signet 0.8.1 → 0.9.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: f858d637b4719f2d27e40d16e8c689d93b3d3d65
-  data.tar.gz: 7ccf68a7582ddde1819df1c2aa9d6a439682801d
+SHA256:
+  metadata.gz: a9d9e93e57fb53fc7a45b67134f7974e11f15b5c7ea0c6807f0a4cd068964a51
+  data.tar.gz: b9a0806442f9e6fc2a6b68fa8e4e247125dd029335a2a729bdfd8fcc73a7cf96
 SHA512:
-  metadata.gz: 2c43038b3e32e0fd3deeae112f5e3662feed641d5b0b90f79715a7caf69cad1075d71ebfb8bf9b5fc5bcd1ea409bf766131eedc081fb6808801e71aee94fe417
-  data.tar.gz: 104297c55f4719756ade6ddca8e04276f22ceb338e0071b1d9e187d2dbe829ef1e2c5628b017450127fcd357f12e4304da4b17500b865d4026d9731c058b5e3e
+  metadata.gz: 7655de7dfd4f1cec0bc59ea8347188ba36181735007b9dfd9a3d8daa70ee5db7804d03bbdc89a57ddfdfe53b6e0a56fa75d7b7f13d40419a7620e2e39731cda7
+  data.tar.gz: fa9fbc85f62b104703192145af6512053b53e75508e1d0b813cd43e0e10728113617baf93e31e4338128fea998810a0f0228ab8b51d53aeb5ef7496bdcda16ff

data/CHANGELOG.md

@@ -1,3 +1,9 @@
+## 0.9.0 (2018-08-16)
+* Add RemoteServerError class for 5xx level errors.
+* Allow to_json to be called with arguments
+* Expires_in now sets and reflects current expires_at value
+* Expires_within(0) now returns false when expires_at is nil.
+
 ## 0.8.1 (2017-10-13)
 
 * Restore support for Ruby 1.9.3

data/README.md

@@ -7,8 +7,8 @@
   <dt>License</dt><dd>Apache 2.0</dd>
 </dl>
 
+[![Gem Version](https://badge.fury.io/rb/signet.svg)](https://badge.fury.io/rb/signet)
 [![Build Status](https://secure.travis-ci.org/google/signet.png)](http://travis-ci.org/google/signet)
-[![Dependency Status](https://gemnasium.com/google/signet.png)](https://gemnasium.com/google/signet)
 
 ## Description
 
@@ -31,7 +31,7 @@ Signet is an OAuth 1.0 / OAuth 2.0 implementation.
 require 'signet/oauth_2/client'
 client = Signet::OAuth2::Client.new(
   :authorization_uri => 'https://accounts.google.com/o/oauth2/auth',
-  :token_credential_uri =>  'https://www.googleapis.com/oauth2/v3/token',
+  :token_credential_uri =>  'https://oauth2.googleapis.com/token',
   :client_id => '44410190108-74nkm6jc5e3vvjqis803frkvmu88cu3a.apps.googleusercontent.com',
   :client_secret => 'X1NUhvO-rQr9sm8uUSMY8i7v',
   :scope => 'email profile',

data/lib/signet/errors.rb

@@ -33,6 +33,12 @@ module Signet
   class MalformedAuthorizationError < StandardError
   end
 
+  ##
+  # An error indicating that the server failed at processing the request
+  # due to a internal error
+  class RemoteServerError < StandardError
+  end
+
   ##
   # An error indicating the remote server refused to authorize the client.
   class AuthorizationError < StandardError

data/lib/signet/oauth_2/client.rb

@@ -95,7 +95,6 @@ module Signet
         @client_secret        = nil
         @code                 = nil
         @expires_at           = nil
-        @expires_in           = nil
         @issued_at            = nil
         @issuer               = nil
         @password             = nil
@@ -723,32 +722,37 @@ module Signet
 
       ##
       # Returns the lifetime of the access token in seconds.
+      # Returns nil if the token does not expire.
       #
-      # @return [Integer] The access token lifetime.
+      # @return [Integer, nil] The access token lifetime.
       def expires_in
-        return @expires_in
+        if @expires_at.nil? || @issued_at.nil?
+          nil
+        else
+          (@expires_at - @issued_at).to_i
+        end
       end
 
       ##
-      # Sets the lifetime of the access token in seconds.  Resets the issued
-      # timestamp.
+      # Sets the lifetime of the access token in seconds.  Resets the issued_at
+      # timestamp. Nil values will be treated as though the token does
+      # not expire.
       #
-      # @param [String, Integer] new_expires_in
+      # @param [String, Integer, nil] new_expires_in
       #   The access token lifetime.
       def expires_in=(new_expires_in)
         if new_expires_in != nil
-          @expires_in = new_expires_in.to_i
           @issued_at = Time.now
+          @expires_at = @issued_at + new_expires_in.to_i
         else
-          @expires_in, @issued_at = nil, nil
+          @expires_at, @issued_at = nil, nil
         end
-        @expires_at = nil
       end
 
       ##
       # Returns the timestamp the access token was issued at.
       #
-      # @return [Time] The access token issuance time.
+      # @return [Time, nil] The access token issuance time.
       def issued_at
         return @issued_at
       end
@@ -764,29 +768,26 @@ module Signet
 
       ##
       # Returns the timestamp the access token will expire at.
+      # Returns nil if the token does not expire. 
       #
-      # @return [Time] The access token lifetime.
+      # @return [Time, nil] The access token lifetime.
       def expires_at
-        if @expires_at
-          @expires_at
-        elsif @issued_at && @expires_in
-          return @issued_at + @expires_in
-        else
-          return nil
-        end
+        @expires_at
       end
 
       ##
       # Limits the lifetime of the access token as number of seconds since
-      # the Epoch
-      # @param [String,Integer,Time] new_expires_at
-      #    The access token issuance time.
+      # the Epoch. Nil values will be treated as though the token does
+      # not expire.
+      # @param [String,Integer,Time, nil] new_expires_at
+      #    The access token expiration time.
       def expires_at=(new_expires_at)
-        @expires_at = normalize_timestamp(new_expires_at)
+        @expires_at = normalize_timestamp new_expires_at
       end
 
       ##
       # Returns true if the access token has expired.
+      # Returns false if the token has not expired or has an nil @expires_at.
       #
       # @return [TrueClass, FalseClass]
       #   The expiration state of the access token.
@@ -796,7 +797,7 @@ module Signet
 
       ##
       # Returns true if the access token has expired or expires within
-      # the next n seconds
+      # the next n seconds. Returns false for tokens with a nil @expires_at.
       #
       # @param [Integer] sec
       #  Max number of seconds from now where a token is still considered
@@ -804,7 +805,7 @@ module Signet
       # @return [TrueClass, FalseClass]
       #   The expiration state of the access token.
       def expires_within?(sec)
-        return self.expires_at.nil? || Time.now >= (self.expires_at - sec)
+        return self.expires_at != nil && Time.now >= (self.expires_at - sec)
       end
 
       ##
@@ -817,7 +818,7 @@ module Signet
         @password = nil
         @code = nil
         @issued_at = nil
-        @expires_in = nil
+        @expires_at = nil
       end
 
 
@@ -883,7 +884,7 @@ module Signet
       # @note A serialized client contains sensitive information. Persist or transmit with care.
       #
       # @return [String] A serialized JSON representation of the client.
-      def to_json
+      def to_json(*)
         return MultiJson.dump({
           'authorization_uri' => self.authorization_uri ? self.authorization_uri.to_s : nil,
           'token_credential_uri' => self.token_credential_uri ? self.token_credential_uri.to_s : nil,
@@ -988,6 +989,12 @@ module Signet
           raise ::Signet::AuthorizationError.new(
             message, :response => response
           )
+        elsif status.to_s[0] == "5"
+          message = 'Remote server error.'
+          if body.to_s.strip.length > 0
+            message += "  Server message:\n#{response.body.to_s.strip}"
+          end
+          raise ::Signet::RemoteServerError.new(message)
         else
           message = "Unexpected status code: #{response.status}."
           if body.to_s.strip.length > 0
@@ -1000,8 +1007,6 @@ module Signet
       end
 
       def fetch_access_token!(options={})
-        options = deep_hash_normalize(options)
-
         token_hash = self.fetch_access_token(options)
         if token_hash
           # No-op for grant types other than `authorization_code`.
@@ -1017,8 +1022,6 @@ module Signet
       ##
       # Refresh the access token, if possible
       def refresh!(options={})
-        options = deep_hash_normalize(options)
-
         self.fetch_access_token!(options)
       end
 

data/lib/signet/version.rb

@@ -17,8 +17,8 @@ unless defined? Signet::VERSION
   module Signet
     module VERSION
       MAJOR = 0
-      MINOR = 8
-      TINY  = 1
+      MINOR = 9
+      TINY  = 0
       PRE   = nil
 
       STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')

data/signet.gemspec

@@ -29,8 +29,8 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency 'multi_json', '~> 1.10'
   s.add_runtime_dependency 'jwt', '>= 1.5', '< 3.0'
 
-  s.add_development_dependency 'rake', '~> 10.0'
-  s.add_development_dependency 'yard', '~> 0.8'
+  s.add_development_dependency 'rake', '~> 12.0'
+  s.add_development_dependency 'yard', '~> 0.9', '>= 0.9.12'
   s.add_development_dependency 'rspec', '~> 3.1'
   s.add_development_dependency 'launchy', '~> 2.4'
   s.add_development_dependency 'kramdown', '~> 1.5'

data/spec/signet/oauth_2/client_spec.rb

@@ -187,10 +187,10 @@ describe Signet::OAuth2::Client, 'configured for assertions profile' do
       @key = OpenSSL::PKey::RSA.new 2048
       @client = Signet::OAuth2::Client.new(
         :token_credential_uri =>
-          'https://accounts.google.com/o/oauth2/token',
+          'https://oauth2.googleapis.com/token',
         :scope => 'https://www.googleapis.com/auth/userinfo.profile',
         :issuer => 'app@example.com',
-        :audience => 'https://accounts.google.com/o/oauth2/token',
+        :audience => 'https://oauth2.googleapis.com/token',
         :signing_key => @key
       )
     end
@@ -202,7 +202,7 @@ describe Signet::OAuth2::Client, 'configured for assertions profile' do
       claim, header = JWT.decode(jwt, @key.public_key, true, algorithm: 'RS256')
       expect(claim["iss"]).to eq 'app@example.com'
       expect(claim["scope"]).to eq 'https://www.googleapis.com/auth/userinfo.profile'
-      expect(claim["aud"]).to eq 'https://accounts.google.com/o/oauth2/token'
+      expect(claim["aud"]).to eq 'https://oauth2.googleapis.com/token'
     end
 
     it 'should generate valid JWTs for impersonation' do
@@ -214,7 +214,7 @@ describe Signet::OAuth2::Client, 'configured for assertions profile' do
       expect(claim["iss"]).to eq 'app@example.com'
       expect(claim["prn"]).to eq 'user@example.com'
       expect(claim["scope"]).to eq 'https://www.googleapis.com/auth/userinfo.profile'
-      expect(claim["aud"]).to eq 'https://accounts.google.com/o/oauth2/token'
+      expect(claim["aud"]).to eq 'https://oauth2.googleapis.com/token'
     end
 
     it 'should generate valid JWTs for impersonation using deprecated person attribute' do
@@ -226,7 +226,7 @@ describe Signet::OAuth2::Client, 'configured for assertions profile' do
       expect(claim["iss"]).to eq 'app@example.com'
       expect(claim["prn"]).to eq 'user@example.com'
       expect(claim["scope"]).to eq 'https://www.googleapis.com/auth/userinfo.profile'
-      expect(claim["aud"]).to eq 'https://accounts.google.com/o/oauth2/token'
+      expect(claim["aud"]).to eq 'https://oauth2.googleapis.com/token'
     end
 
     it 'should generate valid JWTs for impersonation using the sub attribute' do
@@ -238,7 +238,7 @@ describe Signet::OAuth2::Client, 'configured for assertions profile' do
       expect(claim["iss"]).to eq 'app@example.com'
       expect(claim["sub"]).to eq 'user@example.com'
       expect(claim["scope"]).to eq 'https://www.googleapis.com/auth/userinfo.profile'
-      expect(claim["aud"]).to eq 'https://accounts.google.com/o/oauth2/token'
+      expect(claim["aud"]).to eq 'https://oauth2.googleapis.com/token'
     end
 
     it 'should generate a JSON representation of the client' do
@@ -247,16 +247,16 @@ describe Signet::OAuth2::Client, 'configured for assertions profile' do
       expect(json).not_to be_nil
 
       deserialized = MultiJson.load(json)
-      expect(deserialized["token_credential_uri"]).to eq 'https://accounts.google.com/o/oauth2/token'
+      expect(deserialized["token_credential_uri"]).to eq 'https://oauth2.googleapis.com/token'
       expect(deserialized["scope"]).to eq ['https://www.googleapis.com/auth/userinfo.profile']
       expect(deserialized["issuer"]).to eq 'app@example.com'
-      expect(deserialized["audience"]).to eq 'https://accounts.google.com/o/oauth2/token'
+      expect(deserialized["audience"]).to eq 'https://oauth2.googleapis.com/token'
       expect(deserialized["signing_key"]).to eq @key.to_s
     end
 
     it 'should send valid access token request' do
       stubs = Faraday::Adapter::Test::Stubs.new do |stub|
-        stub.post('/o/oauth2/token') do |env|
+        stub.post('/token') do |env|
           params = Addressable::URI.form_unencode(env[:body])
           claim, header = JWT.decode(params.assoc("assertion").last, @key.public_key, true, algorithm: 'RS256')
           expect(params.assoc("grant_type")).to eq ['grant_type','urn:ietf:params:oauth:grant-type:jwt-bearer']
@@ -282,10 +282,10 @@ describe Signet::OAuth2::Client, 'configured for assertions profile' do
       @key = 'my secret key'
       @client = Signet::OAuth2::Client.new(
         :token_credential_uri =>
-          'https://accounts.google.com/o/oauth2/token',
+          'https://oauth2.googleapis.com/token',
         :scope => 'https://www.googleapis.com/auth/userinfo.profile',
         :issuer => 'app@example.com',
-        :audience => 'https://accounts.google.com/o/oauth2/token',
+        :audience => 'https://oauth2.googleapis.com/token',
         :signing_key => @key
       )
     end
@@ -297,7 +297,7 @@ describe Signet::OAuth2::Client, 'configured for assertions profile' do
       claim, header = JWT.decode(jwt, @key, true, algorithm: 'HS256')
       expect(claim["iss"]).to eq 'app@example.com'
       expect(claim["scope"]).to eq 'https://www.googleapis.com/auth/userinfo.profile'
-      expect(claim["aud"]).to eq 'https://accounts.google.com/o/oauth2/token'
+      expect(claim["aud"]).to eq 'https://oauth2.googleapis.com/token'
     end
   end
 end
@@ -308,7 +308,7 @@ describe Signet::OAuth2::Client, 'configured for Google userinfo API' do
       :authorization_uri =>
         'https://accounts.google.com/o/oauth2/auth',
       :token_credential_uri =>
-        'https://accounts.google.com/o/oauth2/token',
+        'https://oauth2.googleapis.com/token',
       :scope => 'https://www.googleapis.com/auth/userinfo.profile'
     )
   end
@@ -442,9 +442,38 @@ describe Signet::OAuth2::Client, 'configured for Google userinfo API' do
     expect(@client).to_not be_expired
   end
 
-  it 'should indicate the token is expired if expired_at nil' do
+  it 'should set expires_in when expires_at is set' do
+    issued_at = Time.now
+    expires_at = Time.now+100
+    @client.expires_at = expires_at.to_i
+    @client.issued_at = issued_at
+    expect(@client.expires_in).to be_within(1).of (expires_at - issued_at).to_i
     @client.expires_at = nil
-    expect(@client.expires_within?(60)).to be true
+    expect(@client.expires_in).to be_nil
+  end
+
+  it 'should set expires_in to nil when expires_at is set to nil' do
+    @client.expires_at = nil
+    expect(@client.expires_in).to be_nil
+  end
+
+  it 'should set expires_at when expires_in is set' do
+    expires_in = 100
+    @client.expires_in = expires_in
+    expect(@client.expires_at).to eq (@client.issued_at + expires_in)
+    @client.expires_in = nil
+    expect(@client.expires_at).to be_nil
+  end
+
+  it 'should set expires_at to nil when expires_in is set to nil' do
+    @client.expires_in = nil
+    expect(@client.expires_at).to be_nil
+  end
+
+  it 'should indicate the token is not expired if expired_at nil' do
+    @client.expires_at = nil
+    expect(@client.expires_within?(60)).to be false
+    expect(@client.expired?).to be false
   end
 
   it 'should indicate the token is not expiring when expiry beyond window' do
@@ -478,7 +507,7 @@ describe Signet::OAuth2::Client, 'configured for Google userinfo API' do
     @client.client_id = 'client-12345'
     @client.client_secret = 'secret-12345'
     stubs = Faraday::Adapter::Test::Stubs.new do |stub|
-      stub.post('/o/oauth2/token') do
+      stub.post('/token') do
         [401, {}, 'User authorization failed or something.']
       end
     end
@@ -493,14 +522,33 @@ describe Signet::OAuth2::Client, 'configured for Google userinfo API' do
     stubs.verify_stubbed_calls
   end
 
-  it 'should raise an error if the token server gives an unexpected status' do
+  it 'should raise a remote server error if the server gives a 5xx status' do
     @client.client_id = 'client-12345'
     @client.client_secret = 'secret-12345'
     stubs = Faraday::Adapter::Test::Stubs.new do |stub|
-      stub.post('/o/oauth2/token') do
+      stub.post('/token') do
         [509, {}, 'Rate limit hit or something.']
       end
     end
+    expect(lambda do
+      connection = Faraday.new(:url => 'https://www.google.com') do |builder|
+        builder.adapter(:test, stubs)
+      end
+      @client.fetch_access_token!(
+        :connection => connection
+      )
+    end).to raise_error(Signet::RemoteServerError)
+    stubs.verify_stubbed_calls
+  end
+
+  it 'should raise an error if the token server gives an unexpected status' do
+    @client.client_id = 'client-12345'
+    @client.client_secret = 'secret-12345'
+    stubs = Faraday::Adapter::Test::Stubs.new do |stub|
+      stub.post('/token') do
+        [309, {}, 'Rate limit hit or something.']
+      end
+    end
     expect(lambda do
       connection = Faraday.new(:url => 'https://www.google.com') do |builder|
         builder.adapter(:test, stubs)
@@ -518,7 +566,7 @@ describe Signet::OAuth2::Client, 'configured for Google userinfo API' do
     @client.code = '00000'
     @client.redirect_uri = 'https://www.example.com/'
     stubs = Faraday::Adapter::Test::Stubs.new do |stub|
-      stub.post('/o/oauth2/token') do
+      stub.post('/token') do
         build_json_response({
           'access_token' => '12345',
           'refresh_token' => '54321',
@@ -544,7 +592,7 @@ describe Signet::OAuth2::Client, 'configured for Google userinfo API' do
     @client.username = 'johndoe'
     @client.password = 'incognito'
     stubs = Faraday::Adapter::Test::Stubs.new do |stub|
-      stub.post('/o/oauth2/token') do
+      stub.post('/token') do
         build_json_response({
           'access_token' => '12345',
           'refresh_token' => '54321',
@@ -569,7 +617,7 @@ describe Signet::OAuth2::Client, 'configured for Google userinfo API' do
     @client.client_secret = 'secret-12345'
     @client.refresh_token = '54321'
     stubs = Faraday::Adapter::Test::Stubs.new do |stub|
-      stub.post('/o/oauth2/token') do
+      stub.post('/token') do
         build_json_response({
           'access_token' => '12345',
           'refresh_token' => '54321',
@@ -755,7 +803,7 @@ JSON
     @client.client_id = 'client-12345'
     @client.client_secret = 'secret-12345'
     stubs = Faraday::Adapter::Test::Stubs.new do |stub|
-      stub.post('/o/oauth2/token') do
+      stub.post('/token') do
         build_json_response({
           'access_token' => '12345',
           'refresh_token' => '54321',
@@ -796,7 +844,7 @@ JSON
     @client.client_id = 'client-54321'
     @client.client_secret = 'secret-12345'
     stubs = Faraday::Adapter::Test::Stubs.new do |stub|
-      stub.post('/o/oauth2/token') do
+      stub.post('/token') do
         build_json_response({
           'access_token' => '12345',
           'refresh_token' => '54321',
@@ -831,7 +879,7 @@ JSON
     @client.client_id = 'client-12345'
     @client.client_secret = 'secret-12345'
     stubs = Faraday::Adapter::Test::Stubs.new do |stub|
-      stub.post('/o/oauth2/token') do
+      stub.post('/token') do
         build_json_response({
           'access_token' => '12345',
           'refresh_token' => '54321',
@@ -861,11 +909,11 @@ JSON
   end
 
   it 'should raise an error if the id token cannot be verified' do
-    pending "Need to update test data"
+    pending "Need to set test data"
     @client.client_id = 'client-12345'
     @client.client_secret = 'secret-12345'
     stubs = Faraday::Adapter::Test::Stubs.new do |stub|
-      stub.post('/o/oauth2/token') do
+      stub.post('/token') do
         build_json_response({
           'access_token' => '12345',
           'refresh_token' => '54321',

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: signet
 version: !ruby/object:Gem::Version
-  version: 0.8.1
+  version: 0.9.0
 platform: ruby
 authors:
 - Bob Aman
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-10-13 00:00:00.000000000 Z
+date: 2018-08-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
@@ -79,28 +79,34 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '12.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '12.0'
 - !ruby/object:Gem::Dependency
   name: yard
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.8'
+        version: '0.9'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.9.12
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.8'
+        version: '0.9'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.9.12
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -227,7 +233,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: 1.3.5
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.13
+rubygems_version: 2.7.6
 signing_key: 
 specification_version: 4
 summary: Signet is an OAuth 1.0 / OAuth 2.0 implementation.