From dfae6ee4f74df423e6f8d5f68cb429a98f0b581a Mon Sep 17 00:00:00 2001
From: Kevin Lyda <kevin@ie.suberic.net>
Date: Thu, 9 Aug 2018 08:41:09 +0100
Subject: [PATCH] Cleaned up and documented MSG-API usage.

---
 server/auth/microsoft/microsoft.go | 28 ++++++++++++++--------------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/server/auth/microsoft/microsoft.go b/server/auth/microsoft/microsoft.go
index 576cbe3b..49d9b822 100644
--- a/server/auth/microsoft/microsoft.go
+++ b/server/auth/microsoft/microsoft.go
@@ -85,9 +85,6 @@ func (c *Config) getDocument(token *oauth2.Token, pathElements ...string) map[st
 // https://developer.microsoft.com/en-us/graph/docs/concepts/v1-overview
 func (c *Config) getMe(token *oauth2.Token, item string) string {
 	document := c.getDocument(token, "/me")
-	if len(document) == 0 {
-		return ""
-	}
 	if value, ok := document[item].(string); ok {
 		return value
 	}
@@ -97,9 +94,19 @@ func (c *Config) getMe(token *oauth2.Token, item string) string {
 // Check against verified domains from "/organization" endpoint of MSG-API.
 func (c *Config) verifyTenant(token *oauth2.Token) bool {
 	document := c.getDocument(token, "/organization")
-	if len(document) == 0 {
-		return false
-	}
+	// The domains for an organisation are in an array of structs under
+	// verifiedDomains, which is in a struct which is in turn an array
+	// of such structs under value in the document.  Which in json looks
+	// like this:
+	// { "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#organization",
+	//   "value": [ {
+	//      ...
+	//      "verifiedDomains": [ {
+	//                    ...
+	//                    "name": "M365x214355.onmicrosoft.com",
+	//            } ]
+	//   } ]
+	//}
 	var value []interface{}
 	var ok bool
 	if value, ok = document["value"].([]interface{}); !ok {
@@ -121,14 +128,7 @@ func (c *Config) verifyTenant(token *oauth2.Token) bool {
 
 // Check against groups from /users/{id}/memberOf endpoint of MSG-API.
 func (c *Config) verifyGroups(token *oauth2.Token) bool {
-	id := c.getMe(token, "id")
-	if id == "" {
-		return false
-	}
-	document := c.getDocument(token, "/users/", id, "/memberOf")
-	if len(document) == 0 {
-		return false
-	}
+	document := c.getDocument(token, "/users/me/memberOf")
 	var value []interface{}
 	var ok bool
 	if value, ok = document["value"].([]interface{}); !ok {
-- 
GitLab