[Pkg-owncloud-commits] [owncloud-client] 07/33: Do not store the password in the config file. Erase it if it is there.
Sandro Knauß
hefee-guest at moszumanska.debian.org
Thu Feb 27 19:44:24 UTC 2014
This is an automated email from the git hooks/post-receive script.
hefee-guest pushed a commit to branch upstream
in repository owncloud-client.
commit e991bcd1128567f2c11645087855fb03c998381d
Author: Klaas Freitag <freitag at owncloud.com>
Date: Thu Feb 20 14:33:36 2014 +0100
Do not store the password in the config file. Erase it if it is there.
This fixes bug #1458
---
src/creds/httpcredentials.cpp | 34 ++++++++++++++++++++--------------
1 file changed, 20 insertions(+), 14 deletions(-)
diff --git a/src/creds/httpcredentials.cpp b/src/creds/httpcredentials.cpp
index a5b26f4..c2f5eeb 100644
--- a/src/creds/httpcredentials.cpp
+++ b/src/creds/httpcredentials.cpp
@@ -179,15 +179,30 @@ QString HttpCredentials::fetchUser(Account* account)
void HttpCredentials::fetch(Account *account)
{
+ if( !account ) {
+ return;
+ }
+
fetchUser(account);
+
+ QSettings *settings = account->settingsWithGroup(Theme::instance()->appName());
+ QString kck = keychainKey(account->url().toString(), _user );
+
+ QString key = QString::fromLatin1( "%1/data" ).arg( kck );
+ if( settings && settings->contains(key) ) {
+ // Clean the password from the config file if it is in there.
+ // we do not want a security problem.
+ settings->remove(key);
+ key = QString::fromLatin1( "%1/type" ).arg( kck );
+ settings->remove(kck);
+ settings->sync();
+ }
+
if (_ready) {
Q_EMIT fetched();
} else {
ReadPasswordJob *job = new ReadPasswordJob(Theme::instance()->appName());
- if( ! account->property("fetch_from_old_place").isValid() ) {
- job->setSettings(account->settingsWithGroup(Theme::instance()->appName()));
- }
- job->setInsecureFallback(true);
+ job->setInsecureFallback(false);
job->setKey(keychainKey(account->url().toString(), _user));
connect(job, SIGNAL(finished(QKeychain::Job*)), SLOT(slotReadJobDone(QKeychain::Job*)));
job->setProperty("account", QVariant::fromValue(account));
@@ -212,19 +227,11 @@ void HttpCredentials::slotReadJobDone(QKeychain::Job *job)
switch (error) {
case NoError:
_ready = true;
- account->setProperty("fetch_from_old_place", QVariant());
Q_EMIT fetched();
break;
default:
if (!_user.isEmpty()) {
bool ok;
- // In case we haven't tried at the old place yet, do!
- if( !account->property("fetch_from_old_place").isValid() ) {
- account->setProperty("fetch_from_old_place", QVariant(true) );
-
- fetch(account);
- return;
- }
QString pwd = queryPassword(&ok);
if (ok) {
_password = pwd;
@@ -268,8 +275,7 @@ void HttpCredentials::persist(Account *account)
{
account->setCredentialSetting(QLatin1String(userC), _user);
WritePasswordJob *job = new WritePasswordJob(Theme::instance()->appName());
- job->setSettings(account->settingsWithGroup(Theme::instance()->appName()));
- job->setInsecureFallback(true);
+ job->setInsecureFallback(false);
connect(job, SIGNAL(finished(QKeychain::Job*)), SLOT(slotWriteJobDone(QKeychain::Job*)));
job->setKey(keychainKey(account->url().toString(), _user));
job->setTextData(_password);
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud-client.git
More information about the Pkg-owncloud-commits
mailing list