Add an option to perform login on remote machines

If the user runs "nomulus -e [ENV] login --remote", an URL will be provided, the user then can visit the URL on any machine (not necessary where the command is run) and copy&paste back the authorization code to complete authorization. This makes it easy to login on machines where local browsers are not easily accessible. Also upgraded nebula lint version to 10.3.5. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=225198700
2025-07-21 18:26:12 +02:00 · 2018-12-12 09:26:33 -08:00 · 2018-12-12 09:26:33 -08:00 · 377736e987
commit 377736e987
parent 4146e69d60
6 changed files with 39 additions and 16 deletions
--- a/java/google/registry/tools/AuthModule.java
+++ b/java/google/registry/tools/AuthModule.java
@ -118,8 +118,7 @@ public class AuthModule {
  static Details provideDefaultInstalledDetails() {
    return new Details()
        .setAuthUri("https://accounts.google.com/o/oauth2/auth")
-        .setTokenUri("https://accounts.google.com/o/oauth2/token")
-        .setRedirectUris(ImmutableList.of("urn:ietf:wg:oauth:2.0:oob", "http://localhost"));
+        .setTokenUri("https://accounts.google.com/o/oauth2/token");
  }

  @Provides
--- a/java/google/registry/tools/BUILD
+++ b/java/google/registry/tools/BUILD
@ -70,6 +70,7 @@ java_library(
        "@com_beust_jcommander",
        "@com_google_api_client",
        "@com_google_api_client_appengine",
+        "@com_google_api_client_java6",
        "@com_google_apis_google_api_services_appengine",
        "@com_google_apis_google_api_services_bigquery",
        "@com_google_apis_google_api_services_dns",
--- a/java/google/registry/tools/LoginCommand.java
+++ b/java/google/registry/tools/LoginCommand.java
@ -14,10 +14,12 @@

 package google.registry.tools;

+import com.beust.jcommander.Parameter;
 import com.beust.jcommander.Parameters;
 import com.google.api.client.extensions.java6.auth.oauth2.AuthorizationCodeInstalledApp;
 import com.google.api.client.extensions.jetty.auth.oauth2.LocalServerReceiver;
 import com.google.api.client.googleapis.auth.oauth2.GoogleAuthorizationCodeFlow;
+import com.google.api.client.googleapis.extensions.java6.auth.oauth2.GooglePromptReceiver;
 import javax.inject.Inject;

 /** Authorizes the nomulus tool for OAuth 2.0 access to remote resources. */
@ -27,9 +29,29 @@ final class LoginCommand implements Command {
  @Inject GoogleAuthorizationCodeFlow flow;
  @Inject @AuthModule.ClientScopeQualifier String clientScopeQualifier;

+  @Parameter(
+      names = "--remote",
+      description =
+          "Whether the command is run on a remote host where access to a browser is not available. "
+              + "If set to true, a URL will be given and a code is expected to be entered after "
+              + "the user completes authorization by visiting that URL.")
+  private boolean remote = false;
+
  @Override
  public void run() throws Exception {
-    new AuthorizationCodeInstalledApp(flow, new LocalServerReceiver())
-        .authorize(clientScopeQualifier);
+    AuthorizationCodeInstalledApp app;
+    if (remote) {
+      app =
+          new AuthorizationCodeInstalledApp(
+              flow,
+              new GooglePromptReceiver(),
+              url -> {
+                System.out.println("Please open the following address in your browser:");
+                System.out.println("  " + url);
+              });
+    } else {
+      app = new AuthorizationCodeInstalledApp(flow, new LocalServerReceiver());
+    }
+    app.authorize(clientScopeQualifier);
  }
 }