googleauth 0.8.0 → 0.8.1

data/lib/googleauth/user_refresh.rb

@@ -27,10 +27,10 @@
 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-require 'googleauth/signet'
-require 'googleauth/credentials_loader'
-require 'googleauth/scope_util'
-require 'multi_json'
+require "googleauth/signet"
+require "googleauth/credentials_loader"
+require "googleauth/scope_util"
+require "multi_json"
 
 module Google
   # Module Auth provides classes that provide Google-specific authorization
@@ -46,9 +46,9 @@ module Google
     #
     # cf [Application Default Credentials](http://goo.gl/mkAHpZ)
     class UserRefreshCredentials < Signet::OAuth2::Client
-      TOKEN_CRED_URI = 'https://oauth2.googleapis.com/token'.freeze
-      AUTHORIZATION_URI = 'https://accounts.google.com/o/oauth2/auth'.freeze
-      REVOKE_TOKEN_URI = 'https://oauth2.googleapis.com/revoke'.freeze
+      TOKEN_CRED_URI = "https://oauth2.googleapis.com/token".freeze
+      AUTHORIZATION_URI = "https://accounts.google.com/o/oauth2/auth".freeze
+      REVOKE_TOKEN_URI = "https://oauth2.googleapis.com/revoke".freeze
       extend CredentialsLoader
       attr_reader :project_id
 
@@ -56,47 +56,47 @@ module Google
       #
       # @param json_key_io [IO] an IO from which the JSON key can be read
       # @param scope [string|array|nil] the scope(s) to access
-      def self.make_creds(options = {})
-        json_key_io, scope = options.values_at(:json_key_io, :scope)
-        user_creds = read_json_key(json_key_io) if json_key_io
+      def self.make_creds options = {}
+        json_key_io, scope = options.values_at :json_key_io, :scope
+        user_creds = read_json_key json_key_io if json_key_io
         user_creds ||= {
-          'client_id'     => ENV[CredentialsLoader::CLIENT_ID_VAR],
-          'client_secret' => ENV[CredentialsLoader::CLIENT_SECRET_VAR],
-          'refresh_token' => ENV[CredentialsLoader::REFRESH_TOKEN_VAR],
-          'project_id'    => ENV[CredentialsLoader::PROJECT_ID_VAR]
+          "client_id"     => ENV[CredentialsLoader::CLIENT_ID_VAR],
+          "client_secret" => ENV[CredentialsLoader::CLIENT_SECRET_VAR],
+          "refresh_token" => ENV[CredentialsLoader::REFRESH_TOKEN_VAR],
+          "project_id"    => ENV[CredentialsLoader::PROJECT_ID_VAR]
         }
 
         new(token_credential_uri: TOKEN_CRED_URI,
-            client_id: user_creds['client_id'],
-            client_secret: user_creds['client_secret'],
-            refresh_token: user_creds['refresh_token'],
-            project_id:    user_creds['project_id'],
-            scope: scope)
+            client_id:            user_creds["client_id"],
+            client_secret:        user_creds["client_secret"],
+            refresh_token:        user_creds["refresh_token"],
+            project_id:           user_creds["project_id"],
+            scope:                scope)
           .configure_connection(options)
       end
 
       # Reads the client_id, client_secret and refresh_token fields from the
       # JSON key.
-      def self.read_json_key(json_key_io)
-        json_key = MultiJson.load(json_key_io.read)
-        wanted = %w(client_id client_secret refresh_token)
+      def self.read_json_key json_key_io
+        json_key = MultiJson.load json_key_io.read
+        wanted = %w[client_id client_secret refresh_token]
         wanted.each do |key|
-          raise "the json is missing the #{key} field" unless json_key.key?(key)
+          raise "the json is missing the #{key} field" unless json_key.key? key
         end
         json_key
       end
 
-      def initialize(options = {})
+      def initialize options = {}
         options ||= {}
         options[:token_credential_uri] ||= TOKEN_CRED_URI
         options[:authorization_uri] ||= AUTHORIZATION_URI
         @project_id = options[:project_id]
         @project_id ||= CredentialsLoader.load_gcloud_project_id
-        super(options)
+        super options
       end
 
       # Revokes the credential
-      def revoke!(options = {})
+      def revoke! options = {}
         c = options[:connection] || Faraday.default_connection
 
         retry_with_error do
@@ -119,7 +119,7 @@ module Google
       #  Scope to verify
       # @return [Boolean]
       #  True if scope is granted
-      def includes_scope?(required_scope)
+      def includes_scope? required_scope
         missing_scope = Google::Auth::ScopeUtil.normalize(required_scope) -
                         Google::Auth::ScopeUtil.normalize(scope)
         missing_scope.empty?

data/lib/googleauth/version.rb

@@ -31,6 +31,6 @@ module Google
   # Module Auth provides classes that provide Google-specific authorization
   # used to access Google APIs.
   module Auth
-    VERSION = '0.8.0'.freeze
+    VERSION = "0.8.1".freeze
   end
 end

data/lib/googleauth/web_user_authorizer.rb

@@ -27,11 +27,11 @@
 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-require 'multi_json'
-require 'googleauth/signet'
-require 'googleauth/user_authorizer'
-require 'googleauth/user_refresh'
-require 'securerandom'
+require "multi_json"
+require "googleauth/signet"
+require "googleauth/user_authorizer"
+require "googleauth/user_refresh"
+require "securerandom"
 
 module Google
   module Auth
@@ -66,21 +66,21 @@ module Google
     # @see {Google::Auth::ControllerHelpers}
     # @note Requires sessions are enabled
     class WebUserAuthorizer < Google::Auth::UserAuthorizer
-      STATE_PARAM = 'state'.freeze
-      AUTH_CODE_KEY = 'code'.freeze
-      ERROR_CODE_KEY = 'error'.freeze
-      SESSION_ID_KEY = 'session_id'.freeze
-      CALLBACK_STATE_KEY = 'g-auth-callback'.freeze
-      CURRENT_URI_KEY = 'current_uri'.freeze
-      XSRF_KEY = 'g-xsrf-token'.freeze
-      SCOPE_KEY = 'scope'.freeze
+      STATE_PARAM = "state".freeze
+      AUTH_CODE_KEY = "code".freeze
+      ERROR_CODE_KEY = "error".freeze
+      SESSION_ID_KEY = "session_id".freeze
+      CALLBACK_STATE_KEY = "g-auth-callback".freeze
+      CURRENT_URI_KEY = "current_uri".freeze
+      XSRF_KEY = "g-xsrf-token".freeze
+      SCOPE_KEY = "scope".freeze
 
-      NIL_REQUEST_ERROR = 'Request is required.'.freeze
-      NIL_SESSION_ERROR = 'Sessions must be enabled'.freeze
-      MISSING_AUTH_CODE_ERROR = 'Missing authorization code in request'.freeze
-      AUTHORIZATION_ERROR = 'Authorization error: %s'.freeze
+      NIL_REQUEST_ERROR = "Request is required.".freeze
+      NIL_SESSION_ERROR = "Sessions must be enabled".freeze
+      MISSING_AUTH_CODE_ERROR = "Missing authorization code in request".freeze
+      AUTHORIZATION_ERROR = "Authorization error: %s".freeze
       INVALID_STATE_TOKEN_ERROR =
-        'State token does not match expected value'.freeze
+        "State token does not match expected value".freeze
 
       class << self
         attr_accessor :default
@@ -97,9 +97,9 @@ module Google
       #
       # @param [Rack::Request] request
       #  Current request
-      def self.handle_auth_callback_deferred(request)
-        callback_state, redirect_uri = extract_callback_state(request)
-        request.session[CALLBACK_STATE_KEY] = MultiJson.dump(callback_state)
+      def self.handle_auth_callback_deferred request
+        callback_state, redirect_uri = extract_callback_state request
+        request.session[CALLBACK_STATE_KEY] = MultiJson.dump callback_state
         redirect_uri
       end
 
@@ -114,8 +114,8 @@ module Google
       # @param [String] callback_uri
       #  URL (either absolute or relative) of the auth callback. Defaults
       #  to '/oauth2callback'
-      def initialize(client_id, scope, token_store, callback_uri = nil)
-        super(client_id, scope, token_store, callback_uri)
+      def initialize client_id, scope, token_store, callback_uri = nil
+        super client_id, scope, token_store, callback_uri
       end
 
       # Handle the result of the oauth callback. Exchanges the authorization
@@ -127,15 +127,15 @@ module Google
       #  Current request
       # @return (Google::Auth::UserRefreshCredentials, String)
       #  credentials & next URL to redirect to
-      def handle_auth_callback(user_id, request)
+      def handle_auth_callback user_id, request
         callback_state, redirect_uri = WebUserAuthorizer.extract_callback_state(
           request
         )
-        WebUserAuthorizer.validate_callback_state(callback_state, request)
+        WebUserAuthorizer.validate_callback_state callback_state, request
         credentials = get_and_store_credentials_from_code(
-          user_id: user_id,
-          code: callback_state[AUTH_CODE_KEY],
-          scope: callback_state[SCOPE_KEY],
+          user_id:  user_id,
+          code:     callback_state[AUTH_CODE_KEY],
+          scope:    callback_state[SCOPE_KEY],
           base_url: request.url
         )
         [credentials, redirect_uri]
@@ -156,7 +156,7 @@ module Google
       #  not nil.
       # @return [String]
       #  Authorization url
-      def get_authorization_url(options = {})
+      def get_authorization_url options = {}
         options = options.dup
         request = options[:request]
         raise NIL_REQUEST_ERROR if request.nil?
@@ -165,11 +165,11 @@ module Google
         redirect_to = options[:redirect_to] || request.url
         request.session[XSRF_KEY] = SecureRandom.base64
         options[:state] = MultiJson.dump(
-          SESSION_ID_KEY => request.session[XSRF_KEY],
+          SESSION_ID_KEY  => request.session[XSRF_KEY],
           CURRENT_URI_KEY => redirect_to
         )
         options[:base_url] = request.url
-        super(options)
+        super options
       end
 
       # Fetch stored credentials for the user.
@@ -186,32 +186,32 @@ module Google
       # @raise [Signet::AuthorizationError]
       #  May raise an error if an authorization code is present in the session
       #  and exchange of the code fails
-      def get_credentials(user_id, request, scope = nil)
-        if request.session.key?(CALLBACK_STATE_KEY)
+      def get_credentials user_id, request, scope = nil
+        if request.session.key? CALLBACK_STATE_KEY
           # Note - in theory, no need to check required scope as this is
           # expected to be called immediately after a return from authorization
-          state_json = request.session.delete(CALLBACK_STATE_KEY)
-          callback_state = MultiJson.load(state_json)
-          WebUserAuthorizer.validate_callback_state(callback_state, request)
+          state_json = request.session.delete CALLBACK_STATE_KEY
+          callback_state = MultiJson.load state_json
+          WebUserAuthorizer.validate_callback_state callback_state, request
           get_and_store_credentials_from_code(
-            user_id: user_id,
-            code: callback_state[AUTH_CODE_KEY],
-            scope: callback_state[SCOPE_KEY],
+            user_id:  user_id,
+            code:     callback_state[AUTH_CODE_KEY],
+            scope:    callback_state[SCOPE_KEY],
             base_url: request.url
           )
         else
-          super(user_id, scope)
+          super user_id, scope
         end
       end
 
-      def self.extract_callback_state(request)
-        state = MultiJson.load(request[STATE_PARAM] || '{}')
+      def self.extract_callback_state request
+        state = MultiJson.load(request[STATE_PARAM] || "{}")
         redirect_uri = state[CURRENT_URI_KEY]
         callback_state = {
-          AUTH_CODE_KEY => request[AUTH_CODE_KEY],
+          AUTH_CODE_KEY  => request[AUTH_CODE_KEY],
           ERROR_CODE_KEY => request[ERROR_CODE_KEY],
           SESSION_ID_KEY => state[SESSION_ID_KEY],
-          SCOPE_KEY => request[SCOPE_KEY]
+          SCOPE_KEY      => request[SCOPE_KEY]
         }
         [callback_state, redirect_uri]
       end
@@ -226,12 +226,11 @@ module Google
       #  Error message if failed
       # @param [Rack::Request] request
       #  Current request
-      def self.validate_callback_state(state, request)
-        if state[AUTH_CODE_KEY].nil?
-          raise Signet::AuthorizationError, MISSING_AUTH_CODE_ERROR
-        elsif state[ERROR_CODE_KEY]
+      def self.validate_callback_state state, request
+        raise Signet::AuthorizationError, MISSING_AUTH_CODE_ERROR if state[AUTH_CODE_KEY].nil?
+        if state[ERROR_CODE_KEY]
           raise Signet::AuthorizationError,
-                sprintf(AUTHORIZATION_ERROR, state[ERROR_CODE_KEY])
+                format(AUTHORIZATION_ERROR, state[ERROR_CODE_KEY])
         elsif request.session[XSRF_KEY] != state[SESSION_ID_KEY]
           raise Signet::AuthorizationError, INVALID_STATE_TOKEN_ERROR
         end
@@ -259,7 +258,7 @@ module Google
       #
       # @see {Google::Auth::WebUserAuthorizer}
       class CallbackApp
-        LOCATION_HEADER = 'Location'.freeze
+        LOCATION_HEADER = "Location".freeze
         REDIR_STATUS = 302
         ERROR_STATUS = 500
 
@@ -275,18 +274,18 @@ module Google
         #  Rack environment
         # @return [Array]
         #  HTTP response
-        def self.call(env)
-          request = Rack::Request.new(env)
-          return_url = WebUserAuthorizer.handle_auth_callback_deferred(request)
+        def self.call env
+          request = Rack::Request.new env
+          return_url = WebUserAuthorizer.handle_auth_callback_deferred request
           if return_url
             [REDIR_STATUS, { LOCATION_HEADER => return_url }, []]
           else
-            [ERROR_STATUS, {}, ['No return URL is present in the request.']]
+            [ERROR_STATUS, {}, ["No return URL is present in the request."]]
           end
         end
 
-        def call(env)
-          self.class.call(env)
+        def call env
+          self.class.call env
         end
       end
     end

data/spec/googleauth/apply_auth_examples.rb

@@ -27,14 +27,14 @@
 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-spec_dir = File.expand_path(File.join(File.dirname(__FILE__)))
-$LOAD_PATH.unshift(spec_dir)
+spec_dir = File.expand_path File.join(File.dirname(__FILE__))
+$LOAD_PATH.unshift spec_dir
 $LOAD_PATH.uniq!
 
-require 'faraday'
-require 'spec_helper'
+require "faraday"
+require "spec_helper"
 
-shared_examples 'apply/apply! are OK' do
+shared_examples "apply/apply! are OK" do
   let(:auth_key) { :authorization }
 
   # tests that use these examples need to define
@@ -43,103 +43,103 @@ shared_examples 'apply/apply! are OK' do
   #
   # @make_auth_stubs, which should stub out the expected http behaviour of the
   # auth client
-  describe '#fetch_access_token' do
-    let(:token) { '1/abcdef1234567890' }
-    let(:stub) do
+  describe "#fetch_access_token" do
+    let(:token) { "1/abcdef1234567890" }
+    let :stub do
       make_auth_stubs access_token: token
     end
 
-    it 'should set access_token to the fetched value' do
+    it "should set access_token to the fetched value" do
       stub
       @client.fetch_access_token!
       expect(@client.access_token).to eq(token)
       expect(stub).to have_been_requested
     end
 
-    it 'should notify refresh listeners after updating' do
+    it "should notify refresh listeners after updating" do
       stub
       expect do |b|
         @client.on_refresh(&b)
         @client.fetch_access_token!
       end.to yield_with_args(have_attributes(
-                               access_token: '1/abcdef1234567890'
-      ))
+                               access_token: "1/abcdef1234567890"
+                             ))
       expect(stub).to have_been_requested
     end
   end
 
-  describe '#apply!' do
-    it 'should update the target hash with fetched access token' do
-      token = '1/abcdef1234567890'
+  describe "#apply!" do
+    it "should update the target hash with fetched access token" do
+      token = "1/abcdef1234567890"
       stub = make_auth_stubs access_token: token
 
-      md = { foo: 'bar' }
-      @client.apply!(md)
-      want = { :foo => 'bar', auth_key => "Bearer #{token}" }
+      md = { foo: "bar" }
+      @client.apply! md
+      want = { :foo => "bar", auth_key => "Bearer #{token}" }
       expect(md).to eq(want)
       expect(stub).to have_been_requested
     end
   end
 
-  describe 'updater_proc' do
-    it 'should provide a proc that updates a hash with the access token' do
-      token = '1/abcdef1234567890'
+  describe "updater_proc" do
+    it "should provide a proc that updates a hash with the access token" do
+      token = "1/abcdef1234567890"
       stub = make_auth_stubs access_token: token
-      md = { foo: 'bar' }
+      md = { foo: "bar" }
       the_proc = @client.updater_proc
-      got = the_proc.call(md)
-      want = { :foo => 'bar', auth_key => "Bearer #{token}" }
+      got = the_proc.call md
+      want = { :foo => "bar", auth_key => "Bearer #{token}" }
       expect(got).to eq(want)
       expect(stub).to have_been_requested
     end
   end
 
-  describe '#apply' do
-    it 'should not update the original hash with the access token' do
-      token = '1/abcdef1234567890'
+  describe "#apply" do
+    it "should not update the original hash with the access token" do
+      token = "1/abcdef1234567890"
       stub = make_auth_stubs access_token: token
 
-      md = { foo: 'bar' }
-      @client.apply(md)
-      want = { foo: 'bar' }
+      md = { foo: "bar" }
+      @client.apply md
+      want = { foo: "bar" }
       expect(md).to eq(want)
       expect(stub).to have_been_requested
     end
 
-    it 'should add the token to the returned hash' do
-      token = '1/abcdef1234567890'
+    it "should add the token to the returned hash" do
+      token = "1/abcdef1234567890"
       stub = make_auth_stubs access_token: token
 
-      md = { foo: 'bar' }
-      got = @client.apply(md)
-      want = { :foo => 'bar', auth_key => "Bearer #{token}" }
+      md = { foo: "bar" }
+      got = @client.apply md
+      want = { :foo => "bar", auth_key => "Bearer #{token}" }
       expect(got).to eq(want)
       expect(stub).to have_been_requested
     end
 
-    it 'should not fetch a new token if the current is not expired' do
-      token = '1/abcdef1234567890'
+    it "should not fetch a new token if the current is not expired" do
+      token = "1/abcdef1234567890"
       stub = make_auth_stubs access_token: token
 
       n = 5 # arbitrary
       n.times do |_t|
-        md = { foo: 'bar' }
-        got = @client.apply(md)
-        want = { :foo => 'bar', auth_key => "Bearer #{token}" }
+        md = { foo: "bar" }
+        got = @client.apply md
+        want = { :foo => "bar", auth_key => "Bearer #{token}" }
         expect(got).to eq(want)
       end
       expect(stub).to have_been_requested
     end
 
-    it 'should fetch a new token if the current one is expired' do
-      token1 = '1/abcdef1234567890'
-      token2 = '2/abcdef1234567891'
+    it "should fetch a new token if the current one is expired" do
+      token1 = "1/abcdef1234567890"
+      token2 = "2/abcdef1234567891"
 
       [token1, token2].each do |t|
         make_auth_stubs access_token: t
-        md = { foo: 'bar' }
-        got = @client.apply(md)
-        want = { :foo => 'bar', auth_key => "Bearer #{t}" }
+        md = { foo: "bar" }
+        got = @client.apply md
+        want = { :foo => "bar", auth_key => "Bearer #{t}" }
         expect(got).to eq(want)
         @client.expires_at -= 3601 # default is to expire in 1hr
       end