fix for #22 impersonation

2013-01-12 10:29:47 -05:00 · 2013-01-12 10:29:47 -05:00 · 7d204ac507
parent 280cdff314
commit 7d204ac507
2 changed files with 21 additions and 1 deletions
--- a/lib/google/api_client/auth/jwt_asserter.rb
+++ b/lib/google/api_client/auth/jwt_asserter.rb
@ -112,7 +112,7 @@ module Google
      #
      # @see Signet::OAuth2::Client.fetch_access_token!
      def authorize(person = nil, options={})
-        authorization = self.to_authorization
+        authorization = self.to_authorization(person)
        authorization.fetch_access_token!(options)
        return authorization
      end
--- a/spec/google/api_client/service_account_spec.rb
+++ b/spec/google/api_client/service_account_spec.rb
@ -66,6 +66,26 @@ describe Google::APIClient::JWTAsserter do
    claim["scope"].should == 'scope1 scope2'
  end

+  it 'should allow impersonation' do
+    conn = stub_connection do |stub|
+      stub.post('/o/oauth2/token') do |env|
+        params = Addressable::URI.form_unencode(env[:body])
+        JWT.decode(params.assoc("assertion").last, @key.public_key)
+        params.assoc("grant_type").should == ['grant_type','urn:ietf:params:oauth:grant-type:jwt-bearer']
+        [200, {}, '{
+          "access_token" : "1/abcdef1234567890",
+          "token_type" : "Bearer",
+          "expires_in" : 3600
+        }']
+      end
+    end
+    asserter = Google::APIClient::JWTAsserter.new('client1', 'scope1 scope2', @key)
+    auth = asserter.authorize('user1@email.com', { :connection => conn })
+    auth.should_not == nil?
+    auth.person.should == 'user1@email.com'
+    conn.verify
+  end
+
  it 'should send valid access token request' do
    conn = stub_connection do |stub|
      stub.post('/o/oauth2/token') do |env|