From 7428da74c24c69b4a51e8a0fed57b71806cd7e6c Mon Sep 17 00:00:00 2001
From: Milan Cvetkovic <mcvetkovic@microsoft.com>
Date: Mon, 14 Aug 2023 10:32:14 +0000
Subject: [PATCH] Use omniauth-microsoft_graph instead of omniauth-windowslive

Omniauth-microsoft_graph correctly populates 'email' and 'name' fields used by OpenStreetMap.
It also  uses updated endpoints for Microsoft identity provider.

Use email address returned by microsoft_graph provider as a verified address.

Upgrading exisiting users from windowslive to microsoft_graph:
 - upon next login existing `windowslive` users will have to authorizei
   OpenStreetMap application to "Read Your Profile," required for proper reading
   of display name field.

The name of the identity provider in OSM is kept to 'windowslive':
 - the entries in users table with `provider == 'windowslive'`
   can be reused for microsoft_graph provider, since
   the uid field is preserved. Users will not need to repeat the sign up process.
 - OAuth2 callback is still `/auth/windowslive`, no updates to Microsoft Identity Provider portal
   App registration are necessary.
---
 Gemfile                                | 2 +-
 Gemfile.lock                           | 8 ++++----
 app/controllers/users_controller.rb    | 2 +-
 app/views/sessions/new.html.erb        | 2 +-
 config/initializers/omniauth.rb        | 4 ++--
 config/settings.yml                    | 4 ++--
 config/settings/test.yml               | 4 ++--
 lib/auth.rb                            | 2 +-
 test/integration/user_creation_test.rb | 6 +++---
 9 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/Gemfile b/Gemfile
index 39ffed860..f60a219e7 100644
--- a/Gemfile
+++ b/Gemfile
@@ -72,9 +72,9 @@ gem "omniauth-facebook"
 gem "omniauth-github"
 gem "omniauth-google-oauth2", ">= 0.6.0"
 gem "omniauth-mediawiki", ">= 0.0.4"
+gem "omniauth-microsoft_graph"
 gem "omniauth-openid"
 gem "omniauth-rails_csrf_protection", "~> 1.0"
-gem "omniauth-windowslive"
 
 # Doorkeeper for OAuth2
 gem "doorkeeper"
diff --git a/Gemfile.lock b/Gemfile.lock
index b75e93606..c78172a41 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -348,6 +348,9 @@ GEM
     omniauth-mediawiki (0.0.4)
       jwt (~> 2.0)
       omniauth-oauth (~> 1.0)
+    omniauth-microsoft_graph (1.2.0)
+      omniauth (~> 2.0)
+      omniauth-oauth2 (~> 1.8.0)
     omniauth-oauth (1.2.0)
       oauth
       omniauth (>= 1.0, < 3)
@@ -360,9 +363,6 @@ GEM
     omniauth-rails_csrf_protection (1.0.1)
       actionpack (>= 4.2)
       omniauth (~> 2.0)
-    omniauth-windowslive (0.0.12)
-      multi_json (~> 1.12)
-      omniauth-oauth2 (~> 1.4)
     openstreetmap-deadlock_retry (1.3.1)
     parallel (1.23.0)
     parser (3.2.2.3)
@@ -595,9 +595,9 @@ DEPENDENCIES
   omniauth-github
   omniauth-google-oauth2 (>= 0.6.0)
   omniauth-mediawiki (>= 0.0.4)
+  omniauth-microsoft_graph
   omniauth-openid
   omniauth-rails_csrf_protection (~> 1.0)
-  omniauth-windowslive
   openstreetmap-deadlock_retry (>= 1.3.1)
   pg
   puma (~> 5.6)
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index fc9a6afc0..dbc621fab 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -250,7 +250,7 @@ class UsersController < ApplicationController
                      when "openid"
                        uid.match(%r{https://www.google.com/accounts/o8/id?(.*)}) ||
                        uid.match(%r{https://me.yahoo.com/(.*)})
-                     when "google", "facebook"
+                     when "google", "facebook", "windowslive"
                        true
                      else
                        false
diff --git a/app/views/sessions/new.html.erb b/app/views/sessions/new.html.erb
index bb43aefd5..80537bad5 100644
--- a/app/views/sessions/new.html.erb
+++ b/app/views/sessions/new.html.erb
@@ -35,7 +35,7 @@
         <% if Settings.key?(:facebook_auth_id) -%>
         <li><%= auth_button "facebook", "facebook" %></li>
         <% end -%>
-        <% if Settings.key?(:windowslive_auth_id) -%>
+        <% if Settings.key?(:microsoft_graph_auth_id) -%>
         <li><%= auth_button "windowslive", "windowslive" %></li>
         <% end -%>
         <% if Settings.key?(:github_auth_id) -%>
diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb
index 5ca4ccffa..81d4747e9 100644
--- a/config/initializers/omniauth.rb
+++ b/config/initializers/omniauth.rb
@@ -24,7 +24,7 @@ end
 openid_options = { :name => "openid", :store => openid_store }
 google_options = { :name => "google", :scope => "email", :access_type => "online" }
 facebook_options = { :name => "facebook", :scope => "email", :client_options => { :site => "https://graph.facebook.com/v4.0", :authorize_url => "https://www.facebook.com/v4.0/dialog/oauth" } }
-windowslive_options = { :name => "windowslive", :scope => "wl.signin,wl.emails" }
+microsoft_graph_options = { :name => "windowslive", :scope => "openid User.Read" }
 github_options = { :name => "github", :scope => "user:email" }
 wikipedia_options = { :name => "wikipedia", :client_options => { :site => "https://meta.wikimedia.org" } }
 
@@ -34,7 +34,7 @@ Rails.application.config.middleware.use OmniAuth::Builder do
   provider :openid, openid_options
   provider :google_oauth2, Settings.google_auth_id, Settings.google_auth_secret, google_options if Settings.key?(:google_auth_id)
   provider :facebook, Settings.facebook_auth_id, Settings.facebook_auth_secret, facebook_options if Settings.key?(:facebook_auth_id)
-  provider :windowslive, Settings.windowslive_auth_id, Settings.windowslive_auth_secret, windowslive_options if Settings.key?(:windowslive_auth_id)
+  provider :microsoft_graph, Settings.microsoft_graph_auth_id, Settings.microsoft_graph_auth_secret, microsoft_graph_options if Settings.key?(:microsoft_graph_auth_id)
   provider :github, Settings.github_auth_id, Settings.github_auth_secret, github_options if Settings.key?(:github_auth_id)
   provider :mediawiki, Settings.wikipedia_auth_id, Settings.wikipedia_auth_secret, wikipedia_options if Settings.key?(:wikipedia_auth_id)
 end
diff --git a/config/settings.yml b/config/settings.yml
index 49b4531ad..208d21e65 100644
--- a/config/settings.yml
+++ b/config/settings.yml
@@ -100,8 +100,8 @@ fossgis_valhalla_url: "https://valhalla1.openstreetmap.de/route"
 #google_openid_realm: ""
 #facebook_auth_id: ""
 #facebook_auth_secret: ""
-#windowslive_auth_id: ""
-#windowslive_auth_secret: ""
+#microsoft_graph_auth_id: ""
+#microsoft_graph_auth_secret: ""
 #github_auth_id: ""
 #github_auth_secret: ""
 #wikipedia_auth_id: ""
diff --git a/config/settings/test.yml b/config/settings/test.yml
index 1f951e872..72784fbb6 100644
--- a/config/settings/test.yml
+++ b/config/settings/test.yml
@@ -6,8 +6,8 @@ google_auth_secret: "dummy"
 google_openid_realm: "https://www.openstreetmap.org"
 facebook_auth_id: "dummy"
 facebook_auth_secret: "dummy"
-windowslive_auth_id: "dummy"
-windowslive_auth_secret: "dummy"
+microsoft_graph_auth_id: "dummy"
+microsoft_graph_auth_secret: "dummy"
 github_auth_id: "dummy"
 github_auth_secret: "dummy"
 wikipedia_auth_id: "dummy"
diff --git a/lib/auth.rb b/lib/auth.rb
index bc1ee8ec6..0ed00729f 100644
--- a/lib/auth.rb
+++ b/lib/auth.rb
@@ -8,7 +8,7 @@ module Auth
     }.tap do |providers|
       providers[I18n.t("auth.providers.google")] = "google" if Settings.key?(:google_auth_id)
       providers[I18n.t("auth.providers.facebook")] = "facebook" if Settings.key?(:facebook_auth_id)
-      providers[I18n.t("auth.providers.windowslive")] = "windowslive" if Settings.key?(:windowslive_auth_id)
+      providers[I18n.t("auth.providers.windowslive")] = "windowslive" if Settings.key?(:microsoft_graph_auth_id)
       providers[I18n.t("auth.providers.github")] = "github" if Settings.key?(:github_auth_id)
       providers[I18n.t("auth.providers.wikipedia")] = "wikipedia" if Settings.key?(:wikipedia_auth_id)
     end.freeze
diff --git a/test/integration/user_creation_test.rb b/test/integration/user_creation_test.rb
index d7f6f5200..211d35493 100644
--- a/test/integration/user_creation_test.rb
+++ b/test/integration/user_creation_test.rb
@@ -697,7 +697,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
     OmniAuth.config.add_mock(:windowslive, :uid => "123454321", :info => { "email" => new_email })
 
     assert_difference("User.count") do
-      assert_difference("ActionMailer::Base.deliveries.size", 1) do
+      assert_difference("ActionMailer::Base.deliveries.size", 0) do
         perform_enqueued_jobs do
           post "/user/new",
                :params => { :user => { :email => new_email,
@@ -724,7 +724,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
                                        :pass_crypt_confirmation => password },
                             :read_ct => 1, :read_tou => 1 }
           assert_response :redirect
-          assert_redirected_to :controller => :confirmations, :action => :confirm, :display_name => display_name
+          assert_redirected_to welcome_path
           follow_redirect!
         end
       end
@@ -732,7 +732,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
 
     # Check the page
     assert_response :success
-    assert_template "confirmations/confirm"
+    assert_template "site/welcome"
 
     ActionMailer::Base.deliveries.clear
   end
-- 
2.39.5