Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unable to connect to Microsoft 365 or Personal Outlook accounts using xoauth2 #8258

Closed
C8620 opened this issue Mar 21, 2023 · 9 comments · Fixed by #8306
Closed

Unable to connect to Microsoft 365 or Personal Outlook accounts using xoauth2 #8258

C8620 opened this issue Mar 21, 2023 · 9 comments · Fixed by #8306

Comments

@C8620
Copy link

C8620 commented Mar 21, 2023

Steps to reproduce

  1. Register an app through Azure AD -> App Registration, using this as guide: https://wpmailsmtp.com/docs/how-to-set-up-the-outlook-mailer-in-wp-mail-smtp/
  2. Fill in Application (client) ID and newly generated secret.
  3. Add email address by entering the email app.
  4. Fill in Mail Address and (real) password for a 2FA-enabled or 2FA-disabled account.

Expected behavior

Authenticate procedure starts, and email added to the system.

Actual behavior

Interface prompt:
There was an error while setting up your account

Nextcloud log shows following:

{
  "reqId": "Zi5AzVFPFgjP6WxjHPVi",
  "level": 3,
  "time": "2023-03-21T19:42:38+00:00",
  "remoteAddr": "123.45.67.89",
  "user": "Username",
  "app": "mail",
  "method": "GET",
  "url": "/apps/mail/setup",
  "message": "Could not load account mailboxes: OC\\Security\\Crypto::decrypt(): Argument #1 ($authenticatedCiphertext) must be of type string, null given, called in /path/to/nextcloud/apps/mail/lib/IMAP/IMAPClientFactory.php on line 107",
  "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36 Edg/111.0.1661.44",
  "version": "26.0.0.11",
  "exception": {
    "Exception": "TypeError",
    "Message": "OC\\Security\\Crypto::decrypt(): Argument #1 ($authenticatedCiphertext) must be of type string, null given, called in /path/to/nextcloud/apps/mail/lib/IMAP/IMAPClientFactory.php on line 107",
    "Code": 0,
    "Trace": [
      {
        "file": "/path/to/nextcloud/apps/mail/lib/IMAP/IMAPClientFactory.php",
        "line": 107,
        "function": "decrypt",
        "class": "OC\\Security\\Crypto",
        "type": "->",
        "args": [
          "*** sensitive parameters replaced ***"
        ]
      },
      {
        "file": "/path/to/nextcloud/apps/mail/lib/IMAP/MailboxSync.php",
        "line": 91,
        "function": "getClient",
        "class": "OCA\\Mail\\IMAP\\IMAPClientFactory",
        "type": "->"
      },
      {
        "file": "/path/to/nextcloud/apps/mail/lib/Service/MailManager.php",
        "line": 143,
        "function": "sync",
        "class": "OCA\\Mail\\IMAP\\MailboxSync",
        "type": "->",
        "args": [
          "*** sensitive parameters replaced ***"
        ]
      },
      {
        "file": "/path/to/nextcloud/apps/mail/lib/Controller/PageController.php",
        "line": 141,
        "function": "getMailboxes",
        "class": "OCA\\Mail\\Service\\MailManager",
        "type": "->"
      },
      {
        "file": "/path/to/nextcloud/apps/mail/lib/Controller/PageController.php",
        "line": 271,
        "function": "index",
        "class": "OCA\\Mail\\Controller\\PageController",
        "type": "->"
      },
      {
        "file": "/path/to/nextcloud/lib/private/AppFramework/Http/Dispatcher.php",
        "line": 230,
        "function": "setup",
        "class": "OCA\\Mail\\Controller\\PageController",
        "type": "->"
      },
      {
        "file": "/path/to/nextcloud/lib/private/AppFramework/Http/Dispatcher.php",
        "line": 137,
        "function": "executeController",
        "class": "OC\\AppFramework\\Http\\Dispatcher",
        "type": "->"
      },
      {
        "file": "/path/to/nextcloud/lib/private/AppFramework/App.php",
        "line": 183,
        "function": "dispatch",
        "class": "OC\\AppFramework\\Http\\Dispatcher",
        "type": "->"
      },
      {
        "file": "/path/to/nextcloud/lib/private/Route/Router.php",
        "line": 315,
        "function": "main",
        "class": "OC\\AppFramework\\App",
        "type": "::"
      },
      {
        "file": "/path/to/nextcloud/lib/base.php",
        "line": 1055,
        "function": "match",
        "class": "OC\\Route\\Router",
        "type": "->"
      },
      {
        "file": "/path/to/nextcloud/index.php",
        "line": 36,
        "function": "handleRequest",
        "class": "OC",
        "type": "::"
      }
    ],
    "File": "/path/to/nextcloud/lib/private/Security/Crypto.php",
    "Line": 124,
    "message": "Could not load account mailboxes: OC\\Security\\Crypto::decrypt(): Argument #1 ($authenticatedCiphertext) must be of type string, null given, called in /path/to/nextcloud/apps/mail/lib/IMAP/IMAPClientFactory.php on line 107",
    "exception": {},
    "CustomMessage": "Could not load account mailboxes: OC\\Security\\Crypto::decrypt(): Argument #1 ($authenticatedCiphertext) must be of type string, null given, called in /path/to/nextcloud/apps/mail/lib/IMAP/IMAPClientFactory.php on line 107"
  }
}

(installation path, IP, and real username hidden)

Mail app version

3.0.0

Mailserver or service

Microsoft 365 / Outlook (Personal)

Operating system

Linux 4.18.0-305.17.1.lve.el7h.x86_64 x86_64

PHP engine version

None

Web server

Other

Database

MySQL

Additional info

Web Server: LiteSpeed.

@ChristophWurst
Copy link
Member

This must be a regression of #8156

@ChristophWurst
Copy link
Member

$decryptedAccessToken = $this->crypto->decrypt($account->getMailAccount()->getOauthAccessToken());
assumes that the xoauth2 account has an access token, but apparently it doesn't have one yet.

@ChristophWurst
Copy link
Member

It does make sense to not have an access token at that point

  1. XOAUTH2 account is created but without any tokens
  2. User finishes the OAuth popup that grants access -> tokens are saved
  3. Account is shown to users

If we sync mailboxes in step 1 it succeeds for password-authenticated accounts but fails for OAuth.

We should move the mailbox sync to a later point in time for OAuth @hamza221.

@C8620
Copy link
Author

C8620 commented Mar 22, 2023

I have attempted to revert the change to AccountsController to the version without #8156 and the process could work as expected*.
Considering that #8041 is not a blocking issue while this one is (MS has already enforced OAuth for non-personal accounts), would you consider #8156 to be temporary reverted, until a better implementation could be done?
*: The prompt shows Google, not Microsoft. Probably because Google support was added first.

@hamza221 hamza221 self-assigned this Mar 23, 2023
@ChristophWurst
Copy link
Member

@hamza221 O365 is tricky to set up but you should be able to reproduce with Gmail OAuth as well following https://developers.google.com/identity/protocols/oauth2

@ChristophWurst
Copy link
Member

You can try v3.0.3-beta1. It's available through the app store.

@C8620
Copy link
Author

C8620 commented Mar 29, 2023

Thanks for addressing this issue.

I'll sure check it out today. I'll let you know if the patch is working as soon as possible.

@C8620
Copy link
Author

C8620 commented Mar 29, 2023

Hi @ChristophWurst,

I am glad to report that the patch seems to be working.

Thank you all, for solving this this fast.

@ChristophWurst
Copy link
Member

Kudos to @hamza221

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants