    before(:example) do
+      request.session['g-xsrf-token'] = 'abc'
+    end
+    it 'should return credentials when valid code present' do
+      expect(credentials).to be_instance_of(
+        Google::Auth::UserRefreshCredentials)
+    end
+    it 'should return next URL to redirect to' do
+      expect(next_url).to eq '/foo'
+    end
+    it 'should fail if xrsf token in session and does not match request' do
+      request.session['g-xsrf-token'] = '123'
+      expect { credentials }.to raise_error(Signet::AuthorizationError)
+    end
+  end
+  describe '#handle_auth_callback' do
+    let(:result) { authorizer.handle_auth_callback('user1', request) }
+    let(:credentials) { result[0] }
+    let(:next_url) { result[1] }
+    it_behaves_like 'handles callback'
+  end
+  describe '#handle_auth_callback_deferred and #get_credentials' do
+    let(:next_url) do
+      Google::Auth::WebUserAuthorizer.handle_auth_callback_deferred(request)
+    end
+    let(:credentials) do
+      next_url
+      authorizer.get_credentials('user1', request)
+    end
+    it_behaves_like 'handles callback'
+  end
+end

data/spec/spec_helper.rb CHANGED

@@ -39,13 +39,21 @@ $LOAD_PATH.uniq!
 require 'simplecov'
 require 'coveralls'
-SimpleCov.formatter = Coveralls::SimpleCov::Formatter
+SimpleCov.formatters = [
+  Coveralls::SimpleCov::Formatter,
+  SimpleCov::Formatter::HTMLFormatter
+]
 SimpleCov.start
 require 'faraday'
 require 'rspec'
 require 'logging'
 require 'rspec/logging_helper'
+require 'webmock/rspec'
+require 'multi_json'
+# Preload adapter to work around Rubinius error with FakeFS
+MultiJson.use(:json_gem)
 # Allow Faraday to support test stubs
 Faraday::Adapter.load_middleware(:test)
@@ -55,4 +63,28 @@ Faraday::Adapter.load_middleware(:test)
 RSpec.configure do |config|
   include RSpec::LoggingHelper
   config.capture_log_messages
+  config.include WebMock::API
+end
+module TestHelpers
+  include WebMock::API
+  include WebMock::Matchers
+end
+class DummyTokenStore
+  def initialize
+    @tokens = {}
+  end
+  def load(id)
+    @tokens[id]
+  end
+  def store(id, token)
+    @tokens[id] = token
+  end
+  def delete(id)
+    @tokens.delete(id)
+  end
 end

metadata CHANGED

@@ -1,197 +1,99 @@
 --- !ruby/object:Gem::Specification
 name: googleauth
 version: !ruby/object:Gem::Version
-  version: 0.4.2
+  version: 0.5.0
 platform: ruby
 authors:
 - Tim Emiola
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-08-06 00:00:00.000000000 Z
+date: 2015-12-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  type: :runtime
   name: faraday
-  prerelease: false
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.9'
+  type: :runtime
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.9'
 - !ruby/object:Gem::Dependency
-  type: :runtime
   name: logging
-  prerelease: false
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.0'
+  type: :runtime
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.0'
 - !ruby/object:Gem::Dependency
-  type: :runtime
   name: jwt
-  prerelease: false
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.4'
+  type: :runtime
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.4'
 - !ruby/object:Gem::Dependency
-  type: :runtime
   name: memoist
-  prerelease: false
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.12'
+  type: :runtime
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.12'
 - !ruby/object:Gem::Dependency
-  type: :runtime
   name: multi_json
-  prerelease: false
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.11'
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.11'
-- !ruby/object:Gem::Dependency
   type: :runtime
-  name: signet
-  prerelease: false
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.6'
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.6'
-- !ruby/object:Gem::Dependency
-  type: :development
-  name: bundler
-  prerelease: false
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.9'
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.9'
-- !ruby/object:Gem::Dependency
-  type: :development
-  name: simplecov
   prerelease: false
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.9'
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.9'
+        version: '1.11'
 - !ruby/object:Gem::Dependency
-  type: :development
-  name: coveralls
-  prerelease: false
+  name: signet
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.7'
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.7'
-- !ruby/object:Gem::Dependency
-  type: :development
-  name: fakefs
-  prerelease: false
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.6'
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.6'
-- !ruby/object:Gem::Dependency
-  type: :development
-  name: rake
-  prerelease: false
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '10.0'
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '10.0'
-- !ruby/object:Gem::Dependency
-  type: :development
-  name: rubocop
-  prerelease: false
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.30'
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.30'
-- !ruby/object:Gem::Dependency
-  type: :development
-  name: rspec
+  type: :runtime
   prerelease: false
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.0'
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '0.7'
 description: |2
      Allows simple authorization for accessing Google APIs.
      Provide support for Application Default Credentials, as described at
@@ -214,20 +116,34 @@ files:
 - Rakefile
 - googleauth.gemspec
 - lib/googleauth.rb
+- lib/googleauth/client_id.rb
 - lib/googleauth/compute_engine.rb
 - lib/googleauth/credentials_loader.rb
 - lib/googleauth/iam.rb
+- lib/googleauth/scope_util.rb
 - lib/googleauth/service_account.rb
 - lib/googleauth/signet.rb
+- lib/googleauth/stores/file_token_store.rb
+- lib/googleauth/stores/redis_token_store.rb
+- lib/googleauth/token_store.rb
+- lib/googleauth/user_authorizer.rb
 - lib/googleauth/user_refresh.rb
 - lib/googleauth/version.rb
+- lib/googleauth/web_user_authorizer.rb
 - spec/googleauth/apply_auth_examples.rb
+- spec/googleauth/client_id_spec.rb
 - spec/googleauth/compute_engine_spec.rb
 - spec/googleauth/get_application_default_spec.rb
 - spec/googleauth/iam_spec.rb
+- spec/googleauth/scope_util_spec.rb
 - spec/googleauth/service_account_spec.rb
 - spec/googleauth/signet_spec.rb
+- spec/googleauth/stores/file_token_store_spec.rb
+- spec/googleauth/stores/redis_token_store_spec.rb
+- spec/googleauth/stores/store_examples.rb
+- spec/googleauth/user_authorizer_spec.rb
 - spec/googleauth/user_refresh_spec.rb
+- spec/googleauth/web_user_authorizer_spec.rb
 - spec/spec_helper.rb
 homepage: https://github.com/google/google-auth-library-ruby
 licenses:
@@ -249,16 +165,24 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.4.8
+rubygems_version: 2.4.3
 signing_key:
 specification_version: 4
 summary: Google Auth Library for Ruby
 test_files:
 - spec/googleauth/apply_auth_examples.rb
+- spec/googleauth/client_id_spec.rb
 - spec/googleauth/compute_engine_spec.rb
 - spec/googleauth/get_application_default_spec.rb
 - spec/googleauth/iam_spec.rb
+- spec/googleauth/scope_util_spec.rb
 - spec/googleauth/service_account_spec.rb
 - spec/googleauth/signet_spec.rb
+- spec/googleauth/stores/file_token_store_spec.rb
+- spec/googleauth/stores/redis_token_store_spec.rb
+- spec/googleauth/stores/store_examples.rb
+- spec/googleauth/user_authorizer_spec.rb
 - spec/googleauth/user_refresh_spec.rb
+- spec/googleauth/web_user_authorizer_spec.rb
 - spec/spec_helper.rb
+has_rdoc: