diff --git a/google/auth/app_engine.py b/google/auth/app_engine.py index 7083ee614..7a5e9b9a6 100644 --- a/google/auth/app_engine.py +++ b/google/auth/app_engine.py @@ -128,7 +128,7 @@ def refresh(self, request): scopes = self._scopes if self._scopes is not None else self._default_scopes # pylint: disable=unused-argument token, ttl = app_identity.get_access_token(scopes, self._service_account_id) - expiry = datetime.datetime.utcfromtimestamp(ttl) + expiry = datetime.datetime.fromtimestamp(ttl, tz=datetime.timezone.utc) self.token, self.expiry = token, expiry diff --git a/google/auth/compute_engine/credentials.py b/google/auth/compute_engine/credentials.py index a9ed6656c..1c6b620e8 100644 --- a/google/auth/compute_engine/credentials.py +++ b/google/auth/compute_engine/credentials.py @@ -498,7 +498,7 @@ def _call_metadata_identity_endpoint(self, request): raise new_exc from caught_exc _, payload, _, _ = jwt._unverified_decode(id_token) - return id_token, datetime.datetime.utcfromtimestamp(payload["exp"]) + return id_token, datetime.datetime.fromtimestamp(payload["exp"], tz=datetime.timezone.utc) def refresh(self, request): """Refreshes the ID token. diff --git a/google/auth/impersonated_credentials.py b/google/auth/impersonated_credentials.py index e2724382a..5e9e25f63 100644 --- a/google/auth/impersonated_credentials.py +++ b/google/auth/impersonated_credentials.py @@ -27,7 +27,7 @@ import base64 import copy -from datetime import datetime +from datetime import datetime, timezone import http.client as http_client import json @@ -642,8 +642,8 @@ def refresh(self, request): id_token = response.json()["token"] self.token = id_token - self.expiry = datetime.utcfromtimestamp( - jwt.decode(id_token, verify=False)["exp"] + self.expiry = datetime.fromtimestamp( + jwt.decode(id_token, verify=False)["exp"], tz=timezone.utc ) diff --git a/google/oauth2/_client.py b/google/oauth2/_client.py index b2fe982e5..aac21730d 100644 --- a/google/oauth2/_client.py +++ b/google/oauth2/_client.py @@ -368,7 +368,7 @@ def call_iam_generate_id_token_endpoint( raise new_exc from caught_exc payload = jwt.decode(id_token, verify=False) - expiry = datetime.datetime.utcfromtimestamp(payload["exp"]) + expiry = datetime.datetime.fromtimestamp(payload["exp"], tz=datetime.timezone.utc) return id_token, expiry @@ -420,7 +420,7 @@ def id_token_jwt_grant(request, token_uri, assertion, can_retry=True): raise new_exc from caught_exc payload = jwt.decode(id_token, verify=False) - expiry = datetime.datetime.utcfromtimestamp(payload["exp"]) + expiry = datetime.datetime.fromtimestamp(payload["exp"], tz=datetime.timezone.utc) return id_token, expiry, response_data diff --git a/google/oauth2/_client_async.py b/google/oauth2/_client_async.py index 768f8eac2..84c5fc902 100644 --- a/google/oauth2/_client_async.py +++ b/google/oauth2/_client_async.py @@ -227,7 +227,7 @@ async def id_token_jwt_grant(request, token_uri, assertion, can_retry=True): raise new_exc from caught_exc payload = jwt.decode(id_token, verify=False) - expiry = datetime.datetime.utcfromtimestamp(payload["exp"]) + expiry = datetime.datetime.fromtimestamp(payload["exp"], tz=datetime.timezone.utc) return id_token, expiry, response_data diff --git a/tests/compute_engine/test_credentials.py b/tests/compute_engine/test_credentials.py index 9ef671425..6d0734470 100644 --- a/tests/compute_engine/test_credentials.py +++ b/tests/compute_engine/test_credentials.py @@ -758,7 +758,7 @@ def test_default_state(self, get): @mock.patch( "google.auth._helpers.utcnow", - return_value=datetime.datetime.utcfromtimestamp(0), + return_value=datetime.datetime.fromtimestamp(0, tz=datetime.timezone.utc), ) @mock.patch("google.auth.compute_engine._metadata.get", autospec=True) @mock.patch("google.auth.iam.Signer.sign", autospec=True) @@ -791,7 +791,7 @@ def test_make_authorization_grant_assertion(self, sign, get, utcnow): @mock.patch( "google.auth._helpers.utcnow", - return_value=datetime.datetime.utcfromtimestamp(0), + return_value=datetime.datetime.fromtimestamp(0, tz=datetime.timezone.utc), ) @mock.patch("google.auth.compute_engine._metadata.get", autospec=True) @mock.patch("google.auth.iam.Signer.sign", autospec=True) @@ -823,7 +823,7 @@ def test_with_service_account(self, sign, get, utcnow): @mock.patch( "google.auth._helpers.utcnow", - return_value=datetime.datetime.utcfromtimestamp(0), + return_value=datetime.datetime.fromtimestamp(0, tz=datetime.timezone.utc), ) @mock.patch("google.auth.compute_engine._metadata.get", autospec=True) @mock.patch("google.auth.iam.Signer.sign", autospec=True) @@ -879,7 +879,7 @@ def test_token_uri(self): @mock.patch( "google.auth._helpers.utcnow", - return_value=datetime.datetime.utcfromtimestamp(0), + return_value=datetime.datetime.fromtimestamp(0, tz=datetime.timezone.utc), ) @mock.patch("google.auth.compute_engine._metadata.get", autospec=True) @mock.patch("google.auth.iam.Signer.sign", autospec=True) @@ -1001,7 +1001,7 @@ def test_with_target_audience_integration(self): @mock.patch( "google.auth._helpers.utcnow", - return_value=datetime.datetime.utcfromtimestamp(0), + return_value=datetime.datetime.fromtimestamp(0, tz=datetime.timezone.utc), ) @mock.patch("google.auth.compute_engine._metadata.get", autospec=True) @mock.patch("google.auth.iam.Signer.sign", autospec=True) @@ -1040,7 +1040,7 @@ def test_with_quota_project(self, sign, get, utcnow): @mock.patch( "google.auth._helpers.utcnow", - return_value=datetime.datetime.utcfromtimestamp(0), + return_value=datetime.datetime.fromtimestamp(0, tz=datetime.timezone.utc), ) @mock.patch("google.auth.compute_engine._metadata.get", autospec=True) @mock.patch("google.auth.iam.Signer.sign", autospec=True) @@ -1062,7 +1062,7 @@ def test_with_token_uri(self, sign, get, utcnow): @mock.patch( "google.auth._helpers.utcnow", - return_value=datetime.datetime.utcfromtimestamp(0), + return_value=datetime.datetime.fromtimestamp(0, tz=datetime.timezone.utc), ) @mock.patch("google.auth.compute_engine._metadata.get", autospec=True) @mock.patch("google.auth.iam.Signer.sign", autospec=True) @@ -1170,7 +1170,7 @@ def test_with_quota_project_integration(self): @mock.patch( "google.auth._helpers.utcnow", - return_value=datetime.datetime.utcfromtimestamp(0), + return_value=datetime.datetime.fromtimestamp(0, tz=datetime.timezone.utc), ) @mock.patch("google.auth.compute_engine._metadata.get", autospec=True) @mock.patch("google.auth.iam.Signer.sign", autospec=True) @@ -1181,7 +1181,7 @@ def test_refresh_success(self, id_token_jwt_grant, sign, get, utcnow): ] sign.side_effect = [b"signature"] id_token_jwt_grant.side_effect = [ - ("idtoken", datetime.datetime.utcfromtimestamp(3600), {}) + ("idtoken", datetime.datetime.fromtimestamp(3600, tz=datetime.timezone.utc), {}) ] request = mock.create_autospec(transport.Request, instance=True) @@ -1194,7 +1194,7 @@ def test_refresh_success(self, id_token_jwt_grant, sign, get, utcnow): # Check that the credentials have the token and proper expiration assert self.credentials.token == "idtoken" - assert self.credentials.expiry == (datetime.datetime.utcfromtimestamp(3600)) + assert self.credentials.expiry == (datetime.datetime.fromtimestamp(3600, tz=datetime.timezone.utc)) # Check the credential info assert self.credentials.service_account_email == "service-account@example.com" @@ -1205,7 +1205,7 @@ def test_refresh_success(self, id_token_jwt_grant, sign, get, utcnow): @mock.patch( "google.auth._helpers.utcnow", - return_value=datetime.datetime.utcfromtimestamp(0), + return_value=datetime.datetime.fromtimestamp(0, tz=datetime.timezone.utc), ) @mock.patch("google.auth.compute_engine._metadata.get", autospec=True) @mock.patch("google.auth.iam.Signer.sign", autospec=True) @@ -1232,7 +1232,7 @@ def test_refresh_error(self, sign, get, utcnow): @mock.patch( "google.auth._helpers.utcnow", - return_value=datetime.datetime.utcfromtimestamp(0), + return_value=datetime.datetime.fromtimestamp(0, tz=datetime.timezone.utc), ) @mock.patch("google.auth.compute_engine._metadata.get", autospec=True) @mock.patch("google.auth.iam.Signer.sign", autospec=True) @@ -1243,7 +1243,7 @@ def test_before_request_refreshes(self, id_token_jwt_grant, sign, get, utcnow): ] sign.side_effect = [b"signature"] id_token_jwt_grant.side_effect = [ - ("idtoken", datetime.datetime.utcfromtimestamp(3600), {}) + ("idtoken", datetime.datetime.fromtimestamp(3600, tz=datetime.timezone.utc), {}) ] request = mock.create_autospec(transport.Request, instance=True) @@ -1312,7 +1312,7 @@ def test_get_id_token_from_metadata( } assert cred.token == SAMPLE_ID_TOKEN - assert cred.expiry == datetime.datetime.utcfromtimestamp(SAMPLE_ID_TOKEN_EXP) + assert cred.expiry == datetime.datetime.fromtimestamp(SAMPLE_ID_TOKEN_EXP, tz=datetime.timezone.utc) assert cred._use_metadata_identity_endpoint assert cred._signer is None assert cred._token_uri is None diff --git a/tests/oauth2/test__client.py b/tests/oauth2/test__client.py index b17ba542d..ef2124bdc 100644 --- a/tests/oauth2/test__client.py +++ b/tests/oauth2/test__client.py @@ -313,7 +313,7 @@ def test_jwt_grant_no_access_token(): def test_call_iam_generate_id_token_endpoint(): - now = _helpers.utcnow() + now = _helpers.utcnow().astimezone(datetime.timezone.utc) id_token_expiry = _helpers.datetime_to_secs(now) id_token = jwt.encode(SIGNER, {"exp": id_token_expiry}).decode("utf-8") request = make_request({"token": id_token}) @@ -343,7 +343,7 @@ def test_call_iam_generate_id_token_endpoint(): # Check result assert token == id_token # JWT does not store microseconds - now = now.replace(microsecond=0) + now = now.replace(microsecond=0).astimezone(datetime.timezone.utc) assert expiry == now @@ -368,7 +368,7 @@ def test_call_iam_generate_id_token_endpoint_no_id_token(): def test_id_token_jwt_grant(): - now = _helpers.utcnow() + now = _helpers.utcnow().astimezone(datetime.timezone.utc) id_token_expiry = _helpers.datetime_to_secs(now) id_token = jwt.encode(SIGNER, {"exp": id_token_expiry}).decode("utf-8") request = make_request({"id_token": id_token, "extra": "data"}) @@ -385,7 +385,7 @@ def test_id_token_jwt_grant(): # Check result assert token == id_token # JWT does not store microseconds - now = now.replace(microsecond=0) + now = now.replace(microsecond=0).astimezone(datetime.timezone.utc) assert expiry == now assert extra_data["extra"] == "data" diff --git a/tests/test_app_engine.py b/tests/test_app_engine.py index ca085bd69..e0efa3af4 100644 --- a/tests/test_app_engine.py +++ b/tests/test_app_engine.py @@ -159,7 +159,7 @@ def test_service_account_email_explicit(self, app_identity): assert credentials.service_account_email == mock.sentinel.service_account_email assert not app_identity.get_service_account_name.called - @mock.patch("google.auth._helpers.utcnow", return_value=datetime.datetime.min) + @mock.patch("google.auth._helpers.utcnow", return_value=datetime.datetime.min.replace(tzinfo=datetime.timezone.utc)) def test_refresh(self, utcnow, app_identity): token = "token" ttl = 643942923 @@ -174,11 +174,11 @@ def test_refresh(self, utcnow, app_identity): credentials.scopes, credentials._service_account_id ) assert credentials.token == token - assert credentials.expiry == datetime.datetime(1990, 5, 29, 1, 2, 3) + assert credentials.expiry == datetime.datetime(1990, 5, 29, 1, 2, 3, tzinfo=datetime.timezone.utc) assert credentials.valid assert not credentials.expired - @mock.patch("google.auth._helpers.utcnow", return_value=datetime.datetime.min) + @mock.patch("google.auth._helpers.utcnow", return_value=datetime.datetime.min.replace(tzinfo=datetime.timezone.utc)) def test_refresh_with_default_scopes(self, utcnow, app_identity): token = "token" ttl = 643942923 @@ -191,7 +191,7 @@ def test_refresh_with_default_scopes(self, utcnow, app_identity): credentials.default_scopes, credentials._service_account_id ) assert credentials.token == token - assert credentials.expiry == datetime.datetime(1990, 5, 29, 1, 2, 3) + assert credentials.expiry == datetime.datetime(1990, 5, 29, 1, 2, 3, tzinfo=datetime.timezone.utc) assert credentials.valid assert not credentials.expired diff --git a/tests/test_impersonated_credentials.py b/tests/test_impersonated_credentials.py index ab92e0bd9..14f553639 100644 --- a/tests/test_impersonated_credentials.py +++ b/tests/test_impersonated_credentials.py @@ -1024,7 +1024,7 @@ def test_id_token_success( id_creds.refresh(request) assert id_creds.token == ID_TOKEN_DATA - assert id_creds.expiry == datetime.datetime.utcfromtimestamp(ID_TOKEN_EXPIRY) + assert id_creds.expiry == datetime.datetime.fromtimestamp(ID_TOKEN_EXPIRY, tz=datetime.timezone.utc) def test_id_token_metrics(self, mock_donor_credentials): credentials = self.make_credentials(lifetime=None) @@ -1048,8 +1048,8 @@ def test_id_token_metrics(self, mock_donor_credentials): id_creds.refresh(None) assert id_creds.token == ID_TOKEN_DATA - assert id_creds.expiry == datetime.datetime.utcfromtimestamp( - ID_TOKEN_EXPIRY + assert id_creds.expiry == datetime.datetime.fromtimestamp( + ID_TOKEN_EXPIRY, tz=datetime.timezone.utc ) assert ( mock_post.call_args.kwargs["headers"]["x-goog-api-client"] @@ -1158,7 +1158,7 @@ def test_id_token_with_target_audience( id_creds.refresh(request) assert id_creds.token == ID_TOKEN_DATA - assert id_creds.expiry == datetime.datetime.utcfromtimestamp(ID_TOKEN_EXPIRY) + assert id_creds.expiry == datetime.datetime.fromtimestamp(ID_TOKEN_EXPIRY, tz=datetime.timezone.utc) assert id_creds._include_email is True def test_id_token_invalid_cred( diff --git a/tests_async/oauth2/test__client_async.py b/tests_async/oauth2/test__client_async.py index d4b8d3427..de3b35932 100644 --- a/tests_async/oauth2/test__client_async.py +++ b/tests_async/oauth2/test__client_async.py @@ -242,7 +242,7 @@ async def test_jwt_grant_no_access_token(): @pytest.mark.asyncio async def test_id_token_jwt_grant(): - now = _helpers.utcnow() + now = _helpers.utcnow().astimezone(datetime.timezone.utc) id_token_expiry = _helpers.datetime_to_secs(now) id_token = jwt.encode(test_client.SIGNER, {"exp": id_token_expiry}).decode("utf-8") request = make_request({"id_token": id_token, "extra": "data"}) @@ -260,7 +260,7 @@ async def test_id_token_jwt_grant(): # Check result assert token == id_token # JWT does not store microseconds - now = now.replace(microsecond=0) + now = now.replace(microsecond=0).astimezone(datetime.timezone.utc) assert expiry == now assert extra_data["extra"] == "data"