mirror of
https://github.com/rclone/rclone
synced 2024-12-28 21:03:45 +01:00
onedrive: add config option for oauth scope Sites.Read.All (#5883)
This commit is contained in:
parent
b55575e622
commit
bc23bf11db
@ -65,9 +65,12 @@ var (
|
|||||||
authPath = "/common/oauth2/v2.0/authorize"
|
authPath = "/common/oauth2/v2.0/authorize"
|
||||||
tokenPath = "/common/oauth2/v2.0/token"
|
tokenPath = "/common/oauth2/v2.0/token"
|
||||||
|
|
||||||
|
scopesWithSitePermission = []string{"Files.Read", "Files.ReadWrite", "Files.Read.All", "Files.ReadWrite.All", "offline_access", "Sites.Read.All"}
|
||||||
|
scopesWithoutSitePermission = []string{"Files.Read", "Files.ReadWrite", "Files.Read.All", "Files.ReadWrite.All", "offline_access"}
|
||||||
|
|
||||||
// Description of how to auth for this app for a business account
|
// Description of how to auth for this app for a business account
|
||||||
oauthConfig = &oauth2.Config{
|
oauthConfig = &oauth2.Config{
|
||||||
Scopes: []string{"Files.Read", "Files.ReadWrite", "Files.Read.All", "Files.ReadWrite.All", "offline_access", "Sites.Read.All"},
|
Scopes: scopesWithSitePermission,
|
||||||
ClientID: rcloneClientID,
|
ClientID: rcloneClientID,
|
||||||
ClientSecret: obscure.MustReveal(rcloneEncryptedClientSecret),
|
ClientSecret: obscure.MustReveal(rcloneEncryptedClientSecret),
|
||||||
RedirectURL: oauthutil.RedirectLocalhostURL,
|
RedirectURL: oauthutil.RedirectLocalhostURL,
|
||||||
@ -137,6 +140,17 @@ Note that the chunks will be buffered into memory.`,
|
|||||||
Help: "The type of the drive (" + driveTypePersonal + " | " + driveTypeBusiness + " | " + driveTypeSharepoint + ").",
|
Help: "The type of the drive (" + driveTypePersonal + " | " + driveTypeBusiness + " | " + driveTypeSharepoint + ").",
|
||||||
Default: "",
|
Default: "",
|
||||||
Advanced: true,
|
Advanced: true,
|
||||||
|
}, {
|
||||||
|
Name: "disable_site_permission",
|
||||||
|
Help: `Disable the request for Sites.Read.All permission.
|
||||||
|
|
||||||
|
If set to true, you will no longer be able to search for a SharePoint site when
|
||||||
|
configuring drive ID, because rclone will not request Sites.Read.All permission.
|
||||||
|
Set it to true if your organization didn't assign Sites.Read.All permission to the
|
||||||
|
application, and your organization disallows users to consent app permission
|
||||||
|
request on their own.`,
|
||||||
|
Default: false,
|
||||||
|
Advanced: true,
|
||||||
}, {
|
}, {
|
||||||
Name: "expose_onenote_files",
|
Name: "expose_onenote_files",
|
||||||
Help: `Set to make OneNote files show up in directory listings.
|
Help: `Set to make OneNote files show up in directory listings.
|
||||||
@ -374,6 +388,12 @@ func Config(ctx context.Context, name string, m configmap.Mapper, config fs.Conf
|
|||||||
region, graphURL := getRegionURL(m)
|
region, graphURL := getRegionURL(m)
|
||||||
|
|
||||||
if config.State == "" {
|
if config.State == "" {
|
||||||
|
disableSitePermission, _ := m.Get("disable_site_permission")
|
||||||
|
if disableSitePermission == "true" {
|
||||||
|
oauthConfig.Scopes = scopesWithoutSitePermission
|
||||||
|
} else {
|
||||||
|
oauthConfig.Scopes = scopesWithSitePermission
|
||||||
|
}
|
||||||
oauthConfig.Endpoint = oauth2.Endpoint{
|
oauthConfig.Endpoint = oauth2.Endpoint{
|
||||||
AuthURL: authEndpoint[region] + authPath,
|
AuthURL: authEndpoint[region] + authPath,
|
||||||
TokenURL: authEndpoint[region] + tokenPath,
|
TokenURL: authEndpoint[region] + tokenPath,
|
||||||
@ -527,6 +547,7 @@ type Options struct {
|
|||||||
ChunkSize fs.SizeSuffix `config:"chunk_size"`
|
ChunkSize fs.SizeSuffix `config:"chunk_size"`
|
||||||
DriveID string `config:"drive_id"`
|
DriveID string `config:"drive_id"`
|
||||||
DriveType string `config:"drive_type"`
|
DriveType string `config:"drive_type"`
|
||||||
|
DisableSitePermission bool `config:"disable_site_permission"`
|
||||||
ExposeOneNoteFiles bool `config:"expose_onenote_files"`
|
ExposeOneNoteFiles bool `config:"expose_onenote_files"`
|
||||||
ServerSideAcrossConfigs bool `config:"server_side_across_configs"`
|
ServerSideAcrossConfigs bool `config:"server_side_across_configs"`
|
||||||
ListChunk int64 `config:"list_chunk"`
|
ListChunk int64 `config:"list_chunk"`
|
||||||
@ -789,6 +810,11 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, e
|
|||||||
}
|
}
|
||||||
|
|
||||||
rootURL := graphAPIEndpoint[opt.Region] + "/v1.0" + "/drives/" + opt.DriveID
|
rootURL := graphAPIEndpoint[opt.Region] + "/v1.0" + "/drives/" + opt.DriveID
|
||||||
|
if opt.DisableSitePermission {
|
||||||
|
oauthConfig.Scopes = scopesWithoutSitePermission
|
||||||
|
} else {
|
||||||
|
oauthConfig.Scopes = scopesWithSitePermission
|
||||||
|
}
|
||||||
oauthConfig.Endpoint = oauth2.Endpoint{
|
oauthConfig.Endpoint = oauth2.Endpoint{
|
||||||
AuthURL: authEndpoint[opt.Region] + authPath,
|
AuthURL: authEndpoint[opt.Region] + authPath,
|
||||||
TokenURL: authEndpoint[opt.Region] + tokenPath,
|
TokenURL: authEndpoint[opt.Region] + tokenPath,
|
||||||
|
@ -132,11 +132,13 @@ Client ID and Key by following the steps below:
|
|||||||
2. Enter a name for your app, choose account type `Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)`, select `Web` in `Redirect URI`, then type (do not copy and paste) `http://localhost:53682/` and click Register. Copy and keep the `Application (client) ID` under the app name for later use.
|
2. Enter a name for your app, choose account type `Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)`, select `Web` in `Redirect URI`, then type (do not copy and paste) `http://localhost:53682/` and click Register. Copy and keep the `Application (client) ID` under the app name for later use.
|
||||||
3. Under `manage` select `Certificates & secrets`, click `New client secret`. Enter a description (can be anything) and set `Expires` to 24 months. Copy and keep that secret _Value_ for later use (you _won't_ be able to see this value afterwards).
|
3. Under `manage` select `Certificates & secrets`, click `New client secret`. Enter a description (can be anything) and set `Expires` to 24 months. Copy and keep that secret _Value_ for later use (you _won't_ be able to see this value afterwards).
|
||||||
4. Under `manage` select `API permissions`, click `Add a permission` and select `Microsoft Graph` then select `delegated permissions`.
|
4. Under `manage` select `API permissions`, click `Add a permission` and select `Microsoft Graph` then select `delegated permissions`.
|
||||||
5. Search and select the following permissions: `Files.Read`, `Files.ReadWrite`, `Files.Read.All`, `Files.ReadWrite.All`, `offline_access`, `User.Read`. Once selected click `Add permissions` at the bottom.
|
5. Search and select the following permissions: `Files.Read`, `Files.ReadWrite`, `Files.Read.All`, `Files.ReadWrite.All`, `offline_access`, `User.Read`, and optionally `Sites.Read.All` (see below). Once selected click `Add permissions` at the bottom.
|
||||||
|
|
||||||
Now the application is complete. Run `rclone config` to create or edit a OneDrive remote.
|
Now the application is complete. Run `rclone config` to create or edit a OneDrive remote.
|
||||||
Supply the app ID and password as Client ID and Secret, respectively. rclone will walk you through the remaining steps.
|
Supply the app ID and password as Client ID and Secret, respectively. rclone will walk you through the remaining steps.
|
||||||
|
|
||||||
|
The `Sites.Read.All` permission is required if you need to [search SharePoint sites when configuring the remote](https://github.com/rclone/rclone/pull/5883). However, if that permission is not assigned, you need to set `disable_site_permission` option to true in the advanced options.
|
||||||
|
|
||||||
### Modification time and hashes
|
### Modification time and hashes
|
||||||
|
|
||||||
OneDrive allows modification times to be set on objects accurate to 1
|
OneDrive allows modification times to be set on objects accurate to 1
|
||||||
@ -493,7 +495,7 @@ setting:
|
|||||||
4. `Set-SPOTenant -EnableMinimumVersionRequirement $False`
|
4. `Set-SPOTenant -EnableMinimumVersionRequirement $False`
|
||||||
5. `Disconnect-SPOService` (to disconnect from the server)
|
5. `Disconnect-SPOService` (to disconnect from the server)
|
||||||
|
|
||||||
*Below are the steps for normal users to disable versioning. If you don't see the "No Versioning" option, make sure the above requirements are met.*
|
*Below are the steps for normal users to disable versioning. If you don't see the "No Versioning" option, make sure the above requirements are met.*
|
||||||
|
|
||||||
User [Weropol](https://github.com/Weropol) has found a method to disable
|
User [Weropol](https://github.com/Weropol) has found a method to disable
|
||||||
versioning on OneDrive
|
versioning on OneDrive
|
||||||
@ -527,8 +529,8 @@ is a great way to see what it would do.
|
|||||||
|
|
||||||
### Excessive throttling or blocked on SharePoint
|
### Excessive throttling or blocked on SharePoint
|
||||||
|
|
||||||
If you experience excessive throttling or is being blocked on SharePoint then it may help to set the user agent explicitly with a flag like this: `--user-agent "ISV|rclone.org|rclone/v1.55.1"`
|
If you experience excessive throttling or is being blocked on SharePoint then it may help to set the user agent explicitly with a flag like this: `--user-agent "ISV|rclone.org|rclone/v1.55.1"`
|
||||||
|
|
||||||
The specific details can be found in the Microsoft document: [Avoid getting throttled or blocked in SharePoint Online](https://docs.microsoft.com/en-us/sharepoint/dev/general-development/how-to-avoid-getting-throttled-or-blocked-in-sharepoint-online#how-to-decorate-your-http-traffic-to-avoid-throttling)
|
The specific details can be found in the Microsoft document: [Avoid getting throttled or blocked in SharePoint Online](https://docs.microsoft.com/en-us/sharepoint/dev/general-development/how-to-avoid-getting-throttled-or-blocked-in-sharepoint-online#how-to-decorate-your-http-traffic-to-avoid-throttling)
|
||||||
|
|
||||||
### Unexpected file size/hash differences on Sharepoint ####
|
### Unexpected file size/hash differences on Sharepoint ####
|
||||||
@ -537,7 +539,7 @@ It is a
|
|||||||
[known](https://github.com/OneDrive/onedrive-api-docs/issues/935#issuecomment-441741631)
|
[known](https://github.com/OneDrive/onedrive-api-docs/issues/935#issuecomment-441741631)
|
||||||
issue that Sharepoint (not OneDrive or OneDrive for Business) silently modifies
|
issue that Sharepoint (not OneDrive or OneDrive for Business) silently modifies
|
||||||
uploaded files, mainly Office files (.docx, .xlsx, etc.), causing file size and
|
uploaded files, mainly Office files (.docx, .xlsx, etc.), causing file size and
|
||||||
hash checks to fail. There are also other situations that will cause OneDrive to
|
hash checks to fail. There are also other situations that will cause OneDrive to
|
||||||
report inconsistent file sizes. To use rclone with such
|
report inconsistent file sizes. To use rclone with such
|
||||||
affected files on Sharepoint, you
|
affected files on Sharepoint, you
|
||||||
may disable these checks with the following command line arguments:
|
may disable these checks with the following command line arguments:
|
||||||
@ -548,9 +550,9 @@ may disable these checks with the following command line arguments:
|
|||||||
|
|
||||||
Alternatively, if you have write access to the OneDrive files, it may be possible
|
Alternatively, if you have write access to the OneDrive files, it may be possible
|
||||||
to fix this problem for certain files, by attempting the steps below.
|
to fix this problem for certain files, by attempting the steps below.
|
||||||
Open the web interface for [OneDrive](https://onedrive.live.com) and find the
|
Open the web interface for [OneDrive](https://onedrive.live.com) and find the
|
||||||
affected files (which will be in the error messages/log for rclone). Simply click on
|
affected files (which will be in the error messages/log for rclone). Simply click on
|
||||||
each of these files, causing OneDrive to open them on the web. This will cause each
|
each of these files, causing OneDrive to open them on the web. This will cause each
|
||||||
file to be converted in place to a format that is functionally equivalent
|
file to be converted in place to a format that is functionally equivalent
|
||||||
but which will no longer trigger the size discrepancy. Once all problematic files
|
but which will no longer trigger the size discrepancy. Once all problematic files
|
||||||
are converted you will no longer need the ignore options above.
|
are converted you will no longer need the ignore options above.
|
||||||
|
Loading…
Reference in New Issue
Block a user