| # Copyright (c) 2015 The Chromium Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| """OAuth2 related utilities and implementation for git cl commands.""" |
| |
| import copy |
| import logging |
| import optparse |
| import os |
| |
| from third_party.oauth2client import tools |
| from third_party.oauth2client.file import Storage |
| import third_party.oauth2client.client as oa2client |
| |
| |
| REDIRECT_URI = 'urn:ietf:wg:oauth:2.0:oob' |
| CLIENT_ID = ('174799409470-8k3b89iov4racu9jrf7if3k4591voig3' |
| '.apps.googleusercontent.com') |
| CLIENT_SECRET = 'DddcCK1d6_ADwxqGDEGlsisy' |
| SCOPE = 'email' |
| |
| |
| def _fetch_storage(code_review_server): |
| storage_dir = os.path.expanduser(os.path.join('~', '.git_cl_credentials')) |
| if not os.path.isdir(storage_dir): |
| os.makedirs(storage_dir) |
| storage_path = os.path.join(storage_dir, code_review_server) |
| storage = Storage(storage_path) |
| return storage |
| |
| |
| def _fetch_creds_from_storage(storage): |
| logging.debug('Fetching OAuth2 credentials from local storage ...') |
| credentials = storage.get() |
| if not credentials or credentials.invalid: |
| return None |
| if not credentials.access_token or credentials.access_token_expired: |
| return None |
| return credentials |
| |
| |
| def add_oauth2_options(parser): |
| """Add OAuth2-related options.""" |
| group = optparse.OptionGroup(parser, "OAuth2 options") |
| group.add_option( |
| '--auth-host-name', |
| default='localhost', |
| help='Host name to use when running a local web server ' |
| 'to handle redirects during OAuth authorization.' |
| 'Default: localhost.' |
| ) |
| group.add_option( |
| '--auth-host-port', |
| type=int, |
| action='append', |
| default=[8080, 8090], |
| help='Port to use when running a local web server to handle ' |
| 'redirects during OAuth authorization. ' |
| 'Repeat this option to specify a list of values.' |
| 'Default: [8080, 8090].' |
| ) |
| group.add_option( |
| '--noauth-local-webserver', |
| action='store_true', |
| default=False, |
| help='Run a local web server to handle redirects ' |
| 'during OAuth authorization.' |
| 'Default: False.' |
| ) |
| group.add_option( |
| '--no-cache', |
| action='store_true', |
| default=False, |
| help='Get fresh credentials from web server instead of using ' |
| 'the crendentials stored on a local storage file.' |
| 'Default: False.' |
| ) |
| parser.add_option_group(group) |
| |
| |
| def get_oauth2_creds(options, code_review_server): |
| """Get OAuth2 credentials. |
| |
| Args: |
| options: Command line options. |
| code_review_server: Code review server name, e.g., codereview.chromium.org. |
| """ |
| storage = _fetch_storage(code_review_server) |
| creds = None |
| if not options.no_cache: |
| creds = _fetch_creds_from_storage(storage) |
| if creds is None: |
| logging.debug('Fetching OAuth2 credentials from web server...') |
| flow = oa2client.OAuth2WebServerFlow( |
| client_id=CLIENT_ID, |
| client_secret=CLIENT_SECRET, |
| scope=SCOPE, |
| redirect_uri=REDIRECT_URI) |
| flags = copy.deepcopy(options) |
| flags.logging_level = 'WARNING' |
| creds = tools.run_flow(flow, storage, flags) |
| return creds |
