auth: add dictionary storage

Allows not to save anything to disk, which is useful overall but especially
useful when working with env vars, which could be sensitive so saving their
value to disk is undesirable.

Author: efiop

docs/oauth.rst

@@ -74,6 +74,8 @@ These are all the possible fields of a *settings.yaml* file:
     save_credentials: {{bool}}
     save_credentials_backend: {{str}}
     save_credentials_file: {{str}}
+    save_credentials_dict: {{dict}}
+    save_credentials_key: {{str}}
 
     get_refresh_token: {{bool}}
 
@@ -91,8 +93,10 @@ Fields explained:
 :client_config['redirect_uri'] (str): Redirection endpoint URI. **Default**: 'urn:ietf:wg:oauth:2.0:oob'. **Required**: No.
 :client_config['revoke_uri'] (str): Revoke endpoint URI. **Default**: None. **Required**: No.
 :save_credentials (bool): True if you want to save credentials. **Default**: False. **Required**: No.
-:save_credentials_backend (str): Backend to save credentials to. 'file' is the only valid value for now. **Default**: 'file'. **Required**: No.
+:save_credentials_backend (str): Backend to save credentials to. 'file' and 'dictionary' are the only valid values for now. **Default**: 'file'. **Required**: No.
 :save_credentials_file (str): Destination of credentials file. **Required**: Yes, only if *save_credentials_backend* is 'file'.
+:save_credentials_dict (dict): Dict to use for storing credentials. **Required**: Yes, only if *save_credentials_backend* is 'dictionary'.
+:save_credentials_key (str): Key within the *save_credentials_dict* to store the credentials in. **Required**: Yes, only if *save_credentials_backend* is 'dictionary'.
 :get_refresh_token (bool): True if you want to retrieve refresh token along with access token. **Default**: False. **Required**: No.
 :oauth_scope (list of str): OAuth scope to authenticate. **Default**: ['https://www.googleapis.com/auth/drive']. **Required**: No.
 

pydrive2/auth.py

@@ -10,6 +10,7 @@
 from oauth2client.client import AccessTokenRefreshError
 from oauth2client.client import OAuth2WebServerFlow
 from oauth2client.client import OOB_CALLBACK_URN
+from oauth2client.contrib.dictionary_storage import DictionaryStorage
 from oauth2client.file import Storage
 from oauth2client.tools import ClientRedirectHandler
 from oauth2client.tools import ClientRedirectServer
@@ -197,9 +198,9 @@ def __init__(
         self.settings = settings or self.DEFAULT_SETTINGS
         ValidateSettings(self.settings)
 
-        self._storages = self._InitializeStoragesFromSettings()
-        # Only one (`file`) backend is supported now
-        self._default_storage = self._storages["file"]
+        storages, default = self._InitializeStoragesFromSettings()
+        self._storages = storages
+        self._default_storage = default
 
     @property
     def access_token_expired(self):
@@ -337,7 +338,7 @@ def ServiceAuth(self):
             )
 
     def _InitializeStoragesFromSettings(self):
-        result = {"file": None}
+        result = {"file": None, "dictionary": None}
         backend = self.settings.get("save_credentials_backend")
         save_credentials = self.settings.get("save_credentials")
         if backend == "file":
@@ -347,11 +348,16 @@ def _InitializeStoragesFromSettings(self):
                     "Please specify credentials file to read"
                 )
             result[backend] = Storage(credentials_file)
+        elif backend == "dictionary":
+            result[backend] = DictionaryStorage(
+                self.settings["save_credentials_dict"],
+                self.settings["save_credentials_key"],
+            )
         elif save_credentials:
             raise InvalidConfigError(
                 "Unknown save_credentials_backend: %s" % backend
             )
-        return result
+        return result, result.get(backend)
 
     def LoadCredentials(self, backend=None):
         """Loads credentials or create empty credentials if it doesn't exist.
@@ -366,6 +372,8 @@ def LoadCredentials(self, backend=None):
                 raise InvalidConfigError("Please specify credential backend")
         if backend == "file":
             self.LoadCredentialsFile()
+        elif backend == "dictionary":
+            self._LoadCredentialsDictionary()
         else:
             raise InvalidConfigError("Unknown save_credentials_backend")
 
@@ -399,6 +407,19 @@ def LoadCredentialsFile(self, credentials_file=None):
         if self.credentials:
             self.credentials.set_store(self._default_storage)
 
+    def _LoadCredentialsDictionary(self):
+        self._default_storage = self._storages["dictionary"]
+        if self._default_storage is None:
+            raise InvalidConfigError(
+                "Backend `dictionary` is not configured, specify "
+                "credentials dict and key to read in the settings file"
+            )
+
+        self.credentials = self._default_storage.get()
+
+        if self.credentials:
+            self.credentials.set_store(self._default_storage)
+
     def SaveCredentials(self, backend=None):
         """Saves credentials according to specified backend.
 
@@ -415,6 +436,8 @@ def SaveCredentials(self, backend=None):
                 raise InvalidConfigError("Please specify credential backend")
         if backend == "file":
             self.SaveCredentialsFile()
+        elif backend == "dictionary":
+            self._SaveCredentialsDictionary()
         else:
             raise InvalidConfigError("Unknown save_credentials_backend")
 
@@ -446,6 +469,19 @@ def SaveCredentialsFile(self, credentials_file=None):
                 "Credentials file cannot be symbolic link"
             )
 
+    def _SaveCredentialsDictionary(self):
+        if self.credentials is None:
+            raise InvalidCredentialsError("No credentials to save")
+
+        storage = self._storages["dictionary"]
+        if storage is None:
+            raise InvalidConfigError(
+                "Backend `dictionary` is not configured, specify "
+                "credentials dict and key to write in the settings file"
+            )
+
+        storage.put(self.credentials)
+
     def LoadClientConfig(self, backend=None):
         """Loads client configuration according to specified backend.
 

pydrive2/test/test_oauth.py

@@ -125,6 +125,33 @@ def test_09_SaveLoadCredentialsUsesDefaultStorage(mocker):
     assert spy.call_count == 0
 
 
+def test_10_ServiceAuthFromSavedCredentialsDictionary():
+    creds_dict = {}
+    settings = {
+        "client_config_backend": "service",
+        "service_config": {
+            "client_json_file_path": "/tmp/pydrive2/credentials.json",
+        },
+        "oauth_scope": ["https://www.googleapis.com/auth/drive"],
+        "save_credentials": True,
+        "save_credentials_backend": "dictionary",
+        "save_credentials_dict": creds_dict,
+        "save_credentials_key": "creds",
+    }
+    ga = GoogleAuth(settings=settings)
+    ga.ServiceAuth()
+    assert not ga.access_token_expired
+    assert creds_dict
+    first_creds_dict = creds_dict.copy()
+    # Secondary auth should be made only using the previously saved
+    # login info
+    ga = GoogleAuth(settings=settings)
+    ga.ServiceAuth()
+    assert not ga.access_token_expired
+    assert creds_dict == first_creds_dict
+    time.sleep(1)
+
+
 def CheckCredentialsFile(credentials, no_file=False):
     ga = GoogleAuth(settings_file_path("test_oauth_default.yaml"))
     ga.LoadCredentialsFile(credentials)