[libgdata: 1/3] build: Make OAuth 1.0 support optional and disabled by default
- From: Philip Withnall <pwithnall src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [libgdata: 1/3] build: Make OAuth 1.0 support optional and disabled by default
- Date: Tue, 3 Sep 2019 09:39:02 +0000 (UTC)
commit 427e3bed7b5e6edaa23ca4cc48e3caa9a224e6ed
Author: Philip Withnall <withnall endlessm com>
Date: Wed Aug 21 11:41:06 2019 +0300
build: Make OAuth 1.0 support optional and disabled by default
liboauth is unmaintained and hard to compile at the moment. OAuth 1.0
itself has been deprecated in Google APIs since 2012, in favour of OAuth
2.0 or other more modern authentication/authorisation methods.
Add a new configure option for `oauth1`, and disable it by default. If
it’s disabled, the `GDataOAuth1Authorizer` will return errors when used
(but the API is still available and not marked as deprecated yet).
Eventually the `GDataOAuth1Authorizer` API will be marked as deprecated,
but we can’t do that at the moment as we’re in API freeze.
Signed-off-by: Philip Withnall <withnall endlessm com>
Fixes: #1
gdata/gdata-oauth1-authorizer.c | 32 +++++++++++++++++++++++++++++++-
gdata/tests/oauth1-authorizer.c | 25 +++++++++++++++++++++++++
meson.build | 8 +++++++-
meson_options.txt | 5 +++++
4 files changed, 68 insertions(+), 2 deletions(-)
---
diff --git a/gdata/gdata-oauth1-authorizer.c b/gdata/gdata-oauth1-authorizer.c
index ecea5cbe..09d766ec 100644
--- a/gdata/gdata-oauth1-authorizer.c
+++ b/gdata/gdata-oauth1-authorizer.c
@@ -23,6 +23,8 @@
* @stability: Stable
* @include: gdata/gdata-oauth1-authorizer.h
*
+ * OAuth 1.0 has been deprecated since 2012, and OAuth 2.0 (#GDataOAuth2Authorizer) should be used instead.
+ *
* #GDataOAuth1Authorizer provides an implementation of the #GDataAuthorizer interface for authentication
and authorization using the
* <ulink type="http" url="http://code.google.com/apis/accounts/docs/OAuthForInstalledApps.html";>OAuth
1.0</ulink> process,
* which was preferred by Google until OAuth 2.0 was released — it is now
@@ -140,10 +142,13 @@
#include <config.h>
#include <string.h>
-#include <oauth.h>
#include <glib.h>
#include <glib/gi18n-lib.h>
+#ifdef ENABLE_OAUTH1
+#include <oauth.h>
+#endif
+
#include "gdata-oauth1-authorizer.h"
#include "gdata-private.h"
@@ -457,6 +462,7 @@ is_authorized_for_domain (GDataAuthorizer *self, GDataAuthorizationDomain *domai
static void
sign_message (GDataOAuth1Authorizer *self, SoupMessage *message, const gchar *token, const gchar
*token_secret, GHashTable *parameters)
{
+#ifdef ENABLE_OAUTH1
GHashTableIter iter;
const gchar *key, *value, *consumer_key, *consumer_secret, *signature_method;
gsize params_length = 0;
@@ -620,6 +626,7 @@ sign_message (GDataOAuth1Authorizer *self, SoupMessage *message, const gchar *to
free (signature);
g_free (timestamp);
free (nonce);
+#endif /* ENABLE_OAUTH1 */
}
/**
@@ -729,6 +736,7 @@ gchar *
gdata_oauth1_authorizer_request_authentication_uri (GDataOAuth1Authorizer *self, gchar **token, gchar
**token_secret,
GCancellable *cancellable, GError **error)
{
+#ifdef ENABLE_OAUTH1
GDataOAuth1AuthorizerPrivate *priv;
SoupMessage *message;
guint status;
@@ -741,6 +749,7 @@ gdata_oauth1_authorizer_request_authentication_uri (GDataOAuth1Authorizer *self,
GHashTable *response_details;
const gchar *callback_uri, *_token, *_token_secret, *callback_confirmed;
SoupURI *_uri;
+#endif
g_return_val_if_fail (GDATA_IS_OAUTH1_AUTHORIZER (self), NULL);
g_return_val_if_fail (token != NULL, NULL);
@@ -748,6 +757,7 @@ gdata_oauth1_authorizer_request_authentication_uri (GDataOAuth1Authorizer *self,
g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL);
g_return_val_if_fail (error == NULL || *error == NULL, NULL);
+#ifdef ENABLE_OAUTH1
priv = self->priv;
/* This implements OAuthGetRequestToken and returns the URI for OAuthAuthorizeToken, which the client
must then use themselves (e.g. in an
@@ -862,6 +872,16 @@ gdata_oauth1_authorizer_request_authentication_uri (GDataOAuth1Authorizer *self,
g_hash_table_destroy (response_details);
return g_string_free (authentication_uri, FALSE);
+#else /* if !ENABLE_OAUTH1 */
+ *token = NULL;
+ *token_secret = NULL;
+
+ if (!g_cancellable_set_error_if_cancelled (cancellable, error))
+ g_set_error_literal (error, GDATA_SERVICE_ERROR, GDATA_SERVICE_ERROR_UNAVAILABLE,
+ _("OAuth 1.0 support is disabled."));
+
+ return NULL;
+#endif
}
typedef struct {
@@ -1025,6 +1045,7 @@ gboolean
gdata_oauth1_authorizer_request_authorization (GDataOAuth1Authorizer *self, const gchar *token, const gchar
*token_secret, const gchar *verifier,
GCancellable *cancellable, GError **error)
{
+#ifdef ENABLE_OAUTH1
GDataOAuth1AuthorizerPrivate *priv;
SoupMessage *message;
guint status;
@@ -1033,6 +1054,7 @@ gdata_oauth1_authorizer_request_authorization (GDataOAuth1Authorizer *self, cons
GHashTable *response_details;
const gchar *_token, *_token_secret;
SoupURI *_uri;
+#endif
g_return_val_if_fail (GDATA_IS_OAUTH1_AUTHORIZER (self), FALSE);
g_return_val_if_fail (token != NULL && *token != '\0', FALSE);
@@ -1041,6 +1063,7 @@ gdata_oauth1_authorizer_request_authorization (GDataOAuth1Authorizer *self, cons
g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), FALSE);
g_return_val_if_fail (error == NULL || *error == NULL, FALSE);
+#ifdef ENABLE_OAUTH1
/* This implements OAuthGetAccessToken using the request token returned by OAuthGetRequestToken and
the verification code returned by
* OAuthAuthorizeToken. See:
* • http://code.google.com/apis/accounts/docs/OAuth_ref.html#AccessToken
@@ -1125,6 +1148,13 @@ gdata_oauth1_authorizer_request_authorization (GDataOAuth1Authorizer *self, cons
g_hash_table_destroy (response_details);
return TRUE;
+#else /* if !ENABLE_OAUTH1 */
+ if (!g_cancellable_set_error_if_cancelled (cancellable, error))
+ g_set_error_literal (error, GDATA_SERVICE_ERROR, GDATA_SERVICE_ERROR_UNAVAILABLE,
+ _("OAuth 1.0 support is disabled."));
+
+ return FALSE;
+#endif
}
typedef struct {
diff --git a/gdata/tests/oauth1-authorizer.c b/gdata/tests/oauth1-authorizer.c
index 20c5505a..63d50d9b 100644
--- a/gdata/tests/oauth1-authorizer.c
+++ b/gdata/tests/oauth1-authorizer.c
@@ -17,6 +17,7 @@
* License along with GData Client. If not, see <http://www.gnu.org/licenses/>.
*/
+#include <config.h>
#include <glib.h>
#include <gdata/gdata.h>
@@ -476,6 +477,7 @@ test_oauth1_authorizer_request_authentication_uri_sync (OAuth1AuthorizerData *da
gdata_test_mock_server_start_trace (mock_server, "oauth1-authorizer-request-authentication-uri-sync");
authentication_uri = gdata_oauth1_authorizer_request_authentication_uri (data->authorizer, &token,
&token_secret, NULL, &error);
+#ifdef ENABLE_OAUTH1
g_assert_no_error (error);
g_assert (authentication_uri != NULL && *authentication_uri != '\0');
g_assert (token != NULL && *token != '\0');
@@ -488,6 +490,11 @@ test_oauth1_authorizer_request_authentication_uri_sync (OAuth1AuthorizerData *da
g_free (authentication_uri);
g_free (token);
g_free (token_secret);
+#else
+ g_assert_error (error, GDATA_SERVICE_ERROR, GDATA_SERVICE_ERROR_UNAVAILABLE);
+ g_assert_null (authentication_uri);
+ g_clear_error (&error);
+#endif
uhm_server_end_trace (mock_server);
}
@@ -566,6 +573,7 @@ test_oauth1_authorizer_request_authentication_uri_async_cb (GDataOAuth1Authorize
GError *error = NULL;
authentication_uri = gdata_oauth1_authorizer_request_authentication_uri_finish (authorizer,
async_result, &token, &token_secret, &error);
+#ifdef ENABLE_OAUTH1
g_assert_no_error (error);
g_assert (authentication_uri != NULL && *authentication_uri != '\0');
g_assert (token != NULL && *token != '\0');
@@ -578,6 +586,11 @@ test_oauth1_authorizer_request_authentication_uri_async_cb (GDataOAuth1Authorize
g_free (authentication_uri);
g_free (token);
g_free (token_secret);
+#else
+ g_assert_error (error, GDATA_SERVICE_ERROR, GDATA_SERVICE_ERROR_UNAVAILABLE);
+ g_assert_null (authentication_uri);
+ g_clear_error (&error);
+#endif
g_main_loop_quit (data->main_loop);
}
@@ -676,6 +689,7 @@ set_up_oauth1_authorizer_interactive_data (OAuth1AuthorizerInteractiveData *data
uhm_server_end_trace (mock_server);
}
+#ifdef ENABLE_OAUTH1
static void
set_up_oauth1_authorizer_interactive_data_bad_credentials (OAuth1AuthorizerInteractiveData *data,
gconstpointer user_data)
{
@@ -698,6 +712,7 @@ set_up_oauth1_authorizer_interactive_data_bad_credentials (OAuth1AuthorizerInter
uhm_server_end_trace (mock_server);
}
+#endif /* ENABLE_OAUTH1 */
static void
tear_down_oauth1_authorizer_interactive_data (OAuth1AuthorizerInteractiveData *data, gconstpointer user_data)
@@ -743,6 +758,7 @@ test_oauth1_authorizer_request_authorization_sync (OAuth1AuthorizerInteractiveDa
uhm_server_end_trace (mock_server);
}
+#ifdef ENABLE_OAUTH1
/* Test that synchronously authorizing a request token fails if an invalid verifier is provided. */
static void
test_oauth1_authorizer_request_authorization_sync_bad_credentials (OAuth1AuthorizerInteractiveData *data,
gconstpointer user_data)
@@ -769,6 +785,7 @@ test_oauth1_authorizer_request_authorization_sync_bad_credentials (OAuth1Authori
uhm_server_end_trace (mock_server);
}
+#endif /* ENABLE_OAUTH1 */
/* Test that cancellation of synchronously authorizing a request token works. Note that this test has to be
interactive, as the user has to visit the
* authentication URI to retrieve a verifier for the request token. */
@@ -826,6 +843,7 @@ set_up_oauth1_authorizer_interactive_async_data (OAuth1AuthorizerInteractiveAsyn
data->main_loop = g_main_loop_new (NULL, FALSE);
}
+#ifdef ENABLE_OAUTH1
static void
set_up_oauth1_authorizer_interactive_async_data_bad_credentials (OAuth1AuthorizerInteractiveAsyncData *data,
gconstpointer user_data)
{
@@ -835,6 +853,7 @@ set_up_oauth1_authorizer_interactive_async_data_bad_credentials (OAuth1Authorize
/* Set up the main loop */
data->main_loop = g_main_loop_new (NULL, FALSE);
}
+#endif /* ENABLE_OAUTH1 */
static void
tear_down_oauth1_authorizer_interactive_async_data (OAuth1AuthorizerInteractiveAsyncData *data,
gconstpointer user_data)
@@ -890,6 +909,7 @@ test_oauth1_authorizer_request_authorization_async (OAuth1AuthorizerInteractiveA
uhm_server_end_trace (mock_server);
}
+#ifdef ENABLE_OAUTH1
static void
test_oauth1_authorizer_request_authorization_async_bad_credentials_cb (GDataOAuth1Authorizer *authorizer,
GAsyncResult *async_result,
OAuth1AuthorizerInteractiveAsyncData
*data)
@@ -930,6 +950,7 @@ test_oauth1_authorizer_request_authorization_async_bad_credentials (OAuth1Author
uhm_server_end_trace (mock_server);
}
+#endif /* ENABLE_OAUTH1 */
static void
test_oauth1_authorizer_request_authorization_async_cancellation_cb (GDataOAuth1Authorizer *authorizer,
GAsyncResult *async_result,
@@ -1079,9 +1100,11 @@ main (int argc, char *argv[])
tear_down_oauth1_authorizer_interactive_data);
}
+#ifdef ENABLE_OAUTH1
g_test_add ("/oauth1-authorizer/request-authorization/sync/bad-credentials",
OAuth1AuthorizerInteractiveData, NULL,
set_up_oauth1_authorizer_interactive_data_bad_credentials,
test_oauth1_authorizer_request_authorization_sync_bad_credentials,
tear_down_oauth1_authorizer_interactive_data);
+#endif
/* Async request-authorization tests */
if (gdata_test_interactive () == TRUE) {
@@ -1093,9 +1116,11 @@ main (int argc, char *argv[])
tear_down_oauth1_authorizer_interactive_async_data);
}
+#ifdef ENABLE_OAUTH1
g_test_add ("/oauth1-authorizer/request-authorization/async/bad-credentials",
OAuth1AuthorizerInteractiveAsyncData, NULL,
set_up_oauth1_authorizer_interactive_async_data_bad_credentials,
test_oauth1_authorizer_request_authorization_async_bad_credentials,
tear_down_oauth1_authorizer_interactive_async_data);
+#endif
/* Miscellaneous tests */
if (gdata_test_interactive () == TRUE) {
diff --git a/meson.build b/meson.build
index f9686ea3..e6fe3ca7 100644
--- a/meson.build
+++ b/meson.build
@@ -91,9 +91,15 @@ common_c_args = [
# Private dependencies for libgdata (specifically used for pkgconfig)
gdata_private_deps = [
dependency('gthread-2.0'),
- dependency('oauth', version: '>= 0.9.4'),
]
+oauth_dep = dependency('oauth', version: '>= 0.9.4', required: get_option('oauth1'))
+enable_oauth1 = oauth_dep.found()
+if enable_oauth1
+ gdata_private_deps += oauth_dep
+endif
+config_h.set('ENABLE_OAUTH1', enable_oauth1)
+
libsoup_dep = dependency('libsoup-2.4', version: '>= 2.42.0')
gdata_deps += libsoup_dep
# libsoup 2.47.3 is needed for the new SoupServer API; but it contained a bug in
diff --git a/meson_options.txt b/meson_options.txt
index 25cc6b55..68c63729 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -13,6 +13,11 @@ option('goa',
value: 'enabled',
description: 'enable Gnome Online Accounts (goa) support')
+option('oauth1',
+ type: 'feature',
+ value: 'disabled',
+ description: 'enable OAuth 1.0 support (deprecated)')
+
# Enable always building tests (default: yes)
option('always_build_tests',
type: 'boolean',
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
