[shotwell] publishing: Bind secrects to account names
- From: Jens Georg <jensgeorg src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [shotwell] publishing: Bind secrects to account names
- Date: Tue, 22 Dec 2020 08:51:51 +0000 (UTC)
commit f5aae90fb795d0d0433dff608f1348b9a6f6c390
Author: Jens Georg <mail jensge org>
Date: Tue Dec 22 09:34:40 2020 +0100
publishing: Bind secrects to account names
.../shotwell/GoogleAuthenticator.vala | 26 ++++++++++++----
.../shotwell/OAuth1Authenticator.vala | 35 +++++++++++++++++-----
src/plugins/PublishingInterfaces.vala | 2 ++
3 files changed, 49 insertions(+), 14 deletions(-)
---
diff --git a/plugins/authenticator/shotwell/GoogleAuthenticator.vala
b/plugins/authenticator/shotwell/GoogleAuthenticator.vala
index f6404d13..a5c139a5 100644
--- a/plugins/authenticator/shotwell/GoogleAuthenticator.vala
+++ b/plugins/authenticator/shotwell/GoogleAuthenticator.vala
@@ -7,6 +7,8 @@ namespace Publishing.Authenticator.Shotwell.Google {
private const string OAUTH_CLIENT_SECRET = "pwpzZ7W1TCcD5uIfYCu8sM7x";
private const string OAUTH_CALLBACK_URI = REVERSE_CLIENT_ID + ":/auth-callback";
+ private const string SCHEMA_KEY_ACCOUNTNAME = "accountname";
+
private class WebAuthenticationPane : Common.WebAuthenticationPane {
public static bool cache_dirty = false;
private string? auth_code = null;
@@ -115,6 +117,9 @@ namespace Publishing.Authenticator.Shotwell.Google {
private const string PASSWORD_SCHEME = "org.gnome.Shotwell.Google";
private string scope = null;
+
+ // Prepare for multiple user accounts
+ private string accountname = "default";
private Spit.Publishing.PluginHost host = null;
private GLib.HashTable<string, Variant> params = null;
private WebAuthenticationPane web_auth_pane = null;
@@ -131,13 +136,15 @@ namespace Publishing.Authenticator.Shotwell.Google {
this.session = new Session();
this.welcome_message = welcome_message;
this.schema = new Secret.Schema (PASSWORD_SCHEME, Secret.SchemaFlags.NONE,
+ SCHEMA_KEY_ACCOUNTNAME, Secret.SchemaAttributeType.STRING,
"scope", Secret.SchemaAttributeType.STRING);
}
public void authenticate() {
string? refresh_token = null;
try {
- refresh_token = Secret.password_lookup_sync(this.schema, null, "scope", this.scope);
+ refresh_token = Secret.password_lookup_sync(this.schema, null,
+ SCHEMA_KEY_ACCOUNTNAME, this.accountname,
"scope", this.scope);
} catch (Error err) {
critical("Failed to lookup refresh_token from password store: %s", err.message);
}
@@ -168,7 +175,8 @@ namespace Publishing.Authenticator.Shotwell.Google {
public void logout() {
session.deauthenticate();
try {
- Secret.password_clear_sync(this.schema, null, "scope", this.scope);
+ Secret.password_clear_sync(this.schema, null,
+ SCHEMA_KEY_ACCOUNTNAME, this.accountname, "scope", this.scope);
} catch (Error err) {
critical("Failed to remove password for scope %s: %s", this.scope, err.message);
}
@@ -178,6 +186,10 @@ namespace Publishing.Authenticator.Shotwell.Google {
// TODO: Needs to re-auth
}
+ public void set_accountname(string accountname) {
+ this.accountname = accountname;
+ }
+
private void do_hosted_web_authentication() {
debug("ACTION: running OAuth authentication flow in hosted web pane.");
@@ -384,8 +396,9 @@ namespace Publishing.Authenticator.Shotwell.Google {
assert(session.is_authenticated());
try {
Secret.password_store_sync(this.schema, Secret.COLLECTION_DEFAULT,
- "Shotwell publishing (Google account scope %s)".printf(this.scope),
- session.refresh_token, null, "scope", this.scope);
+ "Shotwell publishing (Google account scope %s@%s)".printf(this.accountname, this.scope),
+ session.refresh_token, null,
+ SCHEMA_KEY_ACCOUNTNAME, this.accountname, "scope", this.scope);
} catch (Error err) {
critical("Failed to look up password for scope %s: %s", this.scope, err.message);
}
@@ -437,9 +450,10 @@ namespace Publishing.Authenticator.Shotwell.Google {
txn.get_status_code() == Soup.Status.UNAUTHORIZED) {
// Refresh token invalid, starting over
try {
- Secret.password_clear_sync(this.schema, null, "scope", this.scope);
+ Secret.password_clear_sync(this.schema, null,
+ SCHEMA_KEY_ACCOUNTNAME, this.accountname, "scope", this.scope);
} catch (Error err) {
- critical("Failed to remove password for scope %s: %s", this.scope, err.message);
+ critical("Failed to remove password for accountname@scope %s@%s: %s", this.accountname,
this.scope, err.message);
}
Idle.add (() => { this.authenticate(); return false; });
diff --git a/plugins/authenticator/shotwell/OAuth1Authenticator.vala
b/plugins/authenticator/shotwell/OAuth1Authenticator.vala
index ca19dc17..a2b4cbb1 100644
--- a/plugins/authenticator/shotwell/OAuth1Authenticator.vala
+++ b/plugins/authenticator/shotwell/OAuth1Authenticator.vala
@@ -15,13 +15,16 @@ namespace Publishing.Authenticator.Shotwell.OAuth1 {
private const string SECRET_TYPE_USERNAME = "username";
private const string SECRET_TYPE_AUTH_TOKEN = "auth-token";
private const string SECRET_TYPE_AUTH_TOKEN_SECRET = "auth-token-secret";
+ private const string SCHEMA_KEY_ACCOUNTNAME = "accountname";
private string service = null;
+ private string accountname = "default";
protected Authenticator(string service, string api_key, string api_secret,
Spit.Publishing.PluginHost host) {
base();
this.host = host;
this.service = service;
this.schema = new Secret.Schema ("org.gnome.Shotwell." + service, Secret.SchemaFlags.NONE,
+ SCHEMA_KEY_ACCOUNTNAME, Secret.SchemaAttributeType.STRING,
"type", Secret.SchemaAttributeType.STRING);
params = new GLib.HashTable<string, Variant>(str_hash, str_equal);
@@ -50,6 +53,10 @@ namespace Publishing.Authenticator.Shotwell.OAuth1 {
public abstract void refresh();
+ public virtual void set_accountname(string name) {
+ this.accountname = name;
+ }
+
public void invalidate_persistent_session() {
set_persistent_access_phase_token(null);
set_persistent_access_phase_token_secret(null);
@@ -63,7 +70,8 @@ namespace Publishing.Authenticator.Shotwell.OAuth1 {
protected string? get_persistent_access_phase_username() {
try {
- return Secret.password_lookup_sync(this.schema, null, "type", SECRET_TYPE_USERNAME);
+ return Secret.password_lookup_sync(this.schema, null,
+ SCHEMA_KEY_ACCOUNTNAME, this.accountname, "type", SECRET_TYPE_USERNAME);
} catch (Error err) {
critical("Failed to lookup username from password store: %s", err.message);
return null;
@@ -74,11 +82,13 @@ namespace Publishing.Authenticator.Shotwell.OAuth1 {
try {
if (username == null || username == "") {
Secret.password_clear_sync(this.schema, null,
+ SCHEMA_KEY_ACCOUNTNAME, this.accountname,
"type", SECRET_TYPE_USERNAME);
} else {
Secret.password_store_sync(this.schema, Secret.COLLECTION_DEFAULT,
- "Shotwell publishing (%s)".printf(this.service),
- username, null, "type", SECRET_TYPE_USERNAME);
+ "Shotwell publishing (%s@%s)".printf(this.accountname,
this.service),
+ username, null,
+ SCHEMA_KEY_ACCOUNTNAME, this.accountname, "type",
SECRET_TYPE_USERNAME);
}
} catch (Error err) {
critical("Failed to store username in store: %s", err.message);
@@ -88,6 +98,7 @@ namespace Publishing.Authenticator.Shotwell.OAuth1 {
protected string? get_persistent_access_phase_token() {
try {
return Secret.password_lookup_sync(this.schema, null,
+ SCHEMA_KEY_ACCOUNTNAME, this.accountname,
"type", SECRET_TYPE_AUTH_TOKEN);
} catch (Error err) {
critical("Failed to lookup auth-token from password store: %s", err.message);
@@ -99,11 +110,14 @@ namespace Publishing.Authenticator.Shotwell.OAuth1 {
try {
if (token == null || token == "") {
Secret.password_clear_sync(this.schema, null,
+ SCHEMA_KEY_ACCOUNTNAME, this.accountname,
"type", SECRET_TYPE_AUTH_TOKEN);
} else {
Secret.password_store_sync(this.schema, Secret.COLLECTION_DEFAULT,
- "Shotwell publishing (%s)".printf(this.service),
- token, null, "type", SECRET_TYPE_AUTH_TOKEN);
+ "Shotwell publishing (%s@%s)".printf(this.accountname,
this.service),
+ token, null,
+ SCHEMA_KEY_ACCOUNTNAME, this.accountname,
+ "type", SECRET_TYPE_AUTH_TOKEN);
}
} catch (Error err) {
critical("Failed to store auth-token store: %s", err.message);
@@ -112,7 +126,9 @@ namespace Publishing.Authenticator.Shotwell.OAuth1 {
protected string? get_persistent_access_phase_token_secret() {
try {
- return Secret.password_lookup_sync(this.schema, null, "type", SECRET_TYPE_AUTH_TOKEN_SECRET);
+ return Secret.password_lookup_sync(this.schema, null,
+ SCHEMA_KEY_ACCOUNTNAME, this.accountname,
+ "type", SECRET_TYPE_AUTH_TOKEN_SECRET);
} catch (Error err) {
critical("Failed to lookup auth-token-secret from password store: %s", err.message);
return null;
@@ -123,11 +139,14 @@ namespace Publishing.Authenticator.Shotwell.OAuth1 {
try {
if (secret == null || secret == "") {
Secret.password_clear_sync(this.schema, null,
+ SCHEMA_KEY_ACCOUNTNAME, this.accountname,
"type", SECRET_TYPE_AUTH_TOKEN_SECRET);
} else {
Secret.password_store_sync(this.schema, Secret.COLLECTION_DEFAULT,
- "Shotwell publishing (%s)".printf(this.service),
- secret, null, "type", SECRET_TYPE_AUTH_TOKEN_SECRET);
+ "Shotwell publishing (%s@%s)".printf(this.accountname,
this.service),
+ secret, null,
+ SCHEMA_KEY_ACCOUNTNAME, this.accountname,
+ "type", SECRET_TYPE_AUTH_TOKEN_SECRET);
}
} catch (Error err) {
critical("Failed to store auth-token-secret store: %s", err.message);
diff --git a/src/plugins/PublishingInterfaces.vala b/src/plugins/PublishingInterfaces.vala
index 1018dc60..a2728e58 100644
--- a/src/plugins/PublishingInterfaces.vala
+++ b/src/plugins/PublishingInterfaces.vala
@@ -622,6 +622,8 @@ public interface Authenticator : Object {
public abstract void logout();
public abstract void refresh();
+ public abstract void set_accountname(string name);
+
public abstract GLib.HashTable<string, Variant> get_authentication_parameter();
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
