Fixes zammad#3963 - Unable to add Microsoft 365 Account when admin co…

…nsent for enterprise applications is enabled.
mlefrancois19 · Sep 22, 2022 · 4fcf8cb · 4fcf8cb
1 parent f566c47
commit 4fcf8cb
Show file tree

Hide file tree

Showing 13 changed files with 269 additions and 35 deletions.
diff --git a/app/assets/javascripts/app/controllers/_channel/microsoft365.coffee b/app/assets/javascripts/app/controllers/_channel/microsoft365.coffee
@@ -36,6 +36,7 @@ class ChannelAccountOverview extends App.ControllerSubContent
   requiredPermission: 'admin.channel_microsoft365'
   events:
     'click .js-new':                'new'
+    'click .js-admin-consent':      'adminConsent'
     'click .js-delete':             'delete'
     'click .js-reauthenticate':     'reauthenticate'
     'click .js-configApp':          'configApp'
@@ -126,6 +127,10 @@ class ChannelAccountOverview extends App.ControllerSubContent
         @editInbound(undefined, @channel_id, true)
         @channel_id = undefined
 
+    if @error_code is 'AADSTS65004'
+      @error_code = undefined
+      new AdminConsentInfo(container: @container)
+
   show: (params) =>
     for key, value of params
       if key isnt 'el' && key isnt 'shown' && key isnt 'match'
@@ -141,6 +146,9 @@ class ChannelAccountOverview extends App.ControllerSubContent
   new: (e) ->
     window.location.href = "#{@apiPath}/external_credentials/microsoft365/link_account"
 
+  adminConsent: (e) ->
+    window.location.href = "#{@apiPath}/external_credentials/microsoft365/link_account?prompt=consent"
+
   delete: (e) =>
     e.preventDefault()
     id   = $(e.target).closest('.action').data('id')
@@ -428,4 +436,16 @@ class AppConfig extends App.ControllerModal
         @el.find('.alert').removeClass('hidden').text(data.error || __('App could not be verified.'))
     )
 
+class AdminConsentInfo extends App.ControllerModal
+  buttonClose: true
+  small: true
+  buttonSubmit: __('Close')
+  head: __('Admin Consent')
+
+  content: ->
+    App.view('microsoft365/admin_consent')()
+
+  onSubmit: =>
+    @close()
+
 App.Config.set('microsoft365', { prio: 5000, name: __('Microsoft 365'), parent: '#channels', target: '#channels/microsoft365', controller: App.ChannelMicrosoft365, permission: ['admin.channel_microsoft365'] }, 'NavBarAdmin')
diff --git a/app/assets/javascripts/app/controllers/manage.coffee b/app/assets/javascripts/app/controllers/manage.coffee
@@ -24,6 +24,7 @@ App.Config.set('manage/:target', ManageRouter, 'Routes')
 App.Config.set('manage/:target/:page', ManageRouter, 'Routes')
 App.Config.set('settings/:target', ManageRouter, 'Routes')
 App.Config.set('channels/:target', ManageRouter, 'Routes')
+App.Config.set('channels/:target/error/:error_code', ManageRouter, 'Routes')
 App.Config.set('channels/:target/:channel_id', ManageRouter, 'Routes')
 App.Config.set('system/:target', ManageRouter, 'Routes')
 App.Config.set('system/:target/:integration', ManageRouter, 'Routes')

diff --git a/app/assets/javascripts/app/views/channel/email_account_overview.jst.eco b/app/assets/javascripts/app/views/channel/email_account_overview.jst.eco
@@ -38,7 +38,9 @@
 <% end %>
 
 <% if _.isEmpty(@account_channels): %>
-  <p><%- @T('You have no configured account right now.') %></p>
+  <table class="table table--placeholder">
+    <thead><tr><th><%- @T('No Entries') %>
+  </table>
 <% else: %>
   <% for channel in @account_channels: %>
   <div class="action <% if channel.active isnt true: %>is-inactive<% end %>" data-id="<%- channel.id %>">

diff --git a/app/assets/javascripts/app/views/channel/sms_account_overview.jst.eco b/app/assets/javascripts/app/views/channel/sms_account_overview.jst.eco
@@ -1,7 +1,9 @@
 <h2><%- @T('SMS Accounts') %></h2>
 
 <% if _.isEmpty(@account_channels): %>
-  <p><%- @T('You have no configured account right now.') %></p>
+  <table class="table table--placeholder">
+    <thead><tr><th><%- @T('No Entries') %>
+  </table>
 <% else: %>
   <% for channel in @account_channels: %>
   <div class="action <% if channel.active isnt true: %>is-inactive<% end %>" data-id="<%- channel.id %>">
@@ -85,7 +87,9 @@
 
 <h2><%- @T('SMS Notification') %></h2>
 <% if _.isEmpty(@notification_channels): %>
-  <p><%- @T('You have no configured account right now.') %></p>
+  <table class="table table--placeholder">
+    <thead><tr><th><%- @T('No Entries') %>
+  </table>
   <a class="btn btn--success js-editNotification"><%- @T('New') %></a>
 <% else: %>
   <% for channel in @notification_channels: %>

diff --git a/app/assets/javascripts/app/views/google/list.jst.eco b/app/assets/javascripts/app/views/google/list.jst.eco
@@ -31,6 +31,11 @@
 <% end %>
 
 <div class="page-content">
+<% if _.isEmpty(@channels): %>
+  <table class="table table--placeholder">
+    <thead><tr><th><%- @T('No Entries') %>
+  </table>
+<% end %>
 <% for channel in @channels: %>
   <div class="action <% if channel.active isnt true: %>is-inactive<% end %>" data-id="<%= channel.id %>">
     <div class="action-flow" style="width: 100%;">

diff --git a/app/assets/javascripts/app/views/microsoft365/admin_consent.jst.eco b/app/assets/javascripts/app/views/microsoft365/admin_consent.jst.eco
@@ -0,0 +1,5 @@
+<p>
+  <%- @T('The admin consent request was sent to your administrator.') %><br>
+  <%- @T('Please wait until you received the notification email of the approval.') %><br><br>
+  <%- @T('After approval, please re-connect your Microsoft365 mailbox.') %><br>
+</p>
diff --git a/app/assets/javascripts/app/views/microsoft365/list.jst.eco b/app/assets/javascripts/app/views/microsoft365/list.jst.eco
@@ -6,6 +6,7 @@
   <div class="page-header-meta">
     <a class="btn js-configApp"><%- @T('Configure App') %></a>
     <a class="btn btn--success js-new"><%- @T('Add Account') %></a>
+    <a class="btn btn--success js-admin-consent"><%- @T('Request Admin Consent') %></a>
   </div>
 </div>
 
@@ -31,6 +32,11 @@
 <% end %>
 
 <div class="page-content">
+<% if _.isEmpty(@channels): %>
+  <table class="table table--placeholder">
+    <thead><tr><th><%- @T('No Entries') %>
+  </table>
+<% end %>
 <% for channel in @channels: %>
   <div class="action <% if channel.active isnt true: %>is-inactive<% end %>" data-id="<%= channel.id %>">
     <div class="action-flow" style="width: 100%;">

diff --git a/app/controllers/external_credentials_controller.rb b/app/controllers/external_credentials_controller.rb
@@ -32,7 +32,7 @@ def app_verify
 
   def link_account
     provider = params[:provider].downcase
-    attributes = ExternalCredential.request_account_to_link(provider)
+    attributes = ExternalCredential.request_account_to_link(provider, params)
     session[:request_token] = attributes[:request_token]
     session[:channel_id] = params[:channel_id]
     redirect_to attributes[:authorize_url]
@@ -41,6 +41,8 @@ def link_account
   def callback
     provider = params[:provider].downcase
     channel = ExternalCredential.link_account(provider, session[:request_token], link_params)
+    return redirect_to(channel) if channel.instance_of?(String)
+
     session[:request_token] = nil
     session[:channel_id] = nil
     redirect_to app_url(provider, channel.id)

diff --git a/app/models/external_credential.rb b/app/models/external_credential.rb
@@ -11,9 +11,9 @@ def self.app_verify(params)
     backend.app_verify(params)
   end
 
-  def self.request_account_to_link(provider)
+  def self.request_account_to_link(provider, params = {})
     backend = load_backend(provider)
-    backend.request_account_to_link
+    backend.request_account_to_link(params)
   end
 
   def self.link_account(provider, request_token, params)