Add support for third Autodiscover.xml possible URL

[camaer]

When looking at the code, it seems there is only two URL supported for the Autodiscover.xml file

MSOFT_ALTERNATE_ROUTE = '/AutoDiscover/AutoDiscover.xml'
MSOFT_CONFIG_ROUTE = '/autodiscover/autodiscover.xml'

There is a third URL which microsoft use: '/Autodiscover/Autodiscover.xml'

Said URL seems to be the default when using the EAS validation tool on Microsoft website here: https://testconnectivity.microsoft.com/tests/Eas/input

Confirmed by my Nginx logs:

[17/Jan/2022:13:51:36 -0500] "POST /AutoDiscover/Autodiscover.xml HTTP/1.1" 404 138 "-" "Microsoft-Server-ActiveSync/12.0+(TestExchangeConnectivity.com)"

[rseichter]

@camaer I can't cater for every possible (and on top of that undocumented) way of URL capitalisation, and I probably should not even have bothered with two variants in the first place. I suggest using the Webserver fronting automx2 to rewrite the URL as necessary.

[camaer]

Fair enough but the nginx and apache configs in the doc should be have a section for this. Another option is make the check in automx2 not case sensitive. It's always a variation of /autodiscover/autodiscover.xml,/AutoDiscover/AutoDiscover.xml and /Autodiscover/Autodiscover.xml

Another thing I realised is that the request and callback URL are:

NS_REQUEST = 'http://schemas.microsoft.com/exchange/autodiscover/outlook/requestschema/2006'
NS_RESPONSE_PAYLOAD = 'http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a'

while is can also come from here (note the mobilesync instead of outlook in the path): http://schemas.microsoft.com/exchange/autodiscover/mobilesync/requestschema/2006 https://docs.microsoft.com/en-us/previous-versions/office/developer/exchange-server-interoperability-guidance/hh352638(v%3dexchg.140)#autodiscover-requests-and-responses

It might not be related but I couldn't get automx2 to work at all. I keep getting the following error: Missing request argument "EMailAddress"

After adding another line to log the request.data in the code:

    def post(self):
        """Outlook-style POST request is expected to contain XML."""
        if not self.is_xml_request():
            message = f'Required content type is "{CONTENT_TYPE_XML}"'
            log.error(message)
            return message, 400
        element: Element = fromstring(str(request.data, encoding='utf-8', errors='strict'))
        ns = {'n': NS_REQUEST}
---->        log.error(request.data)
        element = element.find(f'n:Request/n:{EMAIL_OUTLOOK}', ns)

the logs clearly show the data is there: (Note the schema URL is using /outlook instead of /mobilesync since I wanted to make sure it's not related to the NS_REQUEST URL)

Jan 17 17:27:21 prd-mail flask.sh[1853347]: b'<Autodiscover xmlns="https://schemas.microsoft.com/exchange/autodiscover/outlook/requestschema/2006">   <Request>     <EMailAddress>email@example.com</EMailAddress>     <AcceptableResponseSchema>https://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a</AcceptableResponseSchema>   </Request> </Autodiscover>'
Jan 17 17:27:21 prd-mail flask.sh[1853347]: Missing request argument "EMailAddress"

I took the XLM data that was sent from Microsoft:

<Autodiscover xmlns="https://schemas.microsoft.com/exchange/autodiscover/outlook/requestschema/2006">
   <Request>
     <EMailAddress>email@example.com</EMailAddress>
     <AcceptableResponseSchema>https://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a</AcceptableResponseSchema>
   </Request>
 </Autodiscover>

and can reproduce the issue when POSTing the previous XML file

curl -L -d @payload.xml -H "Content-Type: application/xml" 'http://127.0.0.1:4243/autodiscover/autodiscover.xml'

[rseichter]

Fair enough but the nginx and apache configs in the doc should be have a section for this.

I disagree. The basis is Microsoft's own "Autodiscover Publishing and Lookup Protocol" [MS-OXDSCLI] v20210817, released August 17, 2021. Quoting section 3.2.5:

An Autodiscover server MUST respond to HTTP POST requests to the URL
"https://<Server>/autodiscover/autodiscover.xml", where "<Server>" is
a valid host name for the server.

Other variants of the URL are not officially defined, and therefore I don't see any reason to change my code or documentation in order to accommodate other people's flawed implementations.

Another thing I realised is that the request and callback URL are [...] while is can also come from here (note the mobilesync instead of outlook in the path)

No, you are mixing unrelated configuration data. MS-OXDSCLI section 2.2.1 states:

Autodiscover requests are in the
"http://schemas.microsoft.com/exchange/autodiscover/outlook/requestschema/2006" namespace.
Autodiscover responses are in the
"http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006" namespace.

The namespaces you mentioned are only used for config types MobileSync and CertEnroll, and they have to bearing on E-Mail account configuration for IMAP, POP3 and SMTP.

It might not be related but I couldn't get automx2 to work at all.

I'm sorry to hear that, but rest assured automx2 works just fine if configured correctly. I have customers with a user base of more than 2 million accounts each, and they have no trouble using automx2. The following POST request works with the sample database content:

<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/requestschema/2006">
  <Request>
    <AcceptableResponseSchema>http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a</AcceptableResponseSchema>
    <EMailAddress>jdoe@example.com</EMailAddress>
  </Request>
</Autodiscover>

I'll close this issue because there is no technical flaw in automx2 regarding the URL or namespaces. Please consider using the mailing list mentioned in the documentation for questions. That way, other users can participate.

(Edit: Fix typo)