Fixes #3240 - Allow reauthentication of Google / Microsoft365 accounts.

2020-11-20 14:58:57 +01:00 · 2020-11-20 14:58:57 +01:00 · b930827b77
parent b7a4cc6d6a
commit b930827b77
7 changed files with 69 additions and 25 deletions
--- a/app/assets/javascripts/app/controllers/_channel/google.coffee
+++ b/app/assets/javascripts/app/controllers/_channel/google.coffee
@ -37,6 +37,7 @@ class ChannelAccountOverview extends App.ControllerSubContent
  events:
    'click .js-new':                'new'
    'click .js-delete':             'delete'
+    'click .js-reauthenticate':     'reauthenticate'
    'click .js-configApp':          'configApp'
    'click .js-disable':            'disable'
    'click .js-enable':             'enable'
@ -158,6 +159,11 @@ class ChannelAccountOverview extends App.ControllerSubContent
      container: @el.closest('.content')
    )

+  reauthenticate: (e) =>
+    e.preventDefault()
+    id                   = $(e.target).closest('.action').data('id')
+    window.location.href = "#{@apiPath}/external_credentials/google/link_account?channel_id=#{id}"
+
  disable: (e) =>
    e.preventDefault()
    id   = $(e.target).closest('.action').data('id')
--- a/app/assets/javascripts/app/controllers/_channel/microsoft365.coffee
+++ b/app/assets/javascripts/app/controllers/_channel/microsoft365.coffee
@ -37,6 +37,7 @@ class ChannelAccountOverview extends App.ControllerSubContent
  events:
    'click .js-new':                'new'
    'click .js-delete':             'delete'
+    'click .js-reauthenticate':     'reauthenticate'
    'click .js-configApp':          'configApp'
    'click .js-disable':            'disable'
    'click .js-enable':             'enable'
@ -149,6 +150,11 @@ class ChannelAccountOverview extends App.ControllerSubContent
      container: @el.closest('.content')
    )

+  reauthenticate: (e) =>
+    e.preventDefault()
+    id                   = $(e.target).closest('.action').data('id')
+    window.location.href = "#{@apiPath}/external_credentials/microsoft365/link_account?channel_id=#{id}"
+
  disable: (e) =>
    e.preventDefault()
    id   = $(e.target).closest('.action').data('id')
--- a/app/assets/javascripts/app/views/google/list.jst.eco
+++ b/app/assets/javascripts/app/views/google/list.jst.eco
@ -110,6 +110,7 @@
        <div class="btn btn--secondary js-enable"><%- @T('Enable') %></div>
      <% end %>
      <div class="btn btn--danger btn--secondary js-delete"><%- @T('Delete') %></div>
+      <div class="btn btn--secondary js-reauthenticate"><%- @T('Reauthenticate') %></div>
    </div>
  </div>
 <% end %>
--- a/app/assets/javascripts/app/views/microsoft365/list.jst.eco
+++ b/app/assets/javascripts/app/views/microsoft365/list.jst.eco
@ -110,6 +110,7 @@
      <% else: %>
        <div class="btn btn--secondary js-enable"><%- @T('Enable') %></div>
      <% end %>
+      <div class="btn btn--secondary js-reauthenticate"><%- @T('Reauthenticate') %></div>
    </div>
  </div>
 <% end %>
--- a/app/controllers/external_credentials_controller.rb
+++ b/app/controllers/external_credentials_controller.rb
@ -34,18 +34,24 @@ class ExternalCredentialsController < ApplicationController
    provider = params[:provider].downcase
    attributes = ExternalCredential.request_account_to_link(provider)
    session[:request_token] = attributes[:request_token]
+    session[:channel_id] = params[:channel_id]
    redirect_to attributes[:authorize_url]
  end

  def callback
    provider = params[:provider].downcase
-    channel = ExternalCredential.link_account(provider, session[:request_token], params.permit!.to_h)
+    channel = ExternalCredential.link_account(provider, session[:request_token], link_params)
    session[:request_token] = nil
+    session[:channel_id] = nil
    redirect_to app_url(provider, channel.id)
  end

  private

+  def link_params
+    params.permit!.to_h.merge(channel_id: session[:channel_id])
+  end
+
  def callback_url(provider)
    ExternalCredential.callback_url(provider)
  end
--- a/lib/external_credential/google.rb
+++ b/lib/external_credential/google.rb
@ -41,18 +41,6 @@ class ExternalCredential::Google
    user_data = user_info(response[:id_token])
    raise Exceptions::UnprocessableEntity, 'Unable to extract user email from id_token!' if user_data[:email].blank?

-    migrate_channel = nil
-    Channel.where(area: 'Email::Account').find_each do |channel|
-      next if channel.options.dig(:inbound, :options, :user) != user_data[:email]
-      next if channel.options.dig(:inbound, :options, :host) != 'imap.gmail.com'
-      next if channel.options.dig(:outbound, :options, :user) != user_data[:email]
-      next if channel.options.dig(:outbound, :options, :host) != 'smtp.gmail.com'
-
-      migrate_channel = channel
-
-      break
-    end
-
    channel_options = {
      inbound:  {
        adapter: 'imap',
@ -82,6 +70,30 @@ class ExternalCredential::Google
      ),
    }

+    if params[:channel_id]
+      existing_channel = Channel.where(area: 'Google::Account').find(params[:channel_id])
+
+      existing_channel.update!(
+        options: channel_options,
+      )
+
+      existing_channel.refresh_xoauth2!
+
+      return existing_channel
+    end
+
+    migrate_channel = nil
+    Channel.where(area: 'Email::Account').find_each do |channel|
+      next if channel.options.dig(:inbound, :options, :user) != user_data[:email]
+      next if channel.options.dig(:inbound, :options, :host) != 'imap.gmail.com'
+      next if channel.options.dig(:outbound, :options, :user) != user_data[:email]
+      next if channel.options.dig(:outbound, :options, :host) != 'smtp.gmail.com'
+
+      migrate_channel = channel
+
+      break
+    end
+
    if migrate_channel
      channel_options[:inbound][:options][:folder]         = migrate_channel.options[:inbound][:options][:folder]
      channel_options[:inbound][:options][:keep_on_server] = migrate_channel.options[:inbound][:options][:keep_on_server]
--- a/lib/external_credential/microsoft365.rb
+++ b/lib/external_credential/microsoft365.rb
@ -41,18 +41,6 @@ class ExternalCredential::Microsoft365
    user_data = user_info(response[:id_token])
    raise Exceptions::UnprocessableEntity, 'Unable to extract user preferred_username from id_token!' if user_data[:preferred_username].blank?

-    migrate_channel = nil
-    Channel.where(area: 'Email::Account').find_each do |channel|
-      next if channel.options.dig(:inbound, :options, :user) != user_data[:email]
-      next if channel.options.dig(:inbound, :options, :host) != 'outlook.office365.com'
-      next if channel.options.dig(:outbound, :options, :user) != user_data[:email]
-      next if channel.options.dig(:outbound, :options, :host) != 'smtp.office365.com'
-
-      migrate_channel = channel
-
-      break
-    end
-
    channel_options = {
      inbound:  {
        adapter: 'imap',
@ -81,6 +69,30 @@ class ExternalCredential::Microsoft365
      ),
    }

+    if params[:channel_id]
+      existing_channel = Channel.where(area: 'Microsoft365::Account').find(params[:channel_id])
+
+      existing_channel.update!(
+        options: channel_options,
+      )
+
+      existing_channel.refresh_xoauth2!
+
+      return existing_channel
+    end
+
+    migrate_channel = nil
+    Channel.where(area: 'Email::Account').find_each do |channel|
+      next if channel.options.dig(:inbound, :options, :user) != user_data[:email]
+      next if channel.options.dig(:inbound, :options, :host) != 'outlook.office365.com'
+      next if channel.options.dig(:outbound, :options, :user) != user_data[:email]
+      next if channel.options.dig(:outbound, :options, :host) != 'smtp.office365.com'
+
+      migrate_channel = channel
+
+      break
+    end
+
    if migrate_channel
      channel_options[:inbound][:options][:folder]         = migrate_channel.options[:inbound][:options][:folder]
      channel_options[:inbound][:options][:keep_on_server] = migrate_channel.options[:inbound][:options][:keep_on_server]