pyxecm 2.0.0__py3-none-any.whl → 2.0.1__py3-none-any.whl

pyxecm/customizer/m365.py

@@ -116,9 +116,9 @@ class M365:
         # Set the data for the token request
         m365_config["tokenData"] = {
             "client_id": client_id,
-            "scope": "https://graph.microsoft.com/.default",
             "client_secret": client_secret,
             "grant_type": "client_credentials",
+            "scope": "https://graph.microsoft.com/.default",
         }
 
         m365_config["meUrl"] = m365_config["graphUrl"] + "me"
@@ -157,7 +157,7 @@ class M365:
 
         return self.config()["tokenData"]
 
-    def credentials_user(self, username: str, password: str) -> dict:
+    def credentials_user(self, username: str, password: str, scope: str = "Files.ReadWrite") -> dict:
         """Get user credentials.
 
         In some cases MS Graph APIs cannot be called via
@@ -173,6 +173,10 @@ class M365:
                 The M365 username.
             password (str):
                 The password of the M365 user.
+            scope (str):
+                The scope of the delegated permission.
+                It is important to provide a scope for the intended operation
+                like "Files.ReadWrite".
 
         Returns:
             dict:
@@ -180,13 +184,14 @@ class M365:
 
         """
 
+        # Use OAuth2 / ROPC (Resource Owner Password Credentials):
         credentials = {
             "client_id": self.config()["clientId"],
-            "scope": "https://graph.microsoft.com/.default",
             "client_secret": self.config()["clientSecret"],
             "grant_type": "password",
             "username": username,
             "password": password,
+            "scope": scope,
         }
 
         return credentials
@@ -233,10 +238,14 @@ class M365:
         """
 
         request_header = {
-            "Authorization": "Bearer {}".format(self._user_access_token),
             "Content-Type": content_type,
         }
 
+        if not self._user_access_token:
+            self.logger.error("No M365 user is authenticated! Cannot include Bearer token in request header!")
+        else:
+            request_header["Authorization"] = "Bearer {}".format(self._user_access_token)
+
         return request_header
 
     # end method definition
@@ -359,6 +368,14 @@ class M365:
                     )
                     time.sleep((retries + 1) * 60)
                     retries += 1
+                elif response.status_code in [404, 429] and retries < REQUEST_MAX_RETRIES:
+                    self.logger.warning(
+                        "M365 Graph API is too slow or throtteling calls -> %s; retrying in %s seconds...",
+                        response.status_code,
+                        (retries + 1) * 60,
+                    )
+                    time.sleep((retries + 1) * 60)
+                    retries += 1
                 else:
                     # Handle plain HTML responses to not pollute the logs
                     content_type = response.headers.get("content-type", None)
@@ -679,7 +696,7 @@ class M365:
         Returns:
             str | None:
                 The access token. Also stores access token in self._access_token.
-                None in case of error.
+                None in case of an error.
 
         """
 
@@ -710,7 +727,7 @@ class M365:
             self.logger.warning(
                 "Unable to connect to -> %s : %s",
                 self.config()["authenticationUrl"],
-                exception,
+                str(exception),
             )
             return None
 
@@ -718,9 +735,8 @@ class M365:
             authenticate_dict = self.parse_request_response(authenticate_response)
             if not authenticate_dict:
                 return None
-            else:
-                access_token = authenticate_dict["access_token"]
-                self.logger.debug("Access Token -> %s", access_token)
+            access_token = authenticate_dict["access_token"]
+            self.logger.debug("Access Token -> %s", access_token)
         else:
             self.logger.error(
                 "Failed to request an M365 Access Token; error -> %s",
@@ -735,7 +751,7 @@ class M365:
 
     # end method definition
 
-    def authenticate_user(self, username: str, password: str) -> str | None:
+    def authenticate_user(self, username: str, password: str, scope: str | None = None) -> str | None:
         """Authenticate at M365 Graph API with username and password.
 
         Args:
@@ -743,10 +759,14 @@ class M365:
                 The name (email) of the M365 user.
             password (str):
                 The password of the M365 user.
+            scope (str):
+                The scope of the delegated permission. E.g. "Files.ReadWrite".
+                Multiple delegated permissions should be separated by spaces.
 
         Returns:
             str | None:
                 The access token for the user. Also stores access token in self._access_token.
+                None in case of an error.
 
         """
 
@@ -764,12 +784,13 @@ class M365:
             return None
 
         self.logger.debug(
-            "Requesting M365 Access Token for user -> %s from -> %s",
+            "Requesting M365 Access Token for user -> %s from -> %s%s",
             username,
             request_url,
+            " with scope -> '{}'".format(scope) if scope else "",
         )
 
-        authenticate_post_body = self.credentials_user(username, password)
+        authenticate_post_body = self.credentials_user(username=username, password=password, scope=scope)
         authenticate_response = None
 
         try:
@@ -784,7 +805,7 @@ class M365:
                 "Unable to connect to -> %s with username -> %s: %s",
                 self.config()["authenticationUrl"],
                 username,
-                exception,
+                str(exception),
             )
             return None
 
@@ -1354,6 +1375,74 @@ class M365:
 
     # end method definition
 
+    def get_user_drive(self, user_id: str, me: bool = False) -> dict | None:
+        """Get the mysite (OneDrive) of the user.
+
+        It may be required to do this before certain other operations
+        are possible. These operations may require that the mydrive
+        is initialized for that user. If you get errors like
+        "User's mysite not found." this may be the case.
+
+        Args:
+            user_id (str):
+                The M365 GUID of the user (can also be the M365 email of the user).
+            me (bool, optional):
+                Should be True if the user itself is accessing the drive.
+
+        Returns:
+            dict:
+                A list of user licenses or None if request fails.
+
+        Example:
+        {
+            '@odata.context': 'https://graph.microsoft.com/v1.0/$metadata#drives/$entity',
+            'createdDateTime': '2025-04-10T23:43:26Z',
+            'description': '',
+            'id': 'b!VsxYN1IbrEqbiwMiba_M7FCkNAhL5LRFnQEZpEYbxDAxvvcvUMAhSqfgWW_4eAUP',
+            'lastModifiedDateTime': '2025-04-12T15:50:20Z',
+            'name': 'OneDrive',
+            'webUrl': 'https://ideateqa-my.sharepoint.com/personal/jbenham_qa_idea-te_eimdemo_com/Documents',
+            'driveType': 'business',
+            'createdBy': {
+                'user': {
+                    'displayName': 'System Account'
+                }
+            },
+            'lastModifiedBy': {
+                'user': {
+                    'email': 'jbenham@qa.idea-te.eimdemo.com',
+                    'id': '470060cc-4d9f-439e-8a6e-8d567c5bda80',
+                    'displayName': 'Jeff Benham'
+                }
+            },
+            'owner': {
+                'user': {...}
+            },
+            'quota': {
+                'deleted': 0,
+                'remaining': 1099511518137,
+                'state': 'normal',
+                'total': 1099511627776,
+                'used': 109639
+            }
+        }
+
+        """
+
+        request_url = self.config()["meUrl"] if me else self.config()["usersUrl"] + "/" + user_id
+        request_url += "/drive"
+        request_header = self.request_header_user() if me else self.request_header()
+
+        return self.do_request(
+            url=request_url,
+            method="GET",
+            headers=request_header,
+            timeout=REQUEST_TIMEOUT,
+            failure_message="Failed to get mySite (drive) of M365 user -> {}".format(user_id),
+        )
+
+    # end method definition
+
     def get_groups(
         self,
         max_number: int = 250,
@@ -4799,7 +4888,7 @@ class M365:
         """
 
         request_url = self.config()["sitesUrl"] + "/" + site_id + "/pages"
-        request_headers = self.request_header()
+        request_header = self.request_header()
 
         # Page payload for a basic site page
         payload = {
@@ -4814,7 +4903,7 @@ class M365:
         response = self.do_request(
             url=request_url,
             method="POST",
-            headers=request_headers,
+            headers=request_header,
             json_data=payload,
             timeout=REQUEST_TIMEOUT,
             failure_message="Failed to create SharePoint page -> '{}' in SharePoint site -> '{}'".format(