googleauth 0.9.0 → 0.17.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.yardopts +11 -0
- data/CHANGELOG.md +113 -21
- data/README.md +13 -15
- data/SECURITY.md +7 -0
- data/lib/googleauth/application_default.rb +9 -9
- data/lib/googleauth/compute_engine.rb +55 -30
- data/lib/googleauth/credentials.rb +253 -64
- data/lib/googleauth/credentials_loader.rb +15 -16
- data/lib/googleauth/iam.rb +1 -1
- data/{spec/googleauth/stores/store_examples.rb → lib/googleauth/id_tokens/errors.rb} +36 -23
- data/lib/googleauth/id_tokens/key_sources.rb +396 -0
- data/lib/googleauth/id_tokens/verifier.rb +142 -0
- data/lib/googleauth/id_tokens.rb +233 -0
- data/lib/googleauth/json_key_reader.rb +6 -2
- data/lib/googleauth/scope_util.rb +1 -1
- data/lib/googleauth/service_account.rb +61 -36
- data/lib/googleauth/signet.rb +9 -7
- data/lib/googleauth/stores/file_token_store.rb +1 -0
- data/lib/googleauth/stores/redis_token_store.rb +1 -0
- data/lib/googleauth/user_authorizer.rb +8 -3
- data/lib/googleauth/user_refresh.rb +1 -1
- data/lib/googleauth/version.rb +1 -1
- data/lib/googleauth/web_user_authorizer.rb +5 -8
- data/lib/googleauth.rb +1 -0
- metadata +33 -76
- data/.github/CONTRIBUTING.md +0 -74
- data/.github/ISSUE_TEMPLATE/bug_report.md +0 -36
- data/.github/ISSUE_TEMPLATE/feature_request.md +0 -21
- data/.github/ISSUE_TEMPLATE/support_request.md +0 -7
- data/.gitignore +0 -36
- data/.kokoro/build.bat +0 -16
- data/.kokoro/build.sh +0 -4
- data/.kokoro/continuous/common.cfg +0 -24
- data/.kokoro/continuous/linux.cfg +0 -15
- data/.kokoro/continuous/osx.cfg +0 -3
- data/.kokoro/continuous/windows.cfg +0 -19
- data/.kokoro/osx.sh +0 -4
- data/.kokoro/presubmit/common.cfg +0 -24
- data/.kokoro/presubmit/linux.cfg +0 -14
- data/.kokoro/presubmit/osx.cfg +0 -3
- data/.kokoro/presubmit/windows.cfg +0 -19
- data/.kokoro/release.cfg +0 -53
- data/.kokoro/trampoline.bat +0 -10
- data/.kokoro/trampoline.sh +0 -4
- data/.rspec +0 -2
- data/.rubocop.yml +0 -42
- data/Gemfile +0 -25
- data/Rakefile +0 -89
- data/googleauth.gemspec +0 -35
- data/spec/googleauth/apply_auth_examples.rb +0 -148
- data/spec/googleauth/client_id_spec.rb +0 -160
- data/spec/googleauth/compute_engine_spec.rb +0 -122
- data/spec/googleauth/credentials_spec.rb +0 -459
- data/spec/googleauth/get_application_default_spec.rb +0 -286
- data/spec/googleauth/iam_spec.rb +0 -80
- data/spec/googleauth/scope_util_spec.rb +0 -77
- data/spec/googleauth/service_account_spec.rb +0 -482
- data/spec/googleauth/signet_spec.rb +0 -134
- data/spec/googleauth/stores/file_token_store_spec.rb +0 -57
- data/spec/googleauth/stores/redis_token_store_spec.rb +0 -50
- data/spec/googleauth/user_authorizer_spec.rb +0 -323
- data/spec/googleauth/user_refresh_spec.rb +0 -359
- data/spec/googleauth/web_user_authorizer_spec.rb +0 -172
- data/spec/spec_helper.rb +0 -92
- /data/{COPYING → LICENSE} +0 -0
@@ -1,286 +0,0 @@
|
|
1
|
-
# Copyright 2015, Google Inc.
|
2
|
-
# All rights reserved.
|
3
|
-
#
|
4
|
-
# Redistribution and use in source and binary forms, with or without
|
5
|
-
# modification, are permitted provided that the following conditions are
|
6
|
-
# met:
|
7
|
-
#
|
8
|
-
# * Redistributions of source code must retain the above copyright
|
9
|
-
# notice, this list of conditions and the following disclaimer.
|
10
|
-
# * Redistributions in binary form must reproduce the above
|
11
|
-
# copyright notice, this list of conditions and the following disclaimer
|
12
|
-
# in the documentation and/or other materials provided with the
|
13
|
-
# distribution.
|
14
|
-
# * Neither the name of Google Inc. nor the names of its
|
15
|
-
# contributors may be used to endorse or promote products derived from
|
16
|
-
# this software without specific prior written permission.
|
17
|
-
#
|
18
|
-
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
19
|
-
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
20
|
-
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
21
|
-
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
22
|
-
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
23
|
-
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
24
|
-
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
25
|
-
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
26
|
-
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
27
|
-
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
28
|
-
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
29
|
-
|
30
|
-
spec_dir = File.expand_path File.join(File.dirname(__FILE__))
|
31
|
-
$LOAD_PATH.unshift spec_dir
|
32
|
-
$LOAD_PATH.uniq!
|
33
|
-
|
34
|
-
require "faraday"
|
35
|
-
require "fakefs/safe"
|
36
|
-
require "googleauth"
|
37
|
-
require "spec_helper"
|
38
|
-
require "os"
|
39
|
-
|
40
|
-
describe "#get_application_default" do
|
41
|
-
# Pass unique options each time to bypass memoization
|
42
|
-
let(:options) { |example| { dememoize: example } }
|
43
|
-
|
44
|
-
before :example do
|
45
|
-
@key = OpenSSL::PKey::RSA.new 2048
|
46
|
-
@var_name = ENV_VAR
|
47
|
-
@credential_vars = [
|
48
|
-
ENV_VAR, PRIVATE_KEY_VAR, CLIENT_EMAIL_VAR, CLIENT_ID_VAR,
|
49
|
-
CLIENT_SECRET_VAR, REFRESH_TOKEN_VAR, ACCOUNT_TYPE_VAR
|
50
|
-
]
|
51
|
-
@original_env_vals = {}
|
52
|
-
@credential_vars.each { |var| @original_env_vals[var] = ENV[var] }
|
53
|
-
@home = ENV["HOME"]
|
54
|
-
@app_data = ENV["APPDATA"]
|
55
|
-
@program_data = ENV["ProgramData"]
|
56
|
-
@scope = "https://www.googleapis.com/auth/userinfo.profile"
|
57
|
-
end
|
58
|
-
|
59
|
-
after :example do
|
60
|
-
@credential_vars.each { |var| ENV[var] = @original_env_vals[var] }
|
61
|
-
ENV["HOME"] = @home unless @home == ENV["HOME"]
|
62
|
-
ENV["APPDATA"] = @app_data unless @app_data == ENV["APPDATA"]
|
63
|
-
ENV["ProgramData"] = @program_data unless @program_data == ENV["ProgramData"]
|
64
|
-
end
|
65
|
-
|
66
|
-
shared_examples "it cannot load misconfigured credentials" do
|
67
|
-
it "fails if the GOOGLE_APPLICATION_CREDENTIALS path does not exist" do
|
68
|
-
Dir.mktmpdir do |dir|
|
69
|
-
key_path = File.join dir, "does-not-exist"
|
70
|
-
ENV[@var_name] = key_path
|
71
|
-
expect { Google::Auth.get_application_default @scope, options }
|
72
|
-
.to raise_error RuntimeError
|
73
|
-
end
|
74
|
-
end
|
75
|
-
|
76
|
-
it "fails without default file or env if not on compute engine" do
|
77
|
-
stub = stub_request(:get, "http://169.254.169.254")
|
78
|
-
.to_return(status: 404,
|
79
|
-
headers: { "Metadata-Flavor" => "NotGoogle" })
|
80
|
-
Dir.mktmpdir do |dir|
|
81
|
-
ENV.delete @var_name unless ENV[@var_name].nil? # no env var
|
82
|
-
ENV["HOME"] = dir # no config present in this tmp dir
|
83
|
-
expect do
|
84
|
-
Google::Auth.get_application_default @scope, options
|
85
|
-
end.to raise_error RuntimeError
|
86
|
-
end
|
87
|
-
expect(stub).to have_been_requested
|
88
|
-
end
|
89
|
-
end
|
90
|
-
|
91
|
-
shared_examples "it can successfully load credentials" do
|
92
|
-
it "succeeds if the GOOGLE_APPLICATION_CREDENTIALS file is valid" do
|
93
|
-
Dir.mktmpdir do |dir|
|
94
|
-
key_path = File.join dir, "my_cert_file"
|
95
|
-
FileUtils.mkdir_p File.dirname(key_path)
|
96
|
-
File.write key_path, cred_json_text
|
97
|
-
ENV[@var_name] = key_path
|
98
|
-
expect(Google::Auth.get_application_default(@scope, options))
|
99
|
-
.to_not be_nil
|
100
|
-
end
|
101
|
-
end
|
102
|
-
|
103
|
-
it "propagates default_connection option" do
|
104
|
-
Dir.mktmpdir do |dir|
|
105
|
-
key_path = File.join dir, "my_cert_file"
|
106
|
-
FileUtils.mkdir_p File.dirname(key_path)
|
107
|
-
File.write key_path, cred_json_text
|
108
|
-
ENV[@var_name] = key_path
|
109
|
-
connection = Faraday.new headers: { "User-Agent" => "hello" }
|
110
|
-
opts = options.merge default_connection: connection
|
111
|
-
creds = Google::Auth.get_application_default @scope, opts
|
112
|
-
expect(creds.build_default_connection).to be connection
|
113
|
-
end
|
114
|
-
end
|
115
|
-
|
116
|
-
it "succeeds with default file without GOOGLE_APPLICATION_CREDENTIALS" do
|
117
|
-
ENV.delete @var_name unless ENV[@var_name].nil?
|
118
|
-
Dir.mktmpdir do |dir|
|
119
|
-
key_path = File.join dir, ".config", WELL_KNOWN_PATH
|
120
|
-
key_path = File.join dir, WELL_KNOWN_PATH if OS.windows?
|
121
|
-
FileUtils.mkdir_p File.dirname(key_path)
|
122
|
-
File.write key_path, cred_json_text
|
123
|
-
ENV["HOME"] = dir
|
124
|
-
ENV["APPDATA"] = dir
|
125
|
-
expect(Google::Auth.get_application_default(@scope, options))
|
126
|
-
.to_not be_nil
|
127
|
-
end
|
128
|
-
end
|
129
|
-
|
130
|
-
it "succeeds with default file without a scope" do
|
131
|
-
ENV.delete @var_name unless ENV[@var_name].nil?
|
132
|
-
Dir.mktmpdir do |dir|
|
133
|
-
key_path = File.join dir, ".config", WELL_KNOWN_PATH
|
134
|
-
key_path = File.join dir, WELL_KNOWN_PATH if OS.windows?
|
135
|
-
FileUtils.mkdir_p File.dirname(key_path)
|
136
|
-
File.write key_path, cred_json_text
|
137
|
-
ENV["HOME"] = dir
|
138
|
-
ENV["APPDATA"] = dir
|
139
|
-
expect(Google::Auth.get_application_default(nil, options)).to_not be_nil
|
140
|
-
end
|
141
|
-
end
|
142
|
-
|
143
|
-
it "succeeds without default file or env if on compute engine" do
|
144
|
-
stub = stub_request(:get, "http://169.254.169.254")
|
145
|
-
.to_return(status: 200,
|
146
|
-
headers: { "Metadata-Flavor" => "Google" })
|
147
|
-
Dir.mktmpdir do |dir|
|
148
|
-
ENV.delete @var_name unless ENV[@var_name].nil? # no env var
|
149
|
-
ENV["HOME"] = dir # no config present in this tmp dir
|
150
|
-
creds = Google::Auth.get_application_default @scope, options
|
151
|
-
expect(creds).to_not be_nil
|
152
|
-
end
|
153
|
-
expect(stub).to have_been_requested
|
154
|
-
end
|
155
|
-
|
156
|
-
it "succeeds with system default file" do
|
157
|
-
ENV.delete @var_name unless ENV[@var_name].nil?
|
158
|
-
FakeFS do
|
159
|
-
ENV["ProgramData"] = "/etc"
|
160
|
-
prefix = OS.windows? ? "/etc/Google/Auth/" : "/etc/google/auth/"
|
161
|
-
key_path = File.join prefix, CREDENTIALS_FILE_NAME
|
162
|
-
FileUtils.mkdir_p File.dirname(key_path)
|
163
|
-
File.write key_path, cred_json_text
|
164
|
-
expect(Google::Auth.get_application_default(@scope, options))
|
165
|
-
.to_not be_nil
|
166
|
-
File.delete key_path
|
167
|
-
end
|
168
|
-
end
|
169
|
-
|
170
|
-
it "succeeds if environment vars are valid" do
|
171
|
-
ENV.delete @var_name unless ENV[@var_name].nil? # no env var
|
172
|
-
ENV[PRIVATE_KEY_VAR] = cred_json[:private_key]
|
173
|
-
ENV[CLIENT_EMAIL_VAR] = cred_json[:client_email]
|
174
|
-
ENV[CLIENT_ID_VAR] = cred_json[:client_id]
|
175
|
-
ENV[CLIENT_SECRET_VAR] = cred_json[:client_secret]
|
176
|
-
ENV[REFRESH_TOKEN_VAR] = cred_json[:refresh_token]
|
177
|
-
ENV[ACCOUNT_TYPE_VAR] = cred_json[:type]
|
178
|
-
expect(Google::Auth.get_application_default(@scope, options))
|
179
|
-
.to_not be_nil
|
180
|
-
end
|
181
|
-
|
182
|
-
it "warns when using cloud sdk credentials" do
|
183
|
-
ENV.delete @var_name unless ENV[@var_name].nil? # no env var
|
184
|
-
ENV[PRIVATE_KEY_VAR] = cred_json[:private_key]
|
185
|
-
ENV[CLIENT_EMAIL_VAR] = cred_json[:client_email]
|
186
|
-
ENV[CLIENT_ID_VAR] = Google::Auth::CredentialsLoader::CLOUD_SDK_CLIENT_ID
|
187
|
-
ENV[CLIENT_SECRET_VAR] = cred_json[:client_secret]
|
188
|
-
ENV[REFRESH_TOKEN_VAR] = cred_json[:refresh_token]
|
189
|
-
ENV[ACCOUNT_TYPE_VAR] = cred_json[:type]
|
190
|
-
ENV[PROJECT_ID_VAR] = "a_project_id"
|
191
|
-
expect { Google::Auth.get_application_default @scope, options }.to output(
|
192
|
-
Google::Auth::CredentialsLoader::CLOUD_SDK_CREDENTIALS_WARNING + "\n"
|
193
|
-
).to_stderr
|
194
|
-
end
|
195
|
-
end
|
196
|
-
|
197
|
-
describe "when credential type is service account" do
|
198
|
-
let :cred_json do
|
199
|
-
{
|
200
|
-
private_key_id: "a_private_key_id",
|
201
|
-
private_key: @key.to_pem,
|
202
|
-
client_email: "app@developer.gserviceaccount.com",
|
203
|
-
client_id: "app.apps.googleusercontent.com",
|
204
|
-
type: "service_account"
|
205
|
-
}
|
206
|
-
end
|
207
|
-
|
208
|
-
def cred_json_text
|
209
|
-
MultiJson.dump cred_json
|
210
|
-
end
|
211
|
-
|
212
|
-
it_behaves_like "it can successfully load credentials"
|
213
|
-
it_behaves_like "it cannot load misconfigured credentials"
|
214
|
-
end
|
215
|
-
|
216
|
-
describe "when credential type is authorized_user" do
|
217
|
-
let :cred_json do
|
218
|
-
{
|
219
|
-
client_secret: "privatekey",
|
220
|
-
refresh_token: "refreshtoken",
|
221
|
-
client_id: "app.apps.googleusercontent.com",
|
222
|
-
type: "authorized_user"
|
223
|
-
}
|
224
|
-
end
|
225
|
-
|
226
|
-
def cred_json_text
|
227
|
-
MultiJson.dump cred_json
|
228
|
-
end
|
229
|
-
|
230
|
-
it_behaves_like "it can successfully load credentials"
|
231
|
-
it_behaves_like "it cannot load misconfigured credentials"
|
232
|
-
end
|
233
|
-
|
234
|
-
describe "when credential type is unknown" do
|
235
|
-
let :cred_json do
|
236
|
-
{
|
237
|
-
client_secret: "privatekey",
|
238
|
-
refresh_token: "refreshtoken",
|
239
|
-
client_id: "app.apps.googleusercontent.com",
|
240
|
-
private_key: @key.to_pem,
|
241
|
-
client_email: "app@developer.gserviceaccount.com",
|
242
|
-
type: "not_known_type"
|
243
|
-
}
|
244
|
-
end
|
245
|
-
|
246
|
-
def cred_json_text
|
247
|
-
MultiJson.dump cred_json
|
248
|
-
end
|
249
|
-
|
250
|
-
it "fails if the GOOGLE_APPLICATION_CREDENTIALS file contains the creds" do
|
251
|
-
Dir.mktmpdir do |dir|
|
252
|
-
key_path = File.join dir, "my_cert_file"
|
253
|
-
FileUtils.mkdir_p File.dirname(key_path)
|
254
|
-
File.write key_path, cred_json_text
|
255
|
-
ENV[@var_name] = key_path
|
256
|
-
expect do
|
257
|
-
Google::Auth.get_application_default @scope, options
|
258
|
-
end.to raise_error RuntimeError
|
259
|
-
end
|
260
|
-
end
|
261
|
-
|
262
|
-
it "fails if the well known file contains the creds" do
|
263
|
-
ENV.delete @var_name unless ENV[@var_name].nil?
|
264
|
-
Dir.mktmpdir do |dir|
|
265
|
-
key_path = File.join dir, ".config", WELL_KNOWN_PATH
|
266
|
-
key_path = File.join dir, WELL_KNOWN_PATH if OS.windows?
|
267
|
-
FileUtils.mkdir_p File.dirname(key_path)
|
268
|
-
File.write key_path, cred_json_text
|
269
|
-
ENV["HOME"] = dir
|
270
|
-
ENV["APPDATA"] = dir
|
271
|
-
expect do
|
272
|
-
Google::Auth.get_application_default @scope, options
|
273
|
-
end.to raise_error RuntimeError
|
274
|
-
end
|
275
|
-
end
|
276
|
-
|
277
|
-
it "fails if env vars are set" do
|
278
|
-
ENV[ENV_VAR] = nil
|
279
|
-
ENV[PRIVATE_KEY_VAR] = cred_json[:private_key]
|
280
|
-
ENV[CLIENT_EMAIL_VAR] = cred_json[:client_email]
|
281
|
-
expect do
|
282
|
-
Google::Auth.get_application_default @scope, options
|
283
|
-
end.to raise_error RuntimeError
|
284
|
-
end
|
285
|
-
end
|
286
|
-
end
|
data/spec/googleauth/iam_spec.rb
DELETED
@@ -1,80 +0,0 @@
|
|
1
|
-
# Copyright 2015, Google Inc.
|
2
|
-
# All rights reserved.
|
3
|
-
#
|
4
|
-
# Redistribution and use in source and binary forms, with or without
|
5
|
-
# modification, are permitted provided that the following conditions are
|
6
|
-
# met:
|
7
|
-
#
|
8
|
-
# * Redistributions of source code must retain the above copyright
|
9
|
-
# notice, this list of conditions and the following disclaimer.
|
10
|
-
# * Redistributions in binary form must reproduce the above
|
11
|
-
# copyright notice, this list of conditions and the following disclaimer
|
12
|
-
# in the documentation and/or other materials provided with the
|
13
|
-
# distribution.
|
14
|
-
# * Neither the name of Google Inc. nor the names of its
|
15
|
-
# contributors may be used to endorse or promote products derived from
|
16
|
-
# this software without specific prior written permission.
|
17
|
-
#
|
18
|
-
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
19
|
-
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
20
|
-
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
21
|
-
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
22
|
-
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
23
|
-
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
24
|
-
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
25
|
-
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
26
|
-
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
27
|
-
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
28
|
-
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
29
|
-
|
30
|
-
spec_dir = File.expand_path File.join(File.dirname(__FILE__))
|
31
|
-
$LOAD_PATH.unshift spec_dir
|
32
|
-
$LOAD_PATH.uniq!
|
33
|
-
|
34
|
-
require "googleauth/iam"
|
35
|
-
|
36
|
-
describe Google::Auth::IAMCredentials do
|
37
|
-
IAMCredentials = Google::Auth::IAMCredentials
|
38
|
-
let(:test_selector) { "the-test-selector" }
|
39
|
-
let(:test_token) { "the-test-token" }
|
40
|
-
let(:test_creds) { IAMCredentials.new test_selector, test_token }
|
41
|
-
|
42
|
-
describe "#apply!" do
|
43
|
-
it "should update the target hash with the iam values" do
|
44
|
-
md = { foo: "bar" }
|
45
|
-
test_creds.apply! md
|
46
|
-
expect(md[IAMCredentials::SELECTOR_KEY]).to eq test_selector
|
47
|
-
expect(md[IAMCredentials::TOKEN_KEY]).to eq test_token
|
48
|
-
expect(md[:foo]).to eq "bar"
|
49
|
-
end
|
50
|
-
end
|
51
|
-
|
52
|
-
describe "updater_proc" do
|
53
|
-
it "should provide a proc that updates a hash with the iam values" do
|
54
|
-
md = { foo: "bar" }
|
55
|
-
the_proc = test_creds.updater_proc
|
56
|
-
got = the_proc.call md
|
57
|
-
expect(got[IAMCredentials::SELECTOR_KEY]).to eq test_selector
|
58
|
-
expect(got[IAMCredentials::TOKEN_KEY]).to eq test_token
|
59
|
-
expect(got[:foo]).to eq "bar"
|
60
|
-
end
|
61
|
-
end
|
62
|
-
|
63
|
-
describe "#apply" do
|
64
|
-
it "should not update the original hash with the iam values" do
|
65
|
-
md = { foo: "bar" }
|
66
|
-
test_creds.apply md
|
67
|
-
expect(md[IAMCredentials::SELECTOR_KEY]).to be_nil
|
68
|
-
expect(md[IAMCredentials::TOKEN_KEY]).to be_nil
|
69
|
-
expect(md[:foo]).to eq "bar"
|
70
|
-
end
|
71
|
-
|
72
|
-
it "should return a with the iam values" do
|
73
|
-
md = { foo: "bar" }
|
74
|
-
got = test_creds.apply md
|
75
|
-
expect(got[IAMCredentials::SELECTOR_KEY]).to eq test_selector
|
76
|
-
expect(got[IAMCredentials::TOKEN_KEY]).to eq test_token
|
77
|
-
expect(got[:foo]).to eq "bar"
|
78
|
-
end
|
79
|
-
end
|
80
|
-
end
|
@@ -1,77 +0,0 @@
|
|
1
|
-
# Copyright 2015, Google Inc.
|
2
|
-
# All rights reserved.
|
3
|
-
#
|
4
|
-
# Redistribution and use in source and binary forms, with or without
|
5
|
-
# modification, are permitted provided that the following conditions are
|
6
|
-
# met:
|
7
|
-
#
|
8
|
-
# * Redistributions of source code must retain the above copyright
|
9
|
-
# notice, this list of conditions and the following disclaimer.
|
10
|
-
# * Redistributions in binary form must reproduce the above
|
11
|
-
# copyright notice, this list of conditions and the following disclaimer
|
12
|
-
# in the documentation and/or other materials provided with the
|
13
|
-
# distribution.
|
14
|
-
# * Neither the name of Google Inc. nor the names of its
|
15
|
-
# contributors may be used to endorse or promote products derived from
|
16
|
-
# this software without specific prior written permission.
|
17
|
-
#
|
18
|
-
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
19
|
-
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
20
|
-
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
21
|
-
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
22
|
-
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
23
|
-
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
24
|
-
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
25
|
-
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
26
|
-
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
27
|
-
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
28
|
-
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
29
|
-
|
30
|
-
spec_dir = File.expand_path File.join(File.dirname(__FILE__))
|
31
|
-
$LOAD_PATH.unshift spec_dir
|
32
|
-
$LOAD_PATH.uniq!
|
33
|
-
|
34
|
-
require "googleauth/scope_util"
|
35
|
-
|
36
|
-
describe Google::Auth::ScopeUtil do
|
37
|
-
shared_examples "normalizes scopes" do
|
38
|
-
let(:normalized) { Google::Auth::ScopeUtil.normalize source }
|
39
|
-
|
40
|
-
it "normalizes the email scope" do
|
41
|
-
expect(normalized).to include(
|
42
|
-
"https://www.googleapis.com/auth/userinfo.email"
|
43
|
-
)
|
44
|
-
expect(normalized).to_not include "email"
|
45
|
-
end
|
46
|
-
|
47
|
-
it "normalizes the profile scope" do
|
48
|
-
expect(normalized).to include(
|
49
|
-
"https://www.googleapis.com/auth/userinfo.profile"
|
50
|
-
)
|
51
|
-
expect(normalized).to_not include "profile"
|
52
|
-
end
|
53
|
-
|
54
|
-
it "normalizes the openid scope" do
|
55
|
-
expect(normalized).to include "https://www.googleapis.com/auth/plus.me"
|
56
|
-
expect(normalized).to_not include "openid"
|
57
|
-
end
|
58
|
-
|
59
|
-
it "leaves other other scopes as-is" do
|
60
|
-
expect(normalized).to include "https://www.googleapis.com/auth/drive"
|
61
|
-
end
|
62
|
-
end
|
63
|
-
|
64
|
-
context "with scope as string" do
|
65
|
-
let :source do
|
66
|
-
"email profile openid https://www.googleapis.com/auth/drive"
|
67
|
-
end
|
68
|
-
it_behaves_like "normalizes scopes"
|
69
|
-
end
|
70
|
-
|
71
|
-
context "with scope as Array" do
|
72
|
-
let :source do
|
73
|
-
%w[email profile openid https://www.googleapis.com/auth/drive]
|
74
|
-
end
|
75
|
-
it_behaves_like "normalizes scopes"
|
76
|
-
end
|
77
|
-
end
|