With QtKeychain on Windows, storing larger keys or certs in one keychain entry causes the
following error due to limits in the Windows APIs:
Error: "Credential size exceeds maximum size of 2560"
This fix implements the new wrapper class KeychainChunk with wrapper jobs ReadJob and WriteJob
to encapsulate the QKeychain handling of ReadPasswordJob and WritePasswordJob with binaryData
but split every supplied keychain entry's data into 2048 byte chunks, on Windows only.
The wrapper is used for all keychain operations in WebFlowCredentials, except for the server password.
All finished keychain jobs now get deleted properly, to avoid memory leaks.
For reference also see previous fixes:
- https://github.com/nextcloud/desktop/pull/1389
- https://github.com/nextcloud/desktop/pull/1394
This should finally fix the re-opened issue:
- https://github.com/nextcloud/desktop/issues/863
Signed-off-by: Michael Schuster <michael@schuster.ms>
- Flow2AuthCredsPage:
- Remove .ui file and embed Flow2AuthWidget into layout
- Flow2AuthWidget:
- Make use generic for Flow2AuthCredsPage and WebFlowCredentialsDialog
- Fix _errorLabel to render HTML tags instead of dumping them as plain text
- Flow2Auth:
- Explicitly start auth with startAuth(account) instead of using constructor
- Take control of copying the auth link to clipboard
- Request a new auth link on copying, to avoid expiry invalidation
- Use signals statusChanged() and result() to be more verbose (status, errors)
- Change timer invocation and add safety bool's to avoid weird behaviour when
the user triggers multiple link-copy calls (fetchNewToken)
Signed-off-by: Michael Schuster <michael@schuster.ms>
New widget on top of the layout, based on Qt's own modern wizard header banner.
This should improve the user's perception of the dialog.
Encapsulate the existing layout into a container layout to allow the banner taking
the full width of the dialog.
Signed-off-by: Michael Schuster <michael@schuster.ms>
Reverts back to the SettingsDialog class because of bugs and glitches with
more recent Qt versions (Qt 5.12) and with the macOS Dark Mode.
See upstream: https://github.com/owncloud/client/pull/7492
Signed-off-by: Michael Schuster <michael@schuster.ms>
- When the the users logs because of 401 or 403 errors, it checks if the
server requested the remote wipe. If yes, locally deletes account and folders
connected to the account and notify the server. If no, proceeds to ask the
user to login again.
- The app password is restored in the keychain.
- WIP: The change also includes a test class for RemoteWipe.
Signed-off-by: Camila San <hello@camila.codes>
- Implements re-auth upon logout -> login
- Improves UI and security
TODO:
- SSL: Client certificate login is possible at the first time only but missing after relaunch
Signed-off-by: Michael Schuster <michael@schuster.ms>
Instead of immediately popping up the mnemonic dialogue,
only show a notification bar on the account setup page.
For the cases where the user does not want to use E2E,
this is significantly less intrusive than the old approach.
cmake/modules/ECMAddAppIcon.cmake is heavily patched to support sidebar icons, OUTFILE_BASE parameter and to not include 64 and 64@2x icons on macOS which are not supported. All changes are made in a way that we can upstream this.
Mainly uses target_include_directories instead of include_directories
so libraries public include directory get automatically added when adding
the target in target_link_library
This commit integrates support for libcloudproviders
desktop integration API. If build with the library it
will check on startup if the DBus interface is available
and then use it instead of the legacy status icon.
Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Drop AvatarJob2
* Allow AvatarJob to retrieve different sizes and users
* Make creating a circular avatar into a function
(maybe all avatars should be made into that shape in the first place)
[Sharing] Show placeholders for avatars
Just like on the web show placeholders for avatars in the sharing dialog
[Sharing] Show avatars!
[Sharing] Show same avatar placeholder for group/federated shares as on
web
* SocketAPI has COPL_LOCAL_LINK / EMAIL_LOCAL_LINK commands
* The nautilus and dolphing shell integrations show a submenu from which
one can share as well as access the private link.
* The SocketAPI provides a new GET_STRINGS command to access localized
strings.
* The private link can also be accessed from the user/group sharing
dialog.
* The numeric file id is extracted from the full id to create the
private link url.
* Add a more functional error view #5516
* Allow filtering of ignores and warnings to see only important bits.
* Navigate from the folder view to the error view by clicking on the
error list with the red background.
* Move the error list into its own ui file to allow easier extension.
* Fix issue around tab id handling in ActivitySettings.
* Rename "Action" column to "Issue".
* Change mouse cursor to hand over button and new error list area
Several OSX fixes provided by guruz.
All our crypto code is handled by qt nodaways.
No need to carry this dependency.
Especially since it causes warnings on system where there are
twp openssl version installed:
/usr/bin/ld: warning: libcrypto.so.1.0.0, needed by /usr/lib/libQt5Network.so.5.9.0, may conflict with libcrypto.so.1.1
Shrinks owncloud binary by 24 KB and libowncloudsync by 14 KB.
I don't know if it has influence on memory usage or runtime speed though.
Was worth a try.
The re-enables the UI, uses Qt API for importing and
stores the certificate/key in the system keychain.
People who had set up client certs need to re-setup the account. This is ok
since it was an undocumented feature anyway.
- Replace functions that are provided by MinGW with a Win32-based
implementation
- Explicitly export needed symbols from ocsync.dll
- Rename share.h to sharemanager.h since the name clashes with one
of the Windows headers and get included from there
- Remove the timestamp from the fallback csync stderr logging, it's
not used since we always provide a log callback
When a conflict-rename or a temporary-rename fails, notify the
LockWatcher. It'll regularly check whether the file has become
accesible again. When it has, another sync is triggered.
owncloud/enterprise#1288
As interaction is required, the notifications are displayed in a
separate widget above the server activity list.
Note that design and also where we display the notifications can
still be discussed and changed.
Now we have 1 simple dialog that includes 2 widgets.
* ShareLinkWidget (for link shares)
* ShareUserGroupWidget (for user/group shares)
The ShareUserGroupWidget is only included if the server version is >=
8.2.0
For <8.2.0 the old behavior is preserved
There is now a generic OCSJob which must be inherited by other jobs. This is in
prepartion for the other OCS job that will come (for the Sharee API endpoint
for example).
More logic is moved from the sharedialog to the OcsShareJob. So in the GUI code
we now only say what we want (a new share, set the password etc). And the code
in libsync will make that happen. Error handling is for now still done in the
GUI part.
For now the ocsjob and ocssharejob live in gui but probabaly we should
create a libshare or libocs at some point.
The proxyAuthenticationRequired() signal now goes to the
ProxyAuthHandler class. That class will try to read the proxy settings
from the keychain or ask the user about them.
We won't ask the user for credentials for explicitly configured proxies.
It also does not change how the credentials for explicitly configured
proxies are stored. (see #261)
This prepares the switch to the official FinderSync API on Yosemite
which requires the extension to run in a sandbox. This complicates
the usage of a local socket to communicate with a non-sandboxed GUI
client. An NSConnection is easier to use in this case, which we can
use as long as the server name (i.e. Mach port registered name) is
prefixed with the code signing Team Identifier.
A placeholder server implementation is also added to the client's
SocketApi which basically reproduces the interface of a QLocalSocket.
Most of the references to individual sockets we're only using
QIODevice methods so the type was simply reduced. A typedef to
replace the QLocalServer was the only other part needed.
The AccountManager does not belong in the libsync because it is not
part of the synchronisation algorithm, but is just an helper class
for the UI to maintain the account and read/save the config
- qtkeychain isn't necessarily in a qt5keychain subdirectory.
- Explicitly add OpenSSL to the include directories
- Make sure that the USE_OUR_OWN_SQLITE3 code is initialized
for csync by calling find_package.
When connecting to a https:// URL fails, present the user with three
choices:
* Try again with a http:// URL
* Configure client-side TLS certificates
* Go back and enter a different URL
This allows users connecting with an ownCloud server secured with
client-side TLS certificates to start the certificate import wizard
manually instead of relying on a custom server error message.
* removed broken QSsl::SslV3 default
* rewrote slotHandleErrors(): no longer claim errors which are none.
* hack reverted: lib64 was not the cause for NixOS issues related to libraries.
* refactored csync/src/csync_owncloud.c and discovered+fixed why the dav_connect was never getting the certPath+certPassoword
* cleanup of code but seems this crushed the ssl client certificate support
* fixes the https://github.com/owncloud/client/issues/69#issuecomment-69358377 issue
* lots of cleanup
* From TODO list : translate all french comments into english
* changed _pemCertificate type from QString to QByteArray
This allows all the account state information to live in gui
while the sync-relevant data stays in libsync.
I also moved quotainfo to gui since it depends on the account state.
The apple build was broken because the elseif in the CMakeLists is never triggered.
Some code was not properly adapted for the new qtmacgoodies.
Some paths were not adapted to new split.