Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / google-api-python-client / 9b8bec67ff96f19a9c17c838ec2930723d54c62b^! / . / oauth2client
commit9b8bec67ff96f19a9c17c838ec2930723d54c62b[log] [tgz]
authorJoe Gregorio <jcgregorio@google.com>Tue Jan 17 11:35:32 2012 -0500
committerJoe Gregorio <jcgregorio@google.com>Tue Jan 17 11:35:32 2012 -0500
treeb67bc5436a3151623f2561c06c53a2788cf734ed
parent2fdd29521b271aa022c83ffa6e18ff6a7680b5ab [diff]
Set file permissions on credentials files.

Reviewed in http://codereview.appspot.com/5540053/.

diff --git a/oauth2client/file.py b/oauth2client/file.py
index d20cf6e..d71e888 100644
--- a/oauth2client/file.py
+++ b/oauth2client/file.py

@@ -20,6 +20,8 @@
 
 __author__ = 'jcgregorio@google.com (Joe Gregorio)'
 
+import os
+import stat
 import threading
 
 from anyjson import simplejson
@@ -56,7 +58,7 @@
     """
     credentials = None
     try:
-      f = open(self._filename, 'r')
+      f = open(self._filename, 'rb')
       content = f.read()
       f.close()
     except IOError:
@@ -70,12 +72,28 @@
 
     return credentials
 
+  def _create_file_if_needed(self):
+    """Create an empty file if necessary.
+
+    This method will not initialize the file. Instead it implements a
+    simple version of "touch" to ensure the file has been created.
+    """
+    if not os.path.exists(self._filename):
+      old_umask = os.umask(0177)
+      try:
+        open(self._filename, 'a+b').close()
+      finally:
+        os.umask(old_umask)
+
+
   def locked_put(self, credentials):
     """Write Credentials to file.
 
     Args:
       credentials: Credentials, the credentials to store.
     """
-    f = open(self._filename, 'w')
+
+    self._create_file_if_needed()
+    f = open(self._filename, 'wb')
     f.write(credentials.to_json())
     f.close()

diff --git a/oauth2client/multistore_file.py b/oauth2client/multistore_file.py
index b6126f5..d9b89c8 100644
--- a/oauth2client/multistore_file.py
+++ b/oauth2client/multistore_file.py

@@ -32,6 +32,7 @@
 __author__ = 'jbeda@google.com (Joe Beda)'
 
 import base64
+import errno
 import fcntl
 import logging
 import os
@@ -167,7 +168,7 @@
     if not os.path.exists(self._filename):
       old_umask = os.umask(0177)
       try:
-        open(self._filename, 'a+').close()
+        open(self._filename, 'a+b').close()
       finally:
         os.umask(old_umask)
 
@@ -175,12 +176,13 @@
     """Lock the entire multistore."""
     self._thread_lock.acquire()
     # Check to see if the file is writeable.
-    if os.access(self._filename, os.W_OK):
-      self._file_handle = open(self._filename, 'r+')
+    try:
+      self._file_handle = open(self._filename, 'r+b')
       fcntl.lockf(self._file_handle.fileno(), fcntl.LOCK_EX)
-    else:
-      # Cannot open in read/write mode. Open only in read mode.
-      self._file_handle = open(self._filename, 'r')
+    except IOError, e:
+      if e.errno != errno.EACCES:
+        raise e
+      self._file_handle = open(self._filename, 'rb')
       self._read_only = True
       if self._warn_on_readonly:
         logger.warn('The credentials file (%s) is not writable. Opening in '