From 10fcadd8f821267bdd09f91d9be3c5f64e34bf37 Mon Sep 17 00:00:00 2001
From: Michael Kochell <6913320+mickmister@users.noreply.github.com>
Date: Wed, 7 Jul 2021 12:07:56 -0400
Subject: [PATCH 1/2] remove mail permissions, add mailbox setting permission

---
 server/remote/msgraph/remote.go | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/server/remote/msgraph/remote.go b/server/remote/msgraph/remote.go
index d0d8bcf3..72bd3975 100644
--- a/server/remote/msgraph/remote.go
+++ b/server/remote/msgraph/remote.go
@@ -80,8 +80,7 @@ func (r *impl) NewOAuth2Config() *oauth2.Config {
 			"User.Read",
 			"Calendars.ReadWrite",
 			"Calendars.ReadWrite.Shared",
-			"Mail.Read",
-			"Mail.Send",
+			"MailboxSettings.Read",
 		},
 		Endpoint: microsoft.AzureADEndpoint(r.conf.OAuth2Authority),
 	}

From e55045a1bbaf4b60237ac23ab8bfb80c195f03dc Mon Sep 17 00:00:00 2001
From: Michael Kochell <6913320+mickmister@users.noreply.github.com>
Date: Thu, 8 Jul 2021 02:33:00 -0400
Subject: [PATCH 2/2] fix test

---
 server/mscalendar/oauth2_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/mscalendar/oauth2_test.go b/server/mscalendar/oauth2_test.go
index 2fc3220e..17e1caba 100644
--- a/server/mscalendar/oauth2_test.go
+++ b/server/mscalendar/oauth2_test.go
@@ -112,7 +112,7 @@ func TestInitOAuth2(t *testing.T) {
 				ss.EXPECT().LoadUser(fakeID).Return(nil, errors.New("remote user not found")).Times(1)
 				ss.EXPECT().StoreOAuth2State(gomock.Any()).Return(nil).Times(1)
 			},
-			expectURL: "https://login.microsoftonline.com/common/oauth2/v2.0/authorize?access_type=offline&client_id=fakeclientid&redirect_uri=http%3A%2F%2Flocalhost%2Foauth2%2Fcomplete&response_type=code&scope=offline_access+User.Read+Calendars.ReadWrite+Calendars.ReadWrite.Shared+Mail.Read+Mail.Send&state=kbb9cs43z3fxxpc_fake%40mattermost.com",
+			expectURL: "https://login.microsoftonline.com/common/oauth2/v2.0/authorize?access_type=offline&client_id=fakeclientid&redirect_uri=http%3A%2F%2Flocalhost%2Foauth2%2Fcomplete&response_type=code&scope=offline_access+User.Read+Calendars.ReadWrite+Calendars.ReadWrite.Shared+MailboxSettings.Read%40mattermost.com",
 		},
 	}