googleapis · dhermes · Jan 5, 2016 · Jan 5, 2016
diff --git a/docs/source/oauth2client.contrib.rst b/docs/source/oauth2client.contrib.rst
@@ -19,6 +19,7 @@ Submodules
    oauth2client.contrib.keyring_storage
    oauth2client.contrib.locked_file
    oauth2client.contrib.multistore_file
+   oauth2client.contrib.xsrfutil
 
 Module contents
 ---------------

diff --git a/docs/source/oauth2client.contrib.xsrfutil.rst b/docs/source/oauth2client.contrib.xsrfutil.rst
@@ -0,0 +1,7 @@
+oauth2client.contrib.xsrfutil module
+====================================
+
+.. automodule:: oauth2client.contrib.xsrfutil
+    :members:
+    :undoc-members:
+    :show-inheritance:
diff --git a/docs/source/oauth2client.rst b/docs/source/oauth2client.rst
@@ -22,7 +22,6 @@ Submodules
    oauth2client.service_account
    oauth2client.tools
    oauth2client.util
-   oauth2client.xsrfutil
 
 Module contents
 ---------------

diff --git a/docs/source/oauth2client.xsrfutil.rst b/docs/source/oauth2client.xsrfutil.rst
diff --git a/oauth2client/contrib/appengine.py b/oauth2client/contrib/appengine.py
@@ -38,13 +38,13 @@
 from oauth2client import GOOGLE_TOKEN_URI
 from oauth2client import clientsecrets
 from oauth2client import util
-from oauth2client import xsrfutil
 from oauth2client.client import AccessTokenRefreshError
 from oauth2client.client import AssertionCredentials
 from oauth2client.client import Credentials
 from oauth2client.client import Flow
 from oauth2client.client import OAuth2WebServerFlow
 from oauth2client.client import Storage
+from oauth2client.contrib import xsrfutil
 
 # TODO(dhermes): Resolve import issue.
 # This is a temporary fix for a Google internal issue.

diff --git a/oauth2client/xsrfutil.py → oauth2client/contrib/xsrfutil.py b/oauth2client/xsrfutil.py → oauth2client/contrib/xsrfutil.py
diff --git a/tests/test_xsrfutil.py → tests/contrib/test_xsrfutil.py b/tests/test_xsrfutil.py → tests/contrib/test_xsrfutil.py
@@ -11,9 +11,9 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-"""Tests for oauth2client.xsrfutil.
+"""Tests for oauth2client.contrib.xsrfutil.
 
-Unit tests for oauth2client.xsrfutil.
+Unit tests for oauth2client.contrib.xsrfutil.
 """
 
 import base64
@@ -22,7 +22,7 @@
 import mock
 
 from oauth2client._helpers import _to_bytes
-from oauth2client import xsrfutil
+from oauth2client.contrib import xsrfutil
 
 # Jan 17 2008, 5:40PM
 TEST_KEY = b'test key'
@@ -52,7 +52,7 @@ def test_it(self):
         curr_time = 1440449755.74
         digester = mock.MagicMock()
         digester.digest = mock.MagicMock(name='digest', return_value=digest)
-        with mock.patch('oauth2client.xsrfutil.hmac') as hmac:
+        with mock.patch('oauth2client.contrib.xsrfutil.hmac') as hmac:
             hmac.new = mock.MagicMock(name='new', return_value=digester)
             token = xsrfutil.generate_token(TEST_KEY,
                                             TEST_USER_ID_1,
@@ -81,10 +81,10 @@ def test_with_system_time(self):
         curr_time = 1440449755.74
         digester = mock.MagicMock()
         digester.digest = mock.MagicMock(name='digest', return_value=digest)
-        with mock.patch('oauth2client.xsrfutil.hmac') as hmac:
+        with mock.patch('oauth2client.contrib.xsrfutil.hmac') as hmac:
             hmac.new = mock.MagicMock(name='new', return_value=digester)
 
-            with mock.patch('oauth2client.xsrfutil.time') as time:
+            with mock.patch('oauth2client.contrib.xsrfutil.time') as time:
                 time.time = mock.MagicMock(name='time', return_value=curr_time)
                 # when= is omitted
                 token = xsrfutil.generate_token(TEST_KEY,
@@ -140,7 +140,7 @@ def test_token_too_old_implicit_current_time(self):
 
         key = user_id = None
         token = base64.b64encode(_to_bytes(str(token_time)))
-        with mock.patch('oauth2client.xsrfutil.time') as time:
+        with mock.patch('oauth2client.contrib.xsrfutil.time') as time:
             time.time = mock.MagicMock(name='time', return_value=curr_time)
             self.assertFalse(xsrfutil.validate_token(key, token, user_id))
             time.time.assert_called_once_with()
@@ -167,7 +167,7 @@ def test_token_length_differs_from_generated(self):
         # Make sure the token length comparison will fail.
         self.assertNotEqual(len(token), len(generated_token))
 
-        with mock.patch('oauth2client.xsrfutil.generate_token',
+        with mock.patch('oauth2client.contrib.xsrfutil.generate_token',
                         return_value=generated_token) as gen_tok:
             self.assertFalse(xsrfutil.validate_token(key, token, user_id,
                                                      current_time=curr_time,
@@ -191,7 +191,7 @@ def test_token_differs_from_generated_but_same_length(self):
         self.assertEqual(len(token), len(generated_token))
         self.assertNotEqual(token, generated_token)
 
-        with mock.patch('oauth2client.xsrfutil.generate_token',
+        with mock.patch('oauth2client.contrib.xsrfutil.generate_token',
                         return_value=generated_token) as gen_tok:
             self.assertFalse(xsrfutil.validate_token(key, token, user_id,
                                                      current_time=curr_time,
@@ -208,7 +208,7 @@ def test_success(self):
         user_id = object()
         action_id = object()
         token = base64.b64encode(_to_bytes(str(token_time)))
-        with mock.patch('oauth2client.xsrfutil.generate_token',
+        with mock.patch('oauth2client.contrib.xsrfutil.generate_token',
                         return_value=token) as gen_tok:
             self.assertTrue(xsrfutil.validate_token(key, token, user_id,
                                                     current_time=curr_time,