diff --git a/app/jobs/inboxes/fetch_imap_emails_job.rb b/app/jobs/inboxes/fetch_imap_emails_job.rb index 34f79d733..23bc1c868 100644 --- a/app/jobs/inboxes/fetch_imap_emails_job.rb +++ b/app/jobs/inboxes/fetch_imap_emails_job.rb @@ -30,6 +30,8 @@ class Inboxes::FetchImapEmailsJob < MutexApplicationJob def process_email_for_channel(channel, interval) inbound_emails = if channel.microsoft? Imap::MicrosoftFetchEmailService.new(channel: channel, interval: interval).perform + elsif channel.google? + Imap::GoogleFetchEmailService.new(channel: channel, interval: interval).perform else Imap::FetchEmailService.new(channel: channel, interval: interval).perform end diff --git a/app/mailers/conversation_reply_mailer_helper.rb b/app/mailers/conversation_reply_mailer_helper.rb index f62229391..198e9f2a1 100644 --- a/app/mailers/conversation_reply_mailer_helper.rb +++ b/app/mailers/conversation_reply_mailer_helper.rb @@ -14,6 +14,7 @@ module ConversationReplyMailerHelper @options[:bcc] = cc_bcc_emails[1] end ms_smtp_settings + google_smtp_settings set_delivery_method Rails.logger.info("Email sent from #{email_from} to #{to_emails} with subject #{mail_subject}") @@ -23,23 +24,36 @@ module ConversationReplyMailerHelper private - def ms_smtp_settings - return unless @inbox.email? && @channel.imap_enabled && @inbox.channel.provider == 'microsoft' + def google_smtp_settings + return unless @inbox.email? && @channel.imap_enabled && @inbox.channel.google? - smtp_settings = { - address: 'smtp.office365.com', + smtp_settings = base_smtp_settings('smtp.gmail.com') + + @options[:delivery_method] = :smtp + @options[:delivery_method_options] = smtp_settings + end + + def ms_smtp_settings + return unless @inbox.email? && @channel.imap_enabled && @inbox.channel.microsoft? + + smtp_settings = base_smtp_settings('smtp.office365.com') + + @options[:delivery_method] = :smtp + @options[:delivery_method_options] = smtp_settings + end + + def base_smtp_settings(domain) + { + address: domain, port: 587, user_name: @channel.imap_login, password: @channel.provider_config['access_token'], - domain: 'smtp.office365.com', + domain: domain, tls: false, enable_starttls_auto: true, openssl_verify_mode: 'none', authentication: 'xoauth2' } - - @options[:delivery_method] = :smtp - @options[:delivery_method_options] = smtp_settings end def set_delivery_method @@ -69,12 +83,12 @@ module ConversationReplyMailerHelper @inbox.inbox_type == 'Email' && @channel.imap_enabled end - def email_microsoft_auth_enabled - @inbox.inbox_type == 'Email' && @channel.provider == 'microsoft' + def email_oauth_enabled + @inbox.inbox_type == 'Email' && (@channel.microsoft? || @channel.google?) end def email_from - email_microsoft_auth_enabled || email_smtp_enabled ? channel_email_with_name : from_email_with_name + email_oauth_enabled || email_smtp_enabled ? channel_email_with_name : from_email_with_name end def email_reply_to diff --git a/app/services/base_refresh_oauth_token_service.rb b/app/services/base_refresh_oauth_token_service.rb new file mode 100644 index 000000000..caf4a839c --- /dev/null +++ b/app/services/base_refresh_oauth_token_service.rb @@ -0,0 +1,62 @@ +class BaseRefreshOauthTokenService + pattr_initialize [:channel!] + + # Additional references: https://gitlab.com/gitlab-org/ruby/gems/gitlab-mail_room/-/blob/master/lib/mail_room/microsoft_graph/connection.rb + def access_token + return provider_config[:access_token] unless access_token_expired? + + refreshed_tokens = refresh_tokens + refreshed_tokens[:access_token] + end + + def access_token_expired? + expiry = provider_config[:expires_on] + + return true if expiry.blank? + + # Adding a 5 minute window to expiry check to avoid any race + # conditions during the fetch operation. This would assure that the + # tokens are updated when we fetch the emails. + Time.current.utc >= DateTime.parse(expiry) - 5.minutes + end + + # Refresh the access tokens using the refresh token + # Refer: https://github.com/microsoftgraph/msgraph-sample-rubyrailsapp/tree/b4a6869fe4a438cde42b161196484a929f1bee46 + def refresh_tokens + oauth_strategy = build_oauth_strategy + token_service = build_token_service(oauth_strategy) + + new_tokens = token_service.refresh!.to_hash.slice(:access_token, :refresh_token, :expires_at) + + update_channel_provider_config(new_tokens) + channel.reload.provider_config + end + + def update_channel_provider_config(new_tokens) + channel.provider_config = { + access_token: new_tokens[:access_token], + refresh_token: new_tokens[:refresh_token], + expires_on: Time.at(new_tokens[:expires_at]).utc.to_s + } + channel.save! + end + + private + + def build_oauth_strategy + raise NotImplementedError + end + + def provider_config + @provider_config ||= channel.provider_config.with_indifferent_access + end + + # Builds the token service using OAuth2 + def build_token_service(oauth_strategy) + OAuth2::AccessToken.new( + oauth_strategy.client, + provider_config[:access_token], + refresh_token: provider_config[:refresh_token] + ) + end +end diff --git a/app/services/google/refresh_oauth_token_service.rb b/app/services/google/refresh_oauth_token_service.rb new file mode 100644 index 000000000..689b8e941 --- /dev/null +++ b/app/services/google/refresh_oauth_token_service.rb @@ -0,0 +1,12 @@ +# Refer: https://learn.microsoft.com/en-us/entra/identity-platform/configurable-token-lifetimes +class Google::RefreshOauthTokenService < BaseRefreshOauthTokenService + private + + # Builds the OAuth strategy for Microsoft Graph + def build_oauth_strategy + app_id = GlobalConfigService.load('GOOGLE_OAUTH_CLIENT_ID', nil) + app_secret = GlobalConfigService.load('GOOGLE_OAUTH_CLIENT_SECRET', nil) + + OmniAuth::Strategies::GoogleOauth2.new(nil, app_id, app_secret) + end +end diff --git a/app/services/imap/google_fetch_email_service.rb b/app/services/imap/google_fetch_email_service.rb new file mode 100644 index 000000000..ff43cd02e --- /dev/null +++ b/app/services/imap/google_fetch_email_service.rb @@ -0,0 +1,17 @@ +class Imap::GoogleFetchEmailService < Imap::BaseFetchEmailService + def fetch_emails + return if channel.provider_config['access_token'].blank? + + fetch_mail_for_channel + end + + private + + def authentication_type + 'XOAUTH2' + end + + def imap_password + Google::RefreshOauthTokenService.new(channel: channel).access_token + end +end diff --git a/app/services/microsoft/refresh_oauth_token_service.rb b/app/services/microsoft/refresh_oauth_token_service.rb index 63aeb2e2c..f3b0be978 100644 --- a/app/services/microsoft/refresh_oauth_token_service.rb +++ b/app/services/microsoft/refresh_oauth_token_service.rb @@ -1,64 +1,9 @@ # Refer: https://learn.microsoft.com/en-us/entra/identity-platform/configurable-token-lifetimes -class Microsoft::RefreshOauthTokenService - pattr_initialize [:channel!] - - # Additional references: https://gitlab.com/gitlab-org/ruby/gems/gitlab-mail_room/-/blob/master/lib/mail_room/microsoft_graph/connection.rb - def access_token - return provider_config[:access_token] unless access_token_expired? - - refreshed_tokens = refresh_tokens - refreshed_tokens[:access_token] - end - - def access_token_expired? - expiry = provider_config[:expires_on] - - return true if expiry.blank? - - # Adding a 5 minute window to expiry check to avoid any race - # conditions during the fetch operation. This would assure that the - # tokens are updated when we fetch the emails. - Time.current.utc >= DateTime.parse(expiry) - 5.minutes - end - - # Refresh the access tokens using the refresh token - # Refer: https://github.com/microsoftgraph/msgraph-sample-rubyrailsapp/tree/b4a6869fe4a438cde42b161196484a929f1bee46 - def refresh_tokens - oauth_strategy = build_oauth_strategy - token_service = build_token_service(oauth_strategy) - - new_tokens = token_service.refresh!.to_hash.slice(:access_token, :refresh_token, :expires_at) - - update_channel_provider_config(new_tokens) - channel.reload.provider_config - end - - def update_channel_provider_config(new_tokens) - channel.provider_config = { - access_token: new_tokens[:access_token], - refresh_token: new_tokens[:refresh_token], - expires_on: Time.at(new_tokens[:expires_at]).utc.to_s - } - channel.save! - end - +class Microsoft::RefreshOauthTokenService < BaseRefreshOauthTokenService private - def provider_config - @provider_config ||= channel.provider_config.with_indifferent_access - end - # Builds the OAuth strategy for Microsoft Graph def build_oauth_strategy ::MicrosoftGraphAuth.new(nil, GlobalConfigService.load('AZURE_APP_ID', ''), GlobalConfigService.load('AZURE_APP_SECRET', '')) end - - # Builds the token service using OAuth2 - def build_token_service(oauth_strategy) - OAuth2::AccessToken.new( - oauth_strategy.client, - provider_config[:access_token], - refresh_token: provider_config[:refresh_token] - ) - end end diff --git a/app/views/api/v1/models/_inbox.json.jbuilder b/app/views/api/v1/models/_inbox.json.jbuilder index 335498e5b..88a029680 100644 --- a/app/views/api/v1/models/_inbox.json.jbuilder +++ b/app/views/api/v1/models/_inbox.json.jbuilder @@ -73,7 +73,7 @@ if resource.email? json.imap_enabled resource.channel.try(:imap_enabled) json.imap_enable_ssl resource.channel.try(:imap_enable_ssl) - if resource.channel.try(:microsoft?) + if resource.channel.try(:microsoft?) || resource.channel.try(:google?) json.reauthorization_required resource.channel.try(:provider_config).empty? || resource.channel.try(:reauthorization_required?) end end diff --git a/spec/mailers/conversation_reply_mailer_spec.rb b/spec/mailers/conversation_reply_mailer_spec.rb index e4bfac413..b8984e2c2 100644 --- a/spec/mailers/conversation_reply_mailer_spec.rb +++ b/spec/mailers/conversation_reply_mailer_spec.rb @@ -283,6 +283,22 @@ RSpec.describe ConversationReplyMailer do end end + context 'when smtp enabled for google email channel' do + let(:ms_smtp_email_channel) do + create(:channel_email, imap_login: 'smtp@gmail.com', + imap_enabled: true, account: account, provider: 'google', provider_config: { access_token: 'access_token' }) + end + let(:conversation) { create(:conversation, assignee: agent, inbox: ms_smtp_email_channel.inbox, account: account).reload } + let(:message) { create(:message, conversation: conversation, account: account, message_type: 'outgoing', content: 'Outgoing Message 2') } + + it 'use smtp mail server' do + mail = described_class.email_reply(message) + expect(mail.delivery_method.settings.empty?).to be false + expect(mail.delivery_method.settings[:address]).to eq 'smtp.gmail.com' + expect(mail.delivery_method.settings[:port]).to eq 587 + end + end + context 'when smtp disabled for email channel', :test do let(:conversation) { create(:conversation, assignee: agent, inbox: email_channel.inbox, account: account).reload } let(:message) { create(:message, conversation: conversation, account: account, message_type: 'outgoing', content: 'Outgoing Message 2') } diff --git a/spec/models/channel/email_spec.rb b/spec/models/channel/email_spec.rb index 732be2e20..939e8e10a 100644 --- a/spec/models/channel/email_spec.rb +++ b/spec/models/channel/email_spec.rb @@ -35,4 +35,15 @@ RSpec.describe Channel::Email do expect(channel.microsoft?).to be(true) end end + + context 'when google?' do + it 'returns false' do + expect(channel.google?).to be(false) + end + + it 'returns true' do + channel.provider = 'google' + expect(channel.google?).to be(true) + end + end end diff --git a/spec/services/google/refresh_oauth_token_service_spec.rb b/spec/services/google/refresh_oauth_token_service_spec.rb new file mode 100644 index 000000000..be36e65a9 --- /dev/null +++ b/spec/services/google/refresh_oauth_token_service_spec.rb @@ -0,0 +1,89 @@ +require 'rails_helper' + +RSpec.describe Google::RefreshOauthTokenService do + let!(:google_channel) { create(:channel_email, :microsoft_email) } + let!(:google_channel_with_expired_token) do + create( + :channel_email, :microsoft_email, provider_config: { + expires_on: Time.zone.now - 3600, + access_token: SecureRandom.hex, + refresh_token: SecureRandom.hex + } + ) + end + + let(:new_tokens) do + { + access_token: SecureRandom.hex, + refresh_token: SecureRandom.hex, + expires_at: (Time.zone.now + 3600).to_i, + token_type: 'bearer' + } + end + + context 'when token is not expired' do + it 'returns the existing access token' do + service = described_class.new(channel: google_channel) + + expect(service.access_token).to eq(google_channel.provider_config['access_token']) + expect(google_channel.reload.provider_config['refresh_token']).to eq(google_channel.provider_config['refresh_token']) + end + end + + describe 'on expired token or invalid expiry' do + before do + stub_request(:post, 'https://oauth2.googleapis.com/token').with( + body: { 'grant_type' => 'refresh_token', 'refresh_token' => google_channel_with_expired_token.provider_config['refresh_token'] } + ).to_return(status: 200, body: new_tokens.to_json, headers: { 'Content-Type' => 'application/json' }) + end + + context 'when token is invalid' do + it 'fetches new access token and refresh tokens' do + with_modified_env GOOGLE_OAUTH_CLIENT_ID: SecureRandom.uuid, GOOGLE_OAUTH_CLIENT_SECRET: SecureRandom.hex do + provider_config = google_channel_with_expired_token.provider_config + service = described_class.new(channel: google_channel_with_expired_token) + expect(service.access_token).not_to eq(provider_config['access_token']) + + new_provider_config = google_channel_with_expired_token.reload.provider_config + expect(new_provider_config['access_token']).to eq(new_tokens[:access_token]) + expect(new_provider_config['refresh_token']).to eq(new_tokens[:refresh_token]) + expect(new_provider_config['expires_on']).to eq(Time.at(new_tokens[:expires_at]).utc.to_s) + end + end + end + + context 'when expiry time is missing' do + it 'fetches new access token and refresh tokens' do + with_modified_env GOOGLE_OAUTH_CLIENT_ID: SecureRandom.uuid, GOOGLE_OAUTH_CLIENT_SECRET: SecureRandom.hex do + google_channel_with_expired_token.provider_config['expires_on'] = nil + google_channel_with_expired_token.save! + provider_config = google_channel_with_expired_token.provider_config + service = described_class.new(channel: google_channel_with_expired_token) + expect(service.access_token).not_to eq(provider_config['access_token']) + + new_provider_config = google_channel_with_expired_token.reload.provider_config + expect(new_provider_config['access_token']).to eq(new_tokens[:access_token]) + expect(new_provider_config['refresh_token']).to eq(new_tokens[:refresh_token]) + expect(new_provider_config['expires_on']).to eq(Time.at(new_tokens[:expires_at]).utc.to_s) + end + end + end + end + + context 'when refresh token is not present in provider config and access token is expired' do + it 'throws an error' do + with_modified_env GOOGLE_OAUTH_CLIENT_ID: SecureRandom.uuid, GOOGLE_OAUTH_CLIENT_SECRET: SecureRandom.hex do + google_channel.update( + provider_config: { + access_token: SecureRandom.hex, + expires_on: Time.zone.now - 3600 + } + ) + + expect do + described_class.new(channel: google_channel).access_token + end.to raise_error(RuntimeError, 'A refresh_token is not available') + end + end + end +end