From 00400562d404dd322da91ceea68499955b0a8753 Mon Sep 17 00:00:00 2001
From: Mark Hilbush <mark@hilbush.com>
Date: Thu, 30 Jun 2022 13:01:44 -0400
Subject: [PATCH] [googletts] Fix authorization from returning null refresh
 token (#13042)

Signed-off-by: Mark Hilbush <mark@hilbush.com>
---
 bundles/org.openhab.voice.googletts/README.md            | 2 +-
 .../openhab/voice/googletts/internal/GoogleCloudAPI.java | 9 ++++++++-
 .../src/main/resources/OH-INF/config/config.xml          | 2 +-
 .../src/main/resources/OH-INF/i18n/googletts.properties  | 2 +-
 4 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/bundles/org.openhab.voice.googletts/README.md b/bundles/org.openhab.voice.googletts/README.md
index adfbd5e86..426b571e6 100644
--- a/bundles/org.openhab.voice.googletts/README.md
+++ b/bundles/org.openhab.voice.googletts/README.md
@@ -39,7 +39,7 @@ Using your favorite configuration UI to edit **Settings / Other Services - Googl
 * **Client Secret** - Google Cloud Platform OAuth 2.0-Client Secret.
 * **Authorization Code** - This code is used once for retrieving the Google Cloud Platform access and refresh tokens.
 **Please go to your browser ...**
-[https://accounts.google.com/o/oauth2/v2/auth?scope=https://www.googleapis.com/auth/cloud-platform&access_type=offline&include_granted_scopes=true&response_type=code&redirect_uri=https://www.google.com&client_id=<clientId>](https://accounts.google.com/o/oauth2/v2/auth?scope=https://www.googleapis.com/auth/cloud-platform&access_type=offline&include_granted_scopes=true&response_type=code&redirect_uri=https://www.google.com&client_id=<clientId>) (replace `<clientId>` by your Client Id)
+[https://accounts.google.com/o/oauth2/v2/auth?scope=https://www.googleapis.com/auth/cloud-platform&access_type=offline&include_granted_scopes=true&response_type=code&redirect_uri=https://www.google.com&client_id=<clientId>](https://accounts.google.com/o/oauth2/v2/auth?scope=https://www.googleapis.com/auth/cloud-platform&access_type=offline&prompt=consent&include_granted_scopes=true&response_type=code&redirect_uri=https://www.google.com&client_id=<clientId>) (replace `<clientId>` by your Client Id)
 **... to generate an authorization code and paste it here**.
 After your browser has been redirected to https://www.google.com, the authorization code will be set in the browser URL as value of the "code" URL query parameter.
 After initial authorization, this code is not needed anymore.
diff --git a/bundles/org.openhab.voice.googletts/src/main/java/org/openhab/voice/googletts/internal/GoogleCloudAPI.java b/bundles/org.openhab.voice.googletts/src/main/java/org/openhab/voice/googletts/internal/GoogleCloudAPI.java
index 2d782b565..e4b6e05e0 100644
--- a/bundles/org.openhab.voice.googletts/src/main/java/org/openhab/voice/googletts/internal/GoogleCloudAPI.java
+++ b/bundles/org.openhab.voice.googletts/src/main/java/org/openhab/voice/googletts/internal/GoogleCloudAPI.java
@@ -189,7 +189,11 @@ class GoogleCloudAPI {
         if (authcode != null && !authcode.isEmpty()) {
             logger.debug("Trying to get access and refresh tokens.");
             try {
-                oAuthService.getAccessTokenResponseByAuthorizationCode(authcode, GCP_REDIRECT_URI);
+                AccessTokenResponse response = oAuthService.getAccessTokenResponseByAuthorizationCode(authcode,
+                        GCP_REDIRECT_URI);
+                if (response.getRefreshToken() == null || response.getRefreshToken().isEmpty()) {
+                    throw new AuthenticationException("Error fetching refresh token. Please reauthorize");
+                }
             } catch (OAuthException | OAuthResponseException e) {
                 logger.debug("Error fetching access token: {}", e.getMessage(), e);
                 throw new AuthenticationException(
@@ -232,6 +236,9 @@ class GoogleCloudAPI {
                 || accessTokenResponse.getAccessToken().isEmpty()) {
             throw new AuthenticationException("No access token. Is this thing authorized?");
         }
+        if (accessTokenResponse.getRefreshToken() == null || accessTokenResponse.getRefreshToken().isEmpty()) {
+            throw new AuthenticationException("No refresh token. Please reauthorize");
+        }
         return BEARER + accessTokenResponse.getAccessToken();
     }
 
diff --git a/bundles/org.openhab.voice.googletts/src/main/resources/OH-INF/config/config.xml b/bundles/org.openhab.voice.googletts/src/main/resources/OH-INF/config/config.xml
index 844467b6e..f92ce5b80 100644
--- a/bundles/org.openhab.voice.googletts/src/main/resources/OH-INF/config/config.xml
+++ b/bundles/org.openhab.voice.googletts/src/main/resources/OH-INF/config/config.xml
@@ -26,7 +26,7 @@
 		</parameter>
 		<parameter name="authcode" type="text" groupName="authentication">
 			<label>Authorization Code</label>
-			<description><![CDATA[This code is used once for retrieving the Google Cloud Platform access and refresh tokens. Open the following URL in your browser to generate an authorization code:<br><br>https://accounts.google.com/o/oauth2/v2/auth?scope=https://www.googleapis.com/auth/cloud-platform&access_type=offline&include_granted_scopes=true&response_type=code&redirect_uri=https://www.google.com&client_id={{clientId}}<br><br>After your browser has been redirected to https://www.google.com, the authorization code will be set in the browser URL as value of the "code" URL query parameter.]]></description>
+			<description><![CDATA[This code is used once for retrieving the Google Cloud Platform access and refresh tokens. Open the following URL in your browser to generate an authorization code:<br><br>https://accounts.google.com/o/oauth2/v2/auth?scope=https://www.googleapis.com/auth/cloud-platform&access_type=offline&prompt=consent&include_granted_scopes=true&response_type=code&redirect_uri=https://www.google.com&client_id={{clientId}}<br><br>After your browser has been redirected to https://www.google.com, the authorization code will be set in the browser URL as value of the "code" URL query parameter.]]></description>
 		</parameter>
 		<parameter name="pitch" type="decimal" min="-20" max="20" step="0.1" groupName="tts">
 			<label>Pitch</label>
diff --git a/bundles/org.openhab.voice.googletts/src/main/resources/OH-INF/i18n/googletts.properties b/bundles/org.openhab.voice.googletts/src/main/resources/OH-INF/i18n/googletts.properties
index eee173c58..2f3850d25 100644
--- a/bundles/org.openhab.voice.googletts/src/main/resources/OH-INF/i18n/googletts.properties
+++ b/bundles/org.openhab.voice.googletts/src/main/resources/OH-INF/i18n/googletts.properties
@@ -1,5 +1,5 @@
 voice.config.googletts.authcode.label = Authorization Code
-voice.config.googletts.authcode.description = This code is used once for retrieving the Google Cloud Platform access and refresh tokens. Open the following URL in your browser to generate an authorization code:<br><br>https://accounts.google.com/o/oauth2/v2/auth?scope=https://www.googleapis.com/auth/cloud-platform&access_type=offline&include_granted_scopes=true&response_type=code&redirect_uri=https://www.google.com&client_id={{clientId}}<br><br>After your browser has been redirected to https://www.google.com, the authorization code will be set in the browser URL as value of the "code" URL query parameter.
+voice.config.googletts.authcode.description = This code is used once for retrieving the Google Cloud Platform access and refresh tokens. Open the following URL in your browser to generate an authorization code:<br><br>https://accounts.google.com/o/oauth2/v2/auth?scope=https://www.googleapis.com/auth/cloud-platform&access_type=offline&prompt=consent&include_granted_scopes=true&response_type=code&redirect_uri=https://www.google.com&client_id={{clientId}}<br><br>After your browser has been redirected to https://www.google.com, the authorization code will be set in the browser URL as value of the "code" URL query parameter.
 voice.config.googletts.clientId.label = Client Id
 voice.config.googletts.clientId.description = Google Cloud Platform OAuth 2.0-Client Id.
 voice.config.googletts.clientSecret.label = Client Secret