learn XOAUTH2 authentication

Signed-off-by: François Lamboley <francois.lamboley@happn.com> Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2014-01-09 14:30:41 -06:00
parent ca1ce256ec
commit f7efaa2093
5 changed files with 118 additions and 4 deletions
--- a/offlineimap/imapserver.py
+++ b/offlineimap/imapserver.py
@ -19,6 +19,10 @@ from threading import Lock, BoundedSemaphore, Thread, Event, currentThread
 import hmac
 import socket
 import base64
+
+import json
+import urllib
+
 import time
 import errno
 from sys import exc_info
@ -89,6 +93,12 @@ class IMAPServer:
        self.fingerprint = repos.get_ssl_fingerprint()
        self.sslversion = repos.getsslversion()

+        self.oauth2_refresh_token = repos.getoauth2_refresh_token()
+        self.oauth2_client_id = repos.getoauth2_client_id()
+        self.oauth2_client_secret = repos.getoauth2_client_secret()
+        self.oauth2_request_url = repos.getoauth2_request_url()
+        self.oauth2_access_token = None
+
        self.delim = None
        self.root = None
        self.maxconnections = repos.getmaxconnections()
@ -199,7 +209,33 @@ class IMAPServer:
        return retval


-    # XXX: describe function
+    def __xoauth2handler(self, response):
+        if self.oauth2_refresh_token is None:
+            return None
+
+        if self.oauth2_access_token is None:
+            # need to move these to config
+            # generate new access token
+            params = {}
+            params['client_id'] = self.oauth2_client_id
+            params['client_secret'] = self.oauth2_client_secret
+            params['refresh_token'] = self.oauth2_refresh_token
+            params['grant_type'] = 'refresh_token'
+
+            self.ui.debug('imap', 'xoauth2handler: url "%s"' % self.oauth2_request_url)
+            self.ui.debug('imap', 'xoauth2handler: params "%s"' % params)
+
+            response = urllib.urlopen(self.oauth2_request_url, urllib.urlencode(params)).read()
+            resp = json.loads(response)
+            self.ui.debug('imap', 'xoauth2handler: response "%s"' % resp)
+            self.oauth2_access_token = resp['access_token']
+
+        self.ui.debug('imap', 'xoauth2handler: access_token "%s"' % self.oauth2_access_token)
+        auth_string = 'user=%s\1auth=Bearer %s\1\1' % (self.username, self.oauth2_access_token)
+        #auth_string = base64.b64encode(auth_string)
+        self.ui.debug('imap', 'xoauth2handler: returning "%s"' % auth_string)
+        return auth_string
+
    def __gssauth(self, response):
        data = base64.b64encode(response)
        try:
@ -283,6 +319,10 @@ class IMAPServer:
        imapobj.authenticate('PLAIN', self.__plainhandler)
        return True

+    def __authn_xoauth2(self, imapobj):
+        imapobj.authenticate('XOAUTH2', self.__xoauth2handler)
+        return True
+
    def __authn_login(self, imapobj):
        # Use LOGIN command, unless LOGINDISABLED is advertized
        # (per RFC 2595)
@ -314,6 +354,7 @@ class IMAPServer:
        auth_methods = {
          "GSSAPI": (self.__authn_gssapi, False, True),
          "CRAM-MD5": (self.__authn_cram_md5, True, True),
+          "XOAUTH2": (self.__authn_xoauth2, True, True),
          "PLAIN": (self.__authn_plain, True, True),
          "LOGIN": (self.__authn_login, True, False),
        }