From fd9b5b10c80950784bd37ee56e32c505acb5078d Mon Sep 17 00:00:00 2001
From: Pietro De Nicolao <pietrodn@users.noreply.github.com>
Date: Fri, 11 Dec 2020 20:00:30 +0100
Subject: [PATCH] fix: avoid losing the original '_include_email' parameter in
 impersonated credentials (#626)

Co-authored-by: Tres Seaver <tseaver@palladion.com>
---
 google/auth/impersonated_credentials.py | 2 ++
 tests/test_impersonated_credentials.py  | 8 ++++++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/google/auth/impersonated_credentials.py b/google/auth/impersonated_credentials.py
index d96c05bbf..4d158373a 100644
--- a/google/auth/impersonated_credentials.py
+++ b/google/auth/impersonated_credentials.py
@@ -341,6 +341,7 @@ def from_credentials(self, target_credentials, target_audience=None):
         return self.__class__(
             target_credentials=self._target_credentials,
             target_audience=target_audience,
+            include_email=self._include_email,
             quota_project_id=self._quota_project_id,
         )
 
@@ -348,6 +349,7 @@ def with_target_audience(self, target_audience):
         return self.__class__(
             target_credentials=self._target_credentials,
             target_audience=target_audience,
+            include_email=self._include_email,
             quota_project_id=self._quota_project_id,
         )
 
diff --git a/tests/test_impersonated_credentials.py b/tests/test_impersonated_credentials.py
index 46850a0d9..305f93926 100644
--- a/tests/test_impersonated_credentials.py
+++ b/tests/test_impersonated_credentials.py
@@ -368,12 +368,13 @@ def test_id_token_from_credential(
         assert not credentials.expired
 
         id_creds = impersonated_credentials.IDTokenCredentials(
-            credentials, target_audience=target_audience
+            credentials, target_audience=target_audience, include_email=True
         )
         id_creds = id_creds.from_credentials(target_credentials=credentials)
         id_creds.refresh(request)
 
         assert id_creds.token == ID_TOKEN_DATA
+        assert id_creds._include_email is True
 
     def test_id_token_with_target_audience(
         self, mock_donor_credentials, mock_authorizedsession_idtoken
@@ -396,12 +397,15 @@ def test_id_token_with_target_audience(
         assert credentials.valid
         assert not credentials.expired
 
-        id_creds = impersonated_credentials.IDTokenCredentials(credentials)
+        id_creds = impersonated_credentials.IDTokenCredentials(
+            credentials, include_email=True
+        )
         id_creds = id_creds.with_target_audience(target_audience=target_audience)
         id_creds.refresh(request)
 
         assert id_creds.token == ID_TOKEN_DATA
         assert id_creds.expiry == datetime.datetime.fromtimestamp(ID_TOKEN_EXPIRY)
+        assert id_creds._include_email is True
 
     def test_id_token_invalid_cred(
         self, mock_donor_credentials, mock_authorizedsession_idtoken