Fix OAuth SSO first account creation, add mobile support, and fix refresh tokens (#6181)

api/oauth_test.go

@@ -517,7 +517,17 @@ func TestOAuthAccessToken(t *testing.T) {
 	th := Setup().InitBasic()
 	Client := th.BasicClient
 
+	enableOAuth := utils.Cfg.ServiceSettings.EnableOAuthServiceProvider
+	adminOnly := *utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations
+	defer func() {
+		utils.Cfg.ServiceSettings.EnableOAuthServiceProvider = enableOAuth
+		*utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = adminOnly
+		utils.SetDefaultRolesBasedOnConfig()
+	}()
 	utils.Cfg.ServiceSettings.EnableOAuthServiceProvider = true
+	*utils.Cfg.ServiceSettings.EnableOnlyAdminIntegrations = false
+	utils.SetDefaultRolesBasedOnConfig()
+
 	oauthApp := &model.OAuthApp{Name: "TestApp5" + model.NewId(), Homepage: "https://nowhere.com", Description: "test", CallbackUrls: []string{"https://nowhere.com"}}
 	oauthApp = Client.Must(Client.RegisterApp(oauthApp)).Data.(*model.OAuthApp)
 
@@ -593,6 +603,8 @@ func TestOAuthAccessToken(t *testing.T) {
 		rsp := result.Data.(*model.AccessResponse)
 		if len(rsp.AccessToken) == 0 {
 			t.Fatal("access token not returned")
+		} else if len(rsp.RefreshToken) == 0 {
+			t.Fatal("refresh token not returned")
 		} else {
 			token = rsp.AccessToken
 			refreshToken = rsp.RefreshToken
@@ -644,8 +656,21 @@ func TestOAuthAccessToken(t *testing.T) {
 	}
 
 	data.Set("refresh_token", refreshToken)
-	if _, err := Client.GetAccessToken(data); err != nil {
+	if result, err := Client.GetAccessToken(data); err != nil {
 		t.Fatal(err)
+	} else {
+		rsp := result.Data.(*model.AccessResponse)
+		if len(rsp.AccessToken) == 0 {
+			t.Fatal("access token not returned")
+		} else if len(rsp.RefreshToken) == 0 {
+			t.Fatal("refresh token not returned")
+		} else if rsp.RefreshToken == refreshToken {
+			t.Fatal("refresh token did not update")
+		}
+
+		if rsp.TokenType != model.ACCESS_TOKEN_TYPE {
+			t.Fatal("access token type incorrect")
+		}
 	}
 
 	authData := &model.AuthData{ClientId: oauthApp.Id, RedirectUri: oauthApp.CallbackUrls[0], UserId: th.BasicUser.Id, Code: model.NewId(), ExpiresIn: -1}

api4/oauth.go

@@ -417,6 +417,9 @@ func completeOAuth(c *Context, w http.ResponseWriter, r *http.Request) {
 	} else if action == model.OAUTH_ACTION_SSO_TO_EMAIL {
 
 		redirectUrl = app.GetProtocol(r) + "://" + r.Host + "/claim?email=" + url.QueryEscape(props["email"])
+	} else if action == model.OAUTH_ACTION_MOBILE {
+		ReturnStatusOK(w)
+		return
 	} else {
 		session, err := app.DoLogin(w, r, user, "")
 		if err != nil {

api4/params.go

@@ -105,7 +105,7 @@ func ApiParamsFromRequest(r *http.Request) *ApiParams {
 	}
 
 	if val, ok := props["service"]; ok {
-		params.Category = val
+		params.Service = val
 	}
 
 	if val, ok := props["preference_name"]; ok {

app/oauth.go

@@ -190,9 +190,10 @@ func GetOAuthAccessToken(clientId, grantType, redirectUri, code, secret, refresh
 			} else {
 				//return the same token and no need to create a new session
 				accessRsp = &model.AccessResponse{
-					AccessToken: accessData.Token,
-					TokenType:   model.ACCESS_TOKEN_TYPE,
-					ExpiresIn:   int32((accessData.ExpiresAt - model.GetMillis()) / 1000),
+					AccessToken:  accessData.Token,
+					TokenType:    model.ACCESS_TOKEN_TYPE,
+					RefreshToken: accessData.RefreshToken,
+					ExpiresIn:    int32((accessData.ExpiresAt - model.GetMillis()) / 1000),
 				}
 			}
 		} else {
@@ -273,15 +274,17 @@ func newSessionUpdateToken(appName string, accessData *model.AccessData, user *m
 	}
 
 	accessData.Token = session.Token
+	accessData.RefreshToken = model.NewId()
 	accessData.ExpiresAt = session.ExpiresAt
 	if result := <-Srv.Store.OAuth().UpdateAccessData(accessData); result.Err != nil {
 		l4g.Error(result.Err)
 		return nil, model.NewAppError("newSessionUpdateToken", "web.get_access_token.internal_saving.app_error", nil, "", http.StatusInternalServerError)
 	}
 	accessRsp := &model.AccessResponse{
-		AccessToken: session.Token,
-		TokenType:   model.ACCESS_TOKEN_TYPE,
-		ExpiresIn:   int32(*utils.Cfg.ServiceSettings.SessionLengthSSOInDays * 60 * 60 * 24),
+		AccessToken:  session.Token,
+		RefreshToken: accessData.RefreshToken,
+		TokenType:    model.ACCESS_TOKEN_TYPE,
+		ExpiresIn:    int32(*utils.Cfg.ServiceSettings.SessionLengthSSOInDays * 60 * 60 * 24),
 	}
 
 	return accessRsp, nil

model/oauth.go

@@ -16,6 +16,7 @@ const (
 	OAUTH_ACTION_LOGIN        = "login"
 	OAUTH_ACTION_EMAIL_TO_SSO = "email_to_sso"
 	OAUTH_ACTION_SSO_TO_EMAIL = "sso_to_email"
+	OAUTH_ACTION_MOBILE       = "mobile"
 )
 
 type OAuthApp struct {