Commit graph

18 commits

Author SHA1 Message Date
Michael Schuster
61884d1ada
fix indents, add comment
Signed-off-by: Michael Schuster <michael@schuster.ms>
2019-08-30 05:35:36 +02:00
Michael Schuster
b52292db92
Windows: Workaround for CredWriteW used by QtKeychain
Saving all client CA's within one credential may result in:
  Error: "Credential size exceeds maximum size of 2560"

Client CA certificates are now being stored in separate slots
within the keychain and are being processed by a queue mechanism.

IMPORTANT TODO:
forgetSensitiveData(): Invoked by "Log out" & "Remove account"

- Remove client CA certs and KEY!
  (uncomment "//deleteKeychainEntries();" )

  Disabled as long as selecting another cert is not supported by the UI.

Signed-off-by: Michael Schuster <michael@schuster.ms>
2019-08-30 04:56:01 +02:00
Roeland Jago Douma
d584bedcb6
Also store the CACertificates of the client side certificate
Else authentication will still fail in setups that have a chain of
certificates supplied.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-27 09:55:41 +02:00
Michael Schuster
dbde585049
Adds SSL client cert storage to webflow + Login Flow v2
The previous commit 50cd6af394 - Build a webflowcredentials
changed:

src/gui/wizard/flow2authcredspage.cpp in line 135 to use WebFlowCredentials
instead of HttpCredentials.
But the WebFlowCredentials class didn't include code to store and load SSL client
certificates and keys from the keychain.

This commit migrates the useful stuff from the old HttpCredentials class
into WebFlowCredentials.

Successfully tested on Windows. Please test on other systems and verify it's safe! :)

Signed-off-by: Michael Schuster <michael@schuster.ms>
2019-08-27 03:32:21 +02:00
Michael Schuster
fd8345ccbe
Login Flow V2: adds re-auth upon logout, improvements
- Implements re-auth upon logout -> login
- Improves UI and security

TODO:
- SSL: Client certificate login is possible at the first time only but missing after relaunch

Signed-off-by: Michael Schuster <michael@schuster.ms>
2019-08-26 20:03:15 +02:00
Michael Schuster
628bab92c4
fix comment typo in webflowcredentials.cpp
Signed-off-by: Michael Schuster <michael@schuster.ms>
2019-08-26 20:03:15 +02:00
Terence Eden
e64fa74899
Typo
There's no such thing as a "key*h*chain".
2019-04-28 10:03:38 +01:00
Roeland Jago Douma
bb2f179342
Be less verbose with logging
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-02-15 20:23:24 +01:00
J-P Nurmi
fff64e8aa5 GUI: search'n'replace remaining "Q_DECL_OVERRIDE" with "override" 2018-11-11 11:12:37 +01:00
J-P Nurmi
fb5ff96ed6 GUI: run clang-tidy modernize-use-nullptr 2018-11-11 10:56:22 +01:00
Roeland Jago Douma
045bba0161
Migrate http auth to webflow
This moves all the basic http auth over to the webflow mechanism.
This thus also makes sure that if the password changes a webflow page
pops up. And thus will directly move them over to apptokens then.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-11-03 12:37:53 +01:00
Roeland Jago Douma
9f1f99f4db
Add a WebFlowCredentialsAccessManager
Fixes #279

Some setups don't make Qt emit the right signals and the client would
end up in state where it could not do the initial authentications.
This is a similar hack that apparently already was is place for basic
http auth.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-09-04 20:59:25 +02:00
Roeland Jago Douma
08abc71acb
gui Q_UNUSED
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-07-02 13:02:15 +02:00
Roeland Jago Douma
ef2d113930
Mark credentials as valid if there is no error
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-02 22:50:48 +02:00
Roeland Jago Douma
35e8d0437d
Address comments
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-02 22:50:48 +02:00
Roeland Jago Douma
6809f12e68
Allow the user to sign in again
If the user is signed out (for whatever reason). Show a popup
with the loginflow again.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-02 22:50:48 +02:00
Roeland Jago Douma
ac1664b525
Actually use webflow credentails
* Detect invalid auth (if the users token is removed for example)
* Properly store and fetch from keychain

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-02 22:50:48 +02:00
Roeland Jago Douma
6b43d80c01
Start with persisting credentials
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-02 22:50:48 +02:00