From b522a26c76f3a0df367a0981317726d66ef4f280 Mon Sep 17 00:00:00 2001
From: Dulce Figueredo <dulce.figueredo@inquality.com.py>
Date: Wed, 13 May 2026 11:41:19 -0300
Subject: [PATCH 1/2] script con ajustes para utilizar la cuenta de servicio de
 google

---
 firma_digital_personalizacion.py | 60 ++++++++++----------------------
 1 file changed, 19 insertions(+), 41 deletions(-)

diff --git a/firma_digital_personalizacion.py b/firma_digital_personalizacion.py
index e295b3e..d5b3a11 100644
--- a/firma_digital_personalizacion.py
+++ b/firma_digital_personalizacion.py
@@ -21,9 +21,6 @@ for k in list(sys.modules.keys()):
 
 from googleapiclient.discovery import build
 from google.oauth2 import service_account
-from google.oauth2.credentials import Credentials
-from google_auth_oauthlib.flow import InstalledAppFlow
-from google.auth.transport.requests import Request as GRequest
 
 
 # -----------------------------------------------------------
@@ -37,39 +34,23 @@ def _load_json(path):
         return json.load(f)
 
 
-def get_services(credentials_json_path, token_json_path):
+def get_services(credentials_json_path, impersonated_user):
     info = _load_json(credentials_json_path)
+    if not isinstance(info, dict) or info.get("type") != "service_account":
+        raise RuntimeError("gdoc_sa_json2 debe apuntar a un JSON de cuenta de servicio.")
 
-    if isinstance(info, dict) and info.get("type") == "service_account":
-        creds = service_account.Credentials.from_service_account_file(
-            credentials_json_path,
-            scopes=SCOPES,
-        )
-        docs = build("docs", "v1", credentials=creds, cache_discovery=False)
-        drive = build("drive", "v3", credentials=creds, cache_discovery=False)
-        return docs, drive, "service_account"
-
-    creds = None
-    if os.path.exists(token_json_path):
-        creds = Credentials.from_authorized_user_file(token_json_path, SCOPES)
-
-    if (not creds) or (not creds.valid):
-        if creds and creds.expired and creds.refresh_token:
-            creds.refresh(GRequest())
-        else:
-            flow = InstalledAppFlow.from_client_secrets_file(credentials_json_path, SCOPES)
-            try:
-                creds = flow.run_local_server(port=0)
-            except Exception:
-                creds = flow.run_console()
-
-        os.makedirs(os.path.dirname(token_json_path), exist_ok=True)
-        with open(token_json_path, "w", encoding="utf-8") as f:
-            f.write(creds.to_json())
+    impersonated_user = (impersonated_user or "").strip()
+    if not impersonated_user:
+        raise RuntimeError("Falta la variable gdoc_impersonated_user.")
 
+    creds = service_account.Credentials.from_service_account_file(
+        credentials_json_path,
+        scopes=SCOPES,
+        subject=impersonated_user,
+    )
     docs = build("docs", "v1", credentials=creds, cache_discovery=False)
     drive = build("drive", "v3", credentials=creds, cache_discovery=False)
-    return docs, drive, "oauth"
+    return docs, drive, "service_account_impersonated"
 
 
 # -----------------------------------------------------------
@@ -313,24 +294,21 @@ try:
 
     _sv("gdoc_original_id", raw_id)
 
-    cred_path = _gvs("gdoc_sa_json", "")
+    cred_path = _gvs("gdoc_sa_json2", "")
     if cred_path == "":
-        raise RuntimeError("Falta la variable gdoc_sa_json.")
+        raise RuntimeError("Falta la variable gdoc_sa_json2.")
 
     if not os.path.isabs(cred_path):
         cred_path = os.path.join(base_dir, cred_path)
 
     if not os.path.exists(cred_path):
-        raise RuntimeError("No existe credentials.json: " + cred_path)
+        raise RuntimeError("No existe JSON de cuenta de servicio: " + cred_path)
 
-    token_path = _gvs("gdoc_token_json", "")
-    if token_path == "":
-        token_path = os.path.join(base_dir, "credentials", "token_gdocs_drive.json")
-    if not os.path.isabs(token_path):
-        token_path = os.path.join(base_dir, token_path)
+    impersonated_user = _gvs("gdoc_impersonated_user", "")
 
-    docs_service, drive_service, auth_mode = get_services(cred_path, token_path)
+    docs_service, drive_service, auth_mode = get_services(cred_path, impersonated_user)
     _sv("gdoc_auth_mode", auth_mode)
+    _sv("gdoc_impersonated_user_used", impersonated_user)
 
     doc_id, meta_file, converted = ensure_docs_api_compatible(drive_service, raw_id)
     _sv("gdoc_id", doc_id)
@@ -390,4 +368,4 @@ except Exception as e:
     print(error_msg)
     _sv("status_proceso", "ERROR")
     _sv("error_firma_digital", error_msg)
-    raise
+    raise
\ No newline at end of file

From be0ab0e3af41861c0c1fd6f5e5e4b5955304211c Mon Sep 17 00:00:00 2001
From: Dulce Figueredo <dulce.figueredo@inquality.com.py>
Date: Wed, 13 May 2026 11:47:50 -0300
Subject: [PATCH 2/2] script de plan de pago contado con ajustes para el uso de
 la cuenta de servicio

---
 plan_de_pago_contado.py | 60 ++++++++++++++---------------------------
 1 file changed, 20 insertions(+), 40 deletions(-)

diff --git a/plan_de_pago_contado.py b/plan_de_pago_contado.py
index 3048b0e..2330455 100644
--- a/plan_de_pago_contado.py
+++ b/plan_de_pago_contado.py
@@ -25,9 +25,6 @@ for k in list(sys.modules.keys()):
 from googleapiclient.discovery import build
 from googleapiclient.errors import HttpError
 from google.oauth2 import service_account
-from google.oauth2.credentials import Credentials
-from google_auth_oauthlib.flow import InstalledAppFlow
-from google.auth.transport.requests import Request
 
 # ============================================================
 # Rocketbot vars helpers
@@ -338,36 +335,23 @@ def _load_json(path): #Función auxiliar para cargar un archivo JSON
         return json.load(f)
 
 
-def get_services(credentials_json_path, token_json_path): #Función auxiliar para obtener los servicios de Google
+def get_services(credentials_json_path, impersonated_user): #Funci?n auxiliar para obtener los servicios de Google
     info = _load_json(credentials_json_path) # carga el archivo JSON
+    if not isinstance(info, dict) or info.get("type") != "service_account":
+        raise RuntimeError("gdoc_sa_json2 debe apuntar a un JSON de cuenta de servicio.")
 
-    if isinstance(info, dict) and info.get("type") == "service_account": # si el archivo JSON es un diccionario y tiene el tipo "service_account"
-        creds = service_account.Credentials.from_service_account_file(credentials_json_path, scopes=SCOPES) # crea las credenciales
-        docs = build("docs", "v1", credentials=creds, cache_discovery=False) # crea el cliente de Google Docs
-        drive = build("drive", "v3", credentials=creds, cache_discovery=False) # crea el cliente de Google Drive
-        return docs, drive, "service_account" # devuelve los clientes y el tipo de cuenta
+    impersonated_user = (impersonated_user or "").strip()
+    if not impersonated_user:
+        raise RuntimeError("Falta la variable gdoc_impersonated_user.")
 
-    creds = None # siempre devuelve None si el valor es None
-    if os.path.exists(token_json_path):
-        creds = Credentials.from_authorized_user_file(token_json_path, SCOPES)
-
-    if (not creds) or (not creds.valid):
-        if creds and creds.expired and creds.refresh_token:
-            creds.refresh(Request())
-        else:
-            flow = InstalledAppFlow.from_client_secrets_file(credentials_json_path, SCOPES)
-            try:
-                creds = flow.run_local_server(port=0)
-            except Exception:
-                creds = flow.run_console()
-
-        os.makedirs(os.path.dirname(token_json_path), exist_ok=True)
-        with open(token_json_path, "w", encoding="utf-8") as f:
-            f.write(creds.to_json())
-
-    docs = build("docs", "v1", credentials=creds, cache_discovery=False)
-    drive = build("drive", "v3", credentials=creds, cache_discovery=False)
-    return docs, drive, "oauth"
+    creds = service_account.Credentials.from_service_account_file(
+        credentials_json_path,
+        scopes=SCOPES,
+        subject=impersonated_user,
+    ) # crea las credenciales delegadas
+    docs = build("docs", "v1", credentials=creds, cache_discovery=False) # crea el cliente de Google Docs
+    drive = build("drive", "v3", credentials=creds, cache_discovery=False) # crea el cliente de Google Drive
+    return docs, drive, "service_account_impersonated" # devuelve los clientes y el tipo de cuenta
 
 
 # ============================================================
@@ -1239,24 +1223,20 @@ try:
     marker = _gvs("gdoc_marker", "TABLA_PROFORMA")
     _sv("dbg_marker_var", marker)
 
-    cred_path = _gvs("gdoc_sa_json", "")
+    cred_path = _gvs("gdoc_sa_json2", "")
     if cred_path == "":
-        raise RuntimeError("Falta gdoc_sa_json (ruta a credentials.json)")
+        raise RuntimeError("Falta gdoc_sa_json2 (ruta al JSON de cuenta de servicio)")
     if not os.path.isabs(cred_path):
         cred_path = os.path.join(base_dir, cred_path)
     if not os.path.exists(cred_path):
-        raise RuntimeError("No existe credentials.json: " + cred_path)
+        raise RuntimeError("No existe JSON de cuenta de servicio: " + cred_path)
 
-    token_path = _gvs("gdoc_token_json", "")
-    if token_path == "":
-        token_path = os.path.join(base_dir, "credentials", "token_gdocs_drive.json")
-    if not os.path.isabs(token_path):
-        token_path = os.path.join(base_dir, token_path)
+    impersonated_user = _gvs("gdoc_impersonated_user", "")
 
     _sv("gdoc_credentials_used", cred_path)
-    _sv("gdoc_token_used", token_path)
+    _sv("gdoc_impersonated_user_used", impersonated_user)
 
-    docs_service, drive_service, auth_mode = get_services(cred_path, token_path)
+    docs_service, drive_service, auth_mode = get_services(cred_path, impersonated_user)
     _sv("gdoc_auth_mode", auth_mode)
 
     url = _gvs("gdoc_url", "")