Only emits the warning for gcloud credentials (#202)

* Only emits the warning for gcloud credentials * Suppress the warning by setting an env var * Add a test which should fail * Indentation * Add tests for gcloud creds warning * Added a forgotten semicolon * Use full path for ExpectedException * Use old style class name * Removed unnecessary string concatinations
googleapis · Jul 23, 2018 · ad7cdc2 · ad7cdc2
1 parent 1af6b99
commit ad7cdc2
Show file tree

Hide file tree

Showing 5 changed files with 61 additions and 15 deletions.
diff --git a/phpunit.xml.dist b/phpunit.xml.dist
@@ -1,6 +1,8 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<phpunit bootstrap="tests/bootstrap.php" colors="true"
-         convertWarningsToExceptions="false">
+<phpunit bootstrap="tests/bootstrap.php" colors="true">
+  <php>
+    <env name="SUPPRESS_GCLOUD_CREDS_WARNING" value="true" force="true"/>
+  </php>
   <testsuites>
     <testsuite name="google-auth-tests">
       <directory suffix="Test.php">tests</directory>

diff --git a/src/Credentials/UserRefreshCredentials.php b/src/Credentials/UserRefreshCredentials.php
@@ -33,6 +33,11 @@
  */
 class UserRefreshCredentials extends CredentialsLoader
 {
+    const CLOUD_SDK_CLIENT_ID =
+        '764086051850-6qr4p6gpi6hn506pt8ejuq83di341hur.apps.googleusercontent.com';
+
+    const SUPPRESS_CLOUD_SDK_CREDS_WARNING_ENV = 'SUPPRESS_GCLOUD_CREDS_WARNING';
+
     /**
      * The OAuth2 instance used to conduct authorization.
      *
@@ -80,16 +85,22 @@ public function __construct(
             'scope' => $scope,
             'tokenCredentialUri' => self::TOKEN_CREDENTIAL_URI,
         ]);
-        trigger_error(
-            'Your application has authenticated using end user credentials '
-            . 'from Gooogle Cloud SDK. We recommend that most server '
-            . 'applications use service accounts instead. If your application '
-            . 'continues to use end user credentials from Cloud SDK, you might '
-            . 'receive a "quota exceeded" or "API not enabled" error. For '
-            . 'more information about service accounts, see '
-            . 'https://cloud.google.com/docs/authentication/.',
-            E_USER_WARNING
-        );
+        if ($jsonKey['client_id'] === self::CLOUD_SDK_CLIENT_ID
+            && getenv(self::SUPPRESS_CLOUD_SDK_CREDS_WARNING_ENV) !== 'true') {
+            trigger_error(
+                'Your application has authenticated using end user credentials '
+                . 'from Gooogle Cloud SDK. We recommend that most server '
+                . 'applications use service accounts instead. If your '
+                . 'application continues to use end user credentials '
+                . 'from Cloud SDK, you might receive a "quota exceeded" '
+                . 'or "API not enabled" error. For more information about '
+                . 'service accounts, see '
+                . 'https://cloud.google.com/docs/authentication/. '
+                . 'To disable this warning, set '
+                . self::SUPPRESS_CLOUD_SDK_CREDS_WARNING_ENV
+                . ' environment variable to "true".',
+                E_USER_WARNING);
+        }
     }
 
     /**

diff --git a/tests/Credentials/UserRefreshCredentialsTest.php b/tests/Credentials/UserRefreshCredentialsTest.php
@@ -99,7 +99,7 @@ public function testShouldFailIfJsonDoesNotHaveRefreshToken()
      */
     public function testFailsToInitalizeFromANonExistentFile()
     {
-        $keyFile = __DIR__ . '/../fixtures' . '/does-not-exist-private.json';
+        $keyFile = __DIR__ . '/../fixtures/does-not-exist-private.json';
         new UserRefreshCredentials('scope/1', $keyFile);
     }
 
@@ -110,6 +110,27 @@ public function testInitalizeFromAFile()
             new UserRefreshCredentials('scope/1', $keyFile)
         );
     }
+
+    /**
+     * @expectedException PHPUnit_Framework_Error_Warning
+     */
+    public function testGcloudWarning()
+    {
+        putenv('SUPPRESS_GCLOUD_CREDS_WARNING=false');
+        $keyFile = __DIR__ . '/../fixtures2/gcloud.json';
+        $this->assertNotNull(
+            new UserRefreshCredentials('scope/1', $keyFile)
+        );
+    }
+
+    public function testValid3LOauthCreds()
+    {
+        putenv('SUPPRESS_GCLOUD_CREDS_WARNING=false');
+        $keyFile = __DIR__ . '/../fixtures2/valid_oauth_creds.json';
+        $this->assertNotNull(
+            new UserRefreshCredentials('scope/1', $keyFile)
+        );
+    }
 }
 
 class URCFromEnvTest extends TestCase
@@ -129,14 +150,14 @@ public function testIsNullIfEnvVarIsNotSet()
      */
     public function testFailsIfEnvSpecifiesNonExistentFile()
     {
-        $keyFile = __DIR__ . '/../fixtures' . '/does-not-exist-private.json';
+        $keyFile = __DIR__ . '/../fixtures/does-not-exist-private.json';
         putenv(UserRefreshCredentials::ENV_VAR . '=' . $keyFile);
         UserRefreshCredentials::fromEnv('a scope');
     }
 
     public function testSucceedIfFileExists()
     {
-        $keyFile = __DIR__ . '/../fixtures2' . '/private.json';
+        $keyFile = __DIR__ . '/../fixtures2/private.json';
         putenv(UserRefreshCredentials::ENV_VAR . '=' . $keyFile);
         $this->assertNotNull(ApplicationDefaultCredentials::getCredentials('a scope'));
     }

diff --git a/tests/fixtures2/gcloud.json b/tests/fixtures2/gcloud.json
@@ -0,0 +1,6 @@
+{
+  "client_id": "764086051850-6qr4p6gpi6hn506pt8ejuq83di341hur.apps.googleusercontent.com",
+  "client_secret": "dummy_client_secret",
+  "refresh_token": "dummy_refresh_token",
+  "type": "authorized_user"
+}
diff --git a/tests/fixtures2/valid_oauth_creds.json b/tests/fixtures2/valid_oauth_creds.json
@@ -0,0 +1,6 @@
+{
+  "client_id": "valid.apps.googleusercontent.com",
+  "client_secret": "dummy_client_secret",
+  "refresh_token": "dummy_refresh_token",
+  "type": "authorized_user"
+}