Commit graph

178 commits

Author SHA1 Message Date
Claudio Cambra
25ca698ad5
Improve user-related strings in webflow credentials
Signed-off-by: Claudio Cambra <claudio.cambra@nextcloud.com>
2022-10-19 13:31:34 +02:00
Matthieu Gallien
565a5f0999 add [[nodiscard]] attribute via clang-tidy
ran
run-clang-tidy-14.py -header-filter='.*' -checks='-*,modernize-use-nodiscard' -fix
under linux with most part of our code covered

Signed-off-by: Matthieu Gallien <matthieu.gallien@nextcloud.com>
2022-10-04 11:14:45 +02:00
Matthieu Gallien
ecc588c27a avoid possibly crashing static_cast
ran
run-clang-tidy-14.py -header-filter='.*' -checks='-*,cppcoreguidelines-pro-type-static-cast-downcast' -fix

this can prevent casting to a type that is unrelated to the real type
and later cause a crash because you go into undefined behavior domain

Signed-off-by: Matthieu Gallien <matthieu.gallien@nextcloud.com>
2022-10-03 10:23:24 +02:00
Matthieu Gallien
7180b09807 mark unused variable as bein unused to avoid clang warning
Signed-off-by: Matthieu Gallien <matthieu.gallien@nextcloud.com>
2022-08-02 16:28:50 +02:00
Valdnet
b214b87491 i18n: Add dot
Signed-off-by: Valdnet <47037905+Valdnet@users.noreply.github.com>
2022-06-28 08:55:54 +02:00
Claudio Cambra
b7c2e16aa9 Make client language gender-neutral and more clear
Signed-off-by: Claudio Cambra <claudio.cambra@gmail.com>
2022-06-24 14:36:36 +02:00
alex-z
be23e747de Stretch WebView to fit dialog's height.
Signed-off-by: alex-z <blackslayer4@gmail.com>
2022-05-18 10:57:10 +03:00
alex-z
25785841a3 Always prefill username from Windows login name based on server version
Signed-off-by: alex-z <blackslayer4@gmail.com>
2021-12-03 11:08:35 +02:00
alex-z
b03bf1c1f0 Pass username from Windows to login page.
Signed-off-by: alex-z <blackslayer4@gmail.com>
2021-11-24 10:04:22 +00:00
alex-z
c52718c104 Replace deprecated QRegExp with QRegularExpression.
Signed-off-by: alex-z <blackslayer4@gmail.com>
2021-11-02 08:54:06 +00:00
Kevin Ottens
5fe63a4d9a Display the right endpoint in the warning in case of error
At that point in time _pollEndpoint isn't set yet. All the checks are
against pollEndpoint so display that one in the warning. Otherwise one
always end up with an empty URL in the logs which is not very useful for
debugging purposes.

Signed-off-by: Kevin Ottens <kevin.ottens@enioka.com>
2021-10-06 10:17:38 +00:00
Matthieu Gallien
25669938fd let clang-tidy add missing override after enabling again the check
Signed-off-by: Matthieu Gallien <matthieu.gallien@nextcloud.com>
2021-08-31 08:35:56 +00:00
Valdnet
7ebbb499e0 l10n: Replace apostrophe with double quotation
Signed-off-by: Valdnet <47037905+Valdnet@users.noreply.github.com>
2021-07-30 06:21:05 +00:00
Valdnet
bc9d3c5936 l10n: Change to uppercase 2021-07-22 15:47:52 +00:00
Valdnet
7db51e9029 l10n: Change to uppercase
Signed-off-by: Valdnet <47037905+Valdnet@users.noreply.github.com>
2021-07-22 15:47:52 +00:00
Felix Weilbach
3f6bb4a929 Use QStringLiteral instead of plain strings
Signed-off-by: Felix Weilbach <felix.weilbach@nextcloud.com>
2021-07-21 17:15:11 +00:00
Felix Weilbach
ee49a7ed52 Fix review comments
Signed-off-by: Felix Weilbach <felix.weilbach@nextcloud.com>
2021-07-21 17:15:11 +00:00
Felix Weilbach
e4f92ad1a1 Enforce https in flow1 and flow2 for https connections
Signed-off-by: Felix Weilbach <felix.weilbach@nextcloud.com>
2021-07-21 17:15:11 +00:00
Felix Weilbach
8376b99ec5 Allow to compile without QWebEngine
Signed-off-by: Felix Weilbach <felix.weilbach@nextcloud.com>
2021-06-24 15:43:51 +00:00
Valdnet
dadddd7ea2 l10n: Replace apostrophe with double quotation
Signed-off-by: Valdnet <47037905+Valdnet@users.noreply.github.com>
2021-05-12 12:34:22 +02:00
Felix Weilbach
ff7932bb54 Display the content of the login dialog correct
This adjustment is necessary because of the changes of the new account
wizard that were introduced with:
e0b7ef15b2

Signed-off-by: Felix Weilbach <felix.weilbach@nextcloud.com>
2021-03-16 13:34:34 +00:00
Felix Weilbach
29e1a82f56 Add missing override specifer to WebFlowCredentials
Signed-off-by: Felix Weilbach <felix.weilbach@nextcloud.com>
2021-02-13 10:22:01 +00:00
allexzander
013f3cea70 Validate sensitive URLs to onle allow http(s) schemes.
Signed-off-by: allexzander <blackslayer4@gmail.com>
2021-02-09 15:00:35 +02:00
Felix Weilbach
db0f1e245d Remove NO_SHIBBOLETH flag and dead code
Signed-off-by: Felix Weilbach <felix.weilbach@t-online.de>
2021-01-05 12:58:58 +01:00
Kevin Ottens
c57eff6fd8
Please the clang-tidy overlord
Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
2020-12-15 11:01:53 +01:00
Markus Goetz
62d876b09a
OAuth2: Better error logging
This does not fix a bug, just was found while spotting a bug that was no bug.
For https://github.com/owncloud/enterprise/issues/2951
2020-12-15 10:58:51 +01:00
Christian Kamm
ee6a48b3dc
Client certs: Store pkcs12 in config, password in keychain
It still reads and writes the old format too, but all newly stored
client certs will be in the new form.

For #6776 because Windows limits credential data to 512 bytes in older
versions.
2020-12-15 10:58:43 +01:00
Olivier Goffart
c31d3f277f
HttpCredentials: Do not re-enter the event loop
https://sentry.io/owncloud/desktop-win-and-mac/issues/777907931/
mention a crash in OCC::HttpCredentialsGui::showDialog
One possible explaination is that this is caused by re-entring the event loop.
So don't do that.
2020-12-15 10:58:31 +01:00
Olivier Goffart
15eab07866
OAuth2: Store 'Account::davUser' in the config, and use that user for connecting
We need to use the user id to check if we are connected to the right account.
These might be different from the HTTP Basic Auth login. (LDAP setups)

When the account was configured as an oauth2 account form the wisard, the
http_user was already set correctly to the user id. But when the server is
upgrading from basic auth to oauth2, we need to pick the right login.

Note that Account::davUser() already defaults to the HTTP user when none
is set, so this means the upgrade will be fine if this is not set in the
config.

Issues:
https://github.com/owncloud/oauth2/issues/109
https://github.com/owncloud/enterprise/issues/2781
2020-12-15 10:58:11 +01:00
Olivier Goffart
0155a4fa73
Wizard + OAuth: Make opening a new browser after clicking back works again
Issue #6574

When there is an error in the advanced page, OwncloudAdvancedSetupPage::updateStatus
(and others) call completeChanged(), which is connected to
QWizardPrivate::_q_updateButtonStates which will re-enable the back button from the
last page.

When the user click "back" and re-open the browser, the account's credentials
already have a oauth token set. So the call to the API to get a new token fails
because we use the previous token instead of using the client's secret_id.
Fix this with the HttpCredentials::DontAddCredentialsAttribute.

Now, this is still not working because the session cookies are confusing the
server.  So we'll clear the cookies when re-opening the browser
2020-12-15 10:57:55 +01:00
Kevin Ottens
3427dadaeb
Get rid of FindQt5Keychain.cmake
QtKeychain provides Qt5KeychainConfig.cmake and friends nowadays, so no
need to have a less reliable and outdated find module on our end.

Also this shows that we were including keychain.h in the wrong way and
were not using the link target, so both got fixed as well.

Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
2020-11-02 13:19:48 +01:00
Michael Schuster
61dc4b9137
Update comments
Everyone uses their private mail, so ensure people can get in touch.

Signed-off-by: Michael Schuster <michael@schuster.ms>
2020-10-15 02:18:52 +02:00
Kevin Ottens
ab67741d87 Use setHeader instead of setRawHeader for the user agent
Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
2020-10-08 05:55:47 +00:00
Kevin Ottens
3d8af05037 Use friendly user agent during webflow2 auth
This way the server displays a less scary string while granting access
from the browser. Also this same string will be used in the "Devices and
sessions" section of the server settings.

Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
2020-10-08 05:55:47 +00:00
Kevin Ottens
80cc196f6f Enable bugprone-narrowing-conversions clang-tidy check
Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
2020-09-01 06:37:03 +00:00
Kevin Ottens
1a0945a973 Enable all the misc clang-tidy check except one
This flagged mostly unused parameters. Didn't enable the
misc-non-private-member-variables-in-classes check as we got a lot of
those. Hopefully we'll get to fix them at some point but that feels too
early and too much work for now.

Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
2020-08-31 09:14:09 +02:00
Kevin Ottens
2f8c29082a Enable the modernize-use-equals-default check on clang-tidy
Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
2020-08-13 14:19:42 +02:00
Michael Schuster
f4d83d02f6
Cleanup auto pointers and qobject casts, refactor KeychainChunk
Signed-off-by: Michael Schuster <michael@schuster.ms>
2020-07-06 21:51:40 +02:00
Michael Schuster
8503226c44
Keychain: Use auto deletion in WebFlowCredentials and ConfigFile
- Also make use of the new KeychainChunk::DeleteJob

Signed-off-by: Michael Schuster <michael@schuster.ms>
2020-07-06 21:51:40 +02:00
Michael Schuster
81c644e702
ConfigFile security: Migrate Proxy password to keychain
When specified in the config file, the Proxy password will be migrated
to the keychain, for backward compatibility and to allow admins to
overwrite an existing password by rolling out updated config files.

Once migrated to the keychain, the password will be removed from the
config file.

Signed-off-by: Michael Schuster <michael@schuster.ms>
2020-07-06 21:51:39 +02:00
Michael Schuster
2a3ef044be
Move KeychainChunk class from gui to libsync
Signed-off-by: Michael Schuster <michael@schuster.ms>
2020-07-06 21:51:39 +02:00
Michael Schuster
203a2ce003
Move QKeychain::NoBackendAvailable error handling to KeychainChunk class
Originally this was in the WebFlowCredentials class. Since we've abstracted everything
from there already, let's also move this in case some other code may use
KeychainChunk::ReadJob prior to WebFlowCredentials.

Signed-off-by: Michael Schuster <michael@schuster.ms>
2020-07-06 21:51:36 +02:00
Kevin Ottens
53c31f5fed Make sure all our logging categories start with nextcloud.
Otherwise it was a bit confusing and annoying for filter rules:
e.g. "nextcloud.sync.*" vs "sync.*".

Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
2020-07-01 15:39:52 +02:00
Kevin Ottens
e3e262e42e Use default member init when applicable
This also fixes a couple of warnings at places (out of order init for
instance) and a potential bug in the webflow credentials / qtkeychain
integration.

Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
2020-06-03 16:10:39 +02:00
Kevin Ottens
a73a1f3927 Use = default for trivial ctors and dtors
Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
2020-05-25 21:33:24 +02:00
Kevin Ottens
712869db9a Use auto to avoiding repeating type names
Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
2020-05-20 03:54:41 +02:00
Michael Schuster
ab1099f13e
WebFlowCredentials: Make username comparison case-insensitive (fix #1741)
Fixes issue #1741

Signed-off-by: Michael Schuster <michael@schuster.ms>
2020-03-03 06:01:27 +01:00
Michael Schuster
2b2810511d
KeychainChunk: Fix error handling in ReadJob::slotReadJobDone
Signed-off-by: Michael Schuster <michael@schuster.ms>
2019-12-24 12:17:43 +01:00
Michael Schuster
9b034a2eb0 Heavy refactoring: Windows workaround for >= 4k (4096 bit) client-cert SSL keys and large certs
With QtKeychain on Windows, storing larger keys or certs in one keychain entry causes the
following error due to limits in the Windows APIs:
    Error: "Credential size exceeds maximum size of 2560"

This fix implements the new wrapper class KeychainChunk with wrapper jobs ReadJob and WriteJob
to encapsulate the QKeychain handling of ReadPasswordJob and WritePasswordJob with binaryData
but split every supplied keychain entry's data into 2048 byte chunks, on Windows only.

The wrapper is used for all keychain operations in WebFlowCredentials, except for the server password.

All finished keychain jobs now get deleted properly, to avoid memory leaks.

For reference also see previous fixes:
- https://github.com/nextcloud/desktop/pull/1389
- https://github.com/nextcloud/desktop/pull/1394

This should finally fix the re-opened issue:
- https://github.com/nextcloud/desktop/issues/863

Signed-off-by: Michael Schuster <michael@schuster.ms>
2019-12-24 07:47:35 +01:00
Michael Schuster
8b5f09305c Flow2: Refactor UI into Flow2AuthWidget only and improve Flow2Auth
- Flow2AuthCredsPage:
  - Remove .ui file and embed Flow2AuthWidget into layout

- Flow2AuthWidget:
  - Make use generic for Flow2AuthCredsPage and WebFlowCredentialsDialog
  - Fix _errorLabel to render HTML tags instead of dumping them as plain text

- Flow2Auth:
  - Explicitly start auth with startAuth(account) instead of using constructor
  - Take control of copying the auth link to clipboard
  - Request a new auth link on copying, to avoid expiry invalidation
  - Use signals statusChanged() and result() to be more verbose (status, errors)
  - Change timer invocation and add safety bool's to avoid weird behaviour when
    the user triggers multiple link-copy calls (fetchNewToken)

Signed-off-by: Michael Schuster <michael@schuster.ms>
2019-12-24 07:46:57 +01:00