zammad/app/controllers/external_credentials_controller.rb

# Copyright (C) 2012-2026 Zammad Foundation, https://zammad-foundation.org/

class ExternalCredentialsController < ApplicationController
  include ExternalCredential::SensitiveAttributes

  prepend_before_action :authenticate_and_authorize!

  def index
    model_index_render(ExternalCredential, params)
  end

  def show
    model_show_render(ExternalCredential, params)
  end

  def create
    model_create_render(ExternalCredential, params)
  end

  def update
    model_update_render(ExternalCredential, params)
  end

  def destroy
    model_destroy_render(ExternalCredential, params)
  end

  def app_verify
    render json: { attributes: ExternalCredential.app_verify(params.permit!.to_h) }, status: :ok
  rescue => e
    logger.error e
    render json: { error: e.message }, status: :ok
  end

  def link_account
    provider = params[:provider].downcase
    attributes = ExternalCredential.request_account_to_link(provider, params)
    session[:request_token] = attributes[:request_token]
    session[:code_verifier] = attributes[:code_verifier]
    session[:channel_id] = params[:channel_id]
    session[:shared_mailbox] = params[:shared_mailbox]
    redirect_to attributes[:authorize_url], allow_other_host: true
  end

  def callback
    provider = params[:provider].downcase
    channel = ExternalCredential.link_account(provider, session[:request_token], link_params)
    return redirect_to(channel), allow_other_host: true if channel.instance_of?(String)

    redirect_to app_url(provider, channel.id), allow_other_host: true
  ensure
    session[:request_token]  = nil
    session[:code_verifier]  = nil
    session[:channel_id]     = nil
    session[:shared_mailbox] = nil
  end

  private

  def link_params
    params.permit!.to_h.merge(channel_id: session[:channel_id], shared_mailbox: session[:shared_mailbox], code_verifier: session[:code_verifier])
  end

  def callback_url(provider)
    ExternalCredential.callback_url(provider)
  end

  def app_url(provider, channel_id)
    ExternalCredential.app_url(provider, channel_id)
  end
end
Maintenance: Update copyright information. 2026-01-02 13:41:09 +00:00			`# Copyright (C) 2012-2026 Zammad Foundation, https://zammad-foundation.org/`
Init backend of generic external credentials. 2015-12-17 11:49:40 +00:00
			`class ExternalCredentialsController < ApplicationController`
Maintenance: Improve configuration details returned by the server. Co-authored-by: Dusan Vuckovic <dv@zammad.com> Co-authored-by: Florian Liebe <fl@zammad.com> Co-authored-by: Mantas Masalskis <mm@zammad.com> Co-authored-by: Marcel Bialas <mb@zammad.com> Co-authored-by: Martin Gruner <mg@zammad.com> 2026-02-03 13:38:55 +00:00			`include ExternalCredential::SensitiveAttributes`

Fixes #3119 - Clarify authentication_check and authorize! before_actions 2023-03-19 20:43:36 +00:00			`prepend_before_action :authenticate_and_authorize!`
Init backend of generic external credentials. 2015-12-17 11:49:40 +00:00
			`def index`
			`model_index_render(ExternalCredential, params)`
			`end`

			`def show`
			`model_show_render(ExternalCredential, params)`
			`end`

			`def create`
Init version of twitter admin. 2015-12-21 00:48:49 +00:00			`model_create_render(ExternalCredential, params)`
Init backend of generic external credentials. 2015-12-17 11:49:40 +00:00			`end`

			`def update`
Init version of twitter admin. 2015-12-21 00:48:49 +00:00			`model_update_render(ExternalCredential, params)`
Init backend of generic external credentials. 2015-12-17 11:49:40 +00:00			`end`

			`def destroy`
Fix spelling mistake (#481) destory -> destroy 2016-11-30 10:30:03 +00:00			`model_destroy_render(ExternalCredential, params)`
Init backend of generic external credentials. 2015-12-17 11:49:40 +00:00			`end`

Init version of twitter admin. 2015-12-21 00:48:49 +00:00			`def app_verify`
Implemented issue #2023 - Twitter Account Activity API support. 2018-12-03 14:10:36 +00:00			`render json: { attributes: ExternalCredential.app_verify(params.permit!.to_h) }, status: :ok`
Init version of twitter admin. 2015-12-21 00:48:49 +00:00			`rescue => e`
Fixed issue #2730: Registering of Twitter App fails for Twitter App with existing webhooks. 2019-09-03 18:23:29 +00:00			`logger.error e`
Init version of twitter admin. 2015-12-21 00:48:49 +00:00			`render json: { error: e.message }, status: :ok`
			`end`

Init backend of generic external credentials. 2015-12-17 11:49:40 +00:00			`def link_account`
			`provider = params[:provider].downcase`
Fixes #3963 - Unable to add Microsoft 365 Account when admin consent for enterprise applications is enabled. 2022-09-22 15:28:22 +00:00			`attributes = ExternalCredential.request_account_to_link(provider, params)`
Init backend of generic external credentials. 2015-12-17 11:49:40 +00:00			`session[:request_token] = attributes[:request_token]`
Maintenance: Add optional PKCE support to Microsoft OAuth flow. 2026-05-06 19:31:38 +00:00			`session[:code_verifier] = attributes[:code_verifier]`
Fixes #3240 - Allow reauthentication of Google / Microsoft365 accounts. 2020-11-20 13:58:57 +00:00			`session[:channel_id] = params[:channel_id]`
Fixes #5379 - New M365 Channel using GraphAPI instead of IMAP/SMTP Co-authored-by: Benjamin Scharf <bs@zammad.com> Co-authored-by: Dominik Klein <dk@zammad.com> Co-authored-by: Dusan Vuckovic <dv@zammad.com> Co-authored-by: Florian Liebe <fl@zammad.com> Co-authored-by: Mantas Masalskis <mm@zammad.com> Co-authored-by: Martin Gruner <mg@zammad.com> Co-authored-by: Tobias Schäfer <ts@zammad.com> 2025-01-09 14:47:18 +00:00			`session[:shared_mailbox] = params[:shared_mailbox]`
Maintenance: Switch to Rails 7.0 default config. 2024-02-19 12:38:32 +00:00			`redirect_to attributes[:authorize_url], allow_other_host: true`
Init backend of generic external credentials. 2015-12-17 11:49:40 +00:00			`end`

			`def callback`
			`provider = params[:provider].downcase`
Fixes #3240 - Allow reauthentication of Google / Microsoft365 accounts. 2020-11-20 13:58:57 +00:00			`channel = ExternalCredential.link_account(provider, session[:request_token], link_params)`
Maintenance: Switch to Rails 7.0 default config. 2024-02-19 12:38:32 +00:00			`return redirect_to(channel), allow_other_host: true if channel.instance_of?(String)`
Fixes #3963 - Unable to add Microsoft 365 Account when admin consent for enterprise applications is enabled. 2022-09-22 15:28:22 +00:00
Maintenance: Switch to Rails 7.0 default config. 2024-02-19 12:38:32 +00:00			`redirect_to app_url(provider, channel.id), allow_other_host: true`
Maintenance: Add optional PKCE support to Microsoft OAuth flow. 2026-05-06 19:31:38 +00:00			`ensure`
			`session[:request_token] = nil`
			`session[:code_verifier] = nil`
			`session[:channel_id] = nil`
			`session[:shared_mailbox] = nil`
Init backend of generic external credentials. 2015-12-17 11:49:40 +00:00			`end`

			`private`

Fixes #3240 - Allow reauthentication of Google / Microsoft365 accounts. 2020-11-20 13:58:57 +00:00			`def link_params`
Maintenance: Add optional PKCE support to Microsoft OAuth flow. 2026-05-06 19:31:38 +00:00			`params.permit!.to_h.merge(channel_id: session[:channel_id], shared_mailbox: session[:shared_mailbox], code_verifier: session[:code_verifier])`
Fixes #3240 - Allow reauthentication of Google / Microsoft365 accounts. 2020-11-20 13:58:57 +00:00			`end`

Init backend of generic external credentials. 2015-12-17 11:49:40 +00:00			`def callback_url(provider)`
Init version of twitter and facebook channel connector. 2015-12-30 13:24:13 +00:00			`ExternalCredential.callback_url(provider)`
Init backend of generic external credentials. 2015-12-17 11:49:40 +00:00			`end`

Init version of twitter admin. 2015-12-21 00:48:49 +00:00			`def app_url(provider, channel_id)`
Init version of twitter and facebook channel connector. 2015-12-30 13:24:13 +00:00			`ExternalCredential.app_url(provider, channel_id)`
Init version of twitter admin. 2015-12-21 00:48:49 +00:00			`end`
Init backend of generic external credentials. 2015-12-17 11:49:40 +00:00			`end`