Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / google-auth-library-python / fd9b5b10c80950784bd37ee56e32c505acb5078d^! / .
commitfd9b5b10c80950784bd37ee56e32c505acb5078d[log] [tgz]
authorPietro De Nicolao <pietrodn@users.noreply.github.com>Fri Dec 11 20:00:30 2020 +0100
committerGitHub <noreply@github.com>Fri Dec 11 14:00:30 2020 -0500
tree62c72285b414be48ec3b7d11f811941706741d9e
parentec1b688ac3ff5b65067ee02b8e30c1d15ba612c5 [diff]
fix: avoid losing the original '_include_email' parameter in impersonated credentials (#626)

Co-authored-by: Tres Seaver <tseaver@palladion.com>
diff --git a/google/auth/impersonated_credentials.py b/google/auth/impersonated_credentials.py
index d96c05b..4d15837 100644
--- a/google/auth/impersonated_credentials.py
+++ b/google/auth/impersonated_credentials.py

@@ -341,6 +341,7 @@
         return self.__class__(
             target_credentials=self._target_credentials,
             target_audience=target_audience,
+            include_email=self._include_email,
             quota_project_id=self._quota_project_id,
         )
 
@@ -348,6 +349,7 @@
         return self.__class__(
             target_credentials=self._target_credentials,
             target_audience=target_audience,
+            include_email=self._include_email,
             quota_project_id=self._quota_project_id,
         )
 

diff --git a/tests/test_impersonated_credentials.py b/tests/test_impersonated_credentials.py
index 46850a0..305f939 100644
--- a/tests/test_impersonated_credentials.py
+++ b/tests/test_impersonated_credentials.py

@@ -368,12 +368,13 @@
         assert not credentials.expired
 
         id_creds = impersonated_credentials.IDTokenCredentials(
-            credentials, target_audience=target_audience
+            credentials, target_audience=target_audience, include_email=True
         )
         id_creds = id_creds.from_credentials(target_credentials=credentials)
         id_creds.refresh(request)
 
         assert id_creds.token == ID_TOKEN_DATA
+        assert id_creds._include_email is True
 
     def test_id_token_with_target_audience(
         self, mock_donor_credentials, mock_authorizedsession_idtoken
@@ -396,12 +397,15 @@
         assert credentials.valid
         assert not credentials.expired
 
-        id_creds = impersonated_credentials.IDTokenCredentials(credentials)
+        id_creds = impersonated_credentials.IDTokenCredentials(
+            credentials, include_email=True
+        )
         id_creds = id_creds.with_target_audience(target_audience=target_audience)
         id_creds.refresh(request)
 
         assert id_creds.token == ID_TOKEN_DATA
         assert id_creds.expiry == datetime.datetime.fromtimestamp(ID_TOKEN_EXPIRY)
+        assert id_creds._include_email is True
 
     def test_id_token_invalid_cred(
         self, mock_donor_credentials, mock_authorizedsession_idtoken