diff options
author | Jason Gunthorpe <jgg@mellanox.com> | 2020-05-28 10:13:37 -0300 |
---|---|---|
committer | Jason Gunthorpe <jgg@mellanox.com> | 2020-05-28 11:41:47 -0300 |
commit | 192d633a13adf2d552f4257f4975b066204b9da9 (patch) | |
tree | 544fd2e7ec777e2bbf123369fd3de064958425c6 /cloud_mdir_sync/gmail.py | |
parent | 72b3e5ff5d68d9f70257f9556068cc1e5de23e1c (diff) | |
download | cloud_mdir_sync-192d633a13adf2d552f4257f4975b066204b9da9.tar.gz cloud_mdir_sync-192d633a13adf2d552f4257f4975b066204b9da9.tar.bz2 cloud_mdir_sync-192d633a13adf2d552f4257f4975b066204b9da9.zip |
Add OAUTH Credential server
The OAUTH credential server allows CMS to ack as an OAUTH broker and
supply bearer tokens to other applications in the system. Currently this
only support SMTP tokens for outbound mail delivery.
A UNIX domain socket is used to communicate between the SMTP agent and CMS.
A simple one line protocol is used to specify the account requested and
CMS returns the plain XAOUTH2 response string. The agent is responsible to
base64 encode it.
This works for GMail and O365 mailboxes.
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Diffstat (limited to 'cloud_mdir_sync/gmail.py')
-rw-r--r-- | cloud_mdir_sync/gmail.py | 34 |
1 files changed, 25 insertions, 9 deletions
diff --git a/cloud_mdir_sync/gmail.py b/cloud_mdir_sync/gmail.py index b22291f..b6d1490 100644 --- a/cloud_mdir_sync/gmail.py +++ b/cloud_mdir_sync/gmail.py @@ -14,7 +14,7 @@ import aiohttp import oauthlib import requests_oauthlib -from . import config, mailbox, messages, util +from . import config, mailbox, messages, oauth, util from .util import asyncio_complete @@ -108,7 +108,7 @@ def _retry_protect(func): return async_wrapper -class GmailAPI(object): +class GmailAPI(oauth.Account): """An OAUTH2 authenticated session to the Google gmail API""" # From ziepe.ca client_id = "14979213351-bik90v3b8b9f22160ura3oah71u3l113.apps.googleusercontent.com" @@ -119,9 +119,8 @@ class GmailAPI(object): headers: Optional[Dict[str, str]] = None def __init__(self, cfg: config.Config, user: str): + super().__init__(cfg, user) self.domain_id = f"gmail-{user}" - self.cfg = cfg - self.user = user async def go(self): cfg = self.cfg @@ -130,18 +129,22 @@ class GmailAPI(object): self.session = aiohttp.ClientSession(connector=connector, raise_for_status=False) + scopes = [ + "https://www.googleapis.com/auth/gmail.modify", + ] + if self.oauth_smtp: + scopes.append("https://mail.google.com/") + self.redirect_url = cfg.web_app.url + "oauth2/gmail" self.api_token = cfg.msgdb.get_authenticator(self.domain_id) + if not oauth.check_scopes(self.api_token, scopes): + self.api_token = None self.oauth = requests_oauthlib.OAuth2Session( client_id=self.client_id, client=NativePublicApplicationClient(self.client_id), redirect_uri=self.redirect_url, token=self.api_token, - scope=[ - "https://www.googleapis.com/auth/gmail.modify", - # This one is needed for SMTP ? - #"https://mail.google.com/", - ]) + scope=scopes) if self.api_token: self._set_token() @@ -296,6 +299,19 @@ class GmailAPI(object): async def close(self): await self.session.close() + async def get_xoauth2_bytes(self, proto: str) -> bytes: + """Return the xoauth2 byte string for the given protocol to login to + this account.""" + while self.api_token is None: + await self.authenticate() + + if proto == "SMTP": + res = 'user=%s\1auth=%s %s\1\1' % (self.user, + self.api_token["token_type"], + self.api_token["access_token"]) + return res.encode() + return None + class GMailMessage(messages.Message): gmail_labels: Optional[Set[str]] = None |