utils/pub/oauth2.dart - sdk.git - Git at Google

 // Copyright (c) 2012, the Dart project authors.  Please see the AUTHORS file
 // for details. All rights reserved. Use of this source code is governed by a
 // BSD-style license that can be found in the LICENSE file.

 library oauth2;

 import 'dart:async';
 import 'dart:io';
 import 'dart:uri';

 // TODO(nweiz): Make this a "package:" URL, or something nicer than this.
 import '../../pkg/oauth2/lib/oauth2.dart';
 import '../../pkg/pathos/lib/path.dart' as path;

 import 'http.dart';
 import 'io.dart';
 import 'log.dart' as log;
 import 'safe_http_server.dart';
 import 'system_cache.dart';
 import 'utils.dart';

 export '../../pkg/oauth2/lib/oauth2.dart';

 /// The pub client's OAuth2 identifier.
 final _identifier = '818368855108-8grd2eg9tj9f38os6f1urbcvsq399u8n.apps.'
     'googleusercontent.com';

 /// The pub client's OAuth2 secret. This isn't actually meant to be kept a
 /// secret.
 final _secret = 'SWeqj8seoJW0w7_CpEPFLX0K';

 /// The URL to which the user will be directed to authorize the pub client to
 /// get an OAuth2 access token.
 ///
 /// `access_type=offline` and `approval_prompt=force` ensures that we always get
 /// a refresh token from the server. See the [Google OAuth2 documentation][].
 ///
 /// [Google OAuth2 documentation]: https://developers.google.com/accounts/docs/OAuth2WebServer#offline
 final authorizationEndpoint = Uri.parse(
     'https://accounts.google.com/o/oauth2/auth?access_type=offline'
     '&approval_prompt=force');

 /// The URL from which the pub client will request an access token once it's
 /// been authorized by the user. This can be controlled externally by setting
 /// the _PUB_TEST_TOKEN_ENDPOINT environment variable.
 Uri get tokenEndpoint {
   var tokenEndpoint = Platform.environment['_PUB_TEST_TOKEN_ENDPOINT'];
   if (tokenEndpoint != null) {
     return Uri.parse(tokenEndpoint);
   } else {
     return _tokenEndpoint;
   }
 }

 final _tokenEndpoint = Uri.parse('https://accounts.google.com/o/oauth2/token');

 /// The OAuth2 scopes that the pub client needs. Currently the client only needs
 /// the user's email so that the server can verify their identity.
 final _scopes = ['https://www.googleapis.com/auth/userinfo.email'];

 /// An in-memory cache of the user's OAuth2 credentials. This should always be
 /// the same as the credentials file stored in the system cache.
 Credentials _credentials;

 /// Delete the cached credentials, if they exist.
 void clearCredentials(SystemCache cache) {
   _credentials = null;
   var credentialsFile = _credentialsFile(cache);
   if (!fileExists(credentialsFile)) return;

   deleteFile(credentialsFile);
 }

 /// Asynchronously passes an OAuth2 [Client] to [fn], and closes the client when
 /// the [Future] returned by [fn] completes.
 ///
 /// This takes care of loading and saving the client's credentials, as well as
 /// prompting the user for their authorization. It will also re-authorize and
 /// re-run [fn] if a recoverable authorization error is detected.
 Future withClient(SystemCache cache, Future fn(Client client)) {
   return _getClient(cache).then((client) {
     var completer = new Completer();
     return fn(client).whenComplete(() {
       client.close();
       // Be sure to save the credentials even when an error happens.
       _saveCredentials(cache, client.credentials);
     });
   }).catchError((asyncError) {
     if (asyncError.error is ExpirationException) {
       log.error("Pub's authorization to upload packages has expired and "
           "can't be automatically refreshed.");
       return withClient(cache, fn);
     } else if (asyncError.error is AuthorizationException) {
       var message = "OAuth2 authorization failed";
       if (asyncError.error.description != null) {
         message = "$message (${asyncError.error.description})";
       }
       log.error("$message.");
       clearCredentials(cache);
       return withClient(cache, fn);
     } else {
       throw asyncError;
     }
   });
 }

 /// Gets a new OAuth2 client. If saved credentials are available, those are
 /// used; otherwise, the user is prompted to authorize the pub client.
 Future<Client> _getClient(SystemCache cache) {
   return defer(() {
     var credentials = _loadCredentials(cache);
     if (credentials == null) return _authorize();

     var client = new Client(_identifier, _secret, credentials,
         httpClient: httpClient);
     _saveCredentials(cache, client.credentials);
     return client;
   });
 }

 /// Loads the user's OAuth2 credentials from the in-memory cache or the
 /// filesystem if possible. If the credentials can't be loaded for any reason,
 /// the returned [Future] will complete to null.
 Credentials _loadCredentials(SystemCache cache) {
   log.fine('Loading OAuth2 credentials.');

   try {
     if (_credentials != null) return _credentials;

     var path = _credentialsFile(cache);
     if (!fileExists(path)) return null;

     var credentials = new Credentials.fromJson(readTextFile(path));
     if (credentials.isExpired && !credentials.canRefresh) {
       log.error("Pub's authorization to upload packages has expired and "
           "can't be automatically refreshed.");
       return null; // null means re-authorize.
     }

     return credentials;
   } catch (e) {
     log.error('Warning: could not load the saved OAuth2 credentials: $e\n'
         'Obtaining new credentials...');
     return null; // null means re-authorize.
   }
 }

 /// Save the user's OAuth2 credentials to the in-memory cache and the
 /// filesystem.
 void _saveCredentials(SystemCache cache, Credentials credentials) {
   log.fine('Saving OAuth2 credentials.');
   _credentials = credentials;
   var credentialsPath = _credentialsFile(cache);
   ensureDir(path.dirname(credentialsPath));
   writeTextFile(credentialsPath, credentials.toJson(), dontLogContents: true);
 }

 /// The path to the file in which the user's OAuth2 credentials are stored.
 String _credentialsFile(SystemCache cache) =>
     path.join(cache.rootDir, 'credentials.json');

 /// Gets the user to authorize pub as a client of pub.dartlang.org via oauth2.
 /// Returns a Future that will complete to a fully-authorized [Client].
 Future<Client> _authorize() {
   var grant = new AuthorizationCodeGrant(
       _identifier,
       _secret,
       authorizationEndpoint,
       tokenEndpoint,
       httpClient: httpClient);

   // Spin up a one-shot HTTP server to receive the authorization code from the
   // Google OAuth2 server via redirect. This server will close itself as soon as
   // the code is received.
   return SafeHttpServer.bind('127.0.0.1', 0).then((server) {
     var authUrl = grant.getAuthorizationUrl(
         Uri.parse('http://localhost:${server.port}'), scopes: _scopes);

     log.message(
         'Pub needs your authorization to upload packages on your behalf.\n'
         'In a web browser, go to $authUrl\n'
         'Then click "Allow access".\n\n'
         'Waiting for your authorization...');
     return server.first.then((request) {
       var response = request.response;
       if (request.uri.path == "/") {
         log.message('Authorization received, processing...');
         var queryString = request.uri.query;
         if (queryString == null) queryString = '';
         response.statusCode = 302;
         response.headers.set('location',
                              'http://pub.dartlang.org/authorized');
         response.close();
         return grant.handleAuthorizationResponse(queryToMap(queryString))
         .then((client) {
           server.close();
           return client;
         });
       } else {
         response.statusCode = 404;
         response.close();
       }
     });
   })
   .then((client) {
     log.message('Successfully authorized.\n');
     return client;
   });
 }
	// Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file
	// for details. All rights reserved. Use of this source code is governed by a
	// BSD-style license that can be found in the LICENSE file.

	library oauth2;

	import 'dart:async';
	import 'dart:io';
	import 'dart:uri';

	// TODO(nweiz): Make this a "package:" URL, or something nicer than this.
	import '../../pkg/oauth2/lib/oauth2.dart';
	import '../../pkg/pathos/lib/path.dart' as path;

	import 'http.dart';
	import 'io.dart';
	import 'log.dart' as log;
	import 'safe_http_server.dart';
	import 'system_cache.dart';
	import 'utils.dart';

	export '../../pkg/oauth2/lib/oauth2.dart';

	/// The pub client's OAuth2 identifier.
	final _identifier = '818368855108-8grd2eg9tj9f38os6f1urbcvsq399u8n.apps.'
	'googleusercontent.com';

	/// The pub client's OAuth2 secret. This isn't actually meant to be kept a
	/// secret.
	final _secret = 'SWeqj8seoJW0w7_CpEPFLX0K';

	/// The URL to which the user will be directed to authorize the pub client to
	/// get an OAuth2 access token.
	///
	/// `access_type=offline` and `approval_prompt=force` ensures that we always get
	/// a refresh token from the server. See the [Google OAuth2 documentation][].
	///
	/// [Google OAuth2 documentation]: https://developers.google.com/accounts/docs/OAuth2WebServer#offline
	final authorizationEndpoint = Uri.parse(
	'https://accounts.google.com/o/oauth2/auth?access_type=offline'
	'&approval_prompt=force');

	/// The URL from which the pub client will request an access token once it's
	/// been authorized by the user. This can be controlled externally by setting
	/// the _PUB_TEST_TOKEN_ENDPOINT environment variable.
	Uri get tokenEndpoint {
	var tokenEndpoint = Platform.environment['_PUB_TEST_TOKEN_ENDPOINT'];
	if (tokenEndpoint != null) {
	return Uri.parse(tokenEndpoint);
	} else {
	return _tokenEndpoint;
	}
	}

	final _tokenEndpoint = Uri.parse('https://accounts.google.com/o/oauth2/token');

	/// The OAuth2 scopes that the pub client needs. Currently the client only needs
	/// the user's email so that the server can verify their identity.
	final _scopes = ['https://www.googleapis.com/auth/userinfo.email'];

	/// An in-memory cache of the user's OAuth2 credentials. This should always be
	/// the same as the credentials file stored in the system cache.
	Credentials _credentials;

	/// Delete the cached credentials, if they exist.
	void clearCredentials(SystemCache cache) {
	_credentials = null;
	var credentialsFile = _credentialsFile(cache);
	if (!fileExists(credentialsFile)) return;

	deleteFile(credentialsFile);
	}

	/// Asynchronously passes an OAuth2 [Client] to [fn], and closes the client when
	/// the [Future] returned by [fn] completes.
	///
	/// This takes care of loading and saving the client's credentials, as well as
	/// prompting the user for their authorization. It will also re-authorize and
	/// re-run [fn] if a recoverable authorization error is detected.
	Future withClient(SystemCache cache, Future fn(Client client)) {
	return _getClient(cache).then((client) {
	var completer = new Completer();
	return fn(client).whenComplete(() {
	client.close();
	// Be sure to save the credentials even when an error happens.
	_saveCredentials(cache, client.credentials);
	});
	}).catchError((asyncError) {
	if (asyncError.error is ExpirationException) {
	log.error("Pub's authorization to upload packages has expired and "
	"can't be automatically refreshed.");
	return withClient(cache, fn);
	} else if (asyncError.error is AuthorizationException) {
	var message = "OAuth2 authorization failed";
	if (asyncError.error.description != null) {
	message = "$message (${asyncError.error.description})";
	}
	log.error("$message.");
	clearCredentials(cache);
	return withClient(cache, fn);
	} else {
	throw asyncError;
	}
	});
	}

	/// Gets a new OAuth2 client. If saved credentials are available, those are
	/// used; otherwise, the user is prompted to authorize the pub client.
	Future<Client> _getClient(SystemCache cache) {
	return defer(() {
	var credentials = _loadCredentials(cache);
	if (credentials == null) return _authorize();

	var client = new Client(_identifier, _secret, credentials,
	httpClient: httpClient);
	_saveCredentials(cache, client.credentials);
	return client;
	});
	}

	/// Loads the user's OAuth2 credentials from the in-memory cache or the
	/// filesystem if possible. If the credentials can't be loaded for any reason,
	/// the returned [Future] will complete to null.
	Credentials _loadCredentials(SystemCache cache) {
	log.fine('Loading OAuth2 credentials.');

	try {
	if (_credentials != null) return _credentials;

	var path = _credentialsFile(cache);
	if (!fileExists(path)) return null;

	var credentials = new Credentials.fromJson(readTextFile(path));
	if (credentials.isExpired && !credentials.canRefresh) {
	log.error("Pub's authorization to upload packages has expired and "
	"can't be automatically refreshed.");
	return null; // null means re-authorize.
	}

	return credentials;
	} catch (e) {
	log.error('Warning: could not load the saved OAuth2 credentials: $e\n'
	'Obtaining new credentials...');
	return null; // null means re-authorize.
	}
	}

	/// Save the user's OAuth2 credentials to the in-memory cache and the
	/// filesystem.
	void _saveCredentials(SystemCache cache, Credentials credentials) {
	log.fine('Saving OAuth2 credentials.');
	_credentials = credentials;
	var credentialsPath = _credentialsFile(cache);
	ensureDir(path.dirname(credentialsPath));
	writeTextFile(credentialsPath, credentials.toJson(), dontLogContents: true);
	}

	/// The path to the file in which the user's OAuth2 credentials are stored.
	String _credentialsFile(SystemCache cache) =>
	path.join(cache.rootDir, 'credentials.json');

	/// Gets the user to authorize pub as a client of pub.dartlang.org via oauth2.
	/// Returns a Future that will complete to a fully-authorized [Client].
	Future<Client> _authorize() {
	var grant = new AuthorizationCodeGrant(
	_identifier,
	_secret,
	authorizationEndpoint,
	tokenEndpoint,
	httpClient: httpClient);

	// Spin up a one-shot HTTP server to receive the authorization code from the
	// Google OAuth2 server via redirect. This server will close itself as soon as
	// the code is received.
	return SafeHttpServer.bind('127.0.0.1', 0).then((server) {
	var authUrl = grant.getAuthorizationUrl(
	Uri.parse('http://localhost:${server.port}'), scopes: _scopes);

	log.message(
	'Pub needs your authorization to upload packages on your behalf.\n'
	'In a web browser, go to $authUrl\n'
	'Then click "Allow access".\n\n'
	'Waiting for your authorization...');
	return server.first.then((request) {
	var response = request.response;
	if (request.uri.path == "/") {
	log.message('Authorization received, processing...');
	var queryString = request.uri.query;
	if (queryString == null) queryString = '';
	response.statusCode = 302;
	response.headers.set('location',
	'http://pub.dartlang.org/authorized');
	response.close();
	return grant.handleAuthorizationResponse(queryToMap(queryString))
	.then((client) {
	server.close();
	return client;
	});
	} else {
	response.statusCode = 404;
	response.close();
	}
	});
	})
	.then((client) {
	log.message('Successfully authorized.\n');
	return client;
	});
	}