[epiphany] form-auth-data: Properly normalize URI when accessing secret service
- From: Michael Catanzaro <mcatanzaro src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [epiphany] form-auth-data: Properly normalize URI when accessing secret service
- Date: Fri, 3 Feb 2017 02:19:07 +0000 (UTC)
commit 71d0b0aa75788aa6ebacc1cf6225f57a6c7e7b2d
Author: Michael Catanzaro <mcatanzaro gnome org>
Date: Thu Feb 2 19:51:15 2017 -0600
form-auth-data: Properly normalize URI when accessing secret service
I've mishandled this issue pretty badly. Incredibly, my previous patch,
which was intended to ensure we always normalize URIs to security
origins when working with form auth data, only fixed use of the form
auth data cache. It didn't actually fix any use of the secret service
itself. Fix that.
This commit notably removes support for mailman passwords, which is
making the code way too complicated and conflicts with the goal of
storing only security origins and not full URIs in the secret service.
Note: this normalization is way better than what we were doing before.
In particular, it incidentally fixes odd bugs like the URI framgment,
even the empty fragment #, being sufficient to trick our password
manager into storing separate passwords, so this should also make the
password filling significantly more reliable than it used to be. (Unless
you need per-URI passwords without a username, i.e. mailman passwords,
in which case you're just out of luck, sorry!)
https://bugzilla.gnome.org/show_bug.cgi?id=752738
lib/ephy-form-auth-data.c | 55 +++++++++-----------------------------------
1 files changed, 12 insertions(+), 43 deletions(-)
---
diff --git a/lib/ephy-form-auth-data.c b/lib/ephy-form-auth-data.c
index ac865df..ff407ac 100644
--- a/lib/ephy-form-auth-data.c
+++ b/lib/ephy-form-auth-data.c
@@ -43,17 +43,6 @@ ephy_form_auth_data_get_password_schema (void)
return &schema;
}
-static void
-normalize_and_prepare_uri (SoupURI *uri,
- gboolean remove_path)
-{
- g_assert (uri != NULL);
-
- soup_uri_set_query (uri, NULL);
- if (remove_path)
- soup_uri_set_path (uri, "/");
-}
-
static GHashTable *
ephy_form_auth_data_get_secret_attributes_table (const char *uri,
const char *field_username,
@@ -61,10 +50,14 @@ ephy_form_auth_data_get_secret_attributes_table (const char *uri,
const char *username)
{
GHashTable *attributes;
+ char *origin;
+
+ origin = ephy_uri_to_security_origin (uri);
attributes = secret_attributes_build (EPHY_FORM_PASSWORD_SCHEMA,
- URI_KEY, uri,
+ URI_KEY, origin,
username ? USERNAME_KEY : NULL, username,
NULL);
+ g_free (origin);
if (field_username)
g_hash_table_insert (attributes, g_strdup (FORM_USERNAME_KEY), g_strdup (field_username));
@@ -99,10 +92,9 @@ ephy_form_auth_data_store (const char *uri,
GAsyncReadyCallback callback,
gpointer userdata)
{
- SoupURI *fake_uri;
- char *fake_uri_str;
SecretValue *value;
GHashTable *attributes;
+ char *origin;
char *label;
GTask *task;
@@ -114,32 +106,24 @@ ephy_form_auth_data_store (const char *uri,
LOG ("Storing password in secret service for uri=%s form_username=%s form_password=%s username=%s",
uri, form_username, form_password, username);
- fake_uri = soup_uri_new (uri);
- g_return_if_fail (fake_uri);
-
task = g_task_new (NULL, NULL, callback, userdata);
- /* Mailman passwords need the full URI */
- if (!form_username && g_strcmp0 (form_password, "adminpw") == 0)
- normalize_and_prepare_uri (fake_uri, FALSE);
- else
- normalize_and_prepare_uri (fake_uri, TRUE);
- fake_uri_str = soup_uri_to_string (fake_uri, FALSE);
value = secret_value_new (password, -1, "text/plain");
- attributes = ephy_form_auth_data_get_secret_attributes_table (fake_uri_str, form_username,
+ attributes = ephy_form_auth_data_get_secret_attributes_table (uri, form_username,
form_password, username);
+ origin = ephy_uri_to_security_origin (uri);
if (username != NULL) {
/* Translators: The first %s is the username and the second one is the
* security origin where this is happening. Example: gnome gmail com and
* https://mail.google.com.
*/
label = g_strdup_printf (_("Password for %s in a form in %s"),
- username, fake_uri_str);
+ username, origin);
} else {
/* Translators: The first %s is the security origin where this is happening.
* Example: https://mail.google.com.
*/
- label = g_strdup_printf (_("Password in a form in %s"), fake_uri_str);
+ label = g_strdup_printf (_("Password in a form in %s"), origin);
}
secret_service_store (NULL, EPHY_FORM_PASSWORD_SCHEMA,
attributes, NULL, label, value,
@@ -150,8 +134,7 @@ ephy_form_auth_data_store (const char *uri,
g_free (label);
secret_value_unref (value);
g_hash_table_unref (attributes);
- soup_uri_free (fake_uri);
- g_free (fake_uri_str);
+ g_free (origin);
g_object_unref (task);
}
@@ -235,27 +218,15 @@ ephy_form_auth_data_query (const char *uri,
gpointer user_data,
GDestroyNotify destroy_data)
{
- SoupURI *key;
- char *key_str;
EphyFormAuthDataQueryClosure *closure;
GHashTable *attributes;
g_return_if_fail (uri);
- key = soup_uri_new (uri);
- g_return_if_fail (key);
-
LOG ("Querying secret service for uri=%s form_username=%s form_password=%s username=%s...",
uri, form_username, form_password, username);
- if (!form_username && g_strcmp0 (form_password, "adminpw") == 0)
- normalize_and_prepare_uri (key, FALSE);
- else
- normalize_and_prepare_uri (key, TRUE);
-
- key_str = soup_uri_to_string (key, FALSE);
-
- attributes = ephy_form_auth_data_get_secret_attributes_table (key_str,
+ attributes = ephy_form_auth_data_get_secret_attributes_table (uri,
form_username,
form_password,
username);
@@ -273,8 +244,6 @@ ephy_form_auth_data_query (const char *uri,
closure);
g_hash_table_unref (attributes);
- soup_uri_free (key);
- g_free (key_str);
}
static EphyFormAuthData *
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]