Add oauth2.credentials system tests (#56)

* Add script to generate user auth tokens.
* Add oauth2.credentials system tests

Author: Jon Wayne Parrott

packages/google-auth/.travis.yml

@@ -38,4 +38,4 @@ deploy:
     repo: GoogleCloudPlatform/google-auth-library-python
 env:
   global:
-    secure: KjV9daSNZsM3/jth2d87MEu4irHtwNwUcdIUVglz3QrIX7fAcbFqHu/2Ux3yGC+iPJd5/i2jZWWz9F6iyuKdhyMySz2WaBsbySmCs1pREcRYWcK5GL49yPb3ZOZucprD/n0VIer0+eublQeBQRMxNdxfJEs6tgkHxTeiOJ3mHaeLa/nE1PXW9Ih6fgS5NT/7CE7SO0fw1th9ZdLdRyo3a9fphDWqiGlt0oRURRnoJ7qctLYAZ7uXDn3c6oXJ/dZsio6Hjx16dPNjn0dpkpCBFYN3D7wXD02Ysm/7u+SGl2FjqA76FmmnJsqJ5Nog1QV4v7YpJdTtpfXBOuXAov4Fz9xHVssX4dYZkW5JKsfVFFIilo1vQbO4mBjYw58/gJswJygD5smwO2GawAfm62mGpdx4mFv2lwZoqJbLg1qcuI/qc8DqPrc3Y1nVNu3oGdMcts5q2IeuZgI1yzdb/Qz0gtkkIDtPzoyBlAZE9hsylBI7SdoP7VpmP+vIW21yC3GpE3TajbVD8p53c70fV4YH0LSX6pFF6RBuSFLwarG+WYtPTEy2k3d0ATMdH0gBaf19FJ04RTwsbYZPqAy328Dl3RLioZffm8BHAeKzuVsocrIiiHjJM6PqtL4II0UfbiKahxLcI7t1cGTWVhUtqrnZKZwJrbLYGd08aBvioTne/Nk=
+    secure: s6GdhJklftl8w/9WoETwLtvtKL4ledPA/TuBuqCXQxSuYWaPuTdRVcvoejGkHJpp7i/7v2T/0etYl+5koyskKm5+QZZweaaL7MAyjPGp+hmIaIlWQRz6w481NOf3i9uSmoQycssT0mNmwScNIqo+igbA2y14mr/e9aBuOcxNNzNzFQp2vaRMEju6q7xZMjYdcudUWL48vq9CoNa3X2ZArpqjkApR/TfYlG7glOj43NxuVDN4z9wIyUjaMHBfPgEhjaOaRyEFgEYITRwX1qDoXqcZdTVIq4Cn0uCH+Mvrz6Y+oUJGTJqH1k7N/DhzbSN9lJnVYaQW/yuvGHiGAwbb6Tcxiq2UqqhA9MfbPpmstDECs46v9Z3BT252KvYEQY7Q1v9g2gFhHvFGWISUxs80rnnPhEYfa11JoLvj2t8cowkE4pvj4OH32Eoyvc5H07hW3F5xpuF7Jt7N09TNZkUrpmiRJEhfrVNgjsrWO77/q5h8mXGd+9vYmz++yzKu+63x8x1MpeigGCG73Dpu9Otm5eydOZfpJ39ZfZWUb7G2JahgHaGweM9dmnpJtzHQgijmHjjfAx9jgnQ8IQz9nkFmyMI8H7HouwalnrJtpSSbvMqOQ0kiZhMzdBKH5pD3tjLgSlgA0pKelBwlooY6jGlj4LrtbDAxa6cZyXiFoqWpT1w=

packages/google-auth/scripts/obtain_user_auth.py

@@ -0,0 +1,65 @@
+# Copyright 2016 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""This program obtains a set of user credentials.
+
+These credentials are needed to run the system test for OAuth2 credentials.
+It's expected that a developer will run this program manually once to obtain
+a refresh token. It's highly recommended to use a Google account created
+specifically created for testing.
+"""
+
+import json
+import os
+
+from oauth2client import client
+from oauth2client import tools
+
+HERE = os.path.dirname(__file__)
+CLIENT_SECRETS_PATH = os.path.abspath(os.path.join(
+    HERE, '..', 'system_tests', 'data', 'client_secret.json'))
+AUTHORIZED_USER_PATH = os.path.abspath(os.path.join(
+    HERE, '..', 'system_tests', 'data', 'authorized_user.json'))
+SCOPES = ['email', 'profile']
+
+
+class NullStorage(client.Storage):
+    """Null storage implementation to prevent oauth2client from failing
+    on storage.put."""
+    def locked_put(self, credentials):
+        pass
+
+
+def main():
+    flow = client.flow_from_clientsecrets(CLIENT_SECRETS_PATH, SCOPES)
+
+    print('Starting credentials flow...')
+    credentials = tools.run_flow(flow, NullStorage())
+
+    # Save the credentials in the same format as the Cloud SDK's authorized
+    # user file.
+    data = {
+        'type': 'authorized_user',
+        'client_id': flow.client_id,
+        'client_secret': flow.client_secret,
+        'refresh_token': credentials.refresh_token
+    }
+
+    with open(AUTHORIZED_USER_PATH, 'w') as fh:
+        json.dump(data, fh, indent=4)
+
+    print('Created {}.'.format(AUTHORIZED_USER_PATH))
+
+if __name__ == '__main__':
+    main()

packages/google-auth/system_tests/conftest.py

@@ -33,6 +33,12 @@ def service_account_file():
     yield os.path.join(DATA_DIR, 'service_account.json')
 
 
+@pytest.fixture
+def authorized_user_file():
+    """The full path to a valid authorized user file."""
+    yield os.path.join(DATA_DIR, 'authorized_user.json')
+
+
 @pytest.fixture
 def request():
     """A transport.request object."""

packages/google-auth/system_tests/secrets.tar.enc

@@ -0,0 +1,43 @@
+# Copyright 2016 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import json
+
+from google.auth import _helpers
+import google.oauth2.credentials
+
+GOOGLE_OAUTH2_TOKEN_ENDPOINT = 'https://accounts.google.com/o/oauth2/token'
+
+
+def test_refresh(authorized_user_file, request, token_info):
+    with open(authorized_user_file, 'r') as fh:
+        info = json.load(fh)
+
+    credentials = google.oauth2.credentials.Credentials(
+        None,  # No access token, must be refreshed.
+        refresh_token=info['refresh_token'],
+        token_uri=GOOGLE_OAUTH2_TOKEN_ENDPOINT,
+        client_id=info['client_id'],
+        client_secret=info['client_secret'])
+
+    credentials.refresh(request)
+
+    assert credentials.token
+
+    info = token_info(credentials.token)
+
+    info_scopes = _helpers.string_to_scopes(info['scope'])
+    assert set(info_scopes) == set([
+        'https://www.googleapis.com/auth/userinfo.email',
+        'https://www.googleapis.com/auth/userinfo.profile'])