Get unique state ID via http handler too.

2017-10-26 14:38:04 +02:00 · 2017-10-26 14:38:04 +02:00 · b0b963ca0d
commit b0b963ca0d
parent 497a469a8b
5 changed files with 34 additions and 11 deletions
--- a/src/network-web/oauth2service.cpp
+++ b/src/network-web/oauth2service.cpp
@ -48,7 +48,7 @@ OAuth2Service::OAuth2Service(const QString& id_string, const QString& auth_url,
  : QObject(parent), m_timerId(-1), m_tokensExpireIn(QDateTime()) {

  if (id_string.isEmpty()) {
-    m_id = "somerandomstring";
+    m_id = QString::number(std::rand());
  }
  else {
    m_id = id_string;
@ -66,9 +66,19 @@ OAuth2Service::OAuth2Service(const QString& id_string, const QString& auth_url,
  connect(&m_networkManager, SIGNAL(finished(QNetworkReply*)), this, SLOT(tokenRequestFinished(QNetworkReply*)));

 #if !defined(USE_WEBENGINE)
-  connect(handler(), &OAuthHttpHandler::authGranted, this, &OAuth2Service::retrieveAccessToken);
-  connect(handler(), &OAuthHttpHandler::authRejected, [this](const QString& error_description) {
-    emit authFailed();
+  connect(handler(), &OAuthHttpHandler::authGranted, [this](const QString& auth_code, const QString& id) {
+    if (id.isEmpty() || id == m_id) {
+      // We process this further only if handler (static singleton) responded to our original request.
+      retrieveAccessToken(auth_code);
+    }
+  });
+  connect(handler(), &OAuthHttpHandler::authRejected, [this](const QString& error_description, const QString& id) {
+    Q_UNUSED(error_description)
+
+    if (id.isEmpty() || id == m_id) {
+      // We process this further only if handler (static singleton) responded to our original request.
+      emit authFailed();
+    }
  });
 #endif
 }
--- a/src/network-web/oauthhttphandler.cpp
+++ b/src/network-web/oauthhttphandler.cpp
@ -15,7 +15,7 @@ OAuthHttpHandler::OAuthHttpHandler(QObject* parent) : QObject(parent) {

  connect(&m_httpServer, &QTcpServer::newConnection, this, &OAuthHttpHandler::clientConnected);

-  if (!m_httpServer.listen(m_listenAddress, 80)) {
+  if (!m_httpServer.listen(m_listenAddress, 13377)) {
    qCritical("OAuth HTTP handler: Failed to start listening.");
  }
 }
@ -49,18 +49,18 @@ void OAuthHttpHandler::handleRedirection(const QVariantMap& data) {
    const QString description = data.value(QSL("error_description")).toString();

    qWarning("OAuth HTTP handler: AuthenticationError: %s(%s): %s", qPrintable(error), qPrintable(uri), qPrintable(description));
-    emit authRejected(description);
+    emit authRejected(description, received_state);
  }
  else if (code.isEmpty()) {
    qWarning("OAuth HTTP handler: AuthenticationError: Code not received");
-    emit authRejected(QSL("AuthenticationError: Code not received"));
+    emit authRejected(QSL("AuthenticationError: Code not received"), received_state);
  }
  else if (received_state.isEmpty()) {
    qWarning("OAuth HTTP handler: State not received");
-    emit authRejected(QSL("State not received"));
+    emit authRejected(QSL("State not received"), received_state);
  }
  else {
-    emit authGranted(code);
+    emit authGranted(code, received_state);
  }
 }

--- a/src/network-web/oauthhttphandler.h
+++ b/src/network-web/oauthhttphandler.h
@ -16,8 +16,8 @@ class OAuthHttpHandler : public QObject {
    virtual ~OAuthHttpHandler();

  signals:
-    void authRejected(const QString& error_description);
-    void authGranted(const QString& auth_code);
+    void authRejected(const QString& error_description, const QString& state = QString());
+    void authGranted(const QString& auth_code, const QString& state);

  private slots:
    void clientConnected();
--- a/src/services/gmail/gui/formeditgmailaccount.cpp
+++ b/src/services/gmail/gui/formeditgmailaccount.cpp
@ -15,6 +15,13 @@ FormEditGmailAccount::FormEditGmailAccount(QWidget* parent) : QDialog(parent),
  m_ui.setupUi(this);

  GuiUtilities::setLabelAsNotice(*m_ui.m_lblAuthInfo, true);
+
+#if !defined(USE_WEBENGINE)
+  m_ui.m_lblAuthInfo->setText(tr("You must use \"%1\" as base redirect URL. You can use custom port to make sure "
+                                 "that no local service occupies it. Make sure that this redirect URL matches redirect "
+                                 "URL of used \"application\".").arg(LOCALHOST_ADDRESS));
+#endif
+
  GuiUtilities::applyDialogProperties(*this, qApp->icons()->miscIcon(QSL("gmail")));

  m_ui.m_lblTestResult->setStatus(WidgetWithStatus::StatusType::Information,
--- a/src/services/inoreader/gui/formeditinoreaderaccount.cpp
+++ b/src/services/inoreader/gui/formeditinoreaderaccount.cpp
@ -17,6 +17,12 @@ FormEditInoreaderAccount::FormEditInoreaderAccount(QWidget* parent) : QDialog(pa
  GuiUtilities::setLabelAsNotice(*m_ui.m_lblAuthInfo, true);
  GuiUtilities::applyDialogProperties(*this, qApp->icons()->miscIcon(QSL("inoreader")));

+#if !defined(USE_WEBENGINE)
+  m_ui.m_lblAuthInfo->setText(tr("You must use \"%1\" as base redirect URL. You can use custom port to make sure "
+                                 "that no local service occupies it. Make sure that this redirect URL matches redirect "
+                                 "URL of used \"application\".").arg(LOCALHOST_ADDRESS));
+#endif
+
  m_ui.m_lblTestResult->setStatus(WidgetWithStatus::StatusType::Information,
                                  tr("Not tested yet."),
                                  tr("Not tested yet."));