added clear token option, updated scopes for m365

Author: John

lib/OAuth.pm

@@ -38,7 +38,25 @@ use Time::Piece;
 our @EXPORT = qw( get_oauth );
 
 sub get_oauth {
-  my ($oauthuri, $oauthclientid, $dbh, $db_tx_support) = (@_);
+  my ($oauthuri, $oauthclientid, $dbh, $db_tx_support, $clear_token) = (@_);
+
+  # clear token if requested
+  if ($clear_token) {
+    my $sql = qq{DELETE FROM oauth};
+    $dbh->do($sql, undef);
+    if ($dbh->errstr) {
+      warn "$scriptname: $org: $id: Cannot invalidate OAuth tokens.\n";
+      exit;
+    }
+    else {
+      if ($db_tx_support) {
+        $dbh->commit;
+        if ($dbh->errstr) {
+          warn "$scriptname: $org: $id: Cannot commit transaction.\n";
+        }
+      }
+    }
+  }
 
   # check if valid oauth token exists
   my $sth = $dbh->prepare(qq{SELECT access_token, refresh_token, UNIX_TIMESTAMP(expire) AS expire, valid FROM oauth WHERE valid=1});
@@ -136,7 +154,7 @@ sub get_oauth {
 
     # if it's m365, we need to request offline_access too
     if ($oauthuri =~ m/microsoft/) {
-      $scope .= "%20offline_access";
+      $scope .= "%20offline_access%20https%3A%2F%2Foutlook.office.com%2F.default";
     }
 
     # send the device authorization request

report-parser.pl

@@ -131,7 +131,8 @@ sub show_usage {
      $imapauth, $oauthclientid, $oauthuri,
      $imapdmarcfolder, $imapdmarcproc, $imapdmarcerr, 
      $imaptlsfolder, $imaptlsproc, $imaptlserr,
-     $tlsverify, $processInfo);
+     $tlsverify, $processInfo,
+     $clear_token);
 
 # defaults
 $maxsize_xml     = 50000;
@@ -142,6 +143,7 @@ sub show_usage {
 $dmarc_only      = 1;
 $reports_replace = 0;
 $imapauth        = 'simple';
+$clear_token     = 0;
 
 # used in messages
 my $scriptname = 'Open Report Parser';
@@ -198,7 +200,7 @@ sub show_usage {
                TS_MBOX_FILE => 3, 
                TS_ZIP_FILE => 4, 
                TS_JSON_FILE => 5 };
-GetOptions( \%options, 'd', 'r', 'x', 'j', 'm', 'e', 'i', 'z', 'delete', 'info', 'c' => \$conf_file );
+GetOptions( \%options, 'd', 'r', 'x', 'j', 'm', 'e', 'i', 'z', 'delete', 'info', 'c' => \$conf_file, 'clear' );
 
 # locate conf file or die
 if ( -e $conf_file ) {
@@ -299,6 +301,7 @@ sub show_usage {
 if (exists $options{delete}) {$delete_reports = 1;}
 if (exists $options{info})   {$processInfo = 1;}
 if (exists $options{tls})    {$dmarc_only = -1;}
+if (exists $options{clear})  {$clear_token = 1;}
 
 # Cludgy, but it lets us preserve filename for dbx_postgres.pl
 my $dbitype = 'mysql';
@@ -415,7 +418,7 @@ sub show_usage {
   elsif ($imapauth eq 'oauth2') {
     printDebug("using oauth2");
     # get the bearer token
-    my $oauth2token = OAuth::get_oauth($oauthuri, $oauthclientid, $dbh, $db_tx_support);
+    my $oauth2token = OAuth::get_oauth($oauthuri, $oauthclientid, $dbh, $db_tx_support, $clear_token);
 
     # authenticate
     my $oauth_b64 = encode_base64("user=".$imapuser."\x01auth=Bearer ".$oauth2token."\x01\x01",'');