auth: add dictionary storage

Allows not to save anything to disk, which is useful overall but especially
useful when working with env vars, which could be sensitive so saving their
value to disk is undesirable.

Author: efiop

pydrive2/auth.py

@@ -10,6 +10,7 @@
 from oauth2client.client import AccessTokenRefreshError
 from oauth2client.client import OAuth2WebServerFlow
 from oauth2client.client import OOB_CALLBACK_URN
+from oauth2client.contrib.dictionary_storage import DictionaryStorage
 from oauth2client.file import Storage
 from oauth2client.tools import ClientRedirectHandler
 from oauth2client.tools import ClientRedirectServer
@@ -197,9 +198,9 @@ def __init__(
         self.settings = settings or self.DEFAULT_SETTINGS
         ValidateSettings(self.settings)
 
-        self._storages = self._InitializeStoragesFromSettings()
-        # Only one (`file`) backend is supported now
-        self._default_storage = self._storages["file"]
+        storages, default = self._InitializeStoragesFromSettings()
+        self._storages = storages
+        self._default_storage = default
 
     @property
     def access_token_expired(self):
@@ -337,7 +338,7 @@ def ServiceAuth(self):
             )
 
     def _InitializeStoragesFromSettings(self):
-        result = {"file": None}
+        result = {"file": None, "dictionary": None}
         backend = self.settings.get("save_credentials_backend")
         save_credentials = self.settings.get("save_credentials")
         if backend == "file":
@@ -347,11 +348,16 @@ def _InitializeStoragesFromSettings(self):
                     "Please specify credentials file to read"
                 )
             result[backend] = Storage(credentials_file)
+        elif backend == "dictionary":
+            result[backend] = DictionaryStorage(
+                self.settings["save_credentials_dict"],
+                self.settings["save_credentials_key"],
+            )
         elif save_credentials:
             raise InvalidConfigError(
                 "Unknown save_credentials_backend: %s" % backend
             )
-        return result
+        return result, result.get(backend)
 
     def LoadCredentials(self, backend=None):
         """Loads credentials or create empty credentials if it doesn't exist.
@@ -366,6 +372,8 @@ def LoadCredentials(self, backend=None):
                 raise InvalidConfigError("Please specify credential backend")
         if backend == "file":
             self.LoadCredentialsFile()
+        elif backend == "dictionary":
+            self._LoadCredentialsDictionary()
         else:
             raise InvalidConfigError("Unknown save_credentials_backend")
 
@@ -399,6 +407,13 @@ def LoadCredentialsFile(self, credentials_file=None):
         if self.credentials:
             self.credentials.set_store(self._default_storage)
 
+    def _LoadCredentialsDictionary(self):
+        self._default_storage = self._storages["dictionary"]
+        self.credentials = self._default_storage.get()
+
+        if self.credentials:
+            self.credentials.set_store(self._default_storage)
+
     def SaveCredentials(self, backend=None):
         """Saves credentials according to specified backend.
 
@@ -415,6 +430,8 @@ def SaveCredentials(self, backend=None):
                 raise InvalidConfigError("Please specify credential backend")
         if backend == "file":
             self.SaveCredentialsFile()
+        elif backend == "dictionary":
+            self._SaveCredentialsDictionary()
         else:
             raise InvalidConfigError("Unknown save_credentials_backend")
 
@@ -446,6 +463,13 @@ def SaveCredentialsFile(self, credentials_file=None):
                 "Credentials file cannot be symbolic link"
             )
 
+    def _SaveCredentialsDictionary(self):
+        if self.credentials is None:
+            raise InvalidCredentialsError("No credentials to save")
+
+        storage = self._storages["dictionary"]
+        storage.put(self.credentials)
+
     def LoadClientConfig(self, backend=None):
         """Loads client configuration according to specified backend.
 

pydrive2/test/test_oauth.py

@@ -125,6 +125,33 @@ def test_09_SaveLoadCredentialsUsesDefaultStorage(mocker):
     assert spy.call_count == 0
 
 
+def test_10_ServiceAuthFromSavedCredentialsDictionary():
+    creds_dict = {}
+    settings = {
+        "client_config_backend": "service",
+        "service_config": {
+            "client_json_file_path": "/tmp/pydrive2/credentials.json",
+        },
+        "oauth_scope": ["https://www.googleapis.com/auth/drive"],
+        "save_credentials": True,
+        "save_credentials_backend": "dictionary",
+        "save_credentials_dict": creds_dict,
+        "save_credentials_key": "creds",
+    }
+    ga = GoogleAuth(settings=settings)
+    ga.ServiceAuth()
+    assert not ga.access_token_expired
+    assert creds_dict
+    first_creds_dict = creds_dict.copy()
+    # Secondary auth should be made only using the previously saved
+    # login info
+    ga = GoogleAuth(settings=settings)
+    ga.ServiceAuth()
+    assert not ga.access_token_expired
+    assert creds_dict == first_creds_dict
+    time.sleep(1)
+
+
 def CheckCredentialsFile(credentials, no_file=False):
     ga = GoogleAuth(settings_file_path("test_oauth_default.yaml"))
     ga.LoadCredentialsFile(credentials)