[gnome-software/wip/rancell/snapauth: 5/5] snapd: Use snap authentication
- From: Robert Ancell <rancell src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnome-software/wip/rancell/snapauth: 5/5] snapd: Use snap authentication
- Date: Mon, 4 Jul 2016 05:03:26 +0000 (UTC)
commit da79dbe67af8d8378040b2090746176126130a4e
Author: Robert Ancell <robert ancell canonical com>
Date: Fri Jul 1 15:33:07 2016 +1200
snapd: Use snap authentication
src/plugins/gs-plugin-snap.c | 169 ++++++++++++++++++++++++++++++++++++++++++
src/plugins/gs-snapd.c | 86 +++++++++++++++++++++
src/plugins/gs-snapd.h | 15 ++++
3 files changed, 270 insertions(+), 0 deletions(-)
---
diff --git a/src/plugins/gs-plugin-snap.c b/src/plugins/gs-plugin-snap.c
index aad25c0..e2ae127 100644
--- a/src/plugins/gs-plugin-snap.c
+++ b/src/plugins/gs-plugin-snap.c
@@ -26,17 +26,29 @@
#include "gs-snapd.h"
+struct GsPluginData {
+ GsAuth *auth;
+ gchar *macaroon;
+ gchar **discharges;
+};
+
typedef gboolean (*AppFilterFunc)(const gchar *id, JsonObject *object, gpointer data);
void
gs_plugin_initialize (GsPlugin *plugin)
{
+ GsPluginData *priv = gs_plugin_alloc_data (plugin, sizeof(GsPluginData));
+
if (!gs_snapd_exists ()) {
g_debug ("disabling '%s' as snapd not running",
gs_plugin_get_name (plugin));
gs_plugin_set_enabled (plugin, FALSE);
}
+ priv->auth = gs_auth_new ("snapd");
+ gs_auth_set_provider_name (priv->auth, "Snap Store");
+ gs_plugin_add_auth (plugin, priv->auth);
+
gs_plugin_add_rule (plugin, GS_PLUGIN_RULE_RUN_AFTER, "desktop-categories");
gs_plugin_add_rule (plugin, GS_PLUGIN_RULE_RUN_AFTER, "ubuntu-reviews");
gs_plugin_add_rule (plugin, GS_PLUGIN_RULE_BETTER_THAN, "packagekit");
@@ -86,6 +98,7 @@ parse_result (const gchar *response, const gchar *response_type, GError **error)
static void
refine_app (GsPlugin *plugin, GsApp *app, JsonObject *package, gboolean from_search, GCancellable
*cancellable)
{
+ GsPluginData *priv = gs_plugin_get_data (plugin);
const gchar *status, *icon_url, *launch_name = NULL;
g_autoptr(GdkPixbuf) icon_pixbuf = NULL;
gint64 size = -1;
@@ -128,6 +141,7 @@ refine_app (GsPlugin *plugin, GsApp *app, JsonObject *package, gboolean from_sea
gsize icon_response_length;
if (gs_snapd_request ("GET", icon_url, NULL,
+ priv->macaroon, priv->discharges,
NULL, NULL,
NULL, &icon_response, &icon_response_length,
cancellable, NULL)) {
@@ -194,6 +208,7 @@ get_apps (GsPlugin *plugin,
GCancellable *cancellable,
GError **error)
{
+ GsPluginData *priv = gs_plugin_get_data (plugin);
guint status_code;
GPtrArray *query_fields;
g_autoptr (GString) path = NULL;
@@ -237,6 +252,7 @@ get_apps (GsPlugin *plugin,
}
g_ptr_array_free (query_fields, TRUE);
if (!gs_snapd_request ("GET", path->str, NULL,
+ priv->macaroon, priv->discharges,
&status_code, &reason_phrase,
&response_type, &response, NULL,
cancellable, error))
@@ -285,6 +301,7 @@ get_apps (GsPlugin *plugin,
static gboolean
get_app (GsPlugin *plugin, GsApp *app, GCancellable *cancellable, GError **error)
{
+ GsPluginData *priv = gs_plugin_get_data (plugin);
guint status_code;
g_autofree gchar *path = NULL;
g_autofree gchar *reason_phrase = NULL;
@@ -296,6 +313,7 @@ get_app (GsPlugin *plugin, GsApp *app, GCancellable *cancellable, GError **error
path = g_strdup_printf ("/v2/snaps/%s", gs_app_get_id (app));
if (!gs_snapd_request ("GET", path, NULL,
+ priv->macaroon, priv->discharges,
&status_code, &reason_phrase,
&response_type, &response, NULL,
cancellable, error))
@@ -331,6 +349,10 @@ get_app (GsPlugin *plugin, GsApp *app, GCancellable *cancellable, GError **error
void
gs_plugin_destroy (GsPlugin *plugin)
{
+ GsPluginData *priv = gs_plugin_get_data (plugin);
+ g_clear_object (&priv->auth);
+ g_free (priv->macaroon);
+ g_strfreev (priv->discharges);
}
static gboolean
@@ -382,6 +404,7 @@ send_package_action (GsPlugin *plugin,
GCancellable *cancellable,
GError **error)
{
+ GsPluginData *priv = gs_plugin_get_data (plugin);
g_autofree gchar *content = NULL, *path = NULL;
guint status_code;
g_autofree gchar *reason_phrase = NULL;
@@ -400,11 +423,20 @@ send_package_action (GsPlugin *plugin,
content = g_strdup_printf ("{\"action\": \"%s\"}", action);
path = g_strdup_printf ("/v2/snaps/%s", id);
if (!gs_snapd_request ("POST", path, content,
+ priv->macaroon, priv->discharges,
&status_code, &reason_phrase,
&response_type, &response, NULL,
cancellable, error))
return FALSE;
+ if (status_code == SOUP_STATUS_UNAUTHORIZED) {
+ g_set_error_literal (error,
+ GS_PLUGIN_ERROR,
+ GS_PLUGIN_ERROR_AUTH_REQUIRED,
+ "Requires authentication with @snapd");
+ return FALSE;
+ }
+
if (status_code != SOUP_STATUS_ACCEPTED) {
g_set_error (error,
GS_PLUGIN_ERROR,
@@ -435,6 +467,7 @@ send_package_action (GsPlugin *plugin,
g_usleep (100 * 1000);
if (!gs_snapd_request ("GET", resource_path, NULL,
+ priv->macaroon, priv->discharges,
&status_code, &status_reason_phrase,
&status_response_type, &status_response, NULL,
cancellable, error)) {
@@ -571,3 +604,139 @@ gs_plugin_app_remove (GsPlugin *plugin,
gs_app_set_state (app, AS_APP_STATE_AVAILABLE);
return TRUE;
}
+
+gboolean
+gs_plugin_auth_login (GsPlugin *plugin, GsAuth *auth,
+ GCancellable *cancellable, GError **error)
+{
+ GsPluginData *priv = gs_plugin_get_data (plugin);
+ g_autoptr(JsonBuilder) builder = NULL;
+ g_autoptr(JsonNode) json_root = NULL;
+ g_autoptr(JsonGenerator) json_generator = NULL;
+ g_autofree gchar *data = NULL;
+ guint status_code;
+ g_autofree gchar *reason_phrase = NULL;
+ g_autofree gchar *response_type = NULL;
+ g_autofree gchar *response = NULL;
+ g_autoptr(JsonObject) result = NULL;
+ JsonArray *discharges;
+ guint i;
+
+ if (auth != priv->auth)
+ return TRUE;
+
+ builder = json_builder_new ();
+ json_builder_begin_object (builder);
+ json_builder_set_member_name (builder, "username");
+ json_builder_add_string_value (builder, gs_auth_get_username (auth));
+ json_builder_set_member_name (builder, "password");
+ json_builder_add_string_value (builder, gs_auth_get_password (auth));
+ if (gs_auth_get_pin (auth)) {
+ json_builder_set_member_name (builder, "otp");
+ json_builder_add_string_value (builder, gs_auth_get_pin (auth));
+ }
+ json_builder_end_object (builder);
+
+ json_root = json_builder_get_root (builder);
+ json_generator = json_generator_new ();
+ json_generator_set_pretty (json_generator, TRUE);
+ json_generator_set_root (json_generator, json_root);
+ data = json_generator_to_data (json_generator, NULL);
+ if (data == NULL) {
+ g_set_error_literal (error,
+ GS_PLUGIN_ERROR,
+ GS_PLUGIN_ERROR_FAILED,
+ "Failed to generate JSON request");
+ return FALSE;
+ }
+
+ if (!gs_snapd_request ("POST", "/v2/login", data,
+ priv->macaroon, priv->discharges,
+ &status_code, &reason_phrase,
+ &response_type, &response, NULL,
+ cancellable, error))
+ return FALSE;
+
+ if (status_code != SOUP_STATUS_OK) {
+ g_autofree gchar *error_message = NULL;
+ g_autofree gchar *error_kind = NULL;
+
+ if (!gs_snapd_parse_error (response_type, response, &error_message, &error_kind, error))
+ return FALSE;
+
+ if (g_strcmp0 (error_kind, "two-factor-required") == 0) {
+ g_set_error_literal (error,
+ GS_PLUGIN_ERROR,
+ GS_PLUGIN_ERROR_PIN_REQUIRED,
+ error_message);
+ }
+ else {
+ g_set_error_literal (error,
+ GS_PLUGIN_ERROR,
+ GS_PLUGIN_ERROR_FAILED,
+ error_message);
+ }
+ return FALSE;
+ }
+
+ if (!gs_snapd_parse_result (response_type, response, &result, error))
+ return FALSE;
+
+ g_free (priv->macaroon);
+ priv->macaroon = g_strdup (json_object_get_string_member (result, "macaroon"));
+ g_strfreev (priv->discharges);
+ discharges = json_object_get_array_member (result, "discharges");
+ priv->discharges = g_new0 (gchar *, json_array_get_length (discharges) + 1);
+ for (i = 0; i < json_array_get_length (discharges); i++) {
+ JsonNode *node;
+ node = json_array_get_element (discharges, i);
+ if (!JSON_NODE_HOLDS_VALUE (node) && json_node_get_value_type (node) != G_TYPE_STRING) {
+ g_set_error_literal (error,
+ GS_PLUGIN_ERROR,
+ GS_PLUGIN_ERROR_FAILED,
+ "Macaroon discharge contains unexpected value");
+ return FALSE;
+ }
+ priv->discharges[i] = json_node_dup_string (node);
+ }
+
+ gs_auth_add_flags (priv->auth, GS_AUTH_FLAG_VALID);
+
+ return TRUE;
+}
+
+gboolean
+gs_plugin_auth_lost_password (GsPlugin *plugin, GsAuth *auth,
+ GCancellable *cancellable, GError **error)
+{
+ GsPluginData *priv = gs_plugin_get_data (plugin);
+
+ if (auth != priv->auth)
+ return TRUE;
+
+ // FIXME: snapd might not be using Ubuntu One accounts
+ // https://bugs.launchpad.net/bugs/1598667
+ g_set_error_literal (error,
+ GS_PLUGIN_ERROR,
+ GS_PLUGIN_ERROR_AUTH_INVALID,
+ "do online using @https://login.ubuntu.com/+forgot_password");
+ return FALSE;
+}
+
+gboolean
+gs_plugin_auth_register (GsPlugin *plugin, GsAuth *auth,
+ GCancellable *cancellable, GError **error)
+{
+ GsPluginData *priv = gs_plugin_get_data (plugin);
+
+ if (auth != priv->auth)
+ return TRUE;
+
+ // FIXME: snapd might not be using Ubuntu One accounts
+ // https://bugs.launchpad.net/bugs/1598667
+ g_set_error_literal (error,
+ GS_PLUGIN_ERROR,
+ GS_PLUGIN_ERROR_AUTH_INVALID,
+ "do online using @https://login.ubuntu.com/+login");
+ return FALSE;
+}
diff --git a/src/plugins/gs-snapd.c b/src/plugins/gs-snapd.c
index 3a6a959..1a36d8d 100644
--- a/src/plugins/gs-snapd.c
+++ b/src/plugins/gs-snapd.c
@@ -95,6 +95,8 @@ gboolean
gs_snapd_request (const gchar *method,
const gchar *path,
const gchar *content,
+ const gchar *macaroon,
+ gchar **discharges,
guint *status_code,
gchar **reason_phrase,
gchar **response_type,
@@ -123,6 +125,14 @@ gs_snapd_request (const gchar *method,
request = g_string_new ("");
g_string_append_printf (request, "%s %s HTTP/1.1\r\n", method, path);
g_string_append (request, "Host:\r\n");
+ if (macaroon != NULL) {
+ gint i;
+
+ g_string_append_printf (request, "Authorization: Macaroon root=\"%s\"", macaroon);
+ for (i = 0; discharges[i] != NULL; i++)
+ g_string_append_printf (request, ",discharge=\"%s\"", discharges[i]);
+ g_string_append (request, "\r\n");
+ }
if (content)
g_string_append_printf (request, "Content-Length: %zi\r\n", strlen (content));
g_string_append (request, "\r\n");
@@ -288,3 +298,79 @@ gs_snapd_request (const gchar *method,
return TRUE;
}
+
+gboolean
+gs_snapd_parse_result (const gchar *response_type,
+ const gchar *response,
+ JsonObject **result,
+ GError **error)
+{
+ g_autoptr(JsonParser) parser = NULL;
+ g_autoptr(GError) error_local = NULL;
+ JsonObject *root;
+
+ if (response_type == NULL) {
+ g_set_error_literal (error,
+ GS_PLUGIN_ERROR,
+ GS_PLUGIN_ERROR_FAILED,
+ "snapd returned no content type");
+ return FALSE;
+ }
+ if (g_strcmp0 (response_type, "application/json") != 0) {
+ g_set_error (error,
+ GS_PLUGIN_ERROR,
+ GS_PLUGIN_ERROR_FAILED,
+ "snapd returned unexpected content type %s", response_type);
+ return FALSE;
+ }
+
+ parser = json_parser_new ();
+ if (!json_parser_load_from_data (parser, response, -1, &error_local)) {
+ g_set_error (error,
+ GS_PLUGIN_ERROR,
+ GS_PLUGIN_ERROR_FAILED,
+ "Unable to parse snapd response: %s",
+ error_local->message);
+ return FALSE;
+ }
+
+ if (!JSON_NODE_HOLDS_OBJECT (json_parser_get_root (parser))) {
+ g_set_error_literal (error,
+ GS_PLUGIN_ERROR,
+ GS_PLUGIN_ERROR_FAILED,
+ "snapd response does is not a valid JSON object");
+ return FALSE;
+ }
+ root = json_node_get_object (json_parser_get_root (parser));
+ if (!json_object_has_member (root, "result")) {
+ g_set_error_literal (error,
+ GS_PLUGIN_ERROR,
+ GS_PLUGIN_ERROR_FAILED,
+ "snapd response does not contain a \"result\" field");
+ return FALSE;
+ }
+ if (result != NULL)
+ *result = json_object_ref (json_object_get_object_member (root, "result"));
+
+ return TRUE;
+}
+
+gboolean
+gs_snapd_parse_error (const gchar *response_type,
+ const gchar *response,
+ gchar **message,
+ gchar **kind,
+ GError **error)
+{
+ g_autoptr(JsonObject) result = NULL;
+
+ if (!gs_snapd_parse_result (response_type, response, &result, error))
+ return FALSE;
+
+ if (message != NULL)
+ *message = g_strdup (json_object_get_string_member (result, "message"));
+ if (kind != NULL)
+ *kind = json_object_has_member (result, "kind") ? g_strdup (json_object_get_string_member
(result, "kind")) : NULL;
+
+ return TRUE;
+}
diff --git a/src/plugins/gs-snapd.h b/src/plugins/gs-snapd.h
index e84d36b..7c0eb9c 100644
--- a/src/plugins/gs-snapd.h
+++ b/src/plugins/gs-snapd.h
@@ -23,12 +23,15 @@
#define __GS_SNAPD_H__
#include <gio/gio.h>
+#include <json-glib/json-glib.h>
gboolean gs_snapd_exists (void);
gboolean gs_snapd_request (const gchar *method,
const gchar *path,
const gchar *content,
+ const gchar *macaroon,
+ gchar **discharges,
guint *status_code,
gchar **reason_phrase,
gchar **response_type,
@@ -37,4 +40,16 @@ gboolean gs_snapd_request (const gchar *method,
GCancellable *cancellable,
GError **error);
+gboolean gs_snapd_parse_result (const gchar *response_type,
+ const gchar *response,
+ JsonObject **result,
+ GError **error);
+
+gboolean gs_snapd_parse_error (const gchar *response_type,
+ const gchar *response,
+ gchar **message,
+ gchar **kind,
+ GError **error);
+
+
#endif /* __GS_SNAPD_H__ */
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]