Feature: add optional OAuth state parameter

2025-01-06 18:50:08 +01:00
parent 1856837d21
commit cfdc5d1c9b
3 changed files with 16 additions and 0 deletions
--- a/src/paperless/settings.py
+++ b/src/paperless/settings.py
@@ -1222,6 +1222,7 @@ EMPTY_TRASH_DELAY = max(__get_int("PAPERLESS_EMPTY_TRASH_DELAY", 30), 1)
 OAUTH_CALLBACK_BASE_URL = os.getenv("PAPERLESS_OAUTH_CALLBACK_BASE_URL")
 GMAIL_OAUTH_CLIENT_ID = os.getenv("PAPERLESS_GMAIL_OAUTH_CLIENT_ID")
 GMAIL_OAUTH_CLIENT_SECRET = os.getenv("PAPERLESS_GMAIL_OAUTH_CLIENT_SECRET")
+GMAIL_OAUTH_CLIENT_STATE = os.getenv("PAPERLESS_GMAIL_OAUTH_CLIENT_STATE")
 GMAIL_OAUTH_ENABLED = bool(
    (OAUTH_CALLBACK_BASE_URL or PAPERLESS_URL)
    and GMAIL_OAUTH_CLIENT_ID
@@ -1229,6 +1230,7 @@ GMAIL_OAUTH_ENABLED = bool(
 )
 OUTLOOK_OAUTH_CLIENT_ID = os.getenv("PAPERLESS_OUTLOOK_OAUTH_CLIENT_ID")
 OUTLOOK_OAUTH_CLIENT_SECRET = os.getenv("PAPERLESS_OUTLOOK_OAUTH_CLIENT_SECRET")
+OUTLOOK_OAUTH_CLIENT_STATE = os.getenv("PAPERLESS_OUTLOOK_OAUTH_CLIENT_STATE")
 OUTLOOK_OAUTH_ENABLED = bool(
    (OAUTH_CALLBACK_BASE_URL or PAPERLESS_URL)
    and OUTLOOK_OAUTH_CLIENT_ID
--- a/src/paperless_mail/oauth.py
+++ b/src/paperless_mail/oauth.py
@@ -49,6 +49,7 @@ class PaperlessMailOAuth2Manager:
                redirect_uri=self.oauth_callback_url,
                scope=["https://mail.google.com/"],
                extras_params={"prompt": "consent", "access_type": "offline"},
+                state=settings.GMAIL_OAUTH_CLIENT_STATE,
            ),
        )

@@ -60,6 +61,7 @@ class PaperlessMailOAuth2Manager:
                    "offline_access",
                    "https://outlook.office.com/IMAP.AccessAsUser.All",
                ],
+                self=settings.OUTLOOK_OAUTH_CLIENT_STATE,
            ),
        )