nextcloud-desktop/src/libsync/mirallaccessmanager.cpp

/*
 * Copyright (C) by Krzesimir Nowak <krzesimir@endocode.com>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; version 2 of the License.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
 * for more details.
 */

#include <QNetworkRequest>
#include <QNetworkReply>
#include <QNetworkProxy>
#include <QAuthenticator>
#include <QSslConfiguration>
#include <QNetworkCookie>
#include <QNetworkCookieJar>

#include "authenticationdialog.h"
#include "cookiejar.h"
#include "mirallaccessmanager.h"
#include "utility.h"

namespace Mirall
{

MirallAccessManager::MirallAccessManager(QObject* parent)
    : QNetworkAccessManager (parent)
{
#if QT_VERSION >= QT_VERSION_CHECK(5, 0, 0) && defined(Q_OS_MAC)
    // FIXME Workaround http://stackoverflow.com/a/15707366/2941 https://bugreports.qt-project.org/browse/QTBUG-30434
    QNetworkProxy proxy = this->proxy();
    proxy.setHostName(" ");
    setProxy(proxy);
#endif
    setCookieJar(new CookieJar);
    connect(this, SIGNAL(proxyAuthenticationRequired(QNetworkProxy,QAuthenticator*)),
            this, SLOT(slotProxyAuthenticationRequired(QNetworkProxy,QAuthenticator*)));
    connect(this, SIGNAL(authenticationRequired(QNetworkReply*,QAuthenticator*)),
            this, SLOT(slotAuthenticationRequired(QNetworkReply*,QAuthenticator*)));

}

void MirallAccessManager::setRawCookie(const QByteArray &rawCookie, const  QUrl &url)
{
    QNetworkCookie cookie(rawCookie.left(rawCookie.indexOf('=')),
                          rawCookie.mid(rawCookie.indexOf('=')+1));
    qDebug() << Q_FUNC_INFO << cookie.name() << cookie.value();
    QList<QNetworkCookie> cookieList;
    cookieList.append(cookie);

    QNetworkCookieJar *jar = cookieJar();
    jar->setCookiesFromUrl(cookieList, url);
}

QNetworkReply* MirallAccessManager::createRequest(QNetworkAccessManager::Operation op, const QNetworkRequest& request, QIODevice* outgoingData)
{
    QNetworkRequest newRequest(request);

    if (newRequest.hasRawHeader("cookie")) {
        // This will set the cookie into the QNetworkCookieJar which will then override the cookie header
        setRawCookie(request.rawHeader("cookie"), request.url());
    }

    newRequest.setRawHeader(QByteArray("User-Agent"), Utility::userAgentString());
    QByteArray verb = newRequest.attribute(QNetworkRequest::CustomVerbAttribute).toByteArray();
    // For PROPFIND (assumed to be a WebDAV op), set xml/utf8 as content type/encoding
    // This needs extension
    if (verb == "PROPFIND") {
        newRequest.setHeader( QNetworkRequest::ContentTypeHeader, QLatin1String("text/xml; charset=utf-8"));
    }
    return QNetworkAccessManager::createRequest(op, newRequest, outgoingData);
}

void MirallAccessManager::slotProxyAuthenticationRequired(const QNetworkProxy &proxy, QAuthenticator *authenticator)
{
    Q_UNUSED(authenticator);
    qDebug() << Q_FUNC_INFO << proxy.type();
    // We put in the password here and in ClientProxy in the proxy itself.
    if (!proxy.user().isEmpty() || !proxy.password().isEmpty()) {
        authenticator->setUser(proxy.user());
        authenticator->setPassword(proxy.password());
    }
}
void MirallAccessManager::slotAuthenticationRequired(QNetworkReply *reply, QAuthenticator *authenticator)
{
    // do not handle 401 created by the networkjobs. We may want
    // to eventually exempt some, but for now we need
    // it only for other things, e.g. the browser. Would we handle
    // network jobs, this would break the wizard logic
    if (reply->property("doNotHandleAuth").toBool()) {
        return;
    }
    QUrl url = reply->url();
    // show only scheme, host and port
    QUrl reducedUrl;
    reducedUrl.setScheme(url.scheme());
    reducedUrl.setHost(url.host());
    reducedUrl.setPort(url.port());

    AuthenticationDialog dialog(authenticator->realm(), reducedUrl.toString());
    if (dialog.exec() == QDialog::Accepted) {
        authenticator->setUser(dialog.user());
        authenticator->setPassword(dialog.password());
    }
}

} // ns Mirall
Create a QNetworkAccessManager subclass which sets proper user agent and use it. 2013-08-01 18:22:54 +04:00			`/*`
			`* Copyright (C) by Krzesimir Nowak <krzesimir@endocode.com>`
			`*`
			`* This program is free software; you can redistribute it and/or modify`
			`* it under the terms of the GNU General Public License as published by`
			`* the Free Software Foundation; version 2 of the License.`
			`*`
			`* This program is distributed in the hope that it will be useful, but`
			`* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY`
			`* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License`
			`* for more details.`
			`*/`

			`#include <QNetworkRequest>`
Always handle 401 requests, except for network jobs It is not enough to only implement it for the QNAM returned by the ShibbolethCredentials, because we sometimes need it when we have no valid credentials set (and are using dummy credentials in the course). The main use case is the Webview opened by Shibboleth for FBA. But as a side-effect, we can use it to handle auth requests from the updater and other places. 2014-08-12 21:24:41 +04:00			`#include <QNetworkReply>`
OS X: Workaround Qt5 QNAM bug This made the sign out/sign in handling not work. (cherry picked from commit 104cf680a60d51587fe44392351070453b18778d) 2014-02-05 19:27:57 +04:00			`#include <QNetworkProxy>`
Proxy: Try to fix issue See https://github.com/owncloud/mirall/commit/eb7074e9f088214648183a45c2ce806f65a8bf3c for discussion 2014-03-06 20:45:02 +04:00			`#include <QAuthenticator>`
Fix wizard flow with shibboleth 2014-05-15 11:43:07 +04:00			`#include <QSslConfiguration>`
TokenCredentials, DirectDownload: Rework cookie handling That way we don't override QNAM's cookie jar behaviour 2014-08-22 15:46:22 +04:00			`#include <QNetworkCookie>`
			`#include <QNetworkCookieJar>`
Create a QNetworkAccessManager subclass which sets proper user agent and use it. 2013-08-01 18:22:54 +04:00
Merge branch 'master' into move_lib_to_sep_dir Conflicts: cmake/modules/NSIS.template.in src/CMakeLists.txt src/creds/shibboleth/authenticationdialog.cpp src/creds/shibboleth/authenticationdialog.h src/gui/owncloudgui.cpp src/libsync/creds/shibboleth/authenticationdialog.cpp src/libsync/creds/shibboleth/authenticationdialog.h src/libsync/mirallaccessmanager.cpp src/mirall/authenticationdialog.cpp src/mirall/authenticationdialog.h 2014-08-12 23:07:14 +04:00			`#include "authenticationdialog.h"`
Split into three separate projects: library, gui and cmd 2014-07-11 02:31:24 +04:00			`#include "cookiejar.h"`
			`#include "mirallaccessmanager.h"`
			`#include "utility.h"`
Create a QNetworkAccessManager subclass which sets proper user agent and use it. 2013-08-01 18:22:54 +04:00
			`namespace Mirall`
			`{`

			`MirallAccessManager::MirallAccessManager(QObject* parent)`
			`: QNetworkAccessManager (parent)`
WIP: Dissolve owncloudinfo class 2013-10-21 23:42:52 +04:00			`{`
Limit the mac workaround to the Mac OS X platform 2014-04-25 12:50:20 +04:00			`#if QT_VERSION >= QT_VERSION_CHECK(5, 0, 0) && defined(Q_OS_MAC)`
OS X: Workaround Qt5 QNAM bug This made the sign out/sign in handling not work. (cherry picked from commit 104cf680a60d51587fe44392351070453b18778d) 2014-02-05 19:27:57 +04:00			`// FIXME Workaround http://stackoverflow.com/a/15707366/2941 https://bugreports.qt-project.org/browse/QTBUG-30434`
			`QNetworkProxy proxy = this->proxy();`
			`proxy.setHostName(" ");`
			`setProxy(proxy);`
			`#endif`
CookieJar refactoring required to overcome issues in Shibboleth support The shibboleth implementation no longer maintains its own QNAM. Instead, MirallAccessManager now holds a custom QNAM implementation which saves cookies to a file on disk. This patch also reduces some complexity wrt the browser window, which used to be deleted via a roundtrip to its callee, which is not longer required. Fixes #1764 and Enterprise bug #165 Going forward, AbstractCredentials::getQNAM() could maybe removed entirely. 2014-05-14 13:11:45 +04:00			`setCookieJar(new CookieJar);`
Always handle 401 requests, except for network jobs It is not enough to only implement it for the QNAM returned by the ShibbolethCredentials, because we sometimes need it when we have no valid credentials set (and are using dummy credentials in the course). The main use case is the Webview opened by Shibboleth for FBA. But as a side-effect, we can use it to handle auth requests from the updater and other places. 2014-08-12 21:24:41 +04:00			`connect(this, SIGNAL(proxyAuthenticationRequired(QNetworkProxy,QAuthenticator*)),`
			`this, SLOT(slotProxyAuthenticationRequired(QNetworkProxy,QAuthenticator*)));`
			`connect(this, SIGNAL(authenticationRequired(QNetworkReply,QAuthenticator)),`
			`this, SLOT(slotAuthenticationRequired(QNetworkReply,QAuthenticator)));`

WIP: Dissolve owncloudinfo class 2013-10-21 23:42:52 +04:00			`}`
Create a QNetworkAccessManager subclass which sets proper user agent and use it. 2013-08-01 18:22:54 +04:00
TokenCredentials, DirectDownload: Rework cookie handling That way we don't override QNAM's cookie jar behaviour 2014-08-22 15:46:22 +04:00			`void MirallAccessManager::setRawCookie(const QByteArray &rawCookie, const QUrl &url)`
			`{`
			`QNetworkCookie cookie(rawCookie.left(rawCookie.indexOf('=')),`
			`rawCookie.mid(rawCookie.indexOf('=')+1));`
			`qDebug() << Q_FUNC_INFO << cookie.name() << cookie.value();`
			`QList<QNetworkCookie> cookieList;`
			`cookieList.append(cookie);`

			`QNetworkCookieJar *jar = cookieJar();`
			`jar->setCookiesFromUrl(cookieList, url);`
			`}`

Create a QNetworkAccessManager subclass which sets proper user agent and use it. 2013-08-01 18:22:54 +04:00			`QNetworkReply* MirallAccessManager::createRequest(QNetworkAccessManager::Operation op, const QNetworkRequest& request, QIODevice* outgoingData)`
			`{`
			`QNetworkRequest newRequest(request);`
TokenCredentials, DirectDownload: Rework cookie handling That way we don't override QNAM's cookie jar behaviour 2014-08-22 15:46:22 +04:00
			`if (newRequest.hasRawHeader("cookie")) {`
			`// This will set the cookie into the QNetworkCookieJar which will then override the cookie header`
			`setRawCookie(request.rawHeader("cookie"), request.url());`
			`}`

WIP: Dissolve owncloudinfo class 2013-10-21 23:42:52 +04:00			`newRequest.setRawHeader(QByteArray("User-Agent"), Utility::userAgentString());`
			`QByteArray verb = newRequest.attribute(QNetworkRequest::CustomVerbAttribute).toByteArray();`
			`// For PROPFIND (assumed to be a WebDAV op), set xml/utf8 as content type/encoding`
			`// This needs extension`
			`if (verb == "PROPFIND") {`
			`newRequest.setHeader( QNetworkRequest::ContentTypeHeader, QLatin1String("text/xml; charset=utf-8"));`
			`}`
			`return QNetworkAccessManager::createRequest(op, newRequest, outgoingData);`
Create a QNetworkAccessManager subclass which sets proper user agent and use it. 2013-08-01 18:22:54 +04:00			`}`

Proxy: Try to fix issue See https://github.com/owncloud/mirall/commit/eb7074e9f088214648183a45c2ce806f65a8bf3c for discussion 2014-03-06 20:45:02 +04:00			`void MirallAccessManager::slotProxyAuthenticationRequired(const QNetworkProxy &proxy, QAuthenticator *authenticator)`
			`{`
			`Q_UNUSED(authenticator);`
			`qDebug() << Q_FUNC_INFO << proxy.type();`
			`// We put in the password here and in ClientProxy in the proxy itself.`
			`if (!proxy.user().isEmpty() \|\| !proxy.password().isEmpty()) {`
			`authenticator->setUser(proxy.user());`
			`authenticator->setPassword(proxy.password());`
			`}`
			`}`
Always handle 401 requests, except for network jobs It is not enough to only implement it for the QNAM returned by the ShibbolethCredentials, because we sometimes need it when we have no valid credentials set (and are using dummy credentials in the course). The main use case is the Webview opened by Shibboleth for FBA. But as a side-effect, we can use it to handle auth requests from the updater and other places. 2014-08-12 21:24:41 +04:00			`void MirallAccessManager::slotAuthenticationRequired(QNetworkReply reply, QAuthenticator authenticator)`
			`{`
			`// do not handle 401 created by the networkjobs. We may want`
			`// to eventually exempt some, but for now we need`
			`// it only for other things, e.g. the browser. Would we handle`
			`// network jobs, this would break the wizard logic`
			`if (reply->property("doNotHandleAuth").toBool()) {`
			`return;`
			`}`
			`QUrl url = reply->url();`
			`// show only scheme, host and port`
			`QUrl reducedUrl;`
			`reducedUrl.setScheme(url.scheme());`
			`reducedUrl.setHost(url.host());`
			`reducedUrl.setPort(url.port());`

			`AuthenticationDialog dialog(authenticator->realm(), reducedUrl.toString());`
			`if (dialog.exec() == QDialog::Accepted) {`
			`authenticator->setUser(dialog.user());`
			`authenticator->setPassword(dialog.password());`
			`}`
			`}`
Proxy: Try to fix issue See https://github.com/owncloud/mirall/commit/eb7074e9f088214648183a45c2ce806f65a8bf3c for discussion 2014-03-06 20:45:02 +04:00
Create a QNetworkAccessManager subclass which sets proper user agent and use it. 2013-08-01 18:22:54 +04:00			`} // ns Mirall`