npm - emailengine-app - Versions diffs - 2.64.0 → 2.65.0 - Mend

emailengine-app 2.64.0 → 2.65.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (28) hide show

package/.github/workflows/test.yml +4 -0
package/CHANGELOG.md +14 -0
package/copy-static-files.sh +1 -1
package/data/google-crawlers.json +1 -1
package/lib/account.js +7 -7
package/lib/api-routes/account-routes.js +7 -1
package/lib/email-client/outlook/graph-api.js +2 -2
package/lib/email-client/outlook-client.js +43 -10
package/lib/export.js +17 -0
package/lib/imapproxy/imap-server.js +2 -2
package/lib/oauth/outlook.js +99 -1
package/lib/oauth2-apps.js +66 -12
package/lib/outbox.js +1 -1
package/lib/routes-ui.js +7 -147
package/lib/schemas.js +171 -11
package/lib/ui-routes/account-routes.js +6 -1
package/lib/ui-routes/oauth-routes.js +18 -172
package/package.json +19 -19
package/sbom.json +1 -1
package/static/licenses.html +23 -83
package/translations/messages.pot +71 -71
package/views/config/oauth/edit.hbs +2 -0
package/views/config/oauth/index.hbs +2 -1
package/views/config/oauth/new.hbs +2 -0
package/views/partials/oauth_form.hbs +179 -4
package/views/partials/scope_info.hbs +10 -0
package/workers/export.js +6 -2
package/workers/imap.js +3 -2

package/lib/routes-ui.js CHANGED Viewed

@@ -37,7 +37,7 @@ const { Account } = require('./account');
 const { Gateway } = require('./gateway');
 const { redis, submitQueue, notifyQueue, documentsQueue } = require('./db');
 const psl = require('psl');
-const { oauth2Apps, LEGACY_KEYS, OAUTH_PROVIDERS, oauth2ProviderData } = require('./oauth2-apps');
+const { oauth2Apps, OAUTH_PROVIDERS, oauth2ProviderData, SERVICE_ACCOUNT_PROVIDERS } = require('./oauth2-apps');
 const { autodetectImapSettings } = require('./autodetect-imap-settings');
 const getSecret = require('./get-secret');
 const os = require('os');
@@ -45,10 +45,9 @@ const {
     ADDRESS_STRATEGIES,
     settingsSchema,
     oauthCreateSchema,
+    oauthUpdateSchema,
     accountIdSchema,
     defaultAccountTypeSchema,
-    googleProjectIdSchema,
-    googleWorkspaceAccountsSchema,
     exportIdSchema
 } = require('./schemas');
 const fs = require('fs');
@@ -357,150 +356,6 @@ const OKTA_OAUTH2_CLIENT_ID = readEnvValue('OKTA_OAUTH2_CLIENT_ID');
 const OKTA_OAUTH2_CLIENT_SECRET = readEnvValue('OKTA_OAUTH2_CLIENT_SECRET');
 const USE_OKTA_AUTH = !!(OKTA_OAUTH2_ISSUER && OKTA_OAUTH2_CLIENT_ID && OKTA_OAUTH2_CLIENT_SECRET);
-const oauthUpdateSchema = {
-    app: Joi.string().empty('').max(255).example('gmail').label('Provider').required(),
-    provider: Joi.string()
-        .trim()
-        .empty('')
-        .max(256)
-        .valid(...Object.keys(OAUTH_PROVIDERS))
-        .example('gmail')
-        .required()
-        .description('OAuth2 provider'),
-    name: Joi.string()
-        .trim()
-        .empty('')
-        .max(256)
-        .example('My Gmail App')
-        .description('Application name')
-        .when('app', {
-            not: Joi.string().valid(...LEGACY_KEYS),
-            then: Joi.required(),
-            otherwise: Joi.optional().valid(false, null)
-        }),
-    description: Joi.string().trim().allow('').max(1024).example('My cool app').description('Application description'),
-    title: Joi.string().allow('').trim().max(256).example('App title').description('Title for the application button'),
-    enabled: Joi.boolean().truthy('Y', 'true', '1', 'on').falsy('N', 'false', 0, '').default(false).description('Enable this app'),
-    clientId: Joi.string()
-        .trim()
-        .allow('')
-        .max(256)
-        .when('provider', {
-            not: 'gmailService',
-            then: Joi.required(),
-            otherwise: Joi.optional().valid(false, null)
-        })
-        .description('OAuth2 Client ID'),
-    clientSecret: Joi.string()
-        .trim()
-        .empty('', false, null)
-        .max(256)
-        .when('provider', {
-            not: 'gmailService',
-            then: Joi.optional(),
-            otherwise: Joi.forbidden()
-        })
-        .description('OAuth2 Client Secret'),
-    pubSubApp: Joi.string()
-        .empty('')
-        .base64({ paddingRequired: false, urlSafe: true })
-        .max(512)
-        .example('AAAAAQAACnA')
-        .description('Cloud Pub/Sub app for Gmail API webhooks'),
-    extraScopes: Joi.string()
-        .allow('')
-        .trim()
-        .max(10 * 1024)
-        .description('OAuth2 Extra Scopes'),
-    skipScopes: Joi.string()
-        .allow('')
-        .trim()
-        .max(10 * 1024)
-        .description('OAuth2 scopes to skip from the base set'),
-    serviceClient: Joi.string()
-        .trim()
-        .allow('')
-        .max(256)
-        .when('provider', {
-            is: 'gmailService',
-            then: Joi.required(),
-            otherwise: Joi.optional().valid(false, null)
-        })
-        .description('OAuth2 Service Client ID'),
-    googleProjectId: googleProjectIdSchema,
-    googleWorkspaceAccounts: googleWorkspaceAccountsSchema.when('provider', {
-        is: 'gmail',
-        then: Joi.optional().default(false)
-    }),
-    serviceClientEmail: Joi.string()
-        .trim()
-        .allow('')
-        .email()
-        .when('provider', {
-            is: 'gmailService',
-            then: Joi.required(),
-            otherwise: Joi.optional().valid(false, null)
-        })
-        .example('name@project-123.iam.gserviceaccount.com')
-        .description('Service Client Email for 2-legged OAuth2 applications'),
-    serviceKey: Joi.string()
-        .trim()
-        .empty('', false, null)
-        .max(100 * 1024)
-        .when('provider', {
-            is: 'gmailService',
-            then: Joi.optional(),
-            otherwise: Joi.forbidden()
-        })
-        .description('OAuth2 Secret Service Key'),
-    authority: Joi.string()
-        .trim()
-        .empty('')
-        .max(1024)
-        .when('provider', {
-            is: 'outlook',
-            then: Joi.required(),
-            otherwise: Joi.optional().valid(false, null)
-        })
-        .example(false)
-        .label('SupportedAccountTypes'),
-    cloud: Joi.string()
-        .trim()
-        .empty('')
-        .valid('global', 'gcc-high', 'dod', 'china')
-        .example('global')
-        .description('Azure cloud type for Outlook OAuth2 applications')
-        .label('AzureCloud'),
-    tenant: Joi.string().trim().empty('').max(1024).example('f8cdef31-a31e-4b4a-93e4-5f571e91255a').label('Directorytenant'),
-    redirectUrl: Joi.string()
-        .allow('')
-        .uri({ scheme: ['http', 'https'], allowRelative: false })
-        .when('provider', {
-            not: 'gmailService',
-            then: Joi.required(),
-            otherwise: Joi.optional().valid(false, null)
-        })
-        .description('OAuth2 Callback URL')
-};
 function formatAccountData(account, gt) {
     account.type = {};
@@ -4761,6 +4616,11 @@ ${Buffer.from(data.content, 'base64url').toString('base64')}
                 requestPayload.email = accountData.email;
             }
+            // Service providers use client_credentials - no interactive authorization
+            if (SERVICE_ACCOUNT_PROVIDERS.has(oAuth2Client.provider)) {
+                throw Boom.badRequest('Application-only OAuth providers do not support interactive authorization');
+            }
             let authorizeUrl = oAuth2Client.generateAuthUrl(requestPayload);
             return h.redirect(authorizeUrl);

package/lib/schemas.js CHANGED Viewed

@@ -4,6 +4,7 @@ const Joi = require('joi');
 const config = require('@zone-eu/wild-config');
 const { getByteSize } = require('./tools');
 const { locales } = require('./translations');
+const { LEGACY_KEYS, OAUTH_PROVIDERS } = require('./oauth2-apps');
 const RESYNC_DELAY = 15 * 60;
@@ -22,13 +23,6 @@ const ADDRESS_STRATEGIES = [
     { key: 'random', title: 'Random' }
 ];
-const OAUTH_PROVIDERS = {
-    gmail: 'Gmail',
-    gmailService: 'Gmail Service Accounts',
-    outlook: 'Outlook',
-    mailRu: 'Mail.ru'
-};
 const accountIdSchema = Joi.string().empty('').trim().max(256).example('user123').description('Unique identifier for the email account');
 // Allowed configuration keys
@@ -1529,8 +1523,18 @@ const oauthCreateSchema = {
         .empty('')
         .max(1024)
         .when('provider', {
-            is: 'outlook',
-            then: Joi.required(),
+            switch: [
+                {
+                    is: 'outlookService',
+                    then: Joi.string().required().invalid('common', 'organizations', 'consumers').messages({
+                        'any.invalid': 'Client credentials flow requires a specific tenant ID; "{{#value}}" is not allowed'
+                    })
+                },
+                {
+                    is: 'outlook',
+                    then: Joi.required()
+                }
+            ],
             otherwise: Joi.optional().valid(false, null)
         })
         .example('common')
@@ -1541,7 +1545,7 @@ const oauthCreateSchema = {
         .trim()
         .empty('')
         .when('provider', {
-            is: 'outlook',
+            is: Joi.valid('outlook', 'outlookService'),
             then: Joi.valid('global', 'gcc-high', 'dod', 'china').default('global'),
             otherwise: Joi.optional().valid(false, null)
         })
@@ -1565,7 +1569,7 @@ const oauthCreateSchema = {
         .allow('')
         .uri({ scheme: ['http', 'https'], allowRelative: false })
         .when('provider', {
-            not: 'gmailService',
+            not: Joi.valid('gmailService', 'outlookService'),
             then: Joi.required(),
             otherwise: Joi.optional().valid(false, null)
         })
@@ -1574,6 +1578,160 @@ const oauthCreateSchema = {
         .label('OAuth2AppRedirectUrl')
 };
+const oauthUpdateSchema = {
+    app: Joi.string().empty('').max(255).example('gmail').label('Provider').required(),
+    provider: Joi.string()
+        .trim()
+        .empty('')
+        .max(256)
+        .valid(...Object.keys(OAUTH_PROVIDERS))
+        .example('gmail')
+        .required()
+        .description('OAuth2 provider'),
+    name: Joi.string()
+        .trim()
+        .empty('')
+        .max(256)
+        .example('My Gmail App')
+        .description('Application name')
+        .when('app', {
+            not: Joi.string().valid(...LEGACY_KEYS),
+            then: Joi.required(),
+            otherwise: Joi.optional().valid(false, null)
+        }),
+    description: Joi.string().trim().allow('').max(1024).example('My cool app').description('Application description'),
+    title: Joi.string().allow('').trim().max(256).example('App title').description('Title for the application button'),
+    enabled: Joi.boolean().truthy('Y', 'true', '1', 'on').falsy('N', 'false', 0, '').default(false).description('Enable this app'),
+    clientId: Joi.string()
+        .trim()
+        .allow('')
+        .max(256)
+        .when('provider', {
+            not: 'gmailService',
+            then: Joi.required(),
+            otherwise: Joi.optional().valid(false, null)
+        })
+        .description('OAuth2 Client ID'),
+    clientSecret: Joi.string()
+        .trim()
+        .empty('', false, null)
+        .max(256)
+        .when('provider', {
+            not: 'gmailService',
+            then: Joi.optional(),
+            otherwise: Joi.forbidden()
+        })
+        .description('OAuth2 Client Secret'),
+    pubSubApp: Joi.string()
+        .empty('')
+        .base64({ paddingRequired: false, urlSafe: true })
+        .max(512)
+        .example('AAAAAQAACnA')
+        .description('Cloud Pub/Sub app for Gmail API webhooks'),
+    extraScopes: Joi.string()
+        .allow('')
+        .trim()
+        .max(10 * 1024)
+        .description('OAuth2 Extra Scopes'),
+    skipScopes: Joi.string()
+        .allow('')
+        .trim()
+        .max(10 * 1024)
+        .description('OAuth2 scopes to skip from the base set'),
+    serviceClient: Joi.string()
+        .trim()
+        .allow('')
+        .max(256)
+        .when('provider', {
+            is: 'gmailService',
+            then: Joi.required(),
+            otherwise: Joi.optional().valid(false, null)
+        })
+        .description('OAuth2 Service Client ID'),
+    googleProjectId: googleProjectIdSchema,
+    googleWorkspaceAccounts: googleWorkspaceAccountsSchema.when('provider', {
+        is: 'gmail',
+        then: Joi.optional().default(false)
+    }),
+    serviceClientEmail: Joi.string()
+        .trim()
+        .allow('')
+        .email()
+        .when('provider', {
+            is: 'gmailService',
+            then: Joi.required(),
+            otherwise: Joi.optional().valid(false, null)
+        })
+        .example('name@project-123.iam.gserviceaccount.com')
+        .description('Service Client Email for 2-legged OAuth2 applications'),
+    serviceKey: Joi.string()
+        .trim()
+        .empty('', false, null)
+        .max(100 * 1024)
+        .when('provider', {
+            is: 'gmailService',
+            then: Joi.optional(),
+            otherwise: Joi.forbidden()
+        })
+        .description('OAuth2 Secret Service Key'),
+    authority: Joi.string()
+        .trim()
+        .empty('')
+        .max(1024)
+        .when('provider', {
+            switch: [
+                {
+                    is: 'outlookService',
+                    then: Joi.string().required().invalid('common', 'organizations', 'consumers').messages({
+                        'any.invalid': 'Client credentials flow requires a specific tenant ID; "{{#value}}" is not allowed'
+                    })
+                },
+                {
+                    is: 'outlook',
+                    then: Joi.required()
+                }
+            ],
+            otherwise: Joi.optional().valid(false, null)
+        })
+        .example(false)
+        .label('SupportedAccountTypes'),
+    cloud: Joi.string()
+        .trim()
+        .empty('')
+        .valid('global', 'gcc-high', 'dod', 'china')
+        .example('global')
+        .description('Azure cloud type for Outlook OAuth2 applications')
+        .label('AzureCloud'),
+    tenant: Joi.string().trim().empty('').max(1024).example('f8cdef31-a31e-4b4a-93e4-5f571e91255a').label('Directorytenant'),
+    redirectUrl: Joi.string()
+        .allow('')
+        .uri({ scheme: ['http', 'https'], allowRelative: false })
+        .when('provider', {
+            not: Joi.valid('gmailService', 'outlookService'),
+            then: Joi.required(),
+            otherwise: Joi.optional().valid(false, null)
+        })
+        .description('OAuth2 Callback URL')
+};
 const tokenRestrictionsSchema = Joi.object({
     referrers: Joi.array()
         .items(Joi.string())
@@ -1822,6 +1980,7 @@ const exportStatusSchema = Joi.object({
     progress: exportProgressSchema,
     created: Joi.date().iso().example('2024-01-15T10:30:00Z').description('When export was created'),
     expiresAt: Joi.date().iso().example('2024-01-16T10:30:00Z').description('When export file expires'),
+    truncated: Joi.boolean().example(true).description('Whether the export was truncated due to message count or size limits'),
     error: Joi.string().allow(null).description('Error message if export failed')
 }).label('ExportStatus');
@@ -1876,6 +2035,7 @@ module.exports = {
     searchSchema,
     messageUpdateSchema,
     oauthCreateSchema,
+    oauthUpdateSchema,
     tokenRestrictionsSchema,
     accountIdSchema,
     ipSchema,

package/lib/ui-routes/account-routes.js CHANGED Viewed

@@ -22,7 +22,7 @@ const {
 } = require('../tools');
 const { Account } = require('../account');
 const { Gateway } = require('../gateway');
-const { oauth2Apps, oauth2ProviderData } = require('../oauth2-apps');
+const { oauth2Apps, oauth2ProviderData, SERVICE_ACCOUNT_PROVIDERS } = require('../oauth2-apps');
 const { autodetectImapSettings } = require('../autodetect-imap-settings');
 const getSecret = require('../get-secret');
 const capa = require('../capa');
@@ -538,6 +538,11 @@ function init(args) {
                 requestPayload.email = accountData.email;
             }
+            // Service providers use client_credentials - no interactive authorization
+            if (SERVICE_ACCOUNT_PROVIDERS.has(oAuth2Client.provider)) {
+                throw Boom.badRequest('Application-only OAuth providers do not support interactive authorization');
+            }
             let authorizeUrl = oAuth2Client.generateAuthUrl(requestPayload);
             return h.redirect(authorizeUrl);

package/lib/ui-routes/oauth-routes.js CHANGED Viewed

@@ -5,14 +5,22 @@ const Joi = require('joi');
 const settings = require('../settings');
 const { redis } = require('../db');
-const { oauth2Apps, LEGACY_KEYS, OAUTH_PROVIDERS, oauth2ProviderData } = require('../oauth2-apps');
+const { oauth2Apps, OAUTH_PROVIDERS, oauth2ProviderData } = require('../oauth2-apps');
 const getSecret = require('../get-secret');
 const { Account } = require('../account');
-const { oauthCreateSchema, googleProjectIdSchema, googleWorkspaceAccountsSchema } = require('../schemas');
+const { oauthCreateSchema, oauthUpdateSchema } = require('../schemas');
 const consts = require('../consts');
 const { DEFAULT_PAGE_SIZE } = consts;
+// Microsoft Entra requires 'localhost' rather than '127.0.0.1' in redirect URIs
+function normalizeOutlookRedirectUrl(redirectUrl, provider) {
+    if (provider === 'outlook') {
+        return redirectUrl.replace(/^http:\/\/127\.0\.0\.1\b/i, 'http://localhost');
+    }
+    return redirectUrl;
+}
 const AZURE_CLOUDS = [
     {
         id: 'global',
@@ -39,150 +47,6 @@ const AZURE_CLOUDS = [
     }
 ];
-const oauthUpdateSchema = {
-    app: Joi.string().empty('').max(255).example('gmail').label('Provider').required(),
-    provider: Joi.string()
-        .trim()
-        .empty('')
-        .max(256)
-        .valid(...Object.keys(OAUTH_PROVIDERS))
-        .example('gmail')
-        .required()
-        .description('OAuth2 provider'),
-    name: Joi.string()
-        .trim()
-        .empty('')
-        .max(256)
-        .example('My Gmail App')
-        .description('Application name')
-        .when('app', {
-            not: Joi.string().valid(...LEGACY_KEYS),
-            then: Joi.required(),
-            otherwise: Joi.optional().valid(false, null)
-        }),
-    description: Joi.string().trim().allow('').max(1024).example('My cool app').description('Application description'),
-    title: Joi.string().allow('').trim().max(256).example('App title').description('Title for the application button'),
-    enabled: Joi.boolean().truthy('Y', 'true', '1', 'on').falsy('N', 'false', 0, '').default(false).description('Enable this app'),
-    clientId: Joi.string()
-        .trim()
-        .allow('')
-        .max(256)
-        .when('provider', {
-            not: 'gmailService',
-            then: Joi.required(),
-            otherwise: Joi.optional().valid(false, null)
-        })
-        .description('OAuth2 Client ID'),
-    clientSecret: Joi.string()
-        .trim()
-        .empty('', false, null)
-        .max(256)
-        .when('provider', {
-            not: 'gmailService',
-            then: Joi.optional(),
-            otherwise: Joi.forbidden()
-        })
-        .description('OAuth2 Client Secret'),
-    pubSubApp: Joi.string()
-        .empty('')
-        .base64({ paddingRequired: false, urlSafe: true })
-        .max(512)
-        .example('AAAAAQAACnA')
-        .description('Cloud Pub/Sub app for Gmail API webhooks'),
-    extraScopes: Joi.string()
-        .allow('')
-        .trim()
-        .max(10 * 1024)
-        .description('OAuth2 Extra Scopes'),
-    skipScopes: Joi.string()
-        .allow('')
-        .trim()
-        .max(10 * 1024)
-        .description('OAuth2 scopes to skip from the base set'),
-    serviceClient: Joi.string()
-        .trim()
-        .allow('')
-        .max(256)
-        .when('provider', {
-            is: 'gmailService',
-            then: Joi.required(),
-            otherwise: Joi.optional().valid(false, null)
-        })
-        .description('OAuth2 Service Client ID'),
-    googleProjectId: googleProjectIdSchema,
-    googleWorkspaceAccounts: googleWorkspaceAccountsSchema.when('provider', {
-        is: 'gmail',
-        then: Joi.optional().default(false)
-    }),
-    serviceClientEmail: Joi.string()
-        .trim()
-        .allow('')
-        .email()
-        .when('provider', {
-            is: 'gmailService',
-            then: Joi.required(),
-            otherwise: Joi.optional().valid(false, null)
-        })
-        .example('name@project-123.iam.gserviceaccount.com')
-        .description('Service Client Email for 2-legged OAuth2 applications'),
-    serviceKey: Joi.string()
-        .trim()
-        .empty('', false, null)
-        .max(100 * 1024)
-        .when('provider', {
-            is: 'gmailService',
-            then: Joi.optional(),
-            otherwise: Joi.forbidden()
-        })
-        .description('OAuth2 Secret Service Key'),
-    authority: Joi.string()
-        .trim()
-        .empty('')
-        .max(1024)
-        .when('provider', {
-            is: 'outlook',
-            then: Joi.required(),
-            otherwise: Joi.optional().valid(false, null)
-        })
-        .example(false)
-        .label('SupportedAccountTypes'),
-    cloud: Joi.string()
-        .trim()
-        .empty('')
-        .valid('global', 'gcc-high', 'dod', 'china')
-        .example('global')
-        .description('Azure cloud type for Outlook OAuth2 applications')
-        .label('AzureCloud'),
-    tenant: Joi.string().trim().empty('').max(1024).example('f8cdef31-a31e-4b4a-93e4-5f571e91255a').label('Directorytenant'),
-    redirectUrl: Joi.string()
-        .allow('')
-        .uri({ scheme: ['http', 'https'], allowRelative: false })
-        .when('provider', {
-            not: 'gmailService',
-            then: Joi.required(),
-            otherwise: Joi.optional().valid(false, null)
-        })
-        .description('OAuth2 Callback URL')
-};
 function init({ server, call }) {
     // GET /admin/config/oauth - OAuth applications list
     server.route({
@@ -448,10 +312,7 @@ function init({ server, call }) {
             let providerData = oauth2ProviderData(provider);
             let serviceUrl = await settings.get('serviceUrl');
-            let defaultRedirectUrl = `${serviceUrl}/oauth`;
-            if (provider === 'outlook') {
-                defaultRedirectUrl = defaultRedirectUrl.replace(/^http:\/\/127\.0\.0\.1\b/i, 'http://localhost');
-            }
+            let defaultRedirectUrl = normalizeOutlookRedirectUrl(`${serviceUrl}/oauth`, provider);
             let pubSubApps = await oauth2Apps.list(0, 1000, { pubsub: true });
@@ -483,10 +344,10 @@ function init({ server, call }) {
                     values: {
                         provider,
-                        redirectUrl: defaultRedirectUrl
+                        ...(provider !== 'outlookService' ? { redirectUrl: defaultRedirectUrl } : {})
                     },
-                    authorityCommon: true
+                    authorityCommon: provider !== 'outlookService'
                 },
                 {
                     layout: 'app'
@@ -562,10 +423,7 @@ function init({ server, call }) {
                 let providerData = oauth2ProviderData(provider);
                 let serviceUrl = await settings.get('serviceUrl');
-                let defaultRedirectUrl = `${serviceUrl}/oauth`;
-                if (provider === 'outlook') {
-                    defaultRedirectUrl = defaultRedirectUrl.replace(/^http:\/\/127\.0\.0\.1\b/i, 'http://localhost');
-                }
+                let defaultRedirectUrl = normalizeOutlookRedirectUrl(`${serviceUrl}/oauth`, provider);
                 let pubSubApps = await oauth2Apps.list(0, 1000, { pubsub: true });
@@ -642,10 +500,7 @@ function init({ server, call }) {
                     let providerData = oauth2ProviderData(provider);
                     let serviceUrl = await settings.get('serviceUrl');
-                    let defaultRedirectUrl = `${serviceUrl}/oauth`;
-                    if (provider === 'outlook') {
-                        defaultRedirectUrl = defaultRedirectUrl.replace(/^http:\/\/127\.0\.0\.1\b/i, 'http://localhost');
-                    }
+                    let defaultRedirectUrl = normalizeOutlookRedirectUrl(`${serviceUrl}/oauth`, provider);
                     let pubSubApps = await oauth2Apps.list(0, 1000, { pubsub: true });
@@ -714,10 +569,7 @@ function init({ server, call }) {
             let providerData = oauth2ProviderData(appData.provider, appData.cloud);
             let serviceUrl = await settings.get('serviceUrl');
-            let defaultRedirectUrl = `${serviceUrl}/oauth`;
-            if (providerData.provider === 'outlook') {
-                defaultRedirectUrl = defaultRedirectUrl.replace(/^http:\/\/127\.0\.0\.1\b/i, 'http://localhost');
-            }
+            let defaultRedirectUrl = normalizeOutlookRedirectUrl(`${serviceUrl}/oauth`, providerData.provider);
             let values = Object.assign({}, appData, {
                 clientSecret: '',
@@ -843,10 +695,7 @@ function init({ server, call }) {
                 let providerData = oauth2ProviderData(appData.provider, appData.cloud);
                 let serviceUrl = await settings.get('serviceUrl');
-                let defaultRedirectUrl = `${serviceUrl}/oauth`;
-                if (appData.provider === 'outlook') {
-                    defaultRedirectUrl = defaultRedirectUrl.replace(/^http:\/\/127\.0\.0\.1\b/i, 'http://localhost');
-                }
+                let defaultRedirectUrl = normalizeOutlookRedirectUrl(`${serviceUrl}/oauth`, appData.provider);
                 let pubSubApps = await oauth2Apps.list(0, 1000, { pubsub: true });
@@ -932,10 +781,7 @@ function init({ server, call }) {
                     let providerData = oauth2ProviderData(provider);
                     let serviceUrl = await settings.get('serviceUrl');
-                    let defaultRedirectUrl = `${serviceUrl}/oauth`;
-                    if (provider === 'outlook') {
-                        defaultRedirectUrl = defaultRedirectUrl.replace(/^http:\/\/127\.0\.0\.1\b/i, 'http://localhost');
-                    }
+                    let defaultRedirectUrl = normalizeOutlookRedirectUrl(`${serviceUrl}/oauth`, provider);
                     let pubSubApps = await oauth2Apps.list(0, 1000, { pubsub: true });