Commit graph

183 commits

Author SHA1 Message Date
Kevin Ottens
712869db9a Use auto to avoiding repeating type names
Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
2020-05-20 03:54:41 +02:00
Michael Schuster
ab1099f13e
WebFlowCredentials: Make username comparison case-insensitive (fix #1741)
Fixes issue #1741

Signed-off-by: Michael Schuster <michael@schuster.ms>
2020-03-03 06:01:27 +01:00
Michael Schuster
2b2810511d
KeychainChunk: Fix error handling in ReadJob::slotReadJobDone
Signed-off-by: Michael Schuster <michael@schuster.ms>
2019-12-24 12:17:43 +01:00
Michael Schuster
9b034a2eb0 Heavy refactoring: Windows workaround for >= 4k (4096 bit) client-cert SSL keys and large certs
With QtKeychain on Windows, storing larger keys or certs in one keychain entry causes the
following error due to limits in the Windows APIs:
    Error: "Credential size exceeds maximum size of 2560"

This fix implements the new wrapper class KeychainChunk with wrapper jobs ReadJob and WriteJob
to encapsulate the QKeychain handling of ReadPasswordJob and WritePasswordJob with binaryData
but split every supplied keychain entry's data into 2048 byte chunks, on Windows only.

The wrapper is used for all keychain operations in WebFlowCredentials, except for the server password.

All finished keychain jobs now get deleted properly, to avoid memory leaks.

For reference also see previous fixes:
- https://github.com/nextcloud/desktop/pull/1389
- https://github.com/nextcloud/desktop/pull/1394

This should finally fix the re-opened issue:
- https://github.com/nextcloud/desktop/issues/863

Signed-off-by: Michael Schuster <michael@schuster.ms>
2019-12-24 07:47:35 +01:00
Michael Schuster
8b5f09305c Flow2: Refactor UI into Flow2AuthWidget only and improve Flow2Auth
- Flow2AuthCredsPage:
  - Remove .ui file and embed Flow2AuthWidget into layout

- Flow2AuthWidget:
  - Make use generic for Flow2AuthCredsPage and WebFlowCredentialsDialog
  - Fix _errorLabel to render HTML tags instead of dumping them as plain text

- Flow2Auth:
  - Explicitly start auth with startAuth(account) instead of using constructor
  - Take control of copying the auth link to clipboard
  - Request a new auth link on copying, to avoid expiry invalidation
  - Use signals statusChanged() and result() to be more verbose (status, errors)
  - Change timer invocation and add safety bool's to avoid weird behaviour when
    the user triggers multiple link-copy calls (fetchNewToken)

Signed-off-by: Michael Schuster <michael@schuster.ms>
2019-12-24 07:46:57 +01:00
Michael Schuster
6d033f2964 Add new HeaderBanner class for WebFlowCredentialsDialog
New widget on top of the layout, based on Qt's own modern wizard header banner.

This should improve the user's perception of the dialog.

Encapsulate the existing layout into a container layout to allow the banner taking
the full width of the dialog.

Signed-off-by: Michael Schuster <michael@schuster.ms>
2019-12-24 07:46:57 +01:00
Michael Schuster
0bcac1882a Make WebFlowCredentialsDialog cancellation- and deletion-safe
- Add new signal to let WebFlowCredentials know and emit asked() to also
  tell AccountState that the user won't authenticate, and triggering
  log-out state in the settings window.

- Use deleteLater() to safely delete WebFlowCredentialsDialog, so
  that Qt can free it at the right time and without crashes.
  Do the same with it's _webView and _flow2AuthWidget on closeEvent().

Signed-off-by: Michael Schuster <michael@schuster.ms>
2019-12-24 07:46:57 +01:00
Michael Schuster
b6b04aeff8 WebFlowCredentialsDialog: Bring re-auth dialog to top (raise) on error
Signed-off-by: Michael Schuster <michael@schuster.ms>
2019-12-24 07:46:57 +01:00
Michael Schuster
a69aed80e6 Flow2: Make ProgressIndicator's background-aware (Dark-/Light-Mode switching)
Signed-off-by: Michael Schuster <michael@schuster.ms>
2019-12-24 07:46:57 +01:00
Michael Schuster
e81f972270 Flow2: Add poll status text, ProgressIndicator and countdown timer
Also enable / disable buttons during polling.

This aims to make the authentication status more transparent and should avoid the
impression that the client is perhaps doing nothing.

Signed-off-by: Michael Schuster <michael@schuster.ms>
2019-12-24 07:46:57 +01:00
Michael Schuster
542590db7c Small fixes and code cleanup
Signed-off-by: Michael Schuster <michael@schuster.ms>
2019-12-24 07:46:57 +01:00
Michael Schuster
e04aae94bc Flow2: Poll for re-auth result upon WebFlowCredentialsDialog window activation
Since the default remote poll interval has been re-raised recently to 30 seconds,
the delay between clicking "Grant access" in the browser and fetch and showing success
in the dialog may seem erroneous to the users and tempt them to click "Re-open browser"
again, causing the whole login process to restart.

This commit implements an event handler to pass the dialog's window activation
event down to the Login Flow v2 widget, in order to allow it to poll earlier.

See previous commits for dependent implementation details.

Signed-off-by: Michael Schuster <michael@schuster.ms>
2019-12-24 07:46:57 +01:00
Michael Schuster
aa18667905 WebFlowCredentialsDialog: Bring re-auth dialog to top (raise) upon showing SettingsDialog
Purpose: The floating re-auth windows of the WebFlowCredentialsDialog often get hidden behind
the SettingsDialog, and the users have to minimize a lot of other windows to find them again.

See previous commit for dependent implementation details.

Signed-off-by: Michael Schuster <michael@schuster.ms>
2019-12-24 07:46:57 +01:00
Michael Schuster
e8348612b4 Flow2: Poll for auth result upon account setup wizard window activation
Since the default remote poll interval has been re-raised recently to 30 seconds,
the delay between clicking "Grant access" in the browser and fetch and showing success
in the wizard may seem erroneous to the users and tempt them to click "Re-open browser"
again, causing the whole login process to restart.

This commit implements an event handler to pass the wizard's window activation
event down to the Login Flow v2 page, in order to allow it to poll earlier.

Signed-off-by: Michael Schuster <michael@schuster.ms>
2019-12-24 07:46:57 +01:00
Michael Schuster
5869b93acb Fix deleteKeychainEntries: Stay consistent with job->setInsecureFallback(false)
We never fall back to the insecure variant in the whole codebase, so don't do it here.

Signed-off-by: Michael Schuster <michael@schuster.ms>
2019-12-08 02:47:22 +01:00
Michael Schuster
b15eb27aa9 Fix Windows key-chunk deletion (too paranoid)
Clear the key chunk buffer, but don't set _clientSslKeyChunkCount to zero because we need it later for deleteKeychainEntries

Signed-off-by: Michael Schuster <michael@schuster.ms>
2019-12-08 02:47:22 +01:00
Michael Schuster
336b64a569 Fix member variable name from last refactoring (Windows code)
Signed-off-by: Michael Schuster <michael@schuster.ms>
2019-12-08 02:47:22 +01:00
Michael Schuster
0c5f4a1525 Remote Wipe: Implement hack to allow deleting all keychain entries (SSL certs & keys)
Client SSL certificates and keys cannot be deleted at this time because there is
no UI for selecting them on re-login.

We introduce this dirty hack here, to allow deleting them upon Remote Wipe.

Signed-off-by: Michael Schuster <michael@schuster.ms>
2019-12-08 02:47:22 +01:00
Michael Schuster
6ef9f3cc26 Refactoring: Windows workaround for >= 4k (4096 bit) client-cert SSL keys
WebFlowCredentials:
- Remove _clientSslCaKeyWriteQueue and simply use _clientSslKeyChunkBufferPEM
- Store key's sub-chunks in slots with "." (dot) suffix
- Implement deletion of the key chunks in WebFlowCredentials::deleteKeychainEntries
- Remove spaces in log messages
- Improve code readability

Signed-off-by: Michael Schuster <michael@schuster.ms>
2019-12-08 02:47:22 +01:00
Michael Schuster
72be80cbd9 Windows: Workaround for storing >= 4k (4096 bit) client-cert SSL keys
With QtKeychain on Windows, storing larger keys in one keychain entry causes the
following error due to limits in the Windows APIs:
  Error: "Credential size exceeds maximum size of 2560"

To avoid overhead on the other platforms and balance code duplication, this
approach puts some read- and write-parts into Windows-only defines.

For reference also see previous fixes:
- https://github.com/nextcloud/desktop/pull/1389
- https://github.com/nextcloud/desktop/pull/1394

This (again) fixes the re-opened issue:
- https://github.com/nextcloud/desktop/issues/863

Signed-off-by: Michael Schuster <michael@schuster.ms>
2019-12-08 02:47:22 +01:00
Michael Schuster
877fd7abb9 Fall back to old login flow on GS as this is not yet ready (#2: re-auth)
This commit ensures that the check also occurs on re-authorization in case
the user gets logged out.

See: https://github.com/nextcloud/desktop/pull/1644

Signed-off-by: Michael Schuster <michael@schuster.ms>
2019-12-06 21:03:01 +01:00
Michael Schuster
dcc84d3508 Fix remote wipe keychain storage (issue #1592)
The app password for the remote wipe was constantly being written in
WebFlowCredentials::slotFinished to the keychain, leading to unnecessary
write and log overhead on the system.

This fix introduces a check to only store the app password once in
a lifetime of the Account class. Also the method used to store the
password will be renamed from setAppPassword to writeAppPasswordOnce
to be more expressive.

Signed-off-by: Michael Schuster <michael@schuster.ms>
2019-11-29 13:53:52 +01:00
Camila San
19491ff85f
Once client gets 401/403 from the server, check if remote wipe was requested.
- When the the users logs because of 401 or 403 errors, it checks if the
server requested the remote wipe. If yes, locally deletes account and folders
connected to the account and notify the server. If no, proceeds to ask the
user to login again.
- The app password is restored in the keychain.
- WIP: The change also includes a test class for RemoteWipe.

Signed-off-by: Camila San <hello@camila.codes>
2019-10-17 20:11:31 +02:00
Michael Schuster
c8b4145214
Add a 'Content-Length: 0' header to initial POST requests
The webserver lighttpd rejected POST requests without a Content-length
header with "411 Length Required".

See: https://github.com/nextcloud/desktop/issues/1473

Signed-off-by: Michael Schuster <michael@schuster.ms>
2019-10-10 05:17:22 +02:00
Dominique Fuchs
f08cc08eb2 Prevented warning regarding operator precedence - enhanced clarity by adding parentheses
Signed-off-by: Dominique Fuchs <32204802+DominiqueFuchs@users.noreply.github.com>
2019-09-09 19:23:36 +02:00
Dominique Fuchs
e3685b951c removed reduntant /* within a comment
Signed-off-by: Dominique Fuchs <32204802+DominiqueFuchs@users.noreply.github.com>
2019-09-09 19:23:35 +02:00
Michael Schuster
61884d1ada
fix indents, add comment
Signed-off-by: Michael Schuster <michael@schuster.ms>
2019-08-30 05:35:36 +02:00
Michael Schuster
b52292db92
Windows: Workaround for CredWriteW used by QtKeychain
Saving all client CA's within one credential may result in:
  Error: "Credential size exceeds maximum size of 2560"

Client CA certificates are now being stored in separate slots
within the keychain and are being processed by a queue mechanism.

IMPORTANT TODO:
forgetSensitiveData(): Invoked by "Log out" & "Remove account"

- Remove client CA certs and KEY!
  (uncomment "//deleteKeychainEntries();" )

  Disabled as long as selecting another cert is not supported by the UI.

Signed-off-by: Michael Schuster <michael@schuster.ms>
2019-08-30 04:56:01 +02:00
Roeland Jago Douma
d584bedcb6
Also store the CACertificates of the client side certificate
Else authentication will still fail in setups that have a chain of
certificates supplied.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-27 09:55:41 +02:00
Michael Schuster
dbde585049
Adds SSL client cert storage to webflow + Login Flow v2
The previous commit 50cd6af394 - Build a webflowcredentials
changed:

src/gui/wizard/flow2authcredspage.cpp in line 135 to use WebFlowCredentials
instead of HttpCredentials.
But the WebFlowCredentials class didn't include code to store and load SSL client
certificates and keys from the keychain.

This commit migrates the useful stuff from the old HttpCredentials class
into WebFlowCredentials.

Successfully tested on Windows. Please test on other systems and verify it's safe! :)

Signed-off-by: Michael Schuster <michael@schuster.ms>
2019-08-27 03:32:21 +02:00
Roeland Jago Douma
302ca0e04e
Fix some compiler warnings
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-26 20:41:14 +02:00
Michael Schuster
fd8345ccbe
Login Flow V2: adds re-auth upon logout, improvements
- Implements re-auth upon logout -> login
- Improves UI and security

TODO:
- SSL: Client certificate login is possible at the first time only but missing after relaunch

Signed-off-by: Michael Schuster <michael@schuster.ms>
2019-08-26 20:03:15 +02:00
Michael Schuster
628bab92c4
fix comment typo in webflowcredentials.cpp
Signed-off-by: Michael Schuster <michael@schuster.ms>
2019-08-26 20:03:15 +02:00
Michael Schuster
8fa55b97b4
Login Flow V2: 1st implementation, cleanup
This is the first draft of the Login Flow V2 authorization method.

See: https://docs.nextcloud.com/server/latest/developer_manual/client_apis/LoginFlow/index.html#login-flow-v2

- Adds the Login Fĺow V2 auth method
- Adds ability to reinitiate a new request via UI

TODO:
- Implement re-auth upon logout -> login
- Improve UI
- SSL: Client certificate login is possible at the first time only but missing after relaunch

Signed-off-by: Michael Schuster <michael@schuster.ms>
2019-08-26 20:03:15 +02:00
Michael Schuster
2742411abd
Login Flow V2: 1st test-implementation
Signed-off-by: Michael Schuster <michael@schuster.ms>
2019-08-26 20:03:15 +02:00
Roeland Jago Douma
e0a1d78441
Merge pull request #1225 from edent/patch-1
Typo
2019-08-19 15:39:10 +02:00
Yaron Shahrabani
692d885b55
Fixed typo
Chipher -> Cipher
2019-05-12 19:11:33 +03:00
Terence Eden
e64fa74899
Typo
There's no such thing as a "key*h*chain".
2019-04-28 10:03:38 +01:00
Roeland Jago Douma
bb2f179342
Be less verbose with logging
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-02-15 20:23:24 +01:00
Joda Stößer
9393626ec2
correct app passwords link
Since some versions ago, the path/url for the app password settings is `/settings/user/security#security` instead of `/settings/personal#apppasswords`
2019-02-14 05:26:21 +01:00
Chih-Hsuan Yen
09b0055dc3
Make sure _profile and _page are deleted in the correct order
Inspired by https://github.com/electron/electron/pull/15028

Closes https://github.com/nextcloud/desktop/issues/941
Closes https://github.com/nextcloud/desktop/issues/950
2018-12-19 21:44:54 +08:00
J-P Nurmi
fff64e8aa5 GUI: search'n'replace remaining "Q_DECL_OVERRIDE" with "override" 2018-11-11 11:12:37 +01:00
J-P Nurmi
8e38e2ac86 GUI: run clang-tidy modernize-use-override 2018-11-11 11:08:03 +01:00
J-P Nurmi
fb5ff96ed6 GUI: run clang-tidy modernize-use-nullptr 2018-11-11 10:56:22 +01:00
Roeland Jago Douma
045bba0161
Migrate http auth to webflow
This moves all the basic http auth over to the webflow mechanism.
This thus also makes sure that if the password changes a webflow page
pops up. And thus will directly move them over to apptokens then.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-11-03 12:37:53 +01:00
Olivier Goffart
40007537ea
OAuth: Remove the timeout
There is no real reason to have a timeout. The connection can stay open
as long as we are not authenticated. The User can still re-open a browser
from the UI at any time.

Issue #6612
2018-09-09 17:57:38 +02:00
Roeland Jago Douma
9f1f99f4db
Add a WebFlowCredentialsAccessManager
Fixes #279

Some setups don't make Qt emit the right signals and the client would
end up in state where it could not do the initial authentications.
This is a similar hack that apparently already was is place for basic
http auth.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-09-04 20:59:25 +02:00
Roeland Jago Douma
08abc71acb
gui Q_UNUSED
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-07-02 13:02:15 +02:00
Roeland Jago Douma
ef2d113930
Mark credentials as valid if there is no error
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-02 22:50:48 +02:00
Roeland Jago Douma
35e8d0437d
Address comments
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-02 22:50:48 +02:00
Roeland Jago Douma
6809f12e68
Allow the user to sign in again
If the user is signed out (for whatever reason). Show a popup
with the loginflow again.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-02 22:50:48 +02:00
Roeland Jago Douma
ac1664b525
Actually use webflow credentails
* Detect invalid auth (if the users token is removed for example)
* Properly store and fetch from keychain

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-02 22:50:48 +02:00
Roeland Jago Douma
6b43d80c01
Start with persisting credentials
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-02 22:50:48 +02:00
Daniel Nicoletti
a63d34f870 Prepend "nextcloud" for all logging categories
Thus making easier to exclude logging from kio, qt
and only enable "nextcloud.*"
2017-12-28 17:33:10 -02:00
Daniel Nicoletti
c963259bfb Fix URL in dialog that requests password
An URL that had base like "http://localhost/nextcloud/"
would get the last slash '/' removed and then appended
with "index.php..." resulting in
http://localhost/nextcloudindex.php
2017-12-28 10:00:17 -02:00
Roeland Jago Douma
fe4bb52a6d
Merge remote-tracking branch 'oc/master' into oc_up 2017-12-14 10:27:11 +01:00
Olivier Goffart
74672d493d Utility: use QUrlQuery
For QUrl::setQuery is deprecated in Qt5
2017-12-08 16:15:17 +01:00
Olivier Goffart
ee98daf9ea Shibboleth: Upgrade to OAuth2 When the server supports it
If the server support both Shibboleth and OAuth2, upgrades to OAuth2

Issue #6198
2017-12-04 08:09:34 +01:00
Roeland Jago Douma
462353d0ee
Have correct app password link
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-11-21 09:17:42 +01:00
Christian Kamm
3ae2071129 DetermineAuth: Remove concept of Unknown #6148
This restores 2.3 behavior. Some servers reply 404 to GETs and PROPFINDs
to the remote.php/webdav/ url and used to work. Being more picky would
break them.
2017-11-14 12:10:35 +01:00
Christian Kamm
9af6e29f42 DetermineAuthType: Adjustments for tight firewalls #6135
With some firewalls we can't GET /remote.php/webdav/. Here we keep the
GET request to detect shibboleth through the redirect pattern but then
use PROPFIND to figure out the http auth method.

Currently we prefer OAuth to Shibboleth to Basic auth.

This also restores the fallback behavior of assuming basic auth
when no auth type can be determined.
2017-11-06 13:09:10 +01:00
Olivier Goffart
a9761a8976 Use qEnvironmentVariable* instead of qgetenv when appropriate
Now that we use Qt5, we should do that. It is slightly more efficient
and declares the intent.
(Modified using clazy)
2017-10-19 13:57:49 +02:00
Christian Kamm
f598ac89ac HttpCreds: Fix retry after wrong password #5989
This is an ugly solution.
2017-10-13 14:24:37 +02:00
Olivier Goffart
0ceb806f1a Test OAuth2
Include a test for PR #6057
2017-09-28 18:38:33 +02:00
Olivier Goffart
1da398e6c6 OAuth: fix compilation with old gcc
We need to used QPointer::data in the signal slot connection

Relates to pr #6065
2017-09-28 10:55:28 +02:00
Olivier Goffart
7af81f7665 OAuth: Fix crash when closing the browser while identifying
To reproduce, log in and click "authorize" on the browser, then close
the browser before the client has replied, (but after redirected to localhost,
i.e. when the client is asking the server for the token)

The problem is that socket can be destroyed so we don't need to answer on a
destroyed socket.
2017-09-26 14:56:57 +02:00
Olivier Goffart
382cc444f0 Httpcreds: Fix double slash in the Request App Password url
Issue #6044
2017-09-23 10:10:40 +02:00
Olivier Goffart
0cec6f08ca OAuth2: Fix double slash in URL
We need to use concatPath to avoid possible double '/' in the URLs if the
account url() ends with '/'.

This has become even more of a problem since commit
d1b8370a4a which was resolving the url after
a redirect where most server actually add a '/' if the url is a folder
2017-09-23 10:10:40 +02:00
Olivier Goffart
35e4fe061d Port to new signal-slot syntax what cannot be done automatically
Some slot were protected or private but needed to be public.
Some needed a static_cast (can't use qOverload because it is in Qt 5.7)

This is not only a partial change.
2017-09-21 14:05:39 +02:00
Olivier Goffart
ff4213b59f Use the Qt5 connection syntax (automated with clazy)
This is motivated by the fact that QMetaObject::noralizeSignature takes 7.35%
CPU of the LargeSyncBench. (Mostly from ABstractNetworkJob::setupConnections and
PropagateUploadFileV1::startNextChunk). It could be fixed by using normalized
signature in the connection statement, but i tought it was a good oportunity
to modernize the code.

This commit only contains calls that were automatically converted with clazy.
2017-09-21 14:05:39 +02:00
Jocelyn Turcotte
a1f1775d15 Move SyncJournalDB to src/common 2017-09-18 14:00:52 +02:00
Christian Kamm
8635b8ac84 Reduce timeout for some admin jobs
The oauth token jobs and the wizard redirect check job shouldn't have
5min timeouts.
2017-09-15 15:25:10 +02:00
Christian Kamm
671599c8b2 Credentials: Use per-account keychain entries #5830
This requires a lot of migration code: the old entries need to be read,
saved to the new locations and then deleted.
2017-09-15 09:29:05 +02:00
Christian Kamm
e05f5fc50d OAuth: Don't use implicit POST bodies
The query args of POST requests become the request body. If there's a
redirect, the redirected url will therefore not contain the query
arguments. Use an explicit request body to make the redirection work.
2017-09-15 09:28:03 +02:00
Christian Kamm
da6250fc1f OAuth: Pass client auth in header instead of url
To play more nicely with redirects.
2017-09-15 09:28:03 +02:00
Christian Kamm
7d075cdcb7 OAuth: Use redirectable jobs for oauth token management 2017-09-15 09:28:03 +02:00
Christian Kamm
de5de6284c Use DetermineAuthTypeJob in HttpCredentials
* Move it to networkjobs
* Minor adjustments to its logic
* Fixes redirect handling for oauth/basic http auth check #6003
2017-09-11 19:15:43 +02:00
Christian Kamm
506f7c0764 Http credentials: Fix behavior for bad password #5989
When the GET request from askFromUser is scheduled on the QNAM inside
the slot that handles the QNetworkReply::finished signal, it seems to
not get processed at all.

This workaround moves the sending of the new GET to the event loop,
sidestepping the problem.
2017-09-07 11:23:24 +02:00
Jocelyn Turcotte
cf15cbf0b3 Move Utility to a new common static library
Now that csync builds as C++, this will avoid having to implement
functionalities needed by csync mandatorily in csync itself.

This library is built as part of libocsync and symbols exported
through it.
This requires a relicense of Utility as LGPL. All classes moved into
this library from src/libsync will need to be relicensed as well.
2017-09-05 17:25:19 +02:00
Olivier Goffart
6ae88514d8 OAuth: clear refresh token when the server claim not to support oauth
Allow upgrade path when the server removes support for oauth
Relates: https://github.com/owncloud/client/issues/5848#issuecomment-317353049

We also need to force the account to commit the config to the disk,
otherwise we may not register we are no longer using owncloud and we
risk sending the password as the token to the token refresh API call
2017-07-25 12:34:13 +02:00
Olivier Goffart
50874eecfa OAuth: Add the user in the authorize call
Issues: #5897, https://github.com/owncloud/oauth2/issues/48
2017-07-17 10:13:12 +02:00
Olivier Goffart
06f3a70f9a OAuth: Better message when loggin in with the wrong username
Since the user is already in the browser, put the error message in the
browser with a message to log out and then log in as the right user.

Issue #5895
2017-07-14 11:17:24 +02:00
Olivier Goffart
5738110cb6 OAuth2: Have a link to the browser in the owncloud UI
When the browser is open, ad a link in the ui to re-open
the browser.

Issue #5893
2017-07-13 16:09:42 +02:00
Olivier Goffart
d34dbbdb0b OAuth: Redirects to the server in case of sucessfull login
Requires https://github.com/owncloud/oauth2/pull/45

This commit moves the reply after we got the token reply from
the server, that allows to reply with an error to the browser
if the login does not work.
2017-07-11 09:56:04 +02:00
Christian Kamm
a5ace5e71d Account/Credentials: Have identical lifetimes
The QNAM may continue to outlive both.

Rename Credentials::getQNAM() to createQNAM() while we're at it - it's
used to make a new QNAM that will subsequently be owned by the Account
object.

See d01065b9a1 for rationale.

Relates to
d40c56eda5
147cf798a6
2017-07-08 13:07:13 +02:00
Olivier Goffart
5100a2daf1 OAuth: cleanup debug messages
- Add category to the all messages (they did not have it was merged right after
the patch to add category everywhere, but this code did not have it.)

- Make sure there is no warnings in the normal flow. (The wizard does a request
without authentication to determine the auth type)
2017-06-13 12:08:24 +02:00
Christian Kamm
4b0d956b3d OAuth: Fix a typo in the success message 2017-06-12 12:58:20 +02:00
Olivier Goffart
04b6794318 OAuth: Error handling in the wizard
Issues: #5813 and #5811
2017-06-12 12:58:20 +02:00
Olivier Goffart
3d93527a8e Authentication with OAuth2
When the OAuth2 app (https://github.com/owncloud/oauth2) is enabled,
We will open a browser and perform the OAuth2 authentication

Issue: #4798 and https://github.com/owncloud/platform/issues/17
2017-06-01 10:39:33 +02:00
Christian Kamm
d3b00532b1 Credentials: Simplify credential flow #5728
And as a side effect: don't ask for user password when we can't
connect to the server in the first place.
2017-05-22 10:52:18 +02:00
Christian Kamm
c8d0f788e0 Apply clang-format 2017-05-17 12:26:27 +02:00
Christian Kamm
ae263d60bd Reformatting: Reformat some lines that would become really long 2017-05-17 12:26:27 +02:00
Christian Kamm
df3fe25702 Reformatting: Adjust trailing comments
These would otherwise be line-wrapped by clang-format,
and then consecutive reformattings remove the aligned
comment indentation

Example:

int a; // too long comment

->

int a; // too long
       // comment

->

int a; // too long
// comment
2017-05-17 12:26:27 +02:00
Jocelyn Turcotte
b7553d5bdf Upgrade some qCDebug to qCInfo or qCWarning
Use qCInfo for anything that has general value for support and
development. Use qCWarning for any recoverable error and qCCritical
for anything that could result in data loss or would identify a serious
issue with the code.

Issue #5647
2017-05-11 17:22:59 +02:00
Jocelyn Turcotte
4ad190a558 Use Qt logging categories for logging
This gives more insight about the logs and allow setting fine-tuned
logging rules. The categories are set to only output Info by default
so this allows us to provide more concise logging while keeping the
ability to extract more information for a specific category when
developping or debugging customer issues.

Issue #5647
2017-05-11 17:22:59 +02:00
Christian Kamm
2598579d84 Switch JsonApiJob to Qt5's QJson #5710 2017-05-08 11:50:33 +02:00
Markus Goetz
5ac58d3b83 Server: Parse version from capabilities too #5691 (#5698)
Newer servers will have the option of hiding version, versionstring, edition
and productname. They will always send the full information in the capabilities.
2017-04-19 11:02:03 +02:00
Christian Kamm
881b32521b HttpCreds: Update app passwords url #5605
See also owncloud/core#27360
2017-03-15 16:30:08 +01:00
Christian Kamm
b98876e265 Account server version: Helper to create versions
Hex literals don't work well with version 10: 0x100000 doesn't do
the right thing.
2017-03-15 16:30:08 +01:00
Christian Kamm
59c1fdbe05 Shib: Use different keychain entry per account #5469
Previously shib multiaccount didn't work at all because the
session cookie was stored in the same keychain entry.
2017-01-24 13:14:11 +01:00