From 8692799e6540e3d2bceceec5a6a96f90e7db0fa6 Mon Sep 17 00:00:00 2001
From: Frode Aannevik <frode.aa@gmail.com>
Date: Sun, 18 Nov 2018 19:52:00 +0100
Subject: [PATCH] Fix expired oauth2_access_token

Use `expires_in` from the oauth2 response
to reset the oauth2_access_token before
it expires

divides the `expires_in` by 2 to ensure
the access_token is cleared before it
expires

ref: https://github.com/OfflineIMAP/offlineimap/issues/536

Signed-off-by: Frode Aannevik <frode.aa@gmail.com>
Signed-off-by: Nicolas Sebrecht <nicolas.s-dev@laposte.net>
---
 offlineimap/imapserver.py | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/offlineimap/imapserver.py b/offlineimap/imapserver.py
index a412b7d..5eef250 100644
--- a/offlineimap/imapserver.py
+++ b/offlineimap/imapserver.py
@@ -15,6 +15,7 @@
 #    along with this program; if not, write to the Free Software
 #    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301 USA
 
+import datetime
 import hmac
 import socket
 import json
@@ -111,6 +112,7 @@ class IMAPServer(object):
         self.oauth2_client_id = repos.getoauth2_client_id()
         self.oauth2_client_secret = repos.getoauth2_client_secret()
         self.oauth2_request_url = repos.getoauth2_request_url()
+        self.oauth2_access_token_expires_at = None
 
         self.delim = None
         self.root = None
@@ -219,6 +221,12 @@ class IMAPServer(object):
         return retval
 
     def __xoauth2handler(self, response):
+        now = datetime.datetime.now()
+        if self.oauth2_access_token_expires_at \
+                and self.oauth2_access_token_expires_at < now:
+            self.oauth2_access_token = None
+            self.ui.debug('imap', 'xoauth2handler: oauth2_access_token expired')
+
         if self.oauth2_access_token is None:
             if self.oauth2_request_url is None:
                 raise OfflineImapError("No remote oauth2_request_url for "
@@ -256,9 +264,13 @@ class IMAPServer(object):
                 raise OfflineImapError("xoauth2handler got: %s"% resp,
                     OfflineImapError.ERROR.REPO)
             self.oauth2_access_token = resp['access_token']
+            if u'expires_in' in resp:
+                self.oauth2_access_token_expires_at = now + datetime.timedelta(
+                    seconds=resp['expires_in']/2
+                )
 
-        self.ui.debug('imap', 'xoauth2handler: access_token "%s"'%
-            self.oauth2_access_token)
+        self.ui.debug('imap', 'xoauth2handler: access_token "%s expires %s"'% (
+            self.oauth2_access_token, self.oauth2_access_token_expires_at))
         auth_string = 'user=%s\1auth=Bearer %s\1\1'% (
             self.username, self.oauth2_access_token)
         #auth_string = base64.b64encode(auth_string)