fix: missing expiration_time field isn't a problem for executables

Change-Id: Ib19e3d9dcd8a4c41afebf2a1fb97429617eef86b GitHub-Last-Rev: 96eb2344de GitHub-Pull-Request: golang/oauth2#576 Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/418434 Reviewed-by: Leo Siracusa <leosiracusa@google.com> Run-TryBot: Cody Oss <codyoss@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Cody Oss <codyoss@google.com>
2022-08-05 21:01:37 +00:00 · 2022-08-05 21:01:37 +00:00 · 8227340efa
parent 128564f695
commit 8227340efa
2 changed files with 18 additions and 18 deletions
--- a/google/internal/externalaccount/executablecredsource.go
+++ b/google/internal/externalaccount/executablecredsource.go
@ -178,7 +178,7 @@ type executableResponse struct {
 	Message        string `json:"message,omitempty"`
 }
-func parseSubjectTokenFromSource(response []byte, source string, now int64) (string, error) {
+func (cs executableCredentialSource) parseSubjectTokenFromSource(response []byte, source string, now int64) (string, error) {
 	var result executableResponse
 	if err := json.Unmarshal(response, &result); err != nil {
 		return "", jsonParsingError(source, string(response))
@ -203,7 +203,7 @@ func parseSubjectTokenFromSource(response []byte, source string, now int64) (str
 		return "", unsupportedVersionError(source, result.Version)
 	}
-	if result.ExpirationTime == 0 {
+	if result.ExpirationTime == 0 && cs.OutputFile != "" {
 		return "", missingFieldError(source, "expiration_time")
 	}
@ -211,7 +211,7 @@ func parseSubjectTokenFromSource(response []byte, source string, now int64) (str
 		return "", missingFieldError(source, "token_type")
 	}
-	if result.ExpirationTime < now {
+	if result.ExpirationTime != 0 && result.ExpirationTime < now {
 		return "", tokenExpiredError()
 	}
@ -259,7 +259,7 @@ func (cs executableCredentialSource) getTokenFromOutputFile() (token string, err
 		return "", nil
 	}
-	token, err = parseSubjectTokenFromSource(data, outputFileSource, cs.env.now().Unix())
+	token, err = cs.parseSubjectTokenFromSource(data, outputFileSource, cs.env.now().Unix())
 	if err != nil {
 		if _, ok := err.(nonCacheableError); ok {
 			// If the cached token is expired we need a new token,
@ -304,5 +304,5 @@ func (cs executableCredentialSource) getTokenFromExecutableCommand() (string, er
 	if err != nil {
 		return "", err
 	}
-	return parseSubjectTokenFromSource(output, executableSource, cs.env.now().Unix())
+	return cs.parseSubjectTokenFromSource(output, executableSource, cs.env.now().Unix())
 }
--- a/google/internal/externalaccount/executablecredsource_test.go
+++ b/google/internal/externalaccount/executablecredsource_test.go
@ -388,19 +388,6 @@ var failureTests = []struct {
 		expectedErr: missingFieldError(executableSource, "token_type"),
 	},
 	{
 		name: "Missing Expiration",
 		testEnvironment: testEnvironment{
 			envVars: executablesAllowed,
 			jsonResponse: &executableResponse{
 				Success:   Bool(true),
 				Version:   1,
 				TokenType: "urn:ietf:params:oauth:token-type:jwt",
 			},
 		},
 		expectedErr: missingFieldError(executableSource, "expiration_time"),
 	},
 	{
 		name: "Token Expired",
 		testEnvironment: testEnvironment{
@ -564,6 +551,19 @@ var successTests = []struct {
 			},
 		},
 	},
 	{
 		name: "Missing Expiration",
 		testEnvironment: testEnvironment{
 			envVars: executablesAllowed,
 			jsonResponse: &executableResponse{
 				Success:   Bool(true),
 				Version:   1,
 				TokenType: "urn:ietf:params:oauth:token-type:jwt",
 				IdToken:   "tokentokentoken",
 			},
 		},
 	},
 }
 func TestRetrieveExecutableSubjectTokenSuccesses(t *testing.T) {