googleauth 0.5.1 → 0.5.2

data/lib/googleauth/service_account.rb

@@ -46,7 +46,7 @@ module Google
     #
     # cf [Application Default Credentials](http://goo.gl/mkAHpZ)
     class ServiceAccountCredentials < Signet::OAuth2::Client
-      TOKEN_CRED_URI = 'https://www.googleapis.com/oauth2/v3/token'
+      TOKEN_CRED_URI = 'https://www.googleapis.com/oauth2/v4/token'.freeze
       extend CredentialsLoader
 
       # Creates a ServiceAccountCredentials.
@@ -73,8 +73,8 @@ module Google
       # JSON key.
       def self.read_json_key(json_key_io)
         json_key = MultiJson.load(json_key_io.read)
-        fail 'missing client_email' unless json_key.key?('client_email')
-        fail 'missing private_key' unless json_key.key?('private_key')
+        raise 'missing client_email' unless json_key.key?('client_email')
+        raise 'missing private_key' unless json_key.key?('private_key')
         [json_key['private_key'], json_key['client_email']]
       end
 
@@ -119,8 +119,8 @@ module Google
     class ServiceAccountJwtHeaderCredentials
       JWT_AUD_URI_KEY = :jwt_aud_uri
       AUTH_METADATA_KEY = Signet::OAuth2::AUTH_METADATA_KEY
-      TOKEN_CRED_URI = 'https://www.googleapis.com/oauth2/v3/token'
-      SIGNING_ALGORITHM = 'RS256'
+      TOKEN_CRED_URI = 'https://www.googleapis.com/oauth2/v4/token'.freeze
+      SIGNING_ALGORITHM = 'RS256'.freeze
       EXPIRY = 60
       extend CredentialsLoader
 
@@ -139,8 +139,8 @@ module Google
       # JSON key.
       def self.read_json_key(json_key_io)
         json_key = MultiJson.load(json_key_io.read)
-        fail 'missing client_email' unless json_key.key?('client_email')
-        fail 'missing private_key' unless json_key.key?('private_key')
+        raise 'missing client_email' unless json_key.key?('client_email')
+        raise 'missing private_key' unless json_key.key?('private_key')
         [json_key['private_key'], json_key['client_email']]
       end
 

data/lib/googleauth/signet.rb

@@ -64,7 +64,7 @@ module Signet
         @refresh_listeners << block
       end
 
-      alias_method :orig_fetch_access_token!, :fetch_access_token!
+      alias orig_fetch_access_token! fetch_access_token!
       def fetch_access_token!(options = {})
         info = orig_fetch_access_token!(options)
         notify_refresh_listeners
@@ -77,6 +77,27 @@ module Signet
           block.call(self)
         end
       end
+
+      def retry_with_error(max_retry_count = 5)
+        retry_count = 0
+
+        begin
+          yield
+        rescue => e
+          if e.is_a?(Signet::AuthorizationError) || e.is_a?(Signet::ParseError)
+            raise e
+          end
+
+          if retry_count < max_retry_count
+            retry_count += 1
+            sleep retry_count * 0.3
+            retry
+          else
+            msg = "Unexpected error: #{e.inspect}"
+            raise(Signet::AuthorizationError, msg)
+          end
+        end
+      end
     end
   end
 end

data/lib/googleauth/stores/redis_token_store.rb

@@ -37,7 +37,7 @@ module Google
       # are stored as JSON using the supplied key, prefixed with
       # `g-user-token:`
       class RedisTokenStore < Google::Auth::TokenStore
-        DEFAULT_KEY_PREFIX = 'g-user-token:'
+        DEFAULT_KEY_PREFIX = 'g-user-token:'.freeze
 
         # Create a new store with the supplied redis client.
         #
@@ -51,12 +51,12 @@ module Google
         def initialize(options = {})
           redis = options.delete(:redis)
           prefix = options.delete(:prefix)
-          case redis
-          when Redis
-            @redis = redis
-          else
-            @redis = Redis.new(options)
-          end
+          @redis = case redis
+                   when Redis
+                     redis
+                   else
+                     Redis.new(options)
+                   end
           @prefix = prefix || DEFAULT_KEY_PREFIX
         end
 

data/lib/googleauth/token_store.rb

@@ -44,7 +44,7 @@ module Google
       # @return [String]
       #  The loaded token data.
       def load(_id)
-        fail 'Not implemented'
+        raise 'Not implemented'
       end
 
       # Put the token data into storage for the given ID.
@@ -54,7 +54,7 @@ module Google
       # @param [String] token
       #  The token data to store.
       def store(_id, _token)
-        fail 'Not implemented'
+        raise 'Not implemented'
       end
 
       # Remove the token data from storage for the given ID.
@@ -62,7 +62,7 @@ module Google
       # @param [String] id
       #  ID of the token data to delete
       def delete(_id)
-        fail 'Not implemented'
+        raise 'Not implemented'
       end
     end
   end

data/lib/googleauth/user_authorizer.rb

@@ -53,13 +53,13 @@ module Google
     #     ...
     class UserAuthorizer
       MISMATCHED_CLIENT_ID_ERROR =
-        'Token client ID of %s does not match configured client id %s'
-      NIL_CLIENT_ID_ERROR = 'Client id can not be nil.'
-      NIL_SCOPE_ERROR = 'Scope can not be nil.'
-      NIL_USER_ID_ERROR = 'User ID can not be nil.'
-      NIL_TOKEN_STORE_ERROR = 'Can not call method if token store is nil'
+        'Token client ID of %s does not match configured client id %s'.freeze
+      NIL_CLIENT_ID_ERROR = 'Client id can not be nil.'.freeze
+      NIL_SCOPE_ERROR = 'Scope can not be nil.'.freeze
+      NIL_USER_ID_ERROR = 'User ID can not be nil.'.freeze
+      NIL_TOKEN_STORE_ERROR = 'Can not call method if token store is nil'.freeze
       MISSING_ABSOLUTE_URL_ERROR =
-        'Absolute base url required for relative callback url "%s"'
+        'Absolute base url required for relative callback url "%s"'.freeze
 
       # Initialize the authorizer
       #
@@ -73,8 +73,8 @@ module Google
       #  URL (either absolute or relative) of the auth callback.
       #  Defaults to '/oauth2callback'
       def initialize(client_id, scope, token_store, callback_uri = nil)
-        fail NIL_CLIENT_ID_ERROR if client_id.nil?
-        fail NIL_SCOPE_ERROR if scope.nil?
+        raise NIL_CLIENT_ID_ERROR if client_id.nil?
+        raise NIL_SCOPE_ERROR if scope.nil?
 
         @client_id = client_id
         @scope = Array(scope)
@@ -102,7 +102,8 @@ module Google
         credentials = UserRefreshCredentials.new(
           client_id: @client_id.id,
           client_secret: @client_id.secret,
-          scope: scope)
+          scope: scope
+        )
         redirect_uri = redirect_uri_for(options[:base_url])
         url = credentials.authorization_uri(access_type: 'offline',
                                             redirect_uri: redirect_uri,
@@ -123,17 +124,13 @@ module Google
       # @return [Google::Auth::UserRefreshCredentials]
       #  Stored credentials, nil if none present
       def get_credentials(user_id, scope = nil)
-        fail NIL_USER_ID_ERROR if user_id.nil?
-        fail NIL_TOKEN_STORE_ERROR if @token_store.nil?
-
-        scope ||= @scope
-        saved_token = @token_store.load(user_id)
+        saved_token = stored_token(user_id)
         return nil if saved_token.nil?
         data = MultiJson.load(saved_token)
 
         if data.fetch('client_id', @client_id.id) != @client_id.id
-          fail sprintf(MISMATCHED_CLIENT_ID_ERROR,
-                       data['client_id'], @client_id.id)
+          raise sprintf(MISMATCHED_CLIENT_ID_ERROR,
+                        data['client_id'], @client_id.id)
         end
 
         credentials = UserRefreshCredentials.new(
@@ -142,10 +139,11 @@ module Google
           scope: data['scope'] || @scope,
           access_token: data['access_token'],
           refresh_token: data['refresh_token'],
-          expires_at: data.fetch('expiration_time_millis', 0) / 1000)
+          expires_at: data.fetch('expiration_time_millis', 0) / 1000
+        )
+        scope ||= @scope
         if credentials.includes_scope?(scope)
-          monitor_credentials(user_id, credentials)
-          return credentials
+          return monitor_credentials(user_id, credentials)
         end
         nil
       end
@@ -174,7 +172,8 @@ module Google
           client_id: @client_id.id,
           client_secret: @client_id.secret,
           redirect_uri: redirect_uri_for(base_url),
-          scope: scope)
+          scope: scope
+        )
         credentials.code = code
         credentials.fetch_access_token!({})
         monitor_credentials(user_id, credentials)
@@ -234,13 +233,26 @@ module Google
           access_token: credentials.access_token,
           refresh_token: credentials.refresh_token,
           scope: credentials.scope,
-          expiration_time_millis: (credentials.expires_at.to_i) * 1000)
+          expiration_time_millis: credentials.expires_at.to_i * 1000
+        )
         @token_store.store(user_id, json)
         credentials
       end
 
       private
 
+      # @private Fetch stored token with given user_id
+      #
+      # @param [String] user_id
+      #  Unique ID of the user for loading/storing credentials.
+      # @return [String] The saved token from @token_store
+      def stored_token(user_id)
+        raise NIL_USER_ID_ERROR if user_id.nil?
+        raise NIL_TOKEN_STORE_ERROR if @token_store.nil?
+
+        @token_store.load(user_id)
+      end
+
       # Begin watching a credential for refreshes so the access token can be
       # saved.
       #
@@ -263,9 +275,9 @@ module Google
       #  Redirect URI
       def redirect_uri_for(base_url)
         return @callback_uri unless URI(@callback_uri).scheme.nil?
-        fail sprintf(
-          MISSING_ABSOLUTE_URL_ERROR,
-          @callback_uri) if base_url.nil? || URI(base_url).scheme.nil?
+        if base_url.nil? || URI(base_url).scheme.nil?
+          raise sprintf(ISSING_ABSOLUTE_URL_ERROR, @callback_uri)
+        end
         URI.join(base_url, @callback_uri).to_s
       end
     end

data/lib/googleauth/user_refresh.rb

@@ -46,9 +46,9 @@ module Google
     #
     # cf [Application Default Credentials](http://goo.gl/mkAHpZ)
     class UserRefreshCredentials < Signet::OAuth2::Client
-      TOKEN_CRED_URI = 'https://www.googleapis.com/oauth2/v3/token'
-      AUTHORIZATION_URI = 'https://accounts.google.com/o/oauth2/auth'
-      REVOKE_TOKEN_URI = 'https://accounts.google.com/o/oauth2/revoke'
+      TOKEN_CRED_URI = 'https://www.googleapis.com/oauth2/v4/token'.freeze
+      AUTHORIZATION_URI = 'https://accounts.google.com/o/oauth2/auth'.freeze
+      REVOKE_TOKEN_URI = 'https://accounts.google.com/o/oauth2/revoke'.freeze
       extend CredentialsLoader
 
       # Create a UserRefreshCredentials.
@@ -77,7 +77,7 @@ module Google
         json_key = MultiJson.load(json_key_io.read)
         wanted = %w(client_id client_secret refresh_token)
         wanted.each do |key|
-          fail "the json is missing the #{key} field" unless json_key.key?(key)
+          raise "the json is missing the #{key} field" unless json_key.key?(key)
         end
         json_key
       end
@@ -92,15 +92,18 @@ module Google
       # Revokes the credential
       def revoke!(options = {})
         c = options[:connection] || Faraday.default_connection
-        resp = c.get(REVOKE_TOKEN_URI, token: refresh_token || access_token)
-        case resp.status
-        when 200
-          self.access_token = nil
-          self.refresh_token = nil
-          self.expires_at = 0
-        else
-          fail(Signet::AuthorizationError,
-               "Unexpected error code #{resp.status}")
+
+        retry_with_error do
+          resp = c.get(REVOKE_TOKEN_URI, token: refresh_token || access_token)
+          case resp.status
+          when 200
+            self.access_token = nil
+            self.refresh_token = nil
+            self.expires_at = 0
+          else
+            raise(Signet::AuthorizationError,
+                  "Unexpected error code #{resp.status}")
+          end
         end
       end
 

data/lib/googleauth/version.rb

@@ -31,6 +31,6 @@ module Google
   # Module Auth provides classes that provide Google-specific authorization
   # used to access Google APIs.
   module Auth
-    VERSION = '0.5.1'
+    VERSION = '0.5.2'.freeze
   end
 end

data/lib/googleauth/web_user_authorizer.rb

@@ -66,20 +66,21 @@ module Google
     # @see {Google::Auth::ControllerHelpers}
     # @note Requires sessions are enabled
     class WebUserAuthorizer < Google::Auth::UserAuthorizer
-      STATE_PARAM = 'state'
-      AUTH_CODE_KEY = 'code'
-      ERROR_CODE_KEY = 'error'
-      SESSION_ID_KEY = 'session_id'
-      CALLBACK_STATE_KEY = 'g-auth-callback'
-      CURRENT_URI_KEY = 'current_uri'
-      XSRF_KEY = 'g-xsrf-token'
-      SCOPE_KEY = 'scope'
+      STATE_PARAM = 'state'.freeze
+      AUTH_CODE_KEY = 'code'.freeze
+      ERROR_CODE_KEY = 'error'.freeze
+      SESSION_ID_KEY = 'session_id'.freeze
+      CALLBACK_STATE_KEY = 'g-auth-callback'.freeze
+      CURRENT_URI_KEY = 'current_uri'.freeze
+      XSRF_KEY = 'g-xsrf-token'.freeze
+      SCOPE_KEY = 'scope'.freeze
 
-      NIL_REQUEST_ERROR = 'Request is required.'
-      NIL_SESSION_ERROR = 'Sessions must be enabled'
-      MISSING_AUTH_CODE_ERROR = 'Missing authorization code in request'
-      AUTHORIZATION_ERROR = 'Authorization error: %s'
-      INVALID_STATE_TOKEN_ERROR = 'State token does not match expected value'
+      NIL_REQUEST_ERROR = 'Request is required.'.freeze
+      NIL_SESSION_ERROR = 'Sessions must be enabled'.freeze
+      MISSING_AUTH_CODE_ERROR = 'Missing authorization code in request'.freeze
+      AUTHORIZATION_ERROR = 'Authorization error: %s'.freeze
+      INVALID_STATE_TOKEN_ERROR =
+        'State token does not match expected value'.freeze
 
       class << self
         attr_accessor :default
@@ -128,13 +129,15 @@ module Google
       #  credentials & next URL to redirect to
       def handle_auth_callback(user_id, request)
         callback_state, redirect_uri = WebUserAuthorizer.extract_callback_state(
-          request)
+          request
+        )
         WebUserAuthorizer.validate_callback_state(callback_state, request)
         credentials = get_and_store_credentials_from_code(
           user_id: user_id,
           code: callback_state[AUTH_CODE_KEY],
           scope: callback_state[SCOPE_KEY],
-          base_url: request.url)
+          base_url: request.url
+        )
         [credentials, redirect_uri]
       end
 
@@ -156,14 +159,15 @@ module Google
       def get_authorization_url(options = {})
         options = options.dup
         request = options[:request]
-        fail NIL_REQUEST_ERROR if request.nil?
-        fail NIL_SESSION_ERROR if request.session.nil?
+        raise NIL_REQUEST_ERROR if request.nil?
+        raise NIL_SESSION_ERROR if request.session.nil?
 
         redirect_to = options[:redirect_to] || request.url
         request.session[XSRF_KEY] = SecureRandom.base64
         options[:state] = MultiJson.dump(
           SESSION_ID_KEY => request.session[XSRF_KEY],
-          CURRENT_URI_KEY => redirect_to)
+          CURRENT_URI_KEY => redirect_to
+        )
         options[:base_url] = request.url
         super(options)
       end
@@ -193,7 +197,8 @@ module Google
             user_id: user_id,
             code: callback_state[AUTH_CODE_KEY],
             scope: callback_state[SCOPE_KEY],
-            base_url: request.url)
+            base_url: request.url
+          )
         else
           super(user_id, scope)
         end
@@ -204,7 +209,7 @@ module Google
         redirect_uri = state[CURRENT_URI_KEY]
         callback_state = {
           AUTH_CODE_KEY => request[AUTH_CODE_KEY],
-          ERROR_CODE_KEY =>  request[ERROR_CODE_KEY],
+          ERROR_CODE_KEY => request[ERROR_CODE_KEY],
           SESSION_ID_KEY => state[SESSION_ID_KEY],
           SCOPE_KEY => request[SCOPE_KEY]
         }
@@ -223,12 +228,12 @@ module Google
       #  Current request
       def self.validate_callback_state(state, request)
         if state[AUTH_CODE_KEY].nil?
-          fail Signet::AuthorizationError, MISSING_AUTH_CODE_ERROR
+          raise Signet::AuthorizationError, MISSING_AUTH_CODE_ERROR
         elsif state[ERROR_CODE_KEY]
-          fail Signet::AuthorizationError,
-               sprintf(AUTHORIZATION_ERROR, state[ERROR_CODE_KEY])
+          raise Signet::AuthorizationError,
+                sprintf(AUTHORIZATION_ERROR, state[ERROR_CODE_KEY])
         elsif request.session[XSRF_KEY] != state[SESSION_ID_KEY]
-          fail Signet::AuthorizationError, INVALID_STATE_TOKEN_ERROR
+          raise Signet::AuthorizationError, INVALID_STATE_TOKEN_ERROR
         end
       end
 
@@ -254,7 +259,7 @@ module Google
       #
       # @see {Google::Auth::WebUserAuthorizer}
       class CallbackApp
-        LOCATION_HEADER = 'Location'
+        LOCATION_HEADER = 'Location'.freeze
         REDIR_STATUS = 302
         ERROR_STATUS = 500
 

data/spec/googleauth/apply_auth_examples.rb

@@ -62,7 +62,8 @@ shared_examples 'apply/apply! are OK' do
         @client.on_refresh(&b)
         @client.fetch_access_token!
       end.to yield_with_args(have_attributes(
-                               access_token: '1/abcdef1234567890'))
+                               access_token: '1/abcdef1234567890'
+      ))
       expect(stub).to have_been_requested
     end
   end
@@ -131,10 +132,10 @@ shared_examples 'apply/apply! are OK' do
     end
 
     it 'should fetch a new token if the current one is expired' do
-      token_1 = '1/abcdef1234567890'
-      token_2 = '2/abcdef1234567891'
+      token1 = '1/abcdef1234567890'
+      token2 = '2/abcdef1234567891'
 
-      [token_1, token_2].each do |t|
+      [token1, token2].each do |t|
         make_auth_stubs access_token: t
         md = { foo: 'bar' }
         got = @client.apply(md)