O365 option to use Azure or Personal accounts #1645

the-djmaze · the-djmaze · commit 198cc852c3b0 · 2024-09-29T11:50:00.000+02:00
diff --git a/plugins/login-o365/LoginOAuth2.js b/plugins/login-o365/LoginOAuth2.js
@@ -1,11 +1,13 @@
 (rl => {
 	const client_id = rl.pluginSettingsGet('login-o365', 'client_id'),
+		// https://learn.microsoft.com/en-us/entra/identity-platform/reply-url#query-parameter-support-in-redirect-uris
+		query = rl.pluginSettingsGet('login-o365', 'personal') ? '' : '?',
 		tenant = rl.pluginSettingsGet('login-o365', 'tenant'),
 		login = () => {
 			document.location = 'https://login.microsoftonline.com/'+tenant+'/oauth2/v2.0/authorize?' + (new URLSearchParams({
 				response_type: 'code',
 				client_id: client_id,
-				redirect_uri: document.location.href.replace(/\/$/, '') + '/LoginO365',
+				redirect_uri: document.location.href.replace(/\/$/, '') + '/' + query + 'LoginO365',
 				scope: [
 					// Associate personal info
 					'openid',
diff --git a/plugins/login-o365/index.php b/plugins/login-o365/index.php
@@ -7,8 +7,9 @@
  *
  * https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/RegisteredApps
  *
- * redirect_uri=https://{DOMAIN}/?LoginO365
- * redirect_uri=https://{DOMAIN}/LoginO365
+ * https://learn.microsoft.com/en-us/entra/identity-platform/reply-url#query-parameter-support-in-redirect-uris
+ * Azure:    redirect_uri=https://{DOMAIN}/?LoginO365
+ * Personal: redirect_uri=https://{DOMAIN}/LoginO365
  */
 
 use RainLoop\Model\MainAccount;
@@ -18,8 +19,8 @@ class LoginO365Plugin extends \RainLoop\Plugins\AbstractPlugin
 {
 	const
 		NAME     = 'Office365/Outlook OAuth2',
-		VERSION  = '0.2',
-		RELEASE  = '2024-08-13',
+		VERSION  = '0.3',
+		RELEASE  = '2024-09-29',
 		REQUIRED = '2.36.1',
 		CATEGORY = 'Login',
 		DESCRIPTION = 'Office365/Outlook IMAP, Sieve & SMTP login using RFC 7628 OAuth2';
@@ -47,6 +48,7 @@ public function Init() : void
 
 	public function httpPaths(array &$aPaths) : void
 	{
+		// Personal accounts workaround
 		if (!empty($_SERVER['PATH_INFO']) && \str_ends_with($_SERVER['PATH_INFO'], 'LoginO365')) {
 			$aPaths = ['LoginO365'];
 		}
@@ -113,7 +115,7 @@ public function ServiceLoginO365() : string
 			$iExpires += $aResponse['expires_in'];
 
 			$oO365->setAccessToken($sAccessToken);
-			$aUserInfo = $oO365->fetch('https://graph.microsoft.com/oidc/userinfo"');
+			$aUserInfo = $oO365->fetch('https://graph.microsoft.com/oidc/userinfo');
 			if (200 != $aUserInfo['code']) {
 				throw new \RuntimeException("HTTP: {$aResponse['code']}");
 			}
@@ -154,6 +156,12 @@ public function ServiceLoginO365() : string
 	public function configMapping() : array
 	{
 		return [
+			\RainLoop\Plugins\Property::NewInstance('personal')
+				->SetLabel('Use with personal accounts')
+				->SetType(\RainLoop\Enumerations\PluginPropertyType::BOOL)
+				->SetDefaultValue(true)
+				->SetAllowedInJs()
+				->SetDescription('Sign in users with personal Microsoft accounts such as Outlook.com (Hotmail)'),
 			\RainLoop\Plugins\Property::NewInstance('client_id')
 				->SetLabel('Client ID')
 				->SetType(\RainLoop\Enumerations\PluginPropertyType::STRING)
