fix: missing expiration_time field isn't a problem for executables

Change-Id: Ib19e3d9dcd8a4c41afebf2a1fb97429617eef86b GitHub-Last-Rev: 96eb2344de GitHub-Pull-Request: golang/oauth2#576 Reviewed-on: https://go-review.googlesource.com/c/oauth2/+/418434 Reviewed-by: Leo Siracusa <leosiracusa@google.com> Run-TryBot: Cody Oss <codyoss@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Cody Oss <codyoss@google.com>
2022-08-05 21:01:37 +00:00 · 2022-08-05 21:01:37 +00:00 · 8227340efa
parent 128564f695
commit 8227340efa
2 changed files with 18 additions and 18 deletions
--- a/google/internal/externalaccount/executablecredsource.go
+++ b/google/internal/externalaccount/executablecredsource.go
@ -178,7 +178,7 @@ type executableResponse struct {
 	Message        string `json:"message,omitempty"`
 }

-func parseSubjectTokenFromSource(response []byte, source string, now int64) (string, error) {
+func (cs executableCredentialSource) parseSubjectTokenFromSource(response []byte, source string, now int64) (string, error) {
 	var result executableResponse
 	if err := json.Unmarshal(response, &result); err != nil {
 		return "", jsonParsingError(source, string(response))
@ -203,7 +203,7 @@ func parseSubjectTokenFromSource(response []byte, source string, now int64) (str
 		return "", unsupportedVersionError(source, result.Version)
 	}

-	if result.ExpirationTime == 0 {
+	if result.ExpirationTime == 0 && cs.OutputFile != "" {
 		return "", missingFieldError(source, "expiration_time")
 	}

@ -211,7 +211,7 @@ func parseSubjectTokenFromSource(response []byte, source string, now int64) (str
 		return "", missingFieldError(source, "token_type")
 	}

-	if result.ExpirationTime < now {
+	if result.ExpirationTime != 0 && result.ExpirationTime < now {
 		return "", tokenExpiredError()
 	}

@ -259,7 +259,7 @@ func (cs executableCredentialSource) getTokenFromOutputFile() (token string, err
 		return "", nil
 	}

-	token, err = parseSubjectTokenFromSource(data, outputFileSource, cs.env.now().Unix())
+	token, err = cs.parseSubjectTokenFromSource(data, outputFileSource, cs.env.now().Unix())
 	if err != nil {
 		if _, ok := err.(nonCacheableError); ok {
 			// If the cached token is expired we need a new token,
@ -304,5 +304,5 @@ func (cs executableCredentialSource) getTokenFromExecutableCommand() (string, er
 	if err != nil {
 		return "", err
 	}
-	return parseSubjectTokenFromSource(output, executableSource, cs.env.now().Unix())
+	return cs.parseSubjectTokenFromSource(output, executableSource, cs.env.now().Unix())
 }
--- a/google/internal/externalaccount/executablecredsource_test.go
+++ b/google/internal/externalaccount/executablecredsource_test.go
@ -388,19 +388,6 @@ var failureTests = []struct {
 		expectedErr: missingFieldError(executableSource, "token_type"),
 	},

-	{
-		name: "Missing Expiration",
-		testEnvironment: testEnvironment{
-			envVars: executablesAllowed,
-			jsonResponse: &executableResponse{
-				Success:   Bool(true),
-				Version:   1,
-				TokenType: "urn:ietf:params:oauth:token-type:jwt",
-			},
-		},
-		expectedErr: missingFieldError(executableSource, "expiration_time"),
-	},
-
 	{
 		name: "Token Expired",
 		testEnvironment: testEnvironment{
@ -564,6 +551,19 @@ var successTests = []struct {
 			},
 		},
 	},
+
+	{
+		name: "Missing Expiration",
+		testEnvironment: testEnvironment{
+			envVars: executablesAllowed,
+			jsonResponse: &executableResponse{
+				Success:   Bool(true),
+				Version:   1,
+				TokenType: "urn:ietf:params:oauth:token-type:jwt",
+				IdToken:   "tokentokentoken",
+			},
+		},
+	},
 }

 func TestRetrieveExecutableSubjectTokenSuccesses(t *testing.T) {