From bdc131b3c64137252dc46fdbf007a055b73342fb Mon Sep 17 00:00:00 2001
From: Robert Knight <robertknight@gmail.com>
Date: Fri, 14 Jun 2024 12:49:47 +0100
Subject: [PATCH] Switch to using non-restricted `drive.file` permission for
 Google Drive

Switch from using the sensitive/restricted
`https://www.googleapis.com/auth/drive` scope to the non-restricted
`https://www.googleapis.com/auth/drive.file` scope. The latter allows our app to
only access files that have been shared via the Google Drive Picker, whereas the
former allows access to all files.

For this to work, the OAuth client ID needs to be passed when configuring the
picker, so that the selected file is later made available for use with the
Google Drive API client. See https://stackoverflow.com/a/58175142/434243.

Fixes https://github.com/hypothesis/lms/issues/1333
---
 .../scripts/frontend_apps/utils/google-picker-client.ts       | 3 ++-
 .../frontend_apps/utils/test/google-picker-client-test.js     | 4 +++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/lms/static/scripts/frontend_apps/utils/google-picker-client.ts b/lms/static/scripts/frontend_apps/utils/google-picker-client.ts
index d9fd495969..a30c33081f 100644
--- a/lms/static/scripts/frontend_apps/utils/google-picker-client.ts
+++ b/lms/static/scripts/frontend_apps/utils/google-picker-client.ts
@@ -4,7 +4,7 @@ import {
   loadIdentityServicesLibrary,
 } from './google-api-client';
 
-export const GOOGLE_DRIVE_SCOPE = 'https://www.googleapis.com/auth/drive';
+export const GOOGLE_DRIVE_SCOPE = 'https://www.googleapis.com/auth/drive.file';
 
 /**
  * Convert a domain (example.com) into a valid web origin (https://example.com).
@@ -199,6 +199,7 @@ export class GooglePickerClient {
     const picker = new pickerLib.PickerBuilder()
       .addView(view)
       .addView(new pickerLib.DocsUploadView())
+      .setAppId(this._clientId)
       .setCallback(pickerCallback)
       .setDeveloperKey(this._developerKey)
       .setMaxItems(1)
diff --git a/lms/static/scripts/frontend_apps/utils/test/google-picker-client-test.js b/lms/static/scripts/frontend_apps/utils/test/google-picker-client-test.js
index f87856ec28..bba55c430f 100644
--- a/lms/static/scripts/frontend_apps/utils/test/google-picker-client-test.js
+++ b/lms/static/scripts/frontend_apps/utils/test/google-picker-client-test.js
@@ -15,6 +15,7 @@ function createGoogleLibFakes() {
   const pickerBuilder = {
     addView: sinon.stub().returnsThis(),
     build: sinon.stub().returnsThis(),
+    setAppId: sinon.stub().returnsThis(),
     setCallback: sinon.stub().returnsThis(),
     setDeveloperKey: sinon.stub().returnsThis(),
     setMaxItems: sinon.stub().returnsThis(),
@@ -182,7 +183,7 @@ describe('GooglePickerClient', () => {
   });
 
   describe('#showPicker', () => {
-    it('requests authorization and sets token used by picker', async () => {
+    it('requests authorization and sets credentials used by picker', async () => {
       const client = createClient();
       client.showPicker();
 
@@ -190,6 +191,7 @@ describe('GooglePickerClient', () => {
 
       assert.ok(fakeTokenClient);
       const builder = fakeGoogleLibs.picker.api.PickerBuilder();
+      assert.calledWith(builder.setAppId, '12345');
       assert.calledWith(builder.setOAuthToken, 'the-access-token');
     });