googleauth 0.8.0 → 0.8.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.kokoro/build.sh +2 -34
- data/.kokoro/continuous/common.cfg +5 -0
- data/.kokoro/continuous/linux.cfg +1 -1
- data/.kokoro/osx.sh +2 -33
- data/.kokoro/presubmit/common.cfg +5 -0
- data/.kokoro/presubmit/linux.cfg +1 -1
- data/.kokoro/release.cfg +53 -0
- data/.kokoro/trampoline.sh +3 -23
- data/.kokoro/windows.sh +2 -30
- data/.rubocop.yml +7 -24
- data/CHANGELOG.md +24 -39
- data/Gemfile +14 -14
- data/README.md +21 -1
- data/Rakefile +84 -10
- data/googleauth.gemspec +23 -23
- data/lib/googleauth.rb +6 -6
- data/lib/googleauth/application_default.rb +11 -11
- data/lib/googleauth/client_id.rb +16 -16
- data/lib/googleauth/compute_engine.rb +27 -27
- data/lib/googleauth/credentials.rb +35 -37
- data/lib/googleauth/credentials_loader.rb +64 -67
- data/lib/googleauth/default_credentials.rb +18 -18
- data/lib/googleauth/iam.rb +9 -9
- data/lib/googleauth/json_key_reader.rb +6 -6
- data/lib/googleauth/scope_util.rb +11 -11
- data/lib/googleauth/service_account.rb +42 -42
- data/lib/googleauth/signet.rb +15 -17
- data/lib/googleauth/stores/file_token_store.rb +8 -8
- data/lib/googleauth/stores/redis_token_store.rb +17 -17
- data/lib/googleauth/token_store.rb +6 -6
- data/lib/googleauth/user_authorizer.rb +55 -59
- data/lib/googleauth/user_refresh.rb +27 -27
- data/lib/googleauth/version.rb +1 -1
- data/lib/googleauth/web_user_authorizer.rb +55 -56
- data/spec/googleauth/apply_auth_examples.rb +46 -46
- data/spec/googleauth/client_id_spec.rb +54 -54
- data/spec/googleauth/compute_engine_spec.rb +41 -41
- data/spec/googleauth/credentials_spec.rb +97 -97
- data/spec/googleauth/get_application_default_spec.rb +114 -114
- data/spec/googleauth/iam_spec.rb +25 -25
- data/spec/googleauth/scope_util_spec.rb +24 -24
- data/spec/googleauth/service_account_spec.rb +204 -194
- data/spec/googleauth/signet_spec.rb +37 -38
- data/spec/googleauth/stores/file_token_store_spec.rb +12 -12
- data/spec/googleauth/stores/redis_token_store_spec.rb +11 -11
- data/spec/googleauth/stores/store_examples.rb +16 -16
- data/spec/googleauth/user_authorizer_spec.rb +120 -121
- data/spec/googleauth/user_refresh_spec.rb +151 -146
- data/spec/googleauth/web_user_authorizer_spec.rb +66 -66
- data/spec/spec_helper.rb +19 -19
- metadata +4 -6
- data/.kokoro/common.cfg +0 -22
- data/.travis.yml +0 -40
@@ -27,140 +27,140 @@
|
|
27
27
|
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
28
28
|
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
29
29
|
|
30
|
-
spec_dir = File.expand_path
|
31
|
-
$LOAD_PATH.unshift
|
30
|
+
spec_dir = File.expand_path File.join(File.dirname(__FILE__))
|
31
|
+
$LOAD_PATH.unshift spec_dir
|
32
32
|
$LOAD_PATH.uniq!
|
33
33
|
|
34
|
-
require
|
35
|
-
require
|
36
|
-
require
|
37
|
-
require
|
38
|
-
require
|
39
|
-
require
|
34
|
+
require "googleauth"
|
35
|
+
require "googleauth/web_user_authorizer"
|
36
|
+
require "uri"
|
37
|
+
require "multi_json"
|
38
|
+
require "spec_helper"
|
39
|
+
require "rack"
|
40
40
|
|
41
41
|
describe Google::Auth::WebUserAuthorizer do
|
42
42
|
include TestHelpers
|
43
43
|
|
44
|
-
let(:client_id) { Google::Auth::ClientId.new
|
45
|
-
let(:scope) { %w
|
44
|
+
let(:client_id) { Google::Auth::ClientId.new "testclient", "notasecret" }
|
45
|
+
let(:scope) { %w[email profile] }
|
46
46
|
let(:token_store) { DummyTokenStore.new }
|
47
|
-
let
|
48
|
-
Google::Auth::WebUserAuthorizer.new
|
47
|
+
let :authorizer do
|
48
|
+
Google::Auth::WebUserAuthorizer.new client_id, scope, token_store
|
49
49
|
end
|
50
50
|
|
51
|
-
describe
|
52
|
-
let
|
51
|
+
describe "#get_authorization_url" do
|
52
|
+
let :env do
|
53
53
|
Rack::MockRequest.env_for(
|
54
|
-
|
55
|
-
|
54
|
+
"http://example.com:8080/test",
|
55
|
+
"REMOTE_ADDR" => "10.10.10.10"
|
56
56
|
)
|
57
57
|
end
|
58
|
-
let(:request) { Rack::Request.new
|
59
|
-
it
|
60
|
-
url = authorizer.get_authorization_url
|
58
|
+
let(:request) { Rack::Request.new env }
|
59
|
+
it "should include current url in state" do
|
60
|
+
url = authorizer.get_authorization_url request: request
|
61
61
|
expect(url).to match(
|
62
62
|
%r{%22current_uri%22:%22http://example.com:8080/test%22}
|
63
63
|
)
|
64
64
|
end
|
65
65
|
|
66
|
-
it
|
67
|
-
expect(SecureRandom).to receive(:base64).and_return(
|
68
|
-
url = authorizer.get_authorization_url
|
66
|
+
it "should include request forgery token in state" do
|
67
|
+
expect(SecureRandom).to receive(:base64).and_return("aGVsbG8=")
|
68
|
+
url = authorizer.get_authorization_url request: request
|
69
69
|
expect(url).to match(/%22session_id%22:%22aGVsbG8=%22/)
|
70
70
|
end
|
71
71
|
|
72
|
-
it
|
73
|
-
expect(SecureRandom).to receive(:base64).and_return(
|
74
|
-
authorizer.get_authorization_url
|
75
|
-
expect(request.session[
|
72
|
+
it "should include request forgery token in session" do
|
73
|
+
expect(SecureRandom).to receive(:base64).and_return("aGVsbG8=")
|
74
|
+
authorizer.get_authorization_url request: request
|
75
|
+
expect(request.session["g-xsrf-token"]).to eq "aGVsbG8="
|
76
76
|
end
|
77
77
|
|
78
|
-
it
|
79
|
-
url = authorizer.get_authorization_url
|
78
|
+
it "should resolve callback against base URL" do
|
79
|
+
url = authorizer.get_authorization_url request: request
|
80
80
|
expect(url).to match(
|
81
81
|
%r{redirect_uri=http://example.com:8080/oauth2callback}
|
82
82
|
)
|
83
83
|
end
|
84
84
|
|
85
|
-
it
|
85
|
+
it "should allow overriding the current URL" do
|
86
86
|
url = authorizer.get_authorization_url(
|
87
|
-
request:
|
88
|
-
redirect_to:
|
87
|
+
request: request,
|
88
|
+
redirect_to: "/foo"
|
89
89
|
)
|
90
90
|
expect(url).to match %r{%22current_uri%22:%22/foo%22}
|
91
91
|
end
|
92
92
|
|
93
|
-
it
|
93
|
+
it "should pass through login hint" do
|
94
94
|
url = authorizer.get_authorization_url(
|
95
|
-
request:
|
96
|
-
login_hint:
|
95
|
+
request: request,
|
96
|
+
login_hint: "user@example.com"
|
97
97
|
)
|
98
98
|
expect(url).to match(/login_hint=user@example.com/)
|
99
99
|
end
|
100
100
|
end
|
101
101
|
|
102
|
-
shared_examples
|
103
|
-
let
|
104
|
-
MultiJson.dump(
|
105
|
-
|
106
|
-
|
102
|
+
shared_examples "handles callback" do
|
103
|
+
let :token_json do
|
104
|
+
MultiJson.dump("access_token" => "1/abc123",
|
105
|
+
"token_type" => "Bearer",
|
106
|
+
"expires_in" => 3600)
|
107
107
|
end
|
108
108
|
|
109
|
-
before
|
110
|
-
stub_request(:post,
|
111
|
-
.to_return(body:
|
112
|
-
status:
|
113
|
-
headers: {
|
109
|
+
before :example do
|
110
|
+
stub_request(:post, "https://oauth2.googleapis.com/token")
|
111
|
+
.to_return(body: token_json,
|
112
|
+
status: 200,
|
113
|
+
headers: { "Content-Type" => "application/json" })
|
114
114
|
end
|
115
115
|
|
116
|
-
let
|
116
|
+
let :env do
|
117
117
|
Rack::MockRequest.env_for(
|
118
|
-
|
119
|
-
|
120
|
-
|
121
|
-
|
118
|
+
"http://example.com:8080/oauth2callback?code=authcode&"\
|
119
|
+
"state=%7B%22current_uri%22%3A%22%2Ffoo%22%2C%22"\
|
120
|
+
"session_id%22%3A%22abc%22%7D",
|
121
|
+
"REMOTE_ADDR" => "10.10.10.10"
|
122
122
|
)
|
123
123
|
end
|
124
|
-
let(:request) { Rack::Request.new
|
124
|
+
let(:request) { Rack::Request.new env }
|
125
125
|
|
126
|
-
before
|
127
|
-
request.session[
|
126
|
+
before :example do
|
127
|
+
request.session["g-xsrf-token"] = "abc"
|
128
128
|
end
|
129
129
|
|
130
|
-
it
|
130
|
+
it "should return credentials when valid code present" do
|
131
131
|
expect(credentials).to be_instance_of(
|
132
132
|
Google::Auth::UserRefreshCredentials
|
133
133
|
)
|
134
134
|
end
|
135
135
|
|
136
|
-
it
|
137
|
-
expect(next_url).to eq
|
136
|
+
it "should return next URL to redirect to" do
|
137
|
+
expect(next_url).to eq "/foo"
|
138
138
|
end
|
139
139
|
|
140
|
-
it
|
141
|
-
request.session[
|
140
|
+
it "should fail if xrsf token in session and does not match request" do
|
141
|
+
request.session["g-xsrf-token"] = "123"
|
142
142
|
expect { credentials }.to raise_error(Signet::AuthorizationError)
|
143
143
|
end
|
144
144
|
end
|
145
145
|
|
146
|
-
describe
|
147
|
-
let(:result) { authorizer.handle_auth_callback
|
146
|
+
describe "#handle_auth_callback" do
|
147
|
+
let(:result) { authorizer.handle_auth_callback "user1", request }
|
148
148
|
let(:credentials) { result[0] }
|
149
149
|
let(:next_url) { result[1] }
|
150
150
|
|
151
|
-
it_behaves_like
|
151
|
+
it_behaves_like "handles callback"
|
152
152
|
end
|
153
153
|
|
154
|
-
describe
|
155
|
-
let
|
156
|
-
Google::Auth::WebUserAuthorizer.handle_auth_callback_deferred
|
154
|
+
describe "#handle_auth_callback_deferred and #get_credentials" do
|
155
|
+
let :next_url do
|
156
|
+
Google::Auth::WebUserAuthorizer.handle_auth_callback_deferred request
|
157
157
|
end
|
158
158
|
|
159
|
-
let
|
159
|
+
let :credentials do
|
160
160
|
next_url
|
161
|
-
authorizer.get_credentials
|
161
|
+
authorizer.get_credentials "user1", request
|
162
162
|
end
|
163
163
|
|
164
|
-
it_behaves_like
|
164
|
+
it_behaves_like "handles callback"
|
165
165
|
end
|
166
166
|
end
|
data/spec/spec_helper.rb
CHANGED
@@ -27,17 +27,17 @@
|
|
27
27
|
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
28
28
|
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
29
29
|
|
30
|
-
spec_dir =
|
31
|
-
root_dir = File.expand_path
|
32
|
-
lib_dir = File.expand_path
|
30
|
+
spec_dir = __dir__
|
31
|
+
root_dir = File.expand_path File.join(spec_dir, "..")
|
32
|
+
lib_dir = File.expand_path File.join(root_dir, "lib")
|
33
33
|
|
34
|
-
$LOAD_PATH.unshift
|
35
|
-
$LOAD_PATH.unshift
|
34
|
+
$LOAD_PATH.unshift spec_dir
|
35
|
+
$LOAD_PATH.unshift lib_dir
|
36
36
|
$LOAD_PATH.uniq!
|
37
37
|
|
38
38
|
# set up coverage
|
39
|
-
require
|
40
|
-
require
|
39
|
+
require "simplecov"
|
40
|
+
require "coveralls"
|
41
41
|
|
42
42
|
SimpleCov.formatters = [
|
43
43
|
Coveralls::SimpleCov::Formatter,
|
@@ -45,18 +45,18 @@ SimpleCov.formatters = [
|
|
45
45
|
]
|
46
46
|
SimpleCov.start
|
47
47
|
|
48
|
-
require
|
49
|
-
require
|
50
|
-
require
|
51
|
-
require
|
52
|
-
require
|
53
|
-
require
|
48
|
+
require "faraday"
|
49
|
+
require "rspec"
|
50
|
+
require "logging"
|
51
|
+
require "rspec/logging_helper"
|
52
|
+
require "webmock/rspec"
|
53
|
+
require "multi_json"
|
54
54
|
|
55
55
|
# Preload adapter to work around Rubinius error with FakeFS
|
56
|
-
MultiJson.use
|
56
|
+
MultiJson.use :json_gem
|
57
57
|
|
58
58
|
# Allow Faraday to support test stubs
|
59
|
-
Faraday::Adapter.load_middleware
|
59
|
+
Faraday::Adapter.load_middleware :test
|
60
60
|
|
61
61
|
# Configure RSpec to capture log messages for each test. The output from the
|
62
62
|
# logs will be stored in the @log_output variable. It is a StringIO instance.
|
@@ -78,15 +78,15 @@ class DummyTokenStore
|
|
78
78
|
@tokens = {}
|
79
79
|
end
|
80
80
|
|
81
|
-
def load
|
81
|
+
def load id
|
82
82
|
@tokens[id]
|
83
83
|
end
|
84
84
|
|
85
|
-
def store
|
85
|
+
def store id, token
|
86
86
|
@tokens[id] = token
|
87
87
|
end
|
88
88
|
|
89
|
-
def delete
|
90
|
-
@tokens.delete
|
89
|
+
def delete id
|
90
|
+
@tokens.delete id
|
91
91
|
end
|
92
92
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: googleauth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.8.
|
4
|
+
version: 0.8.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tim Emiola
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-
|
11
|
+
date: 2019-03-27 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: faraday
|
@@ -122,7 +122,6 @@ files:
|
|
122
122
|
- ".gitignore"
|
123
123
|
- ".kokoro/build.bat"
|
124
124
|
- ".kokoro/build.sh"
|
125
|
-
- ".kokoro/common.cfg"
|
126
125
|
- ".kokoro/continuous/common.cfg"
|
127
126
|
- ".kokoro/continuous/linux.cfg"
|
128
127
|
- ".kokoro/continuous/osx.cfg"
|
@@ -132,11 +131,11 @@ files:
|
|
132
131
|
- ".kokoro/presubmit/linux.cfg"
|
133
132
|
- ".kokoro/presubmit/osx.cfg"
|
134
133
|
- ".kokoro/presubmit/windows.cfg"
|
134
|
+
- ".kokoro/release.cfg"
|
135
135
|
- ".kokoro/trampoline.sh"
|
136
136
|
- ".kokoro/windows.sh"
|
137
137
|
- ".rspec"
|
138
138
|
- ".rubocop.yml"
|
139
|
-
- ".travis.yml"
|
140
139
|
- CHANGELOG.md
|
141
140
|
- CODE_OF_CONDUCT.md
|
142
141
|
- COPYING
|
@@ -198,8 +197,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
198
197
|
- !ruby/object:Gem::Version
|
199
198
|
version: '0'
|
200
199
|
requirements: []
|
201
|
-
|
202
|
-
rubygems_version: 2.7.6
|
200
|
+
rubygems_version: 3.0.3
|
203
201
|
signing_key:
|
204
202
|
specification_version: 4
|
205
203
|
summary: Google Auth Library for Ruby
|
data/.kokoro/common.cfg
DELETED
@@ -1,22 +0,0 @@
|
|
1
|
-
# Format: //devtools/kokoro/config/proto/build.proto
|
2
|
-
|
3
|
-
# Download trampoline resources. These will be in ${KOKORO_GFILE_DIR}
|
4
|
-
gfile_resources: "/bigstore/cloud-devrel-kokoro-resources/trampoline"
|
5
|
-
|
6
|
-
# All builds use the trampoline script to run in docker.
|
7
|
-
build_file: "google-auth-library-ruby/.kokoro/trampoline.sh"
|
8
|
-
|
9
|
-
# Download secrets from Cloud Storage.
|
10
|
-
gfile_resources: "/bigstore/cloud-devrel-kokoro-resources/google-auth-library-ruby"
|
11
|
-
|
12
|
-
# Tell the trampoline which build file to use.
|
13
|
-
env_vars: {
|
14
|
-
key: "TRAMPOLINE_BUILD_FILE"
|
15
|
-
value: "github/google-auth-library-ruby/.kokoro/build.sh"
|
16
|
-
}
|
17
|
-
|
18
|
-
action {
|
19
|
-
define_artifacts {
|
20
|
-
regex: "**/*sponge_log.xml"
|
21
|
-
}
|
22
|
-
}
|
data/.travis.yml
DELETED
@@ -1,40 +0,0 @@
|
|
1
|
-
sudo: false
|
2
|
-
language: ruby
|
3
|
-
rvm:
|
4
|
-
- 2.5.1
|
5
|
-
- 2.4.4
|
6
|
-
- 2.3.7
|
7
|
-
- 2.2.10
|
8
|
-
- 2.1.10
|
9
|
-
- 2.0.0
|
10
|
-
- 1.9.3
|
11
|
-
- rbx-2
|
12
|
-
- jruby-9.1.9.0
|
13
|
-
matrix:
|
14
|
-
allow_failures:
|
15
|
-
- rvm: rbx-2 # See rubinius/rubinius#3485 - rubocop segfaults
|
16
|
-
script: "bundle exec rake"
|
17
|
-
addons:
|
18
|
-
apt:
|
19
|
-
packages:
|
20
|
-
- idn
|
21
|
-
- build-essential # this and below attempt allow rubinius to be setup ok
|
22
|
-
- bison
|
23
|
-
- ruby-dev
|
24
|
-
- rake zlib1g-dev
|
25
|
-
- libyaml-dev
|
26
|
-
- libssl-dev
|
27
|
-
- libreadline-dev
|
28
|
-
- libncurses5-dev
|
29
|
-
- llvm
|
30
|
-
- llvm-dev
|
31
|
-
- libeditline-dev
|
32
|
-
- libedit-dev
|
33
|
-
before_install:
|
34
|
-
- gem update bundler
|
35
|
-
notifications:
|
36
|
-
email:
|
37
|
-
recipients:
|
38
|
-
- ruby-cloud-eng@google.com
|
39
|
-
on_success: change
|
40
|
-
on_failure: change
|