def test__handle_error_response_non_json(): response_data = 'Help, I\'m alive' with pytest.raises(exceptions.RefreshError) as excinfo: _client._handle_error_response(response_data) assert excinfo.match(r'Help, I\'m alive')
async def _token_endpoint_request(session: ClientSession, token_uri, body): """Makes a request to the OAuth 2.0 authorization server's token endpoint. Args: request (google.auth.transport.Request): A callable used to make HTTP requests. token_uri (str): The OAuth 2.0 authorizations server's token endpoint URI. body (Mapping[str, str]): The parameters to send in the request body. Returns: Mapping[str, str]: The JSON-decoded response data. Raises: google.auth.exceptions.RefreshError: If the token endpoint returned an error. """ body = urllib.parse.urlencode(body) headers = { 'content-type': _URLENCODED_CONTENT_TYPE, } async with session.post(url=token_uri, headers=headers, data=body) as response: response_body = await response.content.read() if response.status != HTTPStatus.OK: _handle_error_response(response_body) response_data = json.loads(response_body) return response_data
def test__handle_error_response(): response_data = json.dumps({"error": "help", "error_description": "I'm alive"}) with pytest.raises(exceptions.RefreshError) as excinfo: _client._handle_error_response(response_data) assert excinfo.match(r"help: I\'m alive")
def test__handle_error_response_non_json(): response_data = {"foo": "bar"} with pytest.raises(exceptions.RefreshError) as excinfo: _client._handle_error_response(response_data) assert excinfo.match(r"{\"foo\": \"bar\"}")
async def _token_endpoint_request(request, token_uri, body, access_token=None, use_json=False): """Makes a request to the OAuth 2.0 authorization server's token endpoint. Args: request (google.auth.transport.Request): A callable used to make HTTP requests. token_uri (str): The OAuth 2.0 authorizations server's token endpoint URI. body (Mapping[str, str]): The parameters to send in the request body. access_token (Optional(str)): The access token needed to make the request. use_json (Optional(bool)): Use urlencoded format or json format for the content type. The default value is False. Returns: Mapping[str, str]: The JSON-decoded response data. Raises: google.auth.exceptions.RefreshError: If the token endpoint returned an error. """ response_status_ok, response_data = await _token_endpoint_request_no_throw( request, token_uri, body, access_token=access_token, use_json=use_json) if not response_status_ok: client._handle_error_response(response_data) return response_data
def _HandleErrorResponse(response_body): """"Translates an error response into an exception. Args: response_body: str, The decoded response data. Raises: google.auth.exceptions.RefreshError: If the token endpoint returned an server internal error. ContextAwareAccessDeniedError: if the error was due to a context aware access restriction. ReauthRequiredError: If reauth is required. """ error_data = json.loads(response_body) error_code = error_data.get('error') error_subtype = error_data.get('error_subtype') if error_code == oauth2client_client.REAUTH_NEEDED_ERROR and ( error_subtype == oauth2client_client.REAUTH_NEEDED_ERROR_INVALID_RAPT or error_subtype == oauth2client_client.REAUTH_NEEDED_ERROR_RAPT_REQUIRED): raise ReauthRequiredError('reauth is required.') try: google_auth_client._handle_error_response(error_data) # pylint: disable=protected-access except google_auth_exceptions.RefreshError as e: if context_aware.IsContextAwareAccessDeniedError(e): raise ContextAwareAccessDeniedError() raise
def test__handle_error_response(): response_data = json.dumps({ 'error': 'help', 'error_description': 'I\'m alive'}) with pytest.raises(exceptions.RefreshError) as excinfo: _client._handle_error_response(response_data) assert excinfo.match(r'help: I\'m alive')
def _HandleErrorResponse(response_body): """"Translates an error response into an exception. Args: response_body: str, The decoded response data. Raises: google.auth.exceptions.RefreshError: If the token endpoint returned an server internal error. ReauthRequiredError: If reauth is required. """ error_data = json.loads(response_body) error_code = error_data.get('error') error_subtype = error_data.get('error_subtype') if error_code == oauth2client_client.REAUTH_NEEDED_ERROR and ( error_subtype == oauth2client_client.REAUTH_NEEDED_ERROR_INVALID_RAPT or error_subtype == oauth2client_client.REAUTH_NEEDED_ERROR_RAPT_REQUIRED): raise ReauthRequiredError('The reauth is required.') google_auth_client._handle_error_response(response_body) # pylint: disable=protected-access
async def refresh_grant( request, token_uri, refresh_token, client_id, client_secret, scopes=None, rapt_token=None, ): """Implements the reauthentication flow. Args: request (google.auth.transport.Request): A callable used to make HTTP requests. This must be an aiohttp request. token_uri (str): The OAuth 2.0 authorizations server's token endpoint URI. refresh_token (str): The refresh token to use to get a new access token. client_id (str): The OAuth 2.0 application's client ID. client_secret (str): The Oauth 2.0 appliaction's client secret. scopes (Optional(Sequence[str])): Scopes to request. If present, all scopes must be authorized for the refresh token. Useful if refresh token has a wild card scope (e.g. 'https://www.googleapis.com/auth/any-api'). rapt_token (Optional(str)): The rapt token for reauth. Returns: Tuple[str, Optional[str], Optional[datetime], Mapping[str, str], str]: The access token, new refresh token, expiration, the additional data returned by the token endpoint, and the rapt token. Raises: google.auth.exceptions.RefreshError: If the token endpoint returned an error. """ body = { "grant_type": _client._REFRESH_GRANT_TYPE, "client_id": client_id, "client_secret": client_secret, "refresh_token": refresh_token, } if scopes: body["scope"] = " ".join(scopes) if rapt_token: body["rapt"] = rapt_token response_status_ok, response_data = await _client_async._token_endpoint_request_no_throw( request, token_uri, body) if (not response_status_ok and response_data.get("error") == reauth._REAUTH_NEEDED_ERROR and (response_data.get("error_subtype") == reauth._REAUTH_NEEDED_ERROR_INVALID_RAPT or response_data.get("error_subtype") == reauth._REAUTH_NEEDED_ERROR_RAPT_REQUIRED)): rapt_token = await get_rapt_token(request, client_id, client_secret, refresh_token, token_uri, scopes=scopes) body["rapt"] = rapt_token ( response_status_ok, response_data, ) = await _client_async._token_endpoint_request_no_throw( request, token_uri, body) if not response_status_ok: _client._handle_error_response(response_data) refresh_response = _client._handle_refresh_grant_response( response_data, refresh_token) return refresh_response + (rapt_token, )
def refresh_grant( request, token_uri, refresh_token, client_id, client_secret, scopes=None, rapt_token=None, enable_reauth_refresh=False, ): """Implements the reauthentication flow. Args: request (google.auth.transport.Request): A callable used to make HTTP requests. token_uri (str): The OAuth 2.0 authorizations server's token endpoint URI. refresh_token (str): The refresh token to use to get a new access token. client_id (str): The OAuth 2.0 application's client ID. client_secret (str): The Oauth 2.0 appliaction's client secret. scopes (Optional(Sequence[str])): Scopes to request. If present, all scopes must be authorized for the refresh token. Useful if refresh token has a wild card scope (e.g. 'https://www.googleapis.com/auth/any-api'). rapt_token (Optional(str)): The rapt token for reauth. enable_reauth_refresh (Optional[bool]): Whether reauth refresh flow should be used. The default value is False. This option is for gcloud only, other users should use the default value. Returns: Tuple[str, Optional[str], Optional[datetime], Mapping[str, str], str]: The access token, new refresh token, expiration, the additional data returned by the token endpoint, and the rapt token. Raises: google.auth.exceptions.RefreshError: If the token endpoint returned an error. """ body = { "grant_type": _client._REFRESH_GRANT_TYPE, "client_id": client_id, "client_secret": client_secret, "refresh_token": refresh_token, } if scopes: body["scope"] = " ".join(scopes) if rapt_token: body["rapt"] = rapt_token response_status_ok, response_data = _client._token_endpoint_request_no_throw( request, token_uri, body ) if ( not response_status_ok and response_data.get("error") == _REAUTH_NEEDED_ERROR and ( response_data.get("error_subtype") == _REAUTH_NEEDED_ERROR_INVALID_RAPT or response_data.get("error_subtype") == _REAUTH_NEEDED_ERROR_RAPT_REQUIRED ) ): if not enable_reauth_refresh: raise exceptions.RefreshError( "Reauthentication is needed. Please run `gcloud auth login --update-adc` to reauthenticate." ) rapt_token = get_rapt_token( request, client_id, client_secret, refresh_token, token_uri, scopes=scopes ) body["rapt"] = rapt_token (response_status_ok, response_data) = _client._token_endpoint_request_no_throw( request, token_uri, body ) if not response_status_ok: _client._handle_error_response(response_data) return _client._handle_refresh_grant_response(response_data, refresh_token) + ( rapt_token, )