chore(release): 1.0.6 [skip ci]

## [1.0.6](http://gitea.gitea.svc.cluster.local:3000/djpbessems/ContainerImage.SpamasaurusRex/compare/v1.0.5...v1.0.6) (2024-03-09)

### Bug Fixes

* Add verbose debugging output ([b4d866b](b4d866bbe8))

CHANGELOG.md

@@ -1,3 +1,31 @@
+## [1.0.6](http://gitea.gitea.svc.cluster.local:3000/djpbessems/ContainerImage.SpamasaurusRex/compare/v1.0.5...v1.0.6) (2024-03-09)
+
+
+### Bug Fixes
+
+* Add verbose debugging output ([b4d866b](http://gitea.gitea.svc.cluster.local:3000/djpbessems/ContainerImage.SpamasaurusRex/commit/b4d866bbe8cf3f9632fdf69de4f15779c0099a9f))
+
+## [1.0.5](http://gitea.gitea.svc.cluster.local:3000/djpbessems/ContainerImage.SpamasaurusRex/compare/v1.0.4...v1.0.5) (2024-03-08)
+
+
+### Bug Fixes
+
+* Rebase to MSAL library for authentication ([3a0c288](http://gitea.gitea.svc.cluster.local:3000/djpbessems/ContainerImage.SpamasaurusRex/commit/3a0c288e55d4a717fa89f9548c5006e6c6bd7969))
+
+## [1.0.4](http://gitea.gitea.svc.cluster.local:3000/djpbessems/ContainerImage.SpamasaurusRex/compare/v1.0.3...v1.0.4) (2024-03-08)
+
+
+### Bug Fixes
+
+* Include Mozilla CA certificate list for TLS trust ([72ed807](http://gitea.gitea.svc.cluster.local:3000/djpbessems/ContainerImage.SpamasaurusRex/commit/72ed8073bf65a04efc68a4de28f5319b3931f6bc))
+
+## [1.0.3](http://gitea.gitea.svc.cluster.local:3000/djpbessems/ContainerImage.SpamasaurusRex/compare/v1.0.2...v1.0.3) (2024-03-08)
+
+
+### Bug Fixes
+
+* Refactor to use interactivebrowser login ([580f64b](http://gitea.gitea.svc.cluster.local:3000/djpbessems/ContainerImage.SpamasaurusRex/commit/580f64b7f203a2a55e0df1d34545e19fc070fecd))
+
 ## [1.0.2](http://gitea.gitea.svc.cluster.local:3000/djpbessems/ContainerImage.SpamasaurusRex/compare/v1.0.1...v1.0.2) (2024-03-01)
 
 

Dockerfile

@@ -14,6 +14,6 @@ WORKDIR /app
 
 COPY --from=builder /app/main .
 
-EXPOSE 80
+EXPOSE 8080
 
 CMD ["./main"]

go.mod

@@ -3,12 +3,13 @@ module pkg/spamasaurusrex
 go 1.19
 
 require (
+	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1
+	github.com/breml/rootcerts v0.2.16
 	github.com/gorilla/mux v1.8.1
 	github.com/microsoftgraph/msgraph-sdk-go v1.34.0
 )
 
 require (
-	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1 // indirect
 	github.com/golang-jwt/jwt/v5 v5.2.0 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
@@ -21,7 +22,7 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 // indirect
 	github.com/cjlapao/common-go v0.0.39 // indirect
-	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/davecgh/go-spew v1.1.1
 	github.com/go-logr/logr v1.4.1 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/google/uuid v1.6.0 // indirect

go.sum

@@ -6,6 +6,8 @@ github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 h1:LqbJ/WzJUwBf8UiaSzgX7aM
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2/go.mod h1:yInRyqWXAuaPrgI7p70+lDDgh3mlBohis29jGMISnmc=
 github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1 h1:DzHpqpoJVaCgOUdVHxE8QB52S6NiVdDQvGlny1qvPqA=
 github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI=
+github.com/breml/rootcerts v0.2.16 h1:yN1TGvicfHx8dKz3OQRIrx/5nE/iN3XT1ibqGbd6urc=
+github.com/breml/rootcerts v0.2.16/go.mod h1:S/PKh+4d1HUn4HQovEB8hPJZO6pUZYrIhmXBhsegfXw=
 github.com/cjlapao/common-go v0.0.39 h1:bAAUrj2B9v0kMzbAOhzjSmiyDy+rd56r2sy7oEiQLlA=
 github.com/cjlapao/common-go v0.0.39/go.mod h1:M3dzazLjTjEtZJbbxoA5ZDiGCiHmpwqW9l4UWaddwOA=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=

pkg/graphhelper/graphhelper.go

@@ -2,22 +2,21 @@ package graphhelper
 
 import (
 	"context"
-	"fmt"
-	"os"
 	"strings"
 
 	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
 	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
 	auth "github.com/microsoft/kiota-authentication-azure-go"
 	msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
-	// "github.com/microsoftgraph/msgraph-sdk-go/models"
-	// "github.com/microsoftgraph/msgraph-sdk-go/users"
+	"github.com/microsoftgraph/msgraph-sdk-go/models"
+	"github.com/microsoftgraph/msgraph-sdk-go/users"
 )
 
 type GraphHelper struct {
-	deviceCodeCredential *azidentity.DeviceCodeCredential
-	userClient           *msgraphsdk.GraphServiceClient
-	graphUserScopes      []string
+	// deviceCodeCredential *azidentity.DeviceCodeCredential
+	InteractiveBrowserCredential *azidentity.InteractiveBrowserCredential
+	userClient                   *msgraphsdk.GraphServiceClient
+	graphUserScopes              []string
 }
 
 func NewGraphHelper() *GraphHelper {
@@ -26,25 +25,30 @@ func NewGraphHelper() *GraphHelper {
 }
 
 func (g *GraphHelper) InitializeGraphForUserAuth() error {
-	clientId := os.Getenv("CLIENT_ID")
-	tenantId := os.Getenv("TENANT_ID")
-	scopes := os.Getenv("GRAPH_USER_SCOPES")
+	// clientId := os.Getenv("CLIENT_ID")
+	clientId := "dccb4b93-3f75-4775-a94a-da39216d7daf"
+	// tenantId := os.Getenv("TENANT_ID")
+	tenantId := "ceeae22e-f163-4ac9-b7c2-45972d3aed4f"
+	// scopes := os.Getenv("GRAPH_USER_SCOPES")
+	scopes := "user.read"
 	g.graphUserScopes = strings.Split(scopes, ",")
 
 	// Create the device code credential
-	credential, err := azidentity.NewDeviceCodeCredential(&azidentity.DeviceCodeCredentialOptions{
+	// credential, err := azidentity.NewDeviceCodeCredential(&azidentity.DeviceCodeCredentialOptions{
+	credential, err := azidentity.NewInteractiveBrowserCredential(&azidentity.InteractiveBrowserCredentialOptions{
 		ClientID: clientId,
 		TenantID: tenantId,
-		UserPrompt: func(ctx context.Context, message azidentity.DeviceCodeMessage) error {
-			fmt.Println(message.Message)
-			return nil
-		},
+		// UserPrompt: func(ctx context.Context, message azidentity.DeviceCodeMessage) error {
+		// 	fmt.Println(message.Message)
+		// 	return nil
+		// },
+		RedirectURL: "https://alias.spamasaurus.com/",
 	})
 	if err != nil {
 		return err
 	}
 
-	g.deviceCodeCredential = credential
+	g.InteractiveBrowserCredential = credential
 
 	// Create an auth provider using the credential
 	authProvider, err := auth.NewAzureIdentityAuthenticationProviderWithScopes(credential, g.graphUserScopes)
@@ -66,7 +70,7 @@ func (g *GraphHelper) InitializeGraphForUserAuth() error {
 }
 
 func (g *GraphHelper) GetUserToken() (*string, error) {
-	token, err := g.deviceCodeCredential.GetToken(context.Background(), policy.TokenRequestOptions{
+	token, err := g.InteractiveBrowserCredential.GetToken(context.Background(), policy.TokenRequestOptions{
 		Scopes: g.graphUserScopes,
 	})
 	if err != nil {
@@ -75,3 +79,15 @@ func (g *GraphHelper) GetUserToken() (*string, error) {
 
 	return &token.Token, nil
 }
+
+func (g *GraphHelper) GetUser() (models.Userable, error) {
+	query := users.UserItemRequestBuilderGetQueryParameters{
+		// Only request specific properties
+		Select: []string{"displayName", "mail", "userPrincipalName"},
+	}
+
+	return g.userClient.Me().Get(context.Background(),
+		&users.UserItemRequestBuilderGetRequestConfiguration{
+			QueryParameters: &query,
+		})
+}

pkg/spamasaurusrex/main.go

@@ -11,39 +11,66 @@ import (
 	"syscall"
 	"time"
 
+	_ "github.com/breml/rootcerts"
 	"github.com/gorilla/mux"
+
+	"github.com/davecgh/go-spew/spew"
+
+    "github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential"
 )
 
 func handler(w http.ResponseWriter, r *http.Request) {
-	query := r.URL.Query()
-	name := query.Get("name")
+	clientId := "dccb4b93-3f75-4775-a94a-da39216d7daf"
+	tenantId := "ceeae22e-f163-4ac9-b7c2-45972d3aed4f"
+	// redirectURI := "https://alias.spamasaurus.com/"
+	scopes := []string{"email"}
 
-	graphHelper := graphhelper.NewGraphHelper()
-
-	initializeGraph(graphHelper)
-	greetUser(graphHelper)
-
-	if name == "" {
-		name = "Guest"
+	// confidential clients have a credential, such as a secret or a certificate
+	cred, err := confidential.NewCredFromSecret("client_secret")
+	if err != nil {
+		// TODO: handle error
 	}
-	log.Printf("Received request for %s\n", name)
-	w.Write([]byte(fmt.Sprintf("Hello, %s\n", name)))
+
+	confidentialClient, err := confidential.New("https://login.microsoftonline.com/" + tenantId, clientId, cred)
+	if err != nil {
+		// TODO: handle error
+	}
+
+	result, err := confidentialClient.AcquireTokenSilent(context.TODO(), scopes)
+	if err != nil {
+		// cache miss, authenticate with another AcquireToken... method
+		result, err = confidentialClient.AcquireTokenByCredential(context.TODO(), scopes)
+		if err != nil {
+			// TODO: handle error
+		}
+	}
+	// accessToken := result.AccessToken
+	w.Write([]byte(fmt.Sprintf("Hello, %s\n", spew.Sdump(result.AccessToken))))
 }
 
 func healthHandler(w http.ResponseWriter, r *http.Request) {
 	w.WriteHeader(http.StatusOK)
 }
 
+func loginHandler(w http.ResponseWriter, r *http.Request) {
+	clientId := "dccb4b93-3f75-4775-a94a-da39216d7daf"
+	tenantId := "ceeae22e-f163-4ac9-b7c2-45972d3aed4f"
+	redirectURI := "https://alias.spamasaurus.com/"
+
+	http.Redirect(w, r,
+		"https://login.microsoftonline.com/"+tenantId+"/oauth2/v2.0/authorize?client_id="+clientId+"&response_type=code&redirect_uri="+redirectURI+"&scope=openid profile offline_access", http.StatusMovedPermanently)
+}
+
 func readinessHandler(w http.ResponseWriter, r *http.Request) {
 	w.WriteHeader(http.StatusOK)
 }
 
 func main() {
-	// Create Server and Route Handlers
 	r := mux.NewRouter()
 
 	r.HandleFunc("/", handler)
 	r.HandleFunc("/health", healthHandler)
+	r.HandleFunc("/login", loginHandler)
 	r.HandleFunc("/readiness", readinessHandler)
 
 	srv := &http.Server{
@@ -88,10 +115,6 @@ func initializeGraph(graphHelper *graphhelper.GraphHelper) {
 	}
 }
 
-func greetUser(graphHelper *graphhelper.GraphHelper) {
-	// TODO
-}
-
 func displayAccessToken(graphHelper *graphhelper.GraphHelper) {
 	token, err := graphHelper.GetUserToken()
 	if err != nil {