From 198cc852c3b0812dc5032b543931117eb07ebb1c Mon Sep 17 00:00:00 2001 From: the-djmaze <> Date: Sun, 29 Sep 2024 11:50:00 +0200 Subject: [PATCH] O365 option to use Azure or Personal accounts #1645 --- plugins/login-o365/LoginOAuth2.js | 4 +++- plugins/login-o365/index.php | 18 +++++++++++++----- 2 files changed, 16 insertions(+), 6 deletions(-) diff --git a/plugins/login-o365/LoginOAuth2.js b/plugins/login-o365/LoginOAuth2.js index 4afc930bf9..dd8c843eda 100644 --- a/plugins/login-o365/LoginOAuth2.js +++ b/plugins/login-o365/LoginOAuth2.js @@ -1,11 +1,13 @@ (rl => { const client_id = rl.pluginSettingsGet('login-o365', 'client_id'), + // https://learn.microsoft.com/en-us/entra/identity-platform/reply-url#query-parameter-support-in-redirect-uris + query = rl.pluginSettingsGet('login-o365', 'personal') ? '' : '?', tenant = rl.pluginSettingsGet('login-o365', 'tenant'), login = () => { document.location = 'https://login.microsoftonline.com/'+tenant+'/oauth2/v2.0/authorize?' + (new URLSearchParams({ response_type: 'code', client_id: client_id, - redirect_uri: document.location.href.replace(/\/$/, '') + '/LoginO365', + redirect_uri: document.location.href.replace(/\/$/, '') + '/' + query + 'LoginO365', scope: [ // Associate personal info 'openid', diff --git a/plugins/login-o365/index.php b/plugins/login-o365/index.php index 902c46d154..62050f429b 100644 --- a/plugins/login-o365/index.php +++ b/plugins/login-o365/index.php @@ -7,8 +7,9 @@ * * https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/RegisteredApps * - * redirect_uri=https://{DOMAIN}/?LoginO365 - * redirect_uri=https://{DOMAIN}/LoginO365 + * https://learn.microsoft.com/en-us/entra/identity-platform/reply-url#query-parameter-support-in-redirect-uris + * Azure: redirect_uri=https://{DOMAIN}/?LoginO365 + * Personal: redirect_uri=https://{DOMAIN}/LoginO365 */ use RainLoop\Model\MainAccount; @@ -18,8 +19,8 @@ class LoginO365Plugin extends \RainLoop\Plugins\AbstractPlugin { const NAME = 'Office365/Outlook OAuth2', - VERSION = '0.2', - RELEASE = '2024-08-13', + VERSION = '0.3', + RELEASE = '2024-09-29', REQUIRED = '2.36.1', CATEGORY = 'Login', DESCRIPTION = 'Office365/Outlook IMAP, Sieve & SMTP login using RFC 7628 OAuth2'; @@ -47,6 +48,7 @@ public function Init() : void public function httpPaths(array &$aPaths) : void { + // Personal accounts workaround if (!empty($_SERVER['PATH_INFO']) && \str_ends_with($_SERVER['PATH_INFO'], 'LoginO365')) { $aPaths = ['LoginO365']; } @@ -113,7 +115,7 @@ public function ServiceLoginO365() : string $iExpires += $aResponse['expires_in']; $oO365->setAccessToken($sAccessToken); - $aUserInfo = $oO365->fetch('https://graph.microsoft.com/oidc/userinfo"'); + $aUserInfo = $oO365->fetch('https://graph.microsoft.com/oidc/userinfo'); if (200 != $aUserInfo['code']) { throw new \RuntimeException("HTTP: {$aResponse['code']}"); } @@ -154,6 +156,12 @@ public function ServiceLoginO365() : string public function configMapping() : array { return [ + \RainLoop\Plugins\Property::NewInstance('personal') + ->SetLabel('Use with personal accounts') + ->SetType(\RainLoop\Enumerations\PluginPropertyType::BOOL) + ->SetDefaultValue(true) + ->SetAllowedInJs() + ->SetDescription('Sign in users with personal Microsoft accounts such as Outlook.com (Hotmail)'), \RainLoop\Plugins\Property::NewInstance('client_id') ->SetLabel('Client ID') ->SetType(\RainLoop\Enumerations\PluginPropertyType::STRING)