File Coverage

blib/lib/Google/Ads/GoogleAds/OAuth2ServiceAccountsHandler.pm

Criterion	Covered	Total	%
statement	45	64	70.3
branch	3	10	30.0
condition	6	11	54.5
subroutine	12	14	85.7
pod	1	1	100.0
total	67	100	67.0

line	stmt	bran	cond	sub	pod	time	code
1							# Copyright 2021, Google LLC
2							#
3							# Licensed under the Apache License, Version 2.0 (the "License");
4							# you may not use this file except in compliance with the License.
5							# You may obtain a copy of the License at
6							#
7							# http://www.apache.org/licenses/LICENSE-2.0
8							#
9							# Unless required by applicable law or agreed to in writing, software
10							# distributed under the License is distributed on an "AS IS" BASIS,
11							# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12							# See the License for the specific language governing permissions and
13							# limitations under the License.
14
15
16							use strict;
17	11			11		56	use warnings;
	11					15
	11					245
18	11			11		41	use version;
	11					17
	11					206
19	11			11		42	use base qw(Google::Ads::GoogleAds::Common::OAuth2BaseHandler);
	11					13
	11					64
20	11			11		622
	11					18
	11					766
21							# The following needs to be on one line because CPAN uses a particularly hacky
22							# eval() to determine module versions.
23							use Google::Ads::GoogleAds::Constants; our $VERSION = ${Google::Ads::GoogleAds::Constants::VERSION};
24	11			11		59
	11					16
	11					450
25							use Class::Std::Fast;
26	11			11		49	use JSON::XS;
	11					13
	11					63
27	11			11		6520	use JSON::WebToken;
	11					28490
	11					478
28	11			11		3857
	11					106195
	11					1473
29							# Class::Std-style attributes. Need to be kept in the same line.
30							# These need to go in the same line for older Perl interpreters to understand.
31							my %json_key_file_path_of : ATTR(:name<json_key_file_path> :default<>);
32							my %impersonated_email_of : ATTR(:name<impersonated_email> :default<>);
33							my %additional_scopes_of : ATTR(:name<additional_scopes> :default<>);
34
35							# Methods from Google::Ads::GoogleAds::Common::AuthHandlerInterface.
36							my ($self, $api_client, $properties) = @_;
37							my $ident = ident $self;
38	9			0	1	1281
39	9					22	$json_key_file_path_of{$ident} = $properties->{jsonKeyFilePath}
40							\|\| $json_key_file_path_of{$ident};
41							$impersonated_email_of{$ident} = $properties->{impersonatedEmail}
42	9		66			64	\|\| $impersonated_email_of{$ident};
43
44	9		66			39	# Below attributes are not in the googleads.properties configuration.
45							$additional_scopes_of{$ident} = $properties->{additionalScopes}
46							\|\| $additional_scopes_of{$ident};
47							}
48	9		66			38
49	11			11		75	# Methods from Google::Ads::GoogleAds::Common::OAuth2BaseHandler.
	11					18
	11					66
50							my $self = shift;
51
52							if (!$self->get_json_key_file_path()) {
53	1			1		2	return 0;
54							}
55	1	50				4
56	1					6	my $json_key = $self->__read_json_key_file() \|\| return 0;
57							my $time = time;
58
59	0		0			0	my $jwt = JSON::WebToken->encode({
60	0					0	iss => $json_key->{client_email},
61							scope => $self->__formatted_scopes(),
62							aud => Google::Ads::GoogleAds::Constants::OAUTH2_BASE_URL . "/token",
63							exp => $time + 3600,
64							iat => $time,
65							sub => $self->get_impersonated_email()
66							},
67							$json_key->{private_key},
68							"RS256"
69							);
70
71	0					0	my $response = $self->get___lwp_agent()->post(
72							Google::Ads::GoogleAds::Constants::OAUTH2_BASE_URL . "/token",
73							{
74	0					0	grant_type => "urn:ietf:params:oauth:grant-type:jwt-bearer",
75							assertion => $jwt
76							});
77
78							if (!$response->is_success()) {
79							my $err_msg = $response->decoded_content();
80							$self->get_api_client()->get_die_on_faults()
81	0	0				0	? die($err_msg)
82	0					0	: warn($err_msg);
83	0	0				0	return 0;
84							}
85
86	0					0	my $content_hash = $self->__parse_auth_response($response->decoded_content());
87
88							$self->set_access_token($content_hash->{access_token});
89	0					0	$self->set_access_token_expires(time + $content_hash->{expires_in});
90
91	0					0	return 1;
92	0					0	}
93
94	0					0	my $self = shift;
95							my @parsed_scopes = ();
96							my $additional_scopes = $self->get_additional_scopes();
97							if ($additional_scopes) {
98	5			5		1317	@parsed_scopes = split(/\s,\s/, $additional_scopes);
99	5					9	}
100	5					12	push @parsed_scopes, Google::Ads::GoogleAds::Constants::DEFAULT_OAUTH2_SCOPE;
101	5	100				29	return @parsed_scopes;
102	3					9	}
103
104	5					8	# Retrieves the OAuth2 scopes defined in _scope as a list separated by commas.
105	5					14	# This is the format expected when sending the OAuth request.
106							my $self = shift;
107							my @parsed_scopes = $self->_scope();
108							return join(',', @parsed_scopes);
109							}
110
111	2			2		429	# Reads the values from the specified JSON key file path as a JSON object.
112	2					5	my $self = shift;
113	2					11
114							my $json_text;
115							open(KEY_FILE, $self->get_json_key_file_path()) \|\| return 0;
116							while (<KEY_FILE>) {
117							$json_text .= $_;
118	0			0			}
119							close(KEY_FILE);
120	0
121	0	0					return decode_json($json_text);
122	0						}
123	0
124							1;
125	0
126							=pod
127	0
128							=head1 NAME
129
130							Google::Ads::GoogleAds::OAuth2ServiceAccountsHandler
131
132							=head1 DESCRIPTION
133
134							A concrete implementation of L<Google::Ads::GoogleAds::Common::OAuth2BaseHandler>
135							that supports OAuth2 for service accounts and defines the scope required to
136							access the Google Ads API server.
137
138							See L<https://developers.google.com/identity/protocols/oauth2/service-account>
139							for details of the protocol.
140
141							=head1 ATTRIBUTES
142
143							Each of these attributes can be set via
144							Google::Ads::GoogleAds::OAuth2ServiceAccountsHandler->new().
145
146							Alternatively, there is a get_ and set_ method associated with each attribute
147							for retrieving or setting them dynamically.
148
149							=head2 api_client
150
151							A reference to the API client used to handle the API requests.
152
153							=head2 json_key_file_path
154
155							The absolute path to the local JSON key file for the OAuth2 service account.
156
157							=head2 impersonated_email
158
159							The email address account to impersonate, when the service account has been
160							delegated domain wide access.
161
162							=head2 access_token
163
164							Stores an OAuth2 access token after the authorization flow is followed or for
165							you to manually set it in case you had it previously stored. If this is manually
166							set this handler will verify its validity before preparing a request.
167
168							=head2 additional_scopes
169
170							Stores additional OAuth2 scopes as a comma-separated string.
171							These scopes define which services the tokens are allowed to access,
172							e.g. https://www.googleapis.com/auth/analytics.
173
174							=head1 METHODS
175
176							=head2 initialize
177
178							Initializes the handler with the API client object and the properties such as
179							json_key_file_path and impersonated_email, used for generating authorization
180							requests.
181
182							=head3 Parameters
183
184							=over
185
186							=item *
187
188							A required I<api_client> with a reference to the API client object handling the
189							requests against the API.
190
191							=item *
192
193							A hash reference with the following keys:
194
195							{
196							jsonKeyFilePath => "json-key-file-path",
197							impersonatedEmail => "impersonated-email",
198							accessToken => "access-token",
199							additionalScopes => "additional-scopes",
200							}
201
202							Refer to the documentation of the properties as L</json_key_file_path>,
203							L</impersonated_email>, L</access_token> and L</additional_scopes>.
204
205							=back
206
207							=head2 prepare_request
208
209							Refer to L<Google::Ads::GoogleAds::Common::AuthHandlerInterface> documentation
210							of this method.
211
212							=head2 is_auth_enabled
213
214							Refer to L<Google::Ads::GoogleAds::Common::AuthHandlerInterface> documentation
215							of this method.
216
217							=head2 _scope
218
219							Method defined by L<Google::Ads::GoogleAds::Common::OAuth2BaseHandler> and
220							implemented in this class to return the required OAuth2 scopes as an array.
221
222							=head2 _refresh_access_token
223
224							Method defined by L<Google::Ads::GoogleAds::Common::OAuth2BaseHandler> and
225							implemented in this class to refresh the stored OAuth2 access token.
226
227							=head2 __formatted_scopes
228
229							Private method to return the OAuth2 scopes as a list of strings separated by
230							commas. This is the format expected when sending the OAuth request.
231
232							=head3 Returns
233
234							The string of OAuth2 scopes separated by commas.
235
236							=head1 LICENSE AND COPYRIGHT
237
238							Copyright 2021 Google LLC
239
240							Licensed under the Apache License, Version 2.0 (the "License");
241							you may not use this file except in compliance with the License.
242							You may obtain a copy of the License at
243
244							http://www.apache.org/licenses/LICENSE-2.0
245
246							Unless required by applicable law or agreed to in writing, software
247							distributed under the License is distributed on an "AS IS" BASIS,
248							WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
249							See the License for the specific language governing permissions and
250							limitations under the License.
251
252							=head1 REPOSITORY INFORMATION
253
254							$Rev: $
255							$LastChangedBy: $
256							$Id: $
257
258							=cut