Properly handle errors from the OAuth2 token endpoint in pub.

utils/pub/oauth2.dart

 // Copyright (c) 2012, the Dart project authors.  Please see the AUTHORS file
 // for details. All rights reserved. Use of this source code is governed by a
 // BSD-style license that can be found in the LICENSE file.
 
 library oauth2;
 
 import 'dart:async';
 import 'dart:io';
 import 'dart:uri';
 
@@ skipping 17 matching lines @@
 /// secret.
 final _secret = 'SWeqj8seoJW0w7_CpEPFLX0K';
 
 /// The URL to which the user will be directed to authorize the pub client to
 /// get an OAuth2 access token.
 ///
 /// `access_type=offline` and `approval_prompt=force` ensures that we always get
 /// a refresh token from the server. See the [Google OAuth2 documentation][].
 ///
 /// [Google OAuth2 documentation]: https://developers.google.com/accounts/docs/OAuth2WebServer#offline
-final _authorizationEndpoint = Uri.parse(
+final authorizationEndpoint = Uri.parse(
     'https://accounts.google.com/o/oauth2/auth?access_type=offline'
     '&approval_prompt=force');
 
 /// The URL from which the pub client will request an access token once it's
-/// been authorized by the user.
-final _tokenEndpoint = Uri.parse(
-    'https://accounts.google.com/o/oauth2/token');
+/// been authorized by the user. This can be controlled externally by setting
+/// the _PUB_TEST_TOKEN_ENDPOINT environment variable.
+Uri get tokenEndpoint {
+  var tokenEndpoint = Platform.environment['_PUB_TEST_TOKEN_ENDPOINT'];
+  if (tokenEndpoint != null) {
+    return Uri.parse(tokenEndpoint);
+  } else {
+    return _tokenEndpoint;
+  }
+}
+
+final _tokenEndpoint = Uri.parse('https://accounts.google.com/o/oauth2/token');
 
 /// The OAuth2 scopes that the pub client needs. Currently the client only needs
 /// the user's email so that the server can verify their identity.
 final _scopes = ['https://www.googleapis.com/auth/userinfo.email'];
 
 /// An in-memory cache of the user's OAuth2 credentials. This should always be
 /// the same as the credentials file stored in the system cache.
 Credentials _credentials;
 
 /// Delete the cached credentials, if they exist.
@@ skipping 89 matching lines @@
   writeTextFile(credentialsPath, credentials.toJson(), dontLogContents: true);
 }
 
 /// The path to the file in which the user's OAuth2 credentials are stored.
 String _credentialsFile(SystemCache cache) =>
     path.join(cache.rootDir, 'credentials.json');
 
 /// Gets the user to authorize pub as a client of pub.dartlang.org via oauth2.
 /// Returns a Future that will complete to a fully-authorized [Client].
 Future<Client> _authorize() {
-  // Allow the tests to inject their own token endpoint URL.
-  var tokenEndpoint = Platform.environment['_PUB_TEST_TOKEN_ENDPOINT'];
-  if (tokenEndpoint != null) {
-    tokenEndpoint = Uri.parse(tokenEndpoint);
-  } else {
-    tokenEndpoint = _tokenEndpoint;
-  }
-
   var grant = new AuthorizationCodeGrant(
       _identifier,
       _secret,
-      _authorizationEndpoint,
+      authorizationEndpoint,
       tokenEndpoint,
       httpClient: httpClient);
 
   // Spin up a one-shot HTTP server to receive the authorization code from the
   // Google OAuth2 server via redirect. This server will close itself as soon as
   // the code is received.
   return HttpServer.bind('127.0.0.1', 0).then((server) {
     var authUrl = grant.getAuthorizationUrl(
         Uri.parse('http://localhost:${server.port}'), scopes: _scopes);
 
@@ skipping 21 matching lines @@
         response.statusCode = 404;
         response.close();
       }
     });
   })
   .then((client) {
     log.message('Successfully authorized.\n');
     return client;
   });
 }