Handle the old python3-google-auth in Debian (1.5.x)

Implement our own to_json() method and adjust the code handling the refresh of the credentials: Old versions of the library did not read expiry or token from the file, needing you to refresh the token, but we did not trigger refresh because the token was never considered expired, hence check whether we have a token, and , if not, also consider it expired. Additionally, make the credential storage atomic such that we do not accidentally write an empty credential file on errors.
gauteh · Mar 5, 2024 · b0b52a9 · b0b52a9
1 parent 4450962
commit b0b52a9
Showing 1 changed file with 23 additions and 3 deletions.
diff --git a/lieer/remote.py b/lieer/remote.py
@@ -15,6 +15,7 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <https://www.gnu.org/licenses/>.
 
+import json
 import os
 import time
 
@@ -506,8 +507,23 @@ def __store_credentials__(self, path, credentials):
         """
         Store valid credentials in json format
         """
-        with open(path, "w") as storage:
-            storage.write(credentials.to_json())
+        with open(path + ".new", "w") as storage:
+            try:
+                storage.write(credentials.to_json())
+            except AttributeError:
+                storage.write(
+                    json.dumps(
+                        dict(
+                            token=credentials.token,
+                            refresh_token=credentials.refresh_token,
+                            token_uri=credentials.token_uri,
+                            client_id=credentials.client_id,
+                            client_secret=credentials.client_secret,
+                            scopes=credentials.scopes,
+                        )
+                    )
+                )
+        os.rename(path + ".new", path)
 
     def __get_credentials__(self):
         """
@@ -528,7 +544,11 @@ def __get_credentials__(self):
             )
 
         if not credentials or not credentials.valid:
-            if credentials and credentials.expired and credentials.refresh_token:
+            if (
+                credentials
+                and (credentials.expired or not credentials.token)
+                and credentials.refresh_token
+            ):
                 credentials.refresh(Request())
 
             elif self.CLIENT_SECRET_FILE is not None: