learn XOAUTH2 authentication

Signed-off-by: François Lamboley <francois.lamboley@happn.com> Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
2014-01-09 14:30:41 -06:00
parent ca1ce256ec
commit f7efaa2093
5 changed files with 118 additions and 4 deletions
--- a/offlineimap/repository/Gmail.py
+++ b/offlineimap/repository/Gmail.py
@ -29,6 +29,8 @@ class GmailRepository(IMAPRepository):
    # Gmail IMAP server port
    PORT = 993

+    OAUTH2_URL = 'https://accounts.google.com/o/oauth2/token'
+
    def __init__(self, reposname, account):
        """Initialize a GmailRepository object."""
        # Enforce SSL usage
@ -49,6 +51,18 @@ class GmailRepository(IMAPRepository):
            self._host = GmailRepository.HOSTNAME
            return self._host

+    def getoauth2_request_url(self):
+        """Return the server name to connect to.
+
+        Gmail implementation first checks for the usual IMAP settings
+        and falls back to imap.gmail.com if not specified."""
+        try:
+            return super(GmailRepository, self).getoauth2_request_url()
+        except OfflineImapError:
+            # nothing was configured, cache and return hardcoded one
+            self._oauth2_request_url = GmailRepository.OAUTH2_URL
+            return self._oauth2_request_url
+
    def getport(self):
        return GmailRepository.PORT

--- a/offlineimap/repository/IMAP.py
+++ b/offlineimap/repository/IMAP.py
@ -34,6 +34,7 @@ class IMAPRepository(BaseRepository):
        BaseRepository.__init__(self, reposname, account)
        # self.ui is being set by the BaseRepository
        self._host = None
+        self._oauth2_request_url = None
        self.imapserver = imapserver.IMAPServer(self)
        self.folders = None
        if self.getconf('sep', None):
@ -125,12 +126,12 @@ class IMAPRepository(BaseRepository):
        return self.getconf('remote_identity', default=None)

    def get_auth_mechanisms(self):
-        supported = ["GSSAPI", "CRAM-MD5", "PLAIN", "LOGIN"]
+        supported = ["GSSAPI", "XOAUTH2", "CRAM-MD5", "PLAIN", "LOGIN"]
        # Mechanisms are ranged from the strongest to the
        # weakest ones.
        # TODO: we need DIGEST-MD5, it must come before CRAM-MD5
        # TODO: due to the chosen-plaintext resistance.
-        default = ["GSSAPI", "CRAM-MD5", "PLAIN", "LOGIN"]
+        default = ["GSSAPI", "XOAUTH2", "CRAM-MD5", "PLAIN", "LOGIN"]

        mechs = self.getconflist('auth_mechanisms', r',\s*',
          default)
@ -252,6 +253,30 @@ class IMAPRepository(BaseRepository):
        value = self.getconf('cert_fingerprint', "")
        return [f.strip().lower() for f in value.split(',') if f]

+    def getoauth2_request_url(self):
+        if self._oauth2_request_url:  # use cached value if possible
+            return self._oauth2_request_url
+
+        oauth2_request_url = self.getconf('oauth2_request_url', None)
+        if oauth2_request_url != None:
+            self._oauth2_request_url = oauth2_request_url
+            return self._oauth2_request_url
+
+        # no success
+        raise OfflineImapError("No remote oauth2_request_url for repository "\
+                                   "'%s' specified." % self,
+                               OfflineImapError.ERROR.REPO)
+        return self.getconf('oauth2_request_url', None)
+
+    def getoauth2_refresh_token(self):
+        return self.getconf('oauth2_refresh_token', None)
+
+    def getoauth2_client_id(self):
+        return self.getconf('oauth2_client_id', None)
+
+    def getoauth2_client_secret(self):
+        return self.getconf('oauth2_client_secret', None)
+
    def getpreauthtunnel(self):
        return self.getconf('preauthtunnel', None)