blob: 5ca4d5c4f346610cef9620d1e3d719739a581ed8 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
|
/*
* Copyright (C) by Klaas Freitag <freitag@kde.org>
* Copyright (C) by Krzesimir Nowak <krzesimir@endocode.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#ifndef MIRALL_CREDS_HTTP_CREDENTIALS_H
#define MIRALL_CREDS_HTTP_CREDENTIALS_H
#include "creds/abstractcredentials.h"
#include "networkjobs.h"
#include <QMap>
#include <QSslCertificate>
#include <QSslKey>
#include <QNetworkRequest>
class QNetworkReply;
class QAuthenticator;
namespace QKeychain {
class Job;
class WritePasswordJob;
class ReadPasswordJob;
}
namespace OCC {
/*
The authentication system is this way because of Shibboleth.
There used to be two different ways to authenticate: Shibboleth and HTTP Basic Auth.
AbstractCredentials can be inherited from both ShibbolethCrendentials and HttpCredentials.
HttpCredentials is then split in HttpCredentials and HttpCredentialsGui.
This class handle both HTTP Basic Auth and OAuth. But anything that needs GUI to ask the user
is in HttpCredentialsGui.
*/
class OWNCLOUDSYNC_EXPORT HttpCredentials : public AbstractCredentials
{
Q_OBJECT
friend class HttpCredentialsAccessManager;
friend class HttpLegacyCredentials;
public:
/// Don't add credentials if this is set on a QNetworkRequest
static constexpr QNetworkRequest::Attribute DontAddCredentialsAttribute = QNetworkRequest::User;
explicit HttpCredentials(DetermineAuthTypeJob::AuthType authType, const QString &user, const QString &password);
QString authType() const override;
QNetworkAccessManager *createQNAM() const override;
bool ready() const override;
void fetchFromKeychain() override;
bool stillValid(QNetworkReply *reply) override;
void persist() override;
QString user() const override;
void invalidateToken() override;
void forgetSensitiveData() override;
QString fetchUser();
virtual bool sslIsTrusted() { return false; }
/* If we still have a valid refresh token, try to refresh it assynchronously and emit fetched()
* otherwise return false
*/
bool refreshAccessToken();
// To fetch the user name as early as possible
void setAccount(Account *account) override;
// Whether we are using OAuth
bool isUsingOAuth() const { return _authType == DetermineAuthTypeJob::AuthType::OAuth; }
protected:
HttpCredentials() = default;
/// Wipes legacy keychain locations
void deleteOldKeychainEntries();
void slotAuthentication(QNetworkReply *reply, QAuthenticator *authenticator);
void fetchFromKeychainHelper();
QString _user;
QString _password; // user's password, or access_token for OAuth
QString _refreshToken; // OAuth _refreshToken, set if OAuth is used.
QString _previousPassword;
QString _fetchErrorString;
bool _ready = false;
bool _isRenewingOAuthToken = false;
bool _retryOnKeyChainError = true; // true if we haven't done yet any reading from keychain
DetermineAuthTypeJob::AuthType _authType = DetermineAuthTypeJob::AuthType::Unknown;
private:
int _tokenRefreshRetriesCount = 0;
// HttpLegacyCredentials is incompelte
QPointer<QObject> _credentialMigration;
};
} // namespace OCC
#endif
|
