feat: update M365 credentials form (#8929)

Co-authored-by: HugoPBrito <hugopbrit@gmail.com>
2026-01-25 02:08:11 +00:00 · 2025-10-20 13:51:11 +02:00
parent 985d73f44f
commit 0b9969a723
18 changed files with 382 additions and 159 deletions
--- a/ui/types/components.ts
+++ b/ui/types/components.ts
@@ -213,15 +213,24 @@ export type AzureCredentials = {
  [ProviderCredentialFields.PROVIDER_ID]: string;
 };

-export type M365Credentials = {
+export type M365ClientSecretCredentials = {
  [ProviderCredentialFields.CLIENT_ID]: string;
  [ProviderCredentialFields.CLIENT_SECRET]: string;
  [ProviderCredentialFields.TENANT_ID]: string;
-  [ProviderCredentialFields.USER]?: string;
-  [ProviderCredentialFields.PASSWORD]?: string;
  [ProviderCredentialFields.PROVIDER_ID]: string;
 };

+export type M365CertificateCredentials = {
+  [ProviderCredentialFields.CLIENT_ID]: string;
+  [ProviderCredentialFields.CERTIFICATE_CONTENT]: string;
+  [ProviderCredentialFields.TENANT_ID]: string;
+  [ProviderCredentialFields.PROVIDER_ID]: string;
+};
+
+export type M365Credentials =
+  | M365ClientSecretCredentials
+  | M365CertificateCredentials;
+
 export type GCPDefaultCredentials = {
  client_id: string;
  client_secret: string;
--- a/ui/types/formSchemas.ts
+++ b/ui/types/formSchemas.ts
@@ -168,12 +168,13 @@ export const addCredentialsFormSchema = (
                      .min(1, "Client ID is required"),
                    [ProviderCredentialFields.CLIENT_SECRET]: z
                      .string()
-                      .min(1, "Client Secret is required"),
+                      .optional(),
+                    [ProviderCredentialFields.CERTIFICATE_CONTENT]: z
+                      .string()
+                      .optional(),
                    [ProviderCredentialFields.TENANT_ID]: z
                      .string()
                      .min(1, "Tenant ID is required"),
-                    [ProviderCredentialFields.USER]: z.string().optional(),
-                    [ProviderCredentialFields.PASSWORD]: z.string().optional(),
                  }
                : providerType === "github"
                  ? {
@@ -194,23 +195,26 @@ export const addCredentialsFormSchema = (
    })
    .superRefine((data: Record<string, any>, ctx) => {
      if (providerType === "m365") {
-        const hasUser = !!data[ProviderCredentialFields.USER];
-        const hasPassword = !!data[ProviderCredentialFields.PASSWORD];
-
-        if (hasUser && !hasPassword) {
-          ctx.addIssue({
-            code: z.ZodIssueCode.custom,
-            message: "If you provide a user, you must also provide a password",
-            path: [ProviderCredentialFields.PASSWORD],
-          });
-        }
-
-        if (hasPassword && !hasUser) {
-          ctx.addIssue({
-            code: z.ZodIssueCode.custom,
-            message: "If you provide a password, you must also provide a user",
-            path: [ProviderCredentialFields.USER],
-          });
+        // Validate based on the via parameter
+        if (via === "app_client_secret") {
+          const clientSecret = data[ProviderCredentialFields.CLIENT_SECRET];
+          if (!clientSecret || clientSecret.trim() === "") {
+            ctx.addIssue({
+              code: "custom",
+              message: "Client Secret is required",
+              path: [ProviderCredentialFields.CLIENT_SECRET],
+            });
+          }
+        } else if (via === "app_certificate") {
+          const certificateContent =
+            data[ProviderCredentialFields.CERTIFICATE_CONTENT];
+          if (!certificateContent || certificateContent.trim() === "") {
+            ctx.addIssue({
+              code: "custom",
+              message: "Certificate Content is required",
+              path: [ProviderCredentialFields.CERTIFICATE_CONTENT],
+            });
+          }
        }
      }

@@ -219,7 +223,7 @@ export const addCredentialsFormSchema = (
        if (via === "personal_access_token") {
          if (!data[ProviderCredentialFields.PERSONAL_ACCESS_TOKEN]) {
            ctx.addIssue({
-              code: z.ZodIssueCode.custom,
+              code: "custom",
              message: "Personal Access Token is required",
              path: [ProviderCredentialFields.PERSONAL_ACCESS_TOKEN],
            });
@@ -227,7 +231,7 @@ export const addCredentialsFormSchema = (
        } else if (via === "oauth_app") {
          if (!data[ProviderCredentialFields.OAUTH_APP_TOKEN]) {
            ctx.addIssue({
-              code: z.ZodIssueCode.custom,
+              code: "custom",
              message: "OAuth App Token is required",
              path: [ProviderCredentialFields.OAUTH_APP_TOKEN],
            });
@@ -235,14 +239,14 @@ export const addCredentialsFormSchema = (
        } else if (via === "github_app") {
          if (!data[ProviderCredentialFields.GITHUB_APP_ID]) {
            ctx.addIssue({
-              code: z.ZodIssueCode.custom,
+              code: "custom",
              message: "GitHub App ID is required",
              path: [ProviderCredentialFields.GITHUB_APP_ID],
            });
          }
          if (!data[ProviderCredentialFields.GITHUB_APP_KEY]) {
            ctx.addIssue({
-              code: z.ZodIssueCode.custom,
+              code: "custom",
              message: "GitHub App Private Key is required",
              path: [ProviderCredentialFields.GITHUB_APP_KEY],
            });
@@ -390,7 +394,7 @@ export const mutedFindingsConfigFormSchema = z.object({
      const yamlValidation = validateYaml(val);
      if (!yamlValidation.isValid) {
        ctx.addIssue({
-          code: z.ZodIssueCode.custom,
+          code: "custom",
          message: `Invalid YAML format: ${yamlValidation.error}`,
        });
        return;
@@ -399,7 +403,7 @@ export const mutedFindingsConfigFormSchema = z.object({
      const mutelistValidation = validateMutelistYaml(val);
      if (!mutelistValidation.isValid) {
        ctx.addIssue({
-          code: z.ZodIssueCode.custom,
+          code: "custom",
          message: `Invalid mutelist structure: ${mutelistValidation.error}`,
        });
      }