[epiphany] Add profile migrator to migrate insecure passwords

From: Michael Catanzaro <mcatanzaro src gnome org>
To: commits-list gnome org
Cc:
Subject: [epiphany] Add profile migrator to migrate insecure passwords
Date: Wed, 1 Feb 2017 17:36:30 +0000 (UTC)
commit 1320bb12a25cd4be63278302e33a4ea35564fe7f
Author: Michael Catanzaro <mcatanzaro gnome org>
Date:   Wed Feb 1 11:32:32 2017 -0600

    Add profile migrator to migrate insecure passwords
    
    All previously-saved passwords will now only be available to https://
    origins. Users will have to manually enter their passwords once again in
    order to save them separately for an insecure origin.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=752738

 lib/ephy-profile-utils.h                     |    2 +-
 src/profile-migrator/ephy-profile-migrator.c |   82 +++++++++++++++++++++++++-
 2 files changed, 82 insertions(+), 2 deletions(-)
---
diff --git a/lib/ephy-profile-utils.h b/lib/ephy-profile-utils.h
index db6c660..5c02886 100644
--- a/lib/ephy-profile-utils.h
+++ b/lib/ephy-profile-utils.h
@@ -24,7 +24,7 @@
 
 G_BEGIN_DECLS
 
-#define EPHY_PROFILE_MIGRATION_VERSION 14
+#define EPHY_PROFILE_MIGRATION_VERSION 15
 
 #define EPHY_BOOKMARKS_FILE     "bookmarks.gvdb"
 #define EPHY_HISTORY_FILE       "ephy-history.db"
diff --git a/src/profile-migrator/ephy-profile-migrator.c b/src/profile-migrator/ephy-profile-migrator.c
index 8f486d5..9d2c454 100644
--- a/src/profile-migrator/ephy-profile-migrator.c
+++ b/src/profile-migrator/ephy-profile-migrator.c
@@ -723,6 +723,85 @@ migrate_permissions (void)
   g_object_unref (file);
 }
 
+/* https://bugzilla.gnome.org/show_bug.cgi?id=752738 */
+static void
+migrate_insecure_password (SecretItem *item)
+{
+  GHashTable *attributes;
+  WebKitSecurityOrigin *original_origin;
+  const char *original_uri;
+
+  attributes = secret_item_get_attributes (item);
+  original_uri = g_hash_table_lookup (attributes, URI_KEY);
+  original_origin = webkit_security_origin_new_for_uri (original_uri);
+  if (original_origin == NULL) {
+    g_warning ("Failed to convert URI %s to a security origin, insecure password will not be migrated", 
original_uri);
+    g_hash_table_unref (attributes);
+    return;
+  }
+
+  if (g_strcmp0 (webkit_security_origin_get_protocol (original_origin), "http") == 0) {
+    WebKitSecurityOrigin *new_origin;
+    char *new_uri;
+    GError *error = NULL;
+
+    new_origin = webkit_security_origin_new ("https",
+                                             webkit_security_origin_get_host (original_origin),
+                                             webkit_security_origin_get_port (original_origin));
+    new_uri = webkit_security_origin_to_string (new_origin);
+    webkit_security_origin_unref (new_origin);
+
+    g_hash_table_replace (attributes, g_strdup (URI_KEY), new_uri);
+    secret_item_set_attributes_sync (item, EPHY_FORM_PASSWORD_SCHEMA, attributes, NULL, &error);
+    if (error != NULL) {
+      g_warning ("Failed to convert URI %s to https://, insecure password will not be migrated: %s", 
original_uri, error->message);
+      g_error_free (error);
+    }
+  }
+
+  g_hash_table_unref (attributes);
+  webkit_security_origin_unref (original_origin);
+}
+
+static void
+migrate_insecure_passwords (void)
+{
+  SecretService *service;
+  GHashTable *attributes;
+  GList *items;
+  GError *error = NULL;
+
+  service = secret_service_get_sync (SECRET_SERVICE_LOAD_COLLECTIONS, NULL, &error);
+  if (error != NULL) {
+    g_warning ("Failed to get secret service proxy, insecure passwords will not be migrated: %s", 
error->message);
+    g_error_free (error);
+    return;
+  }
+
+  attributes = secret_attributes_build (EPHY_FORM_PASSWORD_SCHEMA, NULL);
+
+  items = secret_service_search_sync (service,
+                                      EPHY_FORM_PASSWORD_SCHEMA,
+                                      attributes,
+                                      SECRET_SEARCH_ALL | SECRET_SEARCH_UNLOCK | SECRET_SEARCH_LOAD_SECRETS,
+                                      NULL,
+                                      &error);
+  if (error != NULL) {
+    g_warning ("Failed to search secret service, insecure passwords will not be migrated: %s", 
error->message);
+    g_error_free (error);
+    goto out;
+  }
+
+  for (GList *l = items; l != NULL; l = l->next)
+    migrate_insecure_password ((SecretItem *)l->data);
+
+  g_list_free_full (items, g_object_unref);
+
+out:
+  g_object_unref (service);
+  g_hash_table_unref (attributes);
+}
+
 static void
 migrate_nothing (void)
 {
@@ -750,7 +829,8 @@ const EphyProfileMigrator migrators[] = {
   migrate_bookmarks,
   migrate_adblock_filters,
   migrate_initial_state,
-  migrate_permissions
+  migrate_permissions,
+  migrate_insecure_passwords,
 };
 
 static gboolean
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]