From 03649e891d07d976af327a2aeed9bbe9fb3abf34 Mon Sep 17 00:00:00 2001
From: Eduardo Chappa <chappa@washington.edu>
Date: Sun, 4 Oct 2020 10:30:27 -0600
Subject:   * Addition of XOAUTH2 support for Yahoo!, and update in
 documentation.

---
 alpine/imap.c        |  44 ++++++++++++++---
 alpine/xoauth2.h     |   9 +++-
 alpine/xoauth2conf.c |   9 ++--
 pith/pine.hlp        | 136 ++++++++++++++++++++++++++++++++++++++++++++++++---
 4 files changed, 180 insertions(+), 18 deletions(-)

diff --git a/alpine/imap.c b/alpine/imap.c
index b4e044e7..00b5c994 100644
--- a/alpine/imap.c
+++ b/alpine/imap.c
@@ -241,6 +241,38 @@ OAUTH2_S alpine_oauth2_list[] =
     1,		/* client secret required */
     0		/* Cancel refresh token */
   },
+  {YAHOO_NAME,
+   {"imap.mail.yahoo.com", "smtp.mail.yahoo.com", NULL, NULL},
+   {{"client_id", NULL},
+    {"client_secret", NULL},		/* used */
+    {"tenant", NULL},			/* not used */
+    {"code", NULL},			/* used during authorization */
+    {"refresh_token", NULL},
+    {"scope", NULL},			/* not used! */
+    {"redirect_uri", "oob"},		/* https://localhost */
+    {"grant_type", "authorization_code"},
+    {"grant_type", "refresh_token"},
+    {"response_type", "code"},
+    {"state", NULL},			/* used */
+    {"device_code", NULL}		/* not used */
+   },
+   {{"GET", "https://api.login.yahoo.com/oauth2/request_auth",	/* Get Access Code */
+	{OA2_Id, OA2_Redirect, OA2_Response, OA2_State, OA2_End, OA2_End, OA2_End}},
+    {NULL, NULL, {OA2_End, OA2_End, OA2_End, OA2_End, OA2_End, OA2_End, OA2_End}}, /* device code, not used */
+    {"POST", "https://api.login.yahoo.com/oauth2/get_token",	/* Get first Refresh Token and Access token  */
+	{OA2_Id, OA2_Secret, OA2_Redirect, OA2_Code, OA2_GrantTypeforAccessToken, OA2_End, OA2_End}},
+    {"POST", "https://api.login.yahoo.com/oauth2/get_token",	/* Get access token from refresh token */
+	{OA2_Id, OA2_Secret, OA2_Redirect, OA2_RefreshToken, OA2_GrantTypefromRefreshToken, OA2_End, OA2_End}}
+   },
+   {NULL, NULL, NULL, 0, 0, NULL},	/* device_code information, not used */
+    NULL, 	/* access token */
+    "ALPINE_V1",	/* special IMAP ID */
+    1,		/* hide */
+    0, 		/* expiration time */
+    0, 		/* first time indicator */
+    1,		/* client secret required */
+    0		/* Cancel refresh token */
+  },
   {YANDEX_NAME,
    {"imap.yandex.com", "smtp.yandex.com", NULL, NULL},
    {{"client_id", NULL},
@@ -3650,8 +3682,8 @@ write_passfile(pinerc, l)
    char *authend, *authtype;
 #ifdef	WINCRED
 # if	(WINCRED > 0)
-    char  target[4*MAILTMPLEN];
-    char  blob[4*MAILTMPLEN];
+    char  target[10*MAILTMPLEN];
+    char  blob[10*MAILTMPLEN];
     CREDENTIAL cred;
     LPTSTR ltarget = 0;
 
@@ -3701,8 +3733,8 @@ write_passfile(pinerc, l)
 
 #elif	APPLEKEYCHAIN
     int   rc;
-    char  target[4*MAILTMPLEN];
-    char  blob[4*MAILTMPLEN];
+    char  target[10*MAILTMPLEN];
+    char  blob[10*MAILTMPLEN];
     SecKeychainItemRef itemRef = NULL;
 
     if(using_passfile == 0)
@@ -3769,11 +3801,11 @@ write_passfile(pinerc, l)
     }
 
 #else /* PASSFILE */
-    char  tmp[4*MAILTMPLEN], blob[4*MAILTMPLEN];
+    char  tmp[10*MAILTMPLEN], blob[10*MAILTMPLEN];
     int   i, n;
     FILE *fp;
 #ifdef SMIME
-    char *text = NULL, tmp2[4*MAILTMPLEN];
+    char *text = NULL, tmp2[10*MAILTMPLEN];
     int len = 0;
 #endif
 
diff --git a/alpine/xoauth2.h b/alpine/xoauth2.h
index 0a17a222..e889078a 100644
--- a/alpine/xoauth2.h
+++ b/alpine/xoauth2.h
@@ -25,9 +25,14 @@
 #define OUTLOOK_SECRET "Tk-DAcEi13-FeSsY_Ja4Y.-MyL66I.wIPt"
 #define OUTLOOK_TENANT "common"
 
-#define YANDEX_NAME "Yandex"
-#define YANDEX_ID   "393578fee26f47858023cf59681882a7"
+#define YANDEX_NAME   "Yandex"
+#define YANDEX_ID     "393578fee26f47858023cf59681882a7"
 #define YANDEX_SECRET "7304c4993583498f8ab63e2f21ad6960"
 #define YANDEX_TENANT NULL
 
+#define YAHOO_NAME   "Yahoo!"
+#define YAHOO_ID     "dj0yJmk9RTdyZEQ2TWxGMzV6JmQ9WVdrOWVrTllZbGgyV2tjbWNHbzlNQT09JnM9Y29uc3VtZXJzZWNyZXQmc3Y9MCZ4PTli"
+#define YAHOO_SECRET "3a8b12d51c09b0a5c0733c36d04cd3c69e33baef"
+#define YAHOO_TENANT NULL
+
 #endif /* ALPINE_XOAUTH2_INCLUDED */
diff --git a/alpine/xoauth2conf.c b/alpine/xoauth2conf.c
index 11c53766..71ecfb32 100644
--- a/alpine/xoauth2conf.c
+++ b/alpine/xoauth2conf.c
@@ -28,6 +28,7 @@ extern OAUTH2_S alpine_oauth2_list[];
 XOAUTH2_INFO_S xoauth_default[] = {
   { GMAIL_NAME, GMAIL_ID, GMAIL_SECRET, GMAIL_TENANT, NULL, NULL},
   { OUTLOOK_NAME, OUTLOOK_ID, OUTLOOK_SECRET, OUTLOOK_TENANT, NULL, NULL},
+  { YAHOO_NAME, YAHOO_ID, YAHOO_SECRET, YAHOO_TENANT, NULL, NULL},
   { YANDEX_NAME, YANDEX_ID, YANDEX_SECRET, YANDEX_TENANT, NULL, NULL},
   { NULL, NULL, NULL, NULL, NULL, NULL}
 };
@@ -886,7 +887,8 @@ alpine_xoauth2_configuration(struct pine *ps, int edit_exceptions)
 	   }
 	   if(lval == NULL || lval[k] == NULL){
 	       OAUTH2_S *oa2list;
-	       for(oa2list = alpine_oauth2_list; oa2list; oa2list++){
+	       for(oa2list = alpine_oauth2_list; oa2list && oa2list->name; oa2list++){
+		  if(oa2list->hide) continue;
 		  if(!strcmp(oa2list->name,xoauth_default[i].name)){
 		     xoauth_default[i].flow = cpystr(oa2list->server_mthd[0].name ? "Authorize"
                       : (oa2list->server_mthd[1].name ? "Device" : "Unknown"));
@@ -913,10 +915,11 @@ alpine_xoauth2_configuration(struct pine *ps, int edit_exceptions)
 		 y->tenant = cpystr(xoauth_default[i].tenant);
 	      for(oa2 = NULL, oa2list = alpine_oauth2_list; oa2 == NULL && oa2list; oa2list++)
 		 if(!strcmp(oa2list->name, y->name)) oa2 = oa2list;
-	      if(y->flow == NULL)
+	      if(oa2 && y->flow == NULL)
 		y->flow = cpystr(oa2->server_mthd[0].name ? "Authorize"
                       : (oa2->server_mthd[1].name ? "Device" : "Unknown"));
-	      write_xoauth_conf_entry(y, &xoauth_default[i], &ctmpa, &ctmpb, &first_line, &varlist, &p, ln, k);
+	      if(oa2 && !oa2->hide)
+		write_xoauth_conf_entry(y, &xoauth_default[i], &ctmpa, &ctmpb, &first_line, &varlist, &p, ln, k);
 	      free_xoauth2_info(&y);
 	   }
 	}
diff --git a/pith/pine.hlp b/pith/pine.hlp
index 94a22588..d8370794 100644
--- a/pith/pine.hlp
+++ b/pith/pine.hlp
@@ -140,7 +140,7 @@ with help text for the config screen and the composer that didn't have any
 reasonable place to be called from.
 Dummy change to get revision in pine.hlp
 ============= h_revision =================
-Alpine Commit 508 2020-10-03 13:43:20
+Alpine Commit 509 2020-10-04 10:30:23
 ============= h_news =================
 <HTML>
 <HEAD>
@@ -191,6 +191,8 @@ problems you find with this release.
 <P> Additions include:
 
 <UL>
+<LI> Implementation of XOAUTH2 for Yahoo! Mail. <A href="h_yahoo_configuration">Learn More</A>
+
 <LI> Expansion of the configuration screen for XOAUTH2 to include
      username, authorization flow, and tenant.
 
@@ -203,7 +205,7 @@ problems you find with this release.
      <A HREF="h_xoauth2_config_screen">Learn more</A>.
 
 <LI> Addition of Yandex.com to the list of services that Alpine can use XOAUTH2 to
-     authenticate for reading and sending email.
+     authenticate for reading and sending email. <A href="h_yandex_configuration">Learn More</A>
 
 <LI> Addition of a link to the Apache License 2.0 (see above). This is 
      available from the Release Notes as well as the welcome screen.
@@ -311,10 +313,10 @@ Additions include:
 
 <UL>
 <LI> Implementation of XOAUTH2 authentication support for Outlook.
-     Based on documentation suggested by Andrew C Aitchison.
+     Based on documentation suggested by Andrew C Aitchison. <A href="h_outlook_configuration">Learn More</A>
 
 <LI> Add support for the OAUTHBEARER authentication method in Gmail. Thanks to
-     Alexander Perlis for suggesting it and explaining how the method works.
+     Alexander Perlis for suggesting it and explaining how the method works. <A href="h_gmail_configuration">Learn More</A>
 
 <LI> Creation of Alpine's Privacy Policy. This is presented as a link to
     an online document from the Release Notes (Link at the top of this
@@ -420,6 +422,7 @@ Additions include:
 
 <UL>
 <LI> Support for <A HREF="h_xoauth2">XOAUTH2</A> authentication method in Gmail.
+     <A href="h_gmail_configuration">Learn More</A>
 
 <LI> PC-Alpine builds with LibreSSL and supports S/MIME.
 
@@ -1718,6 +1721,115 @@ to try to negotiate a higher version of the TLS protocol.
 the highest encryption protocol available, and it is the recommended
 modifier to the server definition to create a secure encrypted connection.
 
+<P>
+&lt;End of help&gt;
+</BODY>
+</HTML>
+====== h_gmail_configuration ======
+<HTML>
+<HEAD>
+<TITLE>Configuring Access to Gmail Using XOAUTH2</TITLE>
+</HEAD>
+<BODY>
+<H1>Configuring Access to Gmail Using XOAUTH2</H1>
+
+Gmail allows you to access their IMAP and SMTP server using either the XOAUTH2
+or OAUTHBEARER authentication method. You can choose any of them. A sample configuration for reading
+incoming mail is
+
+<P>
+inbox-path = {imap.gmail.com/ssl/user=YourId@gmail.com/auth=xoauth2}INBOX<BR>
+smtp-server = smtp.gmail.com/ssl/user=YourId@gmail.com/auth=xoauth2
+
+<P>
+Note that you can substitute /auth=xoauth2 by /auth=oauthbearer.
+
+<P>
+Gmail implements the authorize method. This means that in order to use xoauth2, you must
+open a URL, login to your Gmail account, and authorize Alpine to access your email. As a
+result of this process, you will get a <B>code</B>, which you must input back into Alpine.
+Once you have done that, Alpine will be able to get a refresh and access token, which
+Alpine will use later to read and send email.
+
+<P>
+&lt;End of help&gt;
+</BODY>
+</HTML>
+====== h_outlook_configuration ======
+<HTML>
+<HEAD>
+<TITLE>Configuring Access to Outlook Using XOAUTH2</TITLE>
+</HEAD>
+<BODY>
+<H1>Configuring Access to Outlook Using XOAUTH2</H1>
+
+Outlook allows you to access their IMAP and SMTP server using the XOAUTH2
+authentication method. A sample configuration for reading incoming mail is
+
+<P>
+inbox-path = {outlook.office365.com/ssl/user=YourId@outlook.com/auth=xoauth2}INBOX<BR>
+smtp-server = smtp.office365.com/submit/user=YourId@outlook.com/auth=xoauth2
+
+<P>
+Outlook implements the authorize and device methods to get your authorization to access
+your account. Alpine uses by default the device method, so try that one first.
+
+<P>
+&lt;End of help&gt;
+</BODY>
+</HTML>
+====== h_yahoo_configuration ======
+<HTML>
+<HEAD>
+<TITLE>Configuring Access to Yahoo! Using XOAUTH2</TITLE>
+</HEAD>
+<BODY>
+<H1>Configuring Access to Yahoo! Using XOAUTH2</H1>
+
+Yahoo! allows you to access their IMAP and SMTP server using either the XOAUTH2 or
+OAUTHBEARER authentication method. You can choose any of them. A sample configuration for
+reading incoming mail is
+
+<P>
+inbox-path = {imap.mail.yahoo.com/ssl/user=YourId@yahoo.com/auth=xoauth2}INBOX<BR>
+smtp-server = smtp.mail.yahoo.com/ssl/user=YourId@yahoo.com/auth=xoauth2
+
+<P>
+Note that you can substitute /auth=xoauth2 by /auth=oauthbearer.
+
+<P>
+Yahoo! implements the authorize method. This means that in order to use xoauth2, you must
+open a URL, login to your Yahoo! account, and authorize Alpine to access your email. As a
+result of this process, you will get a <B>code</B>, which you must input back into Alpine.
+Once you have done that, Alpine will be able to get a refresh and access token, which
+Alpine will use later to read and send email.
+
+<P>
+&lt;End of help&gt;
+</BODY>
+</HTML>
+====== h_yandex_configuration ======
+<HTML>
+<HEAD>
+<TITLE>Configuring Access to Yandex Using XOAUTH2</TITLE>
+</HEAD>
+<BODY>
+<H1>Configuring Access to Yandex Using XOAUTH2</H1>
+
+Yandex allows you to access their IMAP and SMTP server using the XOAUTH2
+authentication method. A sample configuration for reading incoming mail is
+
+<P>
+inbox-path = {imap.yandex.com/ssl/user=YourId@yandex.com/auth=xoauth2}INBOX<BR>
+smtp-server = smtp.yandex.com/ssl/user=YourId@yandex.com/auth=xoauth2
+
+<P>
+Yandex implements the authorize method. This means that in order to use xoauth2, you must
+open a URL, login to your Yandex account, and authorize Alpine to access your email. As a
+result of this process, you will get a <B>code</B>, which you must input back into Alpine.
+Once you have done that, Alpine will be able to get a refresh and access token, which
+Alpine will use later to read and send email.
+
 <P>
 &lt;End of help&gt;
 </BODY>
@@ -1735,6 +1847,16 @@ account to read and send email. This method is different from the traditional
 username/password that users are accostumed to, and it needs to be set up
 by the user. This text will help you understand this authentication method.
 
+<P> A quick list of services supported by Alpine are (follow each link for
+specific configuration instructions)
+
+<UL>
+<LI> <A href="h_gmail_configuration">Gmail</A>
+<LI> <A href="h_outlook_configuration">Outlook</A>
+<LI> <A href="h_yahoo_configuration">Yahoo!</A>
+<LI> <A href="h_yandex_configuration">Yandex</A>
+</UL>
+
 <P>
 The most important difference between this method and other authentication
 methods is what happens if someone steals your credentials. This method is
@@ -1823,9 +1945,9 @@ a new one, by getting an Access Code first, and granting authorization to
 Alpine to access your email once again.
 
 <P>
-This implementation of XOAUTH2 knows the list of servers that it can 
-access using the same credentials, so Alpine will be able to read and send 
-emails using the same Access Token. You will not have to create 
+This implementation of XOAUTH2 knows the list of servers that it can
+access using the same credentials, so Alpine will be able to read and send
+emails using the same Access Token. You will not have to create
 Access and Refresh Tokens for the IMAP and SMTP servers separately.
 
 <P>
-- 
cgit v1.2.3-54-g00ecf