Abstraction of authenticators. Reworked Gmail authentication.

Wino.Authentication/BaseAuthenticator.cs

@@ -0,0 +1,17 @@
+using Wino.Core.Domain.Enums;
+using Wino.Core.Domain.Interfaces;
+
+namespace Wino.Authentication
+{
+    public abstract class BaseAuthenticator
+    {
+        public abstract MailProviderType ProviderType { get; }
+        protected IAuthenticatorConfig AuthenticatorConfig { get; }
+
+        protected BaseAuthenticator(IAuthenticatorConfig authenticatorConfig)
+        {
+
+            AuthenticatorConfig = authenticatorConfig;
+        }
+    }
+}

Wino.Authentication/GmailAuthenticator.cs

@@ -0,0 +1,53 @@
+using System.Threading;
+using System.Threading.Tasks;
+using Google.Apis.Auth.OAuth2;
+using Google.Apis.Util.Store;
+using Wino.Core.Domain.Entities.Shared;
+using Wino.Core.Domain.Enums;
+using Wino.Core.Domain.Interfaces;
+using Wino.Core.Domain.Models.Authentication;
+
+namespace Wino.Authentication
+{
+    public class GmailAuthenticator : BaseAuthenticator, IGmailAuthenticator
+    {
+        private const string FileDataStoreFolder = "WinoGmailStore";
+
+        public GmailAuthenticator(IAuthenticatorConfig authConfig) : base(authConfig)
+        {
+        }
+
+        public string ClientId => AuthenticatorConfig.GmailAuthenticatorClientId;
+        public bool ProposeCopyAuthURL { get; set; }
+
+        public override MailProviderType ProviderType => MailProviderType.Gmail;
+
+        /// <summary>
+        /// Generates the token information for the given account.
+        /// For gmail, interactivity is automatically handled when you get the token.
+        /// </summary>
+        /// <param name="account">Account to get token for.</param>
+        public Task<TokenInformationEx> GenerateTokenInformationAsync(MailAccount account)
+            => GetTokenInformationAsync(account);
+
+        public async Task<TokenInformationEx> GetTokenInformationAsync(MailAccount account)
+        {
+            var userCredential = await GetGoogleUserCredentialAsync(account);
+
+            if (userCredential.Token.IsStale)
+            {
+                await userCredential.RefreshTokenAsync(CancellationToken.None);
+            }
+
+            return new TokenInformationEx(userCredential.Token.AccessToken, account.Address);
+        }
+
+        private Task<UserCredential> GetGoogleUserCredentialAsync(MailAccount account)
+        {
+            return GoogleWebAuthorizationBroker.AuthorizeAsync(new ClientSecrets()
+            {
+                ClientId = ClientId
+            }, AuthenticatorConfig.GmailScope, account.Id.ToString(), CancellationToken.None, new FileDataStore(FileDataStoreFolder));
+        }
+    }
+}

Wino.Authentication/Office365Authenticator.cs

@@ -0,0 +1,16 @@
+using Wino.Core.Domain.Enums;
+using Wino.Core.Domain.Interfaces;
+
+namespace Wino.Authentication
+{
+    public class Office365Authenticator : OutlookAuthenticator
+    {
+        public Office365Authenticator(INativeAppService nativeAppService,
+                                      IApplicationConfiguration applicationConfiguration,
+                                      IAuthenticatorConfig authenticatorConfig) : base(nativeAppService, applicationConfiguration, authenticatorConfig)
+        {
+        }
+
+        public override MailProviderType ProviderType => MailProviderType.Office365;
+    }
+}

Wino.Authentication/OutlookAuthenticator.cs

@@ -0,0 +1,126 @@
+using System;
+using System.Linq;
+using System.Threading.Tasks;
+using Microsoft.Identity.Client;
+using Microsoft.Identity.Client.Broker;
+using Microsoft.Identity.Client.Extensions.Msal;
+using Wino.Core.Domain;
+using Wino.Core.Domain.Entities.Shared;
+using Wino.Core.Domain.Enums;
+using Wino.Core.Domain.Exceptions;
+using Wino.Core.Domain.Interfaces;
+using Wino.Core.Domain.Models.Authentication;
+
+namespace Wino.Authentication
+{
+    public class OutlookAuthenticator : BaseAuthenticator, IOutlookAuthenticator
+    {
+        private const string TokenCacheFileName = "OutlookCache.bin";
+        private bool isTokenCacheAttached = false;
+
+        // Outlook
+        private const string Authority = "https://login.microsoftonline.com/common";
+
+        public override MailProviderType ProviderType => MailProviderType.Outlook;
+
+        private readonly IPublicClientApplication _publicClientApplication;
+        private readonly IApplicationConfiguration _applicationConfiguration;
+
+        public OutlookAuthenticator(INativeAppService nativeAppService,
+                                    IApplicationConfiguration applicationConfiguration,
+                                    IAuthenticatorConfig authenticatorConfig) : base(authenticatorConfig)
+        {
+            _applicationConfiguration = applicationConfiguration;
+
+            var authenticationRedirectUri = nativeAppService.GetWebAuthenticationBrokerUri();
+
+            var options = new BrokerOptions(BrokerOptions.OperatingSystems.Windows)
+            {
+                Title = "Wino Mail",
+                ListOperatingSystemAccounts = true,
+            };
+
+            var outlookAppBuilder = PublicClientApplicationBuilder.Create(AuthenticatorConfig.OutlookAuthenticatorClientId)
+                .WithParentActivityOrWindow(nativeAppService.GetCoreWindowHwnd)
+                .WithBroker(options)
+                .WithDefaultRedirectUri()
+                .WithAuthority(Authority);
+
+            _publicClientApplication = outlookAppBuilder.Build();
+        }
+
+        public string[] Scope => AuthenticatorConfig.OutlookScope;
+
+        private async Task EnsureTokenCacheAttachedAsync()
+        {
+            if (!isTokenCacheAttached)
+            {
+                var storageProperties = new StorageCreationPropertiesBuilder(TokenCacheFileName, _applicationConfiguration.PublisherSharedFolderPath).Build();
+                var msalcachehelper = await MsalCacheHelper.CreateAsync(storageProperties);
+                msalcachehelper.RegisterCache(_publicClientApplication.UserTokenCache);
+
+                isTokenCacheAttached = true;
+            }
+        }
+
+        public async Task<TokenInformationEx> GetTokenInformationAsync(MailAccount account)
+        {
+            await EnsureTokenCacheAttachedAsync();
+
+            var storedAccount = (await _publicClientApplication.GetAccountsAsync()).FirstOrDefault(a => a.Username == account.Address);
+
+            if (storedAccount == null)
+                return await GenerateTokenInformationAsync(account);
+
+            try
+            {
+                var authResult = await _publicClientApplication.AcquireTokenSilent(Scope, storedAccount).ExecuteAsync();
+
+                return new TokenInformationEx(authResult.AccessToken, authResult.Account.Username);
+            }
+            catch (MsalUiRequiredException)
+            {
+                // Somehow MSAL is not able to refresh the token silently.
+                // Force interactive login.
+
+                return await GenerateTokenInformationAsync(account);
+            }
+            catch (Exception)
+            {
+                throw;
+            }
+        }
+
+        public async Task<TokenInformationEx> GenerateTokenInformationAsync(MailAccount account)
+        {
+            try
+            {
+                await EnsureTokenCacheAttachedAsync();
+
+                var authResult = await _publicClientApplication
+                    .AcquireTokenInteractive(Scope)
+                    .ExecuteAsync();
+
+                // If the account is null, it means it's the initial creation of it.
+                // If not, make sure the authenticated user address matches the username.
+                // When people refresh their token, accounts must match.
+
+                if (account?.Address != null && !account.Address.Equals(authResult.Account.Username, StringComparison.OrdinalIgnoreCase))
+                {
+                    throw new AuthenticationException("Authenticated address does not match with your account address.");
+                }
+
+                return new TokenInformationEx(authResult.AccessToken, authResult.Account.Username);
+            }
+            catch (MsalClientException msalClientException)
+            {
+                if (msalClientException.ErrorCode == "authentication_canceled" || msalClientException.ErrorCode == "access_denied")
+                    throw new AccountSetupCanceledException();
+
+                throw;
+            }
+
+            throw new AuthenticationException(Translator.Exception_UnknowErrorDuringAuthentication, new Exception(Translator.Exception_TokenGenerationFailed));
+        }
+    }
+}

Wino.Authentication/Wino.Authentication.csproj

@@ -0,0 +1,24 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+	<PropertyGroup>
+		<TargetFramework>netstandard2.0</TargetFramework>
+		<RootNamespace>Wino.Authentication</RootNamespace>
+		<Configurations>Debug;Release</Configurations>
+		<LangVersion>12</LangVersion>
+		<Platforms>AnyCPU;x64;x86</Platforms>
+	</PropertyGroup>
+
+	<ItemGroup>
+		<PackageReference Include="CommunityToolkit.Diagnostics" Version="8.3.2" />
+		<PackageReference Include="CommunityToolkit.Mvvm" Version="8.3.2" />
+		<PackageReference Include="Google.Apis.Auth" Version="1.68.0" />
+		<PackageReference Include="Microsoft.Identity.Client" Version="4.66.1" />
+		<PackageReference Include="Microsoft.Identity.Client.Broker" Version="4.66.1" />
+		<PackageReference Include="Microsoft.Identity.Client.Extensions.Msal" Version="4.66.1" />
+	</ItemGroup>
+
+	<ItemGroup>
+	  <ProjectReference Include="..\Wino.Core.Domain\Wino.Core.Domain.csproj" />
+	  <ProjectReference Include="..\Wino.Messages\Wino.Messaging.csproj" />
+	</ItemGroup>
+</Project>