r2591 - in /unstable/evolution-data-server/debian: changelog patches/01_Adapt-to-new-Google-HTTP-restriction.patch patches/series
bigon at users.alioth.debian.org
bigon at users.alioth.debian.org
Mon Sep 1 12:08:29 UTC 2014
Author: bigon
Date: Mon Sep 1 12:08:28 2014
New Revision: 2591
URL: http://svn.debian.org/wsvn/pkg-evolution/?sc=1&rev=2591
Log:
Add d/p/01_Adapt-to-new-Google-HTTP-restriction.patch: Adapt to new Google
HTTP restriction, this fixes authentication issue when updating the
calendar
Added:
unstable/evolution-data-server/debian/patches/01_Adapt-to-new-Google-HTTP-restriction.patch
unstable/evolution-data-server/debian/patches/series
Modified:
unstable/evolution-data-server/debian/changelog
Modified: unstable/evolution-data-server/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-evolution/unstable/evolution-data-server/debian/changelog?rev=2591&op=diff
==============================================================================
--- unstable/evolution-data-server/debian/changelog (original)
+++ unstable/evolution-data-server/debian/changelog Mon Sep 1 12:08:28 2014
@@ -1,3 +1,11 @@
+evolution-data-server (3.12.5-2) UNRELEASED; urgency=medium
+
+ * Add d/p/01_Adapt-to-new-Google-HTTP-restriction.patch: Adapt to new Google
+ HTTP restriction, this fixes authentication issue when updating the
+ calendar
+
+ -- Laurent Bigonville <bigon at debian.org> Mon, 01 Sep 2014 13:58:54 +0200
+
evolution-data-server (3.12.5-1) unstable; urgency=medium
* Team upload.
Added: unstable/evolution-data-server/debian/patches/01_Adapt-to-new-Google-HTTP-restriction.patch
URL: http://svn.debian.org/wsvn/pkg-evolution/unstable/evolution-data-server/debian/patches/01_Adapt-to-new-Google-HTTP-restriction.patch?rev=2591&op=file
==============================================================================
--- unstable/evolution-data-server/debian/patches/01_Adapt-to-new-Google-HTTP-restriction.patch (added)
+++ unstable/evolution-data-server/debian/patches/01_Adapt-to-new-Google-HTTP-restriction.patch Mon Sep 1 12:08:28 2014
@@ -0,0 +1,185 @@
+From 00a465670ef3d8adbaf011b3e697ba5befb00623 Mon Sep 17 00:00:00 2001
+From: Matthew Barnes <mbarnes at redhat.com>
+Date: Mon, 25 Aug 2014 11:01:20 -0400
+Subject: Bug 735311 - Adapt to new Google HTTP restriction
+
+Google has recently imposed a limit on the number of unauthorized HTTP
+requests to its OAuth2-based interfaces.
+
+The normal operation of SoupSession is to issue the first HTTP request
+unauthorized and see if the server issues a "401 Unauthorized" response
+(since not all HTTP services require authorization).
+
+On a "401 Unauthorized" response, SoupSession emits an "authenticate"
+signal, which the application is supposed to handle. Once credentials
+are in hand, SoupSession resends the same HTTP request and subsequent
+requests with an Authenticate header while the socket connection holds.
+
+Google's unauthorized request limit breaks this logic flow. Once the
+limit is exceeded, the Google server issues a "403 Forbidden" response
+instead of "401 Unauthorized" to an unauthorized HTTP request. This
+breaks error handling in the E-D-S CalDAV backend.
+
+The workaround is to preload the SoupAuthManager with a pre-configured
+SoupAuth when using OAuth 2.0 authentication. This avoids the initial
+unauthorized HTTP round-trip.
+
+The backend implements the GInitable interface for this since obtaining
+a valid access token is a failable step.
+
+diff --git a/calendar/backends/caldav/e-cal-backend-caldav.c b/calendar/backends/caldav/e-cal-backend-caldav.c
+index 7f10720..f94a5a9 100644
+--- a/calendar/backends/caldav/e-cal-backend-caldav.c
++++ b/calendar/backends/caldav/e-cal-backend-caldav.c
+@@ -130,6 +130,8 @@ struct _ECalBackendCalDAVPrivate {
+ };
+
+ /* Forward Declarations */
++static void e_caldav_backend_initable_init
++ (GInitableIface *interface);
+ static void caldav_source_authenticator_init
+ (ESourceAuthenticatorInterface *iface);
+
+@@ -138,6 +140,9 @@ G_DEFINE_TYPE_WITH_CODE (
+ e_cal_backend_caldav,
+ E_TYPE_CAL_BACKEND_SYNC,
+ G_IMPLEMENT_INTERFACE (
++ G_TYPE_INITABLE,
++ e_caldav_backend_initable_init)
++ G_IMPLEMENT_INTERFACE (
+ E_TYPE_SOURCE_AUTHENTICATOR,
+ caldav_source_authenticator_init))
+
+@@ -5206,11 +5211,83 @@ e_cal_backend_caldav_finalize (GObject *object)
+ G_OBJECT_CLASS (parent_class)->finalize (object);
+ }
+
+-static void
+-e_cal_backend_caldav_init (ECalBackendCalDAV *cbdav)
++static gboolean
++caldav_backend_initable_init (GInitable *initable,
++ GCancellable *cancellable,
++ GError **error)
+ {
++ ECalBackendCalDAVPrivate *priv;
+ SoupSessionFeature *feature;
++ ESource *source;
++ const gchar *extension_name;
++ gchar *auth_method = NULL;
++ gboolean success = TRUE;
++
++ priv = E_CAL_BACKEND_CALDAV_GET_PRIVATE (initable);
++
++ feature = soup_session_get_feature (
++ priv->session, SOUP_TYPE_AUTH_MANAGER);
++
++ /* Add the "Bearer" auth type to support OAuth 2.0. */
++ soup_session_feature_add_feature (feature, E_TYPE_SOUP_AUTH_BEARER);
++ g_mutex_init (&priv->bearer_auth_error_lock);
++
++ /* Preload the SoupAuthManager with a valid "Bearer" token
++ * when using OAuth 2.0. This avoids an extra unauthorized
++ * HTTP round-trip, which apparently Google doesn't like. */
++
++ source = e_backend_get_source (E_BACKEND (initable));
++
++ extension_name = E_SOURCE_EXTENSION_AUTHENTICATION;
++ if (e_source_has_extension (source, extension_name)) {
++ ESourceAuthentication *extension;
++
++ extension = e_source_get_extension (source, extension_name);
++ auth_method = e_source_authentication_dup_method (extension);
++ }
++
++ if (g_strcmp0 (auth_method, "OAuth2") == 0) {
++ ESourceWebdav *extension;
++ SoupAuth *soup_auth;
++ SoupURI *soup_uri;
++ gchar *access_token = NULL;
++ gint expires_in_seconds = -1;
++
++ extension_name = E_SOURCE_EXTENSION_WEBDAV_BACKEND;
++ extension = e_source_get_extension (source, extension_name);
++ soup_uri = e_source_webdav_dup_soup_uri (extension);
+
++ soup_auth = g_object_new (
++ E_TYPE_SOUP_AUTH_BEARER,
++ SOUP_AUTH_HOST, soup_uri->host, NULL);
++
++ success = e_source_get_oauth2_access_token_sync (
++ source, cancellable, &access_token,
++ &expires_in_seconds, error);
++
++ if (success) {
++ e_soup_auth_bearer_set_access_token (
++ E_SOUP_AUTH_BEARER (soup_auth),
++ access_token, expires_in_seconds);
++
++ soup_auth_manager_use_auth (
++ SOUP_AUTH_MANAGER (feature),
++ soup_uri, soup_auth);
++ }
++
++ g_free (access_token);
++ g_object_unref (soup_auth);
++ soup_uri_free (soup_uri);
++ }
++
++ g_free (auth_method);
++
++ return success;
++}
++
++static void
++e_cal_backend_caldav_init (ECalBackendCalDAV *cbdav)
++{
+ cbdav->priv = E_CAL_BACKEND_CALDAV_GET_PRIVATE (cbdav);
+ cbdav->priv->session = soup_session_sync_new ();
+ g_object_set (
+@@ -5225,17 +5302,6 @@ e_cal_backend_caldav_init (ECalBackendCalDAV *cbdav)
+ cbdav->priv->session, "proxy-resolver",
+ G_BINDING_SYNC_CREATE);
+
+- /* XXX SoupAuthManager is public API as of libsoup 2.42, but
+- * this isn't worth bumping our libsoup requirement over.
+- * So get the SoupAuthManager GType by its type name. */
+- feature = soup_session_get_feature (
+- cbdav->priv->session,
+- g_type_from_name ("SoupAuthManager"));
+-
+- /* Add the "Bearer" auth type to support OAuth 2.0. */
+- soup_session_feature_add_feature (feature, E_TYPE_SOUP_AUTH_BEARER);
+- g_mutex_init (&cbdav->priv->bearer_auth_error_lock);
+-
+ if (G_UNLIKELY (caldav_debug_show (DEBUG_MESSAGE)))
+ caldav_debug_setup (cbdav->priv->session);
+
+@@ -5305,3 +5371,10 @@ e_cal_backend_caldav_class_init (ECalBackendCalDAVClass *class)
+
+ backend_class->start_view = caldav_start_view;
+ }
++
++static void
++e_caldav_backend_initable_init (GInitableIface *interface)
++{
++ interface->init = caldav_backend_initable_init;
++}
++
+diff --git a/libedataserver/e-source-webdav.c b/libedataserver/e-source-webdav.c
+index 5ec6b9a..c30d353 100644
+--- a/libedataserver/e-source-webdav.c
++++ b/libedataserver/e-source-webdav.c
+@@ -244,7 +244,9 @@ source_webdav_update_soup_uri_from_properties (ESourceWebdav *webdav_extension)
+
+ soup_uri_set_user (soup_uri, user);
+ soup_uri_set_host (soup_uri, host);
+- soup_uri_set_port (soup_uri, port);
++
++ if (port > 0)
++ soup_uri_set_port (soup_uri, port);
+
+ /* SoupURI doesn't like NULL paths. */
+ soup_uri_set_path (soup_uri, (path != NULL) ? path : "");
+--
+cgit v0.10.1
+
Added: unstable/evolution-data-server/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-evolution/unstable/evolution-data-server/debian/patches/series?rev=2591&op=file
==============================================================================
--- unstable/evolution-data-server/debian/patches/series (added)
+++ unstable/evolution-data-server/debian/patches/series Mon Sep 1 12:08:28 2014
@@ -0,0 +1 @@
+01_Adapt-to-new-Google-HTTP-restriction.patch
More information about the pkg-evolution-commits
mailing list