From 377736e987738618ce9598275061035c3f5cec4b Mon Sep 17 00:00:00 2001
From: jianglai <jianglai@google.com>
Date: Wed, 12 Dec 2018 09:26:33 -0800
Subject: [PATCH] Add an option to perform login on remote machines

If the user runs "nomulus -e [ENV] login --remote", an URL will be provided, the user then can visit the URL on any machine (not necessary where the command is run) and copy&paste back the authorization code to complete authorization.

This makes it easy to login on machines where local browsers are not easily accessible.

Also upgraded nebula lint version to 10.3.5.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=225198700
---
 gradle/build.gradle                          |  2 +-
 gradle/core/build.gradle                     |  5 ++--
 java/google/registry/repositories.bzl        | 18 +++++++-------
 java/google/registry/tools/AuthModule.java   |  3 +--
 java/google/registry/tools/BUILD             |  1 +
 java/google/registry/tools/LoginCommand.java | 26 ++++++++++++++++++--
 6 files changed, 39 insertions(+), 16 deletions(-)

diff --git a/gradle/build.gradle b/gradle/build.gradle
index ec8f25e54..3bc3e6d4a 100644
--- a/gradle/build.gradle
+++ b/gradle/build.gradle
@@ -10,7 +10,7 @@ buildscript {
 }
 
 plugins {
-  id 'nebula.lint' version '10.3.1'
+  id 'nebula.lint' version '10.3.5'
   // Config helper for annotation processors such as AutoValue and Dagger.
   // Ensures that source code is generated at an appropriate location.
   id 'net.ltgt.apt' version '0.19' apply false
diff --git a/gradle/core/build.gradle b/gradle/core/build.gradle
index 585b40a04..719ff444e 100644
--- a/gradle/core/build.gradle
+++ b/gradle/core/build.gradle
@@ -84,7 +84,7 @@ dependencies {
   maybeRuntime 'com.google.api-client:google-api-client-jackson2:1.20.0'
   compile 'com.google.monitoring-client:metrics:1.0.4'
   compile 'com.google.monitoring-client:stackdriver:1.0.4'
-  maybeRuntime 'com.google.api-client:google-api-client-java6:1.20.0'
+  compile 'com.google.api-client:google-api-client-java6:1.27.0'
   maybeRuntime 'com.google.api-client:google-api-client-servlet:1.22.0'
   compile 'com.google.apis:google-api-services-admin-directory:directory_v1-rev72-1.22.0'
   compile 'com.google.apis:google-api-services-appengine:v1-rev85-1.25.0'
@@ -136,7 +136,7 @@ dependencies {
   compile 'com.google.http-client:google-http-client-jackson2:1.25.0'
   compile 'com.google.oauth-client:google-oauth-client:1.25.0'
   maybeRuntime 'com.google.oauth-client:google-oauth-client-appengine:1.22.0'
-  compile 'com.google.oauth-client:google-oauth-client-java6:1.22.0'
+  compile 'com.google.oauth-client:google-oauth-client-java6:1.27.0'
   compile 'com.google.oauth-client:google-oauth-client-jetty:1.22.0'
   maybeRuntime 'com.google.oauth-client:google-oauth-client-servlet:1.22.0'
   maybeRuntime 'com.google.protobuf:protobuf-java:2.6.0'
@@ -245,6 +245,7 @@ dependencies {
   // dependencies should go after all other compile and testCompile
   // dependencies to avoid overriding them accidentally.
   compile 'javax.servlet:javax.servlet-api:3.1.0' // google-api-client-appeng
+  compile 'com.google.oauth-client:google-oauth-client-java6:1.20.0'
 
   // Dependencies needed for jaxb compilation.
   // Use jaxb 2.2.11 because 2.3 is known to break the Ant task we use.
diff --git a/java/google/registry/repositories.bzl b/java/google/registry/repositories.bzl
index 7f0a25c47..be7b0347f 100644
--- a/java/google/registry/repositories.bzl
+++ b/java/google/registry/repositories.bzl
@@ -510,10 +510,10 @@ def com_google_api_client():
     java_import_external(
         name = "com_google_api_client",
         licenses = ["notice"],  # The Apache Software License, Version 2.0
-        jar_sha256 = "24e1a69d6c04e6e72e3e16757d46d32daa7dd43cb32c3895f832f25358be1402",
+        jar_sha256 = "fd1f06bc8cea64cd6e85e7a29dd632ba05c4e4ec2daae9a7115b6dbc9004fcd9",
         jar_urls = [
-            "http://maven.ibiblio.org/maven2/com/google/api-client/google-api-client/1.25.0/google-api-client-1.25.0.jar",
-            "http://repo1.maven.org/maven2/com/google/api-client/google-api-client/1.25.0/google-api-client-1.25.0.jar",
+            "http://maven.ibiblio.org/maven2/com/google/api-client/google-api-client/1.27.0/google-api-client-1.27.0.jar",
+            "http://repo1.maven.org/maven2/com/google/api-client/google-api-client/1.27.0/google-api-client-1.27.0.jar",
         ],
         deps = [
             "@com_google_oauth_client",
@@ -609,10 +609,10 @@ def com_google_api_client_java6():
     java_import_external(
         name = "com_google_api_client_java6",
         licenses = ["notice"],  # The Apache Software License, Version 2.0
-        jar_sha256 = "df4f423f33f467d248e51deb555404771f7bc41430b2d4d1e49966c79c0b207b",
+        jar_sha256 = "056ef35bafebd2e2b27817be00aa08e79d24fd4ba1c7c70c2407fd2ec9582cb5",
         jar_urls = [
-            "http://maven.ibiblio.org/maven2/com/google/api-client/google-api-client-java6/1.20.0/google-api-client-java6-1.20.0.jar",
-            "http://repo1.maven.org/maven2/com/google/api-client/google-api-client-java6/1.20.0/google-api-client-java6-1.20.0.jar",
+            "http://maven.ibiblio.org/maven2/com/google/api-client/google-api-client-java6/1.27.0/google-api-client-java6-1.27.0.jar",
+            "http://repo1.maven.org/maven2/com/google/api-client/google-api-client-java6/1.27.0/google-api-client-java6-1.27.0.jar",
         ],
         deps = [
             "@com_google_api_client",
@@ -1487,10 +1487,10 @@ def com_google_oauth_client_java6():
     java_import_external(
         name = "com_google_oauth_client_java6",
         licenses = ["notice"],  # The Apache Software License, Version 2.0
-        jar_sha256 = "c8d61bbb65f6721b85c38a88e4cb2a1782e04b8055589036705391361b658197",
+        jar_sha256 = "1065d7ec93a9ca93005e85d73f23f71353dd731f5c5f0310d66735ad81a16c33",
         jar_urls = [
-            "http://maven.ibiblio.org/maven2/com/google/oauth-client/google-oauth-client-java6/1.22.0/google-oauth-client-java6-1.22.0.jar",
-            "http://repo1.maven.org/maven2/com/google/oauth-client/google-oauth-client-java6/1.22.0/google-oauth-client-java6-1.22.0.jar",
+            "http://maven.ibiblio.org/maven2/com/google/oauth-client/google-oauth-client-java6/1.27.0/google-oauth-client-java6-1.27.0.jar",
+            "http://repo1.maven.org/maven2/com/google/oauth-client/google-oauth-client-java6/1.27.0/google-oauth-client-java6-1.27.0.jar",
         ],
         deps = ["@com_google_oauth_client"],
     )
diff --git a/java/google/registry/tools/AuthModule.java b/java/google/registry/tools/AuthModule.java
index a6767d2be..16f550cff 100644
--- a/java/google/registry/tools/AuthModule.java
+++ b/java/google/registry/tools/AuthModule.java
@@ -118,8 +118,7 @@ public class AuthModule {
   static Details provideDefaultInstalledDetails() {
     return new Details()
         .setAuthUri("https://accounts.google.com/o/oauth2/auth")
-        .setTokenUri("https://accounts.google.com/o/oauth2/token")
-        .setRedirectUris(ImmutableList.of("urn:ietf:wg:oauth:2.0:oob", "http://localhost"));
+        .setTokenUri("https://accounts.google.com/o/oauth2/token");
   }
 
   @Provides
diff --git a/java/google/registry/tools/BUILD b/java/google/registry/tools/BUILD
index b5dde8ed3..b1f1f9d45 100644
--- a/java/google/registry/tools/BUILD
+++ b/java/google/registry/tools/BUILD
@@ -70,6 +70,7 @@ java_library(
         "@com_beust_jcommander",
         "@com_google_api_client",
         "@com_google_api_client_appengine",
+        "@com_google_api_client_java6",
         "@com_google_apis_google_api_services_appengine",
         "@com_google_apis_google_api_services_bigquery",
         "@com_google_apis_google_api_services_dns",
diff --git a/java/google/registry/tools/LoginCommand.java b/java/google/registry/tools/LoginCommand.java
index 612d7a309..3b4fce14f 100644
--- a/java/google/registry/tools/LoginCommand.java
+++ b/java/google/registry/tools/LoginCommand.java
@@ -14,10 +14,12 @@
 
 package google.registry.tools;
 
+import com.beust.jcommander.Parameter;
 import com.beust.jcommander.Parameters;
 import com.google.api.client.extensions.java6.auth.oauth2.AuthorizationCodeInstalledApp;
 import com.google.api.client.extensions.jetty.auth.oauth2.LocalServerReceiver;
 import com.google.api.client.googleapis.auth.oauth2.GoogleAuthorizationCodeFlow;
+import com.google.api.client.googleapis.extensions.java6.auth.oauth2.GooglePromptReceiver;
 import javax.inject.Inject;
 
 /** Authorizes the nomulus tool for OAuth 2.0 access to remote resources. */
@@ -27,9 +29,29 @@ final class LoginCommand implements Command {
   @Inject GoogleAuthorizationCodeFlow flow;
   @Inject @AuthModule.ClientScopeQualifier String clientScopeQualifier;
 
+  @Parameter(
+      names = "--remote",
+      description =
+          "Whether the command is run on a remote host where access to a browser is not available. "
+              + "If set to true, a URL will be given and a code is expected to be entered after "
+              + "the user completes authorization by visiting that URL.")
+  private boolean remote = false;
+
   @Override
   public void run() throws Exception {
-    new AuthorizationCodeInstalledApp(flow, new LocalServerReceiver())
-        .authorize(clientScopeQualifier);
+    AuthorizationCodeInstalledApp app;
+    if (remote) {
+      app =
+          new AuthorizationCodeInstalledApp(
+              flow,
+              new GooglePromptReceiver(),
+              url -> {
+                System.out.println("Please open the following address in your browser:");
+                System.out.println("  " + url);
+              });
+    } else {
+      app = new AuthorizationCodeInstalledApp(flow, new LocalServerReceiver());
+    }
+    app.authorize(clientScopeQualifier);
   }
 }