google-auth-library
Advanced tools
Comparing version 0.9.8 to 0.9.9
@@ -0,1 +1,11 @@ | ||
## 0.9.9 (10/14/2016) | ||
### Changes | ||
* Handle symlinks to default application credentials ([@JonathanPorta][]) | ||
* Add support for detecting project ID. ([@jmdobry][]) | ||
* Add support for array of valid audiences ([@gameleon-dev][]) | ||
* Fix devconsole links ([@mortonfox][]) | ||
* Update request ([@tbetbetbe][]) | ||
## 0.9.8 (05/10/2016) | ||
@@ -60,1 +70,5 @@ | ||
[@jonparrot]: https://github.com/jonparrot | ||
[@JonathanPorta]: https://github.com/JonathanPorta | ||
[@jmdobry]: https://github.com/jmdobry | ||
[@gameleon-dev]: https://github.com/gameleon-dev | ||
[@mortonfox]: https://github.com/mortonfox |
@@ -21,2 +21,3 @@ /** | ||
var ComputeClient = require('./computeclient.js'); | ||
var exec = require('child_process').exec; | ||
var fs = require('fs'); | ||
@@ -106,2 +107,165 @@ var os = require('os'); | ||
/** | ||
* Obtains the default project ID for the application.. | ||
* @param {function=} opt_callback Optional callback. | ||
*/ | ||
GoogleAuth.prototype.getDefaultProjectId = function(opt_callback) { | ||
var that = this; | ||
// In implicit case, supports three environments. In order of precedence, the | ||
// implicit environments are: | ||
// | ||
// * GCLOUD_PROJECT or GOOGLE_CLOUD_PROJECT environment variable | ||
// * GOOGLE_APPLICATION_CREDENTIALS JSON file | ||
// * Get default service project from | ||
// ``$ gcloud beta auth application-default login`` | ||
// * Google App Engine application ID (Not implemented yet) | ||
// * Google Compute Engine project ID (from metadata server) (Not implemented yet) | ||
if (that._cachedProjectId) { | ||
process.nextTick(function() { | ||
callback(opt_callback, null, that._cachedProjectId); | ||
}); | ||
} else { | ||
var my_callback = function(err, projectId) { | ||
if (!err && projectId) { | ||
that._cachedprojectId = projectId; | ||
} | ||
process.nextTick(function() { | ||
callback(opt_callback, err, projectId); | ||
}); | ||
}; | ||
// environment variable | ||
if (that._getProductionProjectId(my_callback)) { | ||
return; | ||
} | ||
// json file | ||
that._getFileProjectId(function(err, projectId) { | ||
if (err || projectId) { | ||
my_callback(err, projectId); | ||
return; | ||
} | ||
// Google Cloud SDK default project id | ||
that._getDefaultServiceProjectId(function(err, projectId) { | ||
if (err || projectId) { | ||
my_callback(err, projectId); | ||
return; | ||
} | ||
// Get project ID from Compute Engine metadata server | ||
that._getGCEProjectId(my_callback); | ||
}); | ||
}); | ||
} | ||
}; | ||
/** | ||
* Loads the project id from environment variables. | ||
* @param {function} _callback Callback. | ||
* @api private | ||
*/ | ||
GoogleAuth.prototype._getProductionProjectId = function(_callback) { | ||
var projectId = this._getEnv('GCLOUD_PROJECT') || this._getEnv('GOOGLE_CLOUD_PROJECT'); | ||
if (projectId) { | ||
process.nextTick(function() { | ||
callback(_callback, null, projectId); | ||
}); | ||
} | ||
return projectId; | ||
}; | ||
/** | ||
* Loads the project id from the GOOGLE_APPLICATION_CREDENTIALS json file. | ||
* @param {function} _callback Callback. | ||
* @api private | ||
*/ | ||
GoogleAuth.prototype._getFileProjectId = function(_callback) { | ||
var that = this; | ||
if (that._cachedCredential) { | ||
// Try to read the project ID from the cached credentials file | ||
process.nextTick(function() { | ||
callback(_callback, null, that._cachedCredential.projectId); | ||
}); | ||
return; | ||
} | ||
// Try to load a credentials file and read its project ID | ||
var pathExists = that._tryGetApplicationCredentialsFromEnvironmentVariable(function(err, result) { | ||
if (!err && result) { | ||
callback(_callback, null, result.projectId); | ||
return; | ||
} | ||
callback(_callback, err); | ||
}); | ||
if (!pathExists) { | ||
callback(_callback, null); | ||
} | ||
}; | ||
/** | ||
* Loads the default project of the Google Cloud SDK. | ||
* @param {function} _callback Callback. | ||
* @api private | ||
*/ | ||
GoogleAuth.prototype._getDefaultServiceProjectId = function(_callback) { | ||
this._getSDKDefaultProjectId(function(err, stdout) { | ||
var projectId; | ||
if (!err && stdout) { | ||
try { | ||
projectId = JSON.parse(stdout).core.project; | ||
} catch (err) { | ||
projectId = null; | ||
} | ||
} | ||
// Ignore any errors | ||
callback(_callback, null, projectId); | ||
}); | ||
}; | ||
/** | ||
* Run the Google Cloud SDK command that prints the default project ID | ||
* @param {function} _callback Callback. | ||
* @api private | ||
*/ | ||
GoogleAuth.prototype._getSDKDefaultProjectId = function(_callback) { | ||
exec('gcloud -q config list core/project --format=json', _callback); | ||
}; | ||
/** | ||
* Gets the Compute Engine project ID if it can be inferred. | ||
* Uses 169.254.169.254 for the metadata server to avoid request | ||
* latency from DNS lookup. | ||
* See https://cloud.google.com/compute/docs/metadata#metadataserver | ||
* for information about this IP address. (This IP is also used for | ||
* Amazon EC2 instances, so the metadata flavor is crucial.) | ||
* See https://github.com/google/oauth2client/issues/93 for context about | ||
* DNS latency. | ||
* | ||
* @param {function} _callback Callback. | ||
* @api private | ||
*/ | ||
GoogleAuth.prototype._getGCEProjectId = function(_callback) { | ||
if (!this.transporter) { | ||
this.transporter = new DefaultTransporter(); | ||
} | ||
this.transporter.request({ | ||
method: 'GET', | ||
uri: 'http://169.254.169.254/computeMetadata/v1/project/project-id', | ||
headers: { | ||
'Metadata-Flavor': 'Google' | ||
} | ||
}, function(err, body, res) { | ||
if (err || !res || res.statusCode !== 200 || !body) { | ||
callback(_callback, null); | ||
return; | ||
} | ||
// Ignore any errors | ||
callback(_callback, null, body); | ||
}); | ||
}; | ||
/** | ||
* Obtains the default service-level credentials for the application.. | ||
@@ -116,3 +280,3 @@ * @param {function=} opt_callback Optional callback. | ||
process.nextTick(function() { | ||
callback(opt_callback, null, that._cachedCredential); | ||
callback(opt_callback, null, that._cachedCredential, that._cachedProjectId); | ||
}); | ||
@@ -125,6 +289,13 @@ } else { | ||
that._cachedCredential = result; | ||
that.getDefaultProjectId(function(err, projectId) { | ||
process.nextTick(function() { | ||
// Ignore default project error | ||
callback(opt_callback, null, result, projectId); | ||
}); | ||
}); | ||
} else { | ||
process.nextTick(function() { | ||
callback(opt_callback, err, result); | ||
}); | ||
} | ||
process.nextTick(function() { | ||
callback(opt_callback, err, result); | ||
}); | ||
}; | ||
@@ -267,5 +438,9 @@ // Check for the existence of a local environment variable pointing to the | ||
} | ||
// Make sure there is a file at the path. lstatSync will throw if there is nothing there. | ||
if (!error) { | ||
try { | ||
// Resolve path to actual file in case of symlink. Expect a thrown error if not resolvable. | ||
filePath = fs.realpathSync(filePath); | ||
if (!fs.lstatSync(filePath).isFile()) { | ||
@@ -272,0 +447,0 @@ throw ''; |
@@ -114,2 +114,3 @@ /** | ||
that.key = json.private_key; | ||
that.projectId = json.project_id; | ||
done(); | ||
@@ -116,0 +117,0 @@ }; |
@@ -175,2 +175,3 @@ /** | ||
that.key = json.private_key; | ||
that.projectId = json.project_id; | ||
done(); | ||
@@ -177,0 +178,0 @@ }; |
@@ -406,3 +406,3 @@ /** | ||
* @param {string} idToken ID Token. | ||
* @param {string} audience The audience to verify against the ID Token | ||
* @param {(string|Array.<string>)} audience The audience to verify against the ID Token | ||
* @param {function=} callback Callback supplying GoogleLogin if successful | ||
@@ -479,3 +479,3 @@ */ | ||
* @param {array} certs The array of certs to test the jwt against. | ||
* @param {string} requiredAudience The audience to test the jwt against. | ||
* @param {(string|Array.<string>)} requiredAudience The audience to test the jwt against. | ||
* @param {array} issuers The allowed issuers of the jwt (Optional). | ||
@@ -566,5 +566,14 @@ * @param {string} maxExpiry The max expiry the certificate can be (Optional). | ||
var aud = payload.aud; | ||
if (aud !== requiredAudience) { | ||
throw new Error('Wrong recipient, payload audience != requiredAudience'); | ||
var audVerified = false; | ||
//If the requiredAudience is an array, check if it contains token audience | ||
if(requiredAudience.constructor === Array) | ||
{ | ||
audVerified = (requiredAudience.indexOf(aud) > -1); | ||
} | ||
else{ | ||
audVerified = (aud === requiredAudience); | ||
} | ||
if (!audVerified) { | ||
throw new Error('Wrong recipient, payload audience != requiredAudience'); | ||
} | ||
} | ||
@@ -571,0 +580,0 @@ |
{ | ||
"name": "google-auth-library", | ||
"version": "0.9.8", | ||
"version": "0.9.9", | ||
"author": "Google Inc.", | ||
@@ -12,2 +12,6 @@ "description": "Google APIs Authentication Client Library for Node.js", | ||
{ | ||
"name": "Jason Dobry", | ||
"email": "jason.dobry@gmail.com" | ||
}, | ||
{ | ||
"name": "Tim Emiola", | ||
@@ -37,3 +41,3 @@ "email": "temiola@google.com" | ||
"jws": "~3.0.0", | ||
"request": "~2.60.0", | ||
"request": "~2.74.0", | ||
"string-template": "~0.2.0" | ||
@@ -40,0 +44,0 @@ }, |
@@ -38,3 +38,3 @@ # Google APIs Node.js Client | ||
JSON credentials for your project. Go to **APIs & Auth** > **Credentials** in | ||
the [Google Developers Console](developer console) and select | ||
the [Google Developers Console][devconsole] and select | ||
**Service account** from the **Add credentials** dropdown. | ||
@@ -52,3 +52,3 @@ | ||
enabled. Go to **APIs & Auth** > **APIs** in the | ||
[Google Developers Console](developer console) and enable the APIs you'd like to | ||
[Google Developers Console][devconsole] and enable the APIs you'd like to | ||
call. For the example below, you must enable the `DNS API`. | ||
@@ -55,0 +55,0 @@ |
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
89703
2005
2
+ Addedassert-plus@0.2.0(transitive)
+ Addedaws-sign2@0.6.0(transitive)
+ Addedbl@1.1.2(transitive)
+ Addedhar-validator@2.0.6(transitive)
+ Addedhttp-signature@1.1.1(transitive)
+ Addedpinkie@2.0.4(transitive)
+ Addedpinkie-promise@2.0.1(transitive)
+ Addedpunycode@1.4.1(transitive)
+ Addedqs@6.2.4(transitive)
+ Addedrequest@2.74.0(transitive)
+ Addedtough-cookie@2.3.4(transitive)
- Removedajv@6.12.6(transitive)
- Removedasn1@0.1.11(transitive)
- Removedassert-plus@0.1.5(transitive)
- Removedasynckit@0.4.0(transitive)
- Removedaws-sign2@0.5.00.7.0(transitive)
- Removedbl@1.0.3(transitive)
- Removedbluebird@2.11.0(transitive)
- Removedcaseless@0.12.0(transitive)
- Removedctype@0.5.3(transitive)
- Removedfast-deep-equal@3.1.3(transitive)
- Removedfast-json-stable-stringify@2.1.0(transitive)
- Removedform-data@2.3.3(transitive)
- Removedhar-schema@2.0.0(transitive)
- Removedhar-validator@1.8.05.1.5(transitive)
- Removedhttp-signature@0.11.01.2.0(transitive)
- Removedjson-schema-traverse@0.4.1(transitive)
- Removedoauth-sign@0.9.0(transitive)
- Removedperformance-now@2.1.0(transitive)
- Removedpsl@1.9.0(transitive)
- Removedpunycode@2.3.1(transitive)
- Removedqs@4.0.06.5.3(transitive)
- Removedrequest@2.60.02.88.2(transitive)
- Removedtough-cookie@2.5.0(transitive)
- Removedtunnel-agent@0.6.0(transitive)
- Removeduri-js@4.4.1(transitive)
- Removeduuid@3.4.0(transitive)
Updatedrequest@~2.74.0