Sutty/trabajo-afectivo
5
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
trabajo-afectivo/lib/external_credential/office365.rb

268 lines
9 KiB
Ruby
Raw Normal View History

Fixes #3215 - Outlook/Office365/Exchange Online MFA for IMAP & SMTP.
2020-10-02 12:46:19 +00:00
class ExternalCredential::Office365
def self.app_verify(params)
request_account_to_link(params, false)
params
end
def self.request_account_to_link(credentials = {}, app_required = true)
external_credential = ExternalCredential.find_by(name: 'office365')
raise Exceptions::UnprocessableEntity, 'No Office365 app configured!' if !external_credential && app_required
if external_credential
if credentials[:client_id].blank?
credentials[:client_id] = external_credential.credentials['client_id']
end
if credentials[:client_secret].blank?
credentials[:client_secret] = external_credential.credentials['client_secret']
end
end
raise Exceptions::UnprocessableEntity, 'No client_id param!' if credentials[:client_id].blank?
raise Exceptions::UnprocessableEntity, 'No client_secret param!' if credentials[:client_secret].blank?
authorize_url = generate_authorize_url(credentials[:client_id])
{
authorize_url: authorize_url,
}
end
def self.link_account(_request_token, params)
external_credential = ExternalCredential.find_by(name: 'office365')
raise Exceptions::UnprocessableEntity, 'No office365 app configured!' if !external_credential
raise Exceptions::UnprocessableEntity, 'No code for session found!' if !params[:code]
response = authorize_tokens(external_credential.credentials[:client_id], external_credential.credentials[:client_secret], params[:code])
%w[refresh_token access_token expires_in scope token_type id_token].each do |key|
raise Exceptions::UnprocessableEntity, "No #{key} for authorization request found!" if response[key.to_sym].blank?
end
user_data = user_info(response[:id_token])
raise Exceptions::UnprocessableEntity, 'Unable to extract user preferred_username from id_token!' if user_data[:preferred_username].blank?
migrate_channel = nil
Channel.where(area: 'Email::Account').find_each do |channel|
next if channel.options.dig(:inbound, :options, :user) != user_data[:email]
next if channel.options.dig(:inbound, :options, :host) != 'outlook.office365.com'
next if channel.options.dig(:outbound, :options, :user) != user_data[:email]
next if channel.options.dig(:outbound, :options, :host) != 'smtp.office365.com'
migrate_channel = channel
break
end
channel_options = {
inbound: {
adapter: 'imap',
options: {
auth_type: 'XOAUTH2',
host: 'outlook.office365.com',
ssl: true,
user: user_data[:preferred_username],
},
},
outbound: {
adapter: 'smtp',
options: {
host: 'smtp.office365.com',
domain: 'office365.com',
port: 587,
user: user_data[:preferred_username],
authentication: 'xoauth2',
},
},
auth: response.merge(
provider: 'office365',
type: 'XOAUTH2',
client_id: external_credential.credentials[:client_id],
client_secret: external_credential.credentials[:client_secret],
),
}
if migrate_channel
channel_options[:inbound][:options][:folder] = migrate_channel.options[:inbound][:options][:folder]
channel_options[:inbound][:options][:keep_on_server] = migrate_channel.options[:inbound][:options][:keep_on_server]
backup = {
attributes: {
area: migrate_channel.area,
options: migrate_channel.options,
last_log_in: migrate_channel.last_log_in,
last_log_out: migrate_channel.last_log_out,
status_in: migrate_channel.status_in,
status_out: migrate_channel.status_out,
},
migrated_at: Time.zone.now,
}
migrate_channel.update(
area: 'Office365::Account',
options: channel_options.merge(backup_imap_classic: backup),
last_log_in: nil,
last_log_out: nil,
)
return migrate_channel
end
email_addresses = user_aliases(response)
email_addresses.unshift({
realname: "#{Setting.get('product_name')} Support",
email: user_data[:preferred_username],
})
email_addresses.each do |email|
next if !EmailAddress.exists?(email: email[:preferred_username])
raise Exceptions::UnprocessableEntity, "Duplicate email address or email alias #{email[:preferred_username]} found!"
end
# create channel
channel = Channel.create!(
area: 'Office365::Account',
group_id: Group.first.id,
options: channel_options,
active: false,
created_by_id: 1,
updated_by_id: 1,
)
email_addresses.each do |user_alias|
EmailAddress.create!(
channel_id: channel.id,
realname: user_alias[:realname],
email: user_alias[:email],
active: true,
created_by_id: 1,
updated_by_id: 1,
)
end
channel
end
def self.generate_authorize_url(client_id, scope = 'https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/SMTP.Send offline_access openid profile email')
params = {
'client_id' => client_id,
'redirect_uri' => ExternalCredential.callback_url('office365'),
'scope' => scope,
'response_type' => 'code',
'access_type' => 'offline',
'prompt' => 'consent',
}
uri = URI::HTTPS.build(
host: 'login.microsoftonline.com',
path: '/common/oauth2/v2.0/authorize',
query: params.to_query
)
uri.to_s
end
def self.authorize_tokens(client_id, client_secret, authorization_code)
params = {
'client_secret' => client_secret,
'code' => authorization_code,
'grant_type' => 'authorization_code',
'client_id' => client_id,
'redirect_uri' => ExternalCredential.callback_url('office365'),
}
uri = URI::HTTPS.build(
host: 'login.microsoftonline.com',
path: '/common/oauth2/v2.0/token',
)
response = Net::HTTP.post_form(uri, params)
if response.code != 200 && response.body.blank?
Rails.logger.error "Request failed! (code: #{response.code})"
raise "Request failed! (code: #{response.code})"
end
result = JSON.parse(response.body)
if result['error'] && response.code != 200
Rails.logger.error "Request failed! ERROR: #{result['error']} (#{result['error_description']}, params: #{params.to_json})"
raise "Request failed! ERROR: #{result['error']} (#{result['error_description']})"
end
result[:created_at] = Time.zone.now
result.symbolize_keys
end
def self.refresh_token(token)
return token if token[:created_at] >= Time.zone.now - 50.minutes
params = {
'client_id' => token[:client_id],
'client_secret' => token[:client_secret],
'refresh_token' => token[:refresh_token],
'grant_type' => 'refresh_token',
}
uri = URI::HTTPS.build(
host: 'login.microsoftonline.com',
path: '/common/oauth2/v2.0/token',
)
response = Net::HTTP.post_form(uri, params)
if response.code != 200 && response.body.blank?
Rails.logger.error "Request failed! (code: #{response.code})"
raise "Request failed! (code: #{response.code})"
end
result = JSON.parse(response.body)
if result['error'] && response.code != 200
Rails.logger.error "Request failed! ERROR: #{result['error']} (#{result['error_description']}, params: #{params.to_json})"
raise "Request failed! ERROR: #{result['error']} (#{result['error_description']})"
end
token.merge(
created_at: Time.zone.now,
access_token: result['access_token'],
).symbolize_keys
end
def self.user_aliases(_token)
# uri = URI.parse('https://www.office365apis.com/gmail/v1/users/me/settings/sendAs')
# http = Net::HTTP.new(uri.host, uri.port)
# http.use_ssl = true
# response = http.get(uri.request_uri, { 'Authorization' => "#{token[:token_type]} #{token[:access_token]}" })
# if response.code != 200 && response.body.blank?
# Rails.logger.error "Request failed! (code: #{response.code})"
# raise "Request failed! (code: #{response.code})"
# end
# result = JSON.parse(response.body)
# if result['error'] && response.code != 200
# Rails.logger.error "Request failed! ERROR: #{result['error']['message']}"
# raise "Request failed! ERROR: #{result['error']['message']}"
# end
# aliases = []
# result['sendAs'].each do |row|
# next if row['isPrimary']
# next if !row['verificationStatus']
# next if row['verificationStatus'] != 'accepted'
# aliases.push({
# realname: row['displayName'],
# email: row['sendAsEmail'],
# })
# end
[]
end
def self.user_info(id_token)
split = id_token.split('.')[1]
return if split.blank?
JSON.parse(Base64.decode64(split)).symbolize_keys
end
end
Reference in a new issue Copy permalink