diff options
Diffstat (limited to 'kde-apps/libkgapi/files/libkgapi-17.04.0-auth3.patch')
-rw-r--r-- | kde-apps/libkgapi/files/libkgapi-17.04.0-auth3.patch | 310 |
1 files changed, 310 insertions, 0 deletions
diff --git a/kde-apps/libkgapi/files/libkgapi-17.04.0-auth3.patch b/kde-apps/libkgapi/files/libkgapi-17.04.0-auth3.patch new file mode 100644 index 000000000000..61d3b306bed4 --- /dev/null +++ b/kde-apps/libkgapi/files/libkgapi-17.04.0-auth3.patch @@ -0,0 +1,310 @@ +From 7b0934611ef72fb7e7c405813a1d2bb8b944dadc Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20Vr=C3=A1til?= <dvratil@kde.org> +Date: Thu, 27 Apr 2017 18:41:45 +0200 +Subject: [PATCH 3/3] Auth: add URL bar and SSL indicator to the authentication + page + +To increase trust-worthiness of the authentication dialog we now display +the URL and an SSL indicator above the webview. +--- + src/core/ui/authwidget.cpp | 2 + + src/core/ui/authwidget_p.cpp | 137 +++++++++++++++++++++++++++++++++++++++---- + src/core/ui/authwidget_p.h | 25 ++++---- + 3 files changed, 136 insertions(+), 28 deletions(-) + +diff --git a/src/core/ui/authwidget.cpp b/src/core/ui/authwidget.cpp +index 18d2106..ac09b63 100644 +--- a/src/core/ui/authwidget.cpp ++++ b/src/core/ui/authwidget.cpp +@@ -107,6 +107,8 @@ void AuthWidget::authenticate() + + qCDebug(KGAPIRaw) << "Requesting new token:" << url; + ++ d->sslIndicator->setVisible(true); ++ d->urlEdit->setVisible(true); + d->webview->setVisible(true); + if (d->showProgressBar) { + d->progressbar->setVisible(true); +diff --git a/src/core/ui/authwidget_p.cpp b/src/core/ui/authwidget_p.cpp +index a51f4a9..f732935 100644 +--- a/src/core/ui/authwidget_p.cpp ++++ b/src/core/ui/authwidget_p.cpp +@@ -25,35 +25,79 @@ + #include "private/newtokensfetchjob_p.h" + #include "../../debug.h" + +-#include <QWebEngineView> + #include <QWebEngineProfile> + #include <QNetworkReply> + #include <QContextMenuEvent> + ++#include <QVBoxLayout> ++#include <QLabel> ++#include <QTimer> ++#include <QMessageBox> ++ + #include <QDateTime> + + using namespace KGAPI2; + +-WebView::WebView(QWidget *parent) +- : QWebEngineView(parent) ++namespace + { +- // Don't store cookies, so that subsequent invocations of AuthJob won't remember +- // the previous accounts. +- QWebEngineProfile::defaultProfile()->setPersistentCookiesPolicy(QWebEngineProfile::NoPersistentCookies); +-} + +- +-WebView::~WebView() ++class WebView : public QWebEngineView + { ++ Q_OBJECT ++public: ++ explicit WebView(QWidget *parent = nullptr) ++ : QWebEngineView(parent) ++ { ++ // Don't store cookies, so that subsequent invocations of AuthJob won't remember ++ // the previous accounts. ++ QWebEngineProfile::defaultProfile()->setPersistentCookiesPolicy(QWebEngineProfile::NoPersistentCookies); ++ } + +-} ++ void contextMenuEvent(QContextMenuEvent *e) Q_DECL_OVERRIDE ++ { ++ // No menu ++ e->accept(); ++ } ++}; + +-void WebView::contextMenuEvent(QContextMenuEvent *e) ++class WebPage : public QWebEnginePage + { +- // No menu +- e->accept(); ++ Q_OBJECT ++public: ++ explicit WebPage(QObject *parent = nullptr) ++ : QWebEnginePage(parent) ++ , mLastError(nullptr) ++ { ++ } ++ ++ QWebEngineCertificateError *lastCertificateError() const ++ { ++ return mLastError; ++ } ++ ++ bool certificateError(const QWebEngineCertificateError &err) Q_DECL_OVERRIDE ++ { ++ if (mLastError) { ++ delete mLastError; ++ } ++ mLastError = new QWebEngineCertificateError(err.error(), err.url(), err.isOverridable(), err.errorDescription()); ++ Q_EMIT sslError(); ++ ++ return false; // don't let it through ++ } ++ ++Q_SIGNALS: ++ void sslError(); ++ ++private: ++ QWebEngineCertificateError *mLastError; ++}; ++ + } + ++ ++ ++ + AuthWidgetPrivate::AuthWidgetPrivate(AuthWidget *parent): + QObject(), + showProgressBar(true), +@@ -67,6 +111,15 @@ AuthWidgetPrivate::~AuthWidgetPrivate() + { + } + ++void AuthWidgetPrivate::setSslIcon(const QString &iconName) ++{ ++ // FIXME: workaround for silly Breeze icons: the small 22x22 icons are ++ // monochromatic, which is absolutely useless since we are trying to security ++ // information here, so instead we force use the bigger 48x48 icons which ++ // have colors and downscale them ++ sslIndicator->setIcon(QIcon::fromTheme(iconName).pixmap(48)); ++} ++ + void AuthWidgetPrivate::setupUi() + { + vbox = new QVBoxLayout(q); +@@ -79,6 +132,26 @@ void AuthWidgetPrivate::setupUi() + label->setVisible(false); + vbox->addWidget(label); + ++ auto hbox = new QHBoxLayout; ++ hbox->setSpacing(0); ++ sslIndicator = new QToolButton(q); ++ connect(sslIndicator, &QToolButton::clicked, ++ this, [this]() { ++ auto page = qobject_cast<WebPage*>(webview->page()); ++ if (auto err = page->lastCertificateError()) { ++ QMessageBox msg; ++ msg.setIconPixmap(QIcon::fromTheme(QStringLiteral("security-low")).pixmap(64)); ++ msg.setText(err->errorDescription()); ++ msg.addButton(QMessageBox::Ok); ++ msg.exec(); ++ } ++ }); ++ hbox->addWidget(sslIndicator); ++ urlEdit = new QLineEdit(q); ++ urlEdit->setReadOnly(true); ++ hbox->addWidget(urlEdit); ++ vbox->addLayout(hbox); ++ + progressbar = new QProgressBar(q); + progressbar->setMinimum(0); + progressbar->setMaximum(100); +@@ -87,6 +160,13 @@ void AuthWidgetPrivate::setupUi() + + webview = new WebView(q); + ++ auto webpage = new WebPage(webview); ++ connect(webpage, &WebPage::sslError, ++ this, [this]() { ++ setSslIcon(QStringLiteral("security-low")); ++ }); ++ webview->setPage(webpage); ++ + vbox->addWidget(webview); + connect(webview, &QWebEngineView::loadProgress, progressbar, &QProgressBar::setValue); + connect(webview, &QWebEngineView::urlChanged, this, &AuthWidgetPrivate::webviewUrlChanged); +@@ -104,6 +184,8 @@ void AuthWidgetPrivate::setProgress(AuthWidget::Progress progress) + void AuthWidgetPrivate::emitError(const enum Error errCode, const QString& msg) + { + label->setVisible(true); ++ sslIndicator->setVisible(false); ++ urlEdit->setVisible(false); + webview->setVisible(false); + progressbar->setVisible(false); + +@@ -118,10 +200,33 @@ void AuthWidgetPrivate::webviewUrlChanged(const QUrl &url) + { + qCDebug(KGAPIDebug) << "URLChange:" << url; + ++ // Whoa! That should not happen! ++ if (url.scheme() != QLatin1String("https")) { ++ QTimer::singleShot(0, this, [this, url]() { ++ QUrl sslUrl = url; ++ sslUrl.setScheme(QStringLiteral("https")); ++ webview->setUrl(sslUrl); ++ }); ++ return; ++ } ++ + if (!isGoogleHost(url)) { ++ // We handled SSL above, so we are secure. We are however outside of ++ // accounts.google.com, which is a little suspicious in context of this class ++ setSslIcon(QStringLiteral("security-medium")); + return; + } + ++ if (qobject_cast<WebPage*>(webview->page())->lastCertificateError()) { ++ setSslIcon(QStringLiteral("security-low")); ++ } else { ++ // We have no way of obtaining current SSL certifiace from QWebEngine, but we ++ // handled SSL and accounts.google.com cases above and QWebEngine did not report ++ // any SSL error to us, so we can assume we are safe. ++ setSslIcon(QStringLiteral("security-high")); ++ } ++ ++ + // Username and password inputs are loaded dynamically, so we only get + // urlChanged, but not urlFinished. + if (isUsernameFrame(url)) { +@@ -145,6 +250,8 @@ void AuthWidgetPrivate::webviewUrlChanged(const QUrl &url) + } else if (isTokenPage(url)) { + /* Access token here - hide browser and tell user to wait until we + * finish the authentication process ourselves */ ++ sslIndicator->setVisible(false); ++ urlEdit->setVisible(false); + webview->setVisible(false); + progressbar->setVisible(false); + label->setVisible(true); +@@ -160,6 +267,8 @@ void AuthWidgetPrivate::webviewFinished(bool ok) + } + + const QUrl url = webview->url(); ++ urlEdit->setText(url.toDisplayString(QUrl::PrettyDecoded)); ++ urlEdit->setCursorPosition(0); + qCDebug(KGAPIDebug) << "URLFinished:" << url; + + if (!isGoogleHost(url)) { +@@ -238,3 +347,5 @@ void AuthWidgetPrivate::accountInfoReceived(KGAPI2::Job* job) + setProgress(AuthWidget::Finished); + } + ++ ++#include "authwidget_p.moc" +diff --git a/src/core/ui/authwidget_p.h b/src/core/ui/authwidget_p.h +index 9c488be..78b0e7f 100644 +--- a/src/core/ui/authwidget_p.h ++++ b/src/core/ui/authwidget_p.h +@@ -26,27 +26,18 @@ + #include "ui/authwidget.h" + #include "types.h" + ++#include <QLineEdit> ++#include <QToolButton> + #include <QProgressBar> +-#include <QVBoxLayout> + #include <QWebEngineView> +-#include <QLabel> ++ ++class QVBoxLayout; ++class QLabel; + + namespace KGAPI2 { + + class Job; + +-class WebView : public QWebEngineView +-{ +- Q_OBJECT +-public: +- explicit WebView(QWidget *parent=0); +- ~WebView(); +- +-protected: +- void contextMenuEvent(QContextMenuEvent *) Q_DECL_OVERRIDE; +-}; +- +- + class Q_DECL_HIDDEN AuthWidgetPrivate: public QObject { + + Q_OBJECT +@@ -65,9 +56,11 @@ class Q_DECL_HIDDEN AuthWidgetPrivate: public QObject { + QString apiKey; + QString secretKey; + ++ QToolButton *sslIndicator; ++ QLineEdit *urlEdit; + QProgressBar *progressbar; + QVBoxLayout *vbox; +- WebView *webview; ++ QWebEngineView *webview; + QLabel *label; + + private Q_SLOTS: +@@ -88,6 +81,8 @@ class Q_DECL_HIDDEN AuthWidgetPrivate: public QObject { + bool isPasswordFrame(const QUrl &url) { return url.path() == QLatin1String("/signin/v2/challenge/pwd"); } + bool isTokenPage(const QUrl &url) { return url.path() == QLatin1String("/o/oauth2/approval/v2"); } + ++ void setSslIcon(const QString &icon); ++ + AuthWidget *q; + + friend class AuthWidget; +-- +2.12.2 + |