Helitaanka PHP oo ku beddelashada/Office 365

Waqti dheer lagu dhawaaqay - hadda xaqiiqo : Microsoft waxay damisay xaqiijinta erayga sirta ah ee borotokoollada qaarkood ee Exchange Online laga bilaabo Sebtembar 2022 iyada oo door bideysa oAuth2. Arrimaha GitHub ee maktabado badan iyo qoraalo kayd ah ayaa caddaynaya in isbeddelku uu la yaabay maamulayaal badan. Hoos waxaan ku tusineynaa hab aad ku sii wadi karto gelitaanka macluumaadka ku jira sanduuqaaga beddelka adoo kaashanaya oAuth2 adoo adeegsanaya PHP adoo isticmaalaya IMAP.


Marka la eego dhinaca amniga, tallaabada Microsoft waa mid aad u sax ah, laakiin kakanaanta barnaamijka gelitaanka e-mailkeeda ayaa xoogaa kor u kacay. Tusaale ahaan, haddii aad isticmaasho maktabadda barbushin/php-map- ka oo si weyn loo isticmaalo, gelitaanku wuxuu ahaan jiray sidan soo socota:

734a82898010e2fcb02c72c3cd9702c2

Kaliya ma shaqaynayso. Si loo sameeyo xiriir iyada oo loo marayo oAuth2, dhibka ugu horreeya waa in la helo calaamadda gelitaanka. Taasna waa inaad ku qaadaa laba caqabadood.

Tusaha Firfircoon ee Azure

Tallaabooyinka soo socda waxay iska diwaangelinayaan abka cusub ee Azure Active Directory:

Soo gal https://portal.azure.com
Fur "Hagaha Firfircoon ee Azure"
Dooro "Diiwaangelinta Appka" & "Diiwaangelinta Cusub".
Nuqul "Aqoonsiga Codsiga (Client)" (= Aqoonsiga Macmiilka) & "Aqoonsiga Hagaha (Kiraystaha)" (=Aqoonsiga Kiraystaha).
"Ogolaanshaha API" & "Kudar Ogolaanshaha"
"API loo isticmaalo ururkaygu" & "Office 365 Exchange Online"
"Ogolaanshaha Codsiga" & "IMAP.AccessAsApp"
Sii ogolaanshaha maamulka
"Shahaado & Sirro" & "Sirta Macmiilka" & "Sirta Macmiilka Cusub"
Dooro sharaxaad oo deji ansaxnimada
Ku koobbi "Aqoonsiga Qarsoon" (Sirta Macmiilka) sabuuradda
Furo codsiyada ganacsiga
Nuqul "Aqoonsiga Shayga".

PowerShell

Hadda waxaan u rogeynaa app-ka gudaha Microsoft PowerShell (Qaabka maamulka) oo u qoondee ogolaanshaha sanduuqyada boostada ee gaarka ah (<TENANTID>, <CLIENTID>, <OBJECTID>, <EMAIL> waa in la bedelaa xaalad kasta):

Install-Module -Name ExchangeOnlineManagement
Import-Module ExchangeOnlineManagement
Connect-ExchangeOnline -Organization <TENANTID>

New-ServicePrincipal -AppId <CLIENTID> -ServiceId <OBJECTID>
Add-MailboxPermission -Identity "<EMAIL>" -User <OBJECTID> -AccessRights FullAccess
...

Markaad taas sameyso, inta soo hartay maaha cilmiga gantaalaha. Maadaama barbushin/php-imap- ka uusan taageerin oAuth2, waxaad ku xiri kartaa maktabadda kale ee Webklex/php-map (taas oo sidoo kale faa'iido u leh inaysan u baahnayn moduleka PHP IMAP ).:

734a82898010e2fcb02c72c3cd9702c2

Si kastaba ha ahaatee, maktabadaha aan si rasmi ah u taageerin oAuth2 sidoo kale waxaa loo isticmaali karaa wakiil sida simonrob/email-oauth2-wakiil ka dhig mid shaqayn kara. Intaa ka dib Download iyo rakibidda via python -m pip install -r requirements-no-gui.txt (Python ≥3.6 ayaa loo baahan yahay) waxaad tafatirtay faylka emailproxy.config tusaale sida soo socota (oo bedelaya wakhtigan <TENANTID>, <CLIENTID>, <CLIENTSECRET> iyo <EMAIL>):

[Server setup]

[IMAP-1993]
local_address = localhost
server_address = outlook.office365.com
server_port = 993

[Account setup]

[<EMAIL>]
token_url = https://login.microsoftonline.com/<TENANTID>/oauth2/v2.0/token
oauth2_scope = https://outlook.office365.com/.default
redirect_uri = http://localhost:8080
client_id = <CLIENTID>
client_secret = <CLIENTSECRET>

Markaa waxaad ku bilaabaysaa wakiilka python emailproxy.py --no-gui oo hadda aadi kartaa IP-ga oo aan qarsoodi ahayn localhost dekedda 1993 ku xidho aqoonsiga aasaasiga ah ee caadiga ah (iyo furaha sirta ah ee la dhigo). Haddii aad rabto in aad bilawdo wakiil ahaan adeeg ahaan xagga dambe marka aad bilowdo nidaamka, waxaad isticmaali kartaa, tusaale ahaan habaysan:

sudo systemctl edit --force --full emailproxy.service

[Unit]
Description=Email OAuth 2.0 Proxy
[Service]
ExecStart=/usr/bin/python /path/to/emailproxy.py --no-gui
Restart=always
[Install]
WantedBy=multi-user.target

sudo systemctl enable emailproxy.service --now
sudo systemctl status emailproxy.service
sudo systemctl start emailproxy.service

Haddii loo baahdo xiriir qarsoodi ah, tani sidoo kale waa suurtagal - tan waxaad marka hore abuurtaa fure gaar ah iyo shahaado iskiis u saxiixday.:

openssl genrsa -out key.pem 3072
openssl req -new -x509 -key key.pem -out cert.pem -days 360

Kadibna tixraac ayaa lagu sameeyaa gudaha emailproxy.config labadan fayl:

local_key_path = /path/to/key.pem
local_certificate_path = /path/to/cert.pem
Dib u laabo