Creds: Forget password on explicit sign-out #4241

2024-11-26 23:28:14 +03:00 · 2015-12-09 11:06:28 +01:00 · 2015-12-09 11:06:28 +01:00 · 4dfce57a58
commit 4dfce57a58
parent 179b25d289
12 changed files with 58 additions and 23 deletions
--- a/src/gui/accountsettings.cpp
+++ b/src/gui/accountsettings.cpp
@ -176,14 +176,13 @@ void AccountSettings::slotOpenAccountWizard()
    OwncloudSetupWizard::runWizard(qApp, SLOT(slotownCloudWizardDone(int)), 0);
 }

-// FIXME: Use same code path as ownCloudGui::slotLogout()
 void AccountSettings::slotToggleSignInState()
 {
-    bool signedOutState = _accountState->isSignedOut();
-    if (!signedOutState) {
-        _accountState->account()->credentials()->invalidateToken();
+    if (_accountState->isSignedOut()) {
+        _accountState->signIn();
+    } else {
+        _accountState->signOutByUi();
    }
-    _accountState->setSignedOut( !signedOutState );
 }

 void AccountSettings::doExpand()
--- a/src/gui/accountstate.cpp
+++ b/src/gui/accountstate.cpp
@ -118,11 +118,15 @@ bool AccountState::isSignedOut() const
    return _state == SignedOut;
 }

-void AccountState::setSignedOut(bool signedOut)
+void AccountState::signOutByUi()
 {
-    if (signedOut) {
-        setState(SignedOut);
-    } else if (_state == SignedOut) {
+    account()->credentials()->forgetSensitiveData();
+    setState(SignedOut);
+}
+
+void AccountState::signIn()
+{
+    if (_state == SignedOut) {
        setState(Disconnected);
    }
 }
--- a/src/gui/accountstate.h
+++ b/src/gui/accountstate.h
@ -78,7 +78,13 @@ public:
    static QString stateString(State state);

    bool isSignedOut() const;
-    void setSignedOut(bool signedOut);
+
+    /** A user-triggered sign out which disconnects, stops syncs
+     * for the account and forgets the password. */
+    void signOutByUi();
+
+    /// Move from SignedOut state to Disconnected (attempting to connect)
+    void signIn();

    bool isConnected() const;
    bool isConnectedOrTemporarilyUnavailable() const;
--- a/src/gui/creds/shibbolethcredentials.cpp
+++ b/src/gui/creds/shibbolethcredentials.cpp
@ -186,6 +186,11 @@ void ShibbolethCredentials::invalidateToken()
    _shibCookie = QNetworkCookie();
 }

+void ShibbolethCredentials::forgetSensitiveData()
+{
+    invalidateToken();
+}
+
 void ShibbolethCredentials::onShibbolethCookieReceived(const QNetworkCookie& shibCookie)
 {
    storeShibCookie(shibCookie);
--- a/src/gui/creds/shibbolethcredentials.h
+++ b/src/gui/creds/shibbolethcredentials.h
@ -58,6 +58,7 @@ public:
    bool stillValid(QNetworkReply *reply) Q_DECL_OVERRIDE;
    void persist() Q_DECL_OVERRIDE;
    void invalidateToken() Q_DECL_OVERRIDE;
+    void forgetSensitiveData() Q_DECL_OVERRIDE;

    void showLoginWindow();

--- a/src/gui/owncloudgui.cpp
+++ b/src/gui/owncloudgui.cpp
@ -629,15 +629,14 @@ void ownCloudGui::slotLogin()
 {
    auto list = AccountManager::instance()->accounts();
    if (auto account = qvariant_cast<AccountStatePtr>(sender()->property(propertyAccountC))) {
-        account->setSignedOut(false);
+        account->signIn();
    } else {
        foreach (const auto &a, list) {
-            a->setSignedOut(false);
+            a->signIn();
        }
    }
 }

-// FIXME: Unify codepath with AccountSettings::slotToggleSignInState()
 void ownCloudGui::slotLogout()
 {
    auto list = AccountManager::instance()->accounts();
@ -647,15 +646,7 @@ void ownCloudGui::slotLogout()
    }

    foreach (const auto &ai, list) {
-        AccountPtr a = ai->account();
-        // invalidate & forget token/password
-        a->credentials()->invalidateToken();
-        // terminate all syncs and unload folders
-        FolderMan *folderMan = FolderMan::instance();
-        folderMan->terminateSyncProcess();
-        ai->setSignedOut(true);
-        // show result
-        slotComputeOverallSyncStatus();
+        ai->signOutByUi();
    }
 }

--- a/src/libsync/creds/abstractcredentials.h
+++ b/src/libsync/creds/abstractcredentials.h
@ -50,9 +50,24 @@ public:
    virtual void askFromUser() = 0;
    virtual bool stillValid(QNetworkReply *reply) = 0;
    virtual void persist() = 0;
-    /** Invalidates auth token, or password for basic auth */
+
+    /** Invalidates token used to authorize requests, it will no longer be used.
+     *
+     * For http auth, this would be the session cookie.
+     *
+     * Note that sensitive data (like the password used to acquire the
+     * session cookie) may be retained. See forgetSensitiveData().
+     */
    virtual void invalidateToken() = 0;

+    /** Clears out all sensitive data; used for fully signing out users.
+     *
+     * This should always imply invalidateToken() but may go beyond it.
+     *
+     * For http auth, this would clear the session cookie and password.
+     */
+    virtual void forgetSensitiveData() = 0;
+
    static QString keychainKey(const QString &url, const QString &user);

 Q_SIGNALS:
--- a/src/libsync/creds/dummycredentials.h
+++ b/src/libsync/creds/dummycredentials.h
@ -37,6 +37,7 @@ public:
    void askFromUser() Q_DECL_OVERRIDE;
    void persist() Q_DECL_OVERRIDE;
    void invalidateToken() Q_DECL_OVERRIDE {}
+    void forgetSensitiveData() Q_DECL_OVERRIDE {};
 };

 } // namespace OCC
--- a/src/libsync/creds/httpcredentials.cpp
+++ b/src/libsync/creds/httpcredentials.cpp
@ -238,6 +238,12 @@ void HttpCredentials::invalidateToken()
 #endif
 }

+void HttpCredentials::forgetSensitiveData()
+{
+    invalidateToken();
+    _previousPassword.clear();
+}
+
 void HttpCredentials::persist()
 {
    if (_user.isEmpty()) {
--- a/src/libsync/creds/httpcredentials.h
+++ b/src/libsync/creds/httpcredentials.h
@ -48,6 +48,7 @@ public:
    QString user() const Q_DECL_OVERRIDE;
    QString password() const;
    void invalidateToken() Q_DECL_OVERRIDE;
+    void forgetSensitiveData() Q_DECL_OVERRIDE;
    QString fetchUser();
    virtual bool sslIsTrusted() { return false; }
    QString certificatePath() const;
--- a/src/libsync/creds/tokencredentials.cpp
+++ b/src/libsync/creds/tokencredentials.cpp
@ -144,6 +144,11 @@ void TokenCredentials::invalidateToken()
    _password = QString();
 }

+void TokenCredentials::forgetSensitiveData()
+{
+    invalidateToken();
+}
+
 void TokenCredentials::persist()
 {
 }
--- a/src/libsync/creds/tokencredentials.h
+++ b/src/libsync/creds/tokencredentials.h
@ -49,6 +49,7 @@ public:
    void persist() Q_DECL_OVERRIDE;
    QString user() const Q_DECL_OVERRIDE;
    void invalidateToken() Q_DECL_OVERRIDE;
+    void forgetSensitiveData() Q_DECL_OVERRIDE;

    QString password() const;
 private Q_SLOTS: