OAuth2 support in depot_tools

oauth2.py

Index: oauth2.py
diff --git a/oauth2.py b/oauth2.py
new file mode 100644
index 0000000000000000000000000000000000000000..08f0abf29c23f5da356899c0419587e2795b58e8
--- /dev/null
+++ b/oauth2.py
@@ -0,0 +1,103 @@
+# Copyright (c) 2015 The Chromium Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+"""OAuth2 related utilities and implementation for git cl commands."""
+
+import copy
+import logging
+import optparse
+import os
+
+from third_party.oauth2client import tools
+from third_party.oauth2client.file import Storage
+import third_party.oauth2client.client as oa2client
+
+
+REDIRECT_URI = 'urn:ietf:wg:oauth:2.0:oob'
+CLIENT_ID = ('174799409470-8k3b89iov4racu9jrf7if3k4591voig3'
+             '.apps.googleusercontent.com')
+CLIENT_SECRET = 'DddcCK1d6_ADwxqGDEGlsisy'
+SCOPE = 'email'
+
+
+def _fetch_storage(code_review_server):
+  storage_dir = os.path.expanduser(os.path.join('~', '.git_cl_credentials'))
+  if not os.path.isdir(storage_dir):
+    os.makedirs(storage_dir)
+  storage_path = os.path.join(storage_dir, code_review_server)
+  storage = Storage(storage_path)
+  return storage
+
+
+def _fetch_creds_from_storage(storage):
+  logging.debug('Fetching OAuth2 credentials from local storage ...')
+  credentials = storage.get()
+  if not credentials or credentials.invalid:
+    return None
+  if not credentials.access_token or credentials.access_token_expired:
+    return None
+  return credentials
+
+
+def add_oauth2_options(parser):
+  """Add OAuth2-related options."""
+  group = optparse.OptionGroup(parser, "OAuth2 options")
+  group.add_option(
+      '--auth-host-name',
+      default='localhost',
+      help='Host name to use when running a local web server '
+           'to handle redirects during OAuth authorization.'
+           'Default: localhost.'
+  )
+  group.add_option(
+      '--auth-host-port',
+      type=int,
+      action='append',
+      default=[8080, 8090],
+      help='Port to use when running a local web server to handle '
+           'redirects during OAuth authorization. '
+           'Repeat this option to specify a list of values.'
+           'Default: [8080, 8090].'
+  )
+  group.add_option(
+      '--noauth-local-webserver',
+      action='store_true',
+      default=False,
+      help='Run a local web server to handle redirects '
+           'during OAuth authorization.'
+           'Default: False.'
+  )
+  group.add_option(
+      '--no-cache',
+      action='store_true',
+      default=False,
+      help='Get fresh credentials from web server instead of using '
+           'the crendentials stored on a local storage file.'
+           'Default: False.'
+  )
+  parser.add_option_group(group)
+
+
+def get_oauth2_creds(options, code_review_server):
+  """Get OAuth2 credentials.
+
+  Args:
+    options: Command line options.
+    code_review_server: Code review server name, e.g., codereview.chromium.org.
+  """
+  storage = _fetch_storage(code_review_server)
+  creds = None
+  if not options.no_cache:
+    creds = _fetch_creds_from_storage(storage)
+  if creds is None:
+    logging.debug('Fetching OAuth2 credentials from web server...')
+    flow = oa2client.OAuth2WebServerFlow(
+        client_id=CLIENT_ID,
+        client_secret=CLIENT_SECRET,
+        scope=SCOPE,
+        redirect_uri=REDIRECT_URI)
+    flags = copy.deepcopy(options)
+    flags.logging_level = 'WARNING'
+    creds = tools.run_flow(flow, storage, flags)
+  return creds