1# Copyright 2014 Google Inc. All rights reserved.
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7#      http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15"""Utilities for reading OAuth 2.0 client secret files.
16
17A client_secrets.json file contains all the information needed to interact with
18an OAuth 2.0 protected service.
19"""
20
21__author__ = 'jcgregorio@google.com (Joe Gregorio)'
22
23import json
24import six
25
26
27# Properties that make a client_secrets.json file valid.
28TYPE_WEB = 'web'
29TYPE_INSTALLED = 'installed'
30
31VALID_CLIENT = {
32    TYPE_WEB: {
33        'required': [
34            'client_id',
35            'client_secret',
36            'redirect_uris',
37            'auth_uri',
38            'token_uri',
39        ],
40        'string': [
41            'client_id',
42            'client_secret',
43        ],
44    },
45    TYPE_INSTALLED: {
46        'required': [
47            'client_id',
48            'client_secret',
49            'redirect_uris',
50            'auth_uri',
51            'token_uri',
52        ],
53        'string': [
54            'client_id',
55            'client_secret',
56        ],
57    },
58}
59
60
61class Error(Exception):
62  """Base error for this module."""
63  pass
64
65
66class InvalidClientSecretsError(Error):
67  """Format of ClientSecrets file is invalid."""
68  pass
69
70
71def _validate_clientsecrets(obj):
72  _INVALID_FILE_FORMAT_MSG = (
73    'Invalid file format. See '
74    'https://developers.google.com/api-client-library/'
75    'python/guide/aaa_client_secrets')
76
77  if obj is None:
78    raise InvalidClientSecretsError(_INVALID_FILE_FORMAT_MSG)
79  if len(obj) != 1:
80    raise InvalidClientSecretsError(
81      _INVALID_FILE_FORMAT_MSG + ' '
82      'Expected a JSON object with a single property for a "web" or '
83      '"installed" application')
84  client_type = tuple(obj)[0]
85  if client_type not in VALID_CLIENT:
86    raise InvalidClientSecretsError('Unknown client type: %s.' % (client_type,))
87  client_info = obj[client_type]
88  for prop_name in VALID_CLIENT[client_type]['required']:
89    if prop_name not in client_info:
90      raise InvalidClientSecretsError(
91        'Missing property "%s" in a client type of "%s".' % (prop_name,
92                                                           client_type))
93  for prop_name in VALID_CLIENT[client_type]['string']:
94    if client_info[prop_name].startswith('[['):
95      raise InvalidClientSecretsError(
96        'Property "%s" is not configured.' % prop_name)
97  return client_type, client_info
98
99
100def load(fp):
101  obj = json.load(fp)
102  return _validate_clientsecrets(obj)
103
104
105def loads(s):
106  obj = json.loads(s)
107  return _validate_clientsecrets(obj)
108
109
110def _loadfile(filename):
111  try:
112    with open(filename, 'r') as fp:
113      obj = json.load(fp)
114  except IOError:
115    raise InvalidClientSecretsError('File not found: "%s"' % filename)
116  return _validate_clientsecrets(obj)
117
118
119def loadfile(filename, cache=None):
120  """Loading of client_secrets JSON file, optionally backed by a cache.
121
122  Typical cache storage would be App Engine memcache service,
123  but you can pass in any other cache client that implements
124  these methods:
125
126  * ``get(key, namespace=ns)``
127  * ``set(key, value, namespace=ns)``
128
129  Usage::
130
131    # without caching
132    client_type, client_info = loadfile('secrets.json')
133    # using App Engine memcache service
134    from google.appengine.api import memcache
135    client_type, client_info = loadfile('secrets.json', cache=memcache)
136
137  Args:
138    filename: string, Path to a client_secrets.json file on a filesystem.
139    cache: An optional cache service client that implements get() and set()
140      methods. If not specified, the file is always being loaded from
141      a filesystem.
142
143  Raises:
144    InvalidClientSecretsError: In case of a validation error or some
145      I/O failure. Can happen only on cache miss.
146
147  Returns:
148    (client_type, client_info) tuple, as _loadfile() normally would.
149    JSON contents is validated only during first load. Cache hits are not
150    validated.
151  """
152  _SECRET_NAMESPACE = 'oauth2client:secrets#ns'
153
154  if not cache:
155    return _loadfile(filename)
156
157  obj = cache.get(filename, namespace=_SECRET_NAMESPACE)
158  if obj is None:
159    client_type, client_info = _loadfile(filename)
160    obj = {client_type: client_info}
161    cache.set(filename, obj, namespace=_SECRET_NAMESPACE)
162
163  return next(six.iteritems(obj))
164