[epiphany/gnome-3-20] Add profile migrator to migrate insecure passwords

From: Michael Catanzaro <mcatanzaro src gnome org>
To: commits-list gnome org
Cc:
Subject: [epiphany/gnome-3-20] Add profile migrator to migrate insecure passwords
Date: Wed, 1 Feb 2017 21:32:23 +0000 (UTC)
commit 5ae1bc1851811acb7aabd7a495616a9bfe8366e4
Author: Michael Catanzaro <mcatanzaro gnome org>
Date:   Wed Feb 1 11:32:32 2017 -0600

    Add profile migrator to migrate insecure passwords
    
    All previously-saved passwords will now only be available to https://
    origins. Users will have to manually enter their passwords once again in
    order to save them separately for an insecure origin.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=752738

 lib/ephy-profile-migrator.c |   76 +++++++++++++++++++++++++++++++++++++++++++
 lib/ephy-profile-utils.h    |    2 +-
 lib/ephy-uri-helpers.c      |   24 +++++++++++++
 lib/ephy-uri-helpers.h      |    1 +
 4 files changed, 102 insertions(+), 1 deletions(-)
---
diff --git a/lib/ephy-profile-migrator.c b/lib/ephy-profile-migrator.c
index b613f79..6eb5d4b 100644
--- a/lib/ephy-profile-migrator.c
+++ b/lib/ephy-profile-migrator.c
@@ -37,6 +37,7 @@
 #include "ephy-profile-utils.h"
 #include "ephy-settings.h"
 #include "ephy-sqlite-connection.h"
+#include "ephy-uri-helpers.h"
 #include "ephy-web-app-utils.h"
 #ifdef ENABLE_NSS
 #include "ephy-nss-glue.h"
@@ -986,6 +987,80 @@ migrate_app_desktop_file_categories (void)
   ephy_web_application_free_application_list (web_apps);
 }
 
+/* https://bugzilla.gnome.org/show_bug.cgi?id=752738 */
+static void
+migrate_insecure_password (SecretItem *item)
+{
+  GHashTable *attributes;
+  SoupURI *soup_uri;
+  const char *original_uri;
+
+  attributes = secret_item_get_attributes (item);
+  original_uri = g_hash_table_lookup (attributes, URI_KEY);
+  soup_uri = soup_uri_new (original_uri);
+  if (soup_uri == NULL) {
+    g_warning ("Failed to convert URI %s to a SoupURI, insecure password will not be migrated", 
original_uri);
+    g_hash_table_unref (attributes);
+    return;
+  }
+
+  if (soup_uri->scheme == SOUP_URI_SCHEME_HTTP) {
+    char *new_uri;
+    GError *error = NULL;
+
+    new_uri = ephy_uri_to_https_security_origin (original_uri);
+
+    g_hash_table_replace (attributes, g_strdup (URI_KEY), new_uri);
+    secret_item_set_attributes_sync (item, EPHY_FORM_PASSWORD_SCHEMA, attributes, NULL, &error);
+    if (error != NULL) {
+      g_warning ("Failed to convert URI %s to https://, insecure password will not be migrated: %s", 
original_uri, error->message);
+      g_error_free (error);
+    }
+  }
+
+  g_hash_table_unref (attributes);
+  soup_uri_free (soup_uri);
+}
+
+static void
+migrate_insecure_passwords (void)
+{
+  SecretService *service;
+  GHashTable *attributes;
+  GList *items;
+  GError *error = NULL;
+
+  service = secret_service_get_sync (SECRET_SERVICE_LOAD_COLLECTIONS, NULL, &error);
+  if (error != NULL) {
+    g_warning ("Failed to get secret service proxy, insecure passwords will not be migrated: %s", 
error->message);
+    g_error_free (error);
+    return;
+  }
+
+  attributes = secret_attributes_build (EPHY_FORM_PASSWORD_SCHEMA, NULL);
+
+  items = secret_service_search_sync (service,
+                                      EPHY_FORM_PASSWORD_SCHEMA,
+                                      attributes,
+                                      SECRET_SEARCH_ALL | SECRET_SEARCH_UNLOCK | SECRET_SEARCH_LOAD_SECRETS,
+                                      NULL,
+                                      &error);
+  if (error != NULL) {
+    g_warning ("Failed to search secret service, insecure passwords will not be migrated: %s", 
error->message);
+    g_error_free (error);
+    goto out;
+  }
+
+  for (GList *l = items; l != NULL; l = l->next)
+    migrate_insecure_password ((SecretItem *)l->data);
+
+  g_list_free_full (items, g_object_unref);
+
+out:
+  g_object_unref (service);
+  g_hash_table_unref (attributes);
+}
+
 const EphyProfileMigrator migrators[] = {
   migrate_cookies,
   migrate_passwords,
@@ -1001,6 +1076,7 @@ const EphyProfileMigrator migrators[] = {
   migrate_new_urls_table,
   migrate_form_passwords_to_libsecret,
   migrate_app_desktop_file_categories,
+  migrate_insecure_passwords,
 };
 
 static gboolean
diff --git a/lib/ephy-profile-utils.h b/lib/ephy-profile-utils.h
index a68387d..2e873c3 100644
--- a/lib/ephy-profile-utils.h
+++ b/lib/ephy-profile-utils.h
@@ -20,7 +20,7 @@
 
 #include <glib.h>
 
-#define EPHY_PROFILE_MIGRATION_VERSION 10
+#define EPHY_PROFILE_MIGRATION_VERSION 11
 
 #define EPHY_HISTORY_FILE       "ephy-history.db"
 #define EPHY_BOOKMARKS_FILE     "ephy-bookmarks.xml"
diff --git a/lib/ephy-uri-helpers.c b/lib/ephy-uri-helpers.c
index db637c6..f0dc13d 100644
--- a/lib/ephy-uri-helpers.c
+++ b/lib/ephy-uri-helpers.c
@@ -304,3 +304,27 @@ ephy_uri_to_security_origin (const char *uri_string)
 
   return result;
 }
+
+char *
+ephy_uri_to_https_security_origin (const char *uri_string)
+{
+  SoupURI *uri;
+  char *result;
+
+  /* Convert to URI containing only protocol, host, and port. */
+  uri = soup_uri_new (uri_string);
+  if (uri == NULL)
+    return NULL;
+
+  if (uri->scheme == SOUP_URI_SCHEME_FILE ||
+      uri->scheme == SOUP_URI_SCHEME_DATA)
+    return NULL;
+
+  if (soup_uri_uses_default_port (uri))
+    result = g_strdup_printf ("https://%s";, uri->host);
+  else
+    result = g_strdup_printf ("https://%s:%u";, uri->host, uri->port);
+  soup_uri_free (uri);
+
+  return result;
+}
diff --git a/lib/ephy-uri-helpers.h b/lib/ephy-uri-helpers.h
index f04af6f..028ec16 100644
--- a/lib/ephy-uri-helpers.h
+++ b/lib/ephy-uri-helpers.h
@@ -28,6 +28,7 @@ char *ephy_remove_tracking_from_uri (const char *uri);
 char *ephy_uri_decode (const char *uri);
 char *ephy_uri_normalize (const char *uri);
 char *ephy_uri_to_security_origin (const char *uri);
+char *ephy_uri_to_https_security_origin (const char *uri);
 
 G_END_DECLS
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]