Merge pull request #147 from toddheasley/autoconfiguration-oauth

feat(account): OAuth button for account setup

Author: toddheasley

Feature/Sources/Autoconfiguration/Foundation/Bundle.swift

@@ -0,0 +1,11 @@
+import Foundation
+
+extension Bundle {
+    /// Read custom URL schemes declared in Info.plist
+    public var schemes: [String] {
+        guard let bundleURLType: [String: Any] = (object(forInfoDictionaryKey: "CFBundleURLTypes") as? [[String: Any]])?.first else {
+            return []
+        }
+        return bundleURLType["CFBundleURLSchemes"] as? [String] ?? []
+    }
+}

Feature/Sources/Autoconfiguration/Foundation/URLRequest.swift

@@ -0,0 +1,19 @@
+import Foundation
+
+extension URLRequest {
+    public static func token(_ request: OAuth2.Request, code: String) throws -> Self {
+        guard
+            var components: URLComponents = URLComponents(
+                url: request.tokenURL(code),
+                resolvingAgainstBaseURL: false
+            ), let httpBody: Data = components.percentEncodedQuery?.data(using: .utf8)
+        else {
+            throw URLError(.badURL)
+        }
+        components.queryItems = nil
+        var request: Self = Self(url: components.url!)
+        request.httpMethod = "POST"
+        request.httpBody = httpBody
+        return request
+    }
+}

Feature/Sources/Autoconfiguration/Foundation/URLSession.swift

@@ -53,3 +53,9 @@ extension URLSession {
         return suffixList
     }
 }
+
+extension URLSession {
+    func token(_ request: OAuth2.Request, code: String) async throws -> String {
+        fatalError()
+    }
+}

Feature/Sources/Autoconfiguration/OAuth2.swift

@@ -1,8 +1,94 @@
 import Foundation
 
 public struct OAuth2: Decodable {
+    public struct Request: Equatable {
+        public let authURI: String
+        public let tokenURI: String
+        public let redirectURI: String
+        public let responseType: String
+        public let scope: [String]
+        public let hosts: [String]
+        public let clientID: String
+
+        public func authURL(hint: String? = nil) -> URL {
+            var components: URLComponents = URLComponents(string: authURI)!  // Validated during init
+            components.queryItems = [
+                URLQueryItem(name: "client_id", value: clientID),
+                URLQueryItem(name: "redirect_uri", value: redirectURI),
+                URLQueryItem(name: "response_type", value: responseType),
+                URLQueryItem(name: "scope", value: scope.joined(separator: " "))
+            ]
+            if let hint, !hint.isEmpty {  // Prepopulate email address for specific user
+                components.queryItems?.append(URLQueryItem(name: "login_hint", value: hint))
+            }
+            return components.url!
+        }
+
+        public func tokenURL(_ code: String) -> URL {
+            var components: URLComponents = URLComponents(string: tokenURI)!  // Validated during init
+            components.queryItems = [
+                URLQueryItem(name: "client_id", value: clientID),
+                URLQueryItem(name: "client_secret", value: ""),
+                URLQueryItem(name: "redirect_uri", value: redirectURI),
+                URLQueryItem(name: "grant_type", value: "authorization_code"),
+                URLQueryItem(name: "code", value: code)
+            ]
+            return components.url!
+        }
+
+        public func matches(_ host: String) -> Bool {
+            for _host in hosts {
+                guard host.hasSuffix(_host) else { continue }
+                return true
+            }
+            return false
+        }
+
+        public init(authURI: String, tokenURI: String, redirectURI: String, responseType: String, scope: [String], clientID: String, hosts: [String] = []) throws {
+            guard URL(string: authURI) != nil,
+                URL(string: tokenURI) != nil,  // Validate URI strings pass failable URL init
+                !redirectURI.isEmpty,
+                !scope.isEmpty, !(scope.first ?? "").isEmpty,
+                !clientID.isEmpty
+            else {
+                throw URLError(.badURL)
+            }
+            self.authURI = authURI
+            self.tokenURI = tokenURI
+            self.redirectURI = redirectURI
+            self.responseType = responseType
+            self.scope = scope
+            self.hosts = hosts
+            self.clientID = clientID
+        }
+
+        public init(_ oauth2: OAuth2, redirectURI: String, responseType: String, clientID: String) throws {
+            try self.init(
+                authURI: oauth2.authURL.absoluteString,
+                tokenURI: oauth2.tokenURL.absoluteString,
+                redirectURI: redirectURI,
+                responseType: responseType,
+                scope: oauth2.scope,
+                clientID: clientID
+            )
+        }
+    }
+
     public let authURL: URL
-    public let issuer: String
-    public let scope: String
     public let tokenURL: URL
+    public let scope: [String]
+    public let issuer: String
+
+    // MARK: Decodable
+    public init(from decoder: any Decoder) throws {
+        let container: KeyedDecodingContainer = try decoder.container(keyedBy: Key.self)
+        self.tokenURL = try container.decode(URL.self, forKey: .tokenURL)
+        self.authURL = try container.decode(URL.self, forKey: .authURL)
+        self.issuer = try container.decode(String.self, forKey: .issuer)
+        self.scope = try container.decode(String.self, forKey: .scope).components(separatedBy: " ")
+    }
+
+    private enum Key: CodingKey {
+        case authURL, issuer, scope, tokenURL
+    }
 }

Feature/Tests/AutoconfigurationTests/FoundationTests/URLRequestTests.swift

@@ -0,0 +1,29 @@
+@testable import Autoconfiguration
+import Foundation
+import Testing
+
+struct URLRequestTests {
+    @Test func token() throws {
+        let request: OAuth2.Request = try OAuth2.Request(
+            authURI: "https://example.com/authorize",
+            tokenURI: "https://example.com/token",
+            redirectURI: "com.example:/oauth2redirect",
+            responseType: "code",
+            scope: [
+                "mail-w"
+            ],
+            clientID: "Cl13n+-ID",
+            hosts: [
+                "example.com",
+                "examplemail.com"
+            ]
+        )
+        #expect(try URLRequest.token(request, code: "0123456789").httpMethod == "POST")
+        #expect(
+            try URLRequest.token(request, code: "0123456789").httpBody
+                == "client_id=Cl13n+-ID&client_secret=&redirect_uri=com.example:/oauth2redirect&grant_type=authorization_code&code=0123456789"
+                .data(using: .utf8)
+        )
+        #expect(try URLRequest.token(request, code: "0123456789").url == URL(string: "https://example.com/token"))
+    }
+}

Feature/Tests/AutoconfigurationTests/OAuth2Tests.swift

@@ -0,0 +1,68 @@
+@testable import Autoconfiguration
+import Foundation
+import Testing
+
+struct OAuth2Tests {
+    @Test func matches() throws {
+        let request: OAuth2.Request = try OAuth2.Request(
+            authURI: "https://example.com/authorize",
+            tokenURI: "https://example.com/token",
+            redirectURI: "com.example:/oauth2redirect",
+            responseType: "code",
+            scope: [
+                "mail-w"
+            ],
+            clientID: "Cl13n+-ID",
+            hosts: [
+                "example.com",
+                "examplemail.com"
+            ]
+        )
+        #expect(request.matches("google.com") == false)
+        #expect(request.matches("mail.example.com") == true)
+        #expect(request.matches("examplemail.com") == true)
+        #expect(request.matches("mail.com") == false)
+    }
+    @Test func decoderInit() throws {
+        let oauth2: [OAuth2] = try JSONDecoder().decode([OAuth2].self, from: data)
+        #expect(
+            oauth2[0].scope == [
+                "mail-w"
+            ])
+        #expect(
+            oauth2[1].scope == [
+                "https://mail.google.com/",
+                "https://www.googleapis.com/auth/contacts",
+                "https://www.googleapis.com/auth/calendar",
+                "https://www.googleapis.com/auth/carddav"
+            ])
+        #expect(
+            oauth2[2].scope == [
+                "mail-w"
+            ])
+    }
+}
+
+// swift-format-ignore
+let data: Data = """
+[
+    {
+        "authURL": "https://api.login.aol.com/oauth2/request_auth",
+        "issuer": "login.aol.com",
+        "scope": "mail-w",
+        "tokenURL": "https://api.login.aol.com/oauth2/get_token"
+    },
+    {
+        "authURL": "https://accounts.google.com/o/oauth2/auth",
+        "issuer": "accounts.google.com",
+        "scope": "https://mail.google.com/ https://www.googleapis.com/auth/contacts https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/carddav",
+        "tokenURL": "https://www.googleapis.com/oauth2/v3/token"
+    },
+    {
+        "authURL": "https://api.login.yahoo.com/oauth2/request_auth",
+        "issuer": "login.yahoo.com",
+        "scope": "mail-w",
+        "tokenURL": "https://api.login.yahoo.com/oauth2/get_token"
+    }
+]
+""".data(using: .utf8)!

Thunderbird/Thunderbird/Account/AuthorizationView.swift

@@ -32,7 +32,6 @@ struct AuthorizationView: View {
                 }
         case .oAuth2:
             OAuthButton(username)
-                .disabled(false)
         case .none:
             EmptyView()
         }
@@ -45,73 +44,3 @@ struct AuthorizationView: View {
     AuthorizationView($authorization, for: "example@thunderbird.net")
         .padding()
 }
-
-struct OAuthButton: View {
-    let emailAddress: EmailAddress
-
-    init(_ emailAddress: EmailAddress, oAuth: OAuth2? = nil) {
-        self.emailAddress = emailAddress
-        self.oAuth = oAuth
-    }
-
-    @Environment(\.webAuthenticationSession) private var webAuthenticationSession
-    @State private var oAuth: OAuth2?
-    @State private var error: Error?
-
-    private func configureOAuth() async {
-        do {
-            let config: ClientConfig = try await URLSession.shared.autoconfig(emailAddress).config
-            guard let oAuth: OAuth2 = config.oAuth2 else {
-                throw URLError(.resourceUnavailable)
-            }
-            self.oAuth = oAuth
-        } catch {
-            self.error = error
-        }
-    }
-
-    // MARK: View
-    var body: some View {
-        Button(action: {
-            Task {
-                do {
-                    guard let oAuth else {
-                        throw URLError(.resourceUnavailable)
-                    }
-                    let url: URL = try await webAuthenticationSession.authenticate(
-                        using: oAuth.authURL,
-                        callback: .https(host: oAuth.tokenURL.host() ?? "", path: oAuth.tokenURL.path()),
-                        preferredBrowserSession: .shared,
-                        additionalHeaderFields: [:]
-                    )
-                    print(url.absoluteString)
-                } catch {
-                    self.error = error
-                }
-            }
-        }) {
-            if let oAuth {
-                Text("Sign in with \(oAuth.issuer)")
-            } else if error != nil {
-                Text("Loading OAuth Failed")
-            } else {
-                HStack {
-                    Text("Loading OAuth…  ")
-                    ProgressView()
-                }
-                .task {
-                    // TODO: Debounce email address changes
-                    await configureOAuth()
-                }
-            }
-        }
-        .buttonStyle(.bordered)
-        .tint(.blue)
-        .disabled(oAuth == nil)
-    }
-}
-
-#Preview("OAuth Button") {
-    OAuthButton("gmail.com")
-        .padding()
-}