* Only "Authorize" and "Device" are values accepted for the flow during

     initial authentication using XOAUTH2. A warning message (and error)
     will be seen by the user in case the user attempts a different flow.

5 files changed, 53 insertions, 30 deletions

diff --git a/alpine/confscroll.c b/alpine/confscroll.c
index 8bfb533d..49a5231c 100644
--- a/alpine/confscroll.c
+++ b/alpine/confscroll.c
@@ -5765,6 +5765,15 @@ fix_side_effects(struct pine *ps, struct variable *var, int revert)
     else if(var == &ps->vars[V_FEATURE_LIST]){
 	process_feature_list(ps, var->current_val.l, 0, 0, 0);
     }
+    else if(var && var->name && !strcmp(var->name, XOAUTH2_FLOW)){
+	if(var->current_val.p
+	   && strucmp(var->current_val.p, "Authorize")
+	   && strucmp(var->current_val.p, "Device")){
+	      q_status_message1(SM_ORDER | SM_DING, 3, 3,
+			        _("Invalid value \"%s\". Use \"Authorize\" or \"Device\""),
+				var->current_val.p);
+	}
+    }
     else if(!revert && (var == &ps->vars[V_LAST_TIME_PRUNE_QUESTION] ||
 		        var == &ps->vars[V_REMOTE_ABOOK_HISTORY] ||
 		        var == &ps->vars[V_REMOTE_ABOOK_VALIDITY] ||
diff --git a/alpine/confscroll.h b/alpine/confscroll.h
index c2b6e952..29501f27 100644
--- a/alpine/confscroll.h
+++ b/alpine/confscroll.h
@@ -38,6 +38,20 @@
 #define next_confline(p)  ((p) ? (p)->next : NULL)
 #define prev_confline(p)  ((p) ? (p)->prev : NULL)
 
+/* for xoaut2conf.h */
+#define XNAME   "/NAME="
+#define XID     "/ID="
+#define XSECRET "/SECRET="
+#define XTENANT "/TENANT="
+#define XUSER   "/USER="
+#define XFLOW   "/Flow="
+
+#define XOAUTH2_CLIENT_ID       "Client-Id"
+#define XOAUTH2_CLIENT_SECRET   "Client-Secret"
+#define XOAUTH2_TENANT          "Tenant"
+#define XOAUTH2_USERS           "Username"
+#define XOAUTH2_FLOW            "Auth Flow"
+
 
 extern char *empty_val;
 extern char *empty_val2;
diff --git a/alpine/imap.c b/alpine/imap.c
index 68b1f220..8fada329 100644
--- a/alpine/imap.c
+++ b/alpine/imap.c
@@ -865,21 +865,34 @@ mm_login_oauth2(NETMBX *mb, char *user, char *method,
     if(registered){
 	x = oauth2_get_client_info(oa2list->name, user);
 	if(!x) return;		/* user cancelled, let's get out of here */
-	if(x && x->flow){
-	    for(oa2list = alpine_oauth2_list;
+	if(x){
+	    int error = 0;
+	    if(x->flow){
+	      for(oa2list = alpine_oauth2_list;
 		  oa2list && oa2list->host != NULL && oa2list->host[0] != NULL;
 		  oa2list++){
-		for(i = 0; i < OAUTH2_TOT_EQUIV
+		  for(i = 0; i < OAUTH2_TOT_EQUIV
 			   && oa2list->host[i] != NULL
 			   && strucmp(oa2list->host[i], mb->orighost) != 0; i++);
-		if(i < OAUTH2_TOT_EQUIV && oa2list->host[i] != NULL){
-		   char *flow = oa2list->server_mthd[0].name ? "Authorize"
-			: (oa2list->server_mthd[1].name ? "Device" : "Unknown");
-		   if(!strucmp(x->flow, flow)) break;	/* found it */
-		}
+		  if(i < OAUTH2_TOT_EQUIV && oa2list->host[i] != NULL){
+		     char *flow = oa2list->server_mthd[0].name ? "Authorize"
+			: (oa2list->server_mthd[1].name ? "Device" : NULL);
+		     if(flow && !strucmp(x->flow, flow)) break;	/* found it */
+		  }
+	      }
+	      if(!oa2list || !oa2list->host || !oa2list->host[0])
+		error++;
+	    }
+	    else error++;
+	    if(error){
+		if(x->flow)
+	           q_status_message1(SM_ORDER | SM_DING, 3, 3, _("Unrecognized flow type \"%s\". Use \"Authorize\" or \"Device\""), x->flow);
+		else
+	           q_status_message(SM_ORDER | SM_DING, 3, 3, _("Configuration does not specify flow type. Use \"Authorize\" or \"Device\""));
 	    }
+	    free_xoauth2_info(&x);
+	    if(error) return;
 	}
-	if (x) free_xoauth2_info(&x);
 	/* else use the one we found earlier, the user has to configure this better */
     }
 
diff --git a/alpine/xoauth2conf.c b/alpine/xoauth2conf.c
index 7d5b72b8..4a92bf82 100644
--- a/alpine/xoauth2conf.c
+++ b/alpine/xoauth2conf.c
@@ -33,28 +33,15 @@ typedef struct xoauh2_info_val_s {
 
 /* the order here must match the order in XTYPES above */
 XOAUTH2_INFO_VAL_S x_default[] = {
-   {NULL, 		"/NAME="},
-   {"Client-Id",	"/ID="},
-   {"Client-Secret",	"/SECRET="},
-   {"Tenant",		"/TENANT="},
-   {"Username",		"/USER="},
-   {"Auth Flow",	"/Flow="},
-   {NULL, 		NULL}
+   {NULL, 			XNAME},
+   {XOAUTH2_CLIENT_ID,		XID},
+   {XOAUTH2_CLIENT_SECRET,	XSECRET},
+   {XOAUTH2_TENANT,		XTENANT},
+   {XOAUTH2_USERS,		XUSER},
+   {XOAUTH2_FLOW,		XFLOW},
+   {NULL, 			NULL}
 };
 
-#define XNAME	x_default[Xname].pinerc_name
-#define XID	x_default[Xid].pinerc_name
-#define XSECRET	x_default[Xsecret].pinerc_name
-#define XTENANT	x_default[Xtenant].pinerc_name
-#define XUSER	x_default[Xuser].pinerc_name
-#define XFLOW	x_default[XFlow].pinerc_name
-
-#define XOAUTH2_CLIENT_ID	x_default[Xid].screen_name
-#define XOAUTH2_CLIENT_SECRET	x_default[Xsecret].screen_name
-#define XOAUTH2_TENANT		x_default[Xtenant].screen_name
-#define XOAUTH2_USERS		x_default[Xuser].screen_name
-#define XOAUTH2_FLOW		x_default[XFlow].screen_name
-
 char *list_to_array(char **);
 char **array_to_list(char *);
 void write_xoauth_configuration(struct variable  *, struct variable **, EditWhich);
diff --git a/pith/pine.hlp b/pith/pine.hlp
index 94cc9da3..bacd3413 100644
--- a/pith/pine.hlp
+++ b/pith/pine.hlp
@@ -140,7 +140,7 @@ with help text for the config screen and the composer that didn't have any
 reasonable place to be called from.
 Dummy change to get revision in pine.hlp
 ============= h_revision =================
-Alpine Commit 629 2021-12-03 21:20:33
+Alpine Commit 630 2021-12-04 13:19:50
 ============= h_news =================
 <HTML>
 <HEAD>