MDL-61921 admin: Support XOAUTH2 for incoming mail

moodle · Oct 21, 2022 · 986910d · 986910d
1 parent bc80531
commit 986910d
Show file tree

Hide file tree

Showing 4 changed files with 66 additions and 0 deletions.
diff --git a/admin/tool/messageinbound/classes/manager.php b/admin/tool/messageinbound/classes/manager.php
@@ -112,6 +112,25 @@ protected function get_imap_client() {
             }
         }
 
+        // XOAUTH2.
+        if ($CFG->messageinbound_hostoauth != '') {
+            // Get the issuer.
+            $issuer = \core\oauth2\api::get_issuer($CFG->messageinbound_hostoauth);
+            // Validate the issuer and check if it is enabled or not.
+            if ($issuer && $issuer->get('enabled')) {
+                // Get the OAuth Client.
+                if ($oauthclient = \core\oauth2\api::get_system_oauth_client($issuer)) {
+                    $xoauth2token = new \Horde_Imap_Client_Password_Xoauth2(
+                        $configuration['username'],
+                        $oauthclient->get_accesstoken()->token
+                    );
+                    $configuration['xoauth2_token'] = $xoauth2token;
+                    // Password is not necessary when using OAuth2 but Horde still needs it. We just set a random string here.
+                    $configuration['password'] = random_string(64);
+                }
+            }
+        }
+
         $this->client = new \Horde_Imap_Client_Socket($configuration);
 
         try {

diff --git a/admin/tool/messageinbound/lang/en/tool_messageinbound.php b/admin/tool/messageinbound/lang/en/tool_messageinbound.php
@@ -75,6 +75,7 @@
 $string['messageinboundgeneralconfiguration'] = 'General configuration';
 $string['messageinboundgeneralconfiguration_desc'] = 'Inbound message processing allows you to receive and process email within Moodle. This has applications such as sending email replies to forum posts or adding files to a user\'s private files.';
 $string['messageinboundhost'] = 'Incoming Mail Server';
+$string['messageinboundhostoauth_help'] = 'OAuth2 Service to use to access the IMAP server, using XOAUTH2 authentication. If the service does not exist yet, you will need to create it.';
 $string['messageinboundhostpass'] = 'Password';
 $string['messageinboundhostpass_desc'] = 'This is the password your service provider will have provided to log in to your email account with.';
 $string['messageinboundhostssl'] = 'Use SSL';

diff --git a/admin/tool/messageinbound/settings.php b/admin/tool/messageinbound/settings.php
@@ -67,6 +67,27 @@
             new lang_string('messageinboundhostssl', 'tool_messageinbound'),
             new lang_string('messageinboundhostssl_desc', 'tool_messageinbound'), 'ssl', $options));
 
+    // Get all the issuers.
+    $issuers = \core\oauth2\api::get_all_issuers();
+    $oauth2services = [
+        '' => new lang_string('none', 'admin'),
+    ];
+    foreach ($issuers as $issuer) {
+        // Get the enabled issuer only.
+        if ($issuer->get('enabled')) {
+            $oauth2services[$issuer->get('id')] = s($issuer->get('name'));
+        }
+    }
+
+    if (count($oauth2services) > 1) {
+        $settings->add(new admin_setting_configselect('messageinbound_hostoauth',
+            new lang_string('issuer', 'auth_oauth2'),
+            get_string('messageinboundhostoauth_help', 'tool_messageinbound'),
+            '',
+            $oauth2services
+        ));
+    }
+
     $settings->add(new admin_setting_configtext('messageinbound_hostuser',
             new lang_string('messageinboundhostuser', 'tool_messageinbound'),
             new lang_string('messageinboundhostuser_desc', 'tool_messageinbound'), '', PARAM_NOTAGS));

diff --git a/admin/tool/messageinbound/tests/behat/incoming_mail.feature b/admin/tool/messageinbound/tests/behat/incoming_mail.feature
@@ -0,0 +1,25 @@
+@tool @tool_messageinbound
+Feature: Incoming mail configuration
+  In order to receive email from external
+  As a Moodle administrator
+  I need to set mail configuration
+
+  Background:
+    Given I log in as "admin"
+
+  Scenario: Incoming mail server settings without OAuth 2 Service setup yet
+    Given I navigate to "Server > Email > Incoming mail configuration" in site administration
+    And "OAuth 2 Service" "select" should not exist
+
+  Scenario: Incoming mail server settings with OAuth 2 Service setup
+    Given I navigate to "Server > OAuth 2 services" in site administration
+    And I press "Google"
+    And I should see "Create new service: Google"
+    And I set the following fields to these values:
+      | Name          | Testing service   |
+      | Client ID     | thisistheclientid |
+      | Client secret | supersecret       |
+    And I press "Save changes"
+    When I navigate to "Server > Email > Incoming mail configuration" in site administration
+    Then "OAuth 2 Service" "select" should exist
+    And I should see "Testing service" in the "OAuth 2 Service" "select"