Implement login/logout commands

Refactor the auth code into its own dagger module, add tests and use the new interfaces to implement the login and logout commands.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=149108266

javatests/google/registry/tools/AuthModuleTest.java

@@ -0,0 +1,137 @@
+// Copyright 2017 The Nomulus Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package google.registry.tools;
+
+import static com.google.common.truth.Truth.assertThat;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+import com.google.api.client.auth.oauth2.Credential;
+import com.google.api.client.auth.oauth2.StoredCredential;
+import com.google.api.client.googleapis.auth.oauth2.GoogleClientSecrets;
+import com.google.api.client.http.HttpRequest;
+import com.google.api.client.json.jackson2.JacksonFactory;
+import com.google.api.client.util.store.AbstractDataStoreFactory;
+import com.google.api.client.util.store.DataStore;
+import com.google.common.collect.ImmutableSet;
+import google.registry.testing.ExceptionRule;
+import java.io.IOException;
+import java.io.Serializable;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+@RunWith(JUnit4.class)
+public class AuthModuleTest {
+  private static final String TEST_CLIENT_SECRET_FILENAME =
+      "/google/registry/tools/resources/client_secret_UNITTEST.json";
+
+  private static final Credential FAKE_CREDENTIAL = new Credential(
+      new Credential.AccessMethod() {
+        @Override
+        public void intercept(HttpRequest request, String accessToken) throws IOException {}
+
+        @Override
+        public String getAccessTokenFromRequest(HttpRequest request) {
+          return "MockAccessToken";
+        }
+      });
+
+  @SuppressWarnings("unchecked")
+  DataStore<StoredCredential> dataStore = mock(DataStore.class);
+
+  class FakeDataStoreFactory extends AbstractDataStoreFactory {
+    @Override
+    protected <V extends Serializable> DataStore<V> createDataStore(String id) {
+      @SuppressWarnings("unchecked")
+      DataStore<V> result = (DataStore<V>) dataStore;
+      return result;
+    }
+  }
+
+  @Rule public final ExceptionRule thrown = new ExceptionRule();
+
+  @Test
+  public void test_clientScopeQualifier() {
+    AuthModule authModule = new AuthModule();
+    String simpleQualifier =
+        authModule.provideClientScopeQualifier("client-id", ImmutableSet.of("foo", "bar"));
+
+    // If we change the way we encode client id and scopes, this assertion will break.  That's
+    // probably ok and you can just change the text.  The things you have to be aware of are:
+    // - Names in the new encoding should have a low risk of collision with the old encoding.
+    // - Changing the encoding will force all OAuth users of the nomulus tool to do a new login
+    //   (existing credentials will not be used).
+    assertThat(simpleQualifier).isEqualTo("client-id bar foo");
+
+    // Verify order independence.
+    assertThat(simpleQualifier).isEqualTo(
+        authModule.provideClientScopeQualifier("client-id", ImmutableSet.of("bar", "foo")));
+
+    // Verify changing client id produces a different value.
+    assertThat(simpleQualifier).isNotEqualTo(
+        authModule.provideClientScopeQualifier("new-client", ImmutableSet.of("bar", "foo")));
+
+    // Verify that adding/deleting/modifying scopes produces a different value.
+    assertThat(simpleQualifier).isNotEqualTo(
+        authModule.provideClientScopeQualifier("client id", ImmutableSet.of("bar", "foo", "baz")));
+    assertThat(simpleQualifier).isNotEqualTo(
+        authModule.provideClientScopeQualifier("client id", ImmutableSet.of("barx", "foo")));
+    assertThat(simpleQualifier).isNotEqualTo(
+        authModule.provideClientScopeQualifier("client id", ImmutableSet.of("bar", "foox")));
+    assertThat(simpleQualifier).isNotEqualTo(
+        authModule.provideClientScopeQualifier("client id", ImmutableSet.of("bar")));
+
+    // Verify that delimiting works.
+    assertThat(simpleQualifier).isNotEqualTo(
+        authModule.provideClientScopeQualifier("client-id", ImmutableSet.of("barf", "oo")));
+    assertThat(simpleQualifier).isNotEqualTo(
+        authModule.provideClientScopeQualifier("client-idb", ImmutableSet.of("ar", "foo")));
+  }
+
+  private Credential getCredential() {
+    // Reconstruct the entire dependency graph, injecting FakeDatastoreFactory and credential
+    // parameters.
+    AuthModule authModule = new AuthModule();
+    JacksonFactory jsonFactory = new JacksonFactory();
+    GoogleClientSecrets clientSecrets =
+        authModule.provideClientSecrets(TEST_CLIENT_SECRET_FILENAME, jsonFactory);
+    ImmutableSet<String> scopes = ImmutableSet.of("scope1");
+    return authModule.provideCredential(
+        authModule.provideAuthorizationCodeFlow(
+            jsonFactory, clientSecrets, scopes, new FakeDataStoreFactory()),
+        authModule.provideClientScopeQualifier(authModule.provideClientId(clientSecrets), scopes));
+  }
+
+  @Test
+  public void test_provideCredential() throws Exception {
+    when(dataStore.get("UNITTEST-CLIENT-ID scope1")).thenReturn(
+        new StoredCredential(FAKE_CREDENTIAL));
+    Credential cred = getCredential();
+    assertThat(cred.getAccessToken()).isEqualTo(FAKE_CREDENTIAL.getAccessToken());
+    assertThat(cred.getRefreshToken()).isEqualTo(FAKE_CREDENTIAL.getRefreshToken());
+    assertThat(cred.getExpirationTimeMilliseconds()).isEqualTo(
+        FAKE_CREDENTIAL.getExpirationTimeMilliseconds());
+  }
+
+  @Test
+  public void test_provideCredential_notStored() {
+    thrown.expect(AuthModule.LoginRequiredException.class);
+    // Doing this without the mock setup should cause us to throw an exception because the
+    // credential has not been stored.
+    getCredential();
+  }
+}

javatests/google/registry/tools/BUILD

@@ -41,8 +41,8 @@ java_library(
         "@com_google_code_findbugs_jsr305",
         "@com_google_guava",
         "@com_google_http_client",
+        "@com_google_http_client_jackson2",
         "@com_google_oauth_client",
-        "@com_google_oauth_client_java6",
         "@com_google_re2j",
         "@com_google_truth",
         "@com_googlecode_json_simple",

javatests/google/registry/tools/DefaultRequestFactoryModuleTest.java

@@ -15,20 +15,11 @@
 package google.registry.tools;
 
 import static com.google.common.truth.Truth.assertThat;
-import static google.registry.tools.DefaultRequestFactoryModule.createClientScopeQualifier;
-import static org.mockito.Matchers.any;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.verifyZeroInteractions;
-import static org.mockito.Mockito.when;
 
 import com.google.api.client.auth.oauth2.Credential;
-import com.google.api.client.googleapis.auth.oauth2.GoogleClientSecrets;
 import com.google.api.client.http.HttpRequest;
 import com.google.api.client.http.HttpRequestFactory;
 import com.google.api.client.http.HttpRequestInitializer;
-import com.google.api.client.util.store.AbstractDataStoreFactory;
-import com.google.common.collect.ImmutableList;
 import com.google.common.net.HostAndPort;
 import google.registry.testing.Providers;
 import java.io.IOException;
@@ -37,7 +28,6 @@ import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
-import org.mockito.ArgumentCaptor;
 
 @RunWith(JUnit4.class)
 public class DefaultRequestFactoryModuleTest {
@@ -53,18 +43,8 @@ public class DefaultRequestFactoryModuleTest {
         }
       });
 
-  private static final String TEST_CLIENT_SECRET_FILENAME =
-      "/google/registry/tools/resources/client_secret_UNITTEST.json";
-
-  // Mocks.
-  AbstractDataStoreFactory dataStoreFactory = mock(AbstractDataStoreFactory.class);
-  DefaultRequestFactoryModule.Authorizer authorizer =
-      mock(DefaultRequestFactoryModule.Authorizer.class);
   Provider<Credential> credentialProvider = Providers.of(FAKE_CREDENTIAL);
 
-  // Captor for client secrets.
-  ArgumentCaptor<GoogleClientSecrets> secrets = ArgumentCaptor.forClass(GoogleClientSecrets.class);
-
   DefaultRequestFactoryModule module = new DefaultRequestFactoryModule();
 
   @Before
@@ -72,19 +52,6 @@ public class DefaultRequestFactoryModuleTest {
     RegistryToolEnvironment.UNITTEST.setup();
   }
 
-  @Test
-  public void test_getCredential() throws Exception {
-    when(authorizer.authorize(any(GoogleClientSecrets.class))).thenReturn(FAKE_CREDENTIAL);
-    Credential cred = module.provideCredential(
-        dataStoreFactory,
-        authorizer,
-        TEST_CLIENT_SECRET_FILENAME);
-    assertThat(cred).isSameAs(FAKE_CREDENTIAL);
-    verify(authorizer).authorize(secrets.capture());
-    assertThat(secrets.getValue().getDetails().getClientId()).isEqualTo(
-        "UNITTEST-CLIENT-ID");
-  }
-
   @Test
   public void test_provideHttpRequestFactory_localhost() throws Exception {
     // Make sure that localhost creates a request factory with an initializer.
@@ -95,7 +62,6 @@ public class DefaultRequestFactoryModuleTest {
     HttpRequestInitializer initializer = factory.getInitializer();
     assertThat(initializer).isNotNull();
     assertThat(initializer).isNotSameAs(FAKE_CREDENTIAL);
-    verifyZeroInteractions(authorizer);
   }
 
   @Test
@@ -108,41 +74,4 @@ public class DefaultRequestFactoryModuleTest {
             credentialProvider);
     assertThat(factory.getInitializer()).isSameAs(FAKE_CREDENTIAL);
   }
-
-  @Test
-  public void test_createClientScopeQualifier() {
-    String simpleQualifier =
-        createClientScopeQualifier("client-id", ImmutableList.of("foo", "bar"));
-
-    // If we change the way we encode client id and scopes, this assertion will break.  That's
-    // probably ok and you can just change the text.  The things you have to be aware of are:
-    // - Names in the new encoding should have a low risk of collision with the old encoding.
-    // - Changing the encoding will force all OAuth users of the nomulus tool to do a new login
-    //   (existing credentials will not be used).
-    assertThat(simpleQualifier).isEqualTo("client-id bar foo");
-
-    // Verify order independence.
-    assertThat(simpleQualifier).isEqualTo(
-        createClientScopeQualifier("client-id", ImmutableList.of("bar", "foo")));
-
-    // Verify changing client id produces a different value.
-    assertThat(simpleQualifier).isNotEqualTo(
-        createClientScopeQualifier("new-client", ImmutableList.of("bar", "foo")));
-
-    // Verify that adding/deleting/modifying scopes produces a different value.
-    assertThat(simpleQualifier).isNotEqualTo(
-        createClientScopeQualifier("client id", ImmutableList.of("bar", "foo", "baz")));
-    assertThat(simpleQualifier).isNotEqualTo(
-        createClientScopeQualifier("client id", ImmutableList.of("barx", "foo")));
-    assertThat(simpleQualifier).isNotEqualTo(
-        createClientScopeQualifier("client id", ImmutableList.of("bar", "foox")));
-    assertThat(simpleQualifier).isNotEqualTo(
-        createClientScopeQualifier("client id", ImmutableList.of("bar")));
-
-    // Verify that delimiting works.
-    assertThat(simpleQualifier).isNotEqualTo(
-        createClientScopeQualifier("client-id", ImmutableList.of("barf", "oo")));
-    assertThat(simpleQualifier).isNotEqualTo(
-        createClientScopeQualifier("client-idb", ImmutableList.of("ar", "foo")));
-  }
 }