Skip to content

Commit

Permalink
Remove useless scopes.
Browse files Browse the repository at this point in the history
  • Loading branch information
@guillaumeblaquiere
guillaumeblaquiere committed Sep 29, 2020
1 parent d3a50ef commit c94a0ce
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 122 deletions.
59 changes: 1 addition & 58 deletions oauth2_http/java/com/google/auth/oauth2/UserCredentials.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,18 +71,12 @@ public class UserCredentials extends GoogleCredentials
private static final long serialVersionUID = -4800758775038679176L;
public static final String GOOGLE_CLIENT_ID = "32555940559.apps.googleusercontent.com";
public static final String GOOGLE_CLIENT_SECRET = "ZmssLNjJy2998hD4CTg2ejr2";
public static final Collection<String> GOOGLE_DEFAULT_SCOPES =
ImmutableSet.<String>of(
"https://www.googleapis.com/auth/userinfo.email",
"https://www.googleapis.com/auth/accounts.reauth");

private final String clientId;
private final String clientSecret;
private final String refreshToken;
private final URI tokenServerUri;
private final String transportFactoryClassName;
private final String quotaProjectId;
private final Collection<String> scopes;

private transient HttpTransportFactory transportFactory;

Expand All @@ -93,8 +87,6 @@ public class UserCredentials extends GoogleCredentials
* @param clientSecret Client ID of the credential from the console.
* @param refreshToken A refresh token resulting from a OAuth2 consent flow.
* @param accessToken Initial or temporary access token.
* @param scopes Scope strings for the APIs to be called. May be null or an empty collection,
* which results in a credential that must have createScoped called before use.
* @param transportFactory HTTP transport factory, creates the transport used to get access
* tokens.
* @param tokenServerUri URI of the end point that provides tokens
Expand All @@ -104,21 +96,13 @@ private UserCredentials(
String clientSecret,
String refreshToken,
AccessToken accessToken,
Collection<String> scopes,
HttpTransportFactory transportFactory,
URI tokenServerUri,
String quotaProjectId) {
super(accessToken);
this.clientId = Preconditions.checkNotNull(clientId);
this.clientSecret = Preconditions.checkNotNull(clientSecret);
this.refreshToken = refreshToken;
// Merge the scope with the default and mandatory ones.
Collection<String> mergedScopes = new ArrayList<>();
mergedScopes.addAll(GOOGLE_DEFAULT_SCOPES);
if (scopes != null) {
mergedScopes.addAll(scopes);
}
this.scopes = ImmutableSet.copyOf(mergedScopes);
this.transportFactory =
firstNonNull(
transportFactory,
Expand Down Expand Up @@ -284,7 +268,6 @@ private InputStream getUserCredentialsStream() throws IOException {
if (quotaProjectId != null) {
json.put("quota_project", clientSecret);
}
json.put("scopes", scopes);
json.setFactory(JSON_FACTORY);
String text = json.toPrettyString();
return new ByteArrayInputStream(text.getBytes(UTF_8));
Expand Down Expand Up @@ -314,7 +297,6 @@ public int hashCode() {
clientSecret,
refreshToken,
tokenServerUri,
scopes,
transportFactoryClassName,
quotaProjectId);
}
Expand All @@ -329,7 +311,6 @@ public String toString() {
.add("tokenServerUri", tokenServerUri)
.add("transportFactoryClassName", transportFactoryClassName)
.add("quotaProjectId", quotaProjectId)
.add("scopes", scopes)
.toString();
}

Expand All @@ -345,7 +326,6 @@ public boolean equals(Object obj) {
&& Objects.equals(this.refreshToken, other.refreshToken)
&& Objects.equals(this.tokenServerUri, other.tokenServerUri)
&& Objects.equals(this.transportFactoryClassName, other.transportFactoryClassName)
&& Objects.equals(this.scopes, other.scopes)
&& Objects.equals(this.quotaProjectId, other.quotaProjectId);
}

Expand All @@ -367,24 +347,6 @@ public String getQuotaProjectId() {
return quotaProjectId;
}

/**
* Clone the UserCredential with the specified scopes.
*
* <p>Should be called before use for instances with empty scopes.
*/
@Override
public GoogleCredentials createScoped(Collection<String> newScopes) {
return new UserCredentials(
clientId,
clientSecret,
refreshToken,
getAccessToken(),
newScopes,
transportFactory,
tokenServerUri,
quotaProjectId);
}

/**
* Returns a Google ID Token from the user credential
*
Expand All @@ -405,15 +367,8 @@ public IdToken idTokenWithAudience(String targetAudience, List<Option> options)
tokenRequest.set("client_id", GOOGLE_CLIENT_ID);
tokenRequest.set("client_secret", GOOGLE_CLIENT_SECRET);
tokenRequest.set("refresh_token", this.refreshToken);
// build scope value
Iterator<String> it = this.scopes.iterator();
String customScopes = it.next();
while (it.hasNext()) {
customScopes += "+" + it.next();
}
tokenRequest.set("scope", customScopes);

UrlEncodedContent content = new UrlEncodedContent(tokenRequest, true);
UrlEncodedContent content = new UrlEncodedContent(tokenRequest);

HttpRequestFactory requestFactory = transportFactory.create().createRequestFactory();
HttpRequest request = requestFactory.buildPostRequest(new GenericUrl(tokenServerUri), content);
Expand All @@ -434,7 +389,6 @@ public static class Builder extends GoogleCredentials.Builder {
private URI tokenServerUri;
private HttpTransportFactory transportFactory;
private String quotaProjectId;
private Collection<String> scopes;

protected Builder() {}

Expand All @@ -445,7 +399,6 @@ protected Builder(UserCredentials credentials) {
this.transportFactory = credentials.transportFactory;
this.tokenServerUri = credentials.tokenServerUri;
this.quotaProjectId = credentials.quotaProjectId;
this.scopes = credentials.scopes;
}

public Builder setClientId(String clientId) {
Expand Down Expand Up @@ -483,11 +436,6 @@ public Builder setQuotaProjectId(String quotaProjectId) {
return this;
}

public Builder setScopes(Collection<String> scopes) {
this.scopes = scopes;
return this;
}

public String getClientId() {
return clientId;
}
Expand All @@ -512,17 +460,12 @@ public String getQuotaProjectId() {
return quotaProjectId;
}

public Collection<String> getScopes() {
return scopes;
}

public UserCredentials build() {
return new UserCredentials(
clientId,
clientSecret,
refreshToken,
getAccessToken(),
scopes,
transportFactory,
tokenServerUri,
quotaProjectId);
Expand Down
66 changes: 2 additions & 64 deletions oauth2_http/javatests/com/google/auth/oauth2/UserCredentialsTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,12 +70,7 @@ public class UserCredentialsTest extends BaseSerializationTest {
private static final String REFRESH_TOKEN = "1/Tl6awhpFjkMkSJoj1xsli0H2eL5YsMgU_NKPY2TyGWY";
private static final String ACCESS_TOKEN = "1/MkSJoj1xsli0AccessToken_NKPY2";
private static final String QUOTA_PROJECT = "sample-quota-project-id";
private static final Collection<String> SCOPES = Collections.singletonList("dummy.scope");
private static final URI CALL_URI = URI.create("http://googleapis.com/testapi/v1/foo");
public static final Collection<String> DEFAULT_SCOPES =
ImmutableSet.<String>of(
"https://www.googleapis.com/auth/userinfo.email",
"https://www.googleapis.com/auth/accounts.reauth");

@Test(expected = IllegalStateException.class)
public void constructor_accessAndRefreshTokenNull_throws() {
Expand All @@ -97,29 +92,6 @@ public void constructor() {
assertEquals(QUOTA_PROJECT, credentials.getQuotaProjectId());
}

@Test
public void createScoped_same() {
UserCredentials userCredentials =
UserCredentials.newBuilder()
.setClientId(CLIENT_ID)
.setClientSecret(CLIENT_SECRET)
.setRefreshToken(REFRESH_TOKEN)
.setScopes(SCOPES)
.build();
assertEquals(userCredentials, userCredentials.createScoped(SCOPES));
}

@Test
public void createScopedRequired_false() {
UserCredentials userCredentials =
UserCredentials.newBuilder()
.setClientId(CLIENT_ID)
.setClientSecret(CLIENT_SECRET)
.setRefreshToken(REFRESH_TOKEN)
.build();
assertFalse(userCredentials.createScopedRequired());
}

@Test
public void fromJson_hasAccessToken() throws IOException {
MockTokenServerTransportFactory transportFactory = new MockTokenServerTransportFactory();
Expand Down Expand Up @@ -238,7 +210,6 @@ public void equals_true() throws IOException {
.setClientSecret(CLIENT_SECRET)
.setRefreshToken(REFRESH_TOKEN)
.setAccessToken(accessToken)
.setScopes(SCOPES)
.setHttpTransportFactory(transportFactory)
.setTokenServerUri(tokenServer)
.setQuotaProjectId(QUOTA_PROJECT)
Expand All @@ -249,7 +220,6 @@ public void equals_true() throws IOException {
.setClientSecret(CLIENT_SECRET)
.setRefreshToken(REFRESH_TOKEN)
.setAccessToken(accessToken)
.setScopes(SCOPES)
.setHttpTransportFactory(transportFactory)
.setTokenServerUri(tokenServer)
.setQuotaProjectId(QUOTA_PROJECT)
Expand Down Expand Up @@ -339,34 +309,6 @@ public void equals_false_refreshToken() throws IOException {
assertFalse(otherCredentials.equals(credentials));
}

@Test
public void equals_false_scopes() throws IOException {
final URI tokenServer1 = URI.create("https://foo1.com/bar");
AccessToken accessToken = new AccessToken(ACCESS_TOKEN, null);
MockHttpTransportFactory httpTransportFactory = new MockHttpTransportFactory();
OAuth2Credentials credentials =
UserCredentials.newBuilder()
.setClientId(CLIENT_ID)
.setClientSecret(CLIENT_SECRET)
.setRefreshToken(REFRESH_TOKEN)
.setAccessToken(accessToken)
.setScopes(SCOPES)
.setHttpTransportFactory(httpTransportFactory)
.setTokenServerUri(tokenServer1)
.build();
OAuth2Credentials otherCredentials =
UserCredentials.newBuilder()
.setClientId(CLIENT_ID)
.setClientSecret(CLIENT_SECRET)
.setRefreshToken("otherRefreshToken")
.setAccessToken(accessToken)
.setHttpTransportFactory(httpTransportFactory)
.setTokenServerUri(tokenServer1)
.build();
assertFalse(credentials.equals(otherCredentials));
assertFalse(otherCredentials.equals(credentials));
}

@Test
public void equals_false_accessToken() throws IOException {
final URI tokenServer1 = URI.create("https://foo1.com/bar");
Expand Down Expand Up @@ -498,7 +440,7 @@ public void toString_containsFields() throws IOException {
String expectedToString =
String.format(
"UserCredentials{requestMetadata=%s, temporaryAccess=%s, clientId=%s, refreshToken=%s, "
+ "tokenServerUri=%s, transportFactoryClassName=%s, quotaProjectId=%s, scopes=%s}",
+ "tokenServerUri=%s, transportFactoryClassName=%s, quotaProjectId=%s}",
ImmutableMap.of(
AuthHttpConstants.AUTHORIZATION,
ImmutableList.of(OAuth2Utils.BEARER_PREFIX + accessToken.getTokenValue())),
Expand All @@ -507,8 +449,7 @@ public void toString_containsFields() throws IOException {
REFRESH_TOKEN,
tokenServer,
MockTokenServerTransportFactory.class.getName(),
QUOTA_PROJECT,
DEFAULT_SCOPES);
QUOTA_PROJECT);
assertEquals(expectedToString, credentials.toString());
}

Expand All @@ -523,7 +464,6 @@ public void hashCode_equals() throws IOException {
.setClientSecret(CLIENT_SECRET)
.setRefreshToken(REFRESH_TOKEN)
.setAccessToken(accessToken)
.setScopes(SCOPES)
.setHttpTransportFactory(transportFactory)
.setTokenServerUri(tokenServer)
.setQuotaProjectId(QUOTA_PROJECT)
Expand All @@ -534,7 +474,6 @@ public void hashCode_equals() throws IOException {
.setClientSecret(CLIENT_SECRET)
.setRefreshToken(REFRESH_TOKEN)
.setAccessToken(accessToken)
.setScopes(SCOPES)
.setHttpTransportFactory(transportFactory)
.setTokenServerUri(tokenServer)
.setQuotaProjectId(QUOTA_PROJECT)
Expand All @@ -553,7 +492,6 @@ public void serialize() throws IOException, ClassNotFoundException {
.setClientSecret(CLIENT_SECRET)
.setRefreshToken(REFRESH_TOKEN)
.setAccessToken(accessToken)
.setScopes(SCOPES)
.setHttpTransportFactory(transportFactory)
.setTokenServerUri(tokenServer)
.build();
Expand Down

0 comments on commit c94a0ce

Please sign in to comment.