fix: avoid losing the original '_include_email' parameter in impersonated credentials (#626)

pietrodn · tseaver · web-flow · commit b49b868e78b5 · 2020-12-11T14:00:30.000-05:00
Co-authored-by: Tres Seaver &lt;tseaver@palladion.com&gt;
diff --git a/packages/google-auth/google/auth/impersonated_credentials.py b/packages/google-auth/google/auth/impersonated_credentials.py
@@ -341,13 +341,15 @@ def from_credentials(self, target_credentials, target_audience=None):
         return self.__class__(
             target_credentials=self._target_credentials,
             target_audience=target_audience,
+            include_email=self._include_email,
             quota_project_id=self._quota_project_id,
         )
 
     def with_target_audience(self, target_audience):
         return self.__class__(
             target_credentials=self._target_credentials,
             target_audience=target_audience,
+            include_email=self._include_email,
             quota_project_id=self._quota_project_id,
         )
 
diff --git a/packages/google-auth/tests/test_impersonated_credentials.py b/packages/google-auth/tests/test_impersonated_credentials.py
@@ -368,12 +368,13 @@ def test_id_token_from_credential(
         assert not credentials.expired
 
         id_creds = impersonated_credentials.IDTokenCredentials(
-            credentials, target_audience=target_audience
+            credentials, target_audience=target_audience, include_email=True
         )
         id_creds = id_creds.from_credentials(target_credentials=credentials)
         id_creds.refresh(request)
 
         assert id_creds.token == ID_TOKEN_DATA
+        assert id_creds._include_email is True
 
     def test_id_token_with_target_audience(
         self, mock_donor_credentials, mock_authorizedsession_idtoken
@@ -396,12 +397,15 @@ def test_id_token_with_target_audience(
         assert credentials.valid
         assert not credentials.expired
 
-        id_creds = impersonated_credentials.IDTokenCredentials(credentials)
+        id_creds = impersonated_credentials.IDTokenCredentials(
+            credentials, include_email=True
+        )
         id_creds = id_creds.with_target_audience(target_audience=target_audience)
         id_creds.refresh(request)
 
         assert id_creds.token == ID_TOKEN_DATA
         assert id_creds.expiry == datetime.datetime.fromtimestamp(ID_TOKEN_EXPIRY)
+        assert id_creds._include_email is True
 
     def test_id_token_invalid_cred(
         self, mock_donor_credentials, mock_authorizedsession_idtoken

Original file line number	Diff line number	Diff line change
`@@ -341,13 +341,15 @@ def from_credentials(self, target_credentials, target_audience=None):`
`341`	`341`	`return self.__class__(`
`342`	`342`	`target_credentials=self._target_credentials,`
`343`	`343`	`target_audience=target_audience,`
	`344`	`+ include_email=self._include_email,`
`344`	`345`	`quota_project_id=self._quota_project_id,`
`345`	`346`	`)`
`346`	`347`
`347`	`348`	`def with_target_audience(self, target_audience):`
`348`	`349`	`return self.__class__(`
`349`	`350`	`target_credentials=self._target_credentials,`
`350`	`351`	`target_audience=target_audience,`
	`352`	`+ include_email=self._include_email,`
`351`	`353`	`quota_project_id=self._quota_project_id,`
`352`	`354`	`)`
`353`	`355`