From 3014e6ddaf7705f92795eb6327aeeb91f4742a85 Mon Sep 17 00:00:00 2001
From: Kazuhiro Serizawa <nserihiro@gmail.com>
Date: Thu, 8 Dec 2016 00:56:14 +0900
Subject: [PATCH 1/4] Implement retry_with_faraday_error

---
 lib/googleauth/signet.rb | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/lib/googleauth/signet.rb b/lib/googleauth/signet.rb
index f7433ff7..4f171070 100644
--- a/lib/googleauth/signet.rb
+++ b/lib/googleauth/signet.rb
@@ -77,6 +77,25 @@ def notify_refresh_listeners
           block.call(self)
         end
       end
+
+      def retry_with_error(max_retry_count = 5)
+        retry_count = 0
+
+        begin
+          yield
+        rescue => e
+          raise e if e.is_a?(Signet::AuthorizationError) || e.is_a?(Signet::ParseError)
+
+          if retry_count < max_retry_count
+            retry_count += 1
+            sleep retry_count * 0.3
+            retry
+          else
+            msg = "Unexpected error: #{e.inspect}"
+            raise(Signet::AuthorizationError, msg)
+          end
+        end
+      end
     end
   end
 end

From a1a9387c2b8677b4e6f13ba0be95fa4677b94500 Mon Sep 17 00:00:00 2001
From: Kazuhiro Serizawa <nserihiro@gmail.com>
Date: Sat, 25 Feb 2017 21:45:07 +0900
Subject: [PATCH 2/4] Use retry_with_error in GCECredentials#fetch_access_token

---
 lib/googleauth/compute_engine.rb       | 23 +++++++++++++----------
 spec/googleauth/compute_engine_spec.rb | 14 ++++++++++++++
 2 files changed, 27 insertions(+), 10 deletions(-)

diff --git a/lib/googleauth/compute_engine.rb b/lib/googleauth/compute_engine.rb
index 9b14e0a4..119a04e2 100644
--- a/lib/googleauth/compute_engine.rb
+++ b/lib/googleauth/compute_engine.rb
@@ -88,16 +88,19 @@ def on_gce?(options = {})
       def fetch_access_token(options = {})
         c = options[:connection] || Faraday.default_connection
         c.headers = { 'Metadata-Flavor' => 'Google' }
-        resp = c.get(COMPUTE_AUTH_TOKEN_URI)
-        case resp.status
-        when 200
-          Signet::OAuth2.parse_credentials(resp.body,
-                                           resp.headers['content-type'])
-        when 404
-          raise(Signet::AuthorizationError, NO_METADATA_SERVER_ERROR)
-        else
-          msg = "Unexpected error code #{resp.status}" + UNEXPECTED_ERROR_SUFFIX
-          raise(Signet::AuthorizationError, msg)
+
+        retry_with_error do
+          resp = c.get(COMPUTE_AUTH_TOKEN_URI)
+          case resp.status
+          when 200
+            Signet::OAuth2.parse_credentials(resp.body,
+                                             resp.headers['content-type'])
+          when 404
+            raise(Signet::AuthorizationError, NO_METADATA_SERVER_ERROR)
+          else
+            msg = "Unexpected error code #{resp.status}" + UNEXPECTED_ERROR_SUFFIX
+            raise(Signet::AuthorizationError, msg)
+          end
         end
       end
     end
diff --git a/spec/googleauth/compute_engine_spec.rb b/spec/googleauth/compute_engine_spec.rb
index c98fec29..f12d0ef9 100644
--- a/spec/googleauth/compute_engine_spec.rb
+++ b/spec/googleauth/compute_engine_spec.rb
@@ -77,6 +77,20 @@ def make_auth_stubs(opts = {})
           .to raise_error Signet::AuthorizationError
         expect(stub).to have_been_requested
       end
+
+      it 'should fail with Signet::AuthorizationError if request times out' do
+        allow_any_instance_of(Faraday::Connection).to receive(:get)
+          .and_raise(Faraday::TimeoutError)
+        expect { @client.fetch_access_token! }
+          .to raise_error Signet::AuthorizationError
+      end
+
+      it 'should fail with Signet::AuthorizationError if request fails' do
+        allow_any_instance_of(Faraday::Connection).to receive(:get)
+          .and_raise(Faraday::ConnectionFailed, nil)
+        expect { @client.fetch_access_token! }
+          .to raise_error Signet::AuthorizationError
+      end
     end
   end
 

From 40f4e166a2e1eac303f9d8a70f51ff0082446b20 Mon Sep 17 00:00:00 2001
From: Kazuhiro Serizawa <nserihiro@gmail.com>
Date: Sat, 25 Feb 2017 21:59:45 +0900
Subject: [PATCH 3/4] Use retry_with_error in UserRefreshCredentials#revoke!

---
 lib/googleauth/user_refresh.rb       | 21 ++++++++++++---------
 spec/googleauth/user_refresh_spec.rb | 16 ++++++++++++++++
 2 files changed, 28 insertions(+), 9 deletions(-)

diff --git a/lib/googleauth/user_refresh.rb b/lib/googleauth/user_refresh.rb
index 14c19906..65d310f7 100644
--- a/lib/googleauth/user_refresh.rb
+++ b/lib/googleauth/user_refresh.rb
@@ -92,15 +92,18 @@ def initialize(options = {})
       # Revokes the credential
       def revoke!(options = {})
         c = options[:connection] || Faraday.default_connection
-        resp = c.get(REVOKE_TOKEN_URI, token: refresh_token || access_token)
-        case resp.status
-        when 200
-          self.access_token = nil
-          self.refresh_token = nil
-          self.expires_at = 0
-        else
-          raise(Signet::AuthorizationError,
-                "Unexpected error code #{resp.status}")
+
+        retry_with_error do
+          resp = c.get(REVOKE_TOKEN_URI, token: refresh_token || access_token)
+          case resp.status
+          when 200
+            self.access_token = nil
+            self.refresh_token = nil
+            self.expires_at = 0
+          else
+            raise(Signet::AuthorizationError,
+                  "Unexpected error code #{resp.status}")
+          end
         end
       end
 
diff --git a/spec/googleauth/user_refresh_spec.rb b/spec/googleauth/user_refresh_spec.rb
index d80f6ba0..cc81476a 100644
--- a/spec/googleauth/user_refresh_spec.rb
+++ b/spec/googleauth/user_refresh_spec.rb
@@ -293,4 +293,20 @@ def cred_json_text(missing = nil)
       )
     end
   end
+
+  describe 'when erros occured with request' do
+    it 'should fail with Signet::AuthorizationError if request times out' do
+      allow_any_instance_of(Faraday::Connection).to receive(:get)
+        .and_raise(Faraday::TimeoutError)
+      expect { @client.revoke! }
+        .to raise_error Signet::AuthorizationError
+    end
+
+    it 'should fail with Signet::AuthorizationError if request fails' do
+      allow_any_instance_of(Faraday::Connection).to receive(:get)
+        .and_raise(Faraday::ConnectionFailed, nil)
+      expect { @client.revoke! }
+        .to raise_error Signet::AuthorizationError
+    end
+  end
 end

From 227ba09a7ee993fdfb9c891603305963fee56d3c Mon Sep 17 00:00:00 2001
From: Kazuhiro Serizawa <nserihiro@gmail.com>
Date: Fri, 14 Jul 2017 08:04:35 +0900
Subject: [PATCH 4/4] Fix rubocop cautions

---
 lib/googleauth/compute_engine.rb | 3 ++-
 lib/googleauth/signet.rb         | 4 +++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/lib/googleauth/compute_engine.rb b/lib/googleauth/compute_engine.rb
index 119a04e2..06031101 100644
--- a/lib/googleauth/compute_engine.rb
+++ b/lib/googleauth/compute_engine.rb
@@ -98,7 +98,8 @@ def fetch_access_token(options = {})
           when 404
             raise(Signet::AuthorizationError, NO_METADATA_SERVER_ERROR)
           else
-            msg = "Unexpected error code #{resp.status}" + UNEXPECTED_ERROR_SUFFIX
+            msg = "Unexpected error code #{resp.status}" \
+              "#{UNEXPECTED_ERROR_SUFFIX}"
             raise(Signet::AuthorizationError, msg)
           end
         end
diff --git a/lib/googleauth/signet.rb b/lib/googleauth/signet.rb
index 4f171070..02927aa2 100644
--- a/lib/googleauth/signet.rb
+++ b/lib/googleauth/signet.rb
@@ -84,7 +84,9 @@ def retry_with_error(max_retry_count = 5)
         begin
           yield
         rescue => e
-          raise e if e.is_a?(Signet::AuthorizationError) || e.is_a?(Signet::ParseError)
+          if e.is_a?(Signet::AuthorizationError) || e.is_a?(Signet::ParseError)
+            raise e
+          end
 
           if retry_count < max_retry_count
             retry_count += 1