Merge pull request #613 from modoboa/fix/oauth2-client-secrets

Make sure to reuse same client secrets between runs.

modoboa_installer/config_dict_template.py

@@ -1,5 +1,6 @@
 import random
 import string
+import uuid
 
 from .constants import DEFAULT_BACKUP_DIRECTORY
 
@@ -11,6 +12,10 @@ def make_password(length=16):
             string.ascii_letters + string.digits) for _ in range(length))
 
 
+def make_client_secret():
+    return str(uuid.uuid4())
+
+
 # Validators should return a tuple bool, error message
 def is_email(user_input):
     """Return True in input is a valid email"""
@@ -351,6 +356,10 @@ ConfigDictTemplate = [
                 "option": "move_spam_to_junk",
                 "default": "true",
             },
+            {
+                "option": "oauth2_client_secret",
+                "default": make_client_secret
+            },
         ]
     },
     {
@@ -480,7 +489,11 @@ ConfigDictTemplate = [
             {
                 "option": "venv_path",
                 "default": "%(home_dir)s/env",
-            }
+            },
+            {
+                "option": "oauth2_client_secret",
+                "default": make_client_secret
+            },
         ]
     },
     {

modoboa_installer/scripts/dovecot.py

@@ -154,7 +154,10 @@ class Dovecot(base.Installer):
             protocols = ""
 
         oauth2_client_id, oauth2_client_secret = utils.create_oauth2_app(
-            "Dovecot", "dovecot", self.config
+            "Dovecot",
+            "dovecot",
+            self.config.get("dovecot", "oauth2_client_secret"),
+            self.config
         )
         hostname = self.config.get("general", "hostname")
         oauth2_introspection_url = (

modoboa_installer/scripts/radicale.py

@@ -41,7 +41,11 @@ class Radicale(base.Installer):
         """Additional variables."""
         context = super().get_template_context()
         oauth2_client_id, oauth2_client_secret = utils.create_oauth2_app(
-            "Radicale", "radicale", self.config)
+            "Radicale",
+            "radicale",
+            self.config.get("radicale", "oauth2_client_secret"),
+            self.config
+        )
         hostname = self.config.get("general", "hostname")
         oauth2_introspection_url = (
             f"https://{oauth2_client_id}:{oauth2_client_secret}"

modoboa_installer/utils.py

@@ -13,7 +13,6 @@ import stat
 import string
 import subprocess
 import sys
-import uuid
 
 from . import config_dict_template
 from .compatibility_matrix import APP_INCOMPATIBILITY
@@ -515,14 +514,13 @@ def validate_backup_path(path: str, silent_mode: bool):
     return backup_path
 
 
-def create_oauth2_app(app_name: str, client_id: str, config) -> tuple[str, str]:
+def create_oauth2_app(app_name: str, client_id: str, client_secret: str, config) -> tuple[str, str]:
     """Create a application for Oauth2 authentication."""
     # FIXME: how can we check that application already exists ?
     venv_path = config.get("modoboa", "venv_path")
     python_path = os.path.join(venv_path, "bin", "python")
     instance_path = config.get("modoboa", "instance_path")
     script_path = os.path.join(instance_path, "manage.py")
-    client_secret = str(uuid.uuid4())
     cmd = (
         f"{python_path} {script_path} createapplication "
         f"--name={app_name} --skip-authorization "