[libgdata: 1/3] build: Make OAuth 1.0 support optional and disabled by default



commit 427e3bed7b5e6edaa23ca4cc48e3caa9a224e6ed
Author: Philip Withnall <withnall endlessm com>
Date:   Wed Aug 21 11:41:06 2019 +0300

    build: Make OAuth 1.0 support optional and disabled by default
    
    liboauth is unmaintained and hard to compile at the moment. OAuth 1.0
    itself has been deprecated in Google APIs since 2012, in favour of OAuth
    2.0 or other more modern authentication/authorisation methods.
    
    Add a new configure option for `oauth1`, and disable it by default. If
    it’s disabled, the `GDataOAuth1Authorizer` will return errors when used
    (but the API is still available and not marked as deprecated yet).
    
    Eventually the `GDataOAuth1Authorizer` API will be marked as deprecated,
    but we can’t do that at the moment as we’re in API freeze.
    
    Signed-off-by: Philip Withnall <withnall endlessm com>
    
    Fixes: #1

 gdata/gdata-oauth1-authorizer.c | 32 +++++++++++++++++++++++++++++++-
 gdata/tests/oauth1-authorizer.c | 25 +++++++++++++++++++++++++
 meson.build                     |  8 +++++++-
 meson_options.txt               |  5 +++++
 4 files changed, 68 insertions(+), 2 deletions(-)
---
diff --git a/gdata/gdata-oauth1-authorizer.c b/gdata/gdata-oauth1-authorizer.c
index ecea5cbe..09d766ec 100644
--- a/gdata/gdata-oauth1-authorizer.c
+++ b/gdata/gdata-oauth1-authorizer.c
@@ -23,6 +23,8 @@
  * @stability: Stable
  * @include: gdata/gdata-oauth1-authorizer.h
  *
+ * OAuth 1.0 has been deprecated since 2012, and OAuth 2.0 (#GDataOAuth2Authorizer) should be used instead.
+ *
  * #GDataOAuth1Authorizer provides an implementation of the #GDataAuthorizer interface for authentication 
and authorization using the
  * <ulink type="http" url="http://code.google.com/apis/accounts/docs/OAuthForInstalledApps.html";>OAuth 
1.0</ulink> process,
  * which was preferred by Google until OAuth 2.0 was released — it is now
@@ -140,10 +142,13 @@
 
 #include <config.h>
 #include <string.h>
-#include <oauth.h>
 #include <glib.h>
 #include <glib/gi18n-lib.h>
 
+#ifdef ENABLE_OAUTH1
+#include <oauth.h>
+#endif
+
 #include "gdata-oauth1-authorizer.h"
 #include "gdata-private.h"
 
@@ -457,6 +462,7 @@ is_authorized_for_domain (GDataAuthorizer *self, GDataAuthorizationDomain *domai
 static void
 sign_message (GDataOAuth1Authorizer *self, SoupMessage *message, const gchar *token, const gchar 
*token_secret, GHashTable *parameters)
 {
+#ifdef ENABLE_OAUTH1
        GHashTableIter iter;
        const gchar *key, *value, *consumer_key, *consumer_secret, *signature_method;
        gsize params_length = 0;
@@ -620,6 +626,7 @@ sign_message (GDataOAuth1Authorizer *self, SoupMessage *message, const gchar *to
        free (signature);
        g_free (timestamp);
        free (nonce);
+#endif  /* ENABLE_OAUTH1 */
 }
 
 /**
@@ -729,6 +736,7 @@ gchar *
 gdata_oauth1_authorizer_request_authentication_uri (GDataOAuth1Authorizer *self, gchar **token, gchar 
**token_secret,
                                                     GCancellable *cancellable, GError **error)
 {
+#ifdef ENABLE_OAUTH1
        GDataOAuth1AuthorizerPrivate *priv;
        SoupMessage *message;
        guint status;
@@ -741,6 +749,7 @@ gdata_oauth1_authorizer_request_authentication_uri (GDataOAuth1Authorizer *self,
        GHashTable *response_details;
        const gchar *callback_uri, *_token, *_token_secret, *callback_confirmed;
        SoupURI *_uri;
+#endif
 
        g_return_val_if_fail (GDATA_IS_OAUTH1_AUTHORIZER (self), NULL);
        g_return_val_if_fail (token != NULL, NULL);
@@ -748,6 +757,7 @@ gdata_oauth1_authorizer_request_authentication_uri (GDataOAuth1Authorizer *self,
        g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL);
        g_return_val_if_fail (error == NULL || *error == NULL, NULL);
 
+#ifdef ENABLE_OAUTH1
        priv = self->priv;
 
        /* This implements OAuthGetRequestToken and returns the URI for OAuthAuthorizeToken, which the client 
must then use themselves (e.g. in an
@@ -862,6 +872,16 @@ gdata_oauth1_authorizer_request_authentication_uri (GDataOAuth1Authorizer *self,
        g_hash_table_destroy (response_details);
 
        return g_string_free (authentication_uri, FALSE);
+#else  /* if !ENABLE_OAUTH1 */
+       *token = NULL;
+       *token_secret = NULL;
+
+       if (!g_cancellable_set_error_if_cancelled (cancellable, error))
+               g_set_error_literal (error, GDATA_SERVICE_ERROR, GDATA_SERVICE_ERROR_UNAVAILABLE,
+                                    _("OAuth 1.0 support is disabled."));
+
+       return NULL;
+#endif
 }
 
 typedef struct {
@@ -1025,6 +1045,7 @@ gboolean
 gdata_oauth1_authorizer_request_authorization (GDataOAuth1Authorizer *self, const gchar *token, const gchar 
*token_secret, const gchar *verifier,
                                                GCancellable *cancellable, GError **error)
 {
+#ifdef ENABLE_OAUTH1
        GDataOAuth1AuthorizerPrivate *priv;
        SoupMessage *message;
        guint status;
@@ -1033,6 +1054,7 @@ gdata_oauth1_authorizer_request_authorization (GDataOAuth1Authorizer *self, cons
        GHashTable *response_details;
        const gchar *_token, *_token_secret;
        SoupURI *_uri;
+#endif
 
        g_return_val_if_fail (GDATA_IS_OAUTH1_AUTHORIZER (self), FALSE);
        g_return_val_if_fail (token != NULL && *token != '\0', FALSE);
@@ -1041,6 +1063,7 @@ gdata_oauth1_authorizer_request_authorization (GDataOAuth1Authorizer *self, cons
        g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), FALSE);
        g_return_val_if_fail (error == NULL || *error == NULL, FALSE);
 
+#ifdef ENABLE_OAUTH1
        /* This implements OAuthGetAccessToken using the request token returned by OAuthGetRequestToken and 
the verification code returned by
         * OAuthAuthorizeToken. See:
         *  • http://code.google.com/apis/accounts/docs/OAuth_ref.html#AccessToken
@@ -1125,6 +1148,13 @@ gdata_oauth1_authorizer_request_authorization (GDataOAuth1Authorizer *self, cons
        g_hash_table_destroy (response_details);
 
        return TRUE;
+#else  /* if !ENABLE_OAUTH1 */
+       if (!g_cancellable_set_error_if_cancelled (cancellable, error))
+               g_set_error_literal (error, GDATA_SERVICE_ERROR, GDATA_SERVICE_ERROR_UNAVAILABLE,
+                                    _("OAuth 1.0 support is disabled."));
+
+       return FALSE;
+#endif
 }
 
 typedef struct {
diff --git a/gdata/tests/oauth1-authorizer.c b/gdata/tests/oauth1-authorizer.c
index 20c5505a..63d50d9b 100644
--- a/gdata/tests/oauth1-authorizer.c
+++ b/gdata/tests/oauth1-authorizer.c
@@ -17,6 +17,7 @@
  * License along with GData Client.  If not, see <http://www.gnu.org/licenses/>.
  */
 
+#include <config.h>
 #include <glib.h>
 #include <gdata/gdata.h>
 
@@ -476,6 +477,7 @@ test_oauth1_authorizer_request_authentication_uri_sync (OAuth1AuthorizerData *da
        gdata_test_mock_server_start_trace (mock_server, "oauth1-authorizer-request-authentication-uri-sync");
 
        authentication_uri = gdata_oauth1_authorizer_request_authentication_uri (data->authorizer, &token, 
&token_secret, NULL, &error);
+#ifdef ENABLE_OAUTH1
        g_assert_no_error (error);
        g_assert (authentication_uri != NULL && *authentication_uri != '\0');
        g_assert (token != NULL && *token != '\0');
@@ -488,6 +490,11 @@ test_oauth1_authorizer_request_authentication_uri_sync (OAuth1AuthorizerData *da
        g_free (authentication_uri);
        g_free (token);
        g_free (token_secret);
+#else
+       g_assert_error (error, GDATA_SERVICE_ERROR, GDATA_SERVICE_ERROR_UNAVAILABLE);
+       g_assert_null (authentication_uri);
+       g_clear_error (&error);
+#endif
 
        uhm_server_end_trace (mock_server);
 }
@@ -566,6 +573,7 @@ test_oauth1_authorizer_request_authentication_uri_async_cb (GDataOAuth1Authorize
        GError *error = NULL;
 
        authentication_uri = gdata_oauth1_authorizer_request_authentication_uri_finish (authorizer, 
async_result, &token, &token_secret, &error);
+#ifdef ENABLE_OAUTH1
        g_assert_no_error (error);
        g_assert (authentication_uri != NULL && *authentication_uri != '\0');
        g_assert (token != NULL && *token != '\0');
@@ -578,6 +586,11 @@ test_oauth1_authorizer_request_authentication_uri_async_cb (GDataOAuth1Authorize
        g_free (authentication_uri);
        g_free (token);
        g_free (token_secret);
+#else
+       g_assert_error (error, GDATA_SERVICE_ERROR, GDATA_SERVICE_ERROR_UNAVAILABLE);
+       g_assert_null (authentication_uri);
+       g_clear_error (&error);
+#endif
 
        g_main_loop_quit (data->main_loop);
 }
@@ -676,6 +689,7 @@ set_up_oauth1_authorizer_interactive_data (OAuth1AuthorizerInteractiveData *data
        uhm_server_end_trace (mock_server);
 }
 
+#ifdef ENABLE_OAUTH1
 static void
 set_up_oauth1_authorizer_interactive_data_bad_credentials (OAuth1AuthorizerInteractiveData *data, 
gconstpointer user_data)
 {
@@ -698,6 +712,7 @@ set_up_oauth1_authorizer_interactive_data_bad_credentials (OAuth1AuthorizerInter
 
        uhm_server_end_trace (mock_server);
 }
+#endif  /* ENABLE_OAUTH1 */
 
 static void
 tear_down_oauth1_authorizer_interactive_data (OAuth1AuthorizerInteractiveData *data, gconstpointer user_data)
@@ -743,6 +758,7 @@ test_oauth1_authorizer_request_authorization_sync (OAuth1AuthorizerInteractiveDa
        uhm_server_end_trace (mock_server);
 }
 
+#ifdef ENABLE_OAUTH1
 /* Test that synchronously authorizing a request token fails if an invalid verifier is provided. */
 static void
 test_oauth1_authorizer_request_authorization_sync_bad_credentials (OAuth1AuthorizerInteractiveData *data, 
gconstpointer user_data)
@@ -769,6 +785,7 @@ test_oauth1_authorizer_request_authorization_sync_bad_credentials (OAuth1Authori
 
        uhm_server_end_trace (mock_server);
 }
+#endif  /* ENABLE_OAUTH1 */
 
 /* Test that cancellation of synchronously authorizing a request token works. Note that this test has to be 
interactive, as the user has to visit the
  * authentication URI to retrieve a verifier for the request token. */
@@ -826,6 +843,7 @@ set_up_oauth1_authorizer_interactive_async_data (OAuth1AuthorizerInteractiveAsyn
        data->main_loop = g_main_loop_new (NULL, FALSE);
 }
 
+#ifdef ENABLE_OAUTH1
 static void
 set_up_oauth1_authorizer_interactive_async_data_bad_credentials (OAuth1AuthorizerInteractiveAsyncData *data, 
gconstpointer user_data)
 {
@@ -835,6 +853,7 @@ set_up_oauth1_authorizer_interactive_async_data_bad_credentials (OAuth1Authorize
        /* Set up the main loop */
        data->main_loop = g_main_loop_new (NULL, FALSE);
 }
+#endif  /* ENABLE_OAUTH1 */
 
 static void
 tear_down_oauth1_authorizer_interactive_async_data (OAuth1AuthorizerInteractiveAsyncData *data, 
gconstpointer user_data)
@@ -890,6 +909,7 @@ test_oauth1_authorizer_request_authorization_async (OAuth1AuthorizerInteractiveA
        uhm_server_end_trace (mock_server);
 }
 
+#ifdef ENABLE_OAUTH1
 static void
 test_oauth1_authorizer_request_authorization_async_bad_credentials_cb (GDataOAuth1Authorizer *authorizer, 
GAsyncResult *async_result,
                                                                        OAuth1AuthorizerInteractiveAsyncData 
*data)
@@ -930,6 +950,7 @@ test_oauth1_authorizer_request_authorization_async_bad_credentials (OAuth1Author
 
        uhm_server_end_trace (mock_server);
 }
+#endif  /* ENABLE_OAUTH1 */
 
 static void
 test_oauth1_authorizer_request_authorization_async_cancellation_cb (GDataOAuth1Authorizer *authorizer, 
GAsyncResult *async_result,
@@ -1079,9 +1100,11 @@ main (int argc, char *argv[])
                            tear_down_oauth1_authorizer_interactive_data);
        }
 
+#ifdef ENABLE_OAUTH1
        g_test_add ("/oauth1-authorizer/request-authorization/sync/bad-credentials", 
OAuth1AuthorizerInteractiveData, NULL,
                    set_up_oauth1_authorizer_interactive_data_bad_credentials,
                    test_oauth1_authorizer_request_authorization_sync_bad_credentials, 
tear_down_oauth1_authorizer_interactive_data);
+#endif
 
        /* Async request-authorization tests */
        if (gdata_test_interactive () == TRUE) {
@@ -1093,9 +1116,11 @@ main (int argc, char *argv[])
                            tear_down_oauth1_authorizer_interactive_async_data);
        }
 
+#ifdef ENABLE_OAUTH1
        g_test_add ("/oauth1-authorizer/request-authorization/async/bad-credentials", 
OAuth1AuthorizerInteractiveAsyncData, NULL,
                    set_up_oauth1_authorizer_interactive_async_data_bad_credentials,
                    test_oauth1_authorizer_request_authorization_async_bad_credentials, 
tear_down_oauth1_authorizer_interactive_async_data);
+#endif
 
        /* Miscellaneous tests */
        if (gdata_test_interactive () == TRUE) {
diff --git a/meson.build b/meson.build
index f9686ea3..e6fe3ca7 100644
--- a/meson.build
+++ b/meson.build
@@ -91,9 +91,15 @@ common_c_args = [
 # Private dependencies for libgdata (specifically used for pkgconfig)
 gdata_private_deps = [
   dependency('gthread-2.0'),
-  dependency('oauth', version: '>= 0.9.4'),
 ]
 
+oauth_dep = dependency('oauth', version: '>= 0.9.4', required: get_option('oauth1'))
+enable_oauth1 = oauth_dep.found()
+if enable_oauth1
+  gdata_private_deps += oauth_dep
+endif
+config_h.set('ENABLE_OAUTH1', enable_oauth1)
+
 libsoup_dep = dependency('libsoup-2.4', version: '>= 2.42.0')
 gdata_deps += libsoup_dep
 # libsoup 2.47.3 is needed for the new SoupServer API; but it contained a bug in
diff --git a/meson_options.txt b/meson_options.txt
index 25cc6b55..68c63729 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -13,6 +13,11 @@ option('goa',
   value: 'enabled',
   description: 'enable Gnome Online Accounts (goa) support')
 
+option('oauth1',
+  type: 'feature',
+  value: 'disabled',
+  description: 'enable OAuth 1.0 support (deprecated)')
+
 # Enable always building tests (default: yes)
 option('always_build_tests',
   type: 'boolean',


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]