Add oauth2.credentials system tests (#56)
* Add script to generate user auth tokens.
* Add oauth2.credentials system tests
diff --git a/.travis.yml b/.travis.yml
index a56fb34..315f7c1 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -38,4 +38,4 @@
repo: GoogleCloudPlatform/google-auth-library-python
env:
global:
- secure: KjV9daSNZsM3/jth2d87MEu4irHtwNwUcdIUVglz3QrIX7fAcbFqHu/2Ux3yGC+iPJd5/i2jZWWz9F6iyuKdhyMySz2WaBsbySmCs1pREcRYWcK5GL49yPb3ZOZucprD/n0VIer0+eublQeBQRMxNdxfJEs6tgkHxTeiOJ3mHaeLa/nE1PXW9Ih6fgS5NT/7CE7SO0fw1th9ZdLdRyo3a9fphDWqiGlt0oRURRnoJ7qctLYAZ7uXDn3c6oXJ/dZsio6Hjx16dPNjn0dpkpCBFYN3D7wXD02Ysm/7u+SGl2FjqA76FmmnJsqJ5Nog1QV4v7YpJdTtpfXBOuXAov4Fz9xHVssX4dYZkW5JKsfVFFIilo1vQbO4mBjYw58/gJswJygD5smwO2GawAfm62mGpdx4mFv2lwZoqJbLg1qcuI/qc8DqPrc3Y1nVNu3oGdMcts5q2IeuZgI1yzdb/Qz0gtkkIDtPzoyBlAZE9hsylBI7SdoP7VpmP+vIW21yC3GpE3TajbVD8p53c70fV4YH0LSX6pFF6RBuSFLwarG+WYtPTEy2k3d0ATMdH0gBaf19FJ04RTwsbYZPqAy328Dl3RLioZffm8BHAeKzuVsocrIiiHjJM6PqtL4II0UfbiKahxLcI7t1cGTWVhUtqrnZKZwJrbLYGd08aBvioTne/Nk=
+ secure: s6GdhJklftl8w/9WoETwLtvtKL4ledPA/TuBuqCXQxSuYWaPuTdRVcvoejGkHJpp7i/7v2T/0etYl+5koyskKm5+QZZweaaL7MAyjPGp+hmIaIlWQRz6w481NOf3i9uSmoQycssT0mNmwScNIqo+igbA2y14mr/e9aBuOcxNNzNzFQp2vaRMEju6q7xZMjYdcudUWL48vq9CoNa3X2ZArpqjkApR/TfYlG7glOj43NxuVDN4z9wIyUjaMHBfPgEhjaOaRyEFgEYITRwX1qDoXqcZdTVIq4Cn0uCH+Mvrz6Y+oUJGTJqH1k7N/DhzbSN9lJnVYaQW/yuvGHiGAwbb6Tcxiq2UqqhA9MfbPpmstDECs46v9Z3BT252KvYEQY7Q1v9g2gFhHvFGWISUxs80rnnPhEYfa11JoLvj2t8cowkE4pvj4OH32Eoyvc5H07hW3F5xpuF7Jt7N09TNZkUrpmiRJEhfrVNgjsrWO77/q5h8mXGd+9vYmz++yzKu+63x8x1MpeigGCG73Dpu9Otm5eydOZfpJ39ZfZWUb7G2JahgHaGweM9dmnpJtzHQgijmHjjfAx9jgnQ8IQz9nkFmyMI8H7HouwalnrJtpSSbvMqOQ0kiZhMzdBKH5pD3tjLgSlgA0pKelBwlooY6jGlj4LrtbDAxa6cZyXiFoqWpT1w=
diff --git a/scripts/obtain_user_auth.py b/scripts/obtain_user_auth.py
new file mode 100644
index 0000000..fd2afd8
--- /dev/null
+++ b/scripts/obtain_user_auth.py
@@ -0,0 +1,65 @@
+# Copyright 2016 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""This program obtains a set of user credentials.
+
+These credentials are needed to run the system test for OAuth2 credentials.
+It's expected that a developer will run this program manually once to obtain
+a refresh token. It's highly recommended to use a Google account created
+specifically created for testing.
+"""
+
+import json
+import os
+
+from oauth2client import client
+from oauth2client import tools
+
+HERE = os.path.dirname(__file__)
+CLIENT_SECRETS_PATH = os.path.abspath(os.path.join(
+ HERE, '..', 'system_tests', 'data', 'client_secret.json'))
+AUTHORIZED_USER_PATH = os.path.abspath(os.path.join(
+ HERE, '..', 'system_tests', 'data', 'authorized_user.json'))
+SCOPES = ['email', 'profile']
+
+
+class NullStorage(client.Storage):
+ """Null storage implementation to prevent oauth2client from failing
+ on storage.put."""
+ def locked_put(self, credentials):
+ pass
+
+
+def main():
+ flow = client.flow_from_clientsecrets(CLIENT_SECRETS_PATH, SCOPES)
+
+ print('Starting credentials flow...')
+ credentials = tools.run_flow(flow, NullStorage())
+
+ # Save the credentials in the same format as the Cloud SDK's authorized
+ # user file.
+ data = {
+ 'type': 'authorized_user',
+ 'client_id': flow.client_id,
+ 'client_secret': flow.client_secret,
+ 'refresh_token': credentials.refresh_token
+ }
+
+ with open(AUTHORIZED_USER_PATH, 'w') as fh:
+ json.dump(data, fh, indent=4)
+
+ print('Created {}.'.format(AUTHORIZED_USER_PATH))
+
+if __name__ == '__main__':
+ main()
diff --git a/system_tests/conftest.py b/system_tests/conftest.py
index 066f805..ebbae48 100644
--- a/system_tests/conftest.py
+++ b/system_tests/conftest.py
@@ -34,6 +34,12 @@
@pytest.fixture
+def authorized_user_file():
+ """The full path to a valid authorized user file."""
+ yield os.path.join(DATA_DIR, 'authorized_user.json')
+
+
+@pytest.fixture
def request():
"""A transport.request object."""
yield google.auth.transport.urllib3.Request(HTTP)
diff --git a/system_tests/secrets.tar.enc b/system_tests/secrets.tar.enc
index bbe290f..e61707e 100644
--- a/system_tests/secrets.tar.enc
+++ b/system_tests/secrets.tar.enc
Binary files differ
diff --git a/system_tests/test_oauth2_credentials.py b/system_tests/test_oauth2_credentials.py
new file mode 100644
index 0000000..e268519
--- /dev/null
+++ b/system_tests/test_oauth2_credentials.py
@@ -0,0 +1,43 @@
+# Copyright 2016 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import json
+
+from google.auth import _helpers
+import google.oauth2.credentials
+
+GOOGLE_OAUTH2_TOKEN_ENDPOINT = 'https://accounts.google.com/o/oauth2/token'
+
+
+def test_refresh(authorized_user_file, request, token_info):
+ with open(authorized_user_file, 'r') as fh:
+ info = json.load(fh)
+
+ credentials = google.oauth2.credentials.Credentials(
+ None, # No access token, must be refreshed.
+ refresh_token=info['refresh_token'],
+ token_uri=GOOGLE_OAUTH2_TOKEN_ENDPOINT,
+ client_id=info['client_id'],
+ client_secret=info['client_secret'])
+
+ credentials.refresh(request)
+
+ assert credentials.token
+
+ info = token_info(credentials.token)
+
+ info_scopes = _helpers.string_to_scopes(info['scope'])
+ assert set(info_scopes) == set([
+ 'https://www.googleapis.com/auth/userinfo.email',
+ 'https://www.googleapis.com/auth/userinfo.profile'])