[evolution-data-server/evolution-data-server-3-12] Bug 735311 - Adapt to new Google HTTP restriction

From: Matthew Barnes <mbarnes src gnome org>
To: commits-list gnome org
Cc:
Subject: [evolution-data-server/evolution-data-server-3-12] Bug 735311 - Adapt to new Google HTTP restriction
Date: Mon, 25 Aug 2014 15:26:32 +0000 (UTC)
commit 5e9d80092b19f9bd2c02712ab0a50fa70b052c74
Author: Matthew Barnes <mbarnes redhat com>
Date:   Mon Aug 25 11:01:20 2014 -0400

    Bug 735311 - Adapt to new Google HTTP restriction
    
    Google has recently imposed a limit on the number of unauthorized HTTP
    requests to its OAuth2-based interfaces.
    
    The normal operation of SoupSession is to issue the first HTTP request
    unauthorized and see if the server issues a "401 Unauthorized" response
    (since not all HTTP services require authorization).
    
    On a "401 Unauthorized" response, SoupSession emits an "authenticate"
    signal, which the application is supposed to handle.  Once credentials
    are in hand, SoupSession resends the same HTTP request and subsequent
    requests with an Authenticate header while the socket connection holds.
    
    Google's unauthorized request limit breaks this logic flow.  Once the
    limit is exceeded, the Google server issues a "403 Forbidden" response
    instead of "401 Unauthorized" to an unauthorized HTTP request.  This
    breaks error handling in the E-D-S CalDAV backend.
    
    The workaround is to preload the SoupAuthManager with a pre-configured
    SoupAuth when using OAuth 2.0 authentication.  This avoids the initial
    unauthorized HTTP round-trip.
    
    The backend implements the GInitable interface for this since obtaining
    a valid access token is a failable step.
    
    (cherry picked from commit 00a465670ef3d8adbaf011b3e697ba5befb00623)

 calendar/backends/caldav/e-cal-backend-caldav.c |   99 ++++++++++++++++++++---
 libedataserver/e-source-webdav.c                |    4 +-
 2 files changed, 89 insertions(+), 14 deletions(-)
---
diff --git a/calendar/backends/caldav/e-cal-backend-caldav.c b/calendar/backends/caldav/e-cal-backend-caldav.c
index f189126..686020e 100644
--- a/calendar/backends/caldav/e-cal-backend-caldav.c
+++ b/calendar/backends/caldav/e-cal-backend-caldav.c
@@ -133,6 +133,8 @@ struct _ECalBackendCalDAVPrivate {
 };
 
 /* Forward Declarations */
+static void    e_caldav_backend_initable_init
+                               (GInitableIface *interface);
 static void    caldav_source_authenticator_init
                                (ESourceAuthenticatorInterface *iface);
 
@@ -141,6 +143,9 @@ G_DEFINE_TYPE_WITH_CODE (
        e_cal_backend_caldav,
        E_TYPE_CAL_BACKEND_SYNC,
        G_IMPLEMENT_INTERFACE (
+               G_TYPE_INITABLE,
+               e_caldav_backend_initable_init)
+       G_IMPLEMENT_INTERFACE (
                E_TYPE_SOURCE_AUTHENTICATOR,
                caldav_source_authenticator_init))
 
@@ -5238,11 +5243,83 @@ e_cal_backend_caldav_finalize (GObject *object)
        G_OBJECT_CLASS (parent_class)->finalize (object);
 }
 
-static void
-e_cal_backend_caldav_init (ECalBackendCalDAV *cbdav)
+static gboolean
+caldav_backend_initable_init (GInitable *initable,
+                              GCancellable *cancellable,
+                              GError **error)
 {
+       ECalBackendCalDAVPrivate *priv;
        SoupSessionFeature *feature;
+       ESource *source;
+       const gchar *extension_name;
+       gchar *auth_method = NULL;
+       gboolean success = TRUE;
+
+       priv = E_CAL_BACKEND_CALDAV_GET_PRIVATE (initable);
+
+       feature = soup_session_get_feature (
+               priv->session, SOUP_TYPE_AUTH_MANAGER);
+
+       /* Add the "Bearer" auth type to support OAuth 2.0. */
+       soup_session_feature_add_feature (feature, E_TYPE_SOUP_AUTH_BEARER);
+       g_mutex_init (&priv->bearer_auth_error_lock);
+
+       /* Preload the SoupAuthManager with a valid "Bearer" token
+        * when using OAuth 2.0.  This avoids an extra unauthorized
+        * HTTP round-trip, which apparently Google doesn't like. */
+
+       source = e_backend_get_source (E_BACKEND (initable));
+
+       extension_name = E_SOURCE_EXTENSION_AUTHENTICATION;
+       if (e_source_has_extension (source, extension_name)) {
+               ESourceAuthentication *extension;
+
+               extension = e_source_get_extension (source, extension_name);
+               auth_method = e_source_authentication_dup_method (extension);
+       }
+
+       if (g_strcmp0 (auth_method, "OAuth2") == 0) {
+               ESourceWebdav *extension;
+               SoupAuth *soup_auth;
+               SoupURI *soup_uri;
+               gchar *access_token = NULL;
+               gint expires_in_seconds = -1;
+
+               extension_name = E_SOURCE_EXTENSION_WEBDAV_BACKEND;
+               extension = e_source_get_extension (source, extension_name);
+               soup_uri = e_source_webdav_dup_soup_uri (extension);
 
+               soup_auth = g_object_new (
+                       E_TYPE_SOUP_AUTH_BEARER,
+                       SOUP_AUTH_HOST, soup_uri->host, NULL);
+
+               success = e_source_get_oauth2_access_token_sync (
+                       source, cancellable, &access_token,
+                       &expires_in_seconds, error);
+
+               if (success) {
+                       e_soup_auth_bearer_set_access_token (
+                               E_SOUP_AUTH_BEARER (soup_auth),
+                               access_token, expires_in_seconds);
+
+                       soup_auth_manager_use_auth (
+                               SOUP_AUTH_MANAGER (feature),
+                               soup_uri, soup_auth);
+               }
+
+               g_free (access_token);
+               g_object_unref (soup_auth);
+               soup_uri_free (soup_uri);
+       }
+
+       g_free (auth_method);
+
+       return success;
+}
+
+static void
+e_cal_backend_caldav_init (ECalBackendCalDAV *cbdav)
+{
        cbdav->priv = E_CAL_BACKEND_CALDAV_GET_PRIVATE (cbdav);
        cbdav->priv->session = soup_session_sync_new ();
        g_object_set (
@@ -5257,17 +5334,6 @@ e_cal_backend_caldav_init (ECalBackendCalDAV *cbdav)
                cbdav->priv->session, "proxy-resolver",
                G_BINDING_SYNC_CREATE);
 
-       /* XXX SoupAuthManager is public API as of libsoup 2.42, but
-        *     this isn't worth bumping our libsoup requirement over.
-        *     So get the SoupAuthManager GType by its type name. */
-       feature = soup_session_get_feature (
-               cbdav->priv->session,
-               g_type_from_name ("SoupAuthManager"));
-
-       /* Add the "Bearer" auth type to support OAuth 2.0. */
-       soup_session_feature_add_feature (feature, E_TYPE_SOUP_AUTH_BEARER);
-       g_mutex_init (&cbdav->priv->bearer_auth_error_lock);
-
        if (G_UNLIKELY (caldav_debug_show (DEBUG_MESSAGE)))
                caldav_debug_setup (cbdav->priv->session);
 
@@ -5337,3 +5403,10 @@ e_cal_backend_caldav_class_init (ECalBackendCalDAVClass *class)
 
        backend_class->start_view = caldav_start_view;
 }
+
+static void
+e_caldav_backend_initable_init (GInitableIface *interface)
+{
+       interface->init = caldav_backend_initable_init;
+}
+
diff --git a/libedataserver/e-source-webdav.c b/libedataserver/e-source-webdav.c
index eda83d5..9ddbbc0 100644
--- a/libedataserver/e-source-webdav.c
+++ b/libedataserver/e-source-webdav.c
@@ -244,7 +244,9 @@ source_webdav_update_soup_uri_from_properties (ESourceWebdav *webdav_extension)
 
        soup_uri_set_user (soup_uri, user);
        soup_uri_set_host (soup_uri, host);
-       soup_uri_set_port (soup_uri, port);
+
+       if (port > 0)
+               soup_uri_set_port (soup_uri, port);
 
        /* SoupURI doesn't like NULL paths. */
        soup_uri_set_path (soup_uri, (path != NULL) ? path : "");
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]