From a48aedf7dab4ea850ad7647f0c6670e962ea24ab Mon Sep 17 00:00:00 2001
From: Kyle Spearrin <kyle.spearrin@gmail.com>
Date: Thu, 18 May 2017 22:11:22 -0400
Subject: [PATCH] auth with service account user

---
 src/Console/Program.cs                      | 11 +++++
 src/Core/Models/GSuiteConfiguration.cs      |  1 +
 src/Core/Services/GSuiteDirectoryService.cs | 46 ++++++++++++---------
 3 files changed, 39 insertions(+), 19 deletions(-)

diff --git a/src/Console/Program.cs b/src/Console/Program.cs
index 883b9a54..9a360311 100644
--- a/src/Console/Program.cs
+++ b/src/Console/Program.cs
@@ -324,6 +324,11 @@ namespace Bit.Console
                         config.GSuite.SecretFile = parameters["f"];
                     }
 
+                    if(parameters.ContainsKey("u"))
+                    {
+                        config.GSuite.AdminUser = parameters["u"];
+                    }
+
                     if(parameters.ContainsKey("d"))
                     {
                         config.GSuite.Domain = parameters["d"];
@@ -460,6 +465,12 @@ namespace Bit.Console
                         config.GSuite.Domain = input.Trim();
                         config.GSuite.Customer = null;
                     }
+                    Con.Write("Admin user [{0}]: ", config.GSuite.AdminUser);
+                    input = Con.ReadLine();
+                    if(!string.IsNullOrEmpty(input))
+                    {
+                        config.GSuite.AdminUser = input.Trim();
+                    }
                 }
                 else
                 {
diff --git a/src/Core/Models/GSuiteConfiguration.cs b/src/Core/Models/GSuiteConfiguration.cs
index 2c874e33..b597ea11 100644
--- a/src/Core/Models/GSuiteConfiguration.cs
+++ b/src/Core/Models/GSuiteConfiguration.cs
@@ -5,5 +5,6 @@
         public string SecretFile { get; set; } = "client_secret.json";
         public string Customer { get; set; }
         public string Domain { get; set; } = "yourcompany.com";
+        public string AdminUser { get; set; } = "adminuser@yourcompany.com";
     }
 }
\ No newline at end of file
diff --git a/src/Core/Services/GSuiteDirectoryService.cs b/src/Core/Services/GSuiteDirectoryService.cs
index 8b31a748..edf2c620 100644
--- a/src/Core/Services/GSuiteDirectoryService.cs
+++ b/src/Core/Services/GSuiteDirectoryService.cs
@@ -9,9 +9,8 @@ using System.IO;
 using Bit.Core.Utilities;
 using System.Linq;
 using Google.Apis.Admin.Directory.directory_v1.Data;
-using System.Threading;
-using Google.Apis.Util.Store;
 using Google.Apis.Requests;
+using Google.Apis.Json;
 
 namespace Bit.Core.Services
 {
@@ -22,28 +21,14 @@ namespace Bit.Core.Services
 
         private GSuiteDirectoryService()
         {
-            //GoogleCredential creds;
-            UserCredential creds;
+            ICredential creds;
 
             var secretFilePath = Path.Combine(Constants.BaseStoragePath, SettingsService.Instance.Server.GSuite.SecretFile);
             using(var stream = new FileStream(secretFilePath, FileMode.Open, FileAccess.Read))
             {
-                var scopes = new List<string>
-                {
-                    DirectoryService.Scope.AdminDirectoryUserReadonly,
-                    DirectoryService.Scope.AdminDirectoryGroupReadonly,
-                    DirectoryService.Scope.AdminDirectoryGroupMemberReadonly
-                };
-
                 //creds = GoogleCredential.FromStream(stream).CreateScoped(scopes);
-
-                var credsPath = Path.Combine(Constants.BaseStoragePath, "gsuite_credentials");
-                creds = GoogleWebAuthorizationBroker.AuthorizeAsync(
-                    GoogleClientSecrets.Load(stream).Secrets,
-                    scopes,
-                    "user",
-                    CancellationToken.None,
-                    new FileDataStore(credsPath, true)).Result;
+                var credParams = NewtonsoftJsonSerializer.Instance.Deserialize<JsonCredentialParameters>(stream);
+                creds = CreateServiceAccountCredential(credParams);
             }
 
             _service = new DirectoryService(new BaseClientService.Initializer
@@ -222,5 +207,28 @@ namespace Bit.Core.Services
 
             return entry;
         }
+
+        private ServiceAccountCredential CreateServiceAccountCredential(JsonCredentialParameters credParams)
+        {
+            var scopes = new List<string>
+            {
+                DirectoryService.Scope.AdminDirectoryUserReadonly,
+                DirectoryService.Scope.AdminDirectoryGroupReadonly,
+                DirectoryService.Scope.AdminDirectoryGroupMemberReadonly
+            };
+
+            if(credParams.Type != JsonCredentialParameters.ServiceAccountCredentialType ||
+                string.IsNullOrEmpty(credParams.ClientEmail) ||
+                string.IsNullOrEmpty(credParams.PrivateKey))
+            {
+                throw new InvalidOperationException("JSON data does not represent a valid service account credential.");
+            }
+
+            var initializer = new ServiceAccountCredential.Initializer(credParams.ClientEmail);
+            initializer.User = SettingsService.Instance.Server.GSuite.AdminUser;
+            initializer.Scopes = scopes;
+
+            return new ServiceAccountCredential(initializer.FromPrivateKey(credParams.PrivateKey));
+        }
     }
 }