From 08ec37272bb945625daed7e6ae7ed2bd663cdabd Mon Sep 17 00:00:00 2001
From: Milan Crha <mcrha@redhat.com>
Date: Wed, 4 May 2022 15:30:49 +0200
Subject: [PATCH] I#388 - Google OAuth out-of-band (oob) flow will be
 deprecated

Closes https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/388
---
 src/libedataserver/e-oauth2-service-google.c | 62 +++++++++++++++++---
 1 file changed, 55 insertions(+), 7 deletions(-)

diff --git a/src/libedataserver/e-oauth2-service-google.c b/src/libedataserver/e-oauth2-service-google.c
index 4d262d32f..93af1cb0b 100644
--- a/src/libedataserver/e-oauth2-service-google.c
+++ b/src/libedataserver/e-oauth2-service-google.c
@@ -24,6 +24,7 @@
 #include "e-oauth2-service-google.h"
 
 /* https://developers.google.com/identity/protocols/OAuth2InstalledApp */
+/* https://developers.google.com/identity/protocols/oauth2/native-app */
 
 /* Forward Declarations */
 static void e_oauth2_service_google_oauth2_service_init (EOAuth2ServiceInterface *iface);
@@ -122,14 +123,60 @@ static const gchar *
 eos_google_get_authentication_uri (EOAuth2Service *service,
 				   ESource *source)
 {
-	return "https://accounts.google.com/o/oauth2/auth";
+	return "https://accounts.google.com/o/oauth2/v2/auth";
 }
 
 static const gchar *
 eos_google_get_refresh_uri (EOAuth2Service *service,
 			    ESource *source)
 {
-	return "https://www.googleapis.com/oauth2/v3/token";
+	return "https://oauth2.googleapis.com/token";
+}
+
+static const gchar *
+eos_google_get_redirect_uri (EOAuth2Service *service,
+			     ESource *source)
+{
+	G_LOCK_DEFINE_STATIC (redirect_uri);
+	const gchar *key_name = "oauth2-google-redirect-uri";
+	gchar *value;
+
+	G_LOCK (redirect_uri);
+
+	value = g_object_get_data (G_OBJECT (service), key_name);
+	if (!value) {
+		const gchar *client_id = eos_google_get_client_id (service, source);
+
+		if (client_id) {
+			GPtrArray *array;
+			gchar **strv;
+			gchar *joinstr;
+			guint ii;
+
+			strv = g_strsplit (client_id, ".", -1);
+			array = g_ptr_array_new ();
+
+			for (ii = 0; strv[ii]; ii++) {
+				g_ptr_array_insert (array, 0, strv[ii]);
+			}
+
+			g_ptr_array_add (array, NULL);
+
+			joinstr = g_strjoinv (".", (gchar **) array->pdata);
+			/* Use reverse-DNS of the client ID with the below path */
+			value = g_strconcat (joinstr, ":/oauth2redirect", NULL);
+
+			g_ptr_array_free (array, TRUE);
+			g_strfreev (strv);
+			g_free (joinstr);
+
+			g_object_set_data_full (G_OBJECT (service), key_name, value, g_free);
+		}
+	}
+
+	G_UNLOCK (redirect_uri);
+
+	return value;
 }
 
 static void
@@ -191,13 +238,13 @@ eos_google_extract_authorization_code (EOAuth2Service *service,
 
 				params = soup_form_decode (query);
 				if (params) {
-					const gchar *response;
+					const gchar *code;
 
-					response = g_hash_table_lookup (params, "response");
-					if (response && g_ascii_strncasecmp (response, "code=", 5) == 0) {
-						*out_authorization_code = g_strdup (response + 5);
+					code = g_hash_table_lookup (params, "code");
+					if (code && *code) {
+						*out_authorization_code = g_strdup (code);
 						known = TRUE;
-					} else if (response && g_ascii_strncasecmp (response, "error", 5) == 0) {
+					} else if (g_hash_table_lookup (params, "error")) {
 						known = TRUE;
 					}
 
@@ -225,6 +272,7 @@ e_oauth2_service_google_oauth2_service_init (EOAuth2ServiceInterface *iface)
 	iface->get_client_secret = eos_google_get_client_secret;
 	iface->get_authentication_uri = eos_google_get_authentication_uri;
 	iface->get_refresh_uri = eos_google_get_refresh_uri;
+	iface->get_redirect_uri = eos_google_get_redirect_uri;
 	iface->prepare_authentication_uri_query = eos_google_prepare_authentication_uri_query;
 	iface->extract_authorization_code = eos_google_extract_authorization_code;
 }
-- 
2.35.1