diff --git a/java/google/registry/config/RegistryConfig.java b/java/google/registry/config/RegistryConfig.java index 2a79e6ca6..6223340a3 100644 --- a/java/google/registry/config/RegistryConfig.java +++ b/java/google/registry/config/RegistryConfig.java @@ -1258,15 +1258,18 @@ public final class RegistryConfig { return "/tos"; } - /** - * Returns the name of the OAuth2 client secrets file. - * - *

This is the name of a resource relative to the root of the class tree. - */ + /** OAuth client ID used by the nomulus tool. */ @Provides - @Config("clientSecretFilename") - public static String provideClientSecretFilename(RegistryConfigSettings config) { - return config.registryTool.clientSecretFilename; + @Config("toolsClientId") + public static String provideToolsClientId(RegistryConfigSettings config) { + return config.registryTool.clientId; + } + + /** OAuth client secret used by the nomulus tool. */ + @Provides + @Config("toolsClientSecret") + public static String provideToolsClientSecret(RegistryConfigSettings config) { + return config.registryTool.clientSecret; } @Provides @@ -1551,12 +1554,6 @@ public final class RegistryConfig { return Duration.standardDays(CONFIG_SETTINGS.get().registryPolicy.contactAutomaticTransferDays); } - /** Provided for testing. */ - @VisibleForTesting - public static String getClientSecretFilename() { - return CONFIG_SETTINGS.get().registryTool.clientSecretFilename; - } - /** * Memoizes loading of the {@link RegistryConfigSettings} POJO. * diff --git a/java/google/registry/config/RegistryConfigSettings.java b/java/google/registry/config/RegistryConfigSettings.java index 9d2b50096..2ce28bacf 100644 --- a/java/google/registry/config/RegistryConfigSettings.java +++ b/java/google/registry/config/RegistryConfigSettings.java @@ -182,6 +182,7 @@ public class RegistryConfigSettings { /** Configuration options for the registry tool. */ public static class RegistryTool { - public String clientSecretFilename; + public String clientId; + public String clientSecret; } } diff --git a/java/google/registry/config/files/default-config.yaml b/java/google/registry/config/files/default-config.yaml index e0cee2e69..c6e447d45 100644 --- a/java/google/registry/config/files/default-config.yaml +++ b/java/google/registry/config/files/default-config.yaml @@ -257,8 +257,8 @@ oAuth: - https://www.googleapis.com/auth/userinfo.email # OAuth client IDs that are allowed to authenticate and communicate with - # backend services, e. g. nomulus tool, EPP proxy, etc. All client_id values - # used in client_secret.json files for associated tooling should be included + # backend services, e. g. nomulus tool, EPP proxy, etc. The client_id value + # used in registryTool.clientId field for associated tooling should be included # in this list. Client IDs are typically of the format # numbers-alphanumerics.apps.googleusercontent.com allowedOauthClientIds: [] @@ -388,5 +388,7 @@ keyring: # Configuration options relevant to the "nomulus" registry tool. registryTool: - # Name of the client secret file used for authenticating with App Engine. - clientSecretFilename: /google/registry/tools/resources/client_secret.json + # OAuth client Id used by the tool. + clientId: YOUR_CLIENT_ID + # OAuth client secret used by the tool. + clientSecret: YOUR_CLIENT_SECRET diff --git a/java/google/registry/tools/AuthModule.java b/java/google/registry/tools/AuthModule.java index 19595b74a..1cb0fb89c 100644 --- a/java/google/registry/tools/AuthModule.java +++ b/java/google/registry/tools/AuthModule.java @@ -21,6 +21,7 @@ import com.google.api.client.extensions.java6.auth.oauth2.AuthorizationCodeInsta import com.google.api.client.extensions.jetty.auth.oauth2.LocalServerReceiver; import com.google.api.client.googleapis.auth.oauth2.GoogleAuthorizationCodeFlow; import com.google.api.client.googleapis.auth.oauth2.GoogleClientSecrets; +import com.google.api.client.googleapis.auth.oauth2.GoogleClientSecrets.Details; import com.google.api.client.http.javanet.NetHttpTransport; import com.google.api.client.json.JsonFactory; import com.google.api.client.util.store.AbstractDataStoreFactory; @@ -38,7 +39,6 @@ import java.io.ByteArrayInputStream; import java.io.File; import java.io.IOException; import java.io.InputStream; -import java.io.InputStreamReader; import java.lang.annotation.Documented; import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; @@ -91,20 +91,21 @@ public class AuthModule { return new AuthorizationCodeInstalledApp(flow, new LocalServerReceiver()); } + @Provides + static Details provideDefaultInstalledDetails() { + return new Details() + .setAuthUri("https://accounts.google.com/o/oauth2/auth") + .setTokenUri("https://accounts.google.com/o/oauth2/token") + .setRedirectUris(ImmutableList.of("urn:ietf:wg:oauth:2.0:oob", "http://localhost")); + } + @Provides public static GoogleClientSecrets provideClientSecrets( - @Config("clientSecretFilename") String clientSecretFilename, JsonFactory jsonFactory) { - try { - // Load the client secrets file. - InputStream secretResourceStream = AuthModule.class.getResourceAsStream(clientSecretFilename); - if (secretResourceStream == null) { - throw new RuntimeException("No client secret file found: " + clientSecretFilename); - } - return GoogleClientSecrets.load(jsonFactory, - new InputStreamReader(secretResourceStream, UTF_8)); - } catch (IOException ex) { - throw new RuntimeException(ex); - } + @Config("toolsClientId") String clientId, + @Config("toolsClientSecret") String clientSecret, + Details details) { + return new GoogleClientSecrets() + .setInstalled(details.setClientId(clientId).setClientSecret(clientSecret)); } @Provides diff --git a/java/google/registry/tools/BUILD b/java/google/registry/tools/BUILD index 3a4a2c12a..b5dde8ed3 100644 --- a/java/google/registry/tools/BUILD +++ b/java/google/registry/tools/BUILD @@ -26,11 +26,6 @@ java_library( resources = glob([ "*.properties", "sql/*.sql", - - # These are example client secret files. You'll need to obtain your - # own for every environment you use and install them in this - # directory. - "resources/client_secret*.json", ]), visibility = [":allowed-tools"], runtime_deps = [ diff --git a/java/google/registry/tools/resources/README.md b/java/google/registry/tools/resources/README.md deleted file mode 100644 index afaf8519e..000000000 --- a/java/google/registry/tools/resources/README.md +++ /dev/null @@ -1,9 +0,0 @@ - -# Adding Client Secrets - -This directory contains the client secret files needed by the `nomulus` tool to -connect to the Nomulus backend via OAuth2. Adding client secret files to this -directory is one of two steps you need to perform; the other is adding the -client id contained in the client secret file to the list of allowed ids in the -Nomulus configuration file. See the configuration documentation for more -information. diff --git a/java/google/registry/tools/resources/client_secret.json b/java/google/registry/tools/resources/client_secret.json deleted file mode 100644 index b111b0279..000000000 --- a/java/google/registry/tools/resources/client_secret.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "installed": { - "client_id":"SEE-README.md-IN_THIS_DIRECTORY.apps.googleusercontent.com", - "project_id":"your-registry-server", - "auth_uri":"https://accounts.google.com/o/oauth2/auth", - "token_uri":"https://accounts.google.com/o/oauth2/token", - "auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs", - "client_secret":"YOUR-CLIENT-SECRET", - "redirect_uris":["urn:ietf:wg:oauth:2.0:oob","http://localhost"] - } -} diff --git a/java/google/registry/tools/resources/client_secret_UNITTEST.json b/java/google/registry/tools/resources/client_secret_UNITTEST.json deleted file mode 100644 index b0a65e565..000000000 --- a/java/google/registry/tools/resources/client_secret_UNITTEST.json +++ /dev/null @@ -1,11 +0,0 @@ -{ - "installed": { - "client_id":"UNITTEST-CLIENT-ID", - "project_id":"DO NOT CHANGE", - "auth_uri":"https://accounts.google.com/o/oauth2/auth", - "token_uri":"https://accounts.google.com/o/oauth2/token", - "auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs", - "client_secret":"UNITTEST-CLIENT-SECRET", - "redirect_uris":["urn:ietf:wg:oauth:2.0:oob","http://localhost"] - } -} diff --git a/javatests/google/registry/config/RegistryConfigTest.java b/javatests/google/registry/config/RegistryConfigTest.java index 5762e4ea2..23718252f 100644 --- a/javatests/google/registry/config/RegistryConfigTest.java +++ b/javatests/google/registry/config/RegistryConfigTest.java @@ -25,13 +25,6 @@ import org.junit.runners.JUnit4; @RunWith(JUnit4.class) public class RegistryConfigTest { - @Test - public void test_clientSecretFilename() { - // Verify that we're pulling this from the default. - assertThat(RegistryConfig.getClientSecretFilename()).isEqualTo( - "/google/registry/tools/resources/client_secret.json"); - } - @Test public void test_reservedTermsExportDisclaimer_isPrependedWithOctothorpes() { assertThat(provideReservedTermsExportDisclaimer(CONFIG_SETTINGS.get())) diff --git a/javatests/google/registry/tools/AuthModuleTest.java b/javatests/google/registry/tools/AuthModuleTest.java index d2f517ad5..affa4dae5 100644 --- a/javatests/google/registry/tools/AuthModuleTest.java +++ b/javatests/google/registry/tools/AuthModuleTest.java @@ -46,8 +46,6 @@ import org.junit.runners.JUnit4; /** Unit tests for {@link AuthModule}. */ @RunWith(JUnit4.class) public class AuthModuleTest { - private static final String TEST_CLIENT_SECRET_FILENAME = - "/google/registry/tools/resources/client_secret_UNITTEST.json"; private static final String CLIENT_ID = "UNITTEST-CLIENT-ID"; private static final String CLIENT_SECRET = "UNITTEST-CLIENT-SECRET"; @@ -89,8 +87,7 @@ public class AuthModuleTest { @Before public void setUp() throws Exception { fakeCredential.setRefreshToken(REFRESH_TOKEN); - when(dataStore.get(CLIENT_ID + " scope1")) - .thenReturn(new StoredCredential(fakeCredential)); + when(dataStore.get(CLIENT_ID + " scope1")).thenReturn(new StoredCredential(fakeCredential)); } @Test @@ -151,7 +148,11 @@ public class AuthModuleTest { } private GoogleClientSecrets getSecrets() { - return AuthModule.provideClientSecrets(TEST_CLIENT_SECRET_FILENAME, new JacksonFactory()); + return new GoogleClientSecrets() + .setInstalled( + AuthModule.provideDefaultInstalledDetails() + .setClientId(CLIENT_ID) + .setClientSecret(CLIENT_SECRET)); } @Test @@ -174,8 +175,8 @@ public class AuthModuleTest { Credential cred = getCredential(); assertThat(cred.getAccessToken()).isEqualTo(fakeCredential.getAccessToken()); assertThat(cred.getRefreshToken()).isEqualTo(fakeCredential.getRefreshToken()); - assertThat(cred.getExpirationTimeMilliseconds()).isEqualTo( - fakeCredential.getExpirationTimeMilliseconds()); + assertThat(cred.getExpirationTimeMilliseconds()) + .isEqualTo(fakeCredential.getExpirationTimeMilliseconds()); } @Test