RubyGems - lex-microsoft_teams - Versions diffs - 0.5.5 → 0.5.6 - Mend

lex-microsoft_teams 0.5.5 → 0.5.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +11 -0
data/CLAUDE.md +7 -5
data/lib/legion/extensions/microsoft_teams/helpers/browser_auth.rb +67 -12
data/lib/legion/extensions/microsoft_teams/version.rb +1 -1
metadata +1 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5dd2ecc48c7eda33072b23d32d9a08947b43d51aaeba49b6b4eb46fb410e8065
-  data.tar.gz: ec8b561ede2e96afe790aad56ecc02c3491117ea26e3bbd2e78a480d214a58d2
+  metadata.gz: d414b08d6eaabf909ab4de6fe900cc879bdeda369ea386925c2c3258ed9d4a24
+  data.tar.gz: 8bdf0da6fb7f666eb9a4489180370e5f4e3124104e9c8736d85e9d0dbe1afbb5
 SHA512:
-  metadata.gz: 786b4d6f2b4e3cce9fee5d61d96cb2c89f31080628d19c5e146976e9eaf3ecb6e4e8eaf76854493cfa37e6dba89721c0e6dca42e8dd657bbaac67ad84b195cf6
-  data.tar.gz: 82fc1cf2c2f31b81e7f640b5edc00be53cc976733bb7c33f3d3a68648991ad0a6979cfb2eb43f57584c48aeb7dd90542ac787e056fc44938216b7b7b9bbed41a
+  metadata.gz: 02b042dea9cc6292403cc504c6bdcfde101e63c24c7120300985a0825ea3dcf11aa988705f64ad9ff5bace61513b4b621f263740f7ce9e40e858b45123017acb
+  data.tar.gz: 9d09c3aa2518ccc19655d864c393f01ff2a578c7085c47ff4dfa130b1fb8dcec6a6cb465b2c3ae57787617201f06f9528006f60d6c0373860e2191c5b9a3216d

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,16 @@
 # Changelog
+## [0.5.6] - 2026-03-19
+### Added
+- BrowserAuth API hook detection: uses hook URL when Legion::API is running instead of ephemeral CallbackServer
+- `api_hook_available?` and `hook_redirect_uri` methods on BrowserAuth
+- `authenticate_via_hook` path using `Legion::Events` for callback notification
+- `authenticate_via_server` extracted from original `authenticate_browser` as fallback path
+### Changed
+- `authenticate_browser` now delegates to hook path (API running) or server path (standalone)
 ## [0.5.5] - 2026-03-19
 ### Added

data/CLAUDE.md CHANGED Viewed

@@ -10,14 +10,14 @@ Legion Extension that connects LegionIO to Microsoft Teams via Graph API and Bot
 **GitHub**: https://github.com/LegionIO/lex-microsoft_teams
 **License**: MIT
-**Version**: 0.5.4
+**Version**: 0.5.5
 ## Architecture
 ```
 Legion::Extensions::MicrosoftTeams
 ├── Runners/
-│   ├── Auth              # OAuth2 client credentials (Graph + Bot Framework)
+│   ├── Auth              # OAuth2 client credentials (Graph + Bot Framework) + auth_callback for hook
 │   ├── Teams             # List/get teams, members
 │   ├── Chats             # 1:1 and group chat CRUD
 │   ├── Messages          # Chat message send/read/reply
@@ -56,6 +56,8 @@ Legion::Extensions::MicrosoftTeams
 │   ├── SubscriptionRegistry # Conversation observation subscriptions (in-memory + lex-memory)
 │   ├── BrowserAuth       # Delegated OAuth orchestrator (PKCE, headless detection, browser launch)
 │   └── CallbackServer    # Ephemeral TCP server for OAuth redirect callback
+├── Hooks/
+│   └── Auth              # OAuth callback hook (mount '/callback') → /api/hooks/lex/microsoft_teams/auth/callback
 └── Client                # Standalone client (includes all runners)
 ```
@@ -66,9 +68,9 @@ Opt-in browser-based OAuth for delegated Microsoft Graph permissions. Two flows:
 - **Authorization Code + PKCE** (primary): Opens browser for Entra ID login, captures callback on ephemeral local port, exchanges code with PKCE verification
 - **Device Code** (fallback): Auto-selected in headless/SSH environments (no `DISPLAY`/`WAYLAND_DISPLAY`)
-Tokens stored in Vault (`legionio/microsoft_teams/delegated_token`) with configurable pre-expiry silent refresh. CLI command: `legion auth teams`. Sinatra route: `GET /api/oauth/microsoft_teams/callback` for daemon re-auth.
+Tokens stored in Vault (`legionio/microsoft_teams/delegated_token`) with configurable pre-expiry silent refresh. CLI command: `legion auth teams`. Hook route: `GET|POST /api/hooks/lex/microsoft_teams/auth/callback` for daemon re-auth (routed through Ingress for RBAC/audit).
-Key files: `Helpers::BrowserAuth` (orchestrator), `Helpers::CallbackServer` (ephemeral TCP), `Runners::Auth` (authorize_url, exchange_code, refresh_delegated_token), `Helpers::TokenCache` (delegated slot).
+Key files: `Helpers::BrowserAuth` (orchestrator), `Helpers::CallbackServer` (ephemeral TCP), `Runners::Auth` (authorize_url, exchange_code, refresh_delegated_token, auth_callback), `Helpers::TokenCache` (delegated slot), `Hooks::Auth` (hook class with mount path).
 ## Token Lifecycle (v0.5.4)
@@ -213,7 +215,7 @@ Optional framework dependencies (guarded with `defined?`, not in gemspec):
 ```bash
 bundle install
-bundle exec rspec     # 209 specs (as of v0.5.4)
+bundle exec rspec     # 219 specs (as of v0.5.5)
 bundle exec rubocop   # Clean
 ```

data/lib/legion/extensions/microsoft_teams/helpers/browser_auth.rb CHANGED Viewed

@@ -32,6 +32,19 @@ module Legion
             end
           end
+          def api_hook_available?
+            !!(defined?(Legion::API) && defined?(Legion::Events))
+          end
+          def hook_redirect_uri
+            port = if defined?(Legion::Settings)
+                     Legion::Settings.dig(:api, :port) || 4567
+                   else
+                     4567
+                   end
+            "http://127.0.0.1:#{port}/api/hooks/lex/microsoft_teams/auth/callback"
+          end
           def generate_pkce
             verifier  = SecureRandom.urlsafe_base64(32)
             challenge = Base64.urlsafe_encode64(Digest::SHA256.digest(verifier), padding: false)
@@ -66,17 +79,62 @@ module Legion
             verifier, challenge = generate_pkce
             state = SecureRandom.hex(32)
+            if api_hook_available?
+              authenticate_via_hook(verifier: verifier, challenge: challenge, state: state)
+            else
+              authenticate_via_server(verifier: verifier, challenge: challenge, state: state)
+            end
+          end
+          def authenticate_via_hook(verifier:, challenge:, state:)
+            callback_uri = hook_redirect_uri
+            result_holder = { result: nil }
+            mutex = Mutex.new
+            cv = ConditionVariable.new
+            listener = Legion::Events.once('microsoft_teams.oauth.callback') do |event|
+              mutex.synchronize do
+                result_holder[:result] = event
+                cv.broadcast
+              end
+            end
+            url = @auth.authorize_url(
+              tenant_id: tenant_id, client_id: client_id,
+              redirect_uri: callback_uri, scope: scopes,
+              state: state, code_challenge: challenge
+            )
+            log_info('Opening browser for authentication (using API hook)...')
+            unless open_browser(url)
+              Legion::Events.off('microsoft_teams.oauth.callback', listener)
+              log_info('Could not open browser. Falling back to device code flow.')
+              return authenticate_device_code
+            end
+            mutex.synchronize { cv.wait(mutex, 120) unless result_holder[:result] }
+            result = result_holder[:result]
+            return { error: 'timeout', description: 'No callback received within timeout' } unless result && result[:code]
+            return { error: 'state_mismatch', description: 'CSRF state parameter mismatch' } unless result[:state] == state
+            @auth.exchange_code(
+              tenant_id: tenant_id, client_id: client_id,
+              code: result[:code], redirect_uri: callback_uri,
+              code_verifier: verifier, scope: scopes
+            )
+          end
+          def authenticate_via_server(verifier:, challenge:, state:)
             server = CallbackServer.new
             server.start
             callback_uri = server.redirect_uri
             url = @auth.authorize_url(
-              tenant_id:      tenant_id,
-              client_id:      client_id,
-              redirect_uri:   callback_uri,
-              scope:          scopes,
-              state:          state,
-              code_challenge: challenge
+              tenant_id: tenant_id, client_id: client_id,
+              redirect_uri: callback_uri, scope: scopes,
+              state: state, code_challenge: challenge
             )
             log_info('Opening browser for authentication...')
@@ -92,12 +150,9 @@ module Legion
             return { error: 'state_mismatch', description: 'CSRF state parameter mismatch' } unless result[:state] == state
             @auth.exchange_code(
-              tenant_id:     tenant_id,
-              client_id:     client_id,
-              code:          result[:code],
-              redirect_uri:  callback_uri,
-              code_verifier: verifier,
-              scope:         scopes
+              tenant_id: tenant_id, client_id: client_id,
+              code: result[:code], redirect_uri: callback_uri,
+              code_verifier: verifier, scope: scopes
             )
           ensure
             server&.shutdown

data/lib/legion/extensions/microsoft_teams/version.rb CHANGED Viewed

@@ -3,7 +3,7 @@
 module Legion
   module Extensions
     module MicrosoftTeams
-      VERSION = '0.5.5'
+      VERSION = '0.5.6'
     end
   end
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: lex-microsoft_teams
 version: !ruby/object:Gem::Version
-  version: 0.5.5
+  version: 0.5.6
 platform: ruby
 authors:
 - Esity