mattermost-plugin-mscalendar/msgraph/remote.go at 95e67affac444014434d615e81d28b0cbc9b607c · mattermost/mattermost-plugin-mscalendar · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
// Copyright (c) 2019-present Mattermost, Inc. All Rights Reserved.
// See License for license information.

package msgraph

import (
	"context"
	"fmt"
	"net/http"
	"time"

	"golang.org/x/oauth2"

	msgraph "github.com/yaegashi/msgraph.go/v1.0"

	"github.com/mattermost/mattermost-plugin-mscalendar/calendar/config"
	"github.com/mattermost/mattermost-plugin-mscalendar/calendar/remote"
	"github.com/mattermost/mattermost-plugin-mscalendar/calendar/utils/bot"
)

const Kind = "mscalendar"

type impl struct {
	conf   *config.Config
	logger bot.Logger
}

func init() {
	remote.Makers[Kind] = NewRemote
}

func NewRemote(conf *config.Config, logger bot.Logger) remote.Remote {
	return &impl{
		conf:   conf,
		logger: logger,
	}
}

// MakeClient creates a new client for user-delegated permissions.
func (r *impl) makeClient(ctx context.Context, token *oauth2.Token, mattermostUserID string, poster bot.Poster, userTokenHelpers remote.UserTokenHelpers) remote.Client {
	httpClient := r.NewOAuth2Config().Client(ctx, token)
	c := &client{
		conf:             r.conf,
		ctx:              ctx,
		httpClient:       httpClient,
		Logger:           r.logger,
		rbuilder:         msgraph.NewClient(httpClient),
		tokenHelpers:     userTokenHelpers,
		mattermostUserID: mattermostUserID,
		Poster:           poster,
	}
	c.rbuilder.SetURL(MSGraphEndpoint(r.conf.OAuth2TenantType))

	return c
}

// MakeUserClient creates a new client having user-delegated permissions with refreshed token.
func (r *impl) MakeUserClient(ctx context.Context, oauthToken *oauth2.Token, mattermostUserID string, poster bot.Poster, userTokenHelpers remote.UserTokenHelpers) remote.Client {
	config := r.NewOAuth2Config()

	token, err := userTokenHelpers.RefreshAndStoreToken(oauthToken, config, mattermostUserID)
	if err != nil {
		r.logger.Warnf("Not able to refresh or store the token", "error", err.Error())
		return &client{}
	}

	return r.makeClient(ctx, token, mattermostUserID, poster, userTokenHelpers)
}

// MakeSuperuserClient creates a new client used for app-only permissions.
func (r *impl) MakeSuperuserClient(ctx context.Context) (remote.Client, error) {
	httpClient := &http.Client{
		Timeout: time.Second * 60,
	}
	c := &client{
		conf:       r.conf,
		ctx:        ctx,
		httpClient: httpClient,
		Logger:     r.logger,
		rbuilder:   msgraph.NewClient(httpClient),
	}
	c.rbuilder.SetURL(MSGraphEndpoint(r.conf.OAuth2TenantType))
	token, err := c.GetSuperuserToken()
	if err != nil {
		return nil, err
	}

	o := &oauth2.Token{
		AccessToken: token,
		TokenType:   "Bearer",
	}
	return r.makeClient(ctx, o, "", nil, nil), nil
}

func (r *impl) NewOAuth2Config() *oauth2.Config {
	return &oauth2.Config{
		ClientID:     r.conf.OAuth2ClientID,
		ClientSecret: r.conf.OAuth2ClientSecret,
		RedirectURL:  r.conf.PluginURL + config.FullPathOAuth2Redirect,
		Scopes: []string{
			"offline_access",
			"User.Read",
			"Calendars.ReadWrite",
			"Calendars.ReadWrite.Shared",
			"MailboxSettings.Read",
		},
		Endpoint: EntraIDEndpoint(r.conf.OAuth2Authority, r.conf.OAuth2TenantType),
	}
}

func (r *impl) CheckConfiguration(cfg config.StoredConfig) error {
	if cfg.OAuth2ClientID == "" || cfg.OAuth2ClientSecret == "" || cfg.OAuth2Authority == "" {
		return fmt.Errorf("OAuth2 credentials to be set in the config")
	}

	return nil
}