From bbdfdb8cc119a6aebaabc7cffb30e6a44507f977 Mon Sep 17 00:00:00 2001
From: Milan Crha <mcrha@redhat.com>
Date: Thu, 5 May 2022 09:12:23 +0200
Subject: Update Google OAuth2 for upcoming changes

The Google OAuth2 flow is going to be changed soon, as is written here:
https://developers.googleblog.com/2022/02/making-oauth-flows-safer.html

This change makes the GOA ready for the final deprecation, which is currently
scheduled for August 31, 2022.
---
 src/goabackend/goagoogleprovider.c | 52 +++++++++++++++++++++++++++++++++++---
 1 file changed, 49 insertions(+), 3 deletions(-)

diff --git a/src/goabackend/goagoogleprovider.c b/src/goabackend/goagoogleprovider.c
index 7d4cd30..70f81aa 100644
--- a/src/goabackend/goagoogleprovider.c
+++ b/src/goabackend/goagoogleprovider.c
@@ -32,6 +32,7 @@
 struct _GoaGoogleProvider
 {
   GoaOAuth2Provider parent_instance;
+  gchar *redirect_uri;
 };
 
 G_DEFINE_TYPE_WITH_CODE (GoaGoogleProvider, goa_google_provider, GOA_TYPE_OAUTH2_PROVIDER,
@@ -77,19 +78,50 @@ get_provider_features (GoaProvider *provider)
 static const gchar *
 get_authorization_uri (GoaOAuth2Provider *oauth2_provider)
 {
-  return "https://accounts.google.com/o/oauth2/auth";
+  return "https://accounts.google.com/o/oauth2/v2/auth";
 }
 
 static const gchar *
 get_token_uri (GoaOAuth2Provider *oauth2_provider)
 {
-  return "https://accounts.google.com/o/oauth2/token";
+  return "https://oauth2.googleapis.com/token";
 }
 
 static const gchar *
 get_redirect_uri (GoaOAuth2Provider *oauth2_provider)
 {
-  return "http://localhost";
+  G_LOCK_DEFINE_STATIC (redirect_uri);
+  GoaGoogleProvider *self = GOA_GOOGLE_PROVIDER (oauth2_provider);
+
+  G_LOCK (redirect_uri);
+
+  if (!self->redirect_uri) {
+    GPtrArray *array;
+    gchar **strv;
+    gchar *joinstr;
+    guint ii;
+
+    strv = g_strsplit (GOA_GOOGLE_CLIENT_ID, ".", -1);
+    array = g_ptr_array_new ();
+
+    for (ii = 0; strv[ii]; ii++) {
+      g_ptr_array_insert (array, 0, strv[ii]);
+    }
+
+    g_ptr_array_add (array, NULL);
+
+    joinstr = g_strjoinv (".", (gchar **) array->pdata);
+    /* Use reverse-DNS of the client ID with the below path */
+    self->redirect_uri = g_strconcat (joinstr, ":/oauth2redirect", NULL);
+
+    g_ptr_array_free (array, TRUE);
+    g_strfreev (strv);
+    g_free (joinstr);
+  }
+
+  G_UNLOCK (redirect_uri);
+
+  return self->redirect_uri;
 }
 
 static const gchar *
@@ -415,6 +447,16 @@ add_account_key_values (GoaOAuth2Provider  *oauth2_provider,
 
 /* ---------------------------------------------------------------------------------------------------- */
 
+static void
+goa_google_finalize (GObject *object)
+{
+  GoaGoogleProvider *self = GOA_GOOGLE_PROVIDER (object);
+
+  g_free (self->redirect_uri);
+
+  G_OBJECT_CLASS (goa_google_provider_parent_class)->finalize (object);
+}
+
 static void
 goa_google_provider_init (GoaGoogleProvider *self)
 {
@@ -425,6 +467,10 @@ goa_google_provider_class_init (GoaGoogleProviderClass *klass)
 {
   GoaProviderClass *provider_class;
   GoaOAuth2ProviderClass *oauth2_class;
+  GObjectClass *object_class;
+
+  object_class = G_OBJECT_CLASS (klass);
+  object_class->finalize = goa_google_finalize;
 
   provider_class = GOA_PROVIDER_CLASS (klass);
   provider_class->get_provider_type          = get_provider_type;
-- 
cgit v1.2.1