With QtKeychain on Windows, storing larger keys or certs in one keychain entry causes the
following error due to limits in the Windows APIs:
Error: "Credential size exceeds maximum size of 2560"
This fix implements the new wrapper class KeychainChunk with wrapper jobs ReadJob and WriteJob
to encapsulate the QKeychain handling of ReadPasswordJob and WritePasswordJob with binaryData
but split every supplied keychain entry's data into 2048 byte chunks, on Windows only.
The wrapper is used for all keychain operations in WebFlowCredentials, except for the server password.
All finished keychain jobs now get deleted properly, to avoid memory leaks.
For reference also see previous fixes:
- https://github.com/nextcloud/desktop/pull/1389
- https://github.com/nextcloud/desktop/pull/1394
This should finally fix the re-opened issue:
- https://github.com/nextcloud/desktop/issues/863
Signed-off-by: Michael Schuster <michael@schuster.ms>
- Flow2AuthCredsPage:
- Remove .ui file and embed Flow2AuthWidget into layout
- Flow2AuthWidget:
- Make use generic for Flow2AuthCredsPage and WebFlowCredentialsDialog
- Fix _errorLabel to render HTML tags instead of dumping them as plain text
- Flow2Auth:
- Explicitly start auth with startAuth(account) instead of using constructor
- Take control of copying the auth link to clipboard
- Request a new auth link on copying, to avoid expiry invalidation
- Use signals statusChanged() and result() to be more verbose (status, errors)
- Change timer invocation and add safety bool's to avoid weird behaviour when
the user triggers multiple link-copy calls (fetchNewToken)
Signed-off-by: Michael Schuster <michael@schuster.ms>
New widget on top of the layout, based on Qt's own modern wizard header banner.
This should improve the user's perception of the dialog.
Encapsulate the existing layout into a container layout to allow the banner taking
the full width of the dialog.
Signed-off-by: Michael Schuster <michael@schuster.ms>
Reverts back to the SettingsDialog class because of bugs and glitches with
more recent Qt versions (Qt 5.12) and with the macOS Dark Mode.
See upstream: https://github.com/owncloud/client/pull/7492
Signed-off-by: Michael Schuster <michael@schuster.ms>
- When the the users logs because of 401 or 403 errors, it checks if the
server requested the remote wipe. If yes, locally deletes account and folders
connected to the account and notify the server. If no, proceeds to ask the
user to login again.
- The app password is restored in the keychain.
- WIP: The change also includes a test class for RemoteWipe.
Signed-off-by: Camila San <hello@camila.codes>
- Implements re-auth upon logout -> login
- Improves UI and security
TODO:
- SSL: Client certificate login is possible at the first time only but missing after relaunch
Signed-off-by: Michael Schuster <michael@schuster.ms>
Instead of immediately popping up the mnemonic dialogue,
only show a notification bar on the account setup page.
For the cases where the user does not want to use E2E,
this is significantly less intrusive than the old approach.
