Fixes #3240 - Allow reauthentication of Google / Microsoft365 accounts.

2020-11-20 14:58:57 +01:00 · 2020-11-20 14:58:57 +01:00 · b930827b77
commit b930827b77
parent b7a4cc6d6a
7 changed files with 69 additions and 25 deletions
--- a/app/assets/javascripts/app/controllers/_channel/google.coffee
+++ b/app/assets/javascripts/app/controllers/_channel/google.coffee
@ -37,6 +37,7 @@ class ChannelAccountOverview extends App.ControllerSubContent
  events:
    'click .js-new':                'new'
    'click .js-delete':             'delete'
    'click .js-reauthenticate':     'reauthenticate'
    'click .js-configApp':          'configApp'
    'click .js-disable':            'disable'
    'click .js-enable':             'enable'
@ -158,6 +159,11 @@ class ChannelAccountOverview extends App.ControllerSubContent
      container: @el.closest('.content')
    )
  reauthenticate: (e) =>
    e.preventDefault()
    id                   = $(e.target).closest('.action').data('id')
    window.location.href = "#{@apiPath}/external_credentials/google/link_account?channel_id=#{id}"
  disable: (e) =>
    e.preventDefault()
    id   = $(e.target).closest('.action').data('id')
--- a/app/assets/javascripts/app/controllers/_channel/microsoft365.coffee
+++ b/app/assets/javascripts/app/controllers/_channel/microsoft365.coffee
@ -37,6 +37,7 @@ class ChannelAccountOverview extends App.ControllerSubContent
  events:
    'click .js-new':                'new'
    'click .js-delete':             'delete'
    'click .js-reauthenticate':     'reauthenticate'
    'click .js-configApp':          'configApp'
    'click .js-disable':            'disable'
    'click .js-enable':             'enable'
@ -149,6 +150,11 @@ class ChannelAccountOverview extends App.ControllerSubContent
      container: @el.closest('.content')
    )
  reauthenticate: (e) =>
    e.preventDefault()
    id                   = $(e.target).closest('.action').data('id')
    window.location.href = "#{@apiPath}/external_credentials/microsoft365/link_account?channel_id=#{id}"
  disable: (e) =>
    e.preventDefault()
    id   = $(e.target).closest('.action').data('id')
--- a/app/assets/javascripts/app/views/google/list.jst.eco
+++ b/app/assets/javascripts/app/views/google/list.jst.eco
@ -110,6 +110,7 @@
        <div class="btn btn--secondary js-enable"><%- @T('Enable') %></div>
      <% end %>
      <div class="btn btn--danger btn--secondary js-delete"><%- @T('Delete') %></div>
      <div class="btn btn--secondary js-reauthenticate"><%- @T('Reauthenticate') %></div>
    </div>
  </div>
 <% end %>
--- a/app/assets/javascripts/app/views/microsoft365/list.jst.eco
+++ b/app/assets/javascripts/app/views/microsoft365/list.jst.eco
@ -110,6 +110,7 @@
      <% else: %>
        <div class="btn btn--secondary js-enable"><%- @T('Enable') %></div>
      <% end %>
      <div class="btn btn--secondary js-reauthenticate"><%- @T('Reauthenticate') %></div>
    </div>
  </div>
 <% end %>
--- a/app/controllers/external_credentials_controller.rb
+++ b/app/controllers/external_credentials_controller.rb
@ -34,18 +34,24 @@ class ExternalCredentialsController < ApplicationController
    provider = params[:provider].downcase
    attributes = ExternalCredential.request_account_to_link(provider)
    session[:request_token] = attributes[:request_token]
    session[:channel_id] = params[:channel_id]
    redirect_to attributes[:authorize_url]
  end
  def callback
    provider = params[:provider].downcase
-    channel = ExternalCredential.link_account(provider, session[:request_token], params.permit!.to_h)
+    channel = ExternalCredential.link_account(provider, session[:request_token], link_params)
    session[:request_token] = nil
    session[:channel_id] = nil
    redirect_to app_url(provider, channel.id)
  end
  private
  def link_params
    params.permit!.to_h.merge(channel_id: session[:channel_id])
  end
  def callback_url(provider)
    ExternalCredential.callback_url(provider)
  end
--- a/lib/external_credential/google.rb
+++ b/lib/external_credential/google.rb
@ -41,18 +41,6 @@ class ExternalCredential::Google
    user_data = user_info(response[:id_token])
    raise Exceptions::UnprocessableEntity, 'Unable to extract user email from id_token!' if user_data[:email].blank?
    migrate_channel = nil
    Channel.where(area: 'Email::Account').find_each do |channel|
      next if channel.options.dig(:inbound, :options, :user) != user_data[:email]
      next if channel.options.dig(:inbound, :options, :host) != 'imap.gmail.com'
      next if channel.options.dig(:outbound, :options, :user) != user_data[:email]
      next if channel.options.dig(:outbound, :options, :host) != 'smtp.gmail.com'
      migrate_channel = channel
      break
    end
    channel_options = {
      inbound:  {
        adapter: 'imap',
@ -82,6 +70,30 @@ class ExternalCredential::Google
      ),
    }
    if params[:channel_id]
      existing_channel = Channel.where(area: 'Google::Account').find(params[:channel_id])
      existing_channel.update!(
        options: channel_options,
      )
      existing_channel.refresh_xoauth2!
      return existing_channel
    end
    migrate_channel = nil
    Channel.where(area: 'Email::Account').find_each do |channel|
      next if channel.options.dig(:inbound, :options, :user) != user_data[:email]
      next if channel.options.dig(:inbound, :options, :host) != 'imap.gmail.com'
      next if channel.options.dig(:outbound, :options, :user) != user_data[:email]
      next if channel.options.dig(:outbound, :options, :host) != 'smtp.gmail.com'
      migrate_channel = channel
      break
    end
    if migrate_channel
      channel_options[:inbound][:options][:folder]         = migrate_channel.options[:inbound][:options][:folder]
      channel_options[:inbound][:options][:keep_on_server] = migrate_channel.options[:inbound][:options][:keep_on_server]
--- a/lib/external_credential/microsoft365.rb
+++ b/lib/external_credential/microsoft365.rb
@ -41,18 +41,6 @@ class ExternalCredential::Microsoft365
    user_data = user_info(response[:id_token])
    raise Exceptions::UnprocessableEntity, 'Unable to extract user preferred_username from id_token!' if user_data[:preferred_username].blank?
    migrate_channel = nil
    Channel.where(area: 'Email::Account').find_each do |channel|
      next if channel.options.dig(:inbound, :options, :user) != user_data[:email]
      next if channel.options.dig(:inbound, :options, :host) != 'outlook.office365.com'
      next if channel.options.dig(:outbound, :options, :user) != user_data[:email]
      next if channel.options.dig(:outbound, :options, :host) != 'smtp.office365.com'
      migrate_channel = channel
      break
    end
    channel_options = {
      inbound:  {
        adapter: 'imap',
@ -81,6 +69,30 @@ class ExternalCredential::Microsoft365
      ),
    }
    if params[:channel_id]
      existing_channel = Channel.where(area: 'Microsoft365::Account').find(params[:channel_id])
      existing_channel.update!(
        options: channel_options,
      )
      existing_channel.refresh_xoauth2!
      return existing_channel
    end
    migrate_channel = nil
    Channel.where(area: 'Email::Account').find_each do |channel|
      next if channel.options.dig(:inbound, :options, :user) != user_data[:email]
      next if channel.options.dig(:inbound, :options, :host) != 'outlook.office365.com'
      next if channel.options.dig(:outbound, :options, :user) != user_data[:email]
      next if channel.options.dig(:outbound, :options, :host) != 'smtp.office365.com'
      migrate_channel = channel
      break
    end
    if migrate_channel
      channel_options[:inbound][:options][:folder]         = migrate_channel.options[:inbound][:options][:folder]
      channel_options[:inbound][:options][:keep_on_server] = migrate_channel.options[:inbound][:options][:keep_on_server]