New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Prefer Google auth library and generated API client for list releases action #307
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,6 @@ | ||
source('https://rubygems.org') | ||
|
||
gemspec | ||
gem 'google-api-client', '~> 0.38' | ||
|
||
plugins_path = File.join(File.dirname(__FILE__), 'fastlane', 'Pluginfile') | ||
eval_gemfile(plugins_path) if File.exist?(plugins_path) |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,6 @@ | ||
require 'googleauth' | ||
require 'fastlane_core/ui/ui' | ||
|
||
module Fastlane | ||
UI = FastlaneCore::UI unless Fastlane.const_defined?("UI") | ||
module Auth | ||
|
@@ -13,8 +15,8 @@ module FirebaseAppDistributionAuthClient | |
CLIENT_ID = "563584335869-fgrhgmd47bqnekij5i8b5pr03ho849e6.apps.googleusercontent.com" | ||
CLIENT_SECRET = "j9iVZfS8kkCEFUPaAeJV0sAi" | ||
|
||
# Returns the auth token for any of the auth methods (Firebase CLI token, | ||
# Google service account, firebase-tools). To ensure that a specific | ||
# Returns an authorization object for any of the auth methods (Firebase CLI token, | ||
# Application Default Credentials, firebase-tools). To ensure that a specific | ||
# auth method is used, unset all other auth variables/parameters to nil/empty | ||
# | ||
# args | ||
|
@@ -23,43 +25,45 @@ module FirebaseAppDistributionAuthClient | |
# debug - Whether to enable debug-level logging | ||
# | ||
# env variables | ||
# GOOGLE_APPLICATION_CREDENTIALS - see google_service_path | ||
# FIREBASE_TOKEN - see firebase_cli_token | ||
# | ||
# Crashes if given invalid or missing credentials | ||
def fetch_auth_token(google_service_path, firebase_cli_token, debug = false) | ||
def get_authorization(google_service_path, firebase_cli_token, debug = false) | ||
if !google_service_path.nil? && !google_service_path.empty? | ||
UI.message("🔐 Authenticating with --service_credentials_file path parameter: #{google_service_path}") | ||
token = service_account(google_service_path, debug) | ||
service_account(google_service_path, debug) | ||
elsif !firebase_cli_token.nil? && !firebase_cli_token.empty? | ||
UI.message("🔐 Authenticating with --firebase_cli_token parameter") | ||
token = firebase_token(firebase_cli_token, debug) | ||
firebase_token(firebase_cli_token, debug) | ||
elsif !ENV["FIREBASE_TOKEN"].nil? && !ENV["FIREBASE_TOKEN"].empty? | ||
UI.message("🔐 Authenticating with FIREBASE_TOKEN environment variable") | ||
token = firebase_token(ENV["FIREBASE_TOKEN"], debug) | ||
elsif !ENV["GOOGLE_APPLICATION_CREDENTIALS"].nil? && !ENV["GOOGLE_APPLICATION_CREDENTIALS"].empty? | ||
UI.message("🔐 Authenticating with GOOGLE_APPLICATION_CREDENTIALS environment variable: #{ENV['GOOGLE_APPLICATION_CREDENTIALS']}") | ||
token = service_account(ENV["GOOGLE_APPLICATION_CREDENTIALS"], debug) | ||
firebase_token(ENV["FIREBASE_TOKEN"], debug) | ||
elsif !application_default_creds.nil? | ||
UI.message("🔐 Authenticating with Application Default Credentials") | ||
application_default_creds | ||
elsif (refresh_token = refresh_token_from_firebase_tools) | ||
UI.message("🔐 No authentication method specified. Using cached Firebase CLI credentials.") | ||
token = firebase_token(refresh_token, debug) | ||
UI.message("🔐 No authentication method found. Using cached Firebase CLI credentials.") | ||
firebase_token(refresh_token, debug) | ||
else | ||
UI.user_error!(ErrorMessage::MISSING_CREDENTIALS) | ||
nil | ||
end | ||
token | ||
end | ||
|
||
private | ||
|
||
def application_default_creds | ||
Google::Auth.get_application_default([SCOPE]) | ||
rescue | ||
nil | ||
end | ||
|
||
def refresh_token_from_firebase_tools | ||
config_path = format_config_path | ||
if File.exist?(config_path) | ||
begin | ||
firebase_tools_tokens = JSON.parse(File.read(config_path))['tokens'] | ||
if firebase_tools_tokens.nil? | ||
UI.user_error!(ErrorMessage::EMPTY_TOKENS_FIELD) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. why is this removed? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I might move this to a separate PR. I realized that this isn't actually an exceptional case. If they log out of the Firebase CLI (at least the version I'm using), that file will still exist it just won't have a |
||
return | ||
end | ||
return if firebase_tools_tokens.nil? | ||
refresh_token = firebase_tools_tokens['refresh_token'] | ||
rescue JSON::ParserError | ||
UI.user_error!(ErrorMessage::PARSE_FIREBASE_TOOLS_JSON_ERROR) | ||
|
@@ -84,7 +88,7 @@ def firebase_token(refresh_token, debug) | |
refresh_token: refresh_token | ||
) | ||
client.fetch_access_token! | ||
client.access_token | ||
client | ||
rescue Signet::AuthorizationError => error | ||
error_message = ErrorMessage::REFRESH_TOKEN_ERROR | ||
if debug | ||
|
@@ -101,7 +105,8 @@ def service_account(google_service_path, debug) | |
json_key_io: File.open(google_service_path), | ||
scope: SCOPE | ||
) | ||
service_account_credentials.fetch_access_token!["access_token"] | ||
service_account_credentials.fetch_access_token! | ||
service_account_credentials | ||
rescue Errno::ENOENT | ||
UI.user_error!("#{ErrorMessage::SERVICE_CREDENTIALS_NOT_FOUND}: #{google_service_path}") | ||
rescue Signet::AuthorizationError => error | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is this for backwards compatibility, because other fastlane plugins might rely on camelCase instead of snake_case?
Or is this temporary until you update the rest of the code?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For backwards compatibility