Explicitly checks for user auth and fail if auth type is not known

This commit is contained in:
Tim Emiola 2015-03-09 09:50:18 -07:00
parent 4d4bcd46e8
commit 8f33ba8f4c
2 changed files with 73 additions and 28 deletions

View File

@ -61,9 +61,10 @@ END
def self.determine_creds_class(json_key_io) def self.determine_creds_class(json_key_io)
json_key = MultiJson.load(json_key_io.read) json_key = MultiJson.load(json_key_io.read)
fail "the json is missing the #{key} field" unless json_key.key?('type') fail "the json is missing the #{key} field" unless json_key.key?('type')
svc_account = json_key['type'] == 'service_account' type = json_key['type']
return json_key, ServiceAccountCredentials if svc_account return json_key, ServiceAccountCredentials if type == 'service_account'
[json_key, UserRefreshCredentials] return [json_key, UserRefreshCredentials] if type == 'authorized_user'
fail "credentials type '#{type}' is not supported"
end end
end end

View File

@ -49,7 +49,7 @@ describe '#get_application_default' do
ENV['HOME'] = @home unless @home == ENV['HOME'] ENV['HOME'] = @home unless @home == ENV['HOME']
end end
shared_examples 'it loads them correctly' do shared_examples 'it cannot load misconfigured credentials' do
it 'fails if the GOOGLE_APPLICATION_CREDENTIALS path does not exist' do it 'fails if the GOOGLE_APPLICATION_CREDENTIALS path does not exist' do
Dir.mktmpdir do |dir| Dir.mktmpdir do |dir|
key_path = File.join(dir, 'does-not-exist') key_path = File.join(dir, 'does-not-exist')
@ -58,28 +58,6 @@ describe '#get_application_default' do
end end
end end
it 'succeeds if the GOOGLE_APPLICATION_CREDENTIALS file is valid' do
Dir.mktmpdir do |dir|
key_path = File.join(dir, 'my_cert_file')
FileUtils.mkdir_p(File.dirname(key_path))
File.write(key_path, cred_json_text)
ENV[@var_name] = key_path
expect(Google::Auth.get_application_default(@scope)).to_not be_nil
end
end
it 'succeeds with default file without GOOGLE_APPLICATION_CREDENTIALS' do
ENV.delete(@var_name) unless ENV[@var_name].nil?
Dir.mktmpdir do |dir|
key_path = File.join(dir, '.config',
CredentialsLoader::WELL_KNOWN_PATH)
FileUtils.mkdir_p(File.dirname(key_path))
File.write(key_path, cred_json_text)
ENV['HOME'] = dir
expect(Google::Auth.get_application_default(@scope)).to_not be_nil
end
end
it 'fails without default file or env if not on compute engine' do it 'fails without default file or env if not on compute engine' do
stubs = Faraday::Adapter::Test::Stubs.new do |stub| stubs = Faraday::Adapter::Test::Stubs.new do |stub|
stub.get('/') do |_env| stub.get('/') do |_env|
@ -101,6 +79,30 @@ describe '#get_application_default' do
end end
stubs.verify_stubbed_calls stubs.verify_stubbed_calls
end end
end
shared_examples 'it can successfully load credentials' do
it 'succeeds if the GOOGLE_APPLICATION_CREDENTIALS file is valid' do
Dir.mktmpdir do |dir|
key_path = File.join(dir, 'my_cert_file')
FileUtils.mkdir_p(File.dirname(key_path))
File.write(key_path, cred_json_text)
ENV[@var_name] = key_path
expect(Google::Auth.get_application_default(@scope)).to_not be_nil
end
end
it 'succeeds with default file without GOOGLE_APPLICATION_CREDENTIALS' do
ENV.delete(@var_name) unless ENV[@var_name].nil?
Dir.mktmpdir do |dir|
key_path = File.join(dir, '.config',
CredentialsLoader::WELL_KNOWN_PATH)
FileUtils.mkdir_p(File.dirname(key_path))
File.write(key_path, cred_json_text)
ENV['HOME'] = dir
expect(Google::Auth.get_application_default(@scope)).to_not be_nil
end
end
it 'succeeds without default file or env if on compute engine' do it 'succeeds without default file or env if on compute engine' do
stubs = Faraday::Adapter::Test::Stubs.new do |stub| stubs = Faraday::Adapter::Test::Stubs.new do |stub|
@ -137,7 +139,8 @@ describe '#get_application_default' do
MultiJson.dump(cred_json) MultiJson.dump(cred_json)
end end
it_behaves_like 'it loads them correctly' it_behaves_like 'it can successfully load credentials'
it_behaves_like 'it cannot load misconfigured credentials'
end end
describe 'when credential type is authorized_user' do describe 'when credential type is authorized_user' do
@ -151,6 +154,47 @@ describe '#get_application_default' do
MultiJson.dump(cred_json) MultiJson.dump(cred_json)
end end
it_behaves_like 'it loads them correctly' it_behaves_like 'it can successfully load credentials'
it_behaves_like 'it cannot load misconfigured credentials'
end
describe 'when credential type is unknown' do
def cred_json_text
cred_json = {
client_secret: 'privatekey',
refresh_token: 'refreshtoken',
client_id: 'app.apps.googleusercontent.com',
type: 'not_known_type'
}
MultiJson.dump(cred_json)
end
it 'fails if the GOOGLE_APPLICATION_CREDENTIALS file contains the creds' do
Dir.mktmpdir do |dir|
key_path = File.join(dir, 'my_cert_file')
FileUtils.mkdir_p(File.dirname(key_path))
File.write(key_path, cred_json_text)
ENV[@var_name] = key_path
blk = proc do
Google::Auth.get_application_default(@scope)
end
expect(&blk).to raise_error RuntimeError
end
end
it 'fails if the well known file contains the creds' do
ENV.delete(@var_name) unless ENV[@var_name].nil?
Dir.mktmpdir do |dir|
key_path = File.join(dir, '.config',
CredentialsLoader::WELL_KNOWN_PATH)
FileUtils.mkdir_p(File.dirname(key_path))
File.write(key_path, cred_json_text)
ENV['HOME'] = dir
blk = proc do
Google::Auth.get_application_default(@scope)
end
expect(&blk).to raise_error RuntimeError
end
end
end end
end end