Fixes #3411 - Microsoft 365: The refresh token has expired due to inactivity. The token was issued on 2020-11-17T13:30:55.3656422Z and was inactive for 90.00:00:00.

This commit is contained in:
Rolf Schmidt 2021-02-25 17:46:39 +00:00 committed by Thorsten Eckel
parent c505851e4c
commit a86b288f4c
6 changed files with 63 additions and 4 deletions

View file

@ -48,9 +48,17 @@ cache:
key: "centos7ruby266" key: "centos7ruby266"
paths: paths:
- vendor/ruby - vendor/ruby
# ATTENTION: This should be a dedicated cache only used in the job "TODO".
# ATTENTION: Remember to update the global CI ENV setting with the latest
# version of the ENV from an artifact of the "TODO" job to use a valid key.
# A dedicated cache should be used because the ENVs are not bound to the Ruby version and OS.
# Unfortunately GitLab is not yet capable of having multiple cache-s per job
# See: https://gitlab.com/gitlab-org/gitlab/-/issues/32814
- fresh.env
# Initialize application env # Initialize application env
before_script: before_script:
- source /etc/profile.d/rvm.sh - source /etc/profile.d/rvm.sh
- FRESHENVFILE=fresh.env && test -f $FRESHENVFILE && source $FRESHENVFILE
- bundle install -j $(nproc) --path vendor - bundle install -j $(nproc) --path vendor
- bundle exec ruby script/build/database_config.rb - bundle exec ruby script/build/database_config.rb

View file

@ -33,3 +33,26 @@ github:
- "" # no RVM present in deploy ENV - "" # no RVM present in deploy ENV
script: script:
- script/build/sync_repo.sh git@github.com:zammad/zammad.git - script/build/sync_repo.sh git@github.com:zammad/zammad.git
global_refresh_envs:
extends:
- .tags_docker
- .services_postgresql
stage: pre
# ensure that only one Job runs in the whole project (branches etc.)
resource_group: global_refresh_envs
# allow download via the web UI to restore ENVs in case global cache got deleted (see: `.gitlab-ci.yml`)
artifacts:
expire_in: 1 day
paths:
- fresh.env
rules:
- if: $CI_MERGE_REQUEST_ID
when: never
- if: '$CI_COMMIT_BRANCH =~ /^private/'
when: manual
allow_failure: true
- when: always
script:
- bundle exec rake zammad:ci:refresh_envs

View file

@ -206,6 +206,9 @@ group :development, :test do
# image comparison in tests # image comparison in tests
gem 'chunky_png' gem 'chunky_png'
# refresh ENVs in CI environment
gem 'dotenv', require: false
end end
# Want to extend Zammad with additional gems? # Want to extend Zammad with additional gems?

View file

@ -177,6 +177,7 @@ GEM
unf (>= 0.0.5, < 1.0.0) unf (>= 0.0.5, < 1.0.0)
doorkeeper (5.3.2) doorkeeper (5.3.2)
railties (>= 5) railties (>= 5)
dotenv (2.7.6)
eco (1.0.0) eco (1.0.0)
coffee-script coffee-script
eco-source eco-source
@ -603,6 +604,7 @@ DEPENDENCIES
deprecation_toolkit deprecation_toolkit
diffy diffy
doorkeeper doorkeeper
dotenv
eco eco
em-websocket em-websocket
eventmachine eventmachine

View file

@ -233,10 +233,9 @@ class ExternalCredential::Microsoft365
raise "Request failed! ERROR: #{result['error']} (#{result['error_description']})" raise "Request failed! ERROR: #{result['error']} (#{result['error_description']})"
end end
token.merge( token.merge(result.symbolize_keys).merge(
created_at: Time.zone.now, created_at: Time.zone.now,
access_token: result['access_token'], )
).symbolize_keys
end end
def self.user_info(id_token) def self.user_info(id_token)

View file

@ -0,0 +1,24 @@
require 'dotenv'
namespace :zammad do
namespace :ci do
desc 'Re-fresh-es dynamic ENV variables'
task refresh_envs: :environment do
Dotenv.overload('fresh.env')
result = ExternalCredential::Microsoft365.refresh_token(
created_at: 30.days.ago,
client_id: ENV['MICROSOFT365_CLIENT_ID'],
client_secret: ENV['MICROSOFT365_CLIENT_SECRET'],
refresh_token: ENV['MICROSOFT365_REFRESH_TOKEN'],
)
token_env = %(MICROSOFT365_REFRESH_TOKEN="#{result[:refresh_token]}")
File.write(Rails.root.join('fresh.env'), token_env)
end
end
end