This moves all the basic http auth over to the webflow mechanism.
This thus also makes sure that if the password changes a webflow page
pops up. And thus will directly move them over to apptokens then.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
There is no real reason to have a timeout. The connection can stay open
as long as we are not authenticated. The User can still re-open a browser
from the UI at any time.
Issue #6612
Fixes#279
Some setups don't make Qt emit the right signals and the client would
end up in state where it could not do the initial authentications.
This is a similar hack that apparently already was is place for basic
http auth.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Detect invalid auth (if the users token is removed for example)
* Properly store and fetch from keychain
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This restores 2.3 behavior. Some servers reply 404 to GETs and PROPFINDs
to the remote.php/webdav/ url and used to work. Being more picky would
break them.
With some firewalls we can't GET /remote.php/webdav/. Here we keep the
GET request to detect shibboleth through the redirect pattern but then
use PROPFIND to figure out the http auth method.
Currently we prefer OAuth to Shibboleth to Basic auth.
This also restores the fallback behavior of assuming basic auth
when no auth type can be determined.
To reproduce, log in and click "authorize" on the browser, then close
the browser before the client has replied, (but after redirected to localhost,
i.e. when the client is asking the server for the token)
The problem is that socket can be destroyed so we don't need to answer on a
destroyed socket.
We need to use concatPath to avoid possible double '/' in the URLs if the
account url() ends with '/'.
This has become even more of a problem since commit
d1b8370a4a which was resolving the url after
a redirect where most server actually add a '/' if the url is a folder
Some slot were protected or private but needed to be public.
Some needed a static_cast (can't use qOverload because it is in Qt 5.7)
This is not only a partial change.
This is motivated by the fact that QMetaObject::noralizeSignature takes 7.35%
CPU of the LargeSyncBench. (Mostly from ABstractNetworkJob::setupConnections and
PropagateUploadFileV1::startNextChunk). It could be fixed by using normalized
signature in the connection statement, but i tought it was a good oportunity
to modernize the code.
This commit only contains calls that were automatically converted with clazy.
The query args of POST requests become the request body. If there's a
redirect, the redirected url will therefore not contain the query
arguments. Use an explicit request body to make the redirection work.
When the GET request from askFromUser is scheduled on the QNAM inside
the slot that handles the QNetworkReply::finished signal, it seems to
not get processed at all.
This workaround moves the sending of the new GET to the event loop,
sidestepping the problem.
Now that csync builds as C++, this will avoid having to implement
functionalities needed by csync mandatorily in csync itself.
This library is built as part of libocsync and symbols exported
through it.
This requires a relicense of Utility as LGPL. All classes moved into
this library from src/libsync will need to be relicensed as well.
Allow upgrade path when the server removes support for oauth
Relates: https://github.com/owncloud/client/issues/5848#issuecomment-317353049
We also need to force the account to commit the config to the disk,
otherwise we may not register we are no longer using owncloud and we
risk sending the password as the token to the token refresh API call
Since the user is already in the browser, put the error message in the
browser with a message to log out and then log in as the right user.
Issue #5895
Requires https://github.com/owncloud/oauth2/pull/45
This commit moves the reply after we got the token reply from
the server, that allows to reply with an error to the browser
if the login does not work.
The QNAM may continue to outlive both.
Rename Credentials::getQNAM() to createQNAM() while we're at it - it's
used to make a new QNAM that will subsequently be owned by the Account
object.
See d01065b9a1 for rationale.
Relates to
d40c56eda5147cf798a6
- Add category to the all messages (they did not have it was merged right after
the patch to add category everywhere, but this code did not have it.)
- Make sure there is no warnings in the normal flow. (The wizard does a request
without authentication to determine the auth type)
