Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[fix] use correct scope for azure oauth #15123

Merged
merged 1 commit into from
Mar 26, 2024
Merged

[fix] use correct scope for azure oauth #15123

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 5 additions & 4 deletions app/services/oauth_clients/connection_manager.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,6 @@ def initialize(user:, configuration:)
# that wants to access OAuth2 protected resources.
# Returns an OAuthClientToken object or a String in case a renew is required.
# @param state (OAuth2 RFC) encapsulates the state of the calling page (URL + params) to return
# @param scope (OAuth2 RFC) specifies the resources to access. Nextcloud only has one global scope.
# @return ServiceResult with ServiceResult.result being either an OAuthClientToken or a redirection URL
def get_access_token(state: nil)
# Check for an already existing token from last call
Expand All @@ -66,7 +65,7 @@ def get_access_token(state: nil)
# Talk to OAuth2 Authorization Server to exchange the renew_token for a new bearer token.
def refresh_token
OAuthClientToken.transaction do
oauth_client_token = OAuthClientToken.lock('FOR UPDATE').find_by(user_id: @user, oauth_client_id: @oauth_client.id)
oauth_client_token = OAuthClientToken.lock("FOR UPDATE").find_by(user_id: @user, oauth_client_id: @oauth_client.id)

if oauth_client_token.present?
if (Time.current - oauth_client_token.updated_at) > TOKEN_IS_FRESH_DURATION
Expand All @@ -83,7 +82,7 @@ def refresh_token
else
storage_error = ::Storages::StorageError.new(
code: :error,
log_message: I18n.t('oauth_client.errors.refresh_token_called_without_existing_token')
log_message: I18n.t("oauth_client.errors.refresh_token_called_without_existing_token")
)
ServiceResult.failure(result: :error, errors: storage_error)
end
Expand Down Expand Up @@ -116,6 +115,8 @@ def code_to_token(code)
expires_in: rack_access_token.raw_attributes[:expires_in],
scope: rack_access_token.scope
)
return ServiceResult.failure(errors: oauth_client_token.errors) unless oauth_client_token.valid?

OpenProject::Notifications.send(
OpenProject::Events::OAUTH_CLIENT_TOKEN_CREATED,
integration_type: @oauth_client.integration_type
Expand Down Expand Up @@ -208,7 +209,7 @@ def update_oauth_client_token(oauth_client_token, rack_oauth2_access_token)
ServiceResult.success(result: oauth_client_token)
else
result = ServiceResult.failure
result.errors.add(:base, I18n.t('oauth_client.errors.refresh_token_updated_failed'))
result.errors.add(:base, I18n.t("oauth_client.errors.refresh_token_updated_failed"))
result.add_dependent!(ServiceResult.failure(errors: oauth_client_token.errors))
result
end
Expand Down
4 changes: 2 additions & 2 deletions .../storages/app/common/storages/peripherals/oauth_configurations/one_drive_configuration.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,12 +58,12 @@ def to_httpx_oauth_config
client_id: @oauth_client.client_id,
client_secret: @oauth_client.client_secret,
issuer: @oauth_uri,
scope: %w[https://graph.microsoft.com/.default]
scope:
)
end

def scope
%w[https://graph.microsoft.com/.default]
%w[https://graph.microsoft.com/.default offline_access]
end

def basic_rack_oauth_client
Expand Down
Loading