googleauth 1.8.0 → 1.15.0

data/lib/googleauth/web_user_authorizer.rb

@@ -13,6 +13,7 @@
 # limitations under the License.
 
 require "multi_json"
+require "googleauth/errors"
 require "googleauth/signet"
 require "googleauth/user_authorizer"
 require "googleauth/user_refresh"
@@ -79,6 +80,8 @@ module Google
       #
       # @param [Rack::Request] request
       #  Current request
+      # @return [String, nil]
+      #  Redirect URI if successfully extracted, nil otherwise
       def self.handle_auth_callback_deferred request
         callback_state, redirect_uri = extract_callback_state request
         request.session[CALLBACK_STATE_KEY] = MultiJson.dump callback_state
@@ -93,11 +96,22 @@ module Google
       #  Authorization scope to request
       # @param [Google::Auth::Stores::TokenStore] token_store
       #  Backing storage for persisting user credentials
-      # @param [String] callback_uri
+      # @param [String] legacy_callback_uri
       #  URL (either absolute or relative) of the auth callback. Defaults
-      #  to '/oauth2callback'
-      def initialize client_id, scope, token_store, callback_uri = nil
-        super client_id, scope, token_store, callback_uri
+      #  to '/oauth2callback'.
+      #  @deprecated This field is deprecated. Instead, use the keyword
+      #   argument callback_uri.
+      # @param [String] code_verifier
+      #  Random string of 43-128 chars used to verify the key exchange using
+      #  PKCE.
+      def initialize client_id, scope, token_store,
+                     legacy_callback_uri = nil,
+                     callback_uri: nil,
+                     code_verifier: nil
+        super client_id, scope, token_store,
+              legacy_callback_uri,
+              code_verifier: code_verifier,
+              callback_uri: callback_uri
       end
 
       # Handle the result of the oauth callback. Exchanges the authorization
@@ -140,11 +154,13 @@ module Google
       #  Optional key-values to be returned to the oauth callback.
       # @return [String]
       #  Authorization url
+      # @raise [Google::Auth::InitializationError]
+      #  If request is nil or request.session is nil
       def get_authorization_url options = {}
         options = options.dup
         request = options[:request]
-        raise NIL_REQUEST_ERROR if request.nil?
-        raise NIL_SESSION_ERROR if request.session.nil?
+        raise InitializationError, NIL_REQUEST_ERROR if request.nil?
+        raise InitializationError, NIL_SESSION_ERROR if request.session.nil?
 
         state = options[:state] || {}
 
@@ -170,9 +186,9 @@ module Google
       #  requested scopes
       # @return [Google::Auth::UserRefreshCredentials]
       #  Stored credentials, nil if none present
-      # @raise [Signet::AuthorizationError]
-      #  May raise an error if an authorization code is present in the session
-      #  and exchange of the code fails
+      # @raise [Google::Auth::AuthorizationError]
+      #  If the authorization code is missing, there's an error in the request,
+      #  or the state token doesn't match
       def get_credentials user_id, request = nil, scope = nil
         if request&.session&.key? CALLBACK_STATE_KEY
           # Note - in theory, no need to check required scope as this is
@@ -191,18 +207,33 @@ module Google
         end
       end
 
+      # Extract the callback state from the request
+      #
+      # @param [Rack::Request] request
+      #  Current request
+      # @return [Array<Hash, String>]
+      #  Callback state and redirect URI
       def self.extract_callback_state request
-        state = MultiJson.load(request[STATE_PARAM] || "{}")
+        state = MultiJson.load(request.params[STATE_PARAM] || "{}")
         redirect_uri = state[CURRENT_URI_KEY]
         callback_state = {
-          AUTH_CODE_KEY  => request[AUTH_CODE_KEY],
-          ERROR_CODE_KEY => request[ERROR_CODE_KEY],
+          AUTH_CODE_KEY  => request.params[AUTH_CODE_KEY],
+          ERROR_CODE_KEY => request.params[ERROR_CODE_KEY],
           SESSION_ID_KEY => state[SESSION_ID_KEY],
-          SCOPE_KEY      => request[SCOPE_KEY]
+          SCOPE_KEY      => request.params[SCOPE_KEY]
         }
         [callback_state, redirect_uri]
       end
 
+      # Returns the principal identifier for this web authorizer
+      # This is a class method that returns a symbol since
+      # we might not have a client_id in the static callback context
+      #
+      # @return [Symbol] The symbol for web user authorization
+      def self.principal
+        :web_user_authorization
+      end
+
       # Verifies the results of an authorization callback
       #
       # @param [Hash] state
@@ -213,13 +244,30 @@ module Google
       #  Error message if failed
       # @param [Rack::Request] request
       #  Current request
+      # @raise [Google::Auth::AuthorizationError]
+      #  If the authorization code is missing, there's an error in the callback state,
+      #  or the state token doesn't match
       def self.validate_callback_state state, request
-        raise Signet::AuthorizationError, MISSING_AUTH_CODE_ERROR if state[AUTH_CODE_KEY].nil?
+        if state[AUTH_CODE_KEY].nil?
+          raise AuthorizationError.with_details(
+            MISSING_AUTH_CODE_ERROR,
+            credential_type_name: name,
+            principal: principal
+          )
+        end
+
         if state[ERROR_CODE_KEY]
-          raise Signet::AuthorizationError,
-                format(AUTHORIZATION_ERROR, state[ERROR_CODE_KEY])
+          raise AuthorizationError.with_details(
+            format(AUTHORIZATION_ERROR, state[ERROR_CODE_KEY]),
+            credential_type_name: name,
+            principal: principal
+          )
         elsif request.session[XSRF_KEY] != state[SESSION_ID_KEY]
-          raise Signet::AuthorizationError, INVALID_STATE_TOKEN_ERROR
+          raise AuthorizationError.with_details(
+            INVALID_STATE_TOKEN_ERROR,
+            credential_type_name: name,
+            principal: principal
+          )
         end
       end
 

data/lib/googleauth.rb

@@ -13,9 +13,17 @@
 # limitations under the License.
 
 require "googleauth/application_default"
+require "googleauth/api_key"
+require "googleauth/bearer_token"
 require "googleauth/client_id"
 require "googleauth/credentials"
 require "googleauth/default_credentials"
+require "googleauth/errors"
+require "googleauth/external_account"
 require "googleauth/id_tokens"
+require "googleauth/impersonated_service_account"
+require "googleauth/service_account"
+require "googleauth/service_account_jwt_header"
 require "googleauth/user_authorizer"
+require "googleauth/user_refresh"
 require "googleauth/web_user_authorizer"

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: googleauth
 version: !ruby/object:Gem::Version
-  version: 1.8.0
+  version: 1.15.0
 platform: ruby
 authors:
-- Tim Emiola
-autorequire: 
+- Google LLC
 bindir: bin
 cert_chain: []
-date: 2023-09-08 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: faraday
@@ -16,7 +15,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.17.3
+        version: '1.0'
     - - "<"
       - !ruby/object:Gem::Version
         version: 3.a
@@ -26,10 +25,38 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.17.3
+        version: '1.0'
     - - "<"
       - !ruby/object:Gem::Version
         version: 3.a
+- !ruby/object:Gem::Dependency
+  name: google-cloud-env
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
+- !ruby/object:Gem::Dependency
+  name: google-logging-utils
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
 - !ruby/object:Gem::Dependency
   name: jwt
   requirement: !ruby/object:Gem::Requirement
@@ -39,7 +66,7 @@ dependencies:
         version: '1.4'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '4.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -49,7 +76,7 @@ dependencies:
         version: '1.4'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '4.0'
 - !ruby/object:Gem::Dependency
   name: multi_json
   requirement: !ruby/object:Gem::Requirement
@@ -107,7 +134,7 @@ dependencies:
 description: Implements simple authorization for accessing Google APIs, and provides
   support for Application Default Credentials.
 email:
-- temiola@google.com
+- googleapis-packages@google.com
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -115,17 +142,22 @@ files:
 - ".yardopts"
 - CHANGELOG.md
 - CODE_OF_CONDUCT.md
+- Credentials.md
+- Errors.md
 - LICENSE
 - README.md
 - SECURITY.md
 - lib/googleauth.rb
+- lib/googleauth/api_key.rb
 - lib/googleauth/application_default.rb
 - lib/googleauth/base_client.rb
+- lib/googleauth/bearer_token.rb
 - lib/googleauth/client_id.rb
 - lib/googleauth/compute_engine.rb
 - lib/googleauth/credentials.rb
 - lib/googleauth/credentials_loader.rb
 - lib/googleauth/default_credentials.rb
+- lib/googleauth/errors.rb
 - lib/googleauth/external_account.rb
 - lib/googleauth/external_account/aws_credentials.rb
 - lib/googleauth/external_account/base_credentials.rb
@@ -138,10 +170,12 @@ files:
 - lib/googleauth/id_tokens/errors.rb
 - lib/googleauth/id_tokens/key_sources.rb
 - lib/googleauth/id_tokens/verifier.rb
+- lib/googleauth/impersonated_service_account.rb
 - lib/googleauth/json_key_reader.rb
 - lib/googleauth/oauth2/sts_client.rb
 - lib/googleauth/scope_util.rb
 - lib/googleauth/service_account.rb
+- lib/googleauth/service_account_jwt_header.rb
 - lib/googleauth/signet.rb
 - lib/googleauth/stores/file_token_store.rb
 - lib/googleauth/stores/redis_token_store.rb
@@ -157,7 +191,6 @@ metadata:
   changelog_uri: https://github.com/googleapis/google-auth-library-ruby/blob/main/CHANGELOG.md
   source_code_uri: https://github.com/googleapis/google-auth-library-ruby
   bug_tracker_uri: https://github.com/googleapis/google-auth-library-ruby/issues
-post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -165,15 +198,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.6'
+      version: '3.0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.19
-signing_key: 
+rubygems_version: 3.6.9
 specification_version: 4
 summary: Google Auth Library for Ruby
 test_files: []