imap-backup 2.2.2 → 3.0.0.rc1

data/lib/google/auth/stores/in_memory_token_store.rb

@@ -0,0 +1,9 @@
+module Google; end
+module Google::Auth; end
+module Google::Auth::Stores; end
+
+class Google::Auth::Stores::InMemoryTokenStore < Hash
+  def load(id)
+    self[id]
+  end
+end

data/lib/imap/backup.rb

@@ -7,6 +7,7 @@ require "imap/backup/configuration/account"
 require "imap/backup/configuration/asker"
 require "imap/backup/configuration/connection_tester"
 require "imap/backup/configuration/folder_chooser"
+require "imap/backup/configuration/gmail_oauth2"
 require "imap/backup/configuration/list"
 require "imap/backup/configuration/setup"
 require "imap/backup/configuration/store"
@@ -28,7 +29,7 @@ module Imap::Backup
     attr_reader :logger
 
     def initialize
-      @logger = ::Logger.new(STDOUT)
+      @logger = ::Logger.new($stdout)
     end
   end
 

data/lib/imap/backup/account/connection.rb

@@ -1,9 +1,14 @@
 require "net/imap"
+require "gmail_xoauth"
+
+require "gmail/authenticator"
 
 module Imap::Backup
   module Account; end
 
   class Account::Connection
+    class InvalidGmailOauth2RefreshToken < StandardError; end
+
     attr_reader :connection_options
     attr_reader :local_path
     attr_reader :password
@@ -78,12 +83,34 @@ module Imap::Backup
         "Creating IMAP instance: #{server}, options: #{options.inspect}"
       )
       @imap = Net::IMAP.new(server, options)
-      Imap::Backup.logger.debug "Logging in: #{username}/#{masked_password}"
-      @imap.login(username, password)
+      if gmail? && Gmail::Authenticator.refresh_token?(password)
+        authenticator = Gmail::Authenticator.new(email: username, token: password)
+        credentials = authenticator.credentials
+        raise InvalidGmailOauth2RefreshToken if !credentials
+
+        Imap::Backup.logger.debug "Logging in with OAuth2 token: #{username}"
+        @imap.authenticate("XOAUTH2", username, credentials.access_token)
+      else
+        Imap::Backup.logger.debug "Logging in: #{username}/#{masked_password}"
+        @imap.login(username, password)
+      end
       Imap::Backup.logger.debug "Login complete"
       @imap
     end
 
+    def server
+      return @server if @server
+      return nil if provider.nil?
+
+      @server = provider.host
+    end
+
+    def backup_folders
+      return @backup_folders if @backup_folders && !@backup_folders.empty?
+
+      (folders || []).map { |f| {name: f.name} }
+    end
+
     private
 
     def each_folder
@@ -133,10 +160,8 @@ module Imap::Backup
       password.gsub(/./, "x")
     end
 
-    def backup_folders
-      return @backup_folders if @backup_folders && !@backup_folders.empty?
-
-      (folders || []).map { |f| {name: f.name} }
+    def gmail?
+      server == Email::Provider::GMAIL_IMAP_SERVER
     end
 
     def local_folders
@@ -154,13 +179,6 @@ module Imap::Backup
       @provider ||= Email::Provider.for_address(username)
     end
 
-    def server
-      return @server if @server
-      return nil if provider.nil?
-
-      @server = provider.host
-    end
-
     def provider_options
       provider.options.merge(connection_options)
     end

data/lib/imap/backup/configuration/account.rb

@@ -56,9 +56,11 @@ module Imap::Backup
           )
         else
           account[:username] = username
+          # rubocop:disable Style/IfUnlessModifier
           if account[:server].nil? || (account[:server] == "")
             account[:server] = default_server(username)
           end
+          # rubocop:enable Style/IfUnlessModifier
           account[:modified] = true
         end
       end
@@ -66,7 +68,13 @@ module Imap::Backup
 
     def modify_password(menu)
       menu.choice("modify password") do
-        password = Configuration::Asker.password
+        password =
+          if account[:server] == Email::Provider::GMAIL_IMAP_SERVER
+            Configuration::GmailOauth2.new(account).run
+          else
+            Configuration::Asker.password
+          end
+
         if !password.nil?
           account[:password] = password
           account[:modified] = true

data/lib/imap/backup/configuration/gmail_oauth2.rb

@@ -0,0 +1,82 @@
+module Imap::Backup
+  module Configuration; end
+
+  class Configuration::GmailOauth2
+    BANNER = <<~BANNER.freeze
+      GMail OAuth2 Setup
+
+      You need to authorize imap_backup to get access to your email.
+      To do so, please follow the instructions here:
+
+      https://github.com/joeyates/imap-backup/docs/setting-up-gmail.md
+
+    BANNER
+
+    GMAIL_READ_SCOPE = "https://mail.google.com/".freeze
+    OOB_URI = "urn:ietf:wg:oauth:2.0:oob".freeze
+
+    attr_reader :account
+    attr_reader :client_id
+    attr_reader :client_secret
+
+    def initialize(account)
+      @account = account
+    end
+
+    def run
+      Kernel.system("clear")
+      Kernel.puts BANNER
+      @client_id = highline.ask("client_id: ")
+      @client_secret = highline.ask("client_secret: ")
+
+      Kernel.puts <<~MESSAGE
+
+        Open the following URL in your browser
+
+        #{authorization_url}
+
+        Then copy the success code
+
+      MESSAGE
+
+      @code = highline.ask("success code: ")
+      @credentials = authorizer.get_and_store_credentials_from_code(
+        user_id: email, code: @code, base_url: OOB_URI
+      )
+
+      raise "Failed" if !@credentials
+
+      token = JSON.parse(token_store.load(email))
+      token["client_secret"] = client_secret
+      token.to_json
+    end
+
+    private
+
+    def email
+      account[:username]
+    end
+
+    def highline
+      Configuration::Setup.highline
+    end
+
+    def auth_client_id
+      @auth_client_id = Google::Auth::ClientId.new(client_id, client_secret)
+    end
+
+    def authorizer
+      @authorizer ||= Google::Auth::UserAuthorizer.new(
+        auth_client_id, GMAIL_READ_SCOPE, token_store
+      )
+    end
+
+    def token_store
+      @token_store ||= Google::Auth::Stores::InMemoryTokenStore.new
+    end
+
+    def authorization_url
+      authorizer.get_authorization_url(base_url: OOB_URI)
+    end
+  end
+end

data/lib/imap/backup/configuration/setup.rb

@@ -75,7 +75,10 @@ module Imap::Backup
         password: "",
         local_path: File.join(config.path, username.tr("@", "_")),
         folders: []
-      }
+      }.tap do |c|
+        server = Email::Provider.for_address(username)
+        c[:server] = server.host if server.host
+      end
     end
 
     def edit_account(username)

data/lib/imap/backup/version.rb

@@ -1,8 +1,9 @@
 module Imap; end
 
 module Imap::Backup
-  MAJOR    = 2
-  MINOR    = 2
-  REVISION = 2
-  VERSION  = [MAJOR, MINOR, REVISION].compact.map(&:to_s).join(".")
+  MAJOR    = 3
+  MINOR    = 0
+  REVISION = 0
+  PRE      = "rc1".freeze
+  VERSION  = [MAJOR, MINOR, REVISION, PRE].compact.map(&:to_s).join(".")
 end

data/spec/features/backup_spec.rb

@@ -38,7 +38,7 @@ RSpec.describe "backup", type: :feature, docker: true do
     end
 
     it "saves a file version" do
-      expect(imap_metadata[:version].to_s).to match(/^[0-9\.]$/)
+      expect(imap_metadata[:version].to_s).to match(/^[0-9.]$/)
     end
 
     it "records IMAP ids" do

data/spec/unit/gmail/authenticator_spec.rb

@@ -0,0 +1,138 @@
+require "gmail/authenticator"
+require "googleauth"
+
+describe Gmail::Authenticator do
+  ACCESS_TOKEN = "access_token".freeze
+  AUTHORIZATION_URL = "authorization_url".freeze
+  CLIENT_ID = "client_id".freeze
+  CLIENT_SECRET = "client_secret".freeze
+  CODE = "code".freeze
+  CREDENTIALS = "credentials".freeze
+  EMAIL = "email".freeze
+  EXPIRATION_TIME_MILLIS = "expiration_time_millis".freeze
+  GMAIL_READ_SCOPE = "https://mail.google.com/".freeze
+  IMAP_BACKUP_TOKEN = "imap_backup_token".freeze
+  OOB_URI = "urn:ietf:wg:oauth:2.0:oob".freeze
+  REFRESH_TOKEN = "refresh_token".freeze
+
+  subject { described_class.new(**params) }
+
+  let(:params) do
+    {
+      email: EMAIL,
+      token: IMAP_BACKUP_TOKEN
+    }
+  end
+
+  let(:authorizer) do
+    instance_double(Google::Auth::UserAuthorizer)
+  end
+
+  let(:imap_backup_token) do
+    instance_double(
+      Gmail::Authenticator::ImapBackupToken,
+      access_token: ACCESS_TOKEN,
+      client_id: CLIENT_ID,
+      client_secret: CLIENT_SECRET,
+      expiration_time_millis: EXPIRATION_TIME_MILLIS,
+      refresh_token: REFRESH_TOKEN,
+      valid?: true
+    )
+  end
+
+  let(:token_store) do
+    instance_double(Google::Auth::Stores::InMemoryTokenStore)
+  end
+
+  let(:credentials) do
+    instance_double(Google::Auth::UserRefreshCredentials, refresh!: true)
+  end
+
+  let(:expired) { false }
+
+  before do
+    allow(Google::Auth::UserAuthorizer).
+      to receive(:new).
+        with(
+          instance_of(Google::Auth::ClientId),
+          GMAIL_READ_SCOPE,
+          token_store
+        ) { authorizer }
+    allow(authorizer).to receive(:get_authorization_url).
+      with(base_url: OOB_URI) { AUTHORIZATION_URL }
+    allow(authorizer).to receive(:get_credentials).
+      with(EMAIL) { credentials }
+    allow(authorizer).to receive(:get_credentials_from_code).
+      with(user_id: EMAIL, code: CODE, base_url: OOB_URI) { CREDENTIALS }
+
+    allow(Google::Auth::UserRefreshCredentials).
+      to receive(:new) { credentials }
+    allow(credentials).to receive(:expired?) { expired }
+
+    allow(Google::Auth::Stores::InMemoryTokenStore).
+      to receive(:new) { token_store }
+    allow(token_store).to receive(:store).
+      with(EMAIL, anything) # TODO: use a JSON matcher
+    allow(Gmail::Authenticator::ImapBackupToken).
+      to receive(:new).
+        with(IMAP_BACKUP_TOKEN) { imap_backup_token }
+  end
+
+  describe "#initialize" do
+    [:email, :token].each do |param|
+      context "parameter #{param}" do
+        let(:params) { super().dup.reject { |k| k == param } }
+
+        it "is expected" do
+          expect { subject }.to raise_error(
+            ArgumentError, /missing keyword: :#{param}/
+          )
+        end
+      end
+    end
+  end
+
+  describe "#credentials" do
+    let!(:result) { subject.credentials }
+
+    it "attempts to get credentials" do
+      expect(authorizer).to have_received(:get_credentials)
+    end
+
+    it "returns the result" do
+      expect(result).to eq(credentials)
+    end
+
+    context "when the access_token has expired" do
+      let(:expired) { true }
+
+      it "refreshes it" do
+        expect(credentials).to have_received(:refresh!)
+      end
+    end
+  end
+
+  describe "#authorization_url" do
+    let!(:result) { subject.authorization_url }
+
+    it "requests an authorization URL" do
+      expect(authorizer).to have_received(:get_authorization_url)
+    end
+
+    it "returns the result" do
+      expect(result).to eq(AUTHORIZATION_URL)
+    end
+  end
+
+  describe "#credentials_from_code" do
+    let!(:result) { subject.credentials_from_code(CODE) }
+
+    it "requests credentials" do
+      expect(authorizer).to have_received(:get_credentials_from_code)
+    end
+
+    it "returns credentials" do
+      expect(result).to eq(CREDENTIALS)
+    end
+  end
+end

data/spec/unit/google/auth/stores/in_memory_token_store_spec.rb

@@ -0,0 +1,15 @@
+require "google/auth/stores/in_memory_token_store"
+
+describe Google::Auth::Stores::InMemoryTokenStore do
+  KEY = "key".freeze
+  VALUE = "value".freeze
+
+  subject { described_class.new }
+
+  describe "#load" do
+    it "returns an item's value" do
+      subject[KEY] = VALUE
+      expect(subject.load(KEY)).to eq(VALUE)
+    end
+  end
+end

data/spec/unit/imap/backup/account/connection_spec.rb

@@ -1,50 +1,53 @@
-describe Imap::Backup::Account::Connection do
-  def self.backup_folder
-    "backup_folder"
-  end
+require "ostruct"
 
-  def self.folder_config
-    {name: backup_folder}
-  end
+describe Imap::Backup::Account::Connection do
+  BACKUP_FOLDER = "backup_folder".freeze
+  FOLDER_CONFIG = {name: BACKUP_FOLDER}.freeze
+  FOLDER_NAME = "my_folder".freeze
+  GMAIL_IMAP_SERVER = "imap.gmail.com".freeze
+  LOCAL_PATH = "local_path".freeze
+  LOCAL_UID = "local_uid".freeze
+  PASSWORD = "secret".freeze
+  ROOT_NAME = "foo".freeze
+  SERVER = "imap.example.com".freeze
+  USERNAME = "username@example.com".freeze
 
   subject { described_class.new(options) }
 
   let(:imap) do
-    instance_double(Net::IMAP, login: nil, disconnect: nil)
+    instance_double(Net::IMAP, authenticate: nil, login: nil, disconnect: nil)
   end
   let(:imap_folders) { [] }
   let(:options) do
     {
-      username: username,
-      password: "password",
-      local_path: local_path,
-      folders: backup_folders
+      username: USERNAME,
+      password: PASSWORD,
+      local_path: LOCAL_PATH,
+      folders: backup_folders,
+      server: server
     }
   end
-  let(:local_path) { "local_path" }
-  let(:backup_folders) { [self.class.folder_config] }
-  let(:username) { "username@gmail.com" }
+  let(:backup_folders) { [FOLDER_CONFIG] }
   let(:root_info) do
-    instance_double(Net::IMAP::MailboxList, name: root_name)
+    instance_double(Net::IMAP::MailboxList, name: ROOT_NAME)
   end
-  let(:root_name) { "foo" }
   let(:serializer) do
     instance_double(
       Imap::Backup::Serializer::Mbox,
       folder: serialized_folder,
       force_uid_validity: nil,
       apply_uid_validity: new_uid_validity,
-      uids: [local_uid]
+      uids: [LOCAL_UID]
     )
   end
   let(:serialized_folder) { nil }
+  let(:server) { SERVER }
   let(:new_uid_validity) { nil }
-  let(:local_uid) { "local_uid" }
 
   before do
     allow(Net::IMAP).to receive(:new) { imap }
     allow(imap).to receive(:list).with("", "") { [root_info] }
-    allow(imap).to receive(:list).with(root_name, "*") { imap_folders }
+    allow(imap).to receive(:list).with(ROOT_NAME, "*") { imap_folders }
     allow(Imap::Backup::Utils).to receive(:make_folder)
   end
 
@@ -56,12 +59,14 @@ describe Imap::Backup::Account::Connection do
 
   describe "#initialize" do
     [
-      [:username, "username@gmail.com"],
-      [:local_path, "local_path"],
-      [:backup_folders, [folder_config]]
+      [:username, USERNAME],
+      [:password, PASSWORD],
+      [:local_path, LOCAL_PATH],
+      [:backup_folders, [FOLDER_CONFIG]],
+      [:server, SERVER]
     ].each do |attr, expected|
       it "expects #{attr}" do
-        expect(subject.send(attr)).to eq(expected)
+        expect(subject.public_send(attr)).to eq(expected)
       end
     end
 
@@ -79,6 +84,61 @@ describe Imap::Backup::Account::Connection do
       expect(result).to eq(imap)
     end
 
+    it "uses the password" do
+      expect(imap).to have_received(:login).with(USERNAME, PASSWORD)
+    end
+
+    context "with the GMail IMAP server" do
+      ACCESS_TOKEN = "access_token".freeze
+
+      let(:server) { GMAIL_IMAP_SERVER }
+      let(:refresh_token) { true }
+      let(:result) { nil }
+      let(:authenticator) do
+        instance_double(
+          Gmail::Authenticator,
+          credentials: credentials
+        )
+      end
+      let(:credentials) { OpenStruct.new(access_token: ACCESS_TOKEN) }
+
+      before do
+        allow(Gmail::Authenticator).
+          to receive(:refresh_token?) { refresh_token }
+        allow(Gmail::Authenticator).
+          to receive(:new).
+            with(email: USERNAME, token: PASSWORD) { authenticator }
+      end
+
+      context "when the password is our copy of a GMail refresh token" do
+        it "uses the OAuth2 access_token to authenticate" do
+          subject.imap
+
+          expect(imap).to have_received(:authenticate).with(
+            "XOAUTH2", USERNAME, ACCESS_TOKEN
+          )
+        end
+
+        context "when the refresh token is invalid" do
+          let(:credentials) { nil }
+
+          it "raises" do
+            expect { subject.imap }.to raise_error(String)
+          end
+        end
+      end
+
+      context "when the password is not our copy of a GMail refresh token" do
+        let(:refresh_token) { false }
+
+        it "uses the password" do
+          subject.imap
+
+          expect(imap).to have_received(:login).with(USERNAME, PASSWORD)
+        end
+      end
+    end
+
     include_examples "connects to IMAP"
   end
 
@@ -104,11 +164,11 @@ describe Imap::Backup::Account::Connection do
     end
 
     it "returns the names of folders" do
-      expect(subject.status[0][:name]).to eq(self.class.backup_folder)
+      expect(subject.status[0][:name]).to eq(BACKUP_FOLDER)
     end
 
     it "returns local message uids" do
-      expect(subject.status[0][:local]).to eq([local_uid])
+      expect(subject.status[0][:local]).to eq([LOCAL_UID])
     end
 
     it "retrieves the available uids" do
@@ -132,16 +192,13 @@ describe Imap::Backup::Account::Connection do
     before do
       allow(Imap::Backup::Downloader).
         to receive(:new).with(folder, serializer) { downloader }
+      allow(Imap::Backup::Account::Folder).to receive(:new).
+        with(subject, BACKUP_FOLDER) { folder }
+      allow(Imap::Backup::Serializer::Mbox).to receive(:new).
+        with(LOCAL_PATH, BACKUP_FOLDER) { serializer }
     end
 
     context "with supplied backup_folders" do
-      before do
-        allow(Imap::Backup::Account::Folder).to receive(:new).
-          with(subject, self.class.backup_folder) { folder }
-        allow(Imap::Backup::Serializer::Mbox).to receive(:new).
-          with(local_path, self.class.backup_folder) { serializer }
-      end
-
       it "runs the downloader" do
         expect(downloader).to receive(:run)
 
@@ -161,14 +218,14 @@ describe Imap::Backup::Account::Connection do
 
     context "without supplied backup_folders" do
       let(:imap_folders) do
-        [instance_double(Net::IMAP::MailboxList, name: "foo")]
+        [instance_double(Net::IMAP::MailboxList, name: ROOT_NAME)]
       end
 
       before do
         allow(Imap::Backup::Account::Folder).to receive(:new).
-          with(subject, "foo") { folder }
+          with(subject, ROOT_NAME) { folder }
         allow(Imap::Backup::Serializer::Mbox).to receive(:new).
-          with(local_path, "foo") { serializer }
+          with(LOCAL_PATH, ROOT_NAME) { serializer }
       end
 
       context "when supplied backup_folders is nil" do
@@ -200,6 +257,12 @@ describe Imap::Backup::Account::Connection do
         end
       end
     end
+
+    context "when run" do
+      before { subject.run_backup }
+
+      include_examples "connects to IMAP"
+    end
   end
 
   describe "#restore" do
@@ -208,7 +271,7 @@ describe Imap::Backup::Account::Connection do
         Imap::Backup::Account::Folder,
         create: nil,
         uids: uids,
-        name: "my_folder",
+        name: FOLDER_NAME,
         uid_validity: uid_validity
       )
     end
@@ -236,9 +299,9 @@ describe Imap::Backup::Account::Connection do
 
     before do
       allow(Imap::Backup::Account::Folder).to receive(:new).
-        with(subject, "my_folder") { folder }
+        with(subject, FOLDER_NAME) { folder }
       allow(Imap::Backup::Serializer::Mbox).to receive(:new).
-        with(anything, "my_folder") { serializer }
+        with(anything, FOLDER_NAME) { serializer }
       allow(Imap::Backup::Account::Folder).to receive(:new).
         with(subject, "new name") { updated_folder }
       allow(Imap::Backup::Serializer::Mbox).to receive(:new).
@@ -248,7 +311,7 @@ describe Imap::Backup::Account::Connection do
       allow(Imap::Backup::Uploader).to receive(:new).
         with(updated_folder, updated_serializer) { updated_uploader }
       allow(Pathname).to receive(:glob).
-        and_yield(Pathname.new(File.join(local_path, "my_folder.imap")))
+        and_yield(Pathname.new(File.join(LOCAL_PATH, "#{FOLDER_NAME}.imap")))
     end
 
     it "sets local uid validity" do