diff options
author | Hannah von Reth <hannah.vonreth@owncloud.com> | 2022-05-11 17:51:55 +0300 |
---|---|---|
committer | Hannah von Reth <vonreth@kde.org> | 2022-05-13 14:08:30 +0300 |
commit | bba3425cefb71bd43d8a8dfe2099c1d09bd01054 (patch) | |
tree | d150bc5c914baf734b8200cc15d528bd1ca055ff /src/libsync | |
parent | fd0c73ec06d8a90f04dc17ea5e9e551e577c47b0 (diff) |
Use new TLSErrorDialog
Diffstat (limited to 'src/libsync')
-rw-r--r-- | src/libsync/abstractnetworkjob.cpp | 3 | ||||
-rw-r--r-- | src/libsync/accessmanager.cpp | 4 | ||||
-rw-r--r-- | src/libsync/account.cpp | 10 | ||||
-rw-r--r-- | src/libsync/account.h | 14 | ||||
-rw-r--r-- | src/libsync/creds/httpcredentials.cpp | 20 | ||||
-rw-r--r-- | src/libsync/creds/httpcredentials.h | 3 | ||||
-rw-r--r-- | src/libsync/networkjobs.cpp | 1 | ||||
-rw-r--r-- | src/libsync/networkjobs.h | 2 |
8 files changed, 21 insertions, 36 deletions
diff --git a/src/libsync/abstractnetworkjob.cpp b/src/libsync/abstractnetworkjob.cpp index 80043b846..e94b834b1 100644 --- a/src/libsync/abstractnetworkjob.cpp +++ b/src/libsync/abstractnetworkjob.cpp @@ -180,9 +180,6 @@ void AbstractNetworkJob::adoptRequest(QPointer<QNetworkReply> reply) void AbstractNetworkJob::slotFinished() { _finished = true; - if (_reply->error() == QNetworkReply::SslHandshakeFailedError) { - qCWarning(lcNetworkJob) << "SslHandshakeFailedError:" << errorString() << ": can be caused by a webserver wanting SSL client certificates"; - } if (_reply->error() != QNetworkReply::NoError) { if (_account->jobQueue()->retry(this)) { qCDebug(lcNetworkJob) << "Queuing: " << _reply->url() << " for retry"; diff --git a/src/libsync/accessmanager.cpp b/src/libsync/accessmanager.cpp index d731ddb69..a8f74920b 100644 --- a/src/libsync/accessmanager.cpp +++ b/src/libsync/accessmanager.cpp @@ -78,14 +78,14 @@ QNetworkReply *AccessManager::createRequest(QNetworkAccessManager::Operation op, newRequest.setAttribute(QNetworkRequest::Http2AllowedAttribute, http2EnabledEnv); } - // for some reason, passing an empty list causes the default chain to be removed - // this behavior does not match the documentation auto sslConfiguration = newRequest.sslConfiguration(); sslConfiguration.setSslOption(QSsl::SslOptionDisableSessionTickets, false); sslConfiguration.setSslOption(QSsl::SslOptionDisableSessionSharing, false); sslConfiguration.setSslOption(QSsl::SslOptionDisableSessionPersistence, false); if (!_customTrustedCaCertificates.isEmpty()) { + // for some reason, passing an empty list causes the default chain to be removed + // this behavior does not match the documentation sslConfiguration.addCaCertificates({ _customTrustedCaCertificates.begin(), _customTrustedCaCertificates.end() }); } newRequest.setSslConfiguration(sslConfiguration); diff --git a/src/libsync/account.cpp b/src/libsync/account.cpp index 3dc44d18a..271936157 100644 --- a/src/libsync/account.cpp +++ b/src/libsync/account.cpp @@ -268,15 +268,11 @@ void Account::setApprovedCerts(const QList<QSslCertificate> &certs) _am->setCustomTrustedCaCertificates(_approvedCerts); } -void Account::addApprovedCerts(const QList<QSslCertificate> &certs) +void Account::addApprovedCerts(const QSet<QSslCertificate> &certs) { - _approvedCerts.unite({ certs.begin(), certs.end() }); + _approvedCerts.unite(certs); _am->setCustomTrustedCaCertificates(_approvedCerts); -} - -void Account::resetRejectedCertificates() -{ - _rejectedCertificates.clear(); + Q_EMIT wantsAccountSaved(this); } void Account::setUrl(const QUrl &url) diff --git a/src/libsync/account.h b/src/libsync/account.h index 84f0d0be1..eb91370d5 100644 --- a/src/libsync/account.h +++ b/src/libsync/account.h @@ -154,12 +154,7 @@ public: /** The certificates of the account */ QSet<QSslCertificate> approvedCerts() const { return _approvedCerts; } void setApprovedCerts(const QList<QSslCertificate> &certs); - void addApprovedCerts(const QList<QSslCertificate> &certs); - - // Usually when a user explicitly rejects a certificate we don't - // ask again. After this call, a dialog will again be shown when - // the next unknown certificate is encountered. - void resetRejectedCertificates(); + void addApprovedCerts(const QSet<QSslCertificate> &certs); // To be called by credentials only, for storing username and the like QVariant credentialSetting(const QString &key) const; @@ -211,7 +206,7 @@ public: void resetAccessManager(); AccessManager *accessManager(); - QSharedPointer<AccessManager> sharedAccessManager(); + [[deprecated]] QSharedPointer<AccessManager> sharedAccessManager(); JobQueue *jobQueue(); @@ -273,11 +268,6 @@ private: QScopedPointer<AbstractCredentials> _credentials; bool _http2Supported = false; - /// Certificates that were explicitly rejected by the user - QSet<QSslCertificate> _rejectedCertificates; - - static QString _configFileName; - JobQueue _jobQueue; JobQueueGuard _queueGuard; CredentialManager *_credentialManager; diff --git a/src/libsync/creds/httpcredentials.cpp b/src/libsync/creds/httpcredentials.cpp index 721e025de..beae0c233 100644 --- a/src/libsync/creds/httpcredentials.cpp +++ b/src/libsync/creds/httpcredentials.cpp @@ -254,17 +254,17 @@ bool HttpCredentials::refreshAccessTokenInternal(int tokenRefreshRetriesCount) { if (_refreshToken.isEmpty()) return false; - if (_isRenewingOAuthToken) { + if (_oAuthJob) { return true; } - _isRenewingOAuthToken = true; // don't touch _ready or the account state will start a new authentication // _ready = false; - OAuth *oAuth = new AccountBasedOAuth(_account->sharedFromThis(), this); - connect(oAuth, &OAuth::refreshError, this, [oAuth, tokenRefreshRetriesCount, this](QNetworkReply::NetworkError error, const QString &) { - oAuth->deleteLater(); + // parent with nam to enusre we reset when the nam is reset + _oAuthJob = new AccountBasedOAuth(_account->sharedFromThis(), _account->accessManager()); + connect(_oAuthJob, &OAuth::refreshError, this, [tokenRefreshRetriesCount, this](QNetworkReply::NetworkError error, const QString &) { + _oAuthJob->deleteLater(); int nextTry = tokenRefreshRetriesCount + 1; std::chrono::seconds timeout = {}; switch (error) { @@ -289,15 +289,13 @@ bool HttpCredentials::refreshAccessTokenInternal(int tokenRefreshRetriesCount) return; } QTimer::singleShot(timeout, this, [nextTry, this] { - _isRenewingOAuthToken = false; refreshAccessTokenInternal(nextTry); }); Q_EMIT authenticationFailed(); }); - connect(oAuth, &OAuth::refreshFinished, this, [this, oAuth](const QString &accessToken, const QString &refreshToken) { - oAuth->deleteLater(); - _isRenewingOAuthToken = false; + connect(_oAuthJob, &OAuth::refreshFinished, this, [this](const QString &accessToken, const QString &refreshToken) { + _oAuthJob->deleteLater(); if (refreshToken.isEmpty()) { // an error occured, log out forgetSensitiveData(); @@ -313,7 +311,7 @@ bool HttpCredentials::refreshAccessTokenInternal(int tokenRefreshRetriesCount) } emit fetched(); }); - oAuth->refreshAuthentication(_refreshToken); + _oAuthJob->refreshAuthentication(_refreshToken); Q_EMIT authenticationStarted(); return true; @@ -386,7 +384,7 @@ void HttpCredentials::slotAuthentication(QNetworkReply *reply, QAuthenticator *a qCWarning(lcHttpCredentials) << "Stop request: Authentication failed for " << reply->url().toString() << reply->request().rawHeader("Original-Request-ID"); reply->setProperty(authenticationFailedC, true); - if (!_isRenewingOAuthToken && isUsingOAuth()) { + if (!_oAuthJob && isUsingOAuth()) { qCInfo(lcHttpCredentials) << "Refreshing token"; refreshAccessToken(); } diff --git a/src/libsync/creds/httpcredentials.h b/src/libsync/creds/httpcredentials.h index e52bc066e..e083b5e40 100644 --- a/src/libsync/creds/httpcredentials.h +++ b/src/libsync/creds/httpcredentials.h @@ -28,6 +28,7 @@ class QNetworkReply; class QAuthenticator; namespace OCC { +class OAuth; /* The authentication system is this way because of Shibboleth. @@ -90,7 +91,7 @@ protected: QString _fetchErrorString; bool _ready = false; - bool _isRenewingOAuthToken = false; + QPointer<OAuth> _oAuthJob; bool _retryOnKeyChainError = true; // true if we haven't done yet any reading from keychain DetermineAuthTypeJob::AuthType _authType = DetermineAuthTypeJob::AuthType::Unknown; diff --git a/src/libsync/networkjobs.cpp b/src/libsync/networkjobs.cpp index 6dedb2c32..86d8d4e36 100644 --- a/src/libsync/networkjobs.cpp +++ b/src/libsync/networkjobs.cpp @@ -468,6 +468,7 @@ void CheckServerJob::newReplyHook(QNetworkReply *reply) { connect(reply, &QNetworkReply::metaDataChanged, this, &CheckServerJob::metaDataChangedSlot); connect(reply, &QNetworkReply::encrypted, this, &CheckServerJob::encryptedSlot); + connect(reply, &QNetworkReply::sslErrors, this, &CheckServerJob::sslErrors); connect(reply, &QNetworkReply::redirected, this, [reply, this] { const auto code = reply->attribute(QNetworkRequest::HttpStatusCodeAttribute).toInt(); if (code == 302 || code == 307) { diff --git a/src/libsync/networkjobs.h b/src/libsync/networkjobs.h index 7c9eab272..24f770940 100644 --- a/src/libsync/networkjobs.h +++ b/src/libsync/networkjobs.h @@ -236,6 +236,8 @@ signals: */ void timeout(const QUrl &url); + void sslErrors(const QList<QSslError> &errors); + private: bool finished() override; private slots: |