googleauth 0.5.1 → 0.5.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: e2b7b1cf21b1190e227d1c6da0e204a2eaf9a562
-  data.tar.gz: e2bb3c3f74e40bea4ff997f3613f07815f8f78ab
+  metadata.gz: c7166e05e50e9d66f0fbbe0ed95674c008772078
+  data.tar.gz: ac765a872c1302acc55ff76acff1adb3c421402a
 SHA512:
-  metadata.gz: f268b6486b2638195745c6750f256de0d4e703c9896bc6164b84c626eb6057ef6e6c159471d75215e3110cefe5c07c44180273d1ce6140fa1ffd8274272cb930
-  data.tar.gz: 2cf2c5a305ecc069c01c7a0a3a848e45bceb449cf5a57c3a15906284a96dca9631b86c1e563cb6a5b1b3d25828ad7971e7a1e6315964b838bdbc0cfad8a5d499
+  metadata.gz: 2e379500990afa645e680fef25c180d6476042bbeeda083d02cd442d98a5cc3c1ce9f47bcab8ac4463841b51a5aa8603051da1e30884cd4dc207e5c75404acde
+  data.tar.gz: 22aa2ecb920bd44334d5dfbfc906b3a736a56943c5a8d90d43ad7762648542884ee9392e31acfb45ec44233fae34ca0f957d963f6cba554dba7e86df4b07c7da

data/.rubocop.yml

@@ -1 +1,26 @@
-inherit_from: .rubocop_todo.yml
+AllCops:
+  Exclude:
+    - "spec/**/*"
+
+Metrics/AbcSize:
+  Max: 25
+Metrics/BlockLength:
+  Exclude:
+    - "googleauth.gemspec"
+Metrics/CyclomaticComplexity:
+  Max: 8
+Metrics/MethodLength:
+  Max: 20
+Metrics/ClassLength:
+  Enabled: false
+Style/IndentHeredoc:
+  Enabled: false
+Style/FormatString:
+  Enabled: false
+Style/GuardClause:
+  Enabled: false
+Style/PercentLiteralDelimiters: # Contradicting rule
+  Enabled: false
+Style/SymbolArray: # Undefined syntax in Ruby 1.9.3
+  Enabled: false
+

data/.travis.yml

@@ -1,6 +1,8 @@
 sudo: false
 language: ruby
 rvm:
+  - 2.4
+  - 2.3
   - 2.2
   - 2.0.0
   - 2.1
@@ -32,6 +34,6 @@ before_install:
 notifications:
   email:
     recipients:
-      - temiola@google.com
+      - ruby-cloud-eng@google.com
     on_success: change
     on_failure: change

data/CHANGELOG.md

@@ -1,4 +1,11 @@
-## 0.5.1 (06/01/2016)
+## 0.5.2 (2017/07/19)
+
+### Changes
+
+* Add retry mechanism when fetching access tokens in `GCECredentials` and `UserRefreshCredentials` classes.
+* Update Google API OAuth2 token credential URI to v4.
+
+## 0.5.1 (2016/01/06)
 
 ### Changes
 
@@ -6,14 +13,14 @@
 * Fix ADC not working on some windows machines ([@vsubramani][])
 [#55](https://github.com/google/google-auth-library-ruby/issues/55)
 
-## 0.5.0 (12/10/2015)
+## 0.5.0 (2015/10/12)
 
 ### Changes
 
 * Initial support for user credentials ([@sqrrrl][])
 * Update Signet to 0.7
 
-## 0.4.2 (05/08/2015)
+## 0.4.2 (2015/08/05)
 
 ### Changes
 
@@ -34,20 +41,20 @@
 * Enables passing credentials via environment variables. ([@haabaato][])
 [#27](https://github.com/google/google-auth-library-ruby/issues/27)
 
-## 0.4.1 (25/04/2015)
+## 0.4.1 (2015/04/25)
 
 ### Changes
 
 * Improves handling of --no-scopes GCE authorization ([@tbetbetbe][])
 * Refactoring and cleanup ([@joneslee85][])
 
-## 0.4.0 (25/03/2015)
+## 0.4.0 (2015/03/25)
 
 ### Changes
 
 * Adds an implementation of JWT header auth ([@tbetbetbe][])
 
-## 0.3.0 (23/03/2015)
+## 0.3.0 (2015/03/23)
 
 ### Changes
 

data/Gemfile

@@ -5,17 +5,17 @@ gemspec
 
 group :development do
   gem 'bundler', '~> 1.9'
-  gem 'simplecov', '~> 0.9'
   gem 'coveralls', '~> 0.7'
   gem 'fakefs', '~> 0.6'
-  gem 'rake', '~> 10.0'
-  gem 'rubocop', '~> 0.30'
-  gem 'rspec', '~> 3.0'
-  gem 'redis', '~> 3.2'
   gem 'fakeredis', '~> 0.5'
-  gem 'webmock', '~> 1.21'
   gem 'rack-test', '~> 0.6'
+  gem 'rake', '~> 10.0'
+  gem 'redis', '~> 3.2'
+  gem 'rspec', '~> 3.0'
+  gem 'rubocop', '~> 0.30'
+  gem 'simplecov', '~> 0.9'
   gem 'sinatra'
+  gem 'webmock', '~> 1.21'
 end
 
 platforms :jruby do

data/README.md

@@ -70,7 +70,7 @@ a generic authorizer useful for command line apps or custom integrations as
 well as a web variant tailored toward Rack-based applications.
 
 The authorizers are intended for authorization use cases. For sign-on,
-see [Google Idenity Platform](https://developers.google.com/identity/)
+see [Google Identity Platform](https://developers.google.com/identity/)
 
 ### Example (Web)
 
@@ -92,7 +92,7 @@ get('/authorize') do
   user_id = request.session['user_id']
   credentials = authorizer.get_credentials(user_id, request)
   if credentials.nil?
-    redirect authorizer.get_authorization_url(user_id: user_id, request: request)
+    redirect authorizer.get_authorization_url(login_hint: user_id, request: request)
   end
   # Credentials are valid, can call APIs
   # ...
@@ -111,6 +111,8 @@ end
 require 'googleauth'
 require 'googleauth/stores/file_token_store'
 
+OOB_URI = 'urn:ietf:wg:oauth:2.0:oob'
+
 scope = 'https://www.googleapis.com/auth/drive'
 client_id = Google::Auth::ClientId.from_file('/path/to/client_secrets.json')
 token_store = Google::Auth::Stores::FileTokenStore.new(
@@ -119,7 +121,7 @@ authorizer = Google::Auth::UserAuthorizer.new(client_id, scope, token_store)
 
 credentials = authorizer.get_credentials(user_id)
 if credentials.nil?
-  url = authorizer.get_authorization_url(base_url: 'urn:ietf:wg:oauth:2.0:oob')
+  url = authorizer.get_authorization_url(base_url: OOB_URI )
   puts "Open #{url} in your browser and enter the resulting code:"
   code = gets
   credentials = authorizer.get_and_store_credentials_from_code(
@@ -129,6 +131,18 @@ end
 # OK to use credentials
 ```
 
+### Example (Service Account)
+
+```ruby
+scope = 'https://www.googleapis.com/auth/androidpublisher'
+
+authorizer = Google::Auth::ServiceAccountCredentials.make_creds(
+  json_key_io: File.open('/path/to/service_account_json_key.json'),
+  scope: scope)
+  
+authorizer.fetch_access_token!
+```
+
 ### Storage
 
 Authorizers require a storage instance to manage long term persistence of
@@ -140,14 +154,6 @@ access and refresh tokens. Two storage implementations are included:
 Custom storage implementations can also be used. See
 [token_store.rb](lib/googleauth/token_store.rb) for additional details.
 
-## What about auth in google-apis-ruby-client?
-
-The goal is for all auth done by
-[google-apis-ruby-client][google-apis-ruby-client] to be performed by this
-library. I.e, eventually google-apis-ruby-client will just take a dependency
-on this library.  This update is a work in progress, but should be completed
-by Q2 2015.
-
 ## License
 
 This library is licensed under Apache 2.0. Full license text is

data/googleauth.gemspec

@@ -1,5 +1,6 @@
 # -*- ruby -*-
 # encoding: utf-8
+
 $LOAD_PATH.push File.expand_path('../lib', __FILE__)
 require 'googleauth/version'
 
@@ -25,7 +26,7 @@ Gem::Specification.new do |s|
   s.require_paths = ['lib']
   s.platform      = Gem::Platform::RUBY
 
-  s.add_dependency 'faraday', '~> 0.9'
+  s.add_dependency 'faraday', '~> 0.12'
   s.add_dependency 'logging', '~> 2.0'
   s.add_dependency 'jwt', '~> 1.4'
   s.add_dependency 'memoist', '~> 0.12'

data/lib/googleauth.rb

@@ -42,7 +42,7 @@ module Google
   # Module Auth provides classes that provide Google-specific authorization
   # used to access Google APIs.
   module Auth
-    NOT_FOUND_ERROR = <<END
+    NOT_FOUND_ERROR = <<END.freeze
 Could not load the default credentials. Browse to
 https://developers.google.com/accounts/docs/application-default-credentials
 for more information
@@ -70,14 +70,14 @@ END
       def self.read_creds
         env_var = CredentialsLoader::ACCOUNT_TYPE_VAR
         type = ENV[env_var]
-        fail "#{ACCOUNT_TYPE_VAR} is undefined in env" unless type
+        raise "#{env_var} is undefined in env" unless type
         case type
         when 'service_account'
           ServiceAccountCredentials
         when 'authorized_user'
           UserRefreshCredentials
         else
-          fail "credentials type '#{type}' is not supported"
+          raise "credentials type '#{type}' is not supported"
         end
       end
 
@@ -85,7 +85,7 @@ END
       def self.determine_creds_class(json_key_io)
         json_key = MultiJson.load(json_key_io.read)
         key = 'type'
-        fail "the json is missing the '#{key}' field" unless json_key.key?(key)
+        raise "the json is missing the '#{key}' field" unless json_key.key?(key)
         type = json_key[key]
         case type
         when 'service_account'
@@ -93,7 +93,7 @@ END
         when 'authorized_user'
           [json_key, UserRefreshCredentials]
         else
-          fail "credentials type '#{type}' is not supported"
+          raise "credentials type '#{type}' is not supported"
         end
       end
     end
@@ -116,7 +116,7 @@ END
               DefaultCredentials.from_well_known_path(scope) ||
               DefaultCredentials.from_system_default_path(scope)
       return creds unless creds.nil?
-      fail NOT_FOUND_ERROR unless GCECredentials.on_gce?(options)
+      raise NOT_FOUND_ERROR unless GCECredentials.on_gce?(options)
       GCECredentials.new
     end
 

data/lib/googleauth/client_id.rb

@@ -34,12 +34,12 @@ module Google
     # Representation of an application's identity for user authorization
     # flows.
     class ClientId
-      INSTALLED_APP = 'installed'
-      WEB_APP = 'web'
-      CLIENT_ID = 'client_id'
-      CLIENT_SECRET = 'client_secret'
+      INSTALLED_APP = 'installed'.freeze
+      WEB_APP = 'web'.freeze
+      CLIENT_ID = 'client_id'.freeze
+      CLIENT_SECRET = 'client_secret'.freeze
       MISSING_TOP_LEVEL_ELEMENT_ERROR =
-        "Expected top level property 'installed' or 'web' to be present."
+        "Expected top level property 'installed' or 'web' to be present.".freeze
 
       # Text identifier of the client ID
       # @return [String]
@@ -63,8 +63,8 @@ module Google
       #       & secrets in source. See {#from_file} to load from
       #       `client_secrets.json` files.
       def initialize(id, secret)
-        fail 'Client id can not be nil' if id.nil?
-        fail 'Client secret can not be nil' if secret.nil?
+        raise 'Client id can not be nil' if id.nil?
+        raise 'Client secret can not be nil' if secret.nil?
         @id = id
         @secret = secret
       end
@@ -76,7 +76,7 @@ module Google
       #  Path of file to read from
       # @return [Google::Auth::ClientID]
       def self.from_file(file)
-        fail 'File can not be nil.' if file.nil?
+        raise 'File can not be nil.' if file.nil?
         File.open(file.to_s) do |f|
           json = f.read
           config = MultiJson.load(json)
@@ -92,9 +92,9 @@ module Google
       #  Parsed contents of the JSON file
       # @return [Google::Auth::ClientID]
       def self.from_hash(config)
-        fail 'Hash can not be nil.' if config.nil?
+        raise 'Hash can not be nil.' if config.nil?
         raw_detail = config[INSTALLED_APP] || config[WEB_APP]
-        fail MISSING_TOP_LEVEL_ELEMENT_ERROR if raw_detail.nil?
+        raise MISSING_TOP_LEVEL_ELEMENT_ERROR if raw_detail.nil?
         ClientId.new(raw_detail[CLIENT_ID], raw_detail[CLIENT_SECRET])
       end
     end

data/lib/googleauth/compute_engine.rb

@@ -35,13 +35,13 @@ module Google
   # Module Auth provides classes that provide Google-specific authorization
   # used to access Google APIs.
   module Auth
-    NO_METADATA_SERVER_ERROR = <<END
+    NO_METADATA_SERVER_ERROR = <<END.freeze
 Error code 404 trying to get security access token
 from Compute Engine metadata for the default service account. This
 may be because the virtual machine instance does not have permission
 scopes specified.
 END
-    UNEXPECTED_ERROR_SUFFIX = <<END
+    UNEXPECTED_ERROR_SUFFIX = <<END.freeze
 trying to get security access token from Compute Engine metadata for
 the default service account
 END
@@ -52,8 +52,8 @@ END
       # The IP Address is used in the URIs to speed up failures on non-GCE
       # systems.
       COMPUTE_AUTH_TOKEN_URI = 'http://169.254.169.254/computeMetadata/v1/'\
-      'instance/service-accounts/default/token'
-      COMPUTE_CHECK_URI = 'http://169.254.169.254'
+      'instance/service-accounts/default/token'.freeze
+      COMPUTE_CHECK_URI = 'http://169.254.169.254'.freeze
 
       class << self
         extend Memoist
@@ -88,16 +88,20 @@ END
       def fetch_access_token(options = {})
         c = options[:connection] || Faraday.default_connection
         c.headers = { 'Metadata-Flavor' => 'Google' }
-        resp = c.get(COMPUTE_AUTH_TOKEN_URI)
-        case resp.status
-        when 200
-          Signet::OAuth2.parse_credentials(resp.body,
-                                           resp.headers['content-type'])
-        when 404
-          fail(Signet::AuthorizationError, NO_METADATA_SERVER_ERROR)
-        else
-          msg = "Unexpected error code #{resp.status}" + UNEXPECTED_ERROR_SUFFIX
-          fail(Signet::AuthorizationError, msg)
+
+        retry_with_error do
+          resp = c.get(COMPUTE_AUTH_TOKEN_URI)
+          case resp.status
+          when 200
+            Signet::OAuth2.parse_credentials(resp.body,
+                                             resp.headers['content-type'])
+          when 404
+            raise(Signet::AuthorizationError, NO_METADATA_SERVER_ERROR)
+          else
+            msg = "Unexpected error code #{resp.status}" \
+              "#{UNEXPECTED_ERROR_SUFFIX}"
+            raise(Signet::AuthorizationError, msg)
+          end
         end
       end
     end

data/lib/googleauth/credentials_loader.rb

@@ -39,22 +39,23 @@ module Google
     # credentials files on the file system.
     module CredentialsLoader
       extend Memoist
-      ENV_VAR = 'GOOGLE_APPLICATION_CREDENTIALS'
+      ENV_VAR = 'GOOGLE_APPLICATION_CREDENTIALS'.freeze
 
-      PRIVATE_KEY_VAR = 'GOOGLE_PRIVATE_KEY'
-      CLIENT_EMAIL_VAR = 'GOOGLE_CLIENT_EMAIL'
-      CLIENT_ID_VAR = 'GOOGLE_CLIENT_ID'
-      CLIENT_SECRET_VAR = 'GOOGLE_CLIENT_SECRET'
-      REFRESH_TOKEN_VAR = 'GOOGLE_REFRESH_TOKEN'
-      ACCOUNT_TYPE_VAR = 'GOOGLE_ACCOUNT_TYPE'
+      PRIVATE_KEY_VAR = 'GOOGLE_PRIVATE_KEY'.freeze
+      CLIENT_EMAIL_VAR = 'GOOGLE_CLIENT_EMAIL'.freeze
+      CLIENT_ID_VAR = 'GOOGLE_CLIENT_ID'.freeze
+      CLIENT_SECRET_VAR = 'GOOGLE_CLIENT_SECRET'.freeze
+      REFRESH_TOKEN_VAR = 'GOOGLE_REFRESH_TOKEN'.freeze
+      ACCOUNT_TYPE_VAR = 'GOOGLE_ACCOUNT_TYPE'.freeze
 
-      CREDENTIALS_FILE_NAME = 'application_default_credentials.json'
+      CREDENTIALS_FILE_NAME = 'application_default_credentials.json'.freeze
       NOT_FOUND_ERROR =
-        "Unable to read the credential file specified by #{ENV_VAR}"
-      WELL_KNOWN_PATH = "gcloud/#{CREDENTIALS_FILE_NAME}"
-      WELL_KNOWN_ERROR = 'Unable to read the default credential file'
+        "Unable to read the credential file specified by #{ENV_VAR}".freeze
+      WELL_KNOWN_PATH = "gcloud/#{CREDENTIALS_FILE_NAME}".freeze
+      WELL_KNOWN_ERROR = 'Unable to read the default credential file'.freeze
 
-      SYSTEM_DEFAULT_ERROR = 'Unable to read the system default credential file'
+      SYSTEM_DEFAULT_ERROR =
+        'Unable to read the system default credential file'.freeze
 
       # make_creds proxies the construction of a credentials instance
       #
@@ -71,7 +72,7 @@ module Google
       def from_env(scope = nil)
         if ENV.key?(ENV_VAR)
           path = ENV[ENV_VAR]
-          fail "file #{path} does not exist" unless File.exist?(path)
+          raise "file #{path} does not exist" unless File.exist?(path)
           File.open(path) do |f|
             return make_creds(json_key_io: f, scope: scope)
           end

data/lib/googleauth/iam.rb

@@ -37,16 +37,16 @@ module Google
   module Auth
     # Authenticates requests using IAM credentials.
     class IAMCredentials
-      SELECTOR_KEY = 'x-goog-iam-authority-selector'
-      TOKEN_KEY = 'x-goog-iam-authorization-token'
+      SELECTOR_KEY = 'x-goog-iam-authority-selector'.freeze
+      TOKEN_KEY = 'x-goog-iam-authorization-token'.freeze
 
       # Initializes an IAMCredentials.
       #
       # @param selector the IAM selector.
       # @param token the IAM token.
       def initialize(selector, token)
-        fail TypeError unless selector.is_a? String
-        fail TypeError unless token.is_a? String
+        raise TypeError unless selector.is_a? String
+        raise TypeError unless token.is_a? String
         @selector = selector
         @token = token
       end

data/lib/googleauth/scope_util.rb

@@ -39,7 +39,7 @@ module Google
         'email' => 'https://www.googleapis.com/auth/userinfo.email',
         'profile' => 'https://www.googleapis.com/auth/userinfo.profile',
         'openid' => 'https://www.googleapis.com/auth/plus.me'
-      }
+      }.freeze
 
       def self.normalize(scope)
         list = as_array(scope)
@@ -53,7 +53,7 @@ module Google
         when String
           scope.split(' ')
         else
-          fail 'Invalid scope value. Must be string or array'
+          raise 'Invalid scope value. Must be string or array'
         end
       end
     end