zulip-integrations: Update google oauth and reminders for google calendar integration.

pyproject.toml

@@ -63,6 +63,9 @@ module = [
     "feedparser.*",
     "gitlint.*",
     "googleapiclient.*",
+    "google_api_python_client.*",
+    "google_auth_httplib2.*",
+    "google_auth_oauthlib.*",
     "irc.*",
     "mercurial.*",
     "nio.*",

zulip/integrations/google/get-google-credentials

@@ -1,25 +1,47 @@
 #!/usr/bin/env python3
 import argparse
+import logging
 import os
+import sys
 
-from oauth2client import client, tools
-from oauth2client.file import Storage
+from google.auth.exceptions import RefreshError  # type: ignore[import-not-found]
+from google.auth.transport.requests import Request  # type: ignore[import-not-found]
+from google.oauth2.credentials import Credentials  # type: ignore[import-not-found]
+from google_auth_oauthlib.flow import InstalledAppFlow
+
+parser = argparse.ArgumentParser(add_help=False)
+parser.add_argument(
+    "--auth_host_name", default="localhost", help="Hostname when running a local web server."
+)
+parser.add_argument(
+    "--noauth_local_webserver",
+    action="store_true",
+    default=False,
+    help="Do not run a local web server.",
+)
+parser.add_argument(
+    "--auth_host_port",
+    default=[8080, 8090],
+    type=int,
+    nargs="*",
+    help="Port web server should listen on.",
+)
+flags = parser.parse_args()
 
-flags = argparse.ArgumentParser(parents=[tools.argparser]).parse_args()
 
 # If modifying these scopes, delete your previously saved credentials
 # at zulip/bots/gcal/
 # NOTE: When adding more scopes, add them after the previous one in the same field, with a space
 # seperating them.
-SCOPES = "https://www.googleapis.com/auth/calendar.readonly"
+SCOPES = ["https://www.googleapis.com/auth/calendar.readonly"]
 # This file contains the information that google uses to figure out which application is requesting
 # this client's data.
 CLIENT_SECRET_FILE = "client_secret.json"  # noqa: S105
 APPLICATION_NAME = "Zulip Calendar Bot"
 HOME_DIR = os.path.expanduser("~")
 
 
-def get_credentials() -> client.Credentials:
+def get_credentials() -> Credentials:
     """Gets valid user credentials from storage.
 
     If nothing has been stored, or if the stored credentials are invalid,
@@ -28,19 +50,42 @@ def get_credentials() -> client.Credentials:
     Returns:
         Credentials, the obtained credential.
     """
-
+    credentials = None
     credential_path = os.path.join(HOME_DIR, "google-credentials.json")
-
-    store = Storage(credential_path)
-    credentials = store.get()
-    if not credentials or credentials.invalid:
-        flow = client.flow_from_clientsecrets(os.path.join(HOME_DIR, CLIENT_SECRET_FILE), SCOPES)
-        flow.user_agent = APPLICATION_NAME
-        # This attempts to open an authorization page in the default web browser, and asks the user
-        # to grant the bot access to their data. If the user grants permission, the run_flow()
-        # function returns new credentials.
-        credentials = tools.run_flow(flow, store, flags)
+    if os.path.exists(credential_path):
+        credentials = Credentials.from_authorized_user_file(credential_path, SCOPES)
+    if not credentials or not credentials.valid:
+        if credentials and credentials.expired and credentials.refresh_token:
+            try:
+                credentials.refresh(Request())
+            except RefreshError:
+                logging.error(
+                    "The credentials have expired. Generate a new client_secret.json file."
+                )
+                sys.exit(1)
+        else:
+            flow = InstalledAppFlow.from_client_secrets_file(
+                os.path.join(HOME_DIR, CLIENT_SECRET_FILE), SCOPES
+            )
+            if not flags.noauth_local_webserver:
+                credentials = flow.run_local_server(
+                    host=flags.auth_host_name, port=flags.auth_host_port[0]
+                )
+                # This attempts to open an authorization page in the default web browser, and asks the user
+                # to grant the bot access to their data. If the user grants permission, the run_flow()
+                # function returns new credentials.
+            else:
+                auth_url, _ = flow.authorization_url(prompt="consent")
+                print(
+                    "Proceed to the following link in your browser:",
+                    auth_url,
+                )
+                auth_code = input("Enter the authorization code: ")
+                credentials = flow.fetch_token(code=auth_code)
+        with open(credential_path, "w") as token:
+            token.write(credentials.to_json())
         print("Storing credentials to " + credential_path)
+    return credentials
 
 
 get_credentials()