Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: avoid losing the original _include_email parameter in impersonated credentials #626

Merged
merged 4 commits into from Dec 11, 2020
Merged

fix: avoid losing the original _include_email parameter in impersonated credentials #626

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
493dab6
fix: avoid losing the original _include_email parameter
pietrodn Oct 14, 2020
4f14bc1
test: check that IDTokenCredentials._include_email is preserved
pietrodn Oct 28, 2020
2f3e9b6
Merge branch 'master' into patch-1
tseaver Dec 11, 2020
690e946
Merge branch 'master' into patch-1
tseaver Dec 11, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
2 changes: 2 additions & 0 deletions google/auth/impersonated_credentials.py
View file
Open in desktop
Expand Up @@ -341,13 +341,15 @@ def from_credentials(self, target_credentials, target_audience=None):
return self.__class__(
target_credentials=self._target_credentials,
target_audience=target_audience,
include_email=self._include_email,
quota_project_id=self._quota_project_id,
)

def with_target_audience(self, target_audience):
return self.__class__(
target_credentials=self._target_credentials,
target_audience=target_audience,
include_email=self._include_email,
quota_project_id=self._quota_project_id,
)

Expand Down
8 changes: 6 additions & 2 deletions tests/test_impersonated_credentials.py
View file
Open in desktop
Expand Up @@ -368,12 +368,13 @@ def test_id_token_from_credential(
assert not credentials.expired

id_creds = impersonated_credentials.IDTokenCredentials(
credentials, target_audience=target_audience
credentials, target_audience=target_audience, include_email=True
)
id_creds = id_creds.from_credentials(target_credentials=credentials)
id_creds.refresh(request)

assert id_creds.token == ID_TOKEN_DATA
assert id_creds._include_email is True

def test_id_token_with_target_audience(
self, mock_donor_credentials, mock_authorizedsession_idtoken
Expand All @@ -396,12 +397,15 @@ def test_id_token_with_target_audience(
assert credentials.valid
assert not credentials.expired

id_creds = impersonated_credentials.IDTokenCredentials(credentials)
id_creds = impersonated_credentials.IDTokenCredentials(
credentials, include_email=True
)
id_creds = id_creds.with_target_audience(target_audience=target_audience)
id_creds.refresh(request)

assert id_creds.token == ID_TOKEN_DATA
assert id_creds.expiry == datetime.datetime.fromtimestamp(ID_TOKEN_EXPIRY)
assert id_creds._include_email is True

def test_id_token_invalid_cred(
self, mock_donor_credentials, mock_authorizedsession_idtoken
Expand Down