From a7e7f7fdd2a9d38921476d57f305c9cd4459a556 Mon Sep 17 00:00:00 2001 From: Christian Mollekopf Date: Mon, 18 Sep 2017 11:40:41 +0200 Subject: Avoid storing the password in the configuration The password (or any other secret), is now cached in the client process (in-memory only), and delivered to the resource via command. The resource avoids doing any operations against the source until the secret is available. --- examples/davresource/davresource.cpp | 30 ++++++++++++++++++---------- examples/davresource/davresource.h | 5 ----- examples/dummyresource/resourcefactory.cpp | 2 +- examples/imapresource/imapresource.cpp | 16 +++++++-------- examples/imapresource/imapserverproxy.cpp | 3 +++ examples/imapresource/imapserverproxy.h | 1 + examples/maildirresource/maildirresource.cpp | 2 +- 7 files changed, 34 insertions(+), 25 deletions(-) (limited to 'examples') diff --git a/examples/davresource/davresource.cpp b/examples/davresource/davresource.cpp index 22c502f..fa5e612 100644 --- a/examples/davresource/davresource.cpp +++ b/examples/davresource/davresource.cpp @@ -132,8 +132,8 @@ public: KAsync::Job synchronizeWithSource(const Sink::QueryBase &query) Q_DECL_OVERRIDE { if (query.type() == ApplicationDomain::getTypeName()) { - SinkLogCtx(mLogCtx) << "Synchronizing addressbooks:" << mResourceUrl.url(); - auto collectionsFetchJob = new KDAV2::DavCollectionsFetchJob(mResourceUrl); + SinkLogCtx(mLogCtx) << "Synchronizing addressbooks:" << resourceUrl().url(); + auto collectionsFetchJob = new KDAV2::DavCollectionsFetchJob(resourceUrl()); auto job = runJob(collectionsFetchJob).then([this, collectionsFetchJob] (const KAsync::Error &error) { if (error) { SinkWarningCtx(mLogCtx) << "Failed to synchronize addressbooks." << collectionsFetchJob->errorString(); @@ -147,7 +147,7 @@ public: auto ridList = QSharedPointer::create(); auto total = QSharedPointer::create(0); auto progress = QSharedPointer::create(0); - auto collectionsFetchJob = new KDAV2::DavCollectionsFetchJob(mResourceUrl); + auto collectionsFetchJob = new KDAV2::DavCollectionsFetchJob(resourceUrl()); auto job = runJob(collectionsFetchJob).then([this, collectionsFetchJob] { synchronizeAddressbooks(collectionsFetchJob ->collections()); return collectionsFetchJob->collections(); @@ -233,8 +233,20 @@ KAsync::Job replay(const ApplicationDomain::Contact &contact, Sink:: return KAsync::null(); } + KDAV2::DavUrl resourceUrl() const + { + if (secret().isEmpty()) { + return {}; + } + auto resourceUrl = mServer; + resourceUrl.setUserName(mUsername); + resourceUrl.setPassword(secret()); + return KDAV2::DavUrl{resourceUrl, KDAV2::CardDav}; + } + public: - KDAV2::DavUrl mResourceUrl; + QUrl mServer; + QString mUsername; }; @@ -242,14 +254,12 @@ DavResource::DavResource(const Sink::ResourceContext &resourceContext) : Sink::GenericResource(resourceContext) { auto config = ResourceConfig::getConfiguration(resourceContext.instanceId()); - auto resourceUrl = QUrl::fromUserInput(config.value("server").toString()); - resourceUrl.setUserName(config.value("username").toString()); - resourceUrl.setPassword(config.value("password").toString()); - - mResourceUrl = KDAV2::DavUrl(resourceUrl, KDAV2::CardDav); + auto server = QUrl::fromUserInput(config.value("server").toString()); + auto username = config.value("username").toString(); auto synchronizer = QSharedPointer::create(resourceContext); - synchronizer->mResourceUrl = mResourceUrl; + synchronizer->mServer = server; + synchronizer->mUsername = username; setupSynchronizer(synchronizer); setupPreprocessors(ENTITY_TYPE_CONTACT, QVector() << new ContactPropertyExtractor); diff --git a/examples/davresource/davresource.h b/examples/davresource/davresource.h index db175a4..b4f9e5a 100644 --- a/examples/davresource/davresource.h +++ b/examples/davresource/davresource.h @@ -44,11 +44,6 @@ class DavResource : public Sink::GenericResource { public: DavResource(const Sink::ResourceContext &resourceContext); - -private: - QStringList listAvailableFolders(); - - KDAV2::DavUrl mResourceUrl; }; class DavResourceFactory : public Sink::ResourceFactory diff --git a/examples/dummyresource/resourcefactory.cpp b/examples/dummyresource/resourcefactory.cpp index dffdfc9..f3c8be2 100644 --- a/examples/dummyresource/resourcefactory.cpp +++ b/examples/dummyresource/resourcefactory.cpp @@ -50,7 +50,7 @@ class DummySynchronizer : public Sink::Synchronizer { DummySynchronizer(const Sink::ResourceContext &context) : Sink::Synchronizer(context) { - + setSecret("dummy"); } Sink::ApplicationDomain::Event::Ptr createEvent(const QByteArray &ridBuffer, const QMap &data) diff --git a/examples/imapresource/imapresource.cpp b/examples/imapresource/imapresource.cpp index 3ae7fd7..2aba6b0 100644 --- a/examples/imapresource/imapresource.cpp +++ b/examples/imapresource/imapresource.cpp @@ -470,7 +470,7 @@ public: { SinkTrace() << "Connecting to:" << mServer << mPort; SinkTrace() << "as:" << mUser; - return imap->login(mUser, mPassword) + return imap->login(mUser, secret()) .addToContext(imap); } @@ -513,6 +513,8 @@ public: return {ApplicationDomain::NoServerError, error.errorMessage}; case Imap::ConnectionLost: return {ApplicationDomain::ConnectionLostError, error.errorMessage}; + case Imap::MissingCredentialsError: + return {ApplicationDomain::MissingCredentialsError, error.errorMessage}; default: return {ApplicationDomain::UnknownError, error.errorMessage}; } @@ -631,7 +633,7 @@ public: } } auto imap = QSharedPointer::create(mServer, mPort, &mSessionCache); - auto login = imap->login(mUser, mPassword); + auto login = imap->login(mUser, secret()); KAsync::Job job = KAsync::null(); if (operation == Sink::Operation_Creation) { const QString mailbox = syncStore().resolveLocalId(ENTITY_TYPE_FOLDER, mail.getFolder()); @@ -716,7 +718,7 @@ public: } } auto imap = QSharedPointer::create(mServer, mPort, &mSessionCache); - auto login = imap->login(mUser, mPassword); + auto login = imap->login(mUser, secret()); if (operation == Sink::Operation_Creation) { QString parentFolder; if (!folder.getParent().isEmpty()) { @@ -736,7 +738,7 @@ public: }); } else { //We try to merge special purpose folders first auto specialPurposeFolders = QSharedPointer>::create(); - auto mergeJob = imap->login(mUser, mPassword) + auto mergeJob = imap->login(mUser, secret()) .then(imap->fetchFolders([=](const Imap::Folder &folder) { if (SpecialPurpose::isSpecialPurposeFolderName(folder.name())) { specialPurposeFolders->insert(SpecialPurpose::getSpecialPurposeType(folder.name()), folder.path()); @@ -790,7 +792,6 @@ public: QString mServer; int mPort; QString mUser; - QString mPassword; int mDaysToSync = 0; QByteArray mResourceInstanceIdentifier; Imap::SessionCache mSessionCache; @@ -959,7 +960,6 @@ ImapResource::ImapResource(const ResourceContext &resourceContext) auto server = config.value("server").toString(); auto port = config.value("port").toInt(); auto user = config.value("username").toString(); - auto password = config.value("password").toString(); if (server.startsWith("imap")) { server.remove("imap://"); server.remove("imaps://"); @@ -974,7 +974,6 @@ ImapResource::ImapResource(const ResourceContext &resourceContext) synchronizer->mServer = server; synchronizer->mPort = port; synchronizer->mUser = user; - synchronizer->mPassword = password; synchronizer->mDaysToSync = 14; setupSynchronizer(synchronizer); @@ -982,7 +981,8 @@ ImapResource::ImapResource(const ResourceContext &resourceContext) inspector->mServer = server; inspector->mPort = port; inspector->mUser = user; - inspector->mPassword = password; + //TODO + // inspector->mPassword = password; setupInspector(inspector); setupPreprocessors(ENTITY_TYPE_MAIL, QVector() << new SpecialPurposeProcessor << new MailPropertyExtractor); diff --git a/examples/imapresource/imapserverproxy.cpp b/examples/imapresource/imapserverproxy.cpp index 16887b1..317fbdc 100644 --- a/examples/imapresource/imapserverproxy.cpp +++ b/examples/imapresource/imapserverproxy.cpp @@ -139,6 +139,9 @@ ImapServerProxy::ImapServerProxy(const QString &serverUrl, int port, SessionCach KAsync::Job ImapServerProxy::login(const QString &username, const QString &password) { + if (password.isEmpty()) { + return KAsync::error(Imap::MissingCredentialsError); + } if (mSessionCache) { auto session = mSessionCache->getSession(); if (session.isValid()) { diff --git a/examples/imapresource/imapserverproxy.h b/examples/imapresource/imapserverproxy.h index 86e3378..9e73f68 100644 --- a/examples/imapresource/imapserverproxy.h +++ b/examples/imapresource/imapserverproxy.h @@ -35,6 +35,7 @@ enum ErrorCode { CouldNotConnectError, SslHandshakeError, ConnectionLost, + MissingCredentialsError, UnknownError }; diff --git a/examples/maildirresource/maildirresource.cpp b/examples/maildirresource/maildirresource.cpp index b406f63..41f2433 100644 --- a/examples/maildirresource/maildirresource.cpp +++ b/examples/maildirresource/maildirresource.cpp @@ -215,7 +215,7 @@ public: MaildirSynchronizer(const Sink::ResourceContext &resourceContext) : Sink::Synchronizer(resourceContext) { - + setSecret("dummy"); } static QStringList listRecursive( const QString &root, const KPIM::Maildir &dir ) -- cgit v1.2.3