1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
|
# Copyright 2016 Google Inc. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import json
import os
import httplib2
from six.moves import http_client
import oauth2client
from oauth2client import client
from oauth2client.service_account import ServiceAccountCredentials
JSON_KEY_PATH = os.getenv('OAUTH2CLIENT_TEST_JSON_KEY_PATH')
P12_KEY_PATH = os.getenv('OAUTH2CLIENT_TEST_P12_KEY_PATH')
P12_KEY_EMAIL = os.getenv('OAUTH2CLIENT_TEST_P12_KEY_EMAIL')
USER_KEY_PATH = os.getenv('OAUTH2CLIENT_TEST_USER_KEY_PATH')
USER_KEY_EMAIL = os.getenv('OAUTH2CLIENT_TEST_USER_KEY_EMAIL')
SCOPE = ('https://www.googleapis.com/auth/plus.login',
'https://www.googleapis.com/auth/plus.me',
'https://www.googleapis.com/auth/userinfo.email',
'https://www.googleapis.com/auth/userinfo.profile')
USER_INFO = 'https://www.googleapis.com/oauth2/v2/userinfo'
def _require_environ():
if (JSON_KEY_PATH is None or P12_KEY_PATH is None or
P12_KEY_EMAIL is None or USER_KEY_PATH is None or
USER_KEY_EMAIL is None):
raise EnvironmentError('Expected environment variables to be set:',
'OAUTH2CLIENT_TEST_JSON_KEY_PATH',
'OAUTH2CLIENT_TEST_P12_KEY_PATH',
'OAUTH2CLIENT_TEST_P12_KEY_EMAIL',
'OAUTH2CLIENT_TEST_USER_KEY_PATH',
'OAUTH2CLIENT_TEST_USER_KEY_EMAIL')
if not os.path.isfile(JSON_KEY_PATH):
raise EnvironmentError(JSON_KEY_PATH, 'is not a file')
if not os.path.isfile(P12_KEY_PATH):
raise EnvironmentError(P12_KEY_PATH, 'is not a file')
if not os.path.isfile(USER_KEY_PATH):
raise EnvironmentError(USER_KEY_PATH, 'is not a file')
def _check_user_info(credentials, expected_email):
http = credentials.authorize(httplib2.Http())
response, content = http.request(USER_INFO)
if response.status != http_client.OK:
raise ValueError('Expected 200 OK response.')
content = content.decode('utf-8')
payload = json.loads(content)
if payload['email'] != expected_email:
raise ValueError('User info email does not match credentials.')
def run_json():
credentials = ServiceAccountCredentials.from_json_keyfile_name(
JSON_KEY_PATH, scopes=SCOPE)
service_account_email = credentials._service_account_email
_check_user_info(credentials, service_account_email)
def run_p12():
credentials = ServiceAccountCredentials.from_p12_keyfile(
P12_KEY_EMAIL, P12_KEY_PATH, scopes=SCOPE)
_check_user_info(credentials, P12_KEY_EMAIL)
def run_user_json():
with open(USER_KEY_PATH, 'r') as file_object:
client_credentials = json.load(file_object)
credentials = client.GoogleCredentials(
access_token=None,
client_id=client_credentials['client_id'],
client_secret=client_credentials['client_secret'],
refresh_token=client_credentials['refresh_token'],
token_expiry=None,
token_uri=oauth2client.GOOGLE_TOKEN_URI,
user_agent='Python client library',
)
_check_user_info(credentials, USER_KEY_EMAIL)
def main():
_require_environ()
run_json()
run_p12()
run_user_json()
if __name__ == '__main__':
main()
|
