add google-oauthlib-tool (googleapis#1)

* add google-oauthlib-tool

Commandline tool to generate credentials using 3LO oauth2 flow.

See:
googleapis/google-auth-library-python#152

Author: proppy

.coveragerc

@@ -11,3 +11,4 @@ exclude_lines =
     def __repr__
     # Don't complain if tests don't hit defensive assertion code:
     raise NotImplementedError
+    if __name__ == '__main__':

google_auth_oauthlib/tool/__init__.py

@@ -0,0 +1,135 @@
+# Copyright (C) 2017 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""Command-line tool for obtaining authorization and credentials from a user.
+
+This tool uses the OAuth 2.0 Authorization Code grant as described in
+`section 1.3.1 of RFC6749`_ and implemeted by
+:class:`google_auth_oauthlib.flow.Flow`.
+
+This tool is intended for assist developers in obtaining credentials
+for testing applications where it may not be possible or easy to run a
+complete OAuth 2.0 authorization flow, especially in the case of code
+samples or embedded devices without input / display capabilities.
+
+This is not intended for production use where a combination of
+companion and on-device applications should complete the OAuth 2.0
+authorization flow to get authorization from the users.
+
+.. _section 1.3.1 of RFC6749: https://tools.ietf.org/html/rfc6749#section-1.3.1
+"""
+
+import json
+import os
+import os.path
+
+import click
+
+import google_auth_oauthlib.flow
+
+
+APP_NAME = 'google-oauthlib-tool'
+DEFAULT_CREDENTIALS_FILENAME = 'credentials.json'
+
+
+@click.command()
+@click.option(
+    '--client-secrets',
+    metavar='<client_secret_json_file>',
+    required=True,
+    help='Path to OAuth2 client secret JSON file.')
+@click.option(
+    '--scope',
+    multiple=True,
+    metavar='<oauth2 scope>',
+    required=True,
+    help='API scopes to authorize access for.')
+@click.option(
+    '--save',
+    is_flag=True,
+    metavar='<save_mode>',
+    show_default=True,
+    default=False,
+    help='Save the credentials to file.')
+@click.option(
+    '--credentials',
+    metavar='<oauth2_credentials>',
+    show_default=True,
+    default=os.path.join(
+        click.get_app_dir(APP_NAME),
+        DEFAULT_CREDENTIALS_FILENAME
+    ),
+    help='Path to store OAuth2 credentials.')
+@click.option(
+    '--headless',
+    is_flag=True,
+    metavar='<headless_mode>',
+    show_default=True, default=False,
+    help='Run a console based flow.')
+def main(client_secrets, scope, save, credentials, headless):
+    """Command-line tool for obtaining authorization and credentials from a user.
+
+    This tool uses the OAuth 2.0 Authorization Code grant as described
+    in section 1.3.1 of RFC6749:
+    https://tools.ietf.org/html/rfc6749#section-1.3.1
+
+    This tool is intended for assist developers in obtaining credentials
+    for testing applications where it may not be possible or easy to run a
+    complete OAuth 2.0 authorization flow, especially in the case of code
+    samples or embedded devices without input / display capabilities.
+
+    This is not intended for production use where a combination of
+    companion and on-device applications should complete the OAuth 2.0
+    authorization flow to get authorization from the users.
+
+    """
+
+    flow = google_auth_oauthlib.flow.InstalledAppFlow.from_client_secrets_file(
+        client_secrets,
+        scopes=scope
+    )
+
+    if not headless:
+        creds = flow.run_local_server()
+    else:
+        creds = flow.run_console()
+
+    creds_data = {
+        'token': creds.token,
+        'refresh_token': creds.refresh_token,
+        'token_uri': creds.token_uri,
+        'client_id': creds.client_id,
+        'client_secret': creds.client_secret,
+        'scopes': creds.scopes
+    }
+
+    if save:
+        del creds_data['token']
+
+        config_path = os.path.dirname(credentials)
+        if not os.path.isdir(config_path):
+            os.makedirs(config_path)
+
+        with open(credentials, 'w') as outfile:
+            json.dump(creds_data, outfile)
+
+        click.echo('credentials saved: %s' % credentials)
+
+    else:
+        click.echo(json.dumps(creds_data))
+
+
+if __name__ == '__main__':
+    # pylint doesn't realize that click has changed the function signature.
+    main()  # pylint: disable=no-value-for-parameter

google_auth_oauthlib/tool/__main__.py

@@ -18,6 +18,10 @@
 from setuptools import setup
 
 
+TOOL_DEPENDENCIES = (
+    'click'
+)
+
 DEPENDENCIES = (
     'google-auth',
     'requests-oauthlib>=0.7.0',
@@ -38,6 +42,15 @@
     url='https://github.com/GoogleCloudPlatform/google-auth-library-python',
     packages=find_packages(exclude=('tests*',)),
     install_requires=DEPENDENCIES,
+    extras_require={
+        'tool': TOOL_DEPENDENCIES,
+    },
+    entry_points={
+        'console_scripts': [
+            'google-oauthlib-tool'
+            '=google_auth_oauthlib.tool.__main__:main [tool]',
+        ],
+    },
     license='Apache 2.0',
     keywords='google auth oauth client oauthlib',
     classifiers=(

setup.py

@@ -0,0 +1,149 @@
+# Copyright 2017 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import io
+import json
+import os.path
+import tempfile
+
+import click.testing
+import google.oauth2.credentials
+import mock
+import pytest
+
+import google_auth_oauthlib.flow
+import google_auth_oauthlib.tool.__main__ as cli
+
+DATA_DIR = os.path.join(os.path.dirname(__file__), 'data')
+CLIENT_SECRETS_FILE = os.path.join(DATA_DIR, 'client_secrets.json')
+
+
+class TestMain(object):
+    @pytest.fixture
+    def runner(self):
+        return click.testing.CliRunner()
+
+    @pytest.fixture
+    def dummy_credentials(self):
+        return google.oauth2.credentials.Credentials(
+            token='dummy_access_token',
+            refresh_token='dummy_refresh_token',
+            token_uri='dummy_token_uri',
+            client_id='dummy_client_id',
+            client_secret='dummy_client_secret',
+            scopes=['dummy_scope1', 'dummy_scope2']
+        )
+
+    @pytest.fixture
+    def local_server_mock(self, dummy_credentials):
+        run_local_server_patch = mock.patch.object(
+            google_auth_oauthlib.flow.InstalledAppFlow,
+            'run_local_server',
+            autospec=True)
+
+        with run_local_server_patch as flow:
+            flow.return_value = dummy_credentials
+            yield flow
+
+    @pytest.fixture
+    def console_mock(self, dummy_credentials):
+        run_console_patch = mock.patch.object(
+            google_auth_oauthlib.flow.InstalledAppFlow,
+            'run_console',
+            autospec=True)
+
+        with run_console_patch as flow:
+            flow.return_value = dummy_credentials
+            yield flow
+
+    def test_help(self, runner):
+        result = runner.invoke(cli.main, ['--help'])
+        assert not result.exception
+        assert 'RFC6749' in result.output
+        assert 'OAuth 2.0 authorization flow' in result.output
+        assert 'not intended for production use' in result.output
+        assert result.exit_code == 0
+
+    def test_defaults(self, runner, dummy_credentials, local_server_mock):
+        result = runner.invoke(cli.main, [
+            '--client-secrets', CLIENT_SECRETS_FILE,
+            '--scope', 'somescope',
+        ])
+        local_server_mock.assert_called_with(mock.ANY)
+        assert not result.exception
+        assert result.exit_code == 0
+        creds_data = json.loads(result.output)
+        creds = google.oauth2.credentials.Credentials(**creds_data)
+        assert creds.token == dummy_credentials.token
+        assert creds.refresh_token == dummy_credentials.refresh_token
+        assert creds.token_uri == dummy_credentials.token_uri
+        assert creds.client_id == dummy_credentials.client_id
+        assert creds.client_secret == dummy_credentials.client_secret
+        assert creds.scopes == dummy_credentials.scopes
+
+    def test_headless(self, runner, dummy_credentials, console_mock):
+        result = runner.invoke(cli.main, [
+            '--client-secrets', CLIENT_SECRETS_FILE,
+            '--scope', 'somescope',
+            '--headless'
+        ])
+        console_mock.assert_called_with(mock.ANY)
+        assert not result.exception
+        assert dummy_credentials.refresh_token in result.output
+        assert result.exit_code == 0
+
+    def test_save_new_dir(self, runner, dummy_credentials, local_server_mock):
+        credentials_tmpdir = tempfile.mkdtemp()
+        credentials_path = os.path.join(
+            credentials_tmpdir,
+            'new-directory',
+            'credentials.json'
+        )
+        result = runner.invoke(cli.main, [
+            '--client-secrets', CLIENT_SECRETS_FILE,
+            '--scope', 'somescope',
+            '--credentials', credentials_path,
+            '--save'
+        ])
+        local_server_mock.assert_called_with(mock.ANY)
+        assert not result.exception
+        assert 'saved' in result.output
+        assert result.exit_code == 0
+        with io.open(credentials_path) as f:  # pylint: disable=invalid-name
+            creds_data = json.load(f)
+            assert 'access_token' not in creds_data
+
+            creds = google.oauth2.credentials.Credentials(
+                token=None, **creds_data)
+            assert creds.token is None
+            assert creds.refresh_token == dummy_credentials.refresh_token
+            assert creds.token_uri == dummy_credentials.token_uri
+            assert creds.client_id == dummy_credentials.client_id
+            assert creds.client_secret == dummy_credentials.client_secret
+
+    def test_save_existing_dir(self, runner, local_server_mock):
+        credentials_tmpdir = tempfile.mkdtemp()
+        result = runner.invoke(cli.main, [
+            '--client-secrets', CLIENT_SECRETS_FILE,
+            '--scope', 'somescope',
+            '--credentials', os.path.join(
+                credentials_tmpdir,
+                'credentials.json'
+            ),
+            '--save'
+        ])
+        local_server_mock.assert_called_with(mock.ANY)
+        assert not result.exception
+        assert 'saved' in result.output
+        assert result.exit_code == 0

tests/test_tool.py

@@ -7,6 +7,7 @@ deps =
   pytest
   pytest-cov
   futures
+  click
 commands =
   py.test --cov=google_auth_oauthlib --cov=tests {posargs:tests}