Skip to content

Commit

Permalink
fix: check id token error response
Browse files Browse the repository at this point in the history
  • Loading branch information
arithmetic1728 committed May 31, 2023
1 parent 9c87ad0 commit c069d32
Show file tree
Hide file tree
Showing 4 changed files with 56 additions and 5 deletions.
18 changes: 13 additions & 5 deletions google/auth/impersonated_credentials.py
Original file line number Diff line number Diff line change
Expand Up @@ -438,11 +438,19 @@ def refresh(self, request):
self._target_credentials._source_credentials, auth_request=request
)

response = authed_session.post(
url=iam_sign_endpoint,
headers=headers,
data=json.dumps(body).encode("utf-8"),
)
try:
response = authed_session.post(
url=iam_sign_endpoint,
headers=headers,
data=json.dumps(body).encode("utf-8"),
)
finally:
authed_session.close()

if response.status_code != http_client.OK:
raise exceptions.RefreshError(
"Error getting ID token: {}".format(response.json())
)

id_token = response.json()["token"]
self.token = id_token
Expand Down
Binary file modified system_tests/secrets.tar.enc
Binary file not shown.
22 changes: 22 additions & 0 deletions test.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
import google.auth.transport.requests
import google.auth

import logging
from http.client import HTTPConnection # py3

def debug_requests_on():
'''Switches on logging of the requests module.'''
HTTPConnection.debuglevel = 1

logging.basicConfig()
logging.getLogger().setLevel(logging.DEBUG)
requests_log = logging.getLogger("requests.packages.urllib3")
requests_log.setLevel(logging.DEBUG)
requests_log.propagate = True

req = google.auth.transport.requests.Request()
cred, _ = google.auth.default(scopes=["email"])

print(cred)
debug_requests_on()
cred.refresh(req)
21 changes: 21 additions & 0 deletions tests/test_impersonated_credentials.py
Original file line number Diff line number Diff line change
Expand Up @@ -318,6 +318,27 @@ def test_refresh_failure_unauthorzed(self, mock_donor_credentials):
assert not credentials.valid
assert credentials.expired

def test_refresh_failure(self):
credentials = self.make_credentials(lifetime=None)
credentials.expiry = None
credentials.token = "token"
id_creds = impersonated_credentials.IDTokenCredentials(
credentials, target_audience="audience"
)

response = mock.create_autospec(transport.Response, instance=False)
response.status_code = http_client.UNAUTHORIZED
response.json = mock.Mock(return_value="failed to get ID token")

with mock.patch(
"google.auth.transport.requests.AuthorizedSession.post",
return_value=response,
):
with pytest.raises(exceptions.RefreshError) as excinfo:
id_creds.refresh(None)

assert excinfo.match("Error getting ID token")

def test_refresh_failure_http_error(self, mock_donor_credentials):
credentials = self.make_credentials(lifetime=None)

Expand Down

0 comments on commit c069d32

Please sign in to comment.