Merge pull request #107 from medeopolis/mailer_oauth2

Mail OAUTH2 authentication method (replicating providence setup)

app/conf/global.conf

@@ -164,6 +164,14 @@ smtp_password = __CA_SMTP_PASSWORD__
 smtp_ssl = __CA_SMTP_SSL__
 smtp_port = __CA_SMTP_PORT__
 
+# Extra SMTP XOAUTH2 Authentication settings
+smtp_xoauth_provider = __CA_SMTP_XOAUTH_PROVIDER__
+smtp_xoauth_clientid = __CA_SMTP_XOAUTH_CLIENTID__ 
+smtp_xoauth_clientsecret = __CA_SMTP_XOAUTH_CLIENTSECRET__
+smtp_xoauth_azure_tenantid = __CA_SMTP_XOAUTH_AZURE_TENANTID__
+smtp_xoauth_email = __CA_SMTP_XOAUTH_EMAIL__
+smtp_xoauth_refresh_token = __CA_SMTP_XOAUTH_REFRESH_TOKEN__
+
 # Generic site admin email
 ca_admin_email = __CA_ADMIN_EMAIL__
 

app/helpers/mailHelpers.php

@@ -7,7 +7,7 @@
  * ----------------------------------------------------------------------
  *
  * Software by Whirl-i-Gig (http://www.whirl-i-gig.com)
- * Copyright 2009-2023  Whirl-i-Gig
+ * Copyright 2009-2024  Whirl-i-Gig
  *
  * For more information visit http://www.CollectiveAccess.org
  *
@@ -33,6 +33,8 @@
 use PHPMailer\PHPMailer\PHPMailer;
 use PHPMailer\PHPMailer\SMTP;
 use PHPMailer\PHPMailer\Exception;
+use PHPMailer\PHPMailer\OAuth;
+use Greew\OAuth2\Client\Provider\Azure; #Requires composer library "greew/oauth2-azure-provider"
 
 require_once(__CA_LIB_DIR__.'/Configuration.php');
 require_once(__CA_LIB_DIR__.'/View.php');
@@ -98,7 +100,7 @@ function caSendmail($to, $from, $subject, $body_text, $body_html='', $cc=null, $
 		'auth' => $smtp_auth
 	);
 
-	if($smtp_auth && in_array(strtoupper($smtp_auth), ['PLAIN', 'LOGIN', 'CRAM-MD5'])){
+	if($smtp_auth && in_array(strtoupper($smtp_auth), ['PLAIN', 'LOGIN', 'CRAM-MD5', 'XOAUTH2'])){
 		$smtp_config['auth'] = strtoupper($smtp_auth);	
 	}
 	if($ssl && in_array(strtoupper($ssl), ['SSL', 'TLS'])){
@@ -135,10 +137,53 @@ function caSendmail($to, $from, $subject, $body_text, $body_html='', $cc=null, $
 		$o_mail->SMTPAutoTLS = (bool)($ssl ?? false);
 		$o_mail->SMTPAuth   = (bool)$smtp_auth;
 		$o_mail->AuthType	= $smtp_auth;
-		$o_mail->Username   = $smtp_config['username'];
-		$o_mail->Password   = $smtp_config['password'];
 		$o_mail->Port       = $smtp_config['port']; 
 
+		if($smtp_auth == 'XOAUTH2'){
+			$xoauth2_provider = $o_config->get('smtp_xoauth_provider');
+			$email = $o_config->get('smtp_xoauth_email');
+			$clientId = $o_config->get('smtp_xoauth_clientid');
+			$clientSecret = $o_config->get('smtp_xoauth_clientsecret');
+			$refreshToken = $o_config->get('smtp_xoauth_refresh_token');
+			$provider = ''; #This is the provider instance, set below depending on the $xoauth2_provider set
+
+			if($xoauth2_provider == 'Azure'){
+				$provider = new Azure(
+					[
+						'clientId' => $clientId,
+						'clientSecret' => $clientSecret,
+						'tenantId' => $o_config->get('smtp_xoauth_azure_tenantid'),
+					]
+				);
+			}
+			/** Other provider blocks can be put here
+			 * Remember to add the correct package to the top of file to include them
+			 * EG
+			 * if($xoauth2_provider == 'Google'){
+			 *	
+			 * }
+			 */
+
+			if($provider){
+				$o_mail->setOAuth(
+					new OAuth(
+						[
+							'provider' => $provider,
+							'clientId' => $clientId,
+							'clientSecret' => $clientSecret,
+							'refreshToken' => $refreshToken,
+							'userName' => $email,
+						]
+					)
+				);
+			}
+		}
+		else {
+			# OAUTH doesn't require Username and password.
+			$o_mail->Username   = $smtp_config['username'];
+			$o_mail->Password   = $smtp_config['password'];
+		}
+
 		if (!is_array($from) && $from) {
 			$from = preg_split('![,;\|]!', $from);
 		}

app/helpers/post-setup.php

@@ -225,6 +225,7 @@
 # details must be set in  __CA_SMTP_AUTH__, __CA_SMTP_USER__, __CA_SMTP_PASSWORD__
 # and __CA_SMTP_SSL__
 #
+# If authentication method is XOAUTH2, extra settings below this are also needed
 
 # __CA_SMTP_AUTH__ = authentication method for outgoing mail connection
 #
@@ -254,6 +255,37 @@
 if (!defined("__CA_SMTP_SSL__")) {
 	define("__CA_SMTP_SSL__", '');
 }
+# ---- XOAUTH SETTINGS ---
+# __CA_SMTP_XOAUTH_PROVIDER__ = Email provider: Might be Azure, Microsoft, Google or Yahoo. Only tested with Azure so far 
+#
+if (!defined("__CA_SMTP_XOAUTH_PROVIDER__")) {
+	define("__CA_SMTP_XOAUTH_PROVIDER__", '');
+}
+
+# __CA_SMTP_XOAUTH_CLIENTID__ = This would be the 'Application ID' for Azure
+if (!defined("__CA_SMTP_XOAUTH_CLIENTID__")) {
+	define("__CA_SMTP_XOAUTH_CLIENTID__", '');
+}
+
+# __CA_SMTP_XOAUTH_CLIENTSECRET__ = Client Secret
+if (!defined("__CA_SMTP_XOAUTH_CLIENTSECRET__")) {
+	define("__CA_SMTP_XOAUTH_CLIENTSECRET__", '');
+}
+
+# __CA_SMTP_XOAUTH_AZURE_TENANTID__ = This is only needed for Azure OAUTH provider
+if (!defined("__CA_SMTP_XOAUTH_AZURE_TENANTID__")) {
+	define("__CA_SMTP_XOAUTH_AZURE_TENANTID__", '');
+}
+
+# __CA_SMTP_XOAUTH_EMAIL__ = email the OAUTH is being authenticated against
+if (!defined("__CA_SMTP_XOAUTH_EMAIL__")) {
+	define("__CA_SMTP_XOAUTH_EMAIL__", '');
+}
+
+# __CA_SMTP_XOAUTH_REFRESH_TOKEN__ = get this by going to your ca install https://youdomain.com/vendor/phpmailer/phpmailer/get_oauth_token.php
+if (!defined("__CA_SMTP_XOAUTH_REFRESH_TOKEN__")) {
+	define("__CA_SMTP_XOAUTH_REFRESH_TOKEN__", '');
+}
 
 # --------------------------------------------------------------------------------------------
 # Caching configuration

composer.json

@@ -57,7 +57,12 @@
     "phpmailer/phpmailer": "^6.8"
   },
   "suggest": {
-    "binaryoung/jieba-php": "^0.1.0"
+    "binaryoung/jieba-php": "^0.1.0",
+    "league/oauth2-client": "Required to autheticate oauth2 for phpmailer. Already installed through softonic/graphql-client",
+    "greew/oauth2-azure-provider" :  "Needed for Microsoft Azure XOAUTH2 authentication",
+    "hayageek/oauth2-yahoo": "Needed for Yahoo XOAUTH2 authentication",
+    "league/oauth2-google": "Needed for Google XOAUTH2 authentication",
+    "thenetworg/oauth2-azure": "Needed for Microsoft XOAUTH2 authentication"
   },
   "config": {
     "discard-changes": true,

setup.php-dist

@@ -8,7 +8,7 @@
 #
 #				Pawtucket2: Cataloguing system for CollectiveAccess
 #               Open-source collections management software
-#               Version 1.7.9
+#               Version 2.0
 #				
 # -------------------------------------------------------------------------------------------
 # 
@@ -74,9 +74,17 @@ if (!defined("__CA_ADMIN_EMAIL__")) {
 # authenticate, configure your login and connection details in  __CA_SMTP_AUTH__, 
 # __CA_SMTP_USER__, __CA_SMTP_PASSWORD__ and __CA_SMTP_SSL__
 #
-# __CA_SMTP_AUTH__ = authentication method for outgoing mail connection (set to PLAIN, LOGIN or CRAM-MD5; leave blank if no authentication is used.)
+# __CA_SMTP_AUTH__ = authentication method for outgoing mail connection (set to PLAIN, LOGIN, XOAUTH2 or CRAM-MD5; leave blank if no authentication is used.)
 # __CA_SMTP_SSL__ = SSL method to use for outgoing mail connection (set to SSL or TLS; leave blank if not authentication is used.)
 
+## Extra SMTP XOAUTH2 Authentication settings: These settings must be set if __CA_SMTP_AUTH__ is set to XOAUTH2 (with exception of __CA_SMTP_XOAUTH2_AZURE_TENANTID, which is only needed if provider is Azure)
+# __CA_SMTP_XOAUTH_PROVIDER__ = Email provider: Might be Azure, Microsoft, Google or Yahoo. Only tested with Azure so far 
+# __CA_SMTP_XOAUTH_CLIENTID__ = This would be the 'Application ID' for Azure
+# __CA_SMTP_XOAUTH_CLIENTSECRET__ = Client Secret
+# __CA_SMTP_XOAUTH_AZURE_TENANTID__ = This is only needed for Azure OAUTH provider
+# __CA_SMTP_XOAUTH_EMAIL__ = email the OAUTH is being authenticated against
+# __CA_SMTP_XOAUTH_REFRESH_TOKEN__ = get this by going to your ca install https://youdomain.com/vendor/phpmailer/phpmailer/get_oauth_token.php
+# ----------------------------------------------------------------------------------------------
 
 # Set your preferred time zone here. The default is to use US Eastern Standard Time. 
 # A list of valid time zone settings is available at http://us3.php.net/manual/en/timezones.php