Skip to content

Commit

Permalink
Merge branch 'main' into fix-explicit-token-caching-issue
Browse files Browse the repository at this point in the history
  • Loading branch information
@bshaffer
bshaffer authored May 2, 2024
2 parents d680437 + 7e79f3d commit 3819ee2
Show file tree
Hide file tree
Showing 14 changed files with 293 additions and 73 deletions.
3 changes: 2 additions & 1 deletion .github/sync-repo-settings.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,8 @@ branchProtectionRules:
- 'PHP 8.0 Unit Test'
- 'PHP 8.1 Unit Test'
- 'PHP 8.2 Unit Test'
- 'PHP 8.2 --prefer-lowest Unit Test'
- 'PHP 8.3 Unit Test'
- 'PHP 8.3 --prefer-lowest Unit Test'
- 'PHP Style Check'
- 'cla/google'
requiredApprovingReviewCount: 1
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/tests.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,12 +11,12 @@ jobs:
strategy:
fail-fast: false
matrix:
php: [ "7.4", "8.0", "8.1", "8.2" ]
php: [ "7.4", "8.0", "8.1", "8.2", "8.3" ]
composer-flags: [""]
include:
- php: "7.4"
composer-flags: "--prefer-lowest "
- php: "8.2"
- php: "8.3"
composer-flags: "--prefer-lowest "
name: PHP ${{ matrix.php }} ${{ matrix.composer-flags }}Unit Test
steps:
Expand All @@ -42,7 +42,7 @@ jobs:
- name: Setup PHP
uses: shivammathur/setup-php@v2
with:
php-version: "7.4"
php-version: "8.1"
- name: Install Dependencies
uses: nick-invision/retry@v2
with:
Expand All @@ -59,7 +59,7 @@ jobs:
- name: Install PHP
uses: shivammathur/setup-php@v2
with:
php-version: '8.0'
php-version: '8.1'
- name: Run Script
run: |
composer install
Expand Down
37 changes: 37 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,42 @@
# Changelog

## [2.16.0](https://github.com/googleapis/google-api-php-client/compare/v2.15.4...v2.16.0) (2024-04-24)


### Features

* Add universe domain support ([#2563](https://github.com/googleapis/google-api-php-client/issues/2563)) ([35895de](https://github.com/googleapis/google-api-php-client/commit/35895ded90b507074b3430a94a5790ddd01f39f0))

## [2.15.4](https://github.com/googleapis/google-api-php-client/compare/v2.15.3...v2.15.4) (2024-03-06)


### Bug Fixes

* Updates phpseclib because of a security issue ([#2574](https://github.com/googleapis/google-api-php-client/issues/2574)) ([633d41f](https://github.com/googleapis/google-api-php-client/commit/633d41f1b65fdb71a83bf747f7a3ad9857f6d02a))

## [2.15.3](https://github.com/googleapis/google-api-php-client/compare/v2.15.2...v2.15.3) (2024-01-04)


### Bug Fixes

* Guzzle dependency version ([#2546](https://github.com/googleapis/google-api-php-client/issues/2546)) ([c270f28](https://github.com/googleapis/google-api-php-client/commit/c270f28b00594a151a887edd3cfd205594a1256a))

## [2.15.2](https://github.com/googleapis/google-api-php-client/compare/v2.15.1...v2.15.2) (2024-01-03)


### Bug Fixes

* Disallow vulnerable guzzle versions ([#2536](https://github.com/googleapis/google-api-php-client/issues/2536)) ([d1830ed](https://github.com/googleapis/google-api-php-client/commit/d1830ede17114a4951ab9e60b3b9bcd9393b8668))
* Php 8.3 deprecated get_class method call without argument ([#2509](https://github.com/googleapis/google-api-php-client/issues/2509)) ([8c66021](https://github.com/googleapis/google-api-php-client/commit/8c6602119b631e1a9da4dbe219af18d51c8dab8e))
* Phpseclib security vulnerability ([#2524](https://github.com/googleapis/google-api-php-client/issues/2524)) ([73705c2](https://github.com/googleapis/google-api-php-client/commit/73705c2a65bfc01fa6d7717b7f401b8288fe0587))

## [2.15.1](https://github.com/googleapis/google-api-php-client/compare/v2.15.0...v2.15.1) (2023-09-12)


### Bug Fixes

* Upgrade min phpseclib version ([#2499](https://github.com/googleapis/google-api-php-client/issues/2499)) ([8e7fae2](https://github.com/googleapis/google-api-php-client/commit/8e7fae2b79cfc1b72026347abf6314d91442a018))

## [2.15.0](https://github.com/googleapis/google-api-php-client/compare/v2.14.0...v2.15.0) (2023-05-18)


Expand Down
9 changes: 9 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,15 @@ Once composer is installed, execute the following command in your project root t
composer require google/apiclient:^2.15.0
```

If you're facing a timeout error then either increase the timeout for composer by adding the env flag as `COMPOSER_PROCESS_TIMEOUT=600 composer install` or you can put this in the `config` section of the composer schema:
```
{
"config": {
"process-timeout": 600
}
}
```

Finally, be sure to include the autoloader:

```php
Expand Down
14 changes: 7 additions & 7 deletions composer.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,21 +7,21 @@
"license": "Apache-2.0",
"require": {
"php": "^7.4|^8.0",
"google/auth": "^1.28",
"google/apiclient-services": "~0.200",
"google/auth": "^1.37",
"google/apiclient-services": "~0.350",
"firebase/php-jwt": "~6.0",
"monolog/monolog": "^2.9||^3.0",
"phpseclib/phpseclib": "^3.0.19",
"guzzlehttp/guzzle": "~6.5||~7.0",
"guzzlehttp/psr7": "^1.8.4||^2.2.1"
"phpseclib/phpseclib": "^3.0.36",
"guzzlehttp/guzzle": "^6.5.8||^7.4.5",
"guzzlehttp/psr7": "^1.9.1||^2.2.1"
},
"require-dev": {
"squizlabs/php_codesniffer": "^3.0",
"squizlabs/php_codesniffer": "^3.8",
"symfony/dom-crawler": "~2.1",
"symfony/css-selector": "~2.1",
"cache/filesystem-adapter": "^1.1",
"phpcompatibility/php-compatibility": "^9.2",
"composer/composer": "^1.10.22",
"composer/composer": "^1.10.23",
"phpspec/prophecy-phpunit": "^2.0",
"phpunit/phpunit": "^9.5"
},
Expand Down
6 changes: 1 addition & 5 deletions phpcs.xml.dist
View file
Original file line number Diff line number Diff line change
Expand Up @@ -148,11 +148,7 @@
There MUST be one space between the closing parenthesis and the opening brace
The structure body MUST be indented once
The closing brace MUST be on the next line after the body -->
<rule ref="Squiz.ControlStructures.ControlSignature">
<properties>
<property name="ignoreComments" value="true"/>
</properties>
</rule>
<rule ref="Squiz.ControlStructures.ControlSignature" />
<rule ref="Squiz.WhiteSpace.ScopeClosingBrace">
<exclude-pattern>src/aliases\.php</exclude-pattern>
</rule>
Expand Down
139 changes: 99 additions & 40 deletions src/Client.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@
use Google\Auth\Credentials\UserRefreshCredentials;
use Google\Auth\CredentialsLoader;
use Google\Auth\FetchAuthTokenCache;
use Google\Auth\GetUniverseDomainInterface;
use Google\Auth\HttpHandler\HttpHandlerFactory;
use Google\Auth\OAuth2;
use Google\AuthHandler\AuthHandlerFactory;
Expand Down Expand Up @@ -105,47 +106,92 @@ class Client
/**
* Construct the Google Client.
*
* @param array $config
* @param array $config {
* An array of required and optional arguments.
*
* @type string $application_name
* The name of your application
* @type string $base_path
* The base URL for the service. This is only accounted for when calling
* {@see Client::authorize()} directly.
* @type string $client_id
* Your Google Cloud client ID found in https://developers.google.com/console
* @type string $client_secret
* Your Google Cloud client secret found in https://developers.google.com/console
* @type string|array|CredentialsLoader $credentials
* Can be a path to JSON credentials or an array representing those
* credentials (@see Google\Client::setAuthConfig), or an instance of
* {@see CredentialsLoader}.
* @type string|array $scopes
* {@see Google\Client::setScopes}
* @type string $quota_project
* Sets X-Goog-User-Project, which specifies a user project to bill
* for access charges associated with the request.
* @type string $redirect_uri
* @type string $state
* @type string $developer_key
* Simple API access key, also from the API console. Ensure you get
* a Server key, and not a Browser key.
* **NOTE:** The universe domain is assumed to be "googleapis.com" unless
* explicitly set. When setting an API ley directly via this option, there
* is no way to verify the universe domain. Be sure to set the
* "universe_domain" option if "googleapis.com" is not intended.
* @type bool $use_application_default_credentials
* For use with Google Cloud Platform
* fetch the ApplicationDefaultCredentials, if applicable
* {@see https://developers.google.com/identity/protocols/application-default-credentials}
* @type string $signing_key
* @type string $signing_algorithm
* @type string $subject
* @type string $hd
* @type string $prompt
* @type string $openid
* @type bool $include_granted_scopes
* @type string $login_hint
* @type string $request_visible_actions
* @type string $access_type
* @type string $approval_prompt
* @type array $retry
* Task Runner retry configuration
* {@see \Google\Task\Runner}
* @type array $retry_map
* @type CacheItemPoolInterface $cache
* Cache class implementing {@see CacheItemPoolInterface}. Defaults
* to {@see MemoryCacheItemPool}.
* @type array $cache_config
* Cache config for downstream auth caching.
* @type callable $token_callback
* Function to be called when an access token is fetched. Follows
* the signature `function (string $cacheKey, string $accessToken)`.
* @type \Firebase\JWT $jwt
* Service class used in {@see Client::verifyIdToken()}. Explicitly
* pass this in to avoid setting {@see \Firebase\JWT::$leeway}
* @type bool $api_format_v2
* Setting api_format_v2 will return more detailed error messages
* from certain APIs.
* @type string $universe_domain
* Setting the universe domain will change the default rootUrl of the service.
* If not set explicitly, the universe domain will be the value provided in the
*. "GOOGLE_CLOUD_UNIVERSE_DOMAIN" environment variable, or "googleapis.com".
* }
*/
public function __construct(array $config = [])
{
$this->config = array_merge([
'application_name' => '',

// Don't change these unless you're working against a special development
// or testing environment.
'base_path' => self::API_BASE_PATH,

// https://developers.google.com/console
'client_id' => '',
'client_secret' => '',

// Can be a path to JSON credentials or an array representing those
// credentials (@see Google\Client::setAuthConfig), or an instance of
// Google\Auth\CredentialsLoader.
'credentials' => null,
// @see Google\Client::setScopes
'scopes' => null,
// Sets X-Goog-User-Project, which specifies a user project to bill
// for access charges associated with the request
'quota_project' => null,

'redirect_uri' => null,
'state' => null,

// Simple API access key, also from the API console. Ensure you get
// a Server key, and not a Browser key.
'developer_key' => '',

// For use with Google Cloud Platform
// fetch the ApplicationDefaultCredentials, if applicable
// @see https://developers.google.com/identity/protocols/application-default-credentials
'use_application_default_credentials' => false,
'signing_key' => null,
'signing_algorithm' => null,
'subject' => null,

// Other OAuth2 parameters.
'hd' => '',
'prompt' => '',
'openid.realm' => '',
Expand All @@ -154,29 +200,15 @@ public function __construct(array $config = [])
'request_visible_actions' => '',
'access_type' => 'online',
'approval_prompt' => 'auto',

// Task Runner retry configuration
// @see Google\Task\Runner
'retry' => [],
'retry_map' => null,

// Cache class implementing Psr\Cache\CacheItemPoolInterface.
// Defaults to Google\Auth\Cache\MemoryCacheItemPool.
'cache' => null,
// cache config for downstream auth caching
'cache_config' => [],

// function to be called when an access token is fetched
// follows the signature function ($cacheKey, $accessToken)
'token_callback' => null,

// Service class used in Google\Client::verifyIdToken.
// Explicitly pass this in to avoid setting JWT::$leeway
'jwt' => null,

// Setting api_format_v2 will return more detailed error messages
// from certain APIs.
'api_format_v2' => false
'api_format_v2' => false,
'universe_domain' => getenv('GOOGLE_CLOUD_UNIVERSE_DOMAIN')
?: GetUniverseDomainInterface::DEFAULT_UNIVERSE_DOMAIN,
], $config);

if (!is_null($this->config['credentials'])) {
Expand Down Expand Up @@ -428,6 +460,7 @@ public function authorize(ClientInterface $http = null)
// 3b. If access token exists but is expired, try to refresh it
// 4. Check for API Key
if ($this->credentials) {
$this->checkUniverseDomain($this->credentials);
return $authHandler->attachCredentials(
$http,
$this->credentials,
Expand All @@ -437,6 +470,7 @@ public function authorize(ClientInterface $http = null)

if ($this->isUsingApplicationDefaultCredentials()) {
$credentials = $this->createApplicationDefaultCredentials();
$this->checkUniverseDomain($credentials);
return $authHandler->attachCredentialsCache(
$http,
$credentials,
Expand All @@ -452,6 +486,7 @@ public function authorize(ClientInterface $http = null)
$scopes,
$token['refresh_token']
);
$this->checkUniverseDomain($credentials);
return $authHandler->attachCredentials(
$http,
$credentials,
Expand Down Expand Up @@ -504,6 +539,11 @@ public function isUsingApplicationDefaultCredentials()
* as calling `clear()` will remove all cache items, including any items not
* related to Google API PHP Client.)
*
* **NOTE:** The universe domain is assumed to be "googleapis.com" unless
* explicitly set. When setting an access token directly via this method, there
* is no way to verify the universe domain. Be sure to set the "universe_domain"
* option if "googleapis.com" is not intended.
*
* @param string|array $token
* @throws InvalidArgumentException
*/
Expand Down Expand Up @@ -1297,4 +1337,23 @@ private function createUserRefreshCredentials($scope, $refreshToken)

return new UserRefreshCredentials($scope, $creds);
}

private function checkUniverseDomain($credentials)
{
$credentialsUniverse = $credentials instanceof GetUniverseDomainInterface
? $credentials->getUniverseDomain()
: GetUniverseDomainInterface::DEFAULT_UNIVERSE_DOMAIN;
if ($credentialsUniverse !== $this->getUniverseDomain()) {
throw new DomainException(sprintf(
'The configured universe domain (%s) does not match the credential universe domain (%s)',
$this->getUniverseDomain(),
$credentialsUniverse
));
}
}

public function getUniverseDomain()
{
return $this->config['universe_domain'];
}
}
7 changes: 6 additions & 1 deletion src/Http/Batch.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,12 @@ public function __construct(
) {
$this->client = $client;
$this->boundary = $boundary ?: mt_rand();
$this->rootUrl = rtrim($rootUrl ?: $this->client->getConfig('base_path'), '/');
$rootUrl = rtrim($rootUrl ?: $this->client->getConfig('base_path'), '/');
$this->rootUrl = str_replace(
'UNIVERSE_DOMAIN',
$this->client->getUniverseDomain(),
$rootUrl
);
$this->batchPath = $batchPath ?: self::BATCH_PATH;
}

Expand Down
2 changes: 1 addition & 1 deletion src/Http/REST.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ public static function execute(
$runner = new Runner(
$config,
sprintf('%s %s', $request->getMethod(), (string) $request->getUri()),
[get_class(), 'doExecute'],
[self::class, 'doExecute'],
[$client, $request, $expectedClass]
);

Expand Down
Loading

0 comments on commit 3819ee2

Please sign in to comment.