Feature: add optional OAuth state parameter

2025-04-29 11:09:27 -05:00 · 2025-01-06 18:50:08 +01:00 · 2025-01-06 18:50:08 +01:00 · cfdc5d1c9b
commit cfdc5d1c9b
parent 1856837d21
3 changed files with 16 additions and 0 deletions
--- a/docs/configuration.md
+++ b/docs/configuration.md
@ -1229,6 +1229,12 @@ consumers working on the same file. Configure this to prevent that.
    Defaults to none.
 #### [`PAPERLESS_GMAIL_OAUTH_CLIENT_STATE=<str>`](#PAPERLESS_GMAIL_OAUTH_CLIENT_STATE) {#PAPERLESS_GMAIL_OAUTH_CLIENT_STATE}
 : State parameter for Gmail OAuth. This parameter is sent to the OAuth provider and returned in the callback.
    Defaults to none.
 #### [`PAPERLESS_OUTLOOK_OAUTH_CLIENT_ID=<str>`](#PAPERLESS_OUTLOOK_OAUTH_CLIENT_ID) {#PAPERLESS_OUTLOOK_OAUTH_CLIENT_ID}
 : The OAuth client ID for Outlook. This is required for Outlook OAuth Email setup. See [OAuth Email Setup](usage.md#oauth-email-setup) for more information.
@ -1241,6 +1247,12 @@ consumers working on the same file. Configure this to prevent that.
    Defaults to none.
 #### [`PAPERLESS_OUTLOOK_OAUTH_CLIENT_STATE=<str>`](#PAPERLESS_OUTLOOK_OAUTH_CLIENT_STATE) {#PAPERLESS_OUTLOOK_OAUTH_CLIENT_STATE}
 : State parameter for Outlook OAuth. This parameter is sent to the OAuth provider and returned in the callback.
    Defaults to none.
 ### Encrypted Emails {#encrypted_emails}
 #### [`PAPERLESS_EMAIL_GNUPG_HOME=<str>`](#PAPERLESS_EMAIL_GNUPG_HOME) {#PAPERLESS_EMAIL_GNUPG_HOME}
--- a/src/paperless/settings.py
+++ b/src/paperless/settings.py
@ -1222,6 +1222,7 @@ EMPTY_TRASH_DELAY = max(__get_int("PAPERLESS_EMPTY_TRASH_DELAY", 30), 1)
 OAUTH_CALLBACK_BASE_URL = os.getenv("PAPERLESS_OAUTH_CALLBACK_BASE_URL")
 GMAIL_OAUTH_CLIENT_ID = os.getenv("PAPERLESS_GMAIL_OAUTH_CLIENT_ID")
 GMAIL_OAUTH_CLIENT_SECRET = os.getenv("PAPERLESS_GMAIL_OAUTH_CLIENT_SECRET")
 GMAIL_OAUTH_CLIENT_STATE = os.getenv("PAPERLESS_GMAIL_OAUTH_CLIENT_STATE")
 GMAIL_OAUTH_ENABLED = bool(
    (OAUTH_CALLBACK_BASE_URL or PAPERLESS_URL)
    and GMAIL_OAUTH_CLIENT_ID
@ -1229,6 +1230,7 @@ GMAIL_OAUTH_ENABLED = bool(
 )
 OUTLOOK_OAUTH_CLIENT_ID = os.getenv("PAPERLESS_OUTLOOK_OAUTH_CLIENT_ID")
 OUTLOOK_OAUTH_CLIENT_SECRET = os.getenv("PAPERLESS_OUTLOOK_OAUTH_CLIENT_SECRET")
 OUTLOOK_OAUTH_CLIENT_STATE = os.getenv("PAPERLESS_OUTLOOK_OAUTH_CLIENT_STATE")
 OUTLOOK_OAUTH_ENABLED = bool(
    (OAUTH_CALLBACK_BASE_URL or PAPERLESS_URL)
    and OUTLOOK_OAUTH_CLIENT_ID
--- a/src/paperless_mail/oauth.py
+++ b/src/paperless_mail/oauth.py
@ -49,6 +49,7 @@ class PaperlessMailOAuth2Manager:
                redirect_uri=self.oauth_callback_url,
                scope=["https://mail.google.com/"],
                extras_params={"prompt": "consent", "access_type": "offline"},
                state=settings.GMAIL_OAUTH_CLIENT_STATE,
            ),
        )
@ -60,6 +61,7 @@ class PaperlessMailOAuth2Manager:
                    "offline_access",
                    "https://outlook.office.com/IMAP.AccessAsUser.All",
                ],
                self=settings.OUTLOOK_OAUTH_CLIENT_STATE,
            ),
        )