From 8692799e6540e3d2bceceec5a6a96f90e7db0fa6 Mon Sep 17 00:00:00 2001 From: Frode Aannevik Date: Sun, 18 Nov 2018 19:52:00 +0100 Subject: [PATCH] Fix expired oauth2_access_token Use `expires_in` from the oauth2 response to reset the oauth2_access_token before it expires divides the `expires_in` by 2 to ensure the access_token is cleared before it expires ref: https://github.com/OfflineIMAP/offlineimap/issues/536 Signed-off-by: Frode Aannevik Signed-off-by: Nicolas Sebrecht --- offlineimap/imapserver.py | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/offlineimap/imapserver.py b/offlineimap/imapserver.py index a412b7d..5eef250 100644 --- a/offlineimap/imapserver.py +++ b/offlineimap/imapserver.py @@ -15,6 +15,7 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA +import datetime import hmac import socket import json @@ -111,6 +112,7 @@ class IMAPServer(object): self.oauth2_client_id = repos.getoauth2_client_id() self.oauth2_client_secret = repos.getoauth2_client_secret() self.oauth2_request_url = repos.getoauth2_request_url() + self.oauth2_access_token_expires_at = None self.delim = None self.root = None @@ -219,6 +221,12 @@ class IMAPServer(object): return retval def __xoauth2handler(self, response): + now = datetime.datetime.now() + if self.oauth2_access_token_expires_at \ + and self.oauth2_access_token_expires_at < now: + self.oauth2_access_token = None + self.ui.debug('imap', 'xoauth2handler: oauth2_access_token expired') + if self.oauth2_access_token is None: if self.oauth2_request_url is None: raise OfflineImapError("No remote oauth2_request_url for " @@ -256,9 +264,13 @@ class IMAPServer(object): raise OfflineImapError("xoauth2handler got: %s"% resp, OfflineImapError.ERROR.REPO) self.oauth2_access_token = resp['access_token'] + if u'expires_in' in resp: + self.oauth2_access_token_expires_at = now + datetime.timedelta( + seconds=resp['expires_in']/2 + ) - self.ui.debug('imap', 'xoauth2handler: access_token "%s"'% - self.oauth2_access_token) + self.ui.debug('imap', 'xoauth2handler: access_token "%s expires %s"'% ( + self.oauth2_access_token, self.oauth2_access_token_expires_at)) auth_string = 'user=%s\1auth=Bearer %s\1\1'% ( self.username, self.oauth2_access_token) #auth_string = base64.b64encode(auth_string)