Upgrade 3rd packages

third_party/oauth2client/appengine.py

-# Copyright (C) 2010 Google Inc.
+# Copyright 2014 Google Inc. All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #      http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
 """Utilities for Google App Engine
 
 Utilities for making it easier to use OAuth 2.0 on Google App Engine.
 """
 
 __author__ = 'jcgregorio@google.com (Joe Gregorio)'
 
-import base64
 import cgi
-import httplib2
+import json
 import logging
 import os
 import pickle
 import threading
-import time
+
+import httplib2
 
 from google.appengine.api import app_identity
 from google.appengine.api import memcache
 from google.appengine.api import users
 from google.appengine.ext import db
 from google.appengine.ext import webapp
 from google.appengine.ext.webapp.util import login_required
 from google.appengine.ext.webapp.util import run_wsgi_app
 from oauth2client import GOOGLE_AUTH_URI
 from oauth2client import GOOGLE_REVOKE_URI
 from oauth2client import GOOGLE_TOKEN_URI
 from oauth2client import clientsecrets
 from oauth2client import util
 from oauth2client import xsrfutil
-from oauth2client.anyjson import simplejson
 from oauth2client.client import AccessTokenRefreshError
 from oauth2client.client import AssertionCredentials
 from oauth2client.client import Credentials
 from oauth2client.client import Flow
 from oauth2client.client import OAuth2WebServerFlow
 from oauth2client.client import Storage
 
 # TODO(dhermes): Resolve import issue.
 # This is a temporary fix for a Google internal issue.
 try:
@@ skipping 97 matching lines @@
   generate and refresh its own access tokens.
   """
 
   @util.positional(2)
   def __init__(self, scope, **kwargs):
     """Constructor for AppAssertionCredentials
 
     Args:
       scope: string or iterable of strings, scope(s) of the credentials being
         requested.
+      **kwargs: optional keyword args, including:
+        service_account_id: service account id of the application. If None or
+          unspecified, the default service account for the app is used.
     """
     self.scope = util.scopes_to_string(scope)
+    self._kwargs = kwargs
+    self.service_account_id = kwargs.get('service_account_id', None)
 
     # Assertion type is no longer used, but still in the parent class signature.
     super(AppAssertionCredentials, self).__init__(None)
 
   @classmethod
-  def from_json(cls, json):
-    data = simplejson.loads(json)
+  def from_json(cls, json_data):
+    data = json.loads(json_data)
     return AppAssertionCredentials(data['scope'])
 
   def _refresh(self, http_request):
     """Refreshes the access_token.
 
     Since the underlying App Engine app_identity implementation does its own
     caching we can skip all the storage hoops and just to a refresh using the
     API.
 
     Args:
       http_request: callable, a callable that matches the method signature of
         httplib2.Http.request, used to make the refresh request.
 
     Raises:
       AccessTokenRefreshError: When the refresh fails.
     """
     try:
       scopes = self.scope.split()
-      (token, _) = app_identity.get_access_token(scopes)
-    except app_identity.Error, e:
+      (token, _) = app_identity.get_access_token(
+          scopes, service_account_id=self.service_account_id)
+    except app_identity.Error as e:
       raise AccessTokenRefreshError(str(e))
     self.access_token = token
 
+  @property
+  def serialization_data(self):
+    raise NotImplementedError('Cannot serialize credentials for AppEngine.')
+
+  def create_scoped_required(self):
+    return not self.scope
+
+  def create_scoped(self, scopes):
+    return AppAssertionCredentials(scopes, **self._kwargs)
+
 
 class FlowProperty(db.Property):
   """App Engine datastore Property for Flow.
 
   Utility property that allows easy storage and retrieval of an
   oauth2client.Flow"""
 
   # Tell what the user type is.
   data_type = Flow
 
@@ skipping 223 matching lines @@
 
     Attempts to delete using the key_name stored on the object, whether or not
     the given key is in the datastore.
     """
     if self._is_ndb():
       ndb.Key(self._model, self._key_name).delete()
     else:
       entity_key = db.Key.from_path(self._model.kind(), self._key_name)
       db.delete(entity_key)
 
+  @db.non_transactional(allow_existing=True)
   def locked_get(self):
     """Retrieve Credential from datastore.
 
     Returns:
       oauth2client.Credentials
     """
     credentials = None
     if self._cache:
       json = self._cache.get(self._key_name)
       if json:
         credentials = Credentials.new_from_json(json)
     if credentials is None:
       entity = self._get_entity()
       if entity is not None:
         credentials = getattr(entity, self._property_name)
         if self._cache:
           self._cache.set(self._key_name, credentials.to_json())
 
     if credentials and hasattr(credentials, 'set_store'):
       credentials.set_store(self)
     return credentials
 
+  @db.non_transactional(allow_existing=True)
   def locked_put(self, credentials):
     """Write a Credentials to the datastore.
 
     Args:
       credentials: Credentials, the credentials to store.
     """
     entity = self._model.get_or_insert(self._key_name)
     setattr(entity, self._property_name, credentials)
     entity.put()
     if self._cache:
       self._cache.set(self._key_name, credentials.to_json())
 
+  @db.non_transactional(allow_existing=True)
   def locked_delete(self):
     """Delete Credential from datastore."""
 
     if self._cache:
       self._cache.delete(self._key_name)
 
     self._delete_entity()
 
 
 class CredentialsModel(db.Model):
@@ skipping 65 matching lines @@
 
   return uri
 
 
 class OAuth2Decorator(object):
   """Utility for making OAuth 2.0 easier.
 
   Instantiate and then use with oauth_required or oauth_aware
   as decorators on webapp.RequestHandler methods.
 
-  Example:
+  ::
 
     decorator = OAuth2Decorator(
         client_id='837...ent.com',
         client_secret='Qh...wwI',
         scope='https://www.googleapis.com/auth/plus')
 
-
     class MainHandler(webapp.RequestHandler):
-
       @decorator.oauth_required
       def get(self):
         http = decorator.http()
         # http is authorized with the user's Credentials and can be used
         # in API calls
 
   """
 
   def set_credentials(self, credentials):
     self._tls.credentials = credentials
@@ skipping 67 matching lines @@
       _storage_class: "Protected" keyword argument not typically provided to
         this constructor. A storage class to aid in storing a Credentials object
         for a user in the datastore. Defaults to StorageByKeyName.
       _credentials_class: "Protected" keyword argument not typically provided to
         this constructor. A db or ndb Model class to hold credentials. Defaults
         to CredentialsModel.
       _credentials_property_name: "Protected" keyword argument not typically
         provided to this constructor. A string indicating the name of the field
         on the _credentials_class where a Credentials object will be stored.
         Defaults to 'credentials'.
-      **kwargs: dict, Keyword arguments are be passed along as kwargs to the
-        OAuth2WebServerFlow constructor.
+      **kwargs: dict, Keyword arguments are passed along as kwargs to
+        the OAuth2WebServerFlow constructor.
+
     """
     self._tls = threading.local()
     self.flow = None
     self.credentials = None
     self._client_id = client_id
     self._client_secret = client_secret
     self._scope = util.scopes_to_string(scope)
     self._auth_uri = auth_uri
     self._token_uri = token_uri
     self._revoke_uri = revoke_uri
@@ skipping 126 matching lines @@
 
   def authorize_url(self):
     """Returns the URL to start the OAuth dance.
 
     Must only be called from with a webapp.RequestHandler subclassed method
     that had been decorated with either @oauth_required or @oauth_aware.
     """
     url = self.flow.step1_get_authorize_url()
     return str(url)
 
-  def http(self):
+  def http(self, *args, **kwargs):
     """Returns an authorized http instance.
 
     Must only be called from within an @oauth_required decorated method, or
     from within an @oauth_aware decorated method where has_credentials()
     returns True.
+
+    Args:
+        *args: Positional arguments passed to httplib2.Http constructor.
+        **kwargs: Positional arguments passed to httplib2.Http constructor.
     """
-    return self.credentials.authorize(httplib2.Http())
+    return self.credentials.authorize(httplib2.Http(*args, **kwargs))
 
   @property
   def callback_path(self):
     """The absolute path where the callback will occur.
 
     Note this is the absolute path, not the absolute URI, that will be
     calculated by the decorator at runtime. See callback_handler() for how this
     should be used.
 
     Returns:
       The callback path as a string.
     """
     return self._callback_path
 
 
   def callback_handler(self):
     """RequestHandler for the OAuth 2.0 redirect callback.
 
-    Usage:
+    Usage::
+
        app = webapp.WSGIApplication([
          ('/index', MyIndexHandler),
          ...,
          (decorator.callback_path, decorator.callback_handler())
        ])
 
     Returns:
       A webapp.RequestHandler that handles the redirect back from the
       server during the OAuth 2.0 dance.
     """
@@ skipping 13 matching lines @@
           user = users.get_current_user()
           decorator._create_flow(self)
           credentials = decorator.flow.step2_exchange(self.request.params)
           decorator._storage_class(
               decorator._credentials_class, None,
               decorator._credentials_property_name, user=user).put(credentials)
           redirect_uri = _parse_state_value(str(self.request.get('state')),
                                             user)
 
           if decorator._token_response_param and credentials.token_response:
-            resp_json = simplejson.dumps(credentials.token_response)
+            resp_json = json.dumps(credentials.token_response)
             redirect_uri = util._add_query_parameter(
                 redirect_uri, decorator._token_response_param, resp_json)
 
           self.redirect(redirect_uri)
 
     return OAuth2Handler
 
   def callback_application(self):
     """WSGI application for handling the OAuth 2.0 redirect callback.
 
     If you need finer grained control use `callback_handler` which returns just
     the webapp.RequestHandler.
 
     Returns:
       A webapp.WSGIApplication that handles the redirect back from the
       server during the OAuth 2.0 dance.
     """
     return webapp.WSGIApplication([
         (self.callback_path, self.callback_handler())
         ])
 
 
 class OAuth2DecoratorFromClientSecrets(OAuth2Decorator):
   """An OAuth2Decorator that builds from a clientsecrets file.
 
   Uses a clientsecrets file as the source for all the information when
   constructing an OAuth2Decorator.
 
-  Example:
+  ::
 
     decorator = OAuth2DecoratorFromClientSecrets(
       os.path.join(os.path.dirname(__file__), 'client_secrets.json')
       scope='https://www.googleapis.com/auth/plus')
 
-
     class MainHandler(webapp.RequestHandler):
-
       @decorator.oauth_required
       def get(self):
         http = decorator.http()
         # http is authorized with the user's Credentials and can be used
         # in API calls
+
   """
 
   @util.positional(3)
-  def __init__(self, filename, scope, message=None, cache=None):
+  def __init__(self, filename, scope, message=None, cache=None, **kwargs):
     """Constructor
 
     Args:
       filename: string, File name of client secrets.
       scope: string or iterable of strings, scope(s) of the credentials being
         requested.
       message: string, A friendly string to display to the user if the
         clientsecrets file is missing or invalid. The message may contain HTML
         and will be presented on the web interface for any method that uses the
         decorator.
       cache: An optional cache service client that implements get() and set()
         methods. See clientsecrets.loadfile() for details.
+      **kwargs: dict, Keyword arguments are passed along as kwargs to
+        the OAuth2WebServerFlow constructor.
     """
     client_type, client_info = clientsecrets.loadfile(filename, cache=cache)
     if client_type not in [
         clientsecrets.TYPE_WEB, clientsecrets.TYPE_INSTALLED]:
       raise InvalidClientSecretsError(
-          'OAuth2Decorator doesn\'t support this OAuth 2.0 flow.')
-    constructor_kwargs = {
-      'auth_uri': client_info['auth_uri'],
-      'token_uri': client_info['token_uri'],
-      'message': message,
-    }
+          "OAuth2Decorator doesn't support this OAuth 2.0 flow.")
+    constructor_kwargs = dict(kwargs)
+    constructor_kwargs.update({
+        'auth_uri': client_info['auth_uri'],
+        'token_uri': client_info['token_uri'],
+        'message': message,
+    })
     revoke_uri = client_info.get('revoke_uri')
     if revoke_uri is not None:
       constructor_kwargs['revoke_uri'] = revoke_uri
     super(OAuth2DecoratorFromClientSecrets, self).__init__(
         client_info['client_id'], client_info['client_secret'],
         scope, **constructor_kwargs)
     if message is not None:
       self._message = message
     else:
       self._message = 'Please configure your application for OAuth 2.0.'
@@ skipping 12 matching lines @@
       clientsecrets file is missing or invalid. The message may contain HTML and
       will be presented on the web interface for any method that uses the
       decorator.
     cache: An optional cache service client that implements get() and set()
       methods. See clientsecrets.loadfile() for details.
 
   Returns: An OAuth2Decorator
 
   """
   return OAuth2DecoratorFromClientSecrets(filename, scope,
-                                          message=message, cache=cache)
+                                          message=message, cache=cache)