[Pkg-owncloud-commits] [owncloud-client] 12/47: ShibbolethCredetials: Try to avoid re-auth
Sandro Knauß
hefee-guest at moszumanska.debian.org
Mon Feb 17 18:06:33 UTC 2014
This is an automated email from the git hooks/post-receive script.
hefee-guest pushed a commit to branch master
in repository owncloud-client.
commit 4ae66b8b2089b8b08d94103993332d7743086075
Author: Daniel Molkentin <danimo at owncloud.com>
Date: Thu Feb 6 13:00:57 2014 +0100
ShibbolethCredetials: Try to avoid re-auth
...by storing the shib cookie in key chain
---
src/creds/shibboleth/shibbolethwebview.cpp | 3 +-
src/creds/shibboleth/shibbolethwebview.h | 4 +-
src/creds/shibbolethcredentials.cpp | 74 ++++++++++++++++++++++++------
src/creds/shibbolethcredentials.h | 8 +++-
src/wizard/owncloudshibbolethcredspage.cpp | 6 +--
src/wizard/owncloudshibbolethcredspage.h | 3 +-
6 files changed, 78 insertions(+), 20 deletions(-)
diff --git a/src/creds/shibboleth/shibbolethwebview.cpp b/src/creds/shibboleth/shibbolethwebview.cpp
index be45c4d..825c1a5 100644
--- a/src/creds/shibboleth/shibbolethwebview.cpp
+++ b/src/creds/shibboleth/shibbolethwebview.cpp
@@ -29,6 +29,7 @@ namespace Mirall
void ShibbolethWebView::setup(Account *account, ShibbolethCookieJar* jar)
{
+ _account = account;
MirallAccessManager* nm = new MirallAccessManager(this);
// we need our own QNAM, but the we offload the SSL error handling to
// the account object, which already can do this
@@ -90,7 +91,7 @@ void ShibbolethWebView::onNewCookiesForUrl (const QList<QNetworkCookie>& cookieL
Q_EMIT otherCookiesReceived(otherCookies, url);
}
if (!shibCookie.name().isEmpty()) {
- Q_EMIT shibbolethCookieReceived(shibCookie);
+ Q_EMIT shibbolethCookieReceived(shibCookie, _account);
}
}
diff --git a/src/creds/shibboleth/shibbolethwebview.h b/src/creds/shibboleth/shibbolethwebview.h
index ec574d8..53a5b03 100644
--- a/src/creds/shibboleth/shibbolethwebview.h
+++ b/src/creds/shibboleth/shibbolethwebview.h
@@ -15,6 +15,7 @@
#define MIRALL_WIZARD_SHIBBOLETH_WEB_VIEW_H
#include <QList>
+#include <QPointer>
#include <QWebView>
class QNetworkCookie;
@@ -39,7 +40,7 @@ protected:
void hideEvent(QHideEvent* event);
Q_SIGNALS:
- void shibbolethCookieReceived(const QNetworkCookie& cookie);
+ void shibbolethCookieReceived(const QNetworkCookie& cookie, Account* account);
void viewHidden();
void otherCookiesReceived(const QList<QNetworkCookie>& cookieList, const QUrl& url);
@@ -50,6 +51,7 @@ private Q_SLOTS:
private:
void setup(Account *account, ShibbolethCookieJar* jar);
+ QPointer<Account> _account;
};
} // ns Mirall
diff --git a/src/creds/shibbolethcredentials.cpp b/src/creds/shibbolethcredentials.cpp
index babf19b..9e5e847 100644
--- a/src/creds/shibbolethcredentials.cpp
+++ b/src/creds/shibbolethcredentials.cpp
@@ -12,8 +12,8 @@
* for more details.
*/
-#include <QDebug>
#include <QMutex>
+#include <QSettings>
#include "creds/shibbolethcredentials.h"
#include "creds/shibboleth/shibbolethaccessmanager.h"
@@ -21,7 +21,13 @@
#include "creds/shibboleth/shibbolethrefresher.h"
#include "creds/shibboleth/shibbolethconfigfile.h"
#include "creds/credentialscommon.h"
+
#include "mirall/account.h"
+#include "mirall/theme.h"
+
+#include <qtkeychain/keychain.h>
+
+using namespace QKeychain;
namespace Mirall
{
@@ -179,16 +185,16 @@ void ShibbolethCredentials::fetch(Account *account)
if (_ready) {
Q_EMIT fetched();
} else {
- ShibbolethConfigFile cfg;
if (account) {
_url = account->url();
}
- _browser = new ShibbolethWebView(account, cfg.createCookieJar());
- connect(_browser, SIGNAL(shibbolethCookieReceived(QNetworkCookie)),
- this, SLOT(onShibbolethCookieReceived(QNetworkCookie)));
- connect(_browser, SIGNAL(viewHidden()),
- this, SLOT(slotBrowserHidden()));
- _browser->show ();
+ ReadPasswordJob *job = new ReadPasswordJob(Theme::instance()->appName());
+ job->setSettings(account->settingsWithGroup(Theme::instance()->appName()));
+ job->setInsecureFallback(false);
+ job->setKey(keychainKey(account->url().toString(), "shibAssertion"));
+ job->setProperty("account", QVariant::fromValue(account));
+ connect(job, SIGNAL(finished(QKeychain::Job*)), SLOT(slotReadJobDone(QKeychain::Job*)));
+ job->start();
}
}
@@ -198,17 +204,20 @@ bool ShibbolethCredentials::stillValid(QNetworkReply *reply)
return true;
}
-void ShibbolethCredentials::persist(Account* /*account*/)
+void ShibbolethCredentials::persist(Account* account)
{
ShibbolethConfigFile cfg;
cfg.storeCookies(_otherCookies);
+
+ storeShibCookie(_shibCookie, account);
}
void ShibbolethCredentials::invalidateToken(Account *account)
{
Q_UNUSED(account)
- _shibCookie.setValue("");
+ _shibCookie = QNetworkCookie();
+ storeShibCookie(_shibCookie, account);
// ### access to ctx missing, but might not be required at all
//csync_set_module_property(ctx, "session_key", "");
}
@@ -217,18 +226,19 @@ void ShibbolethCredentials::disposeBrowser()
{
disconnect(_browser, SIGNAL(viewHidden()),
this, SLOT(slotBrowserHidden()));
- disconnect(_browser, SIGNAL(shibbolethCookieReceived(QNetworkCookie)),
- this, SLOT(onShibbolethCookieReceived(QNetworkCookie)));
+ disconnect(_browser, SIGNAL(shibbolethCookieReceived(QNetworkCookie, Account*)),
+ this, SLOT(onShibbolethCookieReceived(QNetworkCookie, Account*)));
_browser->hide();
_browser->deleteLater();
_browser = 0;
}
-void ShibbolethCredentials::onShibbolethCookieReceived(const QNetworkCookie& cookie)
+void ShibbolethCredentials::onShibbolethCookieReceived(const QNetworkCookie& cookie, Account* account)
{
disposeBrowser();
_ready = true;
_shibCookie = cookie;
+ storeShibCookie(_shibCookie, account);
Q_EMIT newCookie(_shibCookie);
Q_EMIT fetched();
}
@@ -260,4 +270,42 @@ void ShibbolethCredentials::onFetched()
Q_EMIT invalidatedAndFetched(prepareCookieData());
}
+void ShibbolethCredentials::slotReadJobDone(QKeychain::Job *job)
+{
+ Account *account = qvariant_cast<Account*>(job->property("account"));
+ if (job->error() == QKeychain::NoError) {
+ ReadPasswordJob *readJob = static_cast<ReadPasswordJob*>(job);
+ delete readJob->settings();
+ QList<QNetworkCookie> cookies = QNetworkCookie::parseCookies(readJob->textData().toUtf8());
+ if (cookies.count() > 0) {
+ _shibCookie = cookies.first();
+ }
+ job->setSettings(account->settingsWithGroup(Theme::instance()->appName()));
+
+ _ready = true;
+ Q_EMIT newCookie(_shibCookie);
+ Q_EMIT fetched();
+ } else {
+ ShibbolethConfigFile cfg;
+ _browser = new ShibbolethWebView(account, cfg.createCookieJar());
+ connect(_browser, SIGNAL(shibbolethCookieReceived(QNetworkCookie, Account*)),
+ this, SLOT(onShibbolethCookieReceived(QNetworkCookie, Account*)));
+ connect(_browser, SIGNAL(viewHidden()),
+ this, SLOT(slotBrowserHidden()));
+
+ _browser->show();
+ }
+}
+
+void ShibbolethCredentials::storeShibCookie(const QNetworkCookie &cookie, Account *account)
+{
+ WritePasswordJob *job = new WritePasswordJob(Theme::instance()->appName());
+ job->setSettings(account->settingsWithGroup(Theme::instance()->appName()));
+ // we don't really care if it works...
+ //connect(job, SIGNAL(finished(QKeychain::Job*)), SLOT(slotWriteJobDone(QKeychain::Job*)));
+ job->setKey(keychainKey(account->url().toString(), "shibAssertion"));
+ job->setTextData(QString::fromUtf8(cookie.toRawForm()));
+ job->start();
+}
+
} // ns Mirall
diff --git a/src/creds/shibbolethcredentials.h b/src/creds/shibbolethcredentials.h
index b94fcb5..1a59547 100644
--- a/src/creds/shibbolethcredentials.h
+++ b/src/creds/shibbolethcredentials.h
@@ -21,6 +21,10 @@
#include "creds/abstractcredentials.h"
+namespace QKeychain {
+ class Job;
+}
+
namespace Mirall
{
@@ -52,15 +56,17 @@ public Q_SLOTS:
void invalidateAndFetch(Account *account);
private Q_SLOTS:
- void onShibbolethCookieReceived(const QNetworkCookie& cookie);
+ void onShibbolethCookieReceived(const QNetworkCookie& cookie, Account*);
void slotBrowserHidden();
void onFetched();
+ void slotReadJobDone(QKeychain::Job*);
Q_SIGNALS:
void newCookie(const QNetworkCookie& cookie);
void invalidatedAndFetched(const QByteArray& cookieData);
private:
+ void storeShibCookie(const QNetworkCookie &cookie, Account *account);
QUrl _url;
QByteArray prepareCookieData() const;
void disposeBrowser();
diff --git a/src/wizard/owncloudshibbolethcredspage.cpp b/src/wizard/owncloudshibbolethcredspage.cpp
index ffdcc34..5332015 100644
--- a/src/wizard/owncloudshibbolethcredspage.cpp
+++ b/src/wizard/owncloudshibbolethcredspage.cpp
@@ -84,8 +84,8 @@ void OwncloudShibbolethCredsPage::disposeBrowser()
this, SLOT(slotOtherCookiesReceived(QList<QNetworkCookie>, QUrl)));
disconnect(_browser, SIGNAL(viewHidden()),
this, SLOT(slotViewHidden()));
- disconnect(_browser, SIGNAL(shibbolethCookieReceived(QNetworkCookie)),
- this, SLOT(slotShibbolethCookieReceived(QNetworkCookie)));
+ disconnect(_browser, SIGNAL(shibbolethCookieReceived(QNetworkCookie, Account*)),
+ this, SLOT(slotShibbolethCookieReceived(QNetworkCookie, Account*)));
_browser->hide();
_browser->deleteLater();
_browser = 0;
@@ -107,7 +107,7 @@ AbstractCredentials* OwncloudShibbolethCredsPage::getCredentials() const
return new ShibbolethCredentials(_cookie, _cookiesForUrl);
}
-void OwncloudShibbolethCredsPage::slotShibbolethCookieReceived(const QNetworkCookie& cookie)
+void OwncloudShibbolethCredsPage::slotShibbolethCookieReceived(const QNetworkCookie& cookie, Account*)
{
disposeBrowser();
_cookie = cookie;
diff --git a/src/wizard/owncloudshibbolethcredspage.h b/src/wizard/owncloudshibbolethcredspage.h
index 37e51ea..c67bfd4 100644
--- a/src/wizard/owncloudshibbolethcredspage.h
+++ b/src/wizard/owncloudshibbolethcredspage.h
@@ -23,6 +23,7 @@
namespace Mirall {
+class Account;
class ShibbolethWebView;
class OwncloudShibbolethCredsPage : public AbstractCredentialsWizardPage
@@ -44,7 +45,7 @@ public Q_SLOTS:
void setVisible(bool visible);
private Q_SLOTS:
- void slotShibbolethCookieReceived(const QNetworkCookie& cookie);
+ void slotShibbolethCookieReceived(const QNetworkCookie& cookie, Account*);
void slotOtherCookiesReceived(const QList<QNetworkCookie>& cookieList, const QUrl& url);
void slotViewHidden();
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud-client.git
More information about the Pkg-owncloud-commits
mailing list