search

gmailgem / gmail

A Rubyesque interface to Gmail, with all the tools you'll need.
Other
397 stars 119 forks source link

Unable to connect via xoauth2 when configured with omniauth-google-oauth2 using read-only scope #237

Closed dtbrad closed 4 years ago

dtbrad commented 8 years ago

I'm trying to incorporate the gmail and omniauth-google-oauth2 gems into my rails app. Using the following omniauth configuration I'm able to access the user's emails:

OmniAuth.config.logger = Rails.logger

Rails.application.config.middleware.use OmniAuth::Builder do
  provider :google_oauth2, ENV['GOOGLE_CLIENT_ID'], ENV['GOOGLE_SECRET'], {
    scope: ['https://mail.google.com/', 'email'],
    prompt: 'select_account'
    }
end
class ApplicationController < ActionController::Base
  protect_from_forgery with: :exception
  helper_method :current_user

  def home
    if current_user
      gmail = Gmail.connect(:xoauth2, current_user.email, current_user.oauth_token)
      @subject = gmail.inbox.emails.last.subject
    end
  end

  private

  def current_user
    @current_user ||= User.find(session[:user_id]) if session[:user_id]
  end

end
[1] pry(#<ApplicationController>)> gmail
=> #<Gmail::Client0x7fe42dac6d40 (johndoe@gmail.com) connected>

But if I keep everything the same except change my scope to:

scope: ['https://www.googleapis.com/auth/gmail.readonly', 'email'],

I get instead:

[1] pry(#<ApplicationController>)> gmail
=> #<Gmail::Client0x7fc311cea168 (johndoe@gmail.com) disconnected>

In both instances oauth2 appears to be working correctly, that is, the user is successfully signed into a new session, but when attempting to use the read only scope, the gmail gem fails to connect.

jeppeliisberg commented 7 years ago

+1 I'm forced to use another approach unless this can be fixed.

Apparently, this gem requires the https://mail.google.com/ scope to be able to authenticate. This is NOT recommended by google: "This scope should only be requested if your application needs to immediately and permanently delete threads and messages, bypassing Trash; all other actions can be performed with less permissive scopes." (from https://developers.google.com/gmail/api/auth/scopes#what_scope_or_scopes_does_my_app_need)

fluke commented 7 years ago

@nu7hatch @johnnyshields Is there any reason why the https://mail.google.com/ scope is needed. Can't we have the readonly scope implemented. It's hard to use in a user facing app because people are afraid of giving such permissions to apps.

fluke commented 7 years ago

I'm using the https://www.googleapis.com/auth/gmail.send scope but this doesn't seem to work. Getting this error. Works with https://mail.google.com but based on our app Google isn't allowing us to use it.

img_12082017_095838_0

@johnnyshields @webcracy @jgrevich @bootstraponline @myobie

fluke commented 7 years ago

The full trace:

/usr/local/Cellar/ruby/2.3.1/lib/ruby/2.3.0/net/imap.rb:1198:in `get_tagged_response'
/usr/local/Cellar/ruby/2.3.1/lib/ruby/2.3.0/net/imap.rb:1250:in `block in send_command'
/usr/local/Cellar/ruby/2.3.1/lib/ruby/2.3.0/monitor.rb:214:in `mon_synchronize'
/usr/local/Cellar/ruby/2.3.1/lib/ruby/2.3.0/net/imap.rb:1232:in `send_command'
/usr/local/Cellar/ruby/2.3.1/lib/ruby/2.3.0/net/imap.rb:454:in `block in select'
/usr/local/Cellar/ruby/2.3.1/lib/ruby/2.3.0/monitor.rb:214:in `mon_synchronize'
/usr/local/Cellar/ruby/2.3.1/lib/ruby/2.3.0/net/imap.rb:452:in `select'
/usr/local/lib/ruby/gems/2.3.0/bundler/gems/gmail-4f78039e9821/lib/gmail/client/base.rb:207:in `switch_to_mailbox'
/usr/local/lib/ruby/gems/2.3.0/bundler/gems/gmail-4f78039e9821/lib/gmail/client/base.rb:164:in `block in mailbox'
/usr/local/lib/ruby/gems/2.3.0/bundler/gems/gmail-4f78039e9821/lib/gmail/client/base.rb:161:in `synchronize'
/usr/local/lib/ruby/gems/2.3.0/bundler/gems/gmail-4f78039e9821/lib/gmail/client/base.rb:161:in `mailbox'
app/models/user.rb:149:in `all_mail'
app/models/ahoy/message.rb:11:in `thread'
app/models/email.rb:54:in `thread'
app/models/email_campaign_lead.rb:24:in `thread'
app/controllers/email_campaign_leads_controller.rb:24:in `show'
actionpack (5.1.3) lib/action_controller/metal/basic_implicit_render.rb:4:in `send_action'
actionpack (5.1.3) lib/abstract_controller/base.rb:186:in `process_action'
actionpack (5.1.3) lib/action_controller/metal/rendering.rb:30:in `process_action'
actionpack (5.1.3) lib/abstract_controller/callbacks.rb:20:in `block in process_action'
activesupport (5.1.3) lib/active_support/callbacks.rb:108:in `block in run_callbacks'
activesupport (5.1.3) lib/active_support/core_ext/time/zones.rb:64:in `use_zone'
app/controllers/application_controller.rb:35:in `set_time_zone'
activesupport (5.1.3) lib/active_support/callbacks.rb:117:in `block in run_callbacks'
activesupport (5.1.3) lib/active_support/callbacks.rb:135:in `run_callbacks'
actionpack (5.1.3) lib/abstract_controller/callbacks.rb:19:in `process_action'
actionpack (5.1.3) lib/action_controller/metal/rescue.rb:20:in `process_action'
actionpack (5.1.3) lib/action_controller/metal/instrumentation.rb:32:in `block in process_action'
activesupport (5.1.3) lib/active_support/notifications.rb:166:in `block in instrument'
activesupport (5.1.3) lib/active_support/notifications/instrumenter.rb:21:in `instrument'
activesupport (5.1.3) lib/active_support/notifications.rb:166:in `instrument'
actionpack (5.1.3) lib/action_controller/metal/instrumentation.rb:30:in `process_action'
actionpack (5.1.3) lib/action_controller/metal/params_wrapper.rb:252:in `process_action'
activerecord (5.1.3) lib/active_record/railties/controller_runtime.rb:22:in `process_action'
actionpack (5.1.3) lib/abstract_controller/base.rb:124:in `process'
actionview (5.1.3) lib/action_view/rendering.rb:30:in `process'
actionpack (5.1.3) lib/action_controller/metal.rb:189:in `dispatch'
actionpack (5.1.3) lib/action_controller/metal.rb:253:in `dispatch'
actionpack (5.1.3) lib/action_dispatch/routing/route_set.rb:49:in `dispatch'
actionpack (5.1.3) lib/action_dispatch/routing/route_set.rb:31:in `serve'
actionpack (5.1.3) lib/action_dispatch/journey/router.rb:46:in `block in serve'
actionpack (5.1.3) lib/action_dispatch/journey/router.rb:33:in `each'
actionpack (5.1.3) lib/action_dispatch/journey/router.rb:33:in `serve'
actionpack (5.1.3) lib/action_dispatch/routing/route_set.rb:834:in `call'
omniauth (1.6.1) lib/omniauth/strategy.rb:189:in `call!'
omniauth (1.6.1) lib/omniauth/strategy.rb:167:in `call'
warden (1.2.7) lib/warden/manager.rb:36:in `block in call'
warden (1.2.7) lib/warden/manager.rb:35:in `catch'
warden (1.2.7) lib/warden/manager.rb:35:in `call'
rack (2.0.3) lib/rack/etag.rb:25:in `call'
rack (2.0.3) lib/rack/conditional_get.rb:25:in `call'
rack (2.0.3) lib/rack/head.rb:12:in `call'
rack (2.0.3) lib/rack/session/abstract/id.rb:232:in `context'
rack (2.0.3) lib/rack/session/abstract/id.rb:226:in `call'
actionpack (5.1.3) lib/action_dispatch/middleware/cookies.rb:613:in `call'
activerecord (5.1.3) lib/active_record/migration.rb:556:in `call'
actionpack (5.1.3) lib/action_dispatch/middleware/callbacks.rb:26:in `block in call'
activesupport (5.1.3) lib/active_support/callbacks.rb:97:in `run_callbacks'
actionpack (5.1.3) lib/action_dispatch/middleware/callbacks.rb:24:in `call'
actionpack (5.1.3) lib/action_dispatch/middleware/executor.rb:12:in `call'
actionpack (5.1.3) lib/action_dispatch/middleware/debug_exceptions.rb:59:in `call'
web-console (3.5.1) lib/web_console/middleware.rb:135:in `call_app'
web-console (3.5.1) lib/web_console/middleware.rb:28:in `block in call'
web-console (3.5.1) lib/web_console/middleware.rb:18:in `catch'
web-console (3.5.1) lib/web_console/middleware.rb:18:in `call'
actionpack (5.1.3) lib/action_dispatch/middleware/show_exceptions.rb:31:in `call'
railties (5.1.3) lib/rails/rack/logger.rb:36:in `call_app'
railties (5.1.3) lib/rails/rack/logger.rb:24:in `block in call'
activesupport (5.1.3) lib/active_support/tagged_logging.rb:69:in `block in tagged'
activesupport (5.1.3) lib/active_support/tagged_logging.rb:26:in `tagged'
activesupport (5.1.3) lib/active_support/tagged_logging.rb:69:in `tagged'
railties (5.1.3) lib/rails/rack/logger.rb:24:in `call'
sprockets-rails (3.2.0) lib/sprockets/rails/quiet_assets.rb:13:in `call'
actionpack (5.1.3) lib/action_dispatch/middleware/remote_ip.rb:79:in `call'
actionpack (5.1.3) lib/action_dispatch/middleware/request_id.rb:25:in `call'
rack (2.0.3) lib/rack/method_override.rb:22:in `call'
rack (2.0.3) lib/rack/runtime.rb:22:in `call'
activesupport (5.1.3) lib/active_support/cache/strategy/local_cache_middleware.rb:27:in `call'
actionpack (5.1.3) lib/action_dispatch/middleware/executor.rb:12:in `call'
actionpack (5.1.3) lib/action_dispatch/middleware/static.rb:125:in `call'
rack (2.0.3) lib/rack/sendfile.rb:111:in `call'
railties (5.1.3) lib/rails/engine.rb:522:in `call'
puma (3.9.1) lib/puma/configuration.rb:224:in `call'
puma (3.9.1) lib/puma/server.rb:602:in `handle_request'
puma (3.9.1) lib/puma/server.rb:435:in `process_client'
puma (3.9.1) lib/puma/server.rb:299:in `block in run'
puma (3.9.1) lib/puma/thread_pool.rb:120:in `block in spawn_thread'
fluke commented 7 years ago

https://developers.google.com/gmail/imap/xoauth2-protocol#using_oauth_20

The scope for IMAP and SMTP access is https://mail.google.com/.

Looks like Google requires the https://mail.google.com scope for IMAP which is what's being used.

Are there any alternative ways to send mails?

johnnyshields commented 4 years ago

As of version 0.7.0 (Aug 19, 2018) this gem is officially deprecated and will no longer be maintained. Please instead use Google's official Gmail API Ruby Client, which uses the Gmail API rather than IMAP and has significantly better performance and reliability.