At that point in time _pollEndpoint isn't set yet. All the checks are
against pollEndpoint so display that one in the warning. Otherwise one
always end up with an empty URL in the logs which is not very useful for
debugging purposes.
Signed-off-by: Kevin Ottens <kevin.ottens@enioka.com>
This adjustment is necessary because of the changes of the new account
wizard that were introduced with:
e0b7ef15b2
Signed-off-by: Felix Weilbach <felix.weilbach@nextcloud.com>
It still reads and writes the old format too, but all newly stored
client certs will be in the new form.
For #6776 because Windows limits credential data to 512 bytes in older
versions.
We need to use the user id to check if we are connected to the right account.
These might be different from the HTTP Basic Auth login. (LDAP setups)
When the account was configured as an oauth2 account form the wisard, the
http_user was already set correctly to the user id. But when the server is
upgrading from basic auth to oauth2, we need to pick the right login.
Note that Account::davUser() already defaults to the HTTP user when none
is set, so this means the upgrade will be fine if this is not set in the
config.
Issues:
https://github.com/owncloud/oauth2/issues/109https://github.com/owncloud/enterprise/issues/2781
Issue #6574
When there is an error in the advanced page, OwncloudAdvancedSetupPage::updateStatus
(and others) call completeChanged(), which is connected to
QWizardPrivate::_q_updateButtonStates which will re-enable the back button from the
last page.
When the user click "back" and re-open the browser, the account's credentials
already have a oauth token set. So the call to the API to get a new token fails
because we use the previous token instead of using the client's secret_id.
Fix this with the HttpCredentials::DontAddCredentialsAttribute.
Now, this is still not working because the session cookies are confusing the
server. So we'll clear the cookies when re-opening the browser
QtKeychain provides Qt5KeychainConfig.cmake and friends nowadays, so no
need to have a less reliable and outdated find module on our end.
Also this shows that we were including keychain.h in the wrong way and
were not using the link target, so both got fixed as well.
Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
This way the server displays a less scary string while granting access
from the browser. Also this same string will be used in the "Devices and
sessions" section of the server settings.
Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
This flagged mostly unused parameters. Didn't enable the
misc-non-private-member-variables-in-classes check as we got a lot of
those. Hopefully we'll get to fix them at some point but that feels too
early and too much work for now.
Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
When specified in the config file, the Proxy password will be migrated
to the keychain, for backward compatibility and to allow admins to
overwrite an existing password by rolling out updated config files.
Once migrated to the keychain, the password will be removed from the
config file.
Signed-off-by: Michael Schuster <michael@schuster.ms>
Originally this was in the WebFlowCredentials class. Since we've abstracted everything
from there already, let's also move this in case some other code may use
KeychainChunk::ReadJob prior to WebFlowCredentials.
Signed-off-by: Michael Schuster <michael@schuster.ms>
Otherwise it was a bit confusing and annoying for filter rules:
e.g. "nextcloud.sync.*" vs "sync.*".
Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
This also fixes a couple of warnings at places (out of order init for
instance) and a potential bug in the webflow credentials / qtkeychain
integration.
Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
With QtKeychain on Windows, storing larger keys or certs in one keychain entry causes the
following error due to limits in the Windows APIs:
Error: "Credential size exceeds maximum size of 2560"
This fix implements the new wrapper class KeychainChunk with wrapper jobs ReadJob and WriteJob
to encapsulate the QKeychain handling of ReadPasswordJob and WritePasswordJob with binaryData
but split every supplied keychain entry's data into 2048 byte chunks, on Windows only.
The wrapper is used for all keychain operations in WebFlowCredentials, except for the server password.
All finished keychain jobs now get deleted properly, to avoid memory leaks.
For reference also see previous fixes:
- https://github.com/nextcloud/desktop/pull/1389
- https://github.com/nextcloud/desktop/pull/1394
This should finally fix the re-opened issue:
- https://github.com/nextcloud/desktop/issues/863
Signed-off-by: Michael Schuster <michael@schuster.ms>
- Flow2AuthCredsPage:
- Remove .ui file and embed Flow2AuthWidget into layout
- Flow2AuthWidget:
- Make use generic for Flow2AuthCredsPage and WebFlowCredentialsDialog
- Fix _errorLabel to render HTML tags instead of dumping them as plain text
- Flow2Auth:
- Explicitly start auth with startAuth(account) instead of using constructor
- Take control of copying the auth link to clipboard
- Request a new auth link on copying, to avoid expiry invalidation
- Use signals statusChanged() and result() to be more verbose (status, errors)
- Change timer invocation and add safety bool's to avoid weird behaviour when
the user triggers multiple link-copy calls (fetchNewToken)
Signed-off-by: Michael Schuster <michael@schuster.ms>
New widget on top of the layout, based on Qt's own modern wizard header banner.
This should improve the user's perception of the dialog.
Encapsulate the existing layout into a container layout to allow the banner taking
the full width of the dialog.
Signed-off-by: Michael Schuster <michael@schuster.ms>
- Add new signal to let WebFlowCredentials know and emit asked() to also
tell AccountState that the user won't authenticate, and triggering
log-out state in the settings window.
- Use deleteLater() to safely delete WebFlowCredentialsDialog, so
that Qt can free it at the right time and without crashes.
Do the same with it's _webView and _flow2AuthWidget on closeEvent().
Signed-off-by: Michael Schuster <michael@schuster.ms>
