Remove requirement of trustme, automatically close browser window and add Evolution

AdityaGarg8 · AdityaGarg8 · commit aa60ca31d31f · 2025-05-06T20:57:22.000+05:30
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -63,7 +63,7 @@ jobs:
           Version: ${{ github.event.inputs.version }}
           Section: utils
           Priority: optional
-          Depends: git-email, python3-msal, python3-keyring, python3-trustme, python3-pyqt6, python3-pyqt6.qtwebengine
+          Depends: git-email, python3-msal, python3-keyring, python3-pyqt6, python3-pyqt6.qtwebengine
           Enhances: git-email
           Architecture: all
           Maintainer: Aditya Garg <gargaditya08@live.com>
@@ -170,7 +170,6 @@ jobs:
           Requires:       git-email
           Requires:       python-msal
           Requires:       python-keyring
-          Requires:       python-trustme
           Requires:       python-pyqt6
           Requires:       python-pyqt6-webengine
 
diff --git a/README.md b/README.md
@@ -37,10 +37,10 @@ It is a simple python script, based on https://github.com/ag91/M365-IMAP and htt
   pip install PyQt6==6.8.1 PyQt6-WebEngine==6.8.0
   ```
 
-- For **Outlook**, you also need to install these modules:
+- For **Outlook**, you also need to install `msal`:
 
   ```bash
-  pip install msal trustme
+  pip install msal
   ```
 
 ### Linux
diff --git a/git-credential-gmail b/git-credential-gmail
@@ -37,16 +37,31 @@ Examples:
 	sys.exit(0)
 
 import http.server
+import json
+import keyring
 import os
+import random
 import threading
 import urllib.parse
 import urllib.request
-import random
-import keyring
-import json
 
-ClientId = "406964657835-aq8lmia8j95dhl1a2bvharmfk3t1hgqj.apps.googleusercontent.com"
-ClientSecret = "kSmqreRr0qwBWJgbf5Y-PjSU"
+# https://github.com/mozilla/releases-comm-central/blob/master/mailnews/base/src/OAuth2Providers.sys.mjs
+ClientId_Thunderbird = "406964657835-aq8lmia8j95dhl1a2bvharmfk3t1hgqj.apps.googleusercontent.com"
+ClientSecret_Thunderbird = "kSmqreRr0qwBWJgbf5Y-PjSU"
+
+# https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/7554d3b95124486ac98d9a5052e069e46242a216
+ClientId_Evolution = "590402290962-2i0b7rqma8b9nmtfrcp7fa06g6cf7g74.apps.googleusercontent.com"
+ClientSecret_Evolution = "mtfUe5W8Aal9DcgVipOY1T9G"
+
+# https://gitlab.gnome.org/GNOME/gnome-online-accounts/-/blob/master/meson_options.txt
+ClientId_Gnome = "44438659992-7kgjeitenc16ssihbtdjbgguch7ju55s.apps.googleusercontent.com"
+ClientSecret_Gnome = "-gMLuQyDiI0XrQS_vx_mhuYF"
+
+# ClientId and ClientSecret to be used
+
+ClientId = ClientId_Thunderbird
+ClientSecret = ClientSecret_Thunderbird
+
 Scopes = "https://mail.google.com/"
 ServiceName = "git-credential-gmail"
 
@@ -128,9 +143,6 @@ if "--authenticate" in sys.argv:
 	redirect_uri = f"http://localhost:{random_port}/"
 	url = GeneratePermissionUrl(redirect_uri)
 
-	print("Navigate to the following url in a web browser, if doesn't open automatically:\n")
-	print(f"{url}\n")
-
 	class Handler(http.server.BaseHTTPRequestHandler):
 		def log_message(self, format, *args):
 			# Override to prevent logging to console
@@ -140,12 +152,8 @@ if "--authenticate" in sys.argv:
 			parsed_query = urllib.parse.parse_qs(parsed_url.query)
 			global code
 			code = parsed_query.get('code', [''])[0]
-			response_body = b'Success. You may close this window now.\r\n'
 			self.send_response(200)
-			self.send_header('Content-Type', 'text/plain')
-			self.send_header('Content-Length', len(response_body))
 			self.end_headers()
-			self.wfile.write(response_body)
 
 			global httpd
 			threading.Thread(target=lambda: httpd.shutdown()).start()
@@ -170,7 +178,14 @@ if "--authenticate" in sys.argv:
 		def javaScriptConsoleMessage(self, level, message, lineNumber, sourceID):
 			return
 
+	print("Opening a browser window for authentication...\n")
+
 	class BrowserWindow(QMainWindow):
+
+		def handle_url_change(self, url):
+			if "code=" in url.toString():
+				self.close()
+
 		def __init__(self):
 			super().__init__()
 			self.setWindowTitle("OAuth2 Login")
@@ -180,6 +195,7 @@ if "--authenticate" in sys.argv:
 				self.browser.setPage(QuietWebEnginePage(self.browser))
 			self.setCentralWidget(self.browser)
 			self.browser.load(QUrl(url))
+			self.browser.urlChanged.connect(self.handle_url_change)
 			self.show()
 
 	webapp = QApplication(sys.argv)
diff --git a/git-credential-outlook b/git-credential-outlook
@@ -40,22 +40,25 @@ Examples:
 """)
 	sys.exit(0)
 
-import trustme
-import http.server
+import keyring
 import os
-import threading
 import urllib.parse
-import tempfile
-import random
-import keyring
-import ssl
 
 from msal import PublicClientApplication
 
-ClientId = "9e5f94bc-e8a4-4e73-b8be-63364c29d753"
+# https://github.com/mozilla/releases-comm-central/blob/master/mailnews/base/src/OAuth2Providers.sys.mjs
+ClientId_Thunderbird = "9e5f94bc-e8a4-4e73-b8be-63364c29d753"
+
+# https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/7554d3b95124486ac98d9a5052e069e46242a216
+ClientId_Evolution = "cc6e0693-0e26-4220-8322-9d363e308fc6"
+
 Scopes = ['https://outlook.office.com/POP.AccessAsUser.All','https://outlook.office.com/IMAP.AccessAsUser.All','https://outlook.office.com/SMTP.Send']
 ServiceName = "git-credential-outlook"
 
+# ClientId to be used
+
+ClientId = ClientId_Thunderbird
+
 def save_refresh_token(refresh_token):
 	keyring.set_password(ServiceName, "refresh_token", refresh_token)
 
@@ -81,76 +84,47 @@ if "--authenticate" in sys.argv:
 		from PyQt6.QtWebEngineWidgets import QWebEngineView
 		from PyQt6.QtCore import QUrl, QLoggingCategory
 
-		random_port = random.randint(1024, 65535)
-		redirect_uri = f"https://localhost:{random_port}/"
+		redirect_uri = f"https://login.live.com/oauth20_desktop.srf"
 
 		url = app.get_authorization_request_url(Scopes, redirect_uri=redirect_uri)
 
-		print("Navigate to the following url in a web browser, if doesn't open automatically:\n")
-		print(f"{url}\n")
-
-		class Handler(http.server.BaseHTTPRequestHandler):
-			def log_message(self, format, *args):
-				# Override to prevent logging to console
-				pass
-			def do_GET(self):
-				parsed_url = urllib.parse.urlparse(self.path)
-				parsed_query = urllib.parse.parse_qs(parsed_url.query)
-				global code
-				code = parsed_query.get('code', [''])[0]
-				response_body = b'Success. You may close this window now.\r\n'
-				self.send_response(200)
-				self.send_header('Content-Type', 'text/plain')
-				self.send_header('Content-Length', len(response_body))
-				self.end_headers()
-				self.wfile.write(response_body)
-
-				global httpd
-				threading.Thread(target=lambda: httpd.shutdown()).start()
-
-
-		code = ''
-
-		ca = trustme.CA()
-		cert_file = os.path.join(tempfile.gettempdir(), "cert.crt")
-		server_cert = ca.issue_cert("localhost")
-		server_cert.private_key_and_cert_chain_pem.write_to_path(cert_file)
-
-		server_address = ('', random_port)
-		httpd = http.server.HTTPServer(server_address, Handler)
-		context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
-		context.load_cert_chain(cert_file)
-		httpd.socket = context.wrap_socket(
-			httpd.socket,
-			server_side=True,
-		)
-
-		threading.Thread(target=httpd.serve_forever, daemon=True).start()
-
 		if "--verbose" in sys.argv:
 			loglevel = 0
 		else:
 			loglevel = 3
 			QLoggingCategory("qt.webenginecontext").setFilterRules("*.info=false") # Suppress info logs
 
-		os.environ["QTWEBENGINE_CHROMIUM_FLAGS"] = f"--enable-logging --log-level={loglevel} --ignore-certificate-errors"
+		os.environ["QTWEBENGINE_CHROMIUM_FLAGS"] = f"--enable-logging --log-level={loglevel}"
+
+		print("Opening a browser window for authentication...\n")
+
+		code = ''
 
 		class BrowserWindow(QMainWindow):
+
+			def handle_url_change(self, url):
+				if "code=" in url.toString():
+					parsed_url = urllib.parse.urlparse(url.toString())
+					parsed_query = urllib.parse.parse_qs(parsed_url.query)
+					global code
+					code = parsed_query.get('code', [''])[0]
+					self.close()
+
 			def __init__(self):
 				super().__init__()
 				self.setWindowTitle("OAuth2 Login")
 				self.resize(800, 600)
 				self.browser = QWebEngineView()
 				self.setCentralWidget(self.browser)
 				self.browser.load(QUrl(url))
+				self.browser.urlChanged.connect(self.handle_url_change)
 				self.show()
 
 		webapp = QApplication(sys.argv)
 		window = BrowserWindow()
 		webapp.exec()
 
 		token = app.acquire_token_by_authorization_code(code, Scopes, redirect_uri=redirect_uri)
-		os.remove(cert_file)
 
 	if 'error' in token:
 		print(token)
