Revert of Upgrade 3rd packages (patchset #4 id:60001 of https://codereview.chromium.org/1085893002/)
Reason for revert:
This might have broken some internal tryserver bots.
Original issue's description:
> Upgrade 3rd packages
>
> BUG=461614
> R=nodir@chromium.org
>
> Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=294835
TBR=nodir@chromium.org,sheyang@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=461614
Review URL: https://codereview.chromium.org/1094533003
git-svn-id: svn://svn.chromium.org/chrome/trunk/tools/depot_tools@294841 0039d316-1c4b-4281-b951-d872f2087c98
diff --git a/third_party/google_api_python_client/MODIFICATIONS.diff b/third_party/google_api_python_client/MODIFICATIONS.diff
deleted file mode 100644
index efa382a..0000000
--- a/third_party/google_api_python_client/MODIFICATIONS.diff
+++ /dev/null
@@ -1,125 +0,0 @@
-diff --git a/third_party/google_api_python_client/apiclient/__init__.py b/third_party/google_api_python_client/apiclient/__init__.py
-index 5efb142..acb1a23 100644
---- a/third_party/google_api_python_client/apiclient/__init__.py
-+++ b/third_party/google_api_python_client/apiclient/__init__.py
-@@ -3,7 +3,7 @@
- import googleapiclient
-
- try:
-- import oauth2client
-+ from third_party import oauth2client
- except ImportError:
- raise RuntimeError(
- 'Previous version of google-api-python-client detected; due to a '
-diff --git a/third_party/google_api_python_client/googleapiclient/channel.py b/third_party/google_api_python_client/googleapiclient/channel.py
-index 68a3b89..4626094 100644
---- a/third_party/google_api_python_client/googleapiclient/channel.py
-+++ b/third_party/google_api_python_client/googleapiclient/channel.py
-@@ -60,7 +60,7 @@ import datetime
- import uuid
-
- from googleapiclient import errors
--from ...oauth2client import util
-+from third_party.oauth2client import util
-
-
- # The unix time epoch starts at midnight 1970.
-diff --git a/third_party/google_api_python_client/googleapiclient/discovery.py b/third_party/google_api_python_client/googleapiclient/discovery.py
-index 3ddac57..0e9e5cf 100644
---- a/third_party/google_api_python_client/googleapiclient/discovery.py
-+++ b/third_party/google_api_python_client/googleapiclient/discovery.py
-@@ -47,9 +47,9 @@ except ImportError:
- from cgi import parse_qsl
-
- # Third-party imports
--from ... import httplib2
-+from third_party import httplib2
-+from third_party.uritemplate import uritemplate
- import mimeparse
--from ... import uritemplate
-
- # Local imports
- from googleapiclient.errors import HttpError
-@@ -65,9 +65,9 @@ from googleapiclient.model import JsonModel
- from googleapiclient.model import MediaModel
- from googleapiclient.model import RawModel
- from googleapiclient.schema import Schemas
--from oauth2client.client import GoogleCredentials
--from oauth2client.util import _add_query_parameter
--from oauth2client.util import positional
-+from third_party.oauth2client.client import GoogleCredentials
-+from third_party.oauth2client.util import _add_query_parameter
-+from third_party.oauth2client.util import positional
-
-
- # The client library requires a version of httplib2 that supports RETRIES.
-diff --git a/third_party/google_api_python_client/googleapiclient/errors.py b/third_party/google_api_python_client/googleapiclient/errors.py
-index a1999fd..18c52e6 100644
---- a/third_party/google_api_python_client/googleapiclient/errors.py
-+++ b/third_party/google_api_python_client/googleapiclient/errors.py
-@@ -24,7 +24,7 @@ __author__ = 'jcgregorio@google.com (Joe Gregorio)'
-
- import json
-
--from ...oauth2client import util
-+from third_party.oauth2client import util
-
-
- class Error(Exception):
-diff --git a/third_party/google_api_python_client/googleapiclient/http.py b/third_party/google_api_python_client/googleapiclient/http.py
-index 8638279..d2ce70c 100644
---- a/third_party/google_api_python_client/googleapiclient/http.py
-+++ b/third_party/google_api_python_client/googleapiclient/http.py
-@@ -25,7 +25,6 @@ import StringIO
- import base64
- import copy
- import gzip
--import httplib2
- import json
- import logging
- import mimeparse
-@@ -49,7 +48,8 @@ from errors import ResumableUploadError
- from errors import UnexpectedBodyError
- from errors import UnexpectedMethodError
- from model import JsonModel
--from ...oauth2client import util
-+from third_party import httplib2
-+from third_party.oauth2client import util
-
-
- DEFAULT_CHUNK_SIZE = 512*1024
-diff --git a/third_party/google_api_python_client/googleapiclient/sample_tools.py b/third_party/google_api_python_client/googleapiclient/sample_tools.py
-index cbd6d6f..cc0790b 100644
---- a/third_party/google_api_python_client/googleapiclient/sample_tools.py
-+++ b/third_party/google_api_python_client/googleapiclient/sample_tools.py
-@@ -22,13 +22,13 @@ __all__ = ['init']
-
-
- import argparse
--import httplib2
- import os
-
- from googleapiclient import discovery
--from ...oauth2client import client
--from ...oauth2client import file
--from ...oauth2client import tools
-+from third_party import httplib2
-+from third_party.oauth2client import client
-+from third_party.oauth2client import file
-+from third_party.oauth2client import tools
-
-
- def init(argv, name, version, doc, filename, scope=None, parents=[], discovery_filename=None):
-diff --git a/third_party/google_api_python_client/googleapiclient/schema.py b/third_party/google_api_python_client/googleapiclient/schema.py
-index af41317..92543ec 100644
---- a/third_party/google_api_python_client/googleapiclient/schema.py
-+++ b/third_party/google_api_python_client/googleapiclient/schema.py
-@@ -63,7 +63,7 @@ __author__ = 'jcgregorio@google.com (Joe Gregorio)'
-
- import copy
-
--from oauth2client import util
-+from third_party.oauth2client import util
-
-
- class Schemas(object):
diff --git a/third_party/google_api_python_client/README.chromium b/third_party/google_api_python_client/README.chromium
index a7e9583..eb7a00d 100644
--- a/third_party/google_api_python_client/README.chromium
+++ b/third_party/google_api_python_client/README.chromium
@@ -3,8 +3,4 @@
Revision: 49d45a6c3318b75e551c3022020f46c78655f365
License: Apache License, Version 2.0 (the "License")
-Local modifications:
-See also MODIFICATIONS.diff
-
-Notes:
-Requires the httplib2 and oauth2client library.
+No local changes
diff --git a/third_party/google_api_python_client/apiclient/__init__.py b/third_party/google_api_python_client/apiclient/__init__.py
index acb1a23..5efb142 100644
--- a/third_party/google_api_python_client/apiclient/__init__.py
+++ b/third_party/google_api_python_client/apiclient/__init__.py
@@ -3,7 +3,7 @@
import googleapiclient
try:
- from third_party import oauth2client
+ import oauth2client
except ImportError:
raise RuntimeError(
'Previous version of google-api-python-client detected; due to a '
diff --git a/third_party/google_api_python_client/googleapiclient/channel.py b/third_party/google_api_python_client/googleapiclient/channel.py
index 4626094..68a3b89 100644
--- a/third_party/google_api_python_client/googleapiclient/channel.py
+++ b/third_party/google_api_python_client/googleapiclient/channel.py
@@ -60,7 +60,7 @@
import uuid
from googleapiclient import errors
-from third_party.oauth2client import util
+from ...oauth2client import util
# The unix time epoch starts at midnight 1970.
diff --git a/third_party/google_api_python_client/googleapiclient/discovery.py b/third_party/google_api_python_client/googleapiclient/discovery.py
index 0e9e5cf..3ddac57 100644
--- a/third_party/google_api_python_client/googleapiclient/discovery.py
+++ b/third_party/google_api_python_client/googleapiclient/discovery.py
@@ -47,9 +47,9 @@
from cgi import parse_qsl
# Third-party imports
-from third_party import httplib2
-from third_party.uritemplate import uritemplate
+from ... import httplib2
import mimeparse
+from ... import uritemplate
# Local imports
from googleapiclient.errors import HttpError
@@ -65,9 +65,9 @@
from googleapiclient.model import MediaModel
from googleapiclient.model import RawModel
from googleapiclient.schema import Schemas
-from third_party.oauth2client.client import GoogleCredentials
-from third_party.oauth2client.util import _add_query_parameter
-from third_party.oauth2client.util import positional
+from oauth2client.client import GoogleCredentials
+from oauth2client.util import _add_query_parameter
+from oauth2client.util import positional
# The client library requires a version of httplib2 that supports RETRIES.
diff --git a/third_party/google_api_python_client/googleapiclient/errors.py b/third_party/google_api_python_client/googleapiclient/errors.py
index 18c52e6..a1999fd 100644
--- a/third_party/google_api_python_client/googleapiclient/errors.py
+++ b/third_party/google_api_python_client/googleapiclient/errors.py
@@ -24,7 +24,7 @@
import json
-from third_party.oauth2client import util
+from ...oauth2client import util
class Error(Exception):
diff --git a/third_party/google_api_python_client/googleapiclient/http.py b/third_party/google_api_python_client/googleapiclient/http.py
index d2ce70c..8638279 100644
--- a/third_party/google_api_python_client/googleapiclient/http.py
+++ b/third_party/google_api_python_client/googleapiclient/http.py
@@ -25,6 +25,7 @@
import base64
import copy
import gzip
+import httplib2
import json
import logging
import mimeparse
@@ -48,8 +49,7 @@
from errors import UnexpectedBodyError
from errors import UnexpectedMethodError
from model import JsonModel
-from third_party import httplib2
-from third_party.oauth2client import util
+from ...oauth2client import util
DEFAULT_CHUNK_SIZE = 512*1024
diff --git a/third_party/google_api_python_client/googleapiclient/sample_tools.py b/third_party/google_api_python_client/googleapiclient/sample_tools.py
index cc0790b..cbd6d6f 100644
--- a/third_party/google_api_python_client/googleapiclient/sample_tools.py
+++ b/third_party/google_api_python_client/googleapiclient/sample_tools.py
@@ -22,13 +22,13 @@
import argparse
+import httplib2
import os
from googleapiclient import discovery
-from third_party import httplib2
-from third_party.oauth2client import client
-from third_party.oauth2client import file
-from third_party.oauth2client import tools
+from ...oauth2client import client
+from ...oauth2client import file
+from ...oauth2client import tools
def init(argv, name, version, doc, filename, scope=None, parents=[], discovery_filename=None):
diff --git a/third_party/google_api_python_client/googleapiclient/schema.py b/third_party/google_api_python_client/googleapiclient/schema.py
index 92543ec..af41317 100644
--- a/third_party/google_api_python_client/googleapiclient/schema.py
+++ b/third_party/google_api_python_client/googleapiclient/schema.py
@@ -63,7 +63,7 @@
import copy
-from third_party.oauth2client import util
+from oauth2client import util
class Schemas(object):
diff --git a/third_party/oauth2client/README.chromium b/third_party/oauth2client/README.chromium
index bfc4a01..ea15b96 100644
--- a/third_party/oauth2client/README.chromium
+++ b/third_party/oauth2client/README.chromium
@@ -1,7 +1,7 @@
Name: oauth2client
Short Name: oauth2client
-URL: https://pypi.python.org/packages/source/o/oauth2client/oauth2client-1.4.7.tar.gz
-Version: 1.4.7
+URL: https://pypi.python.org/packages/source/o/oauth2client/oauth2client-1.2.tar.gz
+Version: 1.2
License: Apache License 2.0
Description:
diff --git a/third_party/oauth2client/__init__.py b/third_party/oauth2client/__init__.py
index fea30ca..ac84748 100644
--- a/third_party/oauth2client/__init__.py
+++ b/third_party/oauth2client/__init__.py
@@ -1,8 +1,5 @@
-"""Client library for using OAuth2, especially with Google APIs."""
-
-__version__ = '1.4.7'
+__version__ = "1.2"
GOOGLE_AUTH_URI = 'https://accounts.google.com/o/oauth2/auth'
-GOOGLE_DEVICE_URI = 'https://accounts.google.com/o/oauth2/device/code'
GOOGLE_REVOKE_URI = 'https://accounts.google.com/o/oauth2/revoke'
-GOOGLE_TOKEN_URI = 'https://accounts.google.com/o/oauth2/token'
\ No newline at end of file
+GOOGLE_TOKEN_URI = 'https://accounts.google.com/o/oauth2/token'
diff --git a/third_party/oauth2client/anyjson.py b/third_party/oauth2client/anyjson.py
new file mode 100644
index 0000000..ae21c33
--- /dev/null
+++ b/third_party/oauth2client/anyjson.py
@@ -0,0 +1,32 @@
+# Copyright (C) 2010 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""Utility module to import a JSON module
+
+Hides all the messy details of exactly where
+we get a simplejson module from.
+"""
+
+__author__ = 'jcgregorio@google.com (Joe Gregorio)'
+
+
+try: # pragma: no cover
+ # Should work for Python2.6 and higher.
+ import json as simplejson
+except ImportError: # pragma: no cover
+ try:
+ import simplejson
+ except ImportError:
+ # Try to import from django, should work on App Engine
+ from django.utils import simplejson
diff --git a/third_party/oauth2client/appengine.py b/third_party/oauth2client/appengine.py
index 4131513..5cd3f4b 100644
--- a/third_party/oauth2client/appengine.py
+++ b/third_party/oauth2client/appengine.py
@@ -1,4 +1,4 @@
-# Copyright 2014 Google Inc. All rights reserved.
+# Copyright (C) 2010 Google Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -19,14 +19,14 @@
__author__ = 'jcgregorio@google.com (Joe Gregorio)'
+import base64
import cgi
-import json
+import httplib2
import logging
import os
import pickle
import threading
-
-import httplib2
+import time
from google.appengine.api import app_identity
from google.appengine.api import memcache
@@ -41,6 +41,7 @@
from oauth2client import clientsecrets
from oauth2client import util
from oauth2client import xsrfutil
+from oauth2client.anyjson import simplejson
from oauth2client.client import AccessTokenRefreshError
from oauth2client.client import AssertionCredentials
from oauth2client.client import Credentials
@@ -158,20 +159,15 @@
Args:
scope: string or iterable of strings, scope(s) of the credentials being
requested.
- **kwargs: optional keyword args, including:
- service_account_id: service account id of the application. If None or
- unspecified, the default service account for the app is used.
"""
self.scope = util.scopes_to_string(scope)
- self._kwargs = kwargs
- self.service_account_id = kwargs.get('service_account_id', None)
# Assertion type is no longer used, but still in the parent class signature.
super(AppAssertionCredentials, self).__init__(None)
@classmethod
- def from_json(cls, json_data):
- data = json.loads(json_data)
+ def from_json(cls, json):
+ data = simplejson.loads(json)
return AppAssertionCredentials(data['scope'])
def _refresh(self, http_request):
@@ -190,22 +186,11 @@
"""
try:
scopes = self.scope.split()
- (token, _) = app_identity.get_access_token(
- scopes, service_account_id=self.service_account_id)
- except app_identity.Error as e:
+ (token, _) = app_identity.get_access_token(scopes)
+ except app_identity.Error, e:
raise AccessTokenRefreshError(str(e))
self.access_token = token
- @property
- def serialization_data(self):
- raise NotImplementedError('Cannot serialize credentials for AppEngine.')
-
- def create_scoped_required(self):
- return not self.scope
-
- def create_scoped(self, scopes):
- return AppAssertionCredentials(scopes, **self._kwargs)
-
class FlowProperty(db.Property):
"""App Engine datastore Property for Flow.
@@ -449,7 +434,6 @@
entity_key = db.Key.from_path(self._model.kind(), self._key_name)
db.delete(entity_key)
- @db.non_transactional(allow_existing=True)
def locked_get(self):
"""Retrieve Credential from datastore.
@@ -472,7 +456,6 @@
credentials.set_store(self)
return credentials
- @db.non_transactional(allow_existing=True)
def locked_put(self, credentials):
"""Write a Credentials to the datastore.
@@ -485,7 +468,6 @@
if self._cache:
self._cache.set(self._key_name, credentials.to_json())
- @db.non_transactional(allow_existing=True)
def locked_delete(self):
"""Delete Credential from datastore."""
@@ -571,14 +553,16 @@
Instantiate and then use with oauth_required or oauth_aware
as decorators on webapp.RequestHandler methods.
- ::
+ Example:
decorator = OAuth2Decorator(
client_id='837...ent.com',
client_secret='Qh...wwI',
scope='https://www.googleapis.com/auth/plus')
+
class MainHandler(webapp.RequestHandler):
+
@decorator.oauth_required
def get(self):
http = decorator.http()
@@ -666,9 +650,8 @@
provided to this constructor. A string indicating the name of the field
on the _credentials_class where a Credentials object will be stored.
Defaults to 'credentials'.
- **kwargs: dict, Keyword arguments are passed along as kwargs to
- the OAuth2WebServerFlow constructor.
-
+ **kwargs: dict, Keyword arguments are be passed along as kwargs to the
+ OAuth2WebServerFlow constructor.
"""
self._tls = threading.local()
self.flow = None
@@ -815,18 +798,14 @@
url = self.flow.step1_get_authorize_url()
return str(url)
- def http(self, *args, **kwargs):
+ def http(self):
"""Returns an authorized http instance.
Must only be called from within an @oauth_required decorated method, or
from within an @oauth_aware decorated method where has_credentials()
returns True.
-
- Args:
- *args: Positional arguments passed to httplib2.Http constructor.
- **kwargs: Positional arguments passed to httplib2.Http constructor.
"""
- return self.credentials.authorize(httplib2.Http(*args, **kwargs))
+ return self.credentials.authorize(httplib2.Http())
@property
def callback_path(self):
@@ -845,8 +824,7 @@
def callback_handler(self):
"""RequestHandler for the OAuth 2.0 redirect callback.
- Usage::
-
+ Usage:
app = webapp.WSGIApplication([
('/index', MyIndexHandler),
...,
@@ -880,7 +858,7 @@
user)
if decorator._token_response_param and credentials.token_response:
- resp_json = json.dumps(credentials.token_response)
+ resp_json = simplejson.dumps(credentials.token_response)
redirect_uri = util._add_query_parameter(
redirect_uri, decorator._token_response_param, resp_json)
@@ -909,23 +887,24 @@
Uses a clientsecrets file as the source for all the information when
constructing an OAuth2Decorator.
- ::
+ Example:
decorator = OAuth2DecoratorFromClientSecrets(
os.path.join(os.path.dirname(__file__), 'client_secrets.json')
scope='https://www.googleapis.com/auth/plus')
+
class MainHandler(webapp.RequestHandler):
+
@decorator.oauth_required
def get(self):
http = decorator.http()
# http is authorized with the user's Credentials and can be used
# in API calls
-
"""
@util.positional(3)
- def __init__(self, filename, scope, message=None, cache=None, **kwargs):
+ def __init__(self, filename, scope, message=None, cache=None):
"""Constructor
Args:
@@ -938,20 +917,17 @@
decorator.
cache: An optional cache service client that implements get() and set()
methods. See clientsecrets.loadfile() for details.
- **kwargs: dict, Keyword arguments are passed along as kwargs to
- the OAuth2WebServerFlow constructor.
"""
client_type, client_info = clientsecrets.loadfile(filename, cache=cache)
if client_type not in [
clientsecrets.TYPE_WEB, clientsecrets.TYPE_INSTALLED]:
raise InvalidClientSecretsError(
- "OAuth2Decorator doesn't support this OAuth 2.0 flow.")
- constructor_kwargs = dict(kwargs)
- constructor_kwargs.update({
- 'auth_uri': client_info['auth_uri'],
- 'token_uri': client_info['token_uri'],
- 'message': message,
- })
+ 'OAuth2Decorator doesn\'t support this OAuth 2.0 flow.')
+ constructor_kwargs = {
+ 'auth_uri': client_info['auth_uri'],
+ 'token_uri': client_info['token_uri'],
+ 'message': message,
+ }
revoke_uri = client_info.get('revoke_uri')
if revoke_uri is not None:
constructor_kwargs['revoke_uri'] = revoke_uri
@@ -984,4 +960,4 @@
"""
return OAuth2DecoratorFromClientSecrets(filename, scope,
- message=message, cache=cache)
\ No newline at end of file
+ message=message, cache=cache)
diff --git a/third_party/oauth2client/client.py b/third_party/oauth2client/client.py
index 8fe28a3..6901f3f 100644
--- a/third_party/oauth2client/client.py
+++ b/third_party/oauth2client/client.py
@@ -1,4 +1,4 @@
-# Copyright 2014 Google Inc. All rights reserved.
+# Copyright (C) 2010 Google Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -20,48 +20,44 @@
__author__ = 'jcgregorio@google.com (Joe Gregorio)'
import base64
-import collections
+import clientsecrets
import copy
import datetime
-import json
-import logging
-import os
-import socket
-import sys
-import tempfile
-import time
-import shutil
-
from .. import httplib2
-from . import clientsecrets
+import logging
+import sys
+import time
+import urllib
+import urlparse
+
from . import GOOGLE_AUTH_URI
-from . import GOOGLE_DEVICE_URI
from . import GOOGLE_REVOKE_URI
from . import GOOGLE_TOKEN_URI
from . import util
-from third_party import six
-from third_party.six.moves import urllib
+from .anyjson import simplejson
HAS_OPENSSL = False
HAS_CRYPTO = False
try:
- from oauth2client import crypt
+ from . import crypt
HAS_CRYPTO = True
if crypt.OpenSSLVerifier is not None:
HAS_OPENSSL = True
except ImportError:
pass
+try:
+ from urlparse import parse_qsl
+except ImportError:
+ from cgi import parse_qsl
+
logger = logging.getLogger(__name__)
# Expiry is stored in RFC3339 UTC format
EXPIRY_FORMAT = '%Y-%m-%dT%H:%M:%SZ'
# Which certs to use to validate id_tokens received.
-ID_TOKEN_VERIFICATION_CERTS = 'https://www.googleapis.com/oauth2/v1/certs'
-# This symbol previously had a typo in the name; we keep the old name
-# around for now, but will remove it in the future.
-ID_TOKEN_VERIFICATON_CERTS = ID_TOKEN_VERIFICATION_CERTS
+ID_TOKEN_VERIFICATON_CERTS = 'https://www.googleapis.com/oauth2/v1/certs'
# Constant to use for the out of band OAuth 2.0 flow.
OOB_CALLBACK_URN = 'urn:ietf:wg:oauth:2.0:oob'
@@ -69,42 +65,6 @@
# Google Data client libraries may need to set this to [401, 403].
REFRESH_STATUS_CODES = [401]
-# The value representing user credentials.
-AUTHORIZED_USER = 'authorized_user'
-
-# The value representing service account credentials.
-SERVICE_ACCOUNT = 'service_account'
-
-# The environment variable pointing the file with local
-# Application Default Credentials.
-GOOGLE_APPLICATION_CREDENTIALS = 'GOOGLE_APPLICATION_CREDENTIALS'
-# The ~/.config subdirectory containing gcloud credentials. Intended
-# to be swapped out in tests.
-_CLOUDSDK_CONFIG_DIRECTORY = 'gcloud'
-
-# The error message we show users when we can't find the Application
-# Default Credentials.
-ADC_HELP_MSG = (
- 'The Application Default Credentials are not available. They are available '
- 'if running in Google Compute Engine. Otherwise, the environment variable '
- + GOOGLE_APPLICATION_CREDENTIALS +
- ' must be defined pointing to a file defining the credentials. See '
- 'https://developers.google.com/accounts/docs/application-default-credentials' # pylint:disable=line-too-long
- ' for more information.')
-
-# The access token along with the seconds in which it expires.
-AccessTokenInfo = collections.namedtuple(
- 'AccessTokenInfo', ['access_token', 'expires_in'])
-
-DEFAULT_ENV_NAME = 'UNKNOWN'
-
-# If set to True _get_environment avoid GCE check (_detect_gce_environment)
-NO_GCE_CHECK = os.environ.setdefault('NO_GCE_CHECK', 'False')
-
-class SETTINGS(object):
- """Settings namespace for globally defined values."""
- env_name = None
-
class Error(Exception):
"""Base error for this module."""
@@ -131,25 +91,13 @@
class VerifyJwtTokenError(Error):
- """Could not retrieve certificates for validation."""
+ """Could on retrieve certificates for validation."""
class NonAsciiHeaderError(Error):
"""Header names and values must be ASCII strings."""
-class ApplicationDefaultCredentialsError(Error):
- """Error retrieving the Application Default Credentials."""
-
-
-class OAuth2DeviceCodeError(Error):
- """Error trying to retrieve a device code."""
-
-
-class CryptoUnavailableError(Error, NotImplementedError):
- """Raised when a crypto library is required, but none is available."""
-
-
def _abstract():
raise NotImplementedError('You need to override this function')
@@ -177,12 +125,11 @@
an HTTP transport.
Subclasses must also specify a classmethod named 'from_json' that takes a JSON
- string as input and returns an instantiated Credentials object.
+ string as input and returns an instaniated Credentials object.
"""
NON_SERIALIZED_MEMBERS = ['store']
-
def authorize(self, http):
"""Take an httplib2.Http instance (or equivalent) and authorizes it.
@@ -196,7 +143,6 @@
"""
_abstract()
-
def refresh(self, http):
"""Forces a refresh of the access_token.
@@ -206,7 +152,6 @@
"""
_abstract()
-
def revoke(self, http):
"""Revokes a refresh_token and makes the credentials void.
@@ -216,7 +161,6 @@
"""
_abstract()
-
def apply(self, headers):
"""Add the authorization to the headers.
@@ -240,16 +184,12 @@
for member in strip:
if member in d:
del d[member]
- if (d.get('token_expiry') and
- isinstance(d['token_expiry'], datetime.datetime)):
+ if 'token_expiry' in d and isinstance(d['token_expiry'], datetime.datetime):
d['token_expiry'] = d['token_expiry'].strftime(EXPIRY_FORMAT)
# Add in information we will need later to reconsistitue this instance.
d['_class'] = t.__name__
d['_module'] = t.__module__
- for key, val in d.items():
- if isinstance(val, bytes):
- d[key] = val.decode('utf-8')
- return json.dumps(d)
+ return simplejson.dumps(d)
def to_json(self):
"""Creating a JSON representation of an instance of Credentials.
@@ -272,16 +212,14 @@
An instance of the subclass of Credentials that was serialized with
to_json().
"""
- if six.PY3 and isinstance(s, bytes):
- s = s.decode('utf-8')
- data = json.loads(s)
+ data = simplejson.loads(s)
# Find and call the right classmethod from_json() to restore the object.
module = data['_module']
try:
m = __import__(module)
except ImportError:
# In case there's an object from the old package structure, update it
- module = module.replace('.googleapiclient', '')
+ module = module.replace('.apiclient', '')
m = __import__(module)
m = __import__(module, fromlist=module.split('.')[:-1])
@@ -290,13 +228,13 @@
return from_json(s)
@classmethod
- def from_json(cls, unused_data):
+ def from_json(cls, s):
"""Instantiate a Credentials object from a JSON description of it.
The JSON should have been produced by calling .to_json() on the object.
Args:
- unused_data: dict, A deserialized JSON object.
+ data: dict, A deserialized JSON object.
Returns:
An instance of a Credentials subclass.
@@ -418,10 +356,8 @@
"""
clean = {}
try:
- for k, v in six.iteritems(headers):
- clean_k = k if isinstance(k, bytes) else str(k).encode('ascii')
- clean_v = v if isinstance(v, bytes) else str(v).encode('ascii')
- clean[clean_k] = clean_v
+ for k, v in headers.iteritems():
+ clean[str(k)] = str(v)
except UnicodeEncodeError:
raise NonAsciiHeaderError(k + ': ' + v)
return clean
@@ -437,11 +373,11 @@
Returns:
The same URI but with the new query parameters added.
"""
- parts = urllib.parse.urlparse(uri)
- query_params = dict(urllib.parse.parse_qsl(parts.query))
+ parts = list(urlparse.urlparse(uri))
+ query_params = dict(parse_qsl(parts[4])) # 4 is the index of the query part
query_params.update(params)
- new_parts = parts._replace(query=urllib.parse.urlencode(query_params))
- return urllib.parse.urlunparse(new_parts)
+ parts[4] = urllib.urlencode(query_params)
+ return urlparse.urlunparse(parts)
class OAuth2Credentials(Credentials):
@@ -509,23 +445,22 @@
it.
Args:
- http: An instance of ``httplib2.Http`` or something that acts
- like it.
+ http: An instance of httplib2.Http
+ or something that acts like it.
Returns:
A modified instance of http that was passed in.
- Example::
+ Example:
h = httplib2.Http()
h = credentials.authorize(h)
- You can't create a new OAuth subclass of httplib2.Authentication
+ You can't create a new OAuth subclass of httplib2.Authenication
because it never gets passed the absolute URI, which is needed for
signing. So instead we have to overload 'request' with a closure
that adds in the Authorization header and then calls the original
version of 'request()'.
-
"""
request_orig = http.request
@@ -538,12 +473,10 @@
logger.info('Attempting refresh to obtain initial access_token')
self._refresh(request_orig)
- # Clone and modify the request headers to add the appropriate
+ # Modify the request headers to add the appropriate
# Authorization header.
if headers is None:
headers = {}
- else:
- headers = dict(headers)
self.apply(headers)
if self.user_agent is not None:
@@ -556,7 +489,7 @@
redirections, connection_type)
if resp.status in REFRESH_STATUS_CODES:
- logger.info('Refreshing due to a %s', resp.status)
+ logger.info('Refreshing due to a %s' % str(resp.status))
self._refresh(request_orig)
self.apply(headers)
return request_orig(uri, method, body, clean_headers(headers),
@@ -612,15 +545,13 @@
Returns:
An instance of a Credentials subclass.
"""
- if six.PY3 and isinstance(s, bytes):
- s = s.decode('utf-8')
- data = json.loads(s)
- if (data.get('token_expiry') and
- not isinstance(data['token_expiry'], datetime.datetime)):
+ data = simplejson.loads(s)
+ if 'token_expiry' in data and not isinstance(data['token_expiry'],
+ datetime.datetime):
try:
data['token_expiry'] = datetime.datetime.strptime(
data['token_expiry'], EXPIRY_FORMAT)
- except ValueError:
+ except:
data['token_expiry'] = None
retval = cls(
data['access_token'],
@@ -655,24 +586,11 @@
return True
return False
- def get_access_token(self, http=None):
- """Return the access token and its expiration information.
-
- If the token does not exist, get one.
- If the token expired, refresh it.
- """
- if not self.access_token or self.access_token_expired:
- if not http:
- http = httplib2.Http()
- self.refresh(http)
- return AccessTokenInfo(access_token=self.access_token,
- expires_in=self._expires_in())
-
def set_store(self, store):
"""Set the Storage for the credential.
Args:
- store: Storage, an implementation of Storage object.
+ store: Storage, an implementation of Stroage object.
This is needed to store the latest access_token if it
has expired and been refreshed. This implementation uses
locking to check for updates before updating the
@@ -680,25 +598,6 @@
"""
self.store = store
- def _expires_in(self):
- """Return the number of seconds until this token expires.
-
- If token_expiry is in the past, this method will return 0, meaning the
- token has already expired.
- If token_expiry is None, this method will return None. Note that returning
- 0 in such a case would not be fair: the token may still be valid;
- we just don't know anything about it.
- """
- if self.token_expiry:
- now = datetime.datetime.utcnow()
- if self.token_expiry > now:
- time_delta = self.token_expiry - now
- # TODO(orestica): return time_delta.total_seconds()
- # once dropping support for Python 2.6
- return time_delta.days * 86400 + time_delta.seconds
- else:
- return 0
-
def _updateFromCredential(self, other):
"""Update this Credential from another instance."""
self.__dict__.update(other.__getstate__())
@@ -716,7 +615,7 @@
def _generate_refresh_request_body(self):
"""Generate the body that will be used in the refresh request."""
- body = urllib.parse.urlencode({
+ body = urllib.urlencode({
'grant_type': 'refresh_token',
'client_id': self.client_id,
'client_secret': self.client_secret,
@@ -780,10 +679,9 @@
logger.info('Refreshing access_token')
resp, content = http_request(
self.token_uri, method='POST', body=body, headers=headers)
- if six.PY3 and isinstance(content, bytes):
- content = content.decode('utf-8')
if resp.status == 200:
- d = json.loads(content)
+ # TODO(jcgregorio) Raise an error if loads fails?
+ d = simplejson.loads(content)
self.token_response = d
self.access_token = d['access_token']
self.refresh_token = d.get('refresh_token', self.refresh_token)
@@ -792,40 +690,35 @@
seconds=int(d['expires_in'])) + datetime.datetime.utcnow()
else:
self.token_expiry = None
- # On temporary refresh errors, the user does not actually have to
- # re-authorize, so we unflag here.
- self.invalid = False
if self.store:
self.store.locked_put(self)
else:
# An {'error':...} response body means the token is expired or revoked,
# so we flag the credentials as such.
- logger.info('Failed to retrieve access token: %s', content)
+ logger.info('Failed to retrieve access token: %s' % content)
error_msg = 'Invalid response %s.' % resp['status']
try:
- d = json.loads(content)
+ d = simplejson.loads(content)
if 'error' in d:
error_msg = d['error']
- if 'error_description' in d:
- error_msg += ': ' + d['error_description']
self.invalid = True
if self.store:
self.store.locked_put(self)
- except (TypeError, ValueError):
+ except StandardError:
pass
raise AccessTokenRefreshError(error_msg)
def _revoke(self, http_request):
- """Revokes this credential and deletes the stored copy (if it exists).
+ """Revokes the refresh_token and deletes the store if available.
Args:
http_request: callable, a callable that matches the method signature of
httplib2.Http.request, used to make the revoke request.
"""
- self._do_revoke(http_request, self.refresh_token or self.access_token)
+ self._do_revoke(http_request, self.refresh_token)
def _do_revoke(self, http_request, token):
- """Revokes this credential and deletes the stored copy (if it exists).
+ """Revokes the credentials and deletes the store if available.
Args:
http_request: callable, a callable that matches the method signature of
@@ -845,10 +738,10 @@
else:
error_msg = 'Invalid response %s.' % resp.status
try:
- d = json.loads(content)
+ d = simplejson.loads(content)
if 'error' in d:
error_msg = d['error']
- except (TypeError, ValueError):
+ except StandardError:
pass
raise TokenRevokeError(error_msg)
@@ -870,8 +763,7 @@
AccessTokenCredentials objects may be safely pickled and unpickled.
- Usage::
-
+ Usage:
credentials = AccessTokenCredentials('<an access token>',
'my-user-agent/1.0')
http = httplib2.Http()
@@ -907,12 +799,10 @@
@classmethod
def from_json(cls, s):
- if six.PY3 and isinstance(s, bytes):
- s = s.decode('utf-8')
- data = json.loads(s)
+ data = simplejson.loads(s)
retval = AccessTokenCredentials(
- data['access_token'],
- data['user_agent'])
+ data['access_token'],
+ data['user_agent'])
return retval
def _refresh(self, http_request):
@@ -929,434 +819,7 @@
self._do_revoke(http_request, self.access_token)
-def _detect_gce_environment(urlopen=None):
- """Determine if the current environment is Compute Engine.
-
- Args:
- urlopen: Optional argument. Function used to open a connection to a URL.
-
- Returns:
- Boolean indicating whether or not the current environment is Google
- Compute Engine.
- """
- urlopen = urlopen or urllib.request.urlopen
- # Note: the explicit `timeout` below is a workaround. The underlying
- # issue is that resolving an unknown host on some networks will take
- # 20-30 seconds; making this timeout short fixes the issue, but
- # could lead to false negatives in the event that we are on GCE, but
- # the metadata resolution was particularly slow. The latter case is
- # "unlikely".
- try:
- response = urlopen('http://169.254.169.254/', timeout=1)
- return response.info().get('Metadata-Flavor', '') == 'Google'
- except socket.timeout:
- logger.info('Timeout attempting to reach GCE metadata service.')
- return False
- except urllib.error.URLError as e:
- if isinstance(getattr(e, 'reason', None), socket.timeout):
- logger.info('Timeout attempting to reach GCE metadata service.')
- return False
-
-
-def _get_environment(urlopen=None):
- """Detect the environment the code is being run on.
-
- Args:
- urlopen: Optional argument. Function used to open a connection to a URL.
-
- Returns:
- The value of SETTINGS.env_name after being set. If already
- set, simply returns the value.
- """
- if SETTINGS.env_name is not None:
- return SETTINGS.env_name
-
- # None is an unset value, not the default.
- SETTINGS.env_name = DEFAULT_ENV_NAME
-
- server_software = os.environ.get('SERVER_SOFTWARE', '')
- if server_software.startswith('Google App Engine/'):
- SETTINGS.env_name = 'GAE_PRODUCTION'
- elif server_software.startswith('Development/'):
- SETTINGS.env_name = 'GAE_LOCAL'
- elif NO_GCE_CHECK != 'True' and _detect_gce_environment(urlopen=urlopen):
- SETTINGS.env_name = 'GCE_PRODUCTION'
-
- return SETTINGS.env_name
-
-
-class GoogleCredentials(OAuth2Credentials):
- """Application Default Credentials for use in calling Google APIs.
-
- The Application Default Credentials are being constructed as a function of
- the environment where the code is being run.
- More details can be found on this page:
- https://developers.google.com/accounts/docs/application-default-credentials
-
- Here is an example of how to use the Application Default Credentials for a
- service that requires authentication:
-
- from googleapiclient.discovery import build
- from oauth2client.client import GoogleCredentials
-
- credentials = GoogleCredentials.get_application_default()
- service = build('compute', 'v1', credentials=credentials)
-
- PROJECT = 'bamboo-machine-422'
- ZONE = 'us-central1-a'
- request = service.instances().list(project=PROJECT, zone=ZONE)
- response = request.execute()
-
- print(response)
- """
-
- def __init__(self, access_token, client_id, client_secret, refresh_token,
- token_expiry, token_uri, user_agent,
- revoke_uri=GOOGLE_REVOKE_URI):
- """Create an instance of GoogleCredentials.
-
- This constructor is not usually called by the user, instead
- GoogleCredentials objects are instantiated by
- GoogleCredentials.from_stream() or
- GoogleCredentials.get_application_default().
-
- Args:
- access_token: string, access token.
- client_id: string, client identifier.
- client_secret: string, client secret.
- refresh_token: string, refresh token.
- token_expiry: datetime, when the access_token expires.
- token_uri: string, URI of token endpoint.
- user_agent: string, The HTTP User-Agent to provide for this application.
- revoke_uri: string, URI for revoke endpoint.
- Defaults to GOOGLE_REVOKE_URI; a token can't be revoked if this is None.
- """
- super(GoogleCredentials, self).__init__(
- access_token, client_id, client_secret, refresh_token, token_expiry,
- token_uri, user_agent, revoke_uri=revoke_uri)
-
- def create_scoped_required(self):
- """Whether this Credentials object is scopeless.
-
- create_scoped(scopes) method needs to be called in order to create
- a Credentials object for API calls.
- """
- return False
-
- def create_scoped(self, scopes):
- """Create a Credentials object for the given scopes.
-
- The Credentials type is preserved.
- """
- return self
-
- @property
- def serialization_data(self):
- """Get the fields and their values identifying the current credentials."""
- return {
- 'type': 'authorized_user',
- 'client_id': self.client_id,
- 'client_secret': self.client_secret,
- 'refresh_token': self.refresh_token
- }
-
- @staticmethod
- def _implicit_credentials_from_gae(env_name=None):
- """Attempts to get implicit credentials in Google App Engine env.
-
- If the current environment is not detected as App Engine, returns None,
- indicating no Google App Engine credentials can be detected from the
- current environment.
-
- Args:
- env_name: String, indicating current environment.
-
- Returns:
- None, if not in GAE, else an appengine.AppAssertionCredentials object.
- """
- env_name = env_name or _get_environment()
- if env_name not in ('GAE_PRODUCTION', 'GAE_LOCAL'):
- return None
-
- return _get_application_default_credential_GAE()
-
- @staticmethod
- def _implicit_credentials_from_gce(env_name=None):
- """Attempts to get implicit credentials in Google Compute Engine env.
-
- If the current environment is not detected as Compute Engine, returns None,
- indicating no Google Compute Engine credentials can be detected from the
- current environment.
-
- Args:
- env_name: String, indicating current environment.
-
- Returns:
- None, if not in GCE, else a gce.AppAssertionCredentials object.
- """
- env_name = env_name or _get_environment()
- if env_name != 'GCE_PRODUCTION':
- return None
-
- return _get_application_default_credential_GCE()
-
- @staticmethod
- def _implicit_credentials_from_files(env_name=None):
- """Attempts to get implicit credentials from local credential files.
-
- First checks if the environment variable GOOGLE_APPLICATION_CREDENTIALS
- is set with a filename and then falls back to a configuration file (the
- "well known" file) associated with the 'gcloud' command line tool.
-
- Args:
- env_name: Unused argument.
-
- Returns:
- Credentials object associated with the GOOGLE_APPLICATION_CREDENTIALS
- file or the "well known" file if either exist. If neither file is
- define, returns None, indicating no credentials from a file can
- detected from the current environment.
- """
- credentials_filename = _get_environment_variable_file()
- if not credentials_filename:
- credentials_filename = _get_well_known_file()
- if os.path.isfile(credentials_filename):
- extra_help = (' (produced automatically when running'
- ' "gcloud auth login" command)')
- else:
- credentials_filename = None
- else:
- extra_help = (' (pointed to by ' + GOOGLE_APPLICATION_CREDENTIALS +
- ' environment variable)')
-
- if not credentials_filename:
- return
-
- try:
- return _get_application_default_credential_from_file(credentials_filename)
- except (ApplicationDefaultCredentialsError, ValueError) as error:
- _raise_exception_for_reading_json(credentials_filename, extra_help, error)
-
- @classmethod
- def _get_implicit_credentials(cls):
- """Gets credentials implicitly from the environment.
-
- Checks environment in order of precedence:
- - Google App Engine (production and testing)
- - Environment variable GOOGLE_APPLICATION_CREDENTIALS pointing to
- a file with stored credentials information.
- - Stored "well known" file associated with `gcloud` command line tool.
- - Google Compute Engine production environment.
-
- Exceptions:
- ApplicationDefaultCredentialsError: raised when the credentials fail
- to be retrieved.
- """
- env_name = _get_environment()
-
- # Environ checks (in order). Assumes each checker takes `env_name`
- # as a kwarg.
- environ_checkers = [
- cls._implicit_credentials_from_gae,
- cls._implicit_credentials_from_files,
- cls._implicit_credentials_from_gce,
- ]
-
- for checker in environ_checkers:
- credentials = checker(env_name=env_name)
- if credentials is not None:
- return credentials
-
- # If no credentials, fail.
- raise ApplicationDefaultCredentialsError(ADC_HELP_MSG)
-
- @staticmethod
- def get_application_default():
- """Get the Application Default Credentials for the current environment.
-
- Exceptions:
- ApplicationDefaultCredentialsError: raised when the credentials fail
- to be retrieved.
- """
- return GoogleCredentials._get_implicit_credentials()
-
- @staticmethod
- def from_stream(credential_filename):
- """Create a Credentials object by reading the information from a given file.
-
- It returns an object of type GoogleCredentials.
-
- Args:
- credential_filename: the path to the file from where the credentials
- are to be read
-
- Exceptions:
- ApplicationDefaultCredentialsError: raised when the credentials fail
- to be retrieved.
- """
-
- if credential_filename and os.path.isfile(credential_filename):
- try:
- return _get_application_default_credential_from_file(
- credential_filename)
- except (ApplicationDefaultCredentialsError, ValueError) as error:
- extra_help = ' (provided as parameter to the from_stream() method)'
- _raise_exception_for_reading_json(credential_filename,
- extra_help,
- error)
- else:
- raise ApplicationDefaultCredentialsError(
- 'The parameter passed to the from_stream() '
- 'method should point to a file.')
-
-
-def _save_private_file(filename, json_contents):
- """Saves a file with read-write permissions on for the owner.
-
- Args:
- filename: String. Absolute path to file.
- json_contents: JSON serializable object to be saved.
- """
- temp_filename = tempfile.mktemp()
- file_desc = os.open(temp_filename, os.O_WRONLY | os.O_CREAT, 0o600)
- with os.fdopen(file_desc, 'w') as file_handle:
- json.dump(json_contents, file_handle, sort_keys=True,
- indent=2, separators=(',', ': '))
- shutil.move(temp_filename, filename)
-
-
-def save_to_well_known_file(credentials, well_known_file=None):
- """Save the provided GoogleCredentials to the well known file.
-
- Args:
- credentials:
- the credentials to be saved to the well known file;
- it should be an instance of GoogleCredentials
- well_known_file:
- the name of the file where the credentials are to be saved;
- this parameter is supposed to be used for testing only
- """
- # TODO(orestica): move this method to tools.py
- # once the argparse import gets fixed (it is not present in Python 2.6)
-
- if well_known_file is None:
- well_known_file = _get_well_known_file()
-
- credentials_data = credentials.serialization_data
- _save_private_file(well_known_file, credentials_data)
-
-
-def _get_environment_variable_file():
- application_default_credential_filename = (
- os.environ.get(GOOGLE_APPLICATION_CREDENTIALS,
- None))
-
- if application_default_credential_filename:
- if os.path.isfile(application_default_credential_filename):
- return application_default_credential_filename
- else:
- raise ApplicationDefaultCredentialsError(
- 'File ' + application_default_credential_filename + ' (pointed by ' +
- GOOGLE_APPLICATION_CREDENTIALS +
- ' environment variable) does not exist!')
-
-
-def _get_well_known_file():
- """Get the well known file produced by command 'gcloud auth login'."""
- # TODO(orestica): Revisit this method once gcloud provides a better way
- # of pinpointing the exact location of the file.
-
- WELL_KNOWN_CREDENTIALS_FILE = 'application_default_credentials.json'
-
- if os.name == 'nt':
- try:
- default_config_path = os.path.join(os.environ['APPDATA'],
- _CLOUDSDK_CONFIG_DIRECTORY)
- except KeyError:
- # This should never happen unless someone is really messing with things.
- drive = os.environ.get('SystemDrive', 'C:')
- default_config_path = os.path.join(drive, '\\',
- _CLOUDSDK_CONFIG_DIRECTORY)
- else:
- default_config_path = os.path.join(os.path.expanduser('~'),
- '.config',
- _CLOUDSDK_CONFIG_DIRECTORY)
-
- default_config_path = os.path.join(default_config_path,
- WELL_KNOWN_CREDENTIALS_FILE)
-
- return default_config_path
-
-
-def _get_application_default_credential_from_file(filename):
- """Build the Application Default Credentials from file."""
-
- from oauth2client import service_account
-
- # read the credentials from the file
- with open(filename) as file_obj:
- client_credentials = json.load(file_obj)
-
- credentials_type = client_credentials.get('type')
- if credentials_type == AUTHORIZED_USER:
- required_fields = set(['client_id', 'client_secret', 'refresh_token'])
- elif credentials_type == SERVICE_ACCOUNT:
- required_fields = set(['client_id', 'client_email', 'private_key_id',
- 'private_key'])
- else:
- raise ApplicationDefaultCredentialsError(
- "'type' field should be defined (and have one of the '" +
- AUTHORIZED_USER + "' or '" + SERVICE_ACCOUNT + "' values)")
-
- missing_fields = required_fields.difference(client_credentials.keys())
-
- if missing_fields:
- _raise_exception_for_missing_fields(missing_fields)
-
- if client_credentials['type'] == AUTHORIZED_USER:
- return GoogleCredentials(
- access_token=None,
- client_id=client_credentials['client_id'],
- client_secret=client_credentials['client_secret'],
- refresh_token=client_credentials['refresh_token'],
- token_expiry=None,
- token_uri=GOOGLE_TOKEN_URI,
- user_agent='Python client library')
- else: # client_credentials['type'] == SERVICE_ACCOUNT
- return service_account._ServiceAccountCredentials(
- service_account_id=client_credentials['client_id'],
- service_account_email=client_credentials['client_email'],
- private_key_id=client_credentials['private_key_id'],
- private_key_pkcs8_text=client_credentials['private_key'],
- scopes=[])
-
-
-def _raise_exception_for_missing_fields(missing_fields):
- raise ApplicationDefaultCredentialsError(
- 'The following field(s) must be defined: ' + ', '.join(missing_fields))
-
-
-def _raise_exception_for_reading_json(credential_file,
- extra_help,
- error):
- raise ApplicationDefaultCredentialsError(
- 'An error was encountered while reading json file: '+
- credential_file + extra_help + ': ' + str(error))
-
-
-def _get_application_default_credential_GAE():
- from oauth2client.appengine import AppAssertionCredentials
-
- return AppAssertionCredentials([])
-
-
-def _get_application_default_credential_GCE():
- from oauth2client.gce import AppAssertionCredentials
-
- return AppAssertionCredentials([])
-
-
-class AssertionCredentials(GoogleCredentials):
+class AssertionCredentials(OAuth2Credentials):
"""Abstract Credentials object used for OAuth 2.0 assertion grants.
This credential does not require a flow to instantiate because it
@@ -1396,7 +859,7 @@
def _generate_refresh_request_body(self):
assertion = self._generate_assertion()
- body = urllib.parse.urlencode({
+ body = urllib.urlencode({
'assertion': assertion,
'grant_type': 'urn:ietf:params:oauth:grant-type:jwt-bearer',
})
@@ -1419,157 +882,141 @@
self._do_revoke(http_request, self.access_token)
-def _RequireCryptoOrDie():
- """Ensure we have a crypto library, or throw CryptoUnavailableError.
+if HAS_CRYPTO:
+ # PyOpenSSL and PyCrypto are not prerequisites for oauth2client, so if it is
+ # missing then don't create the SignedJwtAssertionCredentials or the
+ # verify_id_token() method.
- The oauth2client.crypt module requires either PyCrypto or PyOpenSSL
- to be available in order to function, but these are optional
- dependencies.
- """
- if not HAS_CRYPTO:
- raise CryptoUnavailableError('No crypto library available')
+ class SignedJwtAssertionCredentials(AssertionCredentials):
+ """Credentials object used for OAuth 2.0 Signed JWT assertion grants.
+ This credential does not require a flow to instantiate because it represents
+ a two legged flow, and therefore has all of the required information to
+ generate and refresh its own access tokens.
-class SignedJwtAssertionCredentials(AssertionCredentials):
- """Credentials object used for OAuth 2.0 Signed JWT assertion grants.
+ SignedJwtAssertionCredentials requires either PyOpenSSL, or PyCrypto 2.6 or
+ later. For App Engine you may also consider using AppAssertionCredentials.
+ """
- This credential does not require a flow to instantiate because it
- represents a two legged flow, and therefore has all of the required
- information to generate and refresh its own access tokens.
+ MAX_TOKEN_LIFETIME_SECS = 3600 # 1 hour in seconds
- SignedJwtAssertionCredentials requires either PyOpenSSL, or PyCrypto
- 2.6 or later. For App Engine you may also consider using
- AppAssertionCredentials.
- """
+ @util.positional(4)
+ def __init__(self,
+ service_account_name,
+ private_key,
+ scope,
+ private_key_password='notasecret',
+ user_agent=None,
+ token_uri=GOOGLE_TOKEN_URI,
+ revoke_uri=GOOGLE_REVOKE_URI,
+ **kwargs):
+ """Constructor for SignedJwtAssertionCredentials.
- MAX_TOKEN_LIFETIME_SECS = 3600 # 1 hour in seconds
+ Args:
+ service_account_name: string, id for account, usually an email address.
+ private_key: string, private key in PKCS12 or PEM format.
+ scope: string or iterable of strings, scope(s) of the credentials being
+ requested.
+ private_key_password: string, password for private_key, unused if
+ private_key is in PEM format.
+ user_agent: string, HTTP User-Agent to provide for this application.
+ token_uri: string, URI for token endpoint. For convenience
+ defaults to Google's endpoints but any OAuth 2.0 provider can be used.
+ revoke_uri: string, URI for revoke endpoint.
+ kwargs: kwargs, Additional parameters to add to the JWT token, for
+ example sub=joe@xample.org."""
- @util.positional(4)
- def __init__(self,
- service_account_name,
- private_key,
- scope,
- private_key_password='notasecret',
- user_agent=None,
- token_uri=GOOGLE_TOKEN_URI,
- revoke_uri=GOOGLE_REVOKE_URI,
- **kwargs):
- """Constructor for SignedJwtAssertionCredentials.
+ super(SignedJwtAssertionCredentials, self).__init__(
+ None,
+ user_agent=user_agent,
+ token_uri=token_uri,
+ revoke_uri=revoke_uri,
+ )
+
+ self.scope = util.scopes_to_string(scope)
+
+ # Keep base64 encoded so it can be stored in JSON.
+ self.private_key = base64.b64encode(private_key)
+
+ self.private_key_password = private_key_password
+ self.service_account_name = service_account_name
+ self.kwargs = kwargs
+
+ @classmethod
+ def from_json(cls, s):
+ data = simplejson.loads(s)
+ retval = SignedJwtAssertionCredentials(
+ data['service_account_name'],
+ base64.b64decode(data['private_key']),
+ data['scope'],
+ private_key_password=data['private_key_password'],
+ user_agent=data['user_agent'],
+ token_uri=data['token_uri'],
+ **data['kwargs']
+ )
+ retval.invalid = data['invalid']
+ retval.access_token = data['access_token']
+ return retval
+
+ def _generate_assertion(self):
+ """Generate the assertion that will be used in the request."""
+ now = long(time.time())
+ payload = {
+ 'aud': self.token_uri,
+ 'scope': self.scope,
+ 'iat': now,
+ 'exp': now + SignedJwtAssertionCredentials.MAX_TOKEN_LIFETIME_SECS,
+ 'iss': self.service_account_name
+ }
+ payload.update(self.kwargs)
+ logger.debug(str(payload))
+
+ private_key = base64.b64decode(self.private_key)
+ return crypt.make_signed_jwt(crypt.Signer.from_string(
+ private_key, self.private_key_password), payload)
+
+ # Only used in verify_id_token(), which is always calling to the same URI
+ # for the certs.
+ _cached_http = httplib2.Http(MemoryCache())
+
+ @util.positional(2)
+ def verify_id_token(id_token, audience, http=None,
+ cert_uri=ID_TOKEN_VERIFICATON_CERTS):
+ """Verifies a signed JWT id_token.
+
+ This function requires PyOpenSSL and because of that it does not work on
+ App Engine.
Args:
- service_account_name: string, id for account, usually an email address.
- private_key: string, private key in PKCS12 or PEM format.
- scope: string or iterable of strings, scope(s) of the credentials being
- requested.
- private_key_password: string, password for private_key, unused if
- private_key is in PEM format.
- user_agent: string, HTTP User-Agent to provide for this application.
- token_uri: string, URI for token endpoint. For convenience
- defaults to Google's endpoints but any OAuth 2.0 provider can be used.
- revoke_uri: string, URI for revoke endpoint.
- kwargs: kwargs, Additional parameters to add to the JWT token, for
- example sub=joe@xample.org.
+ id_token: string, A Signed JWT.
+ audience: string, The audience 'aud' that the token should be for.
+ http: httplib2.Http, instance to use to make the HTTP request. Callers
+ should supply an instance that has caching enabled.
+ cert_uri: string, URI of the certificates in JSON format to
+ verify the JWT against.
+
+ Returns:
+ The deserialized JSON in the JWT.
Raises:
- CryptoUnavailableError if no crypto library is available.
+ oauth2client.crypt.AppIdentityError if the JWT fails to verify.
"""
- _RequireCryptoOrDie()
- super(SignedJwtAssertionCredentials, self).__init__(
- None,
- user_agent=user_agent,
- token_uri=token_uri,
- revoke_uri=revoke_uri,
- )
+ if http is None:
+ http = _cached_http
- self.scope = util.scopes_to_string(scope)
+ resp, content = http.request(cert_uri)
- # Keep base64 encoded so it can be stored in JSON.
- self.private_key = base64.b64encode(private_key)
- if isinstance(self.private_key, six.text_type):
- self.private_key = self.private_key.encode('utf-8')
-
- self.private_key_password = private_key_password
- self.service_account_name = service_account_name
- self.kwargs = kwargs
-
- @classmethod
- def from_json(cls, s):
- data = json.loads(s)
- retval = SignedJwtAssertionCredentials(
- data['service_account_name'],
- base64.b64decode(data['private_key']),
- data['scope'],
- private_key_password=data['private_key_password'],
- user_agent=data['user_agent'],
- token_uri=data['token_uri'],
- **data['kwargs']
- )
- retval.invalid = data['invalid']
- retval.access_token = data['access_token']
- return retval
-
- def _generate_assertion(self):
- """Generate the assertion that will be used in the request."""
- now = int(time.time())
- payload = {
- 'aud': self.token_uri,
- 'scope': self.scope,
- 'iat': now,
- 'exp': now + SignedJwtAssertionCredentials.MAX_TOKEN_LIFETIME_SECS,
- 'iss': self.service_account_name
- }
- payload.update(self.kwargs)
- logger.debug(str(payload))
-
- private_key = base64.b64decode(self.private_key)
- return crypt.make_signed_jwt(crypt.Signer.from_string(
- private_key, self.private_key_password), payload)
-
-# Only used in verify_id_token(), which is always calling to the same URI
-# for the certs.
-_cached_http = httplib2.Http(MemoryCache())
-
-@util.positional(2)
-def verify_id_token(id_token, audience, http=None,
- cert_uri=ID_TOKEN_VERIFICATION_CERTS):
- """Verifies a signed JWT id_token.
-
- This function requires PyOpenSSL and because of that it does not work on
- App Engine.
-
- Args:
- id_token: string, A Signed JWT.
- audience: string, The audience 'aud' that the token should be for.
- http: httplib2.Http, instance to use to make the HTTP request. Callers
- should supply an instance that has caching enabled.
- cert_uri: string, URI of the certificates in JSON format to
- verify the JWT against.
-
- Returns:
- The deserialized JSON in the JWT.
-
- Raises:
- oauth2client.crypt.AppIdentityError: if the JWT fails to verify.
- CryptoUnavailableError: if no crypto library is available.
- """
- _RequireCryptoOrDie()
- if http is None:
- http = _cached_http
-
- resp, content = http.request(cert_uri)
-
- if resp.status == 200:
- certs = json.loads(content.decode('utf-8'))
- return crypt.verify_signed_jwt_with_certs(id_token, certs, audience)
- else:
- raise VerifyJwtTokenError('Status code: %d' % resp.status)
+ if resp.status == 200:
+ certs = simplejson.loads(content)
+ return crypt.verify_signed_jwt_with_certs(id_token, certs, audience)
+ else:
+ raise VerifyJwtTokenError('Status code: %d' % resp.status)
def _urlsafe_b64decode(b64string):
# Guard against unicode strings, which base64 can't handle.
- if isinstance(b64string, six.text_type):
- b64string = b64string.encode('ascii')
- padded = b64string + b'=' * (4 - len(b64string) % 4)
+ b64string = b64string.encode('ascii')
+ padded = b64string + '=' * (4 - len(b64string) % 4)
return base64.urlsafe_b64decode(padded)
@@ -1579,21 +1026,18 @@
Does the extraction w/o checking the signature.
Args:
- id_token: string or bytestring, OAuth 2.0 id_token.
+ id_token: string, OAuth 2.0 id_token.
Returns:
object, The deserialized JSON payload.
"""
- if type(id_token) == bytes:
- segments = id_token.split(b'.')
- else:
- segments = id_token.split(u'.')
+ segments = id_token.split('.')
- if len(segments) != 3:
+ if (len(segments) != 3):
raise VerifyJwtTokenError(
- 'Wrong number of segments in token: %s' % id_token)
+ 'Wrong number of segments in token: %s' % id_token)
- return json.loads(_urlsafe_b64decode(segments[1]).decode('utf-8'))
+ return simplejson.loads(_urlsafe_b64decode(segments[1]))
def _parse_exchange_token_response(content):
@@ -1611,12 +1055,11 @@
"""
resp = {}
try:
- resp = json.loads(content.decode('utf-8'))
- except Exception:
+ resp = simplejson.loads(content)
+ except StandardError:
# different JSON libs raise different exceptions,
# so we just do a catch-all here
- content = content.decode('utf-8')
- resp = dict(urllib.parse.parse_qsl(content))
+ resp = dict(parse_qsl(content))
# some providers respond with 'expires', others with 'expires_in'
if resp and 'expires' in resp:
@@ -1630,15 +1073,14 @@
redirect_uri='postmessage', http=None,
user_agent=None, token_uri=GOOGLE_TOKEN_URI,
auth_uri=GOOGLE_AUTH_URI,
- revoke_uri=GOOGLE_REVOKE_URI,
- device_uri=GOOGLE_DEVICE_URI):
+ revoke_uri=GOOGLE_REVOKE_URI):
"""Exchanges an authorization code for an OAuth2Credentials object.
Args:
client_id: string, client identifier.
client_secret: string, client secret.
scope: string or iterable of strings, scope(s) to request.
- code: string, An authorization code, most likely passed down from
+ code: string, An authroization code, most likely passed down from
the client
redirect_uri: string, this is generally set to 'postmessage' to match the
redirect_uri that the client specified
@@ -1649,8 +1091,6 @@
defaults to Google's endpoints but any OAuth 2.0 provider can be used.
revoke_uri: string, URI for revoke endpoint. For convenience
defaults to Google's endpoints but any OAuth 2.0 provider can be used.
- device_uri: string, URI for device authorization endpoint. For convenience
- defaults to Google's endpoints but any OAuth 2.0 provider can be used.
Returns:
An OAuth2Credentials object.
@@ -1662,7 +1102,7 @@
flow = OAuth2WebServerFlow(client_id, client_secret, scope,
redirect_uri=redirect_uri, user_agent=user_agent,
auth_uri=auth_uri, token_uri=token_uri,
- revoke_uri=revoke_uri, device_uri=device_uri)
+ revoke_uri=revoke_uri)
credentials = flow.step2_exchange(code, http=http)
return credentials
@@ -1673,8 +1113,7 @@
message = None,
redirect_uri='postmessage',
http=None,
- cache=None,
- device_uri=None):
+ cache=None):
"""Returns OAuth2Credentials from a clientsecrets file and an auth code.
Will create the right kind of Flow based on the contents of the clientsecrets
@@ -1694,7 +1133,6 @@
http: httplib2.Http, optional http instance to use to do the fetch
cache: An optional cache service client that implements get() and set()
methods. See clientsecrets.loadfile() for details.
- device_uri: string, OAuth 2.0 device authorization endpoint
Returns:
An OAuth2Credentials object.
@@ -1707,49 +1145,11 @@
invalid.
"""
flow = flow_from_clientsecrets(filename, scope, message=message, cache=cache,
- redirect_uri=redirect_uri,
- device_uri=device_uri)
+ redirect_uri=redirect_uri)
credentials = flow.step2_exchange(code, http=http)
return credentials
-class DeviceFlowInfo(collections.namedtuple('DeviceFlowInfo', (
- 'device_code', 'user_code', 'interval', 'verification_url',
- 'user_code_expiry'))):
- """Intermediate information the OAuth2 for devices flow."""
-
- @classmethod
- def FromResponse(cls, response):
- """Create a DeviceFlowInfo from a server response.
-
- The response should be a dict containing entries as described here:
-
- http://tools.ietf.org/html/draft-ietf-oauth-v2-05#section-3.7.1
- """
- # device_code, user_code, and verification_url are required.
- kwargs = {
- 'device_code': response['device_code'],
- 'user_code': response['user_code'],
- }
- # The response may list the verification address as either
- # verification_url or verification_uri, so we check for both.
- verification_url = response.get(
- 'verification_url', response.get('verification_uri'))
- if verification_url is None:
- raise OAuth2DeviceCodeError(
- 'No verification_url provided in server response')
- kwargs['verification_url'] = verification_url
- # expires_in and interval are optional.
- kwargs.update({
- 'interval': response.get('interval'),
- 'user_code_expiry': None,
- })
- if 'expires_in' in response:
- kwargs['user_code_expiry'] = datetime.datetime.now() + datetime.timedelta(
- seconds=int(response['expires_in']))
-
- return cls(**kwargs)
-
class OAuth2WebServerFlow(Flow):
"""Does the Web Server Flow for OAuth 2.0.
@@ -1763,8 +1163,6 @@
auth_uri=GOOGLE_AUTH_URI,
token_uri=GOOGLE_TOKEN_URI,
revoke_uri=GOOGLE_REVOKE_URI,
- login_hint=None,
- device_uri=GOOGLE_DEVICE_URI,
**kwargs):
"""Constructor for OAuth2WebServerFlow.
@@ -1787,11 +1185,6 @@
defaults to Google's endpoints but any OAuth 2.0 provider can be used.
revoke_uri: string, URI for revoke endpoint. For convenience
defaults to Google's endpoints but any OAuth 2.0 provider can be used.
- login_hint: string, Either an email address or domain. Passing this hint
- will either pre-fill the email box on the sign-in form or select the
- proper multi-login session, thereby simplifying the login flow.
- device_uri: string, URI for device authorization endpoint. For convenience
- defaults to Google's endpoints but any OAuth 2.0 provider can be used.
**kwargs: dict, The keyword arguments are all optional and required
parameters for the OAuth calls.
"""
@@ -1799,12 +1192,10 @@
self.client_secret = client_secret
self.scope = util.scopes_to_string(scope)
self.redirect_uri = redirect_uri
- self.login_hint = login_hint
self.user_agent = user_agent
self.auth_uri = auth_uri
self.token_uri = token_uri
self.revoke_uri = revoke_uri
- self.device_uri = device_uri
self.params = {
'access_type': 'offline',
'response_type': 'code',
@@ -1825,9 +1216,8 @@
A URI as a string to redirect the user to begin the authorization flow.
"""
if redirect_uri is not None:
- logger.warning((
- 'The redirect_uri parameter for '
- 'OAuth2WebServerFlow.step1_get_authorize_url is deprecated. Please '
+ logger.warning(('The redirect_uri parameter for'
+ 'OAuth2WebServerFlow.step1_get_authorize_url is deprecated. Please'
'move to passing the redirect_uri in via the constructor.'))
self.redirect_uri = redirect_uri
@@ -1839,107 +1229,45 @@
'redirect_uri': self.redirect_uri,
'scope': self.scope,
}
- if self.login_hint is not None:
- query_params['login_hint'] = self.login_hint
query_params.update(self.params)
return _update_query_params(self.auth_uri, query_params)
- @util.positional(1)
- def step1_get_device_and_user_codes(self, http=None):
- """Returns a user code and the verification URL where to enter it
-
- Returns:
- A user code as a string for the user to authorize the application
- An URL as a string where the user has to enter the code
- """
- if self.device_uri is None:
- raise ValueError('The value of device_uri must not be None.')
-
- body = urllib.parse.urlencode({
- 'client_id': self.client_id,
- 'scope': self.scope,
- })
- headers = {
- 'content-type': 'application/x-www-form-urlencoded',
- }
-
- if self.user_agent is not None:
- headers['user-agent'] = self.user_agent
-
- if http is None:
- http = httplib2.Http()
-
- resp, content = http.request(self.device_uri, method='POST', body=body,
- headers=headers)
- if resp.status == 200:
- try:
- flow_info = json.loads(content)
- except ValueError as e:
- raise OAuth2DeviceCodeError(
- 'Could not parse server response as JSON: "%s", error: "%s"' % (
- content, e))
- return DeviceFlowInfo.FromResponse(flow_info)
- else:
- error_msg = 'Invalid response %s.' % resp.status
- try:
- d = json.loads(content)
- if 'error' in d:
- error_msg += ' Error: %s' % d['error']
- except ValueError:
- # Couldn't decode a JSON response, stick with the default message.
- pass
- raise OAuth2DeviceCodeError(error_msg)
-
@util.positional(2)
- def step2_exchange(self, code=None, http=None, device_flow_info=None):
- """Exchanges a code for OAuth2Credentials.
+ def step2_exchange(self, code, http=None):
+ """Exhanges a code for OAuth2Credentials.
Args:
-
- code: string, a dict-like object, or None. For a non-device
- flow, this is either the response code as a string, or a
- dictionary of query parameters to the redirect_uri. For a
- device flow, this should be None.
- http: httplib2.Http, optional http instance to use when fetching
- credentials.
- device_flow_info: DeviceFlowInfo, return value from step1 in the
- case of a device flow.
+ code: string or dict, either the code as a string, or a dictionary
+ of the query parameters to the redirect_uri, which contains
+ the code.
+ http: httplib2.Http, optional http instance to use to do the fetch
Returns:
An OAuth2Credentials object that can be used to authorize requests.
Raises:
- FlowExchangeError: if a problem occurred exchanging the code for a
- refresh_token.
- ValueError: if code and device_flow_info are both provided or both
- missing.
-
+ FlowExchangeError if a problem occured exchanging the code for a
+ refresh_token.
"""
- if code is None and device_flow_info is None:
- raise ValueError('No code or device_flow_info provided.')
- if code is not None and device_flow_info is not None:
- raise ValueError('Cannot provide both code and device_flow_info.')
- if code is None:
- code = device_flow_info.device_code
- elif not isinstance(code, six.string_types):
+ if not (isinstance(code, str) or isinstance(code, unicode)):
if 'code' not in code:
- raise FlowExchangeError(code.get(
- 'error', 'No code was supplied in the query parameters.'))
- code = code['code']
+ if 'error' in code:
+ error_msg = code['error']
+ else:
+ error_msg = 'No code was supplied in the query parameters.'
+ raise FlowExchangeError(error_msg)
+ else:
+ code = code['code']
- post_data = {
+ body = urllib.urlencode({
+ 'grant_type': 'authorization_code',
'client_id': self.client_id,
'client_secret': self.client_secret,
'code': code,
+ 'redirect_uri': self.redirect_uri,
'scope': self.scope,
- }
- if device_flow_info is not None:
- post_data['grant_type'] = 'http://oauth.net/grant_type/device/1.0'
- else:
- post_data['grant_type'] = 'authorization_code'
- post_data['redirect_uri'] = self.redirect_uri
- body = urllib.parse.urlencode(post_data)
+ })
headers = {
'content-type': 'application/x-www-form-urlencoded',
}
@@ -1956,31 +1284,26 @@
if resp.status == 200 and 'access_token' in d:
access_token = d['access_token']
refresh_token = d.get('refresh_token', None)
- if not refresh_token:
- logger.info(
- 'Received token response with no refresh_token. Consider '
- "reauthenticating with approval_prompt='force'.")
token_expiry = None
if 'expires_in' in d:
token_expiry = datetime.datetime.utcnow() + datetime.timedelta(
seconds=int(d['expires_in']))
- extracted_id_token = None
if 'id_token' in d:
- extracted_id_token = _extract_id_token(d['id_token'])
+ d['id_token'] = _extract_id_token(d['id_token'])
logger.info('Successfully retrieved access token')
return OAuth2Credentials(access_token, self.client_id,
self.client_secret, refresh_token, token_expiry,
self.token_uri, self.user_agent,
revoke_uri=self.revoke_uri,
- id_token=extracted_id_token,
+ id_token=d.get('id_token', None),
token_response=d)
else:
- logger.info('Failed to retrieve access token: %s', content)
+ logger.info('Failed to retrieve access token: %s' % content)
if 'error' in d:
# you never know what those providers got to say
- error_msg = str(d['error']) + str(d.get('error_description', ''))
+ error_msg = unicode(d['error'])
else:
error_msg = 'Invalid response: %s.' % str(resp.status)
raise FlowExchangeError(error_msg)
@@ -1988,8 +1311,7 @@
@util.positional(2)
def flow_from_clientsecrets(filename, scope, redirect_uri=None,
- message=None, cache=None, login_hint=None,
- device_uri=None):
+ message=None, cache=None):
"""Create a Flow from a clientsecrets file.
Will create the right kind of Flow based on the contents of the clientsecrets
@@ -2007,11 +1329,6 @@
provided then clientsecrets.InvalidClientSecretsError will be raised.
cache: An optional cache service client that implements get() and set()
methods. See clientsecrets.loadfile() for details.
- login_hint: string, Either an email address or domain. Passing this hint
- will either pre-fill the email box on the sign-in form or select the
- proper multi-login session, thereby simplifying the login flow.
- device_uri: string, URI for device authorization endpoint. For convenience
- defaults to Google's endpoints but any OAuth 2.0 provider can be used.
Returns:
A Flow object.
@@ -2028,13 +1345,10 @@
'redirect_uri': redirect_uri,
'auth_uri': client_info['auth_uri'],
'token_uri': client_info['token_uri'],
- 'login_hint': login_hint,
}
revoke_uri = client_info.get('revoke_uri')
if revoke_uri is not None:
constructor_kwargs['revoke_uri'] = revoke_uri
- if device_uri is not None:
- constructor_kwargs['device_uri'] = device_uri
return OAuth2WebServerFlow(
client_info['client_id'], client_info['client_secret'],
scope, **constructor_kwargs)
@@ -2046,4 +1360,4 @@
raise
else:
raise UnknownClientSecretsFlowError(
- 'This OAuth 2.0 flow is unsupported: %r' % client_type)
\ No newline at end of file
+ 'This OAuth 2.0 flow is unsupported: %r' % client_type)
diff --git a/third_party/oauth2client/clientsecrets.py b/third_party/oauth2client/clientsecrets.py
index af079ec..ac99aae 100644
--- a/third_party/oauth2client/clientsecrets.py
+++ b/third_party/oauth2client/clientsecrets.py
@@ -1,4 +1,4 @@
-# Copyright 2014 Google Inc. All rights reserved.
+# Copyright (C) 2011 Google Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -20,10 +20,8 @@
__author__ = 'jcgregorio@google.com (Joe Gregorio)'
-import json
-from third_party import six
-
+from anyjson import simplejson
# Properties that make a client_secrets.json file valid.
TYPE_WEB = 'web'
@@ -70,21 +68,11 @@
def _validate_clientsecrets(obj):
- _INVALID_FILE_FORMAT_MSG = (
- 'Invalid file format. See '
- 'https://developers.google.com/api-client-library/'
- 'python/guide/aaa_client_secrets')
-
- if obj is None:
- raise InvalidClientSecretsError(_INVALID_FILE_FORMAT_MSG)
- if len(obj) != 1:
- raise InvalidClientSecretsError(
- _INVALID_FILE_FORMAT_MSG + ' '
- 'Expected a JSON object with a single property for a "web" or '
- '"installed" application')
- client_type = tuple(obj)[0]
- if client_type not in VALID_CLIENT:
- raise InvalidClientSecretsError('Unknown client type: %s.' % (client_type,))
+ if obj is None or len(obj) != 1:
+ raise InvalidClientSecretsError('Invalid file format.')
+ client_type = obj.keys()[0]
+ if client_type not in VALID_CLIENT.keys():
+ raise InvalidClientSecretsError('Unknown client type: %s.' % client_type)
client_info = obj[client_type]
for prop_name in VALID_CLIENT[client_type]['required']:
if prop_name not in client_info:
@@ -99,19 +87,22 @@
def load(fp):
- obj = json.load(fp)
+ obj = simplejson.load(fp)
return _validate_clientsecrets(obj)
def loads(s):
- obj = json.loads(s)
+ obj = simplejson.loads(s)
return _validate_clientsecrets(obj)
def _loadfile(filename):
try:
- with open(filename, 'r') as fp:
- obj = json.load(fp)
+ fp = file(filename, 'r')
+ try:
+ obj = simplejson.load(fp)
+ finally:
+ fp.close()
except IOError:
raise InvalidClientSecretsError('File not found: "%s"' % filename)
return _validate_clientsecrets(obj)
@@ -123,12 +114,10 @@
Typical cache storage would be App Engine memcache service,
but you can pass in any other cache client that implements
these methods:
+ - get(key, namespace=ns)
+ - set(key, value, namespace=ns)
- * ``get(key, namespace=ns)``
- * ``set(key, value, namespace=ns)``
-
- Usage::
-
+ Usage:
# without caching
client_type, client_info = loadfile('secrets.json')
# using App Engine memcache service
@@ -161,4 +150,4 @@
obj = {client_type: client_info}
cache.set(filename, obj, namespace=_SECRET_NAMESPACE)
- return next(six.iteritems(obj))
\ No newline at end of file
+ return obj.iteritems().next()
diff --git a/third_party/oauth2client/crypt.py b/third_party/oauth2client/crypt.py
index b5b8cab..2d31815 100644
--- a/third_party/oauth2client/crypt.py
+++ b/third_party/oauth2client/crypt.py
@@ -1,6 +1,7 @@
+#!/usr/bin/python2.4
# -*- coding: utf-8 -*-
#
-# Copyright 2014 Google Inc. All rights reserved.
+# Copyright (C) 2011 Google Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -13,15 +14,13 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-"""Crypto-related routines for oauth2client."""
import base64
-import json
+import hashlib
import logging
-import sys
import time
-from third_party import six
+from anyjson import simplejson
CLOCK_SKEW_SECS = 300 # 5 minutes in seconds
@@ -39,6 +38,7 @@
try:
from OpenSSL import crypto
+
class OpenSSLVerifier(object):
"""Verifies the signature on a message."""
@@ -62,8 +62,6 @@
key that this object was constructed with.
"""
try:
- if isinstance(message, six.text_type):
- message = message.encode('utf-8')
crypto.verify(self._pubkey, signature, message, 'sha256')
return True
except:
@@ -106,17 +104,15 @@
"""Signs a message.
Args:
- message: bytes, Message to be signed.
+ message: string, Message to be signed.
Returns:
string, The signature of the message for the given key.
"""
- if isinstance(message, six.text_type):
- message = message.encode('utf-8')
return crypto.sign(self._key, message, 'sha256')
@staticmethod
- def from_string(key, password=b'notasecret'):
+ def from_string(key, password='notasecret'):
"""Construct a Signer instance from a string.
Args:
@@ -129,45 +125,21 @@
Raises:
OpenSSL.crypto.Error if the key can't be parsed.
"""
- parsed_pem_key = _parse_pem_key(key)
- if parsed_pem_key:
- pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, parsed_pem_key)
+ if key.startswith('-----BEGIN '):
+ pkey = crypto.load_privatekey(crypto.FILETYPE_PEM, key)
else:
- if isinstance(password, six.text_type):
- password = password.encode('utf-8')
pkey = crypto.load_pkcs12(key, password).get_privatekey()
return OpenSSLSigner(pkey)
-
- def pkcs12_key_as_pem(private_key_text, private_key_password):
- """Convert the contents of a PKCS12 key to PEM using OpenSSL.
-
- Args:
- private_key_text: String. Private key.
- private_key_password: String. Password for PKCS12.
-
- Returns:
- String. PEM contents of ``private_key_text``.
- """
- decoded_body = base64.b64decode(private_key_text)
- if isinstance(private_key_password, six.string_types):
- private_key_password = private_key_password.encode('ascii')
-
- pkcs12 = crypto.load_pkcs12(decoded_body, private_key_password)
- return crypto.dump_privatekey(crypto.FILETYPE_PEM,
- pkcs12.get_privatekey())
except ImportError:
OpenSSLVerifier = None
OpenSSLSigner = None
- def pkcs12_key_as_pem(*args, **kwargs):
- raise NotImplementedError('pkcs12_key_as_pem requires OpenSSL.')
try:
from Crypto.PublicKey import RSA
from Crypto.Hash import SHA256
from Crypto.Signature import PKCS1_v1_5
- from Crypto.Util.asn1 import DerSequence
class PyCryptoVerifier(object):
@@ -209,17 +181,14 @@
Returns:
Verifier instance.
+
+ Raises:
+ NotImplementedError if is_x509_cert is true.
"""
if is_x509_cert:
- if isinstance(key_pem, six.text_type):
- key_pem = key_pem.encode('ascii')
- pemLines = key_pem.replace(b' ', b'').split()
- certDer = _urlsafe_b64decode(b''.join(pemLines[1:-1]))
- certSeq = DerSequence()
- certSeq.decode(certDer)
- tbsSeq = DerSequence()
- tbsSeq.decode(certSeq[0])
- pubkey = RSA.importKey(tbsSeq[6])
+ raise NotImplementedError(
+ 'X509 certs are not supported by the PyCrypto library. '
+ 'Try using PyOpenSSL if native code is an option.')
else:
pubkey = RSA.importKey(key_pem)
return PyCryptoVerifier(pubkey)
@@ -245,8 +214,6 @@
Returns:
string, The signature of the message for the given key.
"""
- if isinstance(message, six.text_type):
- message = message.encode('utf-8')
return PKCS1_v1_5.new(self._key).sign(SHA256.new(message))
@staticmethod
@@ -263,12 +230,11 @@
Raises:
NotImplementedError if they key isn't in PEM format.
"""
- parsed_pem_key = _parse_pem_key(key)
- if parsed_pem_key:
- pkey = RSA.importKey(parsed_pem_key)
+ if key.startswith('-----BEGIN '):
+ pkey = RSA.importKey(key)
else:
raise NotImplementedError(
- 'PKCS12 format is not supported by the PyCrypto library. '
+ 'PKCS12 format is not supported by the PyCrpto library. '
'Try converting to a "PEM" '
'(openssl pkcs12 -in xxxxx.p12 -nodes -nocerts > privatekey.pem) '
'or using PyOpenSSL if native code is an option.')
@@ -290,39 +256,19 @@
'PyOpenSSL, or PyCrypto 2.6 or later')
-def _parse_pem_key(raw_key_input):
- """Identify and extract PEM keys.
-
- Determines whether the given key is in the format of PEM key, and extracts
- the relevant part of the key if it is.
-
- Args:
- raw_key_input: The contents of a private key file (either PEM or PKCS12).
-
- Returns:
- string, The actual key if the contents are from a PEM file, or else None.
- """
- offset = raw_key_input.find(b'-----BEGIN ')
- if offset != -1:
- return raw_key_input[offset:]
-
-
def _urlsafe_b64encode(raw_bytes):
- if isinstance(raw_bytes, six.text_type):
- raw_bytes = raw_bytes.encode('utf-8')
- return base64.urlsafe_b64encode(raw_bytes).decode('ascii').rstrip('=')
+ return base64.urlsafe_b64encode(raw_bytes).rstrip('=')
def _urlsafe_b64decode(b64string):
# Guard against unicode strings, which base64 can't handle.
- if isinstance(b64string, six.text_type):
- b64string = b64string.encode('ascii')
- padded = b64string + b'=' * (4 - len(b64string) % 4)
+ b64string = b64string.encode('ascii')
+ padded = b64string + '=' * (4 - len(b64string) % 4)
return base64.urlsafe_b64decode(padded)
def _json_encode(data):
- return json.dumps(data, separators=(',', ':'))
+ return simplejson.dumps(data, separators = (',', ':'))
def make_signed_jwt(signer, payload):
@@ -340,8 +286,8 @@
header = {'typ': 'JWT', 'alg': 'RS256'}
segments = [
- _urlsafe_b64encode(_json_encode(header)),
- _urlsafe_b64encode(_json_encode(payload)),
+ _urlsafe_b64encode(_json_encode(header)),
+ _urlsafe_b64encode(_json_encode(payload)),
]
signing_input = '.'.join(segments)
@@ -372,8 +318,9 @@
"""
segments = jwt.split('.')
- if len(segments) != 3:
- raise AppIdentityError('Wrong number of segments in token: %s' % jwt)
+ if (len(segments) != 3):
+ raise AppIdentityError(
+ 'Wrong number of segments in token: %s' % jwt)
signed = '%s.%s' % (segments[0], segments[1])
signature = _urlsafe_b64decode(segments[2])
@@ -381,15 +328,15 @@
# Parse token.
json_body = _urlsafe_b64decode(segments[1])
try:
- parsed = json.loads(json_body.decode('utf-8'))
+ parsed = simplejson.loads(json_body)
except:
raise AppIdentityError('Can\'t parse token: %s' % json_body)
# Check signature.
verified = False
- for pem in certs.values():
+ for (keyname, pem) in certs.items():
verifier = Verifier.from_string(pem, True)
- if verifier.verify(signed, signature):
+ if (verifier.verify(signed, signature)):
verified = True
break
if not verified:
@@ -402,20 +349,21 @@
earliest = iat - CLOCK_SKEW_SECS
# Check expiration timestamp.
- now = int(time.time())
+ now = long(time.time())
exp = parsed.get('exp')
if exp is None:
raise AppIdentityError('No exp field in token: %s' % json_body)
if exp >= now + MAX_TOKEN_LIFETIME_SECS:
- raise AppIdentityError('exp field too far in future: %s' % json_body)
+ raise AppIdentityError(
+ 'exp field too far in future: %s' % json_body)
latest = exp + CLOCK_SKEW_SECS
if now < earliest:
raise AppIdentityError('Token used too early, %d < %d: %s' %
- (now, earliest, json_body))
+ (now, earliest, json_body))
if now > latest:
raise AppIdentityError('Token used too late, %d > %d: %s' %
- (now, latest, json_body))
+ (now, latest, json_body))
# Check audience.
if audience is not None:
@@ -424,6 +372,6 @@
raise AppIdentityError('No aud field in token: %s' % json_body)
if aud != audience:
raise AppIdentityError('Wrong recipient, %s != %s: %s' %
- (aud, audience, json_body))
+ (aud, audience, json_body))
- return parsed
\ No newline at end of file
+ return parsed
diff --git a/third_party/oauth2client/devshell.py b/third_party/oauth2client/devshell.py
deleted file mode 100644
index 69d3808..0000000
--- a/third_party/oauth2client/devshell.py
+++ /dev/null
@@ -1,135 +0,0 @@
-# Copyright 2015 Google Inc. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-"""OAuth 2.0 utitilies for Google Developer Shell environment."""
-
-import json
-import os
-
-from . import client
-
-
-DEVSHELL_ENV = 'DEVSHELL_CLIENT_PORT'
-
-
-class Error(Exception):
- """Errors for this module."""
- pass
-
-
-class CommunicationError(Error):
- """Errors for communication with the Developer Shell server."""
-
-
-class NoDevshellServer(Error):
- """Error when no Developer Shell server can be contacted."""
-
-
-# The request for credential information to the Developer Shell client socket is
-# always an empty PBLite-formatted JSON object, so just define it as a constant.
-CREDENTIAL_INFO_REQUEST_JSON = '[]'
-
-
-class CredentialInfoResponse(object):
- """Credential information response from Developer Shell server.
-
- The credential information response from Developer Shell socket is a
- PBLite-formatted JSON array with fields encoded by their index in the array:
- * Index 0 - user email
- * Index 1 - default project ID. None if the project context is not known.
- * Index 2 - OAuth2 access token. None if there is no valid auth context.
- """
-
- def __init__(self, json_string):
- """Initialize the response data from JSON PBLite array."""
- pbl = json.loads(json_string)
- if not isinstance(pbl, list):
- raise ValueError('Not a list: ' + str(pbl))
- pbl_len = len(pbl)
- self.user_email = pbl[0] if pbl_len > 0 else None
- self.project_id = pbl[1] if pbl_len > 1 else None
- self.access_token = pbl[2] if pbl_len > 2 else None
-
-
-def _SendRecv():
- """Communicate with the Developer Shell server socket."""
-
- port = int(os.getenv(DEVSHELL_ENV, 0))
- if port == 0:
- raise NoDevshellServer()
-
- import socket
-
- sock = socket.socket()
- sock.connect(('localhost', port))
-
- data = CREDENTIAL_INFO_REQUEST_JSON
- msg = '%s\n%s' % (len(data), data)
- sock.sendall(msg.encode())
-
- header = sock.recv(6).decode()
- if '\n' not in header:
- raise CommunicationError('saw no newline in the first 6 bytes')
- len_str, json_str = header.split('\n', 1)
- to_read = int(len_str) - len(json_str)
- if to_read > 0:
- json_str += sock.recv(to_read, socket.MSG_WAITALL).decode()
-
- return CredentialInfoResponse(json_str)
-
-
-class DevshellCredentials(client.GoogleCredentials):
- """Credentials object for Google Developer Shell environment.
-
- This object will allow a Google Developer Shell session to identify its user
- to Google and other OAuth 2.0 servers that can verify assertions. It can be
- used for the purpose of accessing data stored under the user account.
-
- This credential does not require a flow to instantiate because it represents
- a two legged flow, and therefore has all of the required information to
- generate and refresh its own access tokens.
- """
-
- def __init__(self, user_agent=None):
- super(DevshellCredentials, self).__init__(
- None, # access_token, initialized below
- None, # client_id
- None, # client_secret
- None, # refresh_token
- None, # token_expiry
- None, # token_uri
- user_agent)
- self._refresh(None)
-
- def _refresh(self, http_request):
- self.devshell_response = _SendRecv()
- self.access_token = self.devshell_response.access_token
-
- @property
- def user_email(self):
- return self.devshell_response.user_email
-
- @property
- def project_id(self):
- return self.devshell_response.project_id
-
- @classmethod
- def from_json(cls, json_data):
- raise NotImplementedError(
- 'Cannot load Developer Shell credentials from JSON.')
-
- @property
- def serialization_data(self):
- raise NotImplementedError(
- 'Cannot serialize Developer Shell credentials.')
diff --git a/third_party/oauth2client/django_orm.py b/third_party/oauth2client/django_orm.py
index ffbcf92..d54d20c 100644
--- a/third_party/oauth2client/django_orm.py
+++ b/third_party/oauth2client/django_orm.py
@@ -1,4 +1,4 @@
-# Copyright 2014 Google Inc. All rights reserved.
+# Copyright (C) 2010 Google Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -116,21 +116,14 @@
credential.set_store(self)
return credential
- def locked_put(self, credentials, overwrite=False):
+ def locked_put(self, credentials):
"""Write a Credentials to the datastore.
Args:
credentials: Credentials, the credentials to store.
- overwrite: Boolean, indicates whether you would like these credentials to
- overwrite any existing stored credentials.
"""
args = {self.key_name: self.key_value}
-
- if overwrite:
- entity, unused_is_new = self.model_class.objects.get_or_create(**args)
- else:
- entity = self.model_class(**args)
-
+ entity = self.model_class(**args)
setattr(entity, self.property_name, credentials)
entity.save()
@@ -138,4 +131,4 @@
"""Delete Credentials from the datastore."""
query = {self.key_name: self.key_value}
- entities = self.model_class.objects.filter(**query).delete()
\ No newline at end of file
+ entities = self.model_class.objects.filter(**query).delete()
diff --git a/third_party/oauth2client/file.py b/third_party/oauth2client/file.py
index 4337fcf..1895f94 100644
--- a/third_party/oauth2client/file.py
+++ b/third_party/oauth2client/file.py
@@ -1,4 +1,4 @@
-# Copyright 2014 Google Inc. All rights reserved.
+# Copyright (C) 2010 Google Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -21,10 +21,12 @@
__author__ = 'jcgregorio@google.com (Joe Gregorio)'
import os
+import stat
import threading
-from client import Credentials
+from anyjson import simplejson
from client import Storage as BaseStorage
+from client import Credentials
class CredentialsFileSymbolicLinkError(Exception):
@@ -90,7 +92,7 @@
simple version of "touch" to ensure the file has been created.
"""
if not os.path.exists(self._filename):
- old_umask = os.umask(0o177)
+ old_umask = os.umask(0177)
try:
open(self._filename, 'a+b').close()
finally:
@@ -108,7 +110,7 @@
self._create_file_if_needed()
self._validate_file()
- f = open(self._filename, 'w')
+ f = open(self._filename, 'wb')
f.write(credentials.to_json())
f.close()
@@ -119,4 +121,4 @@
credentials: Credentials, the credentials to store.
"""
- os.unlink(self._filename)
\ No newline at end of file
+ os.unlink(self._filename)
diff --git a/third_party/oauth2client/gce.py b/third_party/oauth2client/gce.py
index ebd14e3..c7fd7c1 100644
--- a/third_party/oauth2client/gce.py
+++ b/third_party/oauth2client/gce.py
@@ -1,4 +1,4 @@
-# Copyright 2014 Google Inc. All rights reserved.
+# Copyright (C) 2012 Google Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -19,13 +19,14 @@
__author__ = 'jcgregorio@google.com (Joe Gregorio)'
-import json
+import httplib2
import logging
-from third_party.six.moves import urllib
+import uritemplate
-from third_party.oauth2client import util
-from third_party.oauth2client.client import AccessTokenRefreshError
-from third_party.oauth2client.client import AssertionCredentials
+from oauth2client import util
+from oauth2client.anyjson import simplejson
+from oauth2client.client import AccessTokenRefreshError
+from oauth2client.client import AssertionCredentials
logger = logging.getLogger(__name__)
@@ -56,14 +57,13 @@
requested.
"""
self.scope = util.scopes_to_string(scope)
- self.kwargs = kwargs
# Assertion type is no longer used, but still in the parent class signature.
super(AppAssertionCredentials, self).__init__(None)
@classmethod
- def from_json(cls, json_data):
- data = json.loads(json_data)
+ def from_json(cls, json):
+ data = simplejson.loads(json)
return AppAssertionCredentials(data['scope'])
def _refresh(self, http_request):
@@ -78,28 +78,13 @@
Raises:
AccessTokenRefreshError: When the refresh fails.
"""
- query = '?scope=%s' % urllib.parse.quote(self.scope, '')
- uri = META.replace('{?scope}', query)
+ uri = uritemplate.expand(META, {'scope': self.scope})
response, content = http_request(uri)
if response.status == 200:
try:
- d = json.loads(content)
- except Exception as e:
+ d = simplejson.loads(content)
+ except StandardError, e:
raise AccessTokenRefreshError(str(e))
self.access_token = d['accessToken']
else:
- if response.status == 404:
- content += (' This can occur if a VM was created'
- ' with no service account or scopes.')
raise AccessTokenRefreshError(content)
-
- @property
- def serialization_data(self):
- raise NotImplementedError(
- 'Cannot serialize credentials for GCE service accounts.')
-
- def create_scoped_required(self):
- return not self.scope
-
- def create_scoped(self, scopes):
- return AppAssertionCredentials(scopes, **self.kwargs)
\ No newline at end of file
diff --git a/third_party/oauth2client/keyring_storage.py b/third_party/oauth2client/keyring_storage.py
index 512ac77..efe2949 100644
--- a/third_party/oauth2client/keyring_storage.py
+++ b/third_party/oauth2client/keyring_storage.py
@@ -1,4 +1,4 @@
-# Copyright 2014 Google Inc. All rights reserved.
+# Copyright (C) 2012 Google Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -19,12 +19,11 @@
__author__ = 'jcgregorio@google.com (Joe Gregorio)'
+import keyring
import threading
-import keyring
-
-from client import Credentials
from client import Storage as BaseStorage
+from client import Credentials
class Storage(BaseStorage):
@@ -107,4 +106,4 @@
Args:
credentials: Credentials, the credentials to store.
"""
- keyring.set_password(self._service_name, self._user_name, '')
\ No newline at end of file
+ keyring.set_password(self._service_name, self._user_name, '')
diff --git a/third_party/oauth2client/locked_file.py b/third_party/oauth2client/locked_file.py
index fa2c6c1..858b702 100644
--- a/third_party/oauth2client/locked_file.py
+++ b/third_party/oauth2client/locked_file.py
@@ -1,4 +1,4 @@
-# Copyright 2014 Google Inc. All rights reserved.
+# Copyright 2011 Google Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -17,21 +17,17 @@
This module first tries to use fcntl locking to ensure serialized access
to a file, then falls back on a lock file if that is unavialable.
-Usage::
-
+Usage:
f = LockedFile('filename', 'r+b', 'rb')
f.open_and_lock()
if f.is_locked():
- print('Acquired filename with r+b mode')
+ print 'Acquired filename with r+b mode'
f.file_handle().write('locked data')
else:
- print('Acquired filename with rb mode')
+ print 'Aquired filename with rb mode'
f.unlock_and_close()
-
"""
-from __future__ import print_function
-
__author__ = 'cache@google.com (David T McWherter)'
import errno
@@ -74,7 +70,6 @@
self._mode = mode
self._fallback_mode = fallback_mode
self._fh = None
- self._lock_fd = None
def is_locked(self):
"""Was the file locked."""
@@ -127,7 +122,7 @@
validate_file(self._filename)
try:
self._fh = open(self._filename, self._mode)
- except IOError as e:
+ except IOError, e:
# If we can't access with _mode, try _fallback_mode and don't lock.
if e.errno == errno.EACCES:
self._fh = open(self._filename, self._fallback_mode)
@@ -142,12 +137,12 @@
self._locked = True
break
- except OSError as e:
+ except OSError, e:
if e.errno != errno.EEXIST:
raise
if (time.time() - start_time) >= timeout:
- logger.warn('Could not acquire lock %s in %s seconds',
- lock_filename, timeout)
+ logger.warn('Could not acquire lock %s in %s seconds' % (
+ lock_filename, timeout))
# Close the file and open in fallback_mode.
if self._fh:
self._fh.close()
@@ -197,9 +192,9 @@
validate_file(self._filename)
try:
self._fh = open(self._filename, self._mode)
- except IOError as e:
+ except IOError, e:
# If we can't access with _mode, try _fallback_mode and don't lock.
- if e.errno in (errno.EPERM, errno.EACCES):
+ if e.errno == errno.EACCES:
self._fh = open(self._filename, self._fallback_mode)
return
@@ -209,16 +204,16 @@
fcntl.lockf(self._fh.fileno(), fcntl.LOCK_EX)
self._locked = True
return
- except IOError as e:
+ except IOError, e:
# If not retrying, then just pass on the error.
if timeout == 0:
- raise
+ raise e
if e.errno != errno.EACCES:
- raise
+ raise e
# We could not acquire the lock. Try again.
if (time.time() - start_time) >= timeout:
- logger.warn('Could not lock %s in %s seconds',
- self._filename, timeout)
+ logger.warn('Could not lock %s in %s seconds' % (
+ self._filename, timeout))
if self._fh:
self._fh.close()
self._fh = open(self._filename, self._fallback_mode)
@@ -272,7 +267,7 @@
validate_file(self._filename)
try:
self._fh = open(self._filename, self._mode)
- except IOError as e:
+ except IOError, e:
# If we can't access with _mode, try _fallback_mode and don't lock.
if e.errno == errno.EACCES:
self._fh = open(self._filename, self._fallback_mode)
@@ -289,9 +284,9 @@
pywintypes.OVERLAPPED())
self._locked = True
return
- except pywintypes.error as e:
+ except pywintypes.error, e:
if timeout == 0:
- raise
+ raise e
# If the error is not that the file is already in use, raise.
if e[0] != _Win32Opener.FILE_IN_USE_ERROR:
@@ -313,7 +308,7 @@
try:
hfile = win32file._get_osfhandle(self._fh.fileno())
win32file.UnlockFileEx(hfile, 0, -0x10000, pywintypes.OVERLAPPED())
- except pywintypes.error as e:
+ except pywintypes.error, e:
if e[0] != _Win32Opener.FILE_ALREADY_UNLOCKED_ERROR:
raise
self._locked = False
@@ -375,4 +370,4 @@
def unlock_and_close(self):
"""Unlock and close a file."""
- self._opener.unlock_and_close()
\ No newline at end of file
+ self._opener.unlock_and_close()
diff --git a/third_party/oauth2client/multistore_file.py b/third_party/oauth2client/multistore_file.py
index 5008c00..ea89027 100644
--- a/third_party/oauth2client/multistore_file.py
+++ b/third_party/oauth2client/multistore_file.py
@@ -1,4 +1,4 @@
-# Copyright 2014 Google Inc. All rights reserved.
+# Copyright 2011 Google Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -19,41 +19,39 @@
both in a single process and across processes.
The credential themselves are keyed off of:
-
* client_id
* user_agent
* scope
-The format of the stored data is like so::
-
- {
- 'file_version': 1,
- 'data': [
- {
- 'key': {
- 'clientId': '<client id>',
- 'userAgent': '<user agent>',
- 'scope': '<scope>'
- },
- 'credential': {
- # JSON serialized Credentials.
- }
+The format of the stored data is like so:
+{
+ 'file_version': 1,
+ 'data': [
+ {
+ 'key': {
+ 'clientId': '<client id>',
+ 'userAgent': '<user agent>',
+ 'scope': '<scope>'
+ },
+ 'credential': {
+ # JSON serialized Credentials.
}
- ]
- }
-
+ }
+ ]
+}
"""
__author__ = 'jbeda@google.com (Joe Beda)'
+import base64
import errno
-import json
import logging
import os
import threading
-from .client import Credentials
+from anyjson import simplejson
from .client import Storage as BaseStorage
+from .client import Credentials
from . import util
from locked_file import LockedFile
@@ -66,10 +64,12 @@
class Error(Exception):
"""Base error for this module."""
+ pass
class NewerCredentialStoreError(Error):
- """The credential store is a newer version than supported."""
+ """The credential store is a newer version that supported."""
+ pass
@util.positional(4)
@@ -193,7 +193,7 @@
This will create the file if necessary.
"""
- self._file = LockedFile(filename, 'r+', 'r')
+ self._file = LockedFile(filename, 'r+b', 'rb')
self._thread_lock = threading.Lock()
self._read_only = False
self._warn_on_readonly = warn_on_readonly
@@ -271,7 +271,7 @@
simple version of "touch" to ensure the file has been created.
"""
if not os.path.exists(self._file.filename()):
- old_umask = os.umask(0o177)
+ old_umask = os.umask(0177)
try:
open(self._file.filename(), 'a+b').close()
finally:
@@ -280,23 +280,13 @@
def _lock(self):
"""Lock the entire multistore."""
self._thread_lock.acquire()
- try:
- self._file.open_and_lock()
- except IOError as e:
- if e.errno == errno.ENOSYS:
- logger.warn('File system does not support locking the credentials '
- 'file.')
- elif e.errno == errno.ENOLCK:
- logger.warn('File system is out of resources for writing the '
- 'credentials file (is your disk full?).')
- else:
- raise
+ self._file.open_and_lock()
if not self._file.is_locked():
self._read_only = True
if self._warn_on_readonly:
logger.warn('The credentials file (%s) is not writable. Opening in '
'read-only mode. Any refreshed credentials will only be '
- 'valid for this run.', self._file.filename())
+ 'valid for this run.' % self._file.filename())
if os.path.getsize(self._file.filename()) == 0:
logger.debug('Initializing empty multistore file')
# The multistore is empty so write out an empty file.
@@ -325,7 +315,7 @@
"""
assert self._thread_lock.locked()
self._file.file_handle().seek(0)
- return json.load(self._file.file_handle())
+ return simplejson.load(self._file.file_handle())
def _locked_json_write(self, data):
"""Write a JSON serializable data structure to the multistore.
@@ -339,7 +329,7 @@
if self._read_only:
return
self._file.file_handle().seek(0)
- json.dump(data, self._file.file_handle(), sort_keys=True, indent=2, separators=(',', ': '))
+ simplejson.dump(data, self._file.file_handle(), sort_keys=True, indent=2)
self._file.file_handle().truncate()
def _refresh_data_cache(self):
@@ -397,7 +387,7 @@
raw_key = cred_entry['key']
key = util.dict_to_tuple_key(raw_key)
credential = None
- credential = Credentials.new_from_json(json.dumps(cred_entry['credential']))
+ credential = Credentials.new_from_json(simplejson.dumps(cred_entry['credential']))
return (key, credential)
def _write(self):
@@ -410,7 +400,7 @@
raw_data['data'] = raw_creds
for (cred_key, cred) in self._data.items():
raw_key = dict(cred_key)
- raw_cred = json.loads(cred.to_json())
+ raw_cred = simplejson.loads(cred.to_json())
raw_creds.append({'key': raw_key, 'credential': raw_cred})
self._locked_json_write(raw_data)
@@ -472,4 +462,4 @@
Returns:
A Storage object that can be used to get/set this cred
"""
- return self._Storage(self, key)
\ No newline at end of file
+ return self._Storage(self, key)
diff --git a/third_party/oauth2client/old_run.py b/third_party/oauth2client/old_run.py
index 221fff8..da23358 100644
--- a/third_party/oauth2client/old_run.py
+++ b/third_party/oauth2client/old_run.py
@@ -1,4 +1,4 @@
-# Copyright 2014 Google Inc. All rights reserved.
+# Copyright (C) 2013 Google Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -15,7 +15,6 @@
"""This module holds the old run() function which is deprecated, the
tools.run_flow() function should be used in its place."""
-from __future__ import print_function
import logging
import socket
@@ -23,9 +22,9 @@
import webbrowser
import gflags
-from third_party.six.moves import input
-from third_party.oauth2client import client
-from third_party.oauth2client import util
+
+from oauth2client import client
+from oauth2client import util
from tools import ClientRedirectHandler
from tools import ClientRedirectServer
@@ -49,38 +48,39 @@
def run(flow, storage, http=None):
"""Core code for a command-line application.
- The ``run()`` function is called from your application and runs
- through all the steps to obtain credentials. It takes a ``Flow``
- argument and attempts to open an authorization server page in the
- user's default web browser. The server asks the user to grant your
- application access to the user's data. If the user grants access,
- the ``run()`` function returns new credentials. The new credentials
- are also stored in the ``storage`` argument, which updates the file
- associated with the ``Storage`` object.
+ The run() function is called from your application and runs through all
+ the steps to obtain credentials. It takes a Flow argument and attempts to
+ open an authorization server page in the user's default web browser. The
+ server asks the user to grant your application access to the user's data.
+ If the user grants access, the run() function returns new credentials. The
+ new credentials are also stored in the Storage argument, which updates the
+ file associated with the Storage object.
It presumes it is run from a command-line application and supports the
following flags:
- ``--auth_host_name`` (string, default: ``localhost``)
- Host name to use when running a local web server to handle
- redirects during OAuth authorization.
+ --auth_host_name: Host name to use when running a local web server
+ to handle redirects during OAuth authorization.
+ (default: 'localhost')
- ``--auth_host_port`` (integer, default: ``[8080, 8090]``)
- Port to use when running a local web server to handle redirects
- during OAuth authorization. Repeat this option to specify a list
- of values.
+ --auth_host_port: Port to use when running a local web server to handle
+ redirects during OAuth authorization.;
+ repeat this option to specify a list of values
+ (default: '[8080, 8090]')
+ (an integer)
- ``--[no]auth_local_webserver`` (boolean, default: ``True``)
- Run a local web server to handle redirects during OAuth authorization.
+ --[no]auth_local_webserver: Run a local web server to handle redirects
+ during OAuth authorization.
+ (default: 'true')
- Since it uses flags make sure to initialize the ``gflags`` module before
- calling ``run()``.
+ Since it uses flags make sure to initialize the gflags module before
+ calling run().
Args:
flow: Flow, an OAuth 2.0 Flow to step through.
- storage: Storage, a ``Storage`` to store the credential in.
- http: An instance of ``httplib2.Http.request`` or something that acts
- like it.
+ storage: Storage, a Storage to store the credential in.
+ http: An instance of httplib2.Http.request
+ or something that acts like it.
Returns:
Credentials, the obtained credential.
@@ -96,20 +96,20 @@
try:
httpd = ClientRedirectServer((FLAGS.auth_host_name, port),
ClientRedirectHandler)
- except socket.error as e:
+ except socket.error, e:
pass
else:
success = True
break
FLAGS.auth_local_webserver = success
if not success:
- print('Failed to start a local webserver listening on either port 8080')
- print('or port 9090. Please check your firewall settings and locally')
- print('running programs that may be blocking or using those ports.')
- print()
- print('Falling back to --noauth_local_webserver and continuing with')
- print('authorization.')
- print()
+ print 'Failed to start a local webserver listening on either port 8080'
+ print 'or port 9090. Please check your firewall settings and locally'
+ print 'running programs that may be blocking or using those ports.'
+ print
+ print 'Falling back to --noauth_local_webserver and continuing with',
+ print 'authorization.'
+ print
if FLAGS.auth_local_webserver:
oauth_callback = 'http://%s:%s/' % (FLAGS.auth_host_name, port_number)
@@ -120,20 +120,20 @@
if FLAGS.auth_local_webserver:
webbrowser.open(authorize_url, new=1, autoraise=True)
- print('Your browser has been opened to visit:')
- print()
- print(' ' + authorize_url)
- print()
- print('If your browser is on a different machine then exit and re-run')
- print('this application with the command-line parameter ')
- print()
- print(' --noauth_local_webserver')
- print()
+ print 'Your browser has been opened to visit:'
+ print
+ print ' ' + authorize_url
+ print
+ print 'If your browser is on a different machine then exit and re-run'
+ print 'this application with the command-line parameter '
+ print
+ print ' --noauth_local_webserver'
+ print
else:
- print('Go to the following link in your browser:')
- print()
- print(' ' + authorize_url)
- print()
+ print 'Go to the following link in your browser:'
+ print
+ print ' ' + authorize_url
+ print
code = None
if FLAGS.auth_local_webserver:
@@ -143,18 +143,18 @@
if 'code' in httpd.query_params:
code = httpd.query_params['code']
else:
- print('Failed to find "code" in the query parameters of the redirect.')
+ print 'Failed to find "code" in the query parameters of the redirect.'
sys.exit('Try running with --noauth_local_webserver.')
else:
- code = input('Enter verification code: ').strip()
+ code = raw_input('Enter verification code: ').strip()
try:
credential = flow.step2_exchange(code, http=http)
- except client.FlowExchangeError as e:
+ except client.FlowExchangeError, e:
sys.exit('Authentication has failed: %s' % e)
storage.put(credential)
credential.set_store(storage)
- print('Authentication successful.')
+ print 'Authentication successful.'
- return credential
\ No newline at end of file
+ return credential
diff --git a/third_party/oauth2client/service_account.py b/third_party/oauth2client/service_account.py
deleted file mode 100644
index b6b694c..0000000
--- a/third_party/oauth2client/service_account.py
+++ /dev/null
@@ -1,139 +0,0 @@
-# Copyright 2014 Google Inc. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-"""A service account credentials class.
-
-This credentials class is implemented on top of rsa library.
-"""
-
-import base64
-import json
-import time
-
-from pyasn1.codec.ber import decoder
-from pyasn1_modules.rfc5208 import PrivateKeyInfo
-import rsa
-
-from . import GOOGLE_REVOKE_URI
-from . import GOOGLE_TOKEN_URI
-from . import util
-from client import AssertionCredentials
-from third_party import six
-
-
-class _ServiceAccountCredentials(AssertionCredentials):
- """Class representing a service account (signed JWT) credential."""
-
- MAX_TOKEN_LIFETIME_SECS = 3600 # 1 hour in seconds
-
- def __init__(self, service_account_id, service_account_email, private_key_id,
- private_key_pkcs8_text, scopes, user_agent=None,
- token_uri=GOOGLE_TOKEN_URI, revoke_uri=GOOGLE_REVOKE_URI,
- **kwargs):
-
- super(_ServiceAccountCredentials, self).__init__(
- None, user_agent=user_agent, token_uri=token_uri, revoke_uri=revoke_uri)
-
- self._service_account_id = service_account_id
- self._service_account_email = service_account_email
- self._private_key_id = private_key_id
- self._private_key = _get_private_key(private_key_pkcs8_text)
- self._private_key_pkcs8_text = private_key_pkcs8_text
- self._scopes = util.scopes_to_string(scopes)
- self._user_agent = user_agent
- self._token_uri = token_uri
- self._revoke_uri = revoke_uri
- self._kwargs = kwargs
-
- def _generate_assertion(self):
- """Generate the assertion that will be used in the request."""
-
- header = {
- 'alg': 'RS256',
- 'typ': 'JWT',
- 'kid': self._private_key_id
- }
-
- now = int(time.time())
- payload = {
- 'aud': self._token_uri,
- 'scope': self._scopes,
- 'iat': now,
- 'exp': now + _ServiceAccountCredentials.MAX_TOKEN_LIFETIME_SECS,
- 'iss': self._service_account_email
- }
- payload.update(self._kwargs)
-
- assertion_input = (_urlsafe_b64encode(header) + b'.' +
- _urlsafe_b64encode(payload))
-
- # Sign the assertion.
- rsa_bytes = rsa.pkcs1.sign(assertion_input, self._private_key, 'SHA-256')
- signature = base64.urlsafe_b64encode(rsa_bytes).rstrip(b'=')
-
- return assertion_input + b'.' + signature
-
- def sign_blob(self, blob):
- # Ensure that it is bytes
- try:
- blob = blob.encode('utf-8')
- except AttributeError:
- pass
- return (self._private_key_id,
- rsa.pkcs1.sign(blob, self._private_key, 'SHA-256'))
-
- @property
- def service_account_email(self):
- return self._service_account_email
-
- @property
- def serialization_data(self):
- return {
- 'type': 'service_account',
- 'client_id': self._service_account_id,
- 'client_email': self._service_account_email,
- 'private_key_id': self._private_key_id,
- 'private_key': self._private_key_pkcs8_text
- }
-
- def create_scoped_required(self):
- return not self._scopes
-
- def create_scoped(self, scopes):
- return _ServiceAccountCredentials(self._service_account_id,
- self._service_account_email,
- self._private_key_id,
- self._private_key_pkcs8_text,
- scopes,
- user_agent=self._user_agent,
- token_uri=self._token_uri,
- revoke_uri=self._revoke_uri,
- **self._kwargs)
-
-
-def _urlsafe_b64encode(data):
- return base64.urlsafe_b64encode(
- json.dumps(data, separators=(',', ':')).encode('UTF-8')).rstrip(b'=')
-
-
-def _get_private_key(private_key_pkcs8_text):
- """Get an RSA private key object from a pkcs8 representation."""
-
- if not isinstance(private_key_pkcs8_text, six.binary_type):
- private_key_pkcs8_text = private_key_pkcs8_text.encode('ascii')
- der = rsa.pem.load_pem(private_key_pkcs8_text, 'PRIVATE KEY')
- asn1_private_key, _ = decoder.decode(der, asn1Spec=PrivateKeyInfo())
- return rsa.PrivateKey.load_pkcs1(
- asn1_private_key.getComponentByName('privateKey').asOctets(),
- format='DER')
\ No newline at end of file
diff --git a/third_party/oauth2client/tools.py b/third_party/oauth2client/tools.py
index 3df1bbe..12c68bf 100644
--- a/third_party/oauth2client/tools.py
+++ b/third_party/oauth2client/tools.py
@@ -1,4 +1,4 @@
-# Copyright 2014 Google Inc. All rights reserved.
+# Copyright (C) 2013 Google Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -19,22 +19,27 @@
the same directory.
"""
-from __future__ import print_function
-
__author__ = 'jcgregorio@google.com (Joe Gregorio)'
__all__ = ['argparser', 'run_flow', 'run', 'message_if_missing']
+
+import BaseHTTPServer
+import argparse
+import httplib2
import logging
+import os
import socket
import sys
+import webbrowser
-from third_party.six.moves import BaseHTTPServer
-from third_party.six.moves import urllib
-from third_party.six.moves import input
+from oauth2client import client
+from oauth2client import file
+from oauth2client import util
-from . import client
-from . import util
-
+try:
+ from urlparse import parse_qsl
+except ImportError:
+ from cgi import parse_qsl
_CLIENT_SECRETS_MESSAGE = """WARNING: Please configure OAuth 2.0
@@ -47,27 +52,20 @@
"""
-def _CreateArgumentParser():
- try:
- import argparse
- except ImportError:
- return None
- parser = argparse.ArgumentParser(add_help=False)
- parser.add_argument('--auth_host_name', default='localhost',
- help='Hostname when running a local web server.')
- parser.add_argument('--noauth_local_webserver', action='store_true',
- default=False, help='Do not run a local web server.')
- parser.add_argument('--auth_host_port', default=[8080, 8090], type=int,
- nargs='*', help='Port web server should listen on.')
- parser.add_argument('--logging_level', default='ERROR',
- choices=['DEBUG', 'INFO', 'WARNING', 'ERROR', 'CRITICAL'],
- help='Set the logging level of detail.')
- return parser
-
-# argparser is an ArgumentParser that contains command-line options expected
+# run_parser is an ArgumentParser that contains command-line options expected
# by tools.run(). Pass it in as part of the 'parents' argument to your own
# ArgumentParser.
-argparser = _CreateArgumentParser()
+argparser = argparse.ArgumentParser(add_help=False)
+argparser.add_argument('--auth_host_name', default='localhost',
+ help='Hostname when running a local web server.')
+argparser.add_argument('--noauth_local_webserver', action='store_true',
+ default=False, help='Do not run a local web server.')
+argparser.add_argument('--auth_host_port', default=[8080, 8090], type=int,
+ nargs='*', help='Port web server should listen on.')
+argparser.add_argument('--logging_level', default='ERROR',
+ choices=['DEBUG', 'INFO', 'WARNING', 'ERROR',
+ 'CRITICAL'],
+ help='Set the logging level of detail.')
class ClientRedirectServer(BaseHTTPServer.HTTPServer):
@@ -86,75 +84,72 @@
into the servers query_params and then stops serving.
"""
- def do_GET(self):
+ def do_GET(s):
"""Handle a GET request.
Parses the query parameters and prints a message
if the flow has completed. Note that we can't detect
if an error occurred.
"""
- self.send_response(200)
- self.send_header("Content-type", "text/html")
- self.end_headers()
- query = self.path.split('?', 1)[-1]
- query = dict(urllib.parse.parse_qsl(query))
- self.server.query_params = query
- self.wfile.write(b"<html><head><title>Authentication Status</title></head>")
- self.wfile.write(b"<body><p>The authentication flow has completed.</p>")
- self.wfile.write(b"</body></html>")
+ s.send_response(200)
+ s.send_header("Content-type", "text/html")
+ s.end_headers()
+ query = s.path.split('?', 1)[-1]
+ query = dict(parse_qsl(query))
+ s.server.query_params = query
+ s.wfile.write("<html><head><title>Authentication Status</title></head>")
+ s.wfile.write("<body><p>The authentication flow has completed.</p>")
+ s.wfile.write("</body></html>")
def log_message(self, format, *args):
"""Do not log messages to stdout while running as command line program."""
+ pass
@util.positional(3)
def run_flow(flow, storage, flags, http=None):
"""Core code for a command-line application.
- The ``run()`` function is called from your application and runs
- through all the steps to obtain credentials. It takes a ``Flow``
- argument and attempts to open an authorization server page in the
- user's default web browser. The server asks the user to grant your
- application access to the user's data. If the user grants access,
- the ``run()`` function returns new credentials. The new credentials
- are also stored in the ``storage`` argument, which updates the file
- associated with the ``Storage`` object.
+ The run() function is called from your application and runs through all the
+ steps to obtain credentials. It takes a Flow argument and attempts to open an
+ authorization server page in the user's default web browser. The server asks
+ the user to grant your application access to the user's data. If the user
+ grants access, the run() function returns new credentials. The new credentials
+ are also stored in the Storage argument, which updates the file associated
+ with the Storage object.
It presumes it is run from a command-line application and supports the
following flags:
- ``--auth_host_name`` (string, default: ``localhost``)
- Host name to use when running a local web server to handle
- redirects during OAuth authorization.
+ --auth_host_name: Host name to use when running a local web server
+ to handle redirects during OAuth authorization.
+ (default: 'localhost')
- ``--auth_host_port`` (integer, default: ``[8080, 8090]``)
- Port to use when running a local web server to handle redirects
- during OAuth authorization. Repeat this option to specify a list
- of values.
+ --auth_host_port: Port to use when running a local web server to handle
+ redirects during OAuth authorization.;
+ repeat this option to specify a list of values
+ (default: '[8080, 8090]')
+ (an integer)
- ``--[no]auth_local_webserver`` (boolean, default: ``True``)
- Run a local web server to handle redirects during OAuth authorization.
+ --[no]auth_local_webserver: Run a local web server to handle redirects
+ during OAuth authorization.
+ (default: 'true')
+ The tools module defines an ArgumentParser the already contains the flag
+ definitions that run() requires. You can pass that ArgumentParser to your
+ ArgumentParser constructor:
-
-
- The tools module defines an ``ArgumentParser`` the already contains the flag
- definitions that ``run()`` requires. You can pass that ``ArgumentParser`` to your
- ``ArgumentParser`` constructor::
-
- parser = argparse.ArgumentParser(description=__doc__,
- formatter_class=argparse.RawDescriptionHelpFormatter,
- parents=[tools.argparser])
- flags = parser.parse_args(argv)
+ parser = argparse.ArgumentParser(description=__doc__,
+ formatter_class=argparse.RawDescriptionHelpFormatter,
+ parents=[tools.run_parser])
+ flags = parser.parse_args(argv)
Args:
flow: Flow, an OAuth 2.0 Flow to step through.
- storage: Storage, a ``Storage`` to store the credential in.
- flags: ``argparse.Namespace``, The command-line flags. This is the
- object returned from calling ``parse_args()`` on
- ``argparse.ArgumentParser`` as described above.
- http: An instance of ``httplib2.Http.request`` or something that
- acts like it.
+ storage: Storage, a Storage to store the credential in.
+ flags: argparse.ArgumentParser, the command-line flags.
+ http: An instance of httplib2.Http.request
+ or something that acts like it.
Returns:
Credentials, the obtained credential.
@@ -168,20 +163,20 @@
try:
httpd = ClientRedirectServer((flags.auth_host_name, port),
ClientRedirectHandler)
- except socket.error:
+ except socket.error, e:
pass
else:
success = True
break
flags.noauth_local_webserver = not success
if not success:
- print('Failed to start a local webserver listening on either port 8080')
- print('or port 9090. Please check your firewall settings and locally')
- print('running programs that may be blocking or using those ports.')
- print()
- print('Falling back to --noauth_local_webserver and continuing with')
- print('authorization.')
- print()
+ print 'Failed to start a local webserver listening on either port 8080'
+ print 'or port 9090. Please check your firewall settings and locally'
+ print 'running programs that may be blocking or using those ports.'
+ print
+ print 'Falling back to --noauth_local_webserver and continuing with',
+ print 'authorization.'
+ print
if not flags.noauth_local_webserver:
oauth_callback = 'http://%s:%s/' % (flags.auth_host_name, port_number)
@@ -191,22 +186,21 @@
authorize_url = flow.step1_get_authorize_url()
if not flags.noauth_local_webserver:
- import webbrowser
webbrowser.open(authorize_url, new=1, autoraise=True)
- print('Your browser has been opened to visit:')
- print()
- print(' ' + authorize_url)
- print()
- print('If your browser is on a different machine then exit and re-run this')
- print('application with the command-line parameter ')
- print()
- print(' --noauth_local_webserver')
- print()
+ print 'Your browser has been opened to visit:'
+ print
+ print ' ' + authorize_url
+ print
+ print 'If your browser is on a different machine then exit and re-run this'
+ print 'application with the command-line parameter '
+ print
+ print ' --noauth_local_webserver'
+ print
else:
- print('Go to the following link in your browser:')
- print()
- print(' ' + authorize_url)
- print()
+ print 'Go to the following link in your browser:'
+ print
+ print ' ' + authorize_url
+ print
code = None
if not flags.noauth_local_webserver:
@@ -216,19 +210,19 @@
if 'code' in httpd.query_params:
code = httpd.query_params['code']
else:
- print('Failed to find "code" in the query parameters of the redirect.')
+ print 'Failed to find "code" in the query parameters of the redirect.'
sys.exit('Try running with --noauth_local_webserver.')
else:
- code = input('Enter verification code: ').strip()
+ code = raw_input('Enter verification code: ').strip()
try:
credential = flow.step2_exchange(code, http=http)
- except client.FlowExchangeError as e:
+ except client.FlowExchangeError, e:
sys.exit('Authentication has failed: %s' % e)
storage.put(credential)
credential.set_store(storage)
- print('Authentication successful.')
+ print 'Authentication successful.'
return credential
@@ -239,11 +233,11 @@
return _CLIENT_SECRETS_MESSAGE % filename
try:
- from oauth2client.old_run import run
- from oauth2client.old_run import FLAGS
+ from old_run import run
+ from old_run import FLAGS
except ImportError:
def run(*args, **kwargs):
raise NotImplementedError(
'The gflags library must be installed to use tools.run(). '
'Please install gflags or preferrably switch to using '
- 'tools.run_flow().')
\ No newline at end of file
+ 'tools.run_flow().')
diff --git a/third_party/oauth2client/util.py b/third_party/oauth2client/util.py
index b0963ef..90dff15 100644
--- a/third_party/oauth2client/util.py
+++ b/third_party/oauth2client/util.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python
#
-# Copyright 2014 Google Inc. All rights reserved.
+# Copyright 2010 Google Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -17,27 +17,26 @@
"""Common utility library."""
-__author__ = [
- 'rafek@google.com (Rafe Kaplan)',
- 'guido@google.com (Guido van Rossum)',
+__author__ = ['rafek@google.com (Rafe Kaplan)',
+ 'guido@google.com (Guido van Rossum)',
]
-
__all__ = [
- 'positional',
- 'POSITIONAL_WARNING',
- 'POSITIONAL_EXCEPTION',
- 'POSITIONAL_IGNORE',
+ 'positional',
+ 'POSITIONAL_WARNING',
+ 'POSITIONAL_EXCEPTION',
+ 'POSITIONAL_IGNORE',
]
-import functools
import inspect
import logging
-import sys
import types
+import urllib
+import urlparse
-from third_party import six
-from third_party.six.moves import urllib
-
+try:
+ from urlparse import parse_qsl
+except ImportError:
+ from cgi import parse_qsl
logger = logging.getLogger(__name__)
@@ -52,58 +51,56 @@
def positional(max_positional_args):
"""A decorator to declare that only the first N arguments my be positional.
- This decorator makes it easy to support Python 3 style keyword-only
- parameters. For example, in Python 3 it is possible to write::
+ This decorator makes it easy to support Python 3 style key-word only
+ parameters. For example, in Python 3 it is possible to write:
def fn(pos1, *, kwonly1=None, kwonly1=None):
...
- All named parameters after ``*`` must be a keyword::
+ All named parameters after * must be a keyword:
fn(10, 'kw1', 'kw2') # Raises exception.
fn(10, kwonly1='kw1') # Ok.
- Example
- ^^^^^^^
+ Example:
+ To define a function like above, do:
- To define a function like above, do::
-
- @positional(1)
- def fn(pos1, kwonly1=None, kwonly2=None):
- ...
-
- If no default value is provided to a keyword argument, it becomes a required
- keyword argument::
-
- @positional(0)
- def fn(required_kw):
- ...
-
- This must be called with the keyword parameter::
-
- fn() # Raises exception.
- fn(10) # Raises exception.
- fn(required_kw=10) # Ok.
-
- When defining instance or class methods always remember to account for
- ``self`` and ``cls``::
-
- class MyClass(object):
-
- @positional(2)
- def my_method(self, pos1, kwonly1=None):
+ @positional(1)
+ def fn(pos1, kwonly1=None, kwonly2=None):
...
- @classmethod
- @positional(2)
- def my_method(cls, pos1, kwonly1=None):
+ If no default value is provided to a keyword argument, it becomes a required
+ keyword argument:
+
+ @positional(0)
+ def fn(required_kw):
...
+ This must be called with the keyword parameter:
+
+ fn() # Raises exception.
+ fn(10) # Raises exception.
+ fn(required_kw=10) # Ok.
+
+ When defining instance or class methods always remember to account for
+ 'self' and 'cls':
+
+ class MyClass(object):
+
+ @positional(2)
+ def my_method(self, pos1, kwonly1=None):
+ ...
+
+ @classmethod
+ @positional(2)
+ def my_method(cls, pos1, kwonly1=None):
+ ...
+
The positional decorator behavior is controlled by
- ``util.positional_parameters_enforcement``, which may be set to
- ``POSITIONAL_EXCEPTION``, ``POSITIONAL_WARNING`` or
- ``POSITIONAL_IGNORE`` to raise an exception, log a warning, or do
- nothing, respectively, if a declaration is violated.
+ util.positional_parameters_enforcement, which may be set to
+ POSITIONAL_EXCEPTION, POSITIONAL_WARNING or POSITIONAL_IGNORE to raise an
+ exception, log a warning, or do nothing, respectively, if a declaration is
+ violated.
Args:
max_positional_arguments: Maximum number of positional arguments. All
@@ -117,10 +114,8 @@
TypeError if a key-word only argument is provided as a positional
parameter, but only if util.positional_parameters_enforcement is set to
POSITIONAL_EXCEPTION.
-
"""
def positional_decorator(wrapped):
- @functools.wraps(wrapped)
def positional_wrapper(*args, **kwargs):
if len(args) > max_positional_args:
plural_s = ''
@@ -137,7 +132,7 @@
return wrapped(*args, **kwargs)
return positional_wrapper
- if isinstance(max_positional_args, six.integer_types):
+ if isinstance(max_positional_args, (int, long)):
return positional_decorator
else:
args, _, _, defaults = inspect.getargspec(max_positional_args)
@@ -157,7 +152,7 @@
Returns:
The scopes formatted as a single string.
"""
- if isinstance(scopes, six.string_types):
+ if isinstance(scopes, types.StringTypes):
return scopes
else:
return ' '.join(scopes)
@@ -194,8 +189,8 @@
if value is None:
return url
else:
- parsed = list(urllib.parse.urlparse(url))
- q = dict(urllib.parse.parse_qsl(parsed[4]))
+ parsed = list(urlparse.urlparse(url))
+ q = dict(parse_qsl(parsed[4]))
q[name] = value
- parsed[4] = urllib.parse.urlencode(q)
- return urllib.parse.urlunparse(parsed)
\ No newline at end of file
+ parsed[4] = urllib.urlencode(q)
+ return urlparse.urlunparse(parsed)
diff --git a/third_party/oauth2client/xsrfutil.py b/third_party/oauth2client/xsrfutil.py
index bea7c87..7e1fe5c 100644
--- a/third_party/oauth2client/xsrfutil.py
+++ b/third_party/oauth2client/xsrfutil.py
@@ -1,5 +1,6 @@
+#!/usr/bin/python2.5
#
-# Copyright 2014 the Melange authors.
+# Copyright 2010 the Melange authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -16,36 +17,25 @@
"""Helper methods for creating & verifying XSRF tokens."""
__authors__ = [
- '"Doug Coker" <dcoker@google.com>',
- '"Joe Gregorio" <jcgregorio@google.com>',
+ '"Doug Coker" <dcoker@google.com>',
+ '"Joe Gregorio" <jcgregorio@google.com>',
]
import base64
import hmac
+import os # for urandom
import time
-import six
from oauth2client import util
# Delimiter character
-DELIMITER = b':'
-
+DELIMITER = ':'
# 1 hour in seconds
DEFAULT_TIMEOUT_SECS = 1*60*60
-
-def _force_bytes(s):
- if isinstance(s, bytes):
- return s
- s = str(s)
- if isinstance(s, six.text_type):
- return s.encode('utf-8')
- return s
-
-
@util.positional(2)
def generate_token(key, user_id, action_id="", when=None):
"""Generates a URL-safe token for the given user, action, time tuple.
@@ -61,16 +51,18 @@
Returns:
A string XSRF protection token.
"""
- when = _force_bytes(when or int(time.time()))
- digester = hmac.new(_force_bytes(key))
- digester.update(_force_bytes(user_id))
+ when = when or int(time.time())
+ digester = hmac.new(key)
+ digester.update(str(user_id))
digester.update(DELIMITER)
- digester.update(_force_bytes(action_id))
+ digester.update(action_id)
digester.update(DELIMITER)
- digester.update(when)
+ digester.update(str(when))
digest = digester.digest()
- token = base64.urlsafe_b64encode(digest + DELIMITER + when)
+ token = base64.urlsafe_b64encode('%s%s%d' % (digest,
+ DELIMITER,
+ when))
return token
@@ -95,8 +87,8 @@
if not token:
return False
try:
- decoded = base64.urlsafe_b64decode(token)
- token_time = int(decoded.split(DELIMITER)[-1])
+ decoded = base64.urlsafe_b64decode(str(token))
+ token_time = long(decoded.split(DELIMITER)[-1])
except (TypeError, ValueError):
return False
if current_time is None:
@@ -113,6 +105,9 @@
# Perform constant time comparison to avoid timing attacks
different = 0
- for x, y in zip(bytearray(token), bytearray(expected_token)):
- different |= x ^ y
- return not different
\ No newline at end of file
+ for x, y in zip(token, expected_token):
+ different |= ord(x) ^ ord(y)
+ if different:
+ return False
+
+ return True