[libgdata: 1/2] core: Drop ClientLogin authorizer
- From: Philip Withnall <pwithnall src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [libgdata: 1/2] core: Drop ClientLogin authorizer
- Date: Thu, 17 Jun 2021 14:22:48 +0000 (UTC)
commit 8eecbd9012986dce266eacdb9d280d9df1933147
Author: Philip Withnall <pwithnall endlessos org>
Date: Thu Jun 17 13:55:14 2021 +0100
core: Drop ClientLogin authorizer
It’s been deprecated by Google for a number of years, and is completely
unsupported in all of their newer REST APIs. Its main flaws are that it
requires the user’s password to be passed to potentially untrusted code
(normalising the user typing their password into any old text entry),
and that it can’t support the interactive authentication required for
2FA.
Signed-off-by: Philip Withnall <pwithnall endlessos org>
demos/scrapbook/scrapbook.c | 102 +-
demos/scrapbook/scrapbook.h | 11 +-
docs/reference/gdata-docs.xml | 1 -
docs/reference/gdata-sections.txt.in | 34 -
gdata/gdata-authorizer.c | 4 +-
gdata/gdata-client-login-authorizer.c | 1343 --------------------
gdata/gdata-client-login-authorizer.h | 141 --
gdata/gdata-core.symbols | 17 -
gdata/gdata-goa-authorizer.c | 2 +-
gdata/gdata-service.c | 1 -
gdata/gdata.h | 1 -
gdata/meson.build | 2 -
gdata/services/picasaweb/gdata-picasaweb-service.c | 7 +-
gdata/symbol.map | 17 -
po/POTFILES.in | 1 -
15 files changed, 62 insertions(+), 1622 deletions(-)
---
diff --git a/demos/scrapbook/scrapbook.c b/demos/scrapbook/scrapbook.c
index d909ab05..9e330cb8 100644
--- a/demos/scrapbook/scrapbook.c
+++ b/demos/scrapbook/scrapbook.c
@@ -425,26 +425,62 @@ start_new_youtube_search (GtkWidget *widget, ScrapData *first) /* *first is a po
/* everything else is implemented somewhere else */
}
-
-static void
-properties_set (GtkWidget *widget, ScrapProps *self)
+static GDataAuthorizer *
+create_authorizer (GError **error)
{
- GDataClientLoginAuthorizer *authorizer;
+ GDataOAuth2Authorizer *authorizer = NULL; /* owned */
GList *domains = NULL; /* list of GDataAuthorizationDomains */
- GError *error = NULL;
-
- /* Get the username and password to use */
- self->main_data->username = g_strdup (gtk_entry_get_text (GTK_ENTRY (self->username_entry)));
- self->main_data->password = g_strdup (gtk_entry_get_text (GTK_ENTRY (self->password_entry)));
+ gchar *uri = NULL;
+ gchar code[100];
+ GError *child_error = NULL;
/* Domains we need to be authorised for */
domains = g_list_prepend (domains, gdata_youtube_service_get_primary_authorization_domain ());
domains = g_list_prepend (domains, gdata_picasaweb_service_get_primary_authorization_domain ());
- /* Authenticate */
- authorizer = gdata_client_login_authorizer_new_for_authorization_domains (CLIENT_ID, domains);
+ /* Go through the interactive OAuth dance. */
+ authorizer = gdata_oauth2_authorizer_new_for_authorization_domains (CLIENT_ID, CLIENT_SECRET,
+ REDIRECT_URI,
+ domains);
+
+ /* Get an authentication URI */
+ uri = gdata_oauth2_authorizer_build_authentication_uri (authorizer,
+ NULL, FALSE);
+
+ /* Wait for the user to retrieve and enter the verifier. */
+ g_print ("Please navigate to the following URI and grant access:\n"
+ " %s\n", uri);
+ g_print ("Enter verifier (EOF to abort): ");
+
+ g_free (uri);
+
+ if (scanf ("%100s", code) != 1) {
+ /* User chose to abort. */
+ g_print ("\n");
+ g_clear_object (&authorizer);
+ return NULL;
+ }
+
+ /* Authorise the token. */
+ gdata_oauth2_authorizer_request_authorization (authorizer, code, NULL,
+ &child_error);
+
+ if (child_error != NULL) {
+ g_propagate_error (error, child_error);
+ g_clear_object (&authorizer);
+ return NULL;
+ }
+
+ return GDATA_AUTHORIZER (authorizer);
+}
+
+static void
+properties_set (GtkWidget *widget, ScrapProps *self)
+{
+ GDataAuthorizer *authorizer;
+ GError *error = NULL;
- gdata_client_login_authorizer_authenticate (authorizer, self->main_data->username,
self->main_data->password, NULL, &error);
+ authorizer = create_authorizer (&error);
if (error != NULL) { /* we show this to the user in case they mistyped their password */
GtkWidget *label;
@@ -458,8 +494,8 @@ properties_set (GtkWidget *widget, ScrapProps *self)
g_error_free (error);
}
- gdata_service_set_authorizer (GDATA_SERVICE (self->main_data->youtube_service), GDATA_AUTHORIZER
(authorizer));
- gdata_service_set_authorizer (GDATA_SERVICE (self->main_data->picasaweb_service), GDATA_AUTHORIZER
(authorizer));
+ gdata_service_set_authorizer (GDATA_SERVICE (self->main_data->youtube_service), authorizer);
+ gdata_service_set_authorizer (GDATA_SERVICE (self->main_data->picasaweb_service), authorizer);
gtk_widget_destroy (self->window);
g_object_unref (authorizer);
@@ -469,7 +505,7 @@ static void
properties_show (GtkWidget *widget, ScrapData *first)
{
ScrapProps *self;
- GtkWidget *label, *button, *box2;
+ GtkWidget *button;
self = g_slice_new (struct _ScrapProps);
self->main_data = first;
@@ -479,42 +515,6 @@ properties_show (GtkWidget *widget, ScrapData *first)
self->box1 = gtk_box_new (GTK_ORIENTATION_VERTICAL, 3);
- /* Username/Password labels box */
- box2 = gtk_box_new (GTK_ORIENTATION_HORIZONTAL, 10);
-
- label = gtk_label_new ("Username");
- gtk_widget_show (label);
- gtk_box_pack_start (GTK_BOX (box2), label, TRUE, TRUE, 0);
-
- label = gtk_label_new ("Password");
- gtk_widget_show (label);
- gtk_box_pack_start (GTK_BOX (box2), label, TRUE, TRUE, 0);
-
- gtk_widget_show (box2);
- gtk_box_pack_start (GTK_BOX (self->box1), box2, FALSE, FALSE, 0);
-
- /* Username/Password entries box */
- box2 = gtk_box_new (GTK_ORIENTATION_HORIZONTAL, 10);
- self->username_entry = gtk_entry_new ();
-
- if (self->main_data->username != NULL)
- gtk_entry_set_text (GTK_ENTRY(self->username_entry), self->main_data->username);
-
- gtk_widget_show (self->username_entry);
- gtk_box_pack_start (GTK_BOX (box2), self->username_entry, TRUE, TRUE, 0);
-
- self->password_entry = gtk_entry_new ();
- gtk_entry_set_visibility (GTK_ENTRY (self->password_entry), FALSE);
-
- if (self->main_data->password != NULL)
- gtk_entry_set_text (GTK_ENTRY(self->password_entry), self->main_data->password);
-
- gtk_widget_show (self->password_entry);
- gtk_box_pack_start (GTK_BOX (box2), self->password_entry, TRUE, TRUE, 0);
-
- gtk_box_pack_start (GTK_BOX (self->box1), box2, FALSE, FALSE, 0);
- gtk_widget_show (box2);
-
/* OK button */
button = gtk_button_new_with_label ("_OK");
g_signal_connect (button, "clicked", (GCallback) properties_set, self);
diff --git a/demos/scrapbook/scrapbook.h b/demos/scrapbook/scrapbook.h
index 802e7369..032cb770 100644
--- a/demos/scrapbook/scrapbook.h
+++ b/demos/scrapbook/scrapbook.h
@@ -23,8 +23,12 @@
#include <gdata/gdata.h>
#include <glib.h>
#include <glib-object.h>
-#define DEVELOPER_KEY
"AI39si5MkSF-0bzTmP5WETk1D-Z7inHaQJzX13PeG_5Uzeu8mz3vo40cFoqnxjejB-UqzYFrqzOSlsqJvHuPNEGqdycqnPo30A"
-#define CLIENT_ID "ytapi-GNOME-libgdata-444fubtt-0"
+
+#define DEVELOPER_KEY
"AI39si7Me3Q7zYs6hmkFvpRBD2nrkVjYYsUO5lh_3HdOkGRc9g6Z4nzxZatk_aAo2EsA21k7vrda0OO6oFg2rnhMedZXPyXoEw"
+#define CLIENT_ID "352818697630-nqu2cmt5quqd6lr17ouoqmb684u84l1f.apps.googleusercontent.com"
+#define CLIENT_SECRET "-fA4pHQJxR3zJ-FyAMPQsikg"
+#define REDIRECT_URI "urn:ietf:wg:oauth:2.0:oob"
+
#define THUMBNAIL_WIDTH 180
#define MAX_RESULTS 10
@@ -73,8 +77,6 @@ typedef struct _ScrapData {
ScrapPicSearch *pic_search;
ScrapPUpload *p_upload;
gint max_rows;
- gchar *username;
- gchar *password;
GtkListStore *lStore;
GDataYouTubeService *youtube_service;
@@ -131,7 +133,6 @@ struct _ScrapPSearch { /* for finding albums */
typedef struct _ScrapProps {
GtkWidget *window;
GtkWidget *box1;
- GtkWidget *username_entry, *password_entry;
ScrapData *main_data;
} ScrapProps;
diff --git a/docs/reference/gdata-docs.xml b/docs/reference/gdata-docs.xml
index eb279c84..8a533b07 100644
--- a/docs/reference/gdata-docs.xml
+++ b/docs/reference/gdata-docs.xml
@@ -54,7 +54,6 @@
<title>Authentication/Authorization API</title>
<xi:include href="xml/gdata-authorizer.xml"/>
<xi:include href="xml/gdata-authorization-domain.xml"/>
- <xi:include href="xml/gdata-client-login-authorizer.xml"/>
<xi:include href="xml/gdata-goa-authorizer.xml"><xi:fallback /></xi:include>
<xi:include href="xml/gdata-oauth2-authorizer.xml"/>
</chapter>
diff --git a/docs/reference/gdata-sections.txt.in b/docs/reference/gdata-sections.txt.in
index 135fe403..1d0ace2d 100644
--- a/docs/reference/gdata-sections.txt.in
+++ b/docs/reference/gdata-sections.txt.in
@@ -2139,40 +2139,6 @@ GDATA_IS_AUTHORIZATION_DOMAIN_CLASS
GDataAuthorizationDomainPrivate
</SECTION>
-<SECTION>
-<FILE>gdata-client-login-authorizer</FILE>
-<TITLE>GDataClientLoginAuthorizer</TITLE>
-GDataClientLoginAuthorizer
-GDataClientLoginAuthorizerClass
-GDataClientLoginAuthorizerError
-gdata_client_login_authorizer_new
-gdata_client_login_authorizer_new_for_authorization_domains
-gdata_client_login_authorizer_authenticate
-gdata_client_login_authorizer_authenticate_async
-gdata_client_login_authorizer_authenticate_finish
-gdata_client_login_authorizer_get_client_id
-gdata_client_login_authorizer_get_username
-gdata_client_login_authorizer_get_password
-gdata_client_login_authorizer_get_proxy_uri
-gdata_client_login_authorizer_set_proxy_uri
-gdata_client_login_authorizer_get_proxy_resolver
-gdata_client_login_authorizer_set_proxy_resolver
-gdata_client_login_authorizer_get_timeout
-gdata_client_login_authorizer_set_timeout
-<SUBSECTION Standard>
-GDATA_TYPE_CLIENT_LOGIN_AUTHORIZER
-GDATA_CLIENT_LOGIN_AUTHORIZER
-GDATA_CLIENT_LOGIN_AUTHORIZER_CLASS
-GDATA_IS_CLIENT_LOGIN_AUTHORIZER
-GDATA_IS_CLIENT_LOGIN_AUTHORIZER_CLASS
-GDATA_CLIENT_LOGIN_AUTHORIZER_GET_CLASS
-gdata_client_login_authorizer_get_type
-GDATA_CLIENT_LOGIN_AUTHORIZER_ERROR
-gdata_client_login_authorizer_error_quark
-<SUBSECTION Private>
-GDataClientLoginAuthorizerPrivate
-</SECTION>
-
@COMMENT@<SECTION>
@COMMENT@<FILE>gdata-goa-authorizer</FILE>
@COMMENT@<TITLE>GDataGoaAuthorizer</TITLE>
diff --git a/gdata/gdata-authorizer.c b/gdata/gdata-authorizer.c
index fbfff764..b51c8950 100644
--- a/gdata/gdata-authorizer.c
+++ b/gdata/gdata-authorizer.c
@@ -24,7 +24,7 @@
* @include: gdata/gdata-authorizer.h
*
* The #GDataAuthorizer interface provides a uniform way to implement authentication and authorization
processes for use by #GDataServices.
- * Client code will construct a new #GDataAuthorizer instance of their choosing, such as
#GDataClientLoginAuthorizer or #GDataOAuth2Authorizer, for
+ * Client code will construct a new #GDataAuthorizer instance of their choosing, such as
#GDataOAuth2Authorizer, for
* the #GDataServices which will be used by the client, then authenticates and authorizes with the
#GDataAuthorizer instead of the
* #GDataService. The #GDataService then uses the #GDataAuthorizer to authorize individual network requests
using whatever authorization token was
* returned to the #GDataAuthorizer by the Google Accounts service.
@@ -38,8 +38,6 @@
* #GDataAuthorizer implementations are provided for some of the standard authorization processes supported
by Google for installed applications, as
* listed in their <ulink type="http"
url="http://code.google.com/apis/accounts/docs/GettingStarted.html";>online documentation</ulink>:
* <itemizedlist>
- * <listitem>#GDataClientLoginAuthorizer for
- * <ulink type="http"
url="http://code.google.com/apis/accounts/docs/AuthForInstalledApps.html";>ClientLogin</ulink>
(deprecated)</listitem>
* <listitem>#GDataOAuth2Authorizer for
* <ulink type="http" url="https://developers.google.com/accounts/docs/OAuth2InstalledApp";>OAuth
2.0</ulink> (preferred)</listitem>
* </itemizedlist>
diff --git a/gdata/gdata-core.symbols b/gdata/gdata-core.symbols
index b9b4cb0f..df956027 100644
--- a/gdata/gdata-core.symbols
+++ b/gdata/gdata-core.symbols
@@ -759,23 +759,6 @@ gdata_authorizer_refresh_authorization_finish
gdata_authorization_domain_get_type
gdata_authorization_domain_get_service_name
gdata_authorization_domain_get_scope
-gdata_client_login_authorizer_get_type
-gdata_client_login_authorizer_new
-gdata_client_login_authorizer_new_for_authorization_domains
-gdata_client_login_authorizer_authenticate
-gdata_client_login_authorizer_authenticate_async
-gdata_client_login_authorizer_authenticate_finish
-gdata_client_login_authorizer_get_client_id
-gdata_client_login_authorizer_get_username
-gdata_client_login_authorizer_get_password
-gdata_client_login_authorizer_get_proxy_uri
-gdata_client_login_authorizer_set_proxy_uri
-gdata_client_login_authorizer_get_proxy_resolver
-gdata_client_login_authorizer_set_proxy_resolver
-gdata_client_login_authorizer_get_timeout
-gdata_client_login_authorizer_set_timeout
-gdata_client_login_authorizer_error_quark
-gdata_client_login_authorizer_error_get_type
gdata_download_stream_get_authorization_domain
gdata_upload_stream_get_authorization_domain
gdata_batch_operation_get_authorization_domain
diff --git a/gdata/gdata-goa-authorizer.c b/gdata/gdata-goa-authorizer.c
index e71f6145..88c014e9 100644
--- a/gdata/gdata-goa-authorizer.c
+++ b/gdata/gdata-goa-authorizer.c
@@ -32,7 +32,7 @@
* <ulink type="http" url="http://code.google.com/apis/accounts/docs/OAuthForInstalledApps.html";>OAuth
1.0</ulink> or
* <ulink type="http" url="https://developers.google.com/identity/protocols/OAuth2";>OAuth 2.0</ulink>
processes.
*
- * #GDataGoaAuthorizer natively supports authorization against multiple services (unlike
#GDataClientLoginAuthorizer), depending entirely on which
+ * #GDataGoaAuthorizer natively supports authorization against multiple services, depending entirely on which
* services the user has enabled for their Google account in GOA. #GDataGoaAuthorizer cannot authenticate
for more services than are enabled in GOA.
*
* <example>
diff --git a/gdata/gdata-service.c b/gdata/gdata-service.c
index 40fbaf84..8c62c367 100644
--- a/gdata/gdata-service.c
+++ b/gdata/gdata-service.c
@@ -51,7 +51,6 @@
#include "gdata-service.h"
#include "gdata-private.h"
-#include "gdata-client-login-authorizer.h"
#include "gdata-marshal.h"
#include "gdata-types.h"
diff --git a/gdata/gdata.h b/gdata/gdata.h
index 1650ae35..1901a0d6 100644
--- a/gdata/gdata.h
+++ b/gdata/gdata.h
@@ -37,7 +37,6 @@
#include <gdata/gdata-batch-operation.h>
#include <gdata/gdata-authorizer.h>
#include <gdata/gdata-authorization-domain.h>
-#include <gdata/gdata-client-login-authorizer.h>
#include <gdata/gdata-oauth2-authorizer.h>
#ifdef GOA_API_IS_SUBJECT_TO_CHANGE
/* You need to define GOA_API_IS_SUBJECT_TO_CHANGE in order to use the GOA authoriser. */
diff --git a/gdata/meson.build b/gdata/meson.build
index ff14f81f..728bfc1f 100644
--- a/gdata/meson.build
+++ b/gdata/meson.build
@@ -27,7 +27,6 @@ headers = files(
'gdata-authorizer.h',
'gdata-batch-operation.h',
'gdata-batchable.h',
- 'gdata-client-login-authorizer.h',
'gdata-comment.h',
'gdata-commentable.h',
'gdata-comparable.h',
@@ -51,7 +50,6 @@ sources += files(
'gdata-batch-operation.c',
'gdata-batchable.c',
'gdata-buffer.c',
- 'gdata-client-login-authorizer.c',
'gdata-comment.c',
'gdata-commentable.c',
'gdata-comparable.c',
diff --git a/gdata/services/picasaweb/gdata-picasaweb-service.c
b/gdata/services/picasaweb/gdata-picasaweb-service.c
index 89dcd7ac..1a9dc8ce 100644
--- a/gdata/services/picasaweb/gdata-picasaweb-service.c
+++ b/gdata/services/picasaweb/gdata-picasaweb-service.c
@@ -33,14 +33,13 @@
* <example>
* <title>Authenticating and Creating a New Album</title>
* <programlisting>
- * GDataClientLoginAuthorizer *authorizer;
+ * GDataAuthorizer *authorizer;
* GDataPicasaWebService *service;
* GDataPicasaWebAlbum *album, *inserted_album;
*
* /<!-- -->* Create a service object and authorize against the PicasaWeb service *<!-- -->/
- * authorizer = gdata_client_login_authorizer_new ("companyName-applicationName-versionID",
GDATA_TYPE_PICASAWEB_SERVICE);
- * gdata_client_login_authorizer_authenticate (authorizer, username, password, NULL, NULL);
- * service = gdata_picasaweb_service_new (GDATA_AUTHORIZER (authorizer));
+ * authorizer = create_authorizer (…, gdata_picasaweb_service_get_primary_authorization_domain ());
+ * service = gdata_picasaweb_service_new (authorizer);
*
* /<!-- -->* Create a GDataPicasaWebAlbum entry for the new album, setting some information about it
*<!-- -->/
* album = gdata_picasaweb_album_new (NULL);
diff --git a/gdata/symbol.map b/gdata/symbol.map
index f4ffa762..e8fc7606 100644
--- a/gdata/symbol.map
+++ b/gdata/symbol.map
@@ -129,23 +129,6 @@ global:
gdata_category_set_label;
gdata_category_set_scheme;
gdata_category_set_term;
- gdata_client_login_authorizer_authenticate;
- gdata_client_login_authorizer_authenticate_async;
- gdata_client_login_authorizer_authenticate_finish;
- gdata_client_login_authorizer_error_get_type;
- gdata_client_login_authorizer_error_quark;
- gdata_client_login_authorizer_get_client_id;
- gdata_client_login_authorizer_get_password;
- gdata_client_login_authorizer_get_proxy_resolver;
- gdata_client_login_authorizer_get_proxy_uri;
- gdata_client_login_authorizer_get_timeout;
- gdata_client_login_authorizer_get_type;
- gdata_client_login_authorizer_get_username;
- gdata_client_login_authorizer_new;
- gdata_client_login_authorizer_new_for_authorization_domains;
- gdata_client_login_authorizer_set_proxy_resolver;
- gdata_client_login_authorizer_set_proxy_uri;
- gdata_client_login_authorizer_set_timeout;
gdata_color_from_hexadecimal;
gdata_color_get_type;
gdata_color_to_hexadecimal;
diff --git a/po/POTFILES.in b/po/POTFILES.in
index e42183c8..014dac90 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -2,7 +2,6 @@
# Please keep this file sorted alphabetically.
gdata/gdata-access-handler.c
gdata/gdata-batch-operation.c
-gdata/gdata-client-login-authorizer.c
gdata/gdata-commentable.c
gdata/gdata-download-stream.c
gdata/gdata-entry.c
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
