fix: ensure both refreshMargin and expirationMargin are set when usin…

…g OAuth2CredentialsWithRefresh (#1131) * fix: Ensure both refreshMargin and expirationMargin are set when using OAuth2CredentialsWithRefresh * fix: review
googleapis · Jan 19, 2023 · 326e4a1 · 326e4a1
1 parent f55d41f
commit 326e4a1
Show file tree

Hide file tree

Showing 3 changed files with 131 additions and 2 deletions.
diff --git a/oauth2_http/java/com/google/auth/oauth2/OAuth2Credentials.java b/oauth2_http/java/com/google/auth/oauth2/OAuth2Credentials.java
@@ -151,6 +151,18 @@ public final AccessToken getAccessToken() {
     return null;
   }
 
+  /** Returns the credentials' refresh margin. */
+  @VisibleForTesting
+  Duration getRefreshMargin() {
+    return this.refreshMargin;
+  }
+
+  /** Returns the credentials' expiration margin. */
+  @VisibleForTesting
+  Duration getExpirationMargin() {
+    return this.expirationMargin;
+  }
+
   @Override
   public void getRequestMetadata(
       final URI uri, Executor executor, final RequestMetadataCallback callback) {

diff --git a/oauth2_http/java/com/google/auth/oauth2/OAuth2CredentialsWithRefresh.java b/oauth2_http/java/com/google/auth/oauth2/OAuth2CredentialsWithRefresh.java
@@ -49,6 +49,16 @@ public interface OAuth2RefreshHandler {
 
   private final OAuth2RefreshHandler refreshHandler;
 
+  protected OAuth2CredentialsWithRefresh(Builder builder) {
+    super(builder.getAccessToken(), builder.getRefreshMargin(), builder.getExpirationMargin());
+    // An expiration time must be provided.
+    if (builder.getAccessToken() != null && builder.getAccessToken().getExpirationTime() == null) {
+      throw new IllegalArgumentException(
+          "The provided access token must contain the expiration time.");
+    }
+    this.refreshHandler = checkNotNull(builder.refreshHandler);
+  }
+
   protected OAuth2CredentialsWithRefresh(
       AccessToken accessToken, OAuth2RefreshHandler refreshHandler) {
     super(accessToken);
@@ -101,7 +111,7 @@ public Builder setRefreshHandler(OAuth2RefreshHandler handler) {
     }
 
     public OAuth2CredentialsWithRefresh build() {
-      return new OAuth2CredentialsWithRefresh(getAccessToken(), refreshHandler);
+      return new OAuth2CredentialsWithRefresh(this);
     }
   }
 }
diff --git a/oauth2_http/javatests/com/google/auth/oauth2/OAuth2CredentialsWithRefreshTest.java b/oauth2_http/javatests/com/google/auth/oauth2/OAuth2CredentialsWithRefreshTest.java
@@ -31,19 +31,26 @@
 
 package com.google.auth.oauth2;
 
+import static com.google.auth.oauth2.OAuth2Credentials.DEFAULT_EXPIRATION_MARGIN;
+import static com.google.auth.oauth2.OAuth2Credentials.DEFAULT_REFRESH_MARGIN;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.fail;
 
+import com.google.auth.TestUtils;
 import java.io.IOException;
+import java.net.URI;
+import java.time.Duration;
+import java.time.temporal.ChronoUnit;
 import java.util.Date;
+import java.util.List;
+import java.util.Map;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.junit.runners.JUnit4;
 
 /** Tests for {@link OAuth2CredentialsWithRefresh}. */
 @RunWith(JUnit4.class)
 public class OAuth2CredentialsWithRefreshTest {
-
   private static final AccessToken ACCESS_TOKEN = new AccessToken("accessToken", new Date());
 
   @Test
@@ -65,6 +72,85 @@ public AccessToken refreshAccessToken() {
     assertEquals(refreshHandler, credential.getRefreshHandler());
   }
 
+  @Test
+  public void builder_withRefreshAndExpirationMargins() {
+    OAuth2CredentialsWithRefresh.OAuth2RefreshHandler refreshHandler =
+        new OAuth2CredentialsWithRefresh.OAuth2RefreshHandler() {
+          @Override
+          public AccessToken refreshAccessToken() {
+            return null;
+          }
+        };
+
+    Duration refreshMargin = Duration.of(10, ChronoUnit.SECONDS);
+    Duration expirationMargin = Duration.of(12, ChronoUnit.SECONDS);
+
+    OAuth2CredentialsWithRefresh credential =
+        (OAuth2CredentialsWithRefresh)
+            OAuth2CredentialsWithRefresh.newBuilder()
+                .setAccessToken(ACCESS_TOKEN)
+                .setRefreshHandler(refreshHandler)
+                .setRefreshMargin(refreshMargin)
+                .setExpirationMargin(expirationMargin)
+                .build();
+
+    assertEquals(ACCESS_TOKEN, credential.getAccessToken());
+    assertEquals(refreshMargin, credential.getRefreshMargin());
+    assertEquals(expirationMargin, credential.getExpirationMargin());
+    assertEquals(refreshHandler, credential.getRefreshHandler());
+  }
+
+  @Test
+  public void builder_onlyRefreshMarginSet() {
+    OAuth2CredentialsWithRefresh.OAuth2RefreshHandler refreshHandler =
+        new OAuth2CredentialsWithRefresh.OAuth2RefreshHandler() {
+          @Override
+          public AccessToken refreshAccessToken() {
+            return null;
+          }
+        };
+
+    Duration refreshMargin = Duration.of(10, ChronoUnit.SECONDS);
+
+    OAuth2CredentialsWithRefresh credential =
+        (OAuth2CredentialsWithRefresh)
+            OAuth2CredentialsWithRefresh.newBuilder()
+                .setAccessToken(ACCESS_TOKEN)
+                .setRefreshHandler(refreshHandler)
+                .setRefreshMargin(refreshMargin)
+                .build();
+
+    assertEquals(ACCESS_TOKEN, credential.getAccessToken());
+    assertEquals(refreshMargin, credential.getRefreshMargin());
+    assertEquals(DEFAULT_EXPIRATION_MARGIN, credential.getExpirationMargin());
+    assertEquals(refreshHandler, credential.getRefreshHandler());
+  }
+
+  @Test
+  public void builder_onlyExpirationMarginSet() {
+    OAuth2CredentialsWithRefresh.OAuth2RefreshHandler refreshHandler =
+        new OAuth2CredentialsWithRefresh.OAuth2RefreshHandler() {
+          @Override
+          public AccessToken refreshAccessToken() {
+            return null;
+          }
+        };
+
+    Duration expirationMargin = Duration.of(12, ChronoUnit.SECONDS);
+    OAuth2CredentialsWithRefresh credential =
+        (OAuth2CredentialsWithRefresh)
+            OAuth2CredentialsWithRefresh.newBuilder()
+                .setAccessToken(ACCESS_TOKEN)
+                .setRefreshHandler(refreshHandler)
+                .setExpirationMargin(expirationMargin)
+                .build();
+
+    assertEquals(ACCESS_TOKEN, credential.getAccessToken());
+    assertEquals(DEFAULT_REFRESH_MARGIN, credential.getRefreshMargin());
+    assertEquals(expirationMargin, credential.getExpirationMargin());
+    assertEquals(refreshHandler, credential.getRefreshHandler());
+  }
+
   @Test
   public void builder_noAccessToken() {
     OAuth2CredentialsWithRefresh.newBuilder()
@@ -119,4 +205,25 @@ public AccessToken refreshAccessToken() {
 
     assertEquals(refreshedToken, accessToken);
   }
+
+  @Test
+  public void getRequestMetadata() throws IOException {
+    URI uri = URI.create("http://googleapis.com/testapi/v1/foo");
+    final AccessToken refreshedToken = new AccessToken("refreshedAccessToken", new Date());
+    OAuth2CredentialsWithRefresh credentials =
+        OAuth2CredentialsWithRefresh.newBuilder()
+            .setAccessToken(ACCESS_TOKEN)
+            .setRefreshHandler(
+                new OAuth2CredentialsWithRefresh.OAuth2RefreshHandler() {
+                  @Override
+                  public AccessToken refreshAccessToken() {
+                    return refreshedToken;
+                  }
+                })
+            .build();
+
+    Map<String, List<String>> metadata = credentials.getRequestMetadata(uri);
+
+    TestUtils.assertContainsBearerToken(metadata, refreshedToken.getTokenValue());
+  }
 }