Use new TLSErrorDialog

author: Hannah von Reth <hannah.vonreth@owncloud.com> 2022-05-11 17:51:55 +0300
committer: Hannah von Reth <vonreth@kde.org> 2022-05-13 14:08:30 +0300
commit: bba3425cefb71bd43d8a8dfe2099c1d09bd01054 (patch)
tree: d150bc5c914baf734b8200cc15d528bd1ca055ff /src/libsync
parent: fd0c73ec06d8a90f04dc17ea5e9e551e577c47b0 (diff)
8 files changed, 21 insertions, 36 deletions
diff --git a/src/libsync/abstractnetworkjob.cpp b/src/libsync/abstractnetworkjob.cpp
index 80043b846..e94b834b1 100644
--- a/src/libsync/abstractnetworkjob.cpp
+++ b/src/libsync/abstractnetworkjob.cpp
@@ -180,9 +180,6 @@ void AbstractNetworkJob::adoptRequest(QPointer<QNetworkReply> reply)
 void AbstractNetworkJob::slotFinished()
 {
     _finished = true;
-    if (_reply->error() == QNetworkReply::SslHandshakeFailedError) {
-        qCWarning(lcNetworkJob) << "SslHandshakeFailedError:" << errorString() << ": can be caused by a webserver wanting SSL client certificates";
-    }
     if (_reply->error() != QNetworkReply::NoError) {
         if (_account->jobQueue()->retry(this)) {
             qCDebug(lcNetworkJob) << "Queuing: " << _reply->url() << " for retry";
diff --git a/src/libsync/accessmanager.cpp b/src/libsync/accessmanager.cpp
index d731ddb69..a8f74920b 100644
--- a/src/libsync/accessmanager.cpp
+++ b/src/libsync/accessmanager.cpp
@@ -78,14 +78,14 @@ QNetworkReply *AccessManager::createRequest(QNetworkAccessManager::Operation op,
         newRequest.setAttribute(QNetworkRequest::Http2AllowedAttribute, http2EnabledEnv);
     }
 
-    // for some reason, passing an empty list causes the default chain to be removed
-    // this behavior does not match the documentation
     auto sslConfiguration = newRequest.sslConfiguration();
 
     sslConfiguration.setSslOption(QSsl::SslOptionDisableSessionTickets, false);
     sslConfiguration.setSslOption(QSsl::SslOptionDisableSessionSharing, false);
     sslConfiguration.setSslOption(QSsl::SslOptionDisableSessionPersistence, false);
     if (!_customTrustedCaCertificates.isEmpty()) {
+        // for some reason, passing an empty list causes the default chain to be removed
+        // this behavior does not match the documentation
         sslConfiguration.addCaCertificates({ _customTrustedCaCertificates.begin(), _customTrustedCaCertificates.end() });
     }
     newRequest.setSslConfiguration(sslConfiguration);
diff --git a/src/libsync/account.cpp b/src/libsync/account.cpp
index 3dc44d18a..271936157 100644
--- a/src/libsync/account.cpp
+++ b/src/libsync/account.cpp
@@ -268,15 +268,11 @@ void Account::setApprovedCerts(const QList<QSslCertificate> &certs)
     _am->setCustomTrustedCaCertificates(_approvedCerts);
 }
 
-void Account::addApprovedCerts(const QList<QSslCertificate> &certs)
+void Account::addApprovedCerts(const QSet<QSslCertificate> &certs)
 {
-    _approvedCerts.unite({ certs.begin(), certs.end() });
+    _approvedCerts.unite(certs);
     _am->setCustomTrustedCaCertificates(_approvedCerts);
-}
-
-void Account::resetRejectedCertificates()
-{
-    _rejectedCertificates.clear();
+    Q_EMIT wantsAccountSaved(this);
 }
 
 void Account::setUrl(const QUrl &url)
diff --git a/src/libsync/account.h b/src/libsync/account.h
index 84f0d0be1..eb91370d5 100644
--- a/src/libsync/account.h
+++ b/src/libsync/account.h
@@ -154,12 +154,7 @@ public:
     /** The certificates of the account */
     QSet<QSslCertificate> approvedCerts() const { return _approvedCerts; }
     void setApprovedCerts(const QList<QSslCertificate> &certs);
-    void addApprovedCerts(const QList<QSslCertificate> &certs);
-
-    // Usually when a user explicitly rejects a certificate we don't
-    // ask again. After this call, a dialog will again be shown when
-    // the next unknown certificate is encountered.
-    void resetRejectedCertificates();
+    void addApprovedCerts(const QSet<QSslCertificate> &certs);
 
     // To be called by credentials only, for storing username and the like
     QVariant credentialSetting(const QString &key) const;
@@ -211,7 +206,7 @@ public:
 
     void resetAccessManager();
     AccessManager *accessManager();
-    QSharedPointer<AccessManager> sharedAccessManager();
+    [[deprecated]] QSharedPointer<AccessManager> sharedAccessManager();
 
     JobQueue *jobQueue();
 
@@ -273,11 +268,6 @@ private:
     QScopedPointer<AbstractCredentials> _credentials;
     bool _http2Supported = false;
 
-    /// Certificates that were explicitly rejected by the user
-    QSet<QSslCertificate> _rejectedCertificates;
-
-    static QString _configFileName;
-
     JobQueue _jobQueue;
     JobQueueGuard _queueGuard;
     CredentialManager *_credentialManager;
diff --git a/src/libsync/creds/httpcredentials.cpp b/src/libsync/creds/httpcredentials.cpp
index 721e025de..beae0c233 100644
--- a/src/libsync/creds/httpcredentials.cpp
+++ b/src/libsync/creds/httpcredentials.cpp
@@ -254,17 +254,17 @@ bool HttpCredentials::refreshAccessTokenInternal(int tokenRefreshRetriesCount)
 {
     if (_refreshToken.isEmpty())
         return false;
-    if (_isRenewingOAuthToken) {
+    if (_oAuthJob) {
         return true;
     }
-    _isRenewingOAuthToken = true;
 
     // don't touch _ready or the account state will start a new authentication
     // _ready = false;
 
-    OAuth *oAuth = new AccountBasedOAuth(_account->sharedFromThis(), this);
-    connect(oAuth, &OAuth::refreshError, this, [oAuth, tokenRefreshRetriesCount, this](QNetworkReply::NetworkError error, const QString &) {
-        oAuth->deleteLater();
+    // parent with nam to enusre we reset when the nam is reset
+    _oAuthJob = new AccountBasedOAuth(_account->sharedFromThis(), _account->accessManager());
+    connect(_oAuthJob, &OAuth::refreshError, this, [tokenRefreshRetriesCount, this](QNetworkReply::NetworkError error, const QString &) {
+        _oAuthJob->deleteLater();
         int nextTry = tokenRefreshRetriesCount + 1;
         std::chrono::seconds timeout = {};
         switch (error) {
@@ -289,15 +289,13 @@ bool HttpCredentials::refreshAccessTokenInternal(int tokenRefreshRetriesCount)
             return;
         }
         QTimer::singleShot(timeout, this, [nextTry, this] {
-            _isRenewingOAuthToken = false;
             refreshAccessTokenInternal(nextTry);
         });
         Q_EMIT authenticationFailed();
     });
 
-    connect(oAuth, &OAuth::refreshFinished, this, [this, oAuth](const QString &accessToken, const QString &refreshToken) {
-        oAuth->deleteLater();
-        _isRenewingOAuthToken = false;
+    connect(_oAuthJob, &OAuth::refreshFinished, this, [this](const QString &accessToken, const QString &refreshToken) {
+        _oAuthJob->deleteLater();
         if (refreshToken.isEmpty()) {
             // an error occured, log out
             forgetSensitiveData();
@@ -313,7 +311,7 @@ bool HttpCredentials::refreshAccessTokenInternal(int tokenRefreshRetriesCount)
         }
         emit fetched();
     });
-    oAuth->refreshAuthentication(_refreshToken);
+    _oAuthJob->refreshAuthentication(_refreshToken);
     Q_EMIT authenticationStarted();
 
     return true;
@@ -386,7 +384,7 @@ void HttpCredentials::slotAuthentication(QNetworkReply *reply, QAuthenticator *a
     qCWarning(lcHttpCredentials) << "Stop request: Authentication failed for " << reply->url().toString() << reply->request().rawHeader("Original-Request-ID");
     reply->setProperty(authenticationFailedC, true);
 
-    if (!_isRenewingOAuthToken && isUsingOAuth()) {
+    if (!_oAuthJob && isUsingOAuth()) {
         qCInfo(lcHttpCredentials) << "Refreshing token";
         refreshAccessToken();
     }
diff --git a/src/libsync/creds/httpcredentials.h b/src/libsync/creds/httpcredentials.h
index e52bc066e..e083b5e40 100644
--- a/src/libsync/creds/httpcredentials.h
+++ b/src/libsync/creds/httpcredentials.h
@@ -28,6 +28,7 @@ class QNetworkReply;
 class QAuthenticator;
 
 namespace OCC {
+class OAuth;
 
 /*
    The authentication system is this way because of Shibboleth.
@@ -90,7 +91,7 @@ protected:
 
     QString _fetchErrorString;
     bool _ready = false;
-    bool _isRenewingOAuthToken = false;
+    QPointer<OAuth> _oAuthJob;
     bool _retryOnKeyChainError = true; // true if we haven't done yet any reading from keychain
 
     DetermineAuthTypeJob::AuthType _authType = DetermineAuthTypeJob::AuthType::Unknown;
diff --git a/src/libsync/networkjobs.cpp b/src/libsync/networkjobs.cpp
index 6dedb2c32..86d8d4e36 100644
--- a/src/libsync/networkjobs.cpp
+++ b/src/libsync/networkjobs.cpp
@@ -468,6 +468,7 @@ void CheckServerJob::newReplyHook(QNetworkReply *reply)
 {
     connect(reply, &QNetworkReply::metaDataChanged, this, &CheckServerJob::metaDataChangedSlot);
     connect(reply, &QNetworkReply::encrypted, this, &CheckServerJob::encryptedSlot);
+    connect(reply, &QNetworkReply::sslErrors, this, &CheckServerJob::sslErrors);
     connect(reply, &QNetworkReply::redirected, this, [reply, this] {
         const auto code = reply->attribute(QNetworkRequest::HttpStatusCodeAttribute).toInt();
         if (code == 302 || code == 307) {
diff --git a/src/libsync/networkjobs.h b/src/libsync/networkjobs.h
index 7c9eab272..24f770940 100644
--- a/src/libsync/networkjobs.h
+++ b/src/libsync/networkjobs.h
@@ -236,6 +236,8 @@ signals:
      */
     void timeout(const QUrl &url);
 
+    void sslErrors(const QList<QSslError> &errors);
+
 private:
     bool finished() override;
 private slots:
author	Hannah von Reth <hannah.vonreth@owncloud.com>	2022-05-11 17:51:55 +0300
committer	Hannah von Reth <vonreth@kde.org>	2022-05-13 14:08:30 +0300
commit	bba3425cefb71bd43d8a8dfe2099c1d09bd01054 (patch)
tree	d150bc5c914baf734b8200cc15d528bd1ca055ff /src/libsync
parent	fd0c73ec06d8a90f04dc17ea5e9e551e577c47b0 (diff)