1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228
//! An Outlook mailer, usable either stand-alone or as `dyn Mailer` using the `async_mailer` crate.
//!
//! Example:
//! ```no_run
//! let mailer = OutlookMailer::new(
//! "<Microsoft Identity service tenant>",
//! "<OAuth2 app GUID>",
//! "<OAuth2 app secret>"
//! ).await?;
//!
//! let message = MessageBuilder::new()
//! .from(("From Name", "from@example.com"))
//! .to("to@example.com")
//! .subject("Subject")
//! .text_body("Mail body");
//!
//! mailer.send_mail(&message).await?;
//! ```
use async_trait::async_trait;
use base64::{engine::general_purpose::STANDARD as base64_engine, Engine as _};
use reqwest::header::{HeaderMap, AUTHORIZATION, CONTENT_TYPE};
use secrecy::{ExposeSecret, Secret};
use serde::Deserialize;
#[cfg(feature = "tracing")]
use tracing::{debug, error, info, instrument};
use async_mailer_core::mail_send::smtp::message::Message;
use async_mailer_core::util;
pub use async_mailer_core::{Mailer, MailerError};
/// Error returned by [`OutlookMailer::new`] and [`OutlookMailer::send_mail`].
#[derive(Debug, thiserror::Error)]
pub enum OutlookMailerError {
#[error("failed to retrieve Microsoft Graph API access token")]
RetrieveAccessToken(#[from] OutlookAccessTokenError),
#[error("failed request attempting to send Outlook MIME mail through Microsoft Graph API")]
SendMailRequest(reqwest::Error),
#[error("failed sending Outlook MIME mail through Microsoft Graph API")]
SendMailResponse(reqwest::Error),
#[cfg(feature = "tracing")]
#[error("failed retrieving response body from Microsoft Graph API")]
SendMailResponseBody(reqwest::Error),
}
/// Error returned by [`OutlookMailer::new`] if an access token cannot be retrieved.
#[derive(Debug, thiserror::Error)]
pub enum OutlookAccessTokenError {
#[error("failed sending OAuth2 client credentials grant access token request to Microsoft Identity service")]
SendRequest(reqwest::Error),
#[error("failed receiving OAuth2 client credentials grant access token response from Microsoft Identity service")]
ReceiveResponse(reqwest::Error),
#[error("failed to parse OAuth2 client credentials grant access token response from Microsoft Identity service")]
ParseResponse(serde_json::Error),
}
/// An Outlook mailer client, implementing the `async_mailer::Mailer` trait to be used as runtime-pluggable trait object.
///
/// Sends mail authenticated by OAuth2 client credentials grant via the Microsoft Graph API.
#[derive(Clone, Debug)]
pub struct OutlookMailer {
http_client: reqwest::Client,
access_token: Secret<String>,
}
impl OutlookMailer {
/// Create a new Outlook mailer client.
///
/// Returns a [`OutlookMailerError::RetrieveAccessToken`]
/// when the attempt to retrieve an access token from the Microsoft Identity Service fails.
#[cfg_attr(feature = "tracing", instrument)]
pub async fn new(
tenant: String,
app_guid: String,
secret: Secret<String>,
) -> Result<Self, MailerError> {
let http_client = reqwest::Client::new();
let access_token = Self::get_access_token(&tenant, &app_guid, &secret, http_client.clone())
.await
.map_err(OutlookMailerError::RetrieveAccessToken)?;
Ok(Self {
http_client,
access_token,
})
}
/// Retrieve an OAuth2 client credentials grant access token from the Microsoft Identity service.
///
/// Returns a [`OutlookAccessTokenError`] in case of request, response or JSON parse failure.
#[cfg_attr(feature = "tracing", instrument)]
async fn get_access_token(
tenant_id: &str,
client_id: &str,
client_secret: &Secret<String>,
http_client: reqwest::Client,
) -> Result<Secret<String>, OutlookAccessTokenError> {
let token_url = format!("https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token");
let form_data = [
("client_id", client_id),
("client_secret", client_secret.expose_secret()),
("grant_type", "client_credentials"),
("scope", &["https://graph.microsoft.com/.default"].join(" ")),
];
let response = http_client
.post(&token_url)
.form(&form_data)
.send()
.await
.map_err(OutlookAccessTokenError::SendRequest)?;
let response_data = response
.bytes()
.await
.map_err(OutlookAccessTokenError::ReceiveResponse)?;
let token_response: TokenResponse = serde_json::from_slice(&response_data)
.map_err(OutlookAccessTokenError::ParseResponse)?;
Ok(Secret::from(token_response.access_token))
}
}
#[async_trait]
impl Mailer for OutlookMailer {
/// Send the prepared MIME message via the Microsoft Graph API.
#[cfg_attr(feature = "tracing", instrument(skip(message)))]
async fn send_mail(&self, message: Message<'_>) -> Result<(), MailerError> {
// Extract sender address necessary for Microsoft Graph API call.
let from_address = message.mail_from.email.to_string();
#[cfg(feature = "tracing")]
// Extract recipient addresses for tracing log output.
let recipient_addresses = {
let recipient_addresses = util::format_recipient_addresses(&message);
info!("Sending Outlook mail to {recipient_addresses}...");
recipient_addresses
};
// Encode the message body according to the MIME-mail API endpoint documentation:
// https://learn.microsoft.com/en-us/graph/api/user-sendmail?view=graph-rest-1.0&tabs=http#example-4-send-a-new-message-using-mime-format
// See also https://learn.microsoft.com/en-us/graph/outlook-send-mime-message
let message_base64 = base64_engine.encode(&message.body);
// Prepare the authorization header with OAuth 2.0 client credentials grant bearer token.
let mut headers = HeaderMap::new();
headers.insert(
AUTHORIZATION,
format!("Bearer {}", self.access_token.expose_secret())
.parse()
.unwrap(),
);
headers.insert(CONTENT_TYPE, "text/plain".parse().unwrap());
// Send the mail via Graph API.
let response = self
.http_client
.post(format!(
"https://graph.microsoft.com/v1.0/users/{from_address}/sendMail",
))
.headers(headers)
.body(message_base64)
.send()
.await
.map_err(OutlookMailerError::SendMailRequest)?;
{
// Get result with empty ok or status code error
// before moving `response` to consume the body.
let success = response
.error_for_status_ref()
// Un-reference `response`, so we can move out of it with `response.text()`.
.map(|_| {});
#[cfg(feature = "tracing")]
{
match success {
Ok(()) => {
info!("Sent Outlook mail to {recipient_addresses}");
debug!(?response);
}
Err(ref error) => {
error!(
?error,
"Failed to send Outlook mail to {recipient_addresses}"
);
error!(?response);
}
};
// Log the response JSON as plain text.
let response_text = response
.text()
.await
.map_err(OutlookMailerError::SendMailResponseBody)?;
match &success {
Ok(_) => debug!(response_text),
Err(_) => error!(response_text),
}
}
success
}
.map_err(OutlookMailerError::SendMailResponse)?;
Ok(())
}
}
/// The Microsoft Identity Service access token request JSON success response.
#[derive(Debug, Deserialize)]
struct TokenResponse {
// token_type: String,
// expires_in: i32,
// ext_expires_in: i32,
access_token: String,
}