diff options
author | Olivier Goffart <ogoffart@woboq.com> | 2018-11-27 14:24:06 +0300 |
---|---|---|
committer | Olivier Goffart <ogoffart@woboq.com> | 2018-11-27 14:28:14 +0300 |
commit | 697b6b9e81031aad69e160523a2caa20d5cfeb09 (patch) | |
tree | 7aa3e1e8b0634ef59d71eec293b7d1a309d7d739 /src/gui/creds | |
parent | ba24ef3fe3185ebd676ec1239515651409159682 (diff) |
Remove Shibboleth support
Issue #6451
Diffstat (limited to 'src/gui/creds')
-rw-r--r-- | src/gui/creds/credentialsfactory.cpp | 50 | ||||
-rw-r--r-- | src/gui/creds/credentialsfactory.h | 38 | ||||
-rw-r--r-- | src/gui/creds/shibboleth/shibbolethuserjob.cpp | 41 | ||||
-rw-r--r-- | src/gui/creds/shibboleth/shibbolethuserjob.h | 42 | ||||
-rw-r--r-- | src/gui/creds/shibboleth/shibbolethwebview.cpp | 169 | ||||
-rw-r--r-- | src/gui/creds/shibboleth/shibbolethwebview.h | 67 | ||||
-rw-r--r-- | src/gui/creds/shibbolethcredentials.cpp | 396 | ||||
-rw-r--r-- | src/gui/creds/shibbolethcredentials.h | 104 |
8 files changed, 0 insertions, 907 deletions
diff --git a/src/gui/creds/credentialsfactory.cpp b/src/gui/creds/credentialsfactory.cpp deleted file mode 100644 index f9574f096..000000000 --- a/src/gui/creds/credentialsfactory.cpp +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Copyright (C) by Krzesimir Nowak <krzesimir@endocode.com> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include <QLoggingCategory> -#include <QString> - -#include "creds/credentialsfactory.h" -#include "creds/httpcredentialsgui.h" -#include "creds/dummycredentials.h" -#ifndef NO_SHIBBOLETH -#include "creds/shibbolethcredentials.h" -#endif - -namespace OCC { - -Q_LOGGING_CATEGORY(lcGuiCredentials, "gui.credentials", QtInfoMsg) - -namespace CredentialsFactory { - - AbstractCredentials *create(const QString &type) - { - // empty string might happen for old version of configuration - if (type == "http" || type == "") { - return new HttpCredentialsGui; - } else if (type == "dummy") { - return new DummyCredentials; -#ifndef NO_SHIBBOLETH - } else if (type == "shibboleth") { - return new ShibbolethCredentials; -#endif - } else { - qCWarning(lcGuiCredentials, "Unknown credentials type: %s", qPrintable(type)); - return new DummyCredentials; - } - } - -} // ns CredentialsFactory - -} // namespace OCC diff --git a/src/gui/creds/credentialsfactory.h b/src/gui/creds/credentialsfactory.h deleted file mode 100644 index d346a2f71..000000000 --- a/src/gui/creds/credentialsfactory.h +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Copyright (C) by Krzesimir Nowak <krzesimir@endocode.com> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#ifndef MIRALL_CREDS_CREDENTIALS_FACTORY_H -#define MIRALL_CREDS_CREDENTIALS_FACTORY_H - -#include "owncloudlib.h" - -class QString; - -namespace OCC { -class AbstractCredentials; - - -/** - * @brief The HttpCredentialsGui namespace - * @ingroup gui - */ -namespace CredentialsFactory { - - AbstractCredentials *create(const QString &type); - -} // ns CredentialsFactory - -} // namespace OCC - -#endif diff --git a/src/gui/creds/shibboleth/shibbolethuserjob.cpp b/src/gui/creds/shibboleth/shibbolethuserjob.cpp deleted file mode 100644 index 24c164b26..000000000 --- a/src/gui/creds/shibboleth/shibbolethuserjob.cpp +++ /dev/null @@ -1,41 +0,0 @@ -/* - * Copyright (C) by Olivier Goffart <ogoffart@owncloud.com> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include "shibbolethuserjob.h" -#include <account.h> - -#include <QJsonDocument> -#include <QJsonObject> -#include <QLoggingCategory> - -namespace OCC { - -Q_DECLARE_LOGGING_CATEGORY(lcShibboleth) - -ShibbolethUserJob::ShibbolethUserJob(AccountPtr account, QObject *parent) - : JsonApiJob(account, QLatin1String("ocs/v1.php/cloud/user"), parent) -{ - setIgnoreCredentialFailure(true); - connect(this, &JsonApiJob::jsonReceived, this, &ShibbolethUserJob::slotJsonReceived); -} - -void ShibbolethUserJob::slotJsonReceived(const QJsonDocument &json, int statusCode) -{ - if (statusCode != 100) { - qCWarning(lcShibboleth) << "JSON Api call resulted in status code != 100"; - } - QString user = json.object().value("ocs").toObject().value("data").toObject().value("id").toString(); - emit userFetched(user); -} -} diff --git a/src/gui/creds/shibboleth/shibbolethuserjob.h b/src/gui/creds/shibboleth/shibbolethuserjob.h deleted file mode 100644 index 22706b1c1..000000000 --- a/src/gui/creds/shibboleth/shibbolethuserjob.h +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Copyright (C) by Olivier Goffart <ogoffart@owncloud.com> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#pragma once - -#include <networkjobs.h> - -class QJsonDocument; - -namespace OCC { - -/** - * @brief Fetch the user name of the shibboleth connection - * @ingroup gui - */ -class ShibbolethUserJob : public JsonApiJob -{ - Q_OBJECT -public: - explicit ShibbolethUserJob(AccountPtr account, QObject *parent = 0); - -signals: - // is always emitted when the job is finished. user is empty in case of error. - void userFetched(const QString &user); - -private slots: - void slotJsonReceived(const QJsonDocument &, int statusCode); -}; - - -} // namespace OCC diff --git a/src/gui/creds/shibboleth/shibbolethwebview.cpp b/src/gui/creds/shibboleth/shibbolethwebview.cpp deleted file mode 100644 index 53fad96fa..000000000 --- a/src/gui/creds/shibboleth/shibbolethwebview.cpp +++ /dev/null @@ -1,169 +0,0 @@ -/* - * Copyright (C) by Krzesimir Nowak <krzesimir@endocode.com> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include <QApplication> -#include <QNetworkCookie> -#include <QNetworkCookieJar> -#include <QWebFrame> -#include <QWebPage> -#include <QMessageBox> -#include <QNetworkReply> -#include <QSettings> -#include <QMainWindow> - -#include "creds/shibboleth/shibbolethwebview.h" -#include "creds/shibbolethcredentials.h" -#include "account.h" -#include "logger.h" -#include "accessmanager.h" -#include "theme.h" -#include "configfile.h" -#include "cookiejar.h" - -namespace { -const char ShibbolethWebViewGeometryC[] = "ShibbolethWebView/Geometry"; -} - -namespace OCC { - -class UserAgentWebPage : public QWebPage -{ -public: - UserAgentWebPage(QObject *parent) - : QWebPage(parent) - { - if (!qEnvironmentVariableIsEmpty("OWNCLOUD_SHIBBOLETH_DEBUG")) { - settings()->setAttribute(QWebSettings::DeveloperExtrasEnabled, true); - } - } - QString userAgentForUrl(const QUrl &url) const - { - return QWebPage::userAgentForUrl(url) + " " + Utility::userAgentString(); - } -}; - -ShibbolethWebView::ShibbolethWebView(AccountPtr account, QWidget *parent) - : QWebView(parent) - , _account(account) - , _accepted(false) - , _cursorOverriden(false) -{ - // no minimize - setWindowFlags(Qt::Dialog); - setAttribute(Qt::WA_DeleteOnClose); - - QWebPage *page = new UserAgentWebPage(this); - connect(page, &QWebPage::loadStarted, - this, &ShibbolethWebView::slotLoadStarted); - connect(page, &QWebPage::loadFinished, - this, &ShibbolethWebView::slotLoadFinished); - - // Make sure to accept the same SSL certificate issues as the regular QNAM we use for syncing - QObject::connect(page->networkAccessManager(), &QNetworkAccessManager::sslErrors, - _account.data(), &Account::slotHandleSslErrors); - - // The Account keeps ownership of the cookie jar, it must outlive this webview. - account->lendCookieJarTo(page->networkAccessManager()); - connect(static_cast<CookieJar *>(page->networkAccessManager()->cookieJar()), &CookieJar::newCookiesForUrl, - this, &ShibbolethWebView::onNewCookiesForUrl); - - page->mainFrame()->load(account->url()); - this->setPage(page); - setWindowTitle(tr("%1 - Authenticate").arg(Theme::instance()->appNameGUI())); - - // Debug view to display the cipher suite - if (!qEnvironmentVariableIsEmpty("OWNCLOUD_SHIBBOLETH_DEBUG")) { - // open an additional window to display some cipher debug info - QWebPage *debugPage = new UserAgentWebPage(this); - debugPage->mainFrame()->load(QUrl("https://cc.dcsec.uni-hannover.de/")); - QWebView *debugView = new QWebView(this); - debugView->setPage(debugPage); - QMainWindow *window = new QMainWindow(this); - window->setWindowTitle(tr("SSL Chipher Debug View")); - window->setCentralWidget(debugView); - window->show(); - } - // If we have a valid cookie, it's most likely expired. We can use this as - // as a criteria to tell the user why the browser window pops up - QNetworkCookie shibCookie = ShibbolethCredentials::findShibCookie(_account.data(), ShibbolethCredentials::accountCookies(_account.data())); - if (shibCookie != QNetworkCookie()) { - Logger::instance()->postOptionalGuiLog(tr("Reauthentication required"), tr("Your session has expired. You need to re-login to continue to use the client.")); - } - - ConfigFile config; - QSettings settings(config.configFile()); - resize(900, 700); // only effective the first time, later overridden by restoreGeometry - restoreGeometry(settings.value(ShibbolethWebViewGeometryC).toByteArray()); -} - -ShibbolethWebView::~ShibbolethWebView() -{ - ConfigFile config; - QSettings settings(config.configFile()); - settings.setValue(ShibbolethWebViewGeometryC, saveGeometry()); -} - -void ShibbolethWebView::onNewCookiesForUrl(const QList<QNetworkCookie> &cookieList, const QUrl &url) -{ - if (url.host() == _account->url().host()) { - QNetworkCookie shibCookie = ShibbolethCredentials::findShibCookie(_account.data(), cookieList); - if (shibCookie != QNetworkCookie()) { - Q_EMIT shibbolethCookieReceived(shibCookie); - accept(); - close(); - } - } -} - -void ShibbolethWebView::closeEvent(QCloseEvent *event) -{ - if (_cursorOverriden) { - QApplication::restoreOverrideCursor(); - } - - if (!_accepted) { - Q_EMIT rejected(); - } - QWebView::closeEvent(event); -} - -void ShibbolethWebView::slotLoadStarted() -{ - if (!_cursorOverriden) { - QApplication::setOverrideCursor(QCursor(Qt::WaitCursor)); - _cursorOverriden = true; - } -} - -void ShibbolethWebView::slotLoadFinished(bool success) -{ - if (_cursorOverriden) { - QApplication::restoreOverrideCursor(); - } - - if (!title().isNull()) { - setWindowTitle(QString::fromLatin1("%1 - %2 (%3)").arg(Theme::instance()->appNameGUI(), title(), url().host())); - } - - if (!success) { - qCWarning(lcShibboleth) << "Could not load Shibboleth login page to log you in."; - } -} - -void ShibbolethWebView::accept() -{ - _accepted = true; -} - -} // namespace OCC diff --git a/src/gui/creds/shibboleth/shibbolethwebview.h b/src/gui/creds/shibboleth/shibbolethwebview.h deleted file mode 100644 index b2b45c1ab..000000000 --- a/src/gui/creds/shibboleth/shibbolethwebview.h +++ /dev/null @@ -1,67 +0,0 @@ -/* - * Copyright (C) by Krzesimir Nowak <krzesimir@endocode.com> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#ifndef MIRALL_WIZARD_SHIBBOLETH_WEB_VIEW_H -#define MIRALL_WIZARD_SHIBBOLETH_WEB_VIEW_H - -#include "owncloudlib.h" -#include <QList> -#include <QPointer> -#include <QWebView> -#include "accountfwd.h" - -class QNetworkCookie; -class QUrl; - -namespace OCC { - -class ShibbolethCookieJar; - -/** - * @brief The ShibbolethWebView class - * @ingroup gui - */ -class ShibbolethWebView : public QWebView -{ - Q_OBJECT - -public: - ShibbolethWebView(AccountPtr account, QWidget *parent = 0); - ShibbolethWebView(AccountPtr account, ShibbolethCookieJar *jar, QWidget *parent = 0); - ~ShibbolethWebView(); - - void closeEvent(QCloseEvent *event) Q_DECL_OVERRIDE; - -Q_SIGNALS: - void shibbolethCookieReceived(const QNetworkCookie &cookie); - void rejected(); - -private Q_SLOTS: - void onNewCookiesForUrl(const QList<QNetworkCookie> &cookieList, const QUrl &url); - void slotLoadStarted(); - void slotLoadFinished(bool success); - -protected: - void accept(); - -private: - void setup(AccountPtr account, ShibbolethCookieJar *jar); - AccountPtr _account; - bool _accepted; - bool _cursorOverriden; -}; - -} // namespace OCC - -#endif diff --git a/src/gui/creds/shibbolethcredentials.cpp b/src/gui/creds/shibbolethcredentials.cpp deleted file mode 100644 index ae15699bb..000000000 --- a/src/gui/creds/shibbolethcredentials.cpp +++ /dev/null @@ -1,396 +0,0 @@ -/* - * Copyright (C) by Krzesimir Nowak <krzesimir@endocode.com> - * Copyright (C) by Klaas Freitag <freitag@owncloud.com> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include <QSettings> -#include <QNetworkReply> -#include <QMessageBox> -#include <QAuthenticator> - -#include "creds/shibbolethcredentials.h" -#include "creds/shibboleth/shibbolethwebview.h" -#include "creds/shibbolethcredentials.h" -#include "shibboleth/shibbolethuserjob.h" -#include "creds/credentialscommon.h" -#include "creds/httpcredentialsgui.h" - -#include "accessmanager.h" -#include "account.h" -#include "configfile.h" -#include "theme.h" -#include "cookiejar.h" -#include "owncloudgui.h" -#include "syncengine.h" - -#include <keychain.h> - -using namespace QKeychain; - -namespace OCC { - -Q_LOGGING_CATEGORY(lcShibboleth, "gui.credentials.shibboleth", QtInfoMsg) - -namespace { - - // Not "user" because it has a special meaning for http - const char userC[] = "shib_user"; - const char shibCookieNameC[] = "_shibsession_"; - -} // ns - -ShibbolethCredentials::ShibbolethCredentials() - : AbstractCredentials() - , _url() - , _ready(false) - , _stillValid(false) - , _browser(0) - , _keychainMigration(false) -{ -} - -ShibbolethCredentials::ShibbolethCredentials(const QNetworkCookie &cookie) - : _ready(true) - , _stillValid(true) - , _browser(0) - , _shibCookie(cookie) - , _keychainMigration(false) -{ -} - -void ShibbolethCredentials::setAccount(Account *account) -{ - AbstractCredentials::setAccount(account); - - // This is for existing saved accounts. - if (_user.isEmpty()) { - _user = _account->credentialSetting(QLatin1String(userC)).toString(); - } - - // When constructed with a cookie (by the wizard), we usually don't know the - // user name yet. Request it now from the server. - if (_ready && _user.isEmpty()) { - QTimer::singleShot(1234, this, &ShibbolethCredentials::slotFetchUser); - } -} - -QString ShibbolethCredentials::authType() const -{ - return QString::fromLatin1("shibboleth"); -} - -QString ShibbolethCredentials::user() const -{ - return _user; -} - -QNetworkAccessManager *ShibbolethCredentials::createQNAM() const -{ - QNetworkAccessManager *qnam(new AccessManager); - connect(qnam, &QNetworkAccessManager::finished, - this, &ShibbolethCredentials::slotReplyFinished); - return qnam; -} - -void ShibbolethCredentials::slotReplyFinished(QNetworkReply *r) -{ - if (!_browser.isNull()) { - return; - } - - QVariant target = r->attribute(QNetworkRequest::RedirectionTargetAttribute); - if (target.isValid()) { - _stillValid = false; - // The Login window will be opened in NetworkJob's finished signal - qCWarning(lcShibboleth) << "detected redirect, will open Login Window"; - } else { - //_stillValid = true; // gets set when reading from keychain or getting it from browser - } -} - -bool ShibbolethCredentials::ready() const -{ - return _ready; -} - -void ShibbolethCredentials::fetchFromKeychain() -{ - _wasFetched = true; - - if (_user.isEmpty()) { - _user = _account->credentialSetting(QLatin1String(userC)).toString(); - } - if (_ready) { - Q_EMIT fetched(); - } else { - _url = _account->url(); - _keychainMigration = false; - fetchFromKeychainHelper(); - } -} - -void ShibbolethCredentials::fetchFromKeychainHelper() -{ - ReadPasswordJob *job = new ReadPasswordJob(Theme::instance()->appName()); - job->setSettings(ConfigFile::settingsWithGroup(Theme::instance()->appName(), job).release()); - job->setInsecureFallback(false); - job->setKey(keychainKey(_url.toString(), user(), - _keychainMigration ? QString() : _account->id())); - connect(job, &Job::finished, this, &ShibbolethCredentials::slotReadJobDone); - job->start(); -} - -void ShibbolethCredentials::askFromUser() -{ - // First, we do a DetermineAuthTypeJob to make sure that the server is still using shibboleth and did not upgrade to oauth - DetermineAuthTypeJob *job = new DetermineAuthTypeJob(_account->sharedFromThis(), this); - connect(job, &DetermineAuthTypeJob::authType, [this, job](DetermineAuthTypeJob::AuthType type) { - if (type == DetermineAuthTypeJob::Shibboleth) { - // Normal case, still shibboleth - showLoginWindow(); - } else if (type == DetermineAuthTypeJob::OAuth) { - // Hack: upgrade to oauth - auto newCred = new HttpCredentialsGui; - job->setParent(0); - job->deleteLater(); - auto account = this->_account; - auto user = this->_user; - account->setCredentials(newCred); // delete this - account->setCredentialSetting(QLatin1String("user"), user); - newCred->fetchUser(); - newCred->askFromUser(); - } else { - // Basic auth or unkown. Since it may be unkown it might be a temporary failure, don't replace the credentials here - // Still show the login window in that case not to break the flow. - showLoginWindow(); - } - - }); - job->start(); -} - -bool ShibbolethCredentials::stillValid(QNetworkReply *reply) -{ - Q_UNUSED(reply) - return _stillValid; -} - -void ShibbolethCredentials::persist() -{ - storeShibCookie(_shibCookie); - if (!_user.isEmpty()) { - _account->setCredentialSetting(QLatin1String(userC), _user); - } -} - -void ShibbolethCredentials::invalidateToken() -{ - _ready = false; - - CookieJar *jar = static_cast<CookieJar *>(_account->networkAccessManager()->cookieJar()); - - // Remove the _shibCookie - auto cookies = jar->allCookies(); - for (auto it = cookies.begin(); it != cookies.end();) { - if (it->name() == _shibCookie.name()) { - it = cookies.erase(it); - } else { - ++it; - } - } - jar->setAllCookies(cookies); - - // Clear all other temporary cookies - jar->clearSessionCookies(); - removeShibCookie(); - _shibCookie = QNetworkCookie(); -} - -void ShibbolethCredentials::forgetSensitiveData() -{ - invalidateToken(); -} - -void ShibbolethCredentials::onShibbolethCookieReceived(const QNetworkCookie &shibCookie) -{ - storeShibCookie(shibCookie); - _shibCookie = shibCookie; - addToCookieJar(shibCookie); - - slotFetchUser(); -} - -void ShibbolethCredentials::slotFetchUser() -{ - // We must first do a request to webdav so the session is enabled. - // (because for some reason we can't access the API without that.. a bug in the server maybe?) - EntityExistsJob *job = new EntityExistsJob(_account->sharedFromThis(), _account->davPath(), this); - connect(job, &EntityExistsJob::exists, this, &ShibbolethCredentials::slotFetchUserHelper); - job->setIgnoreCredentialFailure(true); - job->start(); -} - -void ShibbolethCredentials::slotFetchUserHelper() -{ - ShibbolethUserJob *job = new ShibbolethUserJob(_account->sharedFromThis(), this); - connect(job, &ShibbolethUserJob::userFetched, this, &ShibbolethCredentials::slotUserFetched); - job->start(); -} - -void ShibbolethCredentials::slotUserFetched(const QString &user) -{ - if (_user.isEmpty()) { - if (user.isEmpty()) { - qCWarning(lcShibboleth) << "Failed to fetch the shibboleth user"; - } - _user = user; - } else if (user != _user) { - qCWarning(lcShibboleth) << "Wrong user: " << user << "!=" << _user; - QMessageBox::warning(_browser, tr("Login Error"), tr("You must sign in as user %1").arg(_user)); - invalidateToken(); - showLoginWindow(); - return; - } - - _stillValid = true; - _ready = true; - Q_EMIT asked(); -} - - -void ShibbolethCredentials::slotBrowserRejected() -{ - _ready = false; - Q_EMIT asked(); -} - -void ShibbolethCredentials::slotReadJobDone(QKeychain::Job *job) -{ - // If we can't find the credentials at the keys that include the account id, - // try to read them from the legacy locations that don't have a account id. - if (!_keychainMigration && job->error() == QKeychain::EntryNotFound) { - qCWarning(lcShibboleth) - << "Could not find keychain entry, attempting to read from legacy location"; - _keychainMigration = true; - fetchFromKeychainHelper(); - return; - } - - if (job->error() == QKeychain::NoError) { - ReadPasswordJob *readJob = static_cast<ReadPasswordJob *>(job); - delete readJob->settings(); - QList<QNetworkCookie> cookies = QNetworkCookie::parseCookies(readJob->textData().toUtf8()); - if (cookies.count() > 0) { - _shibCookie = cookies.first(); - addToCookieJar(_shibCookie); - } - // access - job->setSettings(ConfigFile::settingsWithGroup(Theme::instance()->appName(), job).release()); - - _ready = true; - _stillValid = true; - Q_EMIT fetched(); - } else { - _ready = false; - Q_EMIT fetched(); - } - - - // If keychain data was read from legacy location, wipe these entries and store new ones - if (_keychainMigration && _ready) { - persist(); - - DeletePasswordJob *job = new DeletePasswordJob(Theme::instance()->appName()); - job->setSettings(ConfigFile::settingsWithGroup(Theme::instance()->appName(), job).release()); - job->setKey(keychainKey(_account->url().toString(), user(), QString())); - job->start(); - - qCWarning(lcShibboleth) << "Migrated old keychain entries"; - } -} - -void ShibbolethCredentials::showLoginWindow() -{ - if (!_browser.isNull()) { - ownCloudGui::raiseDialog(_browser); - return; - } - - CookieJar *jar = static_cast<CookieJar *>(_account->networkAccessManager()->cookieJar()); - // When opening a new window clear all the session cookie that might keep the user from logging in - // (or the session may already be open in the server, and there will not be redirect asking for the - // real long term cookie we want to store) - jar->clearSessionCookies(); - - _browser = new ShibbolethWebView(_account->sharedFromThis()); - connect(_browser.data(), &ShibbolethWebView::shibbolethCookieReceived, - this, &ShibbolethCredentials::onShibbolethCookieReceived, Qt::QueuedConnection); - connect(_browser.data(), &ShibbolethWebView::rejected, this, &ShibbolethCredentials::slotBrowserRejected); - - ownCloudGui::raiseDialog(_browser); -} - -QList<QNetworkCookie> ShibbolethCredentials::accountCookies(Account *account) -{ - return account->networkAccessManager()->cookieJar()->cookiesForUrl(account->davUrl()); -} - -QNetworkCookie ShibbolethCredentials::findShibCookie(Account *account, QList<QNetworkCookie> cookies) -{ - if (cookies.isEmpty()) { - cookies = accountCookies(account); - } - - Q_FOREACH (QNetworkCookie cookie, cookies) { - if (cookie.name().startsWith(shibCookieNameC)) { - return cookie; - } - } - return QNetworkCookie(); -} - -QByteArray ShibbolethCredentials::shibCookieName() -{ - return QByteArray(shibCookieNameC); -} - -void ShibbolethCredentials::storeShibCookie(const QNetworkCookie &cookie) -{ - WritePasswordJob *job = new WritePasswordJob(Theme::instance()->appName()); - job->setSettings(ConfigFile::settingsWithGroup(Theme::instance()->appName(), job).release()); - // we don't really care if it works... - //connect(job, SIGNAL(finished(QKeychain::Job*)), SLOT(slotWriteJobDone(QKeychain::Job*))); - job->setKey(keychainKey(_account->url().toString(), user(), _account->id())); - job->setTextData(QString::fromUtf8(cookie.toRawForm())); - job->start(); -} - -void ShibbolethCredentials::removeShibCookie() -{ - DeletePasswordJob *job = new DeletePasswordJob(Theme::instance()->appName()); - job->setSettings(ConfigFile::settingsWithGroup(Theme::instance()->appName(), job).release()); - job->setKey(keychainKey(_account->url().toString(), user(), _account->id())); - job->start(); -} - -void ShibbolethCredentials::addToCookieJar(const QNetworkCookie &cookie) -{ - QList<QNetworkCookie> cookies; - cookies << cookie; - QNetworkCookieJar *jar = _account->networkAccessManager()->cookieJar(); - jar->blockSignals(true); // otherwise we'd call ourselves - jar->setCookiesFromUrl(cookies, _account->url()); - jar->blockSignals(false); -} - -} // namespace OCC diff --git a/src/gui/creds/shibbolethcredentials.h b/src/gui/creds/shibbolethcredentials.h deleted file mode 100644 index 3ff519a29..000000000 --- a/src/gui/creds/shibbolethcredentials.h +++ /dev/null @@ -1,104 +0,0 @@ -/* - * Copyright (C) by Krzesimir Nowak <krzesimir@endocode.com> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#ifndef MIRALL_CREDS_SHIBBOLETH_CREDENTIALS_H -#define MIRALL_CREDS_SHIBBOLETH_CREDENTIALS_H - -#include <QList> -#include <QLoggingCategory> -#include <QMap> -#include <QNetworkCookie> -#include <QUrl> -#include <QPointer> - -#include "creds/abstractcredentials.h" - -namespace QKeychain { -class Job; -} - -class QAuthenticator; - -namespace OCC { - -Q_DECLARE_LOGGING_CATEGORY(lcShibboleth) - -class ShibbolethWebView; - -/** - * @brief The ShibbolethCredentials class - * @ingroup gui - */ -class ShibbolethCredentials : public AbstractCredentials -{ - Q_OBJECT - -public: - ShibbolethCredentials(); - - /* create credentials for an already connected account */ - ShibbolethCredentials(const QNetworkCookie &cookie); - - void setAccount(Account *account) Q_DECL_OVERRIDE; - QString authType() const Q_DECL_OVERRIDE; - QString user() const Q_DECL_OVERRIDE; - QNetworkAccessManager *createQNAM() const Q_DECL_OVERRIDE; - bool ready() const Q_DECL_OVERRIDE; - void fetchFromKeychain() Q_DECL_OVERRIDE; - void askFromUser() Q_DECL_OVERRIDE; - bool stillValid(QNetworkReply *reply) Q_DECL_OVERRIDE; - void persist() Q_DECL_OVERRIDE; - void invalidateToken() Q_DECL_OVERRIDE; - void forgetSensitiveData() Q_DECL_OVERRIDE; - - void showLoginWindow(); - - static QList<QNetworkCookie> accountCookies(Account *); - static QNetworkCookie findShibCookie(Account *, QList<QNetworkCookie> cookies = QList<QNetworkCookie>()); - static QByteArray shibCookieName(); - -private Q_SLOTS: - void onShibbolethCookieReceived(const QNetworkCookie &); - void slotBrowserRejected(); - void slotReadJobDone(QKeychain::Job *); - void slotReplyFinished(QNetworkReply *); - void slotUserFetched(const QString &user); - void slotFetchUser(); - void slotFetchUserHelper(); - -Q_SIGNALS: - void newCookie(const QNetworkCookie &cookie); - -private: - void storeShibCookie(const QNetworkCookie &cookie); - void removeShibCookie(); - void addToCookieJar(const QNetworkCookie &cookie); - - /// Reads data from keychain, progressing to slotReadJobDone - void fetchFromKeychainHelper(); - - QUrl _url; - QByteArray prepareCookieData() const; - - bool _ready; - bool _stillValid; - QPointer<ShibbolethWebView> _browser; - QNetworkCookie _shibCookie; - QString _user; - bool _keychainMigration; -}; - -} // namespace OCC - -#endif |