googleauth 0.5.1 → 0.14.0

data/lib/googleauth/version.rb

@@ -31,6 +31,6 @@ module Google
   # Module Auth provides classes that provide Google-specific authorization
   # used to access Google APIs.
   module Auth
-    VERSION = '0.5.1'
+    VERSION = "0.14.0".freeze
   end
 end

data/lib/googleauth/web_user_authorizer.rb

@@ -27,11 +27,11 @@
 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-require 'multi_json'
-require 'googleauth/signet'
-require 'googleauth/user_authorizer'
-require 'googleauth/user_refresh'
-require 'securerandom'
+require "multi_json"
+require "googleauth/signet"
+require "googleauth/user_authorizer"
+require "googleauth/user_refresh"
+require "securerandom"
 
 module Google
   module Auth
@@ -66,20 +66,21 @@ module Google
     # @see {Google::Auth::ControllerHelpers}
     # @note Requires sessions are enabled
     class WebUserAuthorizer < Google::Auth::UserAuthorizer
-      STATE_PARAM = 'state'
-      AUTH_CODE_KEY = 'code'
-      ERROR_CODE_KEY = 'error'
-      SESSION_ID_KEY = 'session_id'
-      CALLBACK_STATE_KEY = 'g-auth-callback'
-      CURRENT_URI_KEY = 'current_uri'
-      XSRF_KEY = 'g-xsrf-token'
-      SCOPE_KEY = 'scope'
+      STATE_PARAM = "state".freeze
+      AUTH_CODE_KEY = "code".freeze
+      ERROR_CODE_KEY = "error".freeze
+      SESSION_ID_KEY = "session_id".freeze
+      CALLBACK_STATE_KEY = "g-auth-callback".freeze
+      CURRENT_URI_KEY = "current_uri".freeze
+      XSRF_KEY = "g-xsrf-token".freeze
+      SCOPE_KEY = "scope".freeze
 
-      NIL_REQUEST_ERROR = 'Request is required.'
-      NIL_SESSION_ERROR = 'Sessions must be enabled'
-      MISSING_AUTH_CODE_ERROR = 'Missing authorization code in request'
-      AUTHORIZATION_ERROR = 'Authorization error: %s'
-      INVALID_STATE_TOKEN_ERROR = 'State token does not match expected value'
+      NIL_REQUEST_ERROR = "Request is required.".freeze
+      NIL_SESSION_ERROR = "Sessions must be enabled".freeze
+      MISSING_AUTH_CODE_ERROR = "Missing authorization code in request".freeze
+      AUTHORIZATION_ERROR = "Authorization error: %s".freeze
+      INVALID_STATE_TOKEN_ERROR =
+        "State token does not match expected value".freeze
 
       class << self
         attr_accessor :default
@@ -96,9 +97,9 @@ module Google
       #
       # @param [Rack::Request] request
       #  Current request
-      def self.handle_auth_callback_deferred(request)
-        callback_state, redirect_uri = extract_callback_state(request)
-        request.session[CALLBACK_STATE_KEY] = MultiJson.dump(callback_state)
+      def self.handle_auth_callback_deferred request
+        callback_state, redirect_uri = extract_callback_state request
+        request.session[CALLBACK_STATE_KEY] = MultiJson.dump callback_state
         redirect_uri
       end
 
@@ -113,8 +114,8 @@ module Google
       # @param [String] callback_uri
       #  URL (either absolute or relative) of the auth callback. Defaults
       #  to '/oauth2callback'
-      def initialize(client_id, scope, token_store, callback_uri = nil)
-        super(client_id, scope, token_store, callback_uri)
+      def initialize client_id, scope, token_store, callback_uri = nil
+        super client_id, scope, token_store, callback_uri
       end
 
       # Handle the result of the oauth callback. Exchanges the authorization
@@ -126,15 +127,17 @@ module Google
       #  Current request
       # @return (Google::Auth::UserRefreshCredentials, String)
       #  credentials & next URL to redirect to
-      def handle_auth_callback(user_id, request)
+      def handle_auth_callback user_id, request
         callback_state, redirect_uri = WebUserAuthorizer.extract_callback_state(
-          request)
-        WebUserAuthorizer.validate_callback_state(callback_state, request)
+          request
+        )
+        WebUserAuthorizer.validate_callback_state callback_state, request
         credentials = get_and_store_credentials_from_code(
-          user_id: user_id,
-          code: callback_state[AUTH_CODE_KEY],
-          scope: callback_state[SCOPE_KEY],
-          base_url: request.url)
+          user_id:  user_id,
+          code:     callback_state[AUTH_CODE_KEY],
+          scope:    callback_state[SCOPE_KEY],
+          base_url: request.url
+        )
         [credentials, redirect_uri]
       end
 
@@ -151,29 +154,35 @@ module Google
       # @param [String, Array<String>] scope
       #  Authorization scope to request. Overrides the instance scopes if
       #  not nil.
+      # @param [Hash] state
+      #  Optional key-values to be returned to the oauth callback.
       # @return [String]
       #  Authorization url
-      def get_authorization_url(options = {})
+      def get_authorization_url options = {}
         options = options.dup
         request = options[:request]
-        fail NIL_REQUEST_ERROR if request.nil?
-        fail NIL_SESSION_ERROR if request.session.nil?
+        raise NIL_REQUEST_ERROR if request.nil?
+        raise NIL_SESSION_ERROR if request.session.nil?
+
+        state = options[:state] || {}
 
         redirect_to = options[:redirect_to] || request.url
         request.session[XSRF_KEY] = SecureRandom.base64
-        options[:state] = MultiJson.dump(
-          SESSION_ID_KEY => request.session[XSRF_KEY],
-          CURRENT_URI_KEY => redirect_to)
+        options[:state] = MultiJson.dump(state.merge(
+                                           SESSION_ID_KEY  => request.session[XSRF_KEY],
+                                           CURRENT_URI_KEY => redirect_to
+                                         ))
         options[:base_url] = request.url
-        super(options)
+        super options
       end
 
-      # Fetch stored credentials for the user.
+      # Fetch stored credentials for the user from the given request session.
       #
       # @param [String] user_id
       #  Unique ID of the user for loading/storing credentials.
       # @param [Rack::Request] request
-      #  Current request
+      #  Current request. Optional. If omitted, this will attempt to fall back
+      #  on the base class behavior of reading from the token store.
       # @param [Array<String>, String] scope
       #  If specified, only returns credentials that have all the \
       #  requested scopes
@@ -182,31 +191,32 @@ module Google
       # @raise [Signet::AuthorizationError]
       #  May raise an error if an authorization code is present in the session
       #  and exchange of the code fails
-      def get_credentials(user_id, request, scope = nil)
-        if request.session.key?(CALLBACK_STATE_KEY)
+      def get_credentials user_id, request = nil, scope = nil
+        if request && request.session.key?(CALLBACK_STATE_KEY)
           # Note - in theory, no need to check required scope as this is
           # expected to be called immediately after a return from authorization
-          state_json = request.session.delete(CALLBACK_STATE_KEY)
-          callback_state = MultiJson.load(state_json)
-          WebUserAuthorizer.validate_callback_state(callback_state, request)
+          state_json = request.session.delete CALLBACK_STATE_KEY
+          callback_state = MultiJson.load state_json
+          WebUserAuthorizer.validate_callback_state callback_state, request
           get_and_store_credentials_from_code(
-            user_id: user_id,
-            code: callback_state[AUTH_CODE_KEY],
-            scope: callback_state[SCOPE_KEY],
-            base_url: request.url)
+            user_id:  user_id,
+            code:     callback_state[AUTH_CODE_KEY],
+            scope:    callback_state[SCOPE_KEY],
+            base_url: request.url
+          )
         else
-          super(user_id, scope)
+          super user_id, scope
         end
       end
 
-      def self.extract_callback_state(request)
-        state = MultiJson.load(request[STATE_PARAM] || '{}')
+      def self.extract_callback_state request
+        state = MultiJson.load(request[STATE_PARAM] || "{}")
         redirect_uri = state[CURRENT_URI_KEY]
         callback_state = {
-          AUTH_CODE_KEY => request[AUTH_CODE_KEY],
-          ERROR_CODE_KEY =>  request[ERROR_CODE_KEY],
+          AUTH_CODE_KEY  => request[AUTH_CODE_KEY],
+          ERROR_CODE_KEY => request[ERROR_CODE_KEY],
           SESSION_ID_KEY => state[SESSION_ID_KEY],
-          SCOPE_KEY => request[SCOPE_KEY]
+          SCOPE_KEY      => request[SCOPE_KEY]
         }
         [callback_state, redirect_uri]
       end
@@ -221,14 +231,13 @@ module Google
       #  Error message if failed
       # @param [Rack::Request] request
       #  Current request
-      def self.validate_callback_state(state, request)
-        if state[AUTH_CODE_KEY].nil?
-          fail Signet::AuthorizationError, MISSING_AUTH_CODE_ERROR
-        elsif state[ERROR_CODE_KEY]
-          fail Signet::AuthorizationError,
-               sprintf(AUTHORIZATION_ERROR, state[ERROR_CODE_KEY])
+      def self.validate_callback_state state, request
+        raise Signet::AuthorizationError, MISSING_AUTH_CODE_ERROR if state[AUTH_CODE_KEY].nil?
+        if state[ERROR_CODE_KEY]
+          raise Signet::AuthorizationError,
+                format(AUTHORIZATION_ERROR, state[ERROR_CODE_KEY])
         elsif request.session[XSRF_KEY] != state[SESSION_ID_KEY]
-          fail Signet::AuthorizationError, INVALID_STATE_TOKEN_ERROR
+          raise Signet::AuthorizationError, INVALID_STATE_TOKEN_ERROR
         end
       end
 
@@ -254,7 +263,7 @@ module Google
       #
       # @see {Google::Auth::WebUserAuthorizer}
       class CallbackApp
-        LOCATION_HEADER = 'Location'
+        LOCATION_HEADER = "Location".freeze
         REDIR_STATUS = 302
         ERROR_STATUS = 500
 
@@ -270,18 +279,18 @@ module Google
         #  Rack environment
         # @return [Array]
         #  HTTP response
-        def self.call(env)
-          request = Rack::Request.new(env)
-          return_url = WebUserAuthorizer.handle_auth_callback_deferred(request)
+        def self.call env
+          request = Rack::Request.new env
+          return_url = WebUserAuthorizer.handle_auth_callback_deferred request
           if return_url
             [REDIR_STATUS, { LOCATION_HEADER => return_url }, []]
           else
-            [ERROR_STATUS, {}, ['No return URL is present in the request.']]
+            [ERROR_STATUS, {}, ["No return URL is present in the request."]]
           end
         end
 
-        def call(env)
-          self.class.call(env)
+        def call env
+          self.class.call env
         end
       end
     end

data/rakelib/devsite_builder.rb

@@ -0,0 +1,45 @@
+require "pathname"
+
+require_relative "repo_metadata.rb"
+
+class DevsiteBuilder
+  def initialize master_dir = "."
+    @master_dir = Pathname.new master_dir
+    @output_dir = "doc"
+    @metadata = RepoMetadata.from_source "#{master_dir}/.repo-metadata.json"
+  end
+
+  def build
+    FileUtils.remove_dir @output_dir if Dir.exist? @output_dir
+    markup = "--markup markdown"
+
+    Dir.chdir @master_dir do
+      cmds = ["-o #{@output_dir}", markup]
+      cmd "yard --verbose #{cmds.join ' '}"
+    end
+    @metadata.build @master_dir + @output_dir
+  end
+
+  def upload
+    Dir.chdir @output_dir do
+      opts = [
+        "--credentials=#{ENV['KOKORO_KEYSTORE_DIR']}/73713_docuploader_service_account",
+        "--staging-bucket=#{ENV.fetch 'STAGING_BUCKET', 'docs-staging'}",
+        "--metadata-file=./docs.metadata"
+      ]
+      cmd "python3 -m docuploader upload . #{opts.join ' '}"
+    end
+  end
+
+  def publish
+    build
+    upload
+  end
+
+  def cmd line
+    puts line
+    output = `#{line}`
+    puts output
+    output
+  end
+end

data/rakelib/link_checker.rb

@@ -0,0 +1,64 @@
+require "open3"
+
+class LinkChecker
+  def initialize
+    @failed = false
+  end
+
+  def run
+    job_info
+    git_commit = ENV.fetch "KOKORO_GITHUB_COMMIT", "master"
+
+    markdown_files = Dir.glob "**/*.md"
+    broken_markdown_links = check_links markdown_files,
+                                        "https://github.com/googleapis/google-auth-library-ruby/tree/#{git_commit}",
+                                        " --skip '^(?!(\\Wruby.*google|.*google.*\\Wruby|.*cloud\\.google\\.com))'"
+
+    broken_devsite_links = check_links ["googleauth"],
+                                       "https://googleapis.dev/ruby",
+                                       "/latest/ --recurse --skip https:.*github.*"
+
+    puts_broken_links broken_markdown_links
+    puts_broken_links broken_devsite_links
+  end
+
+  def check_links location_list, base, tail
+    broken_links = Hash.new { |h, k| h[k] = [] }
+    location_list.each do |location|
+      out, err, st = Open3.capture3 "npx linkinator #{base}/#{location}#{tail}"
+      puts out
+      unless st.to_i.zero?
+        @failed = true
+        puts err
+      end
+      checked_links = out.split "\n"
+      checked_links.select! { |link| link =~ /\[\d+\]/ && !link.include?("[200]") }
+      unless checked_links.empty?
+        @failed = true
+        broken_links[location] += checked_links
+      end
+    end
+    broken_links
+  end
+
+  def puts_broken_links link_hash
+    link_hash.each do |location, links|
+      puts "#{location} contains the following broken links:"
+      links.each { |link| puts "  #{link}" }
+      puts ""
+    end
+  end
+
+  def job_info
+    line_length = "Using Ruby - #{RUBY_VERSION}".length + 8
+    puts ""
+    puts "#" * line_length
+    puts "### Using Ruby - #{RUBY_VERSION} ###"
+    puts "#" * line_length
+    puts ""
+  end
+
+  def exit_status
+    @failed ? 1 : 0
+  end
+end

data/rakelib/repo_metadata.rb

@@ -0,0 +1,59 @@
+require "json"
+
+class RepoMetadata
+  attr_reader :data
+
+  def initialize data
+    @data = data
+    normalize_data!
+  end
+
+  def allowed_fields
+    [
+      "name", "version", "language", "distribution-name",
+      "product-page", "github-repository", "issue-tracker"
+    ]
+  end
+
+  def build output_directory
+    fields = @data.to_a.map { |kv| "--#{kv[0]} #{kv[1]}" }
+    Dir.chdir output_directory do
+      cmd "python3 -m docuploader create-metadata #{fields.join ' '}"
+    end
+  end
+
+  def normalize_data!
+    require_relative "../lib/googleauth/version.rb"
+
+    @data.delete_if { |k, _| !allowed_fields.include?(k) }
+    @data["version"] = "v#{Google::Auth::VERSION}"
+  end
+
+  def [] key
+    data[key]
+  end
+
+  def []= key, value
+    @data[key] = value
+  end
+
+  def cmd line
+    puts line
+    output = `#{line}`
+    puts output
+    output
+  end
+
+  def self.from_source source
+    if source.is_a? RepoMetadata
+      data = source.data
+    elsif source.is_a? Hash
+      data = source
+    elsif File.file? source
+      data = JSON.parse File.read(source)
+    else
+      raise "Source must be a path, hash, or RepoMetadata instance"
+    end
+    RepoMetadata.new data
+  end
+end

data/spec/googleauth/apply_auth_examples.rb

@@ -27,14 +27,14 @@
 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-spec_dir = File.expand_path(File.join(File.dirname(__FILE__)))
-$LOAD_PATH.unshift(spec_dir)
+spec_dir = File.expand_path File.join(File.dirname(__FILE__))
+$LOAD_PATH.unshift spec_dir
 $LOAD_PATH.uniq!
 
-require 'faraday'
-require 'spec_helper'
+require "faraday"
+require "spec_helper"
 
-shared_examples 'apply/apply! are OK' do
+shared_examples "apply/apply! are OK" do
   let(:auth_key) { :authorization }
 
   # tests that use these examples need to define
@@ -43,102 +43,126 @@ shared_examples 'apply/apply! are OK' do
   #
   # @make_auth_stubs, which should stub out the expected http behaviour of the
   # auth client
-  describe '#fetch_access_token' do
-    let(:token) { '1/abcdef1234567890' }
-    let(:stub) do
+  describe "#fetch_access_token" do
+    let(:token) { "1/abcdef1234567890" }
+    let :access_stub do
       make_auth_stubs access_token: token
     end
+    let :id_stub do
+      make_auth_stubs id_token: token
+    end
 
-    it 'should set access_token to the fetched value' do
-      stub
+    it "should set access_token to the fetched value" do
+      access_stub
       @client.fetch_access_token!
       expect(@client.access_token).to eq(token)
-      expect(stub).to have_been_requested
+      expect(access_stub).to have_been_requested
     end
 
-    it 'should notify refresh listeners after updating' do
-      stub
+    it "should set id_token to the fetched value" do
+      skip unless @id_client
+      id_stub
+      @id_client.fetch_access_token!
+      expect(@id_client.id_token).to eq(token)
+      expect(id_stub).to have_been_requested
+    end
+
+    it "should notify refresh listeners after updating" do
+      access_stub
       expect do |b|
         @client.on_refresh(&b)
         @client.fetch_access_token!
       end.to yield_with_args(have_attributes(
-                               access_token: '1/abcdef1234567890'))
-      expect(stub).to have_been_requested
+                               access_token: "1/abcdef1234567890"
+                             ))
+      expect(access_stub).to have_been_requested
     end
   end
 
-  describe '#apply!' do
-    it 'should update the target hash with fetched access token' do
-      token = '1/abcdef1234567890'
+  describe "#apply!" do
+    it "should update the target hash with fetched access token" do
+      token = "1/abcdef1234567890"
       stub = make_auth_stubs access_token: token
 
-      md = { foo: 'bar' }
-      @client.apply!(md)
-      want = { :foo => 'bar', auth_key => "Bearer #{token}" }
+      md = { foo: "bar" }
+      @client.apply! md
+      want = { :foo => "bar", auth_key => "Bearer #{token}" }
+      expect(md).to eq(want)
+      expect(stub).to have_been_requested
+    end
+
+    it "should update the target hash with fetched ID token" do
+      skip unless @id_client
+      token = "1/abcdef1234567890"
+      stub = make_auth_stubs id_token: token
+
+      md = { foo: "bar" }
+      @id_client.apply! md
+      want = { :foo => "bar", auth_key => "Bearer #{token}" }
       expect(md).to eq(want)
       expect(stub).to have_been_requested
     end
   end
 
-  describe 'updater_proc' do
-    it 'should provide a proc that updates a hash with the access token' do
-      token = '1/abcdef1234567890'
+  describe "updater_proc" do
+    it "should provide a proc that updates a hash with the access token" do
+      token = "1/abcdef1234567890"
       stub = make_auth_stubs access_token: token
-      md = { foo: 'bar' }
+      md = { foo: "bar" }
       the_proc = @client.updater_proc
-      got = the_proc.call(md)
-      want = { :foo => 'bar', auth_key => "Bearer #{token}" }
+      got = the_proc.call md
+      want = { :foo => "bar", auth_key => "Bearer #{token}" }
       expect(got).to eq(want)
       expect(stub).to have_been_requested
     end
   end
 
-  describe '#apply' do
-    it 'should not update the original hash with the access token' do
-      token = '1/abcdef1234567890'
+  describe "#apply" do
+    it "should not update the original hash with the access token" do
+      token = "1/abcdef1234567890"
       stub = make_auth_stubs access_token: token
 
-      md = { foo: 'bar' }
-      @client.apply(md)
-      want = { foo: 'bar' }
+      md = { foo: "bar" }
+      @client.apply md
+      want = { foo: "bar" }
       expect(md).to eq(want)
       expect(stub).to have_been_requested
     end
 
-    it 'should add the token to the returned hash' do
-      token = '1/abcdef1234567890'
+    it "should add the token to the returned hash" do
+      token = "1/abcdef1234567890"
       stub = make_auth_stubs access_token: token
 
-      md = { foo: 'bar' }
-      got = @client.apply(md)
-      want = { :foo => 'bar', auth_key => "Bearer #{token}" }
+      md = { foo: "bar" }
+      got = @client.apply md
+      want = { :foo => "bar", auth_key => "Bearer #{token}" }
       expect(got).to eq(want)
       expect(stub).to have_been_requested
     end
 
-    it 'should not fetch a new token if the current is not expired' do
-      token = '1/abcdef1234567890'
+    it "should not fetch a new token if the current is not expired" do
+      token = "1/abcdef1234567890"
       stub = make_auth_stubs access_token: token
 
       n = 5 # arbitrary
       n.times do |_t|
-        md = { foo: 'bar' }
-        got = @client.apply(md)
-        want = { :foo => 'bar', auth_key => "Bearer #{token}" }
+        md = { foo: "bar" }
+        got = @client.apply md
+        want = { :foo => "bar", auth_key => "Bearer #{token}" }
         expect(got).to eq(want)
       end
       expect(stub).to have_been_requested
     end
 
-    it 'should fetch a new token if the current one is expired' do
-      token_1 = '1/abcdef1234567890'
-      token_2 = '2/abcdef1234567891'
+    it "should fetch a new token if the current one is expired" do
+      token1 = "1/abcdef1234567890"
+      token2 = "2/abcdef1234567891"
 
-      [token_1, token_2].each do |t|
+      [token1, token2].each do |t|
         make_auth_stubs access_token: t
-        md = { foo: 'bar' }
-        got = @client.apply(md)
-        want = { :foo => 'bar', auth_key => "Bearer #{t}" }
+        md = { foo: "bar" }
+        got = @client.apply md
+        want = { :foo => "bar", auth_key => "Bearer #{t}" }
         expect(got).to eq(want)
         @client.expires_at -= 3601 # default is to expire in 1hr
       end