1# Copyright 2016 Google Inc. All rights reserved.
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7#      http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15import json
16import os
17
18import httplib2
19from six.moves import http_client
20
21import oauth2client
22from oauth2client import client
23from oauth2client.service_account import ServiceAccountCredentials
24
25
26JSON_KEY_PATH = os.getenv('OAUTH2CLIENT_TEST_JSON_KEY_PATH')
27P12_KEY_PATH = os.getenv('OAUTH2CLIENT_TEST_P12_KEY_PATH')
28P12_KEY_EMAIL = os.getenv('OAUTH2CLIENT_TEST_P12_KEY_EMAIL')
29USER_KEY_PATH = os.getenv('OAUTH2CLIENT_TEST_USER_KEY_PATH')
30USER_KEY_EMAIL = os.getenv('OAUTH2CLIENT_TEST_USER_KEY_EMAIL')
31
32SCOPE = ('https://www.googleapis.com/auth/plus.login',
33         'https://www.googleapis.com/auth/plus.me',
34         'https://www.googleapis.com/auth/userinfo.email',
35         'https://www.googleapis.com/auth/userinfo.profile')
36USER_INFO = 'https://www.googleapis.com/oauth2/v2/userinfo'
37
38
39def _require_environ():
40    if (JSON_KEY_PATH is None or P12_KEY_PATH is None or
41            P12_KEY_EMAIL is None or USER_KEY_PATH is None or
42            USER_KEY_EMAIL is None):
43        raise EnvironmentError('Expected environment variables to be set:',
44                               'OAUTH2CLIENT_TEST_JSON_KEY_PATH',
45                               'OAUTH2CLIENT_TEST_P12_KEY_PATH',
46                               'OAUTH2CLIENT_TEST_P12_KEY_EMAIL',
47                               'OAUTH2CLIENT_TEST_USER_KEY_PATH',
48                               'OAUTH2CLIENT_TEST_USER_KEY_EMAIL')
49
50    if not os.path.isfile(JSON_KEY_PATH):
51        raise EnvironmentError(JSON_KEY_PATH, 'is not a file')
52    if not os.path.isfile(P12_KEY_PATH):
53        raise EnvironmentError(P12_KEY_PATH, 'is not a file')
54    if not os.path.isfile(USER_KEY_PATH):
55        raise EnvironmentError(USER_KEY_PATH, 'is not a file')
56
57
58def _check_user_info(credentials, expected_email):
59    http = credentials.authorize(httplib2.Http())
60    response, content = http.request(USER_INFO)
61    if response.status != http_client.OK:
62        raise ValueError('Expected 200 OK response.')
63
64    content = content.decode('utf-8')
65    payload = json.loads(content)
66    if payload['email'] != expected_email:
67        raise ValueError('User info email does not match credentials.')
68
69
70def run_json():
71    credentials = ServiceAccountCredentials.from_json_keyfile_name(
72        JSON_KEY_PATH, scopes=SCOPE)
73    service_account_email = credentials._service_account_email
74    _check_user_info(credentials, service_account_email)
75
76
77def run_p12():
78    credentials = ServiceAccountCredentials.from_p12_keyfile(
79        P12_KEY_EMAIL, P12_KEY_PATH, scopes=SCOPE)
80    _check_user_info(credentials, P12_KEY_EMAIL)
81
82
83def run_user_json():
84    with open(USER_KEY_PATH, 'r') as file_object:
85        client_credentials = json.load(file_object)
86
87    credentials = client.GoogleCredentials(
88        access_token=None,
89        client_id=client_credentials['client_id'],
90        client_secret=client_credentials['client_secret'],
91        refresh_token=client_credentials['refresh_token'],
92        token_expiry=None,
93        token_uri=oauth2client.GOOGLE_TOKEN_URI,
94        user_agent='Python client library',
95    )
96
97    _check_user_info(credentials, USER_KEY_EMAIL)
98
99
100def main():
101    _require_environ()
102    run_json()
103    run_p12()
104    run_user_json()
105
106
107if __name__ == '__main__':
108    main()
109