@@ -66,6 +66,13 @@ func (s *m365SessionStore) save(session m365Session) {
6666 s .sessions = make (map [string ]m365Session )
6767 }
6868
69+ now := time .Now ()
70+ for state , existing := range s .sessions {
71+ if ! existing .ExpiresAt .IsZero () && now .After (existing .ExpiresAt ) {
72+ delete (s .sessions , state )
73+ }
74+ }
75+
6976 s .sessions [session .State ] = session
7077}
7178
@@ -142,6 +149,7 @@ func (s *Server) handleM365Sessions(w http.ResponseWriter, r *http.Request) {
142149 ExpectedEmail string `json:"expected_email"`
143150 ForceConsent bool `json:"force_consent"`
144151 }
152+ r .Body = http .MaxBytesReader (w , r .Body , 4096 )
145153 if err := json .NewDecoder (r .Body ).Decode (& req ); err != nil {
146154 writeJSONError (w , http .StatusBadRequest , err )
147155 return
@@ -180,7 +188,7 @@ func (s *Server) handleM365Start(w http.ResponseWriter, r *http.Request) {
180188 state := strings .TrimPrefix (r .URL .Path , "/m365/start/" )
181189 session , err := s .m365Sessions .get (state )
182190 if err != nil {
183- writeJSONError (w , http .StatusNotFound , err )
191+ s . renderErrorPage (w , "Microsoft 365 login link expired or not found" , http .StatusNotFound )
184192 return
185193 }
186194
@@ -283,7 +291,7 @@ func (s *Server) m365OAuthConfig(redirectURL string) oauth2.Config {
283291
284292 return oauth2.Config {
285293 ClientID : s .m365ClientID ,
286- Endpoint : oauth2.Endpoint {AuthURL : base + "/authorize" , TokenURL : base + "/token" },
294+ Endpoint : oauth2.Endpoint {AuthURL : base + "/authorize" , TokenURL : base + "/token" , AuthStyle : oauth2 . AuthStyleInParams },
287295 RedirectURL : redirectURL ,
288296 Scopes : []string {"offline_access" , "User.Read" , "Mail.Read" , "Calendars.Read" },
289297 }
@@ -381,7 +389,7 @@ func validateM365Email(expected string, actual string) error {
381389 want := strings .ToLower (strings .TrimSpace (expected ))
382390 got := strings .ToLower (strings .TrimSpace (actual ))
383391 if want == "" || got == "" || want != got {
384- return fmt .Errorf ("%w: expected %s got %s " , errM365EmailMismatch , want , got )
392+ return fmt .Errorf ("%w: email mismatch " , errM365EmailMismatch )
385393 }
386394
387395 return nil
0 commit comments