Fixes #3411 - Microsoft 365: The refresh token has expired due to inactivity. The token was issued on 2020-11-17T13:30:55.3656422Z and was inactive for 90.00:00:00.

2021-02-25 17:46:39 +00:00 · 2021-02-25 17:46:39 +00:00 · a86b288f4c
parent c505851e4c
commit a86b288f4c
6 changed files with 63 additions and 4 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -48,9 +48,17 @@ cache:
  key: "centos7ruby266"
  paths:
    - vendor/ruby
+    # ATTENTION: This should be a dedicated cache only used in the job "TODO".
+    # ATTENTION: Remember to update the global CI ENV setting with the latest
+    #   version of the ENV from an artifact of the "TODO" job to use a valid key.
+    # A dedicated cache should be used because the ENVs are not bound to the Ruby version and OS.
+    # Unfortunately GitLab is not yet capable of having multiple cache-s per job
+    # See: https://gitlab.com/gitlab-org/gitlab/-/issues/32814
+    - fresh.env

 # Initialize application env
 before_script:
  - source /etc/profile.d/rvm.sh
+  - FRESHENVFILE=fresh.env && test -f $FRESHENVFILE && source $FRESHENVFILE
  - bundle install -j $(nproc) --path vendor
  - bundle exec ruby script/build/database_config.rb
--- a/.gitlab/ci/pre.yml
+++ b/.gitlab/ci/pre.yml
@ -33,3 +33,26 @@ github:
    - "" # no RVM present in deploy ENV
  script:
    - script/build/sync_repo.sh git@github.com:zammad/zammad.git
+
+global_refresh_envs:
+  extends:
+    - .tags_docker
+    - .services_postgresql
+  stage: pre
+  # ensure that only one Job runs in the whole project (branches etc.)
+  resource_group: global_refresh_envs
+  # allow download via the web UI to restore ENVs in case global cache got deleted (see: `.gitlab-ci.yml`)
+  artifacts:
+    expire_in: 1 day
+    paths:
+    - fresh.env
+  rules:
+    - if: $CI_MERGE_REQUEST_ID
+      when: never
+    - if: '$CI_COMMIT_BRANCH =~ /^private/'
+      when: manual
+      allow_failure: true
+    - when: always
+
+  script:
+    - bundle exec rake zammad:ci:refresh_envs
--- a/3
+++ b/3
@ -206,6 +206,9 @@ group :development, :test do

  # image comparison in tests
  gem 'chunky_png'
+
+  # refresh ENVs in CI environment
+  gem 'dotenv', require: false
 end

 # Want to extend Zammad with additional gems?
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -177,6 +177,7 @@ GEM
      unf (>= 0.0.5, < 1.0.0)
    doorkeeper (5.3.2)
      railties (>= 5)
+    dotenv (2.7.6)
    eco (1.0.0)
      coffee-script
      eco-source
@ -603,6 +604,7 @@ DEPENDENCIES
  deprecation_toolkit
  diffy
  doorkeeper
+  dotenv
  eco
  em-websocket
  eventmachine
--- a/lib/external_credential/microsoft365.rb
+++ b/lib/external_credential/microsoft365.rb
@ -233,10 +233,9 @@ class ExternalCredential::Microsoft365
      raise "Request failed! ERROR: #{result['error']} (#{result['error_description']})"
    end

-    token.merge(
-      created_at:   Time.zone.now,
-      access_token: result['access_token'],
-    ).symbolize_keys
+    token.merge(result.symbolize_keys).merge(
+      created_at: Time.zone.now,
+    )
  end

  def self.user_info(id_token)
--- a/lib/tasks/zammad/ci/refresh_envs.rake
+++ b/lib/tasks/zammad/ci/refresh_envs.rake
@ -0,0 +1,24 @@
+require 'dotenv'
+
+namespace :zammad do
+
+  namespace :ci do
+
+    desc 'Re-fresh-es dynamic ENV variables'
+    task refresh_envs: :environment do
+
+      Dotenv.overload('fresh.env')
+
+      result = ExternalCredential::Microsoft365.refresh_token(
+        created_at:    30.days.ago,
+        client_id:     ENV['MICROSOFT365_CLIENT_ID'],
+        client_secret: ENV['MICROSOFT365_CLIENT_SECRET'],
+        refresh_token: ENV['MICROSOFT365_REFRESH_TOKEN'],
+      )
+
+      token_env = %(MICROSOFT365_REFRESH_TOKEN="#{result[:refresh_token]}")
+
+      File.write(Rails.root.join('fresh.env'), token_env)
+    end
+  end
+end