RubyGems - googleauth - Versions diffs - 0.4.2 → 0.5.0 - Mend

googleauth 0.4.2 → 0.5.0

Files changed (34) hide show

checksums.yaml +4 -4
data/.rubocop_todo.yml +23 -6
data/.travis.yml +3 -0
data/CHANGELOG.md +8 -1
data/Gemfile +20 -0
data/README.md +80 -1
data/googleauth.gemspec +1 -9
data/lib/googleauth.rb +6 -3
data/lib/googleauth/client_id.rb +102 -0
data/lib/googleauth/scope_util.rb +61 -0
data/lib/googleauth/service_account.rb +23 -18
data/lib/googleauth/signet.rb +20 -1
data/lib/googleauth/stores/file_token_store.rb +64 -0
data/lib/googleauth/stores/redis_token_store.rb +95 -0
data/lib/googleauth/token_store.rb +69 -0
data/lib/googleauth/user_authorizer.rb +273 -0
data/lib/googleauth/user_refresh.rb +53 -16
data/lib/googleauth/version.rb +1 -1
data/lib/googleauth/web_user_authorizer.rb +289 -0
data/spec/googleauth/apply_auth_examples.rb +36 -58
data/spec/googleauth/client_id_spec.rb +140 -0
data/spec/googleauth/compute_engine_spec.rb +34 -71
data/spec/googleauth/get_application_default_spec.rb +26 -35
data/spec/googleauth/scope_util_spec.rb +75 -0
data/spec/googleauth/service_account_spec.rb +16 -11
data/spec/googleauth/signet_spec.rb +14 -9
data/spec/googleauth/stores/file_token_store_spec.rb +58 -0
data/spec/googleauth/stores/redis_token_store_spec.rb +50 -0
data/spec/googleauth/stores/store_examples.rb +58 -0
data/spec/googleauth/user_authorizer_spec.rb +314 -0
data/spec/googleauth/user_refresh_spec.rb +77 -13
data/spec/googleauth/web_user_authorizer_spec.rb +159 -0
data/spec/spec_helper.rb +33 -1
metadata +37 -113

data/spec/googleauth/user_refresh_spec.rb CHANGED

@@ -57,7 +57,7 @@ describe Google::Auth::UserRefreshCredentials do
   before(:example) do
     @key = OpenSSL::PKey::RSA.new(2048)
-    @client = UserRefreshCredentials.new(
+    @client = UserRefreshCredentials.make_creds(
       json_key_io: StringIO.new(cred_json_text),
       scope: 'https://www.googleapis.com/auth/userinfo.profile'
     )
@@ -65,14 +65,14 @@ describe Google::Auth::UserRefreshCredentials do
   def make_auth_stubs(opts = {})
     access_token = opts[:access_token] || ''
-    Faraday::Adapter::Test::Stubs.new do |stub|
-      stub.post('/oauth2/v3/token') do |env|
-        params = Addressable::URI.form_unencode(env[:body])
-        want = %w(grant_type refresh_token)
-        expect(params.assoc('grant_type')).to eq(want)
-        build_access_token_json(access_token)
-      end
-    end
+    body = MultiJson.dump('access_token' => access_token,
+                          'token_type' => 'Bearer',
+                          'expires_in' => 3600)
+    stub_request(:post, 'https://www.googleapis.com/oauth2/v3/token')
+      .with(body: hash_including('grant_type' => 'refresh_token'))
+      .to_return(body: body,
+                 status: 200,
+                 headers: { 'Content-Type' => 'application/json' })
   end
   def cred_json_text(missing = nil)
@@ -142,10 +142,11 @@ describe Google::Auth::UserRefreshCredentials do
       ENV[CLIENT_SECRET_VAR] = cred_json[:client_secret]
       ENV[REFRESH_TOKEN_VAR] = cred_json[:refresh_token]
       ENV[ACCOUNT_TYPE_VAR] = cred_json[:type]
-      expect(@clz.from_env(@scope)).to_not be_nil
-      expect(subject.client_id).to eq(cred_json[:client_id])
-      expect(subject.client_secret).to eq(cred_json[:client_secret])
-      expect(subject.refresh_token).to eq(cred_json[:refresh_token])
+      creds = @clz.from_env(@scope)
+      expect(creds).to_not be_nil
+      expect(creds.client_id).to eq(cred_json[:client_id])
+      expect(creds.client_secret).to eq(cred_json[:client_secret])
+      expect(creds.refresh_token).to eq(cred_json[:refresh_token])
     end
   end
@@ -227,4 +228,67 @@ describe Google::Auth::UserRefreshCredentials do
       end
     end
   end
+  shared_examples 'revoked token' do
+    it 'should nil the refresh token' do
+      expect(@client.refresh_token).to be_nil
+    end
+    it 'should nil the access token' do
+      expect(@client.access_token).to be_nil
+    end
+    it 'should mark the token as expired' do
+      expect(@client.expired?).to be_truthy
+    end
+  end
+  describe 'when revoking a refresh token' do
+    let(:stub) do
+      stub_request(:get, 'https://accounts.google.com/o/oauth2/revoke' \
+                         '?token=refreshtoken')
+        .to_return(status: 200,
+                   headers: { 'Content-Type' => 'application/json' })
+    end
+    before(:example) do
+      stub
+      @client.revoke!
+    end
+    it_behaves_like 'revoked token'
+  end
+  describe 'when revoking an access token' do
+    let(:stub) do
+      stub_request(:get, 'https://accounts.google.com/o/oauth2/revoke' \
+                         '?token=accesstoken')
+        .to_return(status: 200,
+                   headers: { 'Content-Type' => 'application/json' })
+    end
+    before(:example) do
+      stub
+      @client.refresh_token = nil
+      @client.access_token = 'accesstoken'
+      @client.revoke!
+    end
+    it_behaves_like 'revoked token'
+  end
+  describe 'when revoking an invalid token' do
+    let(:stub) do
+      stub_request(:get, 'https://accounts.google.com/o/oauth2/revoke' \
+                         '?token=refreshtoken')
+        .to_return(status: 400,
+                   headers: { 'Content-Type' => 'application/json' })
+    end
+    it 'raises an authorization error' do
+      stub
+      expect { @client.revoke! }.to raise_error(
+        Signet::AuthorizationError)
+    end
+  end
 end

data/spec/googleauth/web_user_authorizer_spec.rb ADDED

@@ -0,0 +1,159 @@
+# Copyright 2015, Google Inc.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+#
+#     * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following disclaimer
+# in the documentation and/or other materials provided with the
+# distribution.
+#     * Neither the name of Google Inc. nor the names of its
+# contributors may be used to endorse or promote products derived from
+# this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+spec_dir = File.expand_path(File.join(File.dirname(__FILE__)))
+$LOAD_PATH.unshift(spec_dir)
+$LOAD_PATH.uniq!
+require 'googleauth'
+require 'googleauth/web_user_authorizer'
+require 'uri'
+require 'multi_json'
+require 'spec_helper'
+require 'rack'
+describe Google::Auth::WebUserAuthorizer do
+  include TestHelpers
+  let(:client_id) { Google::Auth::ClientId.new('testclient', 'notasecret') }
+  let(:scope) { %w(email profile) }
+  let(:token_store) { DummyTokenStore.new }
+  let(:authorizer) do
+    Google::Auth::WebUserAuthorizer.new(client_id, scope, token_store)
+  end
+  describe '#get_authorization_url' do
+    let(:env) do
+      Rack::MockRequest.env_for(
+        'http://example.com:8080/test',
+        'REMOTE_ADDR' => '10.10.10.10')
+    end
+    let(:request) { Rack::Request.new(env) }
+    it 'should include current url in state' do
+      url = authorizer.get_authorization_url(request: request)
+      expect(url).to match(
+        %r{%22current_uri%22:%22http://example.com:8080/test%22})
+    end
+    it 'should include request forgery token in state' do
+      expect(SecureRandom).to receive(:base64).and_return('aGVsbG8=')
+      url = authorizer.get_authorization_url(request: request)
+      expect(url).to match(/%22session_id%22:%22aGVsbG8=%22/)
+    end
+    it 'should include request forgery token in session' do
+      expect(SecureRandom).to receive(:base64).and_return('aGVsbG8=')
+      authorizer.get_authorization_url(request: request)
+      expect(request.session['g-xsrf-token']).to eq 'aGVsbG8='
+    end
+    it 'should resolve callback against base URL' do
+      url = authorizer.get_authorization_url(request: request)
+      expect(url).to match(
+        %r{redirect_uri=http://example.com:8080/oauth2callback})
+    end
+    it 'should allow overriding the current URL' do
+      url = authorizer.get_authorization_url(
+        request: request,
+        redirect_to: '/foo')
+      expect(url).to match %r{%22current_uri%22:%22/foo%22}
+    end
+    it 'should pass through login hint' do
+      url = authorizer.get_authorization_url(
+        request: request,
+        login_hint: 'user@example.com')
+      expect(url).to match(/login_hint=user@example.com/)
+    end
+  end
+  shared_examples 'handles callback' do
+    let(:token_json) do
+      MultiJson.dump('access_token' => '1/abc123',
+                     'token_type' => 'Bearer',
+                     'expires_in' => 3600)
+    end
+    before(:example) do
+      stub_request(:post, 'https://www.googleapis.com/oauth2/v3/token')
+        .to_return(body: token_json,
+                   status: 200,
+                   headers: { 'Content-Type' => 'application/json' })
+    end
+    let(:env) do
+      Rack::MockRequest.env_for(
+        'http://example.com:8080/oauth2callback?code=authcode&'\
+        'state=%7B%22current_uri%22%3A%22%2Ffoo%22%2C%22'\
+        'session_id%22%3A%22abc%22%7D',
+        'REMOTE_ADDR' => '10.10.10.10')
+    end
+    let(:request) { Rack::Request.new(env) }
+    before(:example) do
+      request.session['g-xsrf-token'] = 'abc'
+    end
+    it 'should return credentials when valid code present' do
+      expect(credentials).to be_instance_of(
+        Google::Auth::UserRefreshCredentials)
+    end
+    it 'should return next URL to redirect to' do
+      expect(next_url).to eq '/foo'
+    end
+    it 'should fail if xrsf token in session and does not match request' do
+      request.session['g-xsrf-token'] = '123'
+      expect { credentials }.to raise_error(Signet::AuthorizationError)
+    end
+  end
+  describe '#handle_auth_callback' do
+    let(:result) { authorizer.handle_auth_callback('user1', request) }
+    let(:credentials) { result[0] }
+    let(:next_url) { result[1] }
+    it_behaves_like 'handles callback'
+  end
+  describe '#handle_auth_callback_deferred and #get_credentials' do
+    let(:next_url) do
+      Google::Auth::WebUserAuthorizer.handle_auth_callback_deferred(request)
+    end
+    let(:credentials) do
+      next_url
+      authorizer.get_credentials('user1', request)
+    end
+    it_behaves_like 'handles callback'
+  end
+end

data/spec/spec_helper.rb CHANGED

@@ -39,13 +39,21 @@ $LOAD_PATH.uniq!
 require 'simplecov'
 require 'coveralls'
-SimpleCov.formatter = Coveralls::SimpleCov::Formatter
+SimpleCov.formatters = [
+  Coveralls::SimpleCov::Formatter,
+  SimpleCov::Formatter::HTMLFormatter
+]
 SimpleCov.start
 require 'faraday'
 require 'rspec'
 require 'logging'
 require 'rspec/logging_helper'
+require 'webmock/rspec'
+require 'multi_json'
+# Preload adapter to work around Rubinius error with FakeFS
+MultiJson.use(:json_gem)
 # Allow Faraday to support test stubs
 Faraday::Adapter.load_middleware(:test)
@@ -55,4 +63,28 @@ Faraday::Adapter.load_middleware(:test)
 RSpec.configure do |config|
   include RSpec::LoggingHelper
   config.capture_log_messages
+  config.include WebMock::API
+end
+module TestHelpers
+  include WebMock::API
+  include WebMock::Matchers
+end
+class DummyTokenStore
+  def initialize
+    @tokens = {}
+  end
+  def load(id)
+    @tokens[id]
+  end
+  def store(id, token)
+    @tokens[id] = token
+  end
+  def delete(id)
+    @tokens.delete(id)
+  end
 end

metadata CHANGED

@@ -1,197 +1,99 @@
 --- !ruby/object:Gem::Specification
 name: googleauth
 version: !ruby/object:Gem::Version
-  version: 0.4.2
+  version: 0.5.0
 platform: ruby
 authors:
 - Tim Emiola
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-08-06 00:00:00.000000000 Z
+date: 2015-12-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  type: :runtime
   name: faraday
-  prerelease: false
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.9'
+  type: :runtime
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.9'
 - !ruby/object:Gem::Dependency
-  type: :runtime
   name: logging
-  prerelease: false
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.0'
+  type: :runtime
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '2.0'
 - !ruby/object:Gem::Dependency
-  type: :runtime
   name: jwt
-  prerelease: false
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.4'
+  type: :runtime
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.4'
 - !ruby/object:Gem::Dependency
-  type: :runtime
   name: memoist
-  prerelease: false
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.12'
+  type: :runtime
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.12'
 - !ruby/object:Gem::Dependency
-  type: :runtime
   name: multi_json
-  prerelease: false
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.11'
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.11'
-- !ruby/object:Gem::Dependency
   type: :runtime
-  name: signet
-  prerelease: false
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.6'
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.6'
-- !ruby/object:Gem::Dependency
-  type: :development
-  name: bundler
-  prerelease: false
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.9'
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.9'
-- !ruby/object:Gem::Dependency
-  type: :development
-  name: simplecov
   prerelease: false
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.9'
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.9'
+        version: '1.11'
 - !ruby/object:Gem::Dependency
-  type: :development
-  name: coveralls
-  prerelease: false
+  name: signet
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.7'
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.7'
-- !ruby/object:Gem::Dependency
-  type: :development
-  name: fakefs
-  prerelease: false
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.6'
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.6'
-- !ruby/object:Gem::Dependency
-  type: :development
-  name: rake
-  prerelease: false
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '10.0'
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '10.0'
-- !ruby/object:Gem::Dependency
-  type: :development
-  name: rubocop
-  prerelease: false
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.30'
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.30'
-- !ruby/object:Gem::Dependency
-  type: :development
-  name: rspec
+  type: :runtime
   prerelease: false
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.0'
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '0.7'
 description: |2
      Allows simple authorization for accessing Google APIs.
      Provide support for Application Default Credentials, as described at
@@ -214,20 +116,34 @@ files:
 - Rakefile
 - googleauth.gemspec
 - lib/googleauth.rb
+- lib/googleauth/client_id.rb
 - lib/googleauth/compute_engine.rb
 - lib/googleauth/credentials_loader.rb
 - lib/googleauth/iam.rb
+- lib/googleauth/scope_util.rb
 - lib/googleauth/service_account.rb
 - lib/googleauth/signet.rb
+- lib/googleauth/stores/file_token_store.rb
+- lib/googleauth/stores/redis_token_store.rb
+- lib/googleauth/token_store.rb
+- lib/googleauth/user_authorizer.rb
 - lib/googleauth/user_refresh.rb
 - lib/googleauth/version.rb
+- lib/googleauth/web_user_authorizer.rb
 - spec/googleauth/apply_auth_examples.rb
+- spec/googleauth/client_id_spec.rb
 - spec/googleauth/compute_engine_spec.rb
 - spec/googleauth/get_application_default_spec.rb
 - spec/googleauth/iam_spec.rb
+- spec/googleauth/scope_util_spec.rb
 - spec/googleauth/service_account_spec.rb
 - spec/googleauth/signet_spec.rb
+- spec/googleauth/stores/file_token_store_spec.rb
+- spec/googleauth/stores/redis_token_store_spec.rb
+- spec/googleauth/stores/store_examples.rb
+- spec/googleauth/user_authorizer_spec.rb
 - spec/googleauth/user_refresh_spec.rb
+- spec/googleauth/web_user_authorizer_spec.rb
 - spec/spec_helper.rb
 homepage: https://github.com/google/google-auth-library-ruby
 licenses:
@@ -249,16 +165,24 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.4.8
+rubygems_version: 2.4.3
 signing_key:
 specification_version: 4
 summary: Google Auth Library for Ruby
 test_files:
 - spec/googleauth/apply_auth_examples.rb
+- spec/googleauth/client_id_spec.rb
 - spec/googleauth/compute_engine_spec.rb
 - spec/googleauth/get_application_default_spec.rb
 - spec/googleauth/iam_spec.rb
+- spec/googleauth/scope_util_spec.rb
 - spec/googleauth/service_account_spec.rb
 - spec/googleauth/signet_spec.rb
+- spec/googleauth/stores/file_token_store_spec.rb
+- spec/googleauth/stores/redis_token_store_spec.rb
+- spec/googleauth/stores/store_examples.rb
+- spec/googleauth/user_authorizer_spec.rb
 - spec/googleauth/user_refresh_spec.rb
+- spec/googleauth/web_user_authorizer_spec.rb
 - spec/spec_helper.rb
+has_rdoc: