Make sure to reuse same client secrets between runs.

2025-11-07 16:09:51 +01:00
parent 2121cfe267
commit 7a38a535f8
4 changed files with 24 additions and 6 deletions
--- a/modoboa_installer/config_dict_template.py
+++ b/modoboa_installer/config_dict_template.py
@@ -1,5 +1,6 @@
 import random
 import string
+import uuid

 from .constants import DEFAULT_BACKUP_DIRECTORY

@@ -11,6 +12,10 @@ def make_password(length=16):
            string.ascii_letters + string.digits) for _ in range(length))


+def make_client_secret():
+    return str(uuid.uuid4())
+
+
 # Validators should return a tuple bool, error message
 def is_email(user_input):
    """Return True in input is a valid email"""
@@ -351,6 +356,10 @@ ConfigDictTemplate = [
                "option": "move_spam_to_junk",
                "default": "true",
            },
+            {
+                "option": "oauth2_client_secret",
+                "default": make_client_secret
+            },
        ]
    },
    {
@@ -480,7 +489,11 @@ ConfigDictTemplate = [
            {
                "option": "venv_path",
                "default": "%(home_dir)s/env",
-            }
+            },
+            {
+                "option": "oauth2_client_secret",
+                "default": make_client_secret
+            },
        ]
    },
    {
--- a/modoboa_installer/scripts/dovecot.py
+++ b/modoboa_installer/scripts/dovecot.py
@@ -154,7 +154,10 @@ class Dovecot(base.Installer):
            protocols = ""

        oauth2_client_id, oauth2_client_secret = utils.create_oauth2_app(
-            "Dovecot", "dovecot", self.config
+            "Dovecot",
+            "dovecot",
+            self.config.get("dovecot", "oauth2_client_secret"),
+            self.config
        )
        hostname = self.config.get("general", "hostname")
        oauth2_introspection_url = (
--- a/modoboa_installer/scripts/radicale.py
+++ b/modoboa_installer/scripts/radicale.py
@@ -41,7 +41,11 @@ class Radicale(base.Installer):
        """Additional variables."""
        context = super().get_template_context()
        oauth2_client_id, oauth2_client_secret = utils.create_oauth2_app(
-            "Radicale", "radicale", self.config)
+            "Radicale",
+            "radicale",
+            self.config.get("radicale", "oauth2_client_secret"),
+            self.config
+        )
        hostname = self.config.get("general", "hostname")
        oauth2_introspection_url = (
            f"https://{oauth2_client_id}:{oauth2_client_secret}"
--- a/modoboa_installer/utils.py
+++ b/modoboa_installer/utils.py
@@ -13,7 +13,6 @@ import stat
 import string
 import subprocess
 import sys
-import uuid

 from . import config_dict_template
 from .compatibility_matrix import APP_INCOMPATIBILITY
@@ -515,14 +514,13 @@ def validate_backup_path(path: str, silent_mode: bool):
    return backup_path


-def create_oauth2_app(app_name: str, client_id: str, config) -> tuple[str, str]:
+def create_oauth2_app(app_name: str, client_id: str, client_secret: str, config) -> tuple[str, str]:
    """Create a application for Oauth2 authentication."""
    # FIXME: how can we check that application already exists ?
    venv_path = config.get("modoboa", "venv_path")
    python_path = os.path.join(venv_path, "bin", "python")
    instance_path = config.get("modoboa", "instance_path")
    script_path = os.path.join(instance_path, "manage.py")
-    client_secret = str(uuid.uuid4())
    cmd = (
        f"{python_path} {script_path} createapplication "
        f"--name={app_name} --skip-authorization "