diff options
author | Philip Withnall <withnall@endlessm.com> | 2019-08-21 11:41:06 +0300 |
---|---|---|
committer | Philip Withnall <withnall@endlessm.com> | 2019-08-21 12:31:30 +0300 |
commit | 427e3bed7b5e6edaa23ca4cc48e3caa9a224e6ed (patch) | |
tree | 63d96223d1cd12cbbb6bc6a056f016a0aa615e57 | |
parent | 43c6e45e14267cd4b932b3f3824bf3438466f18d (diff) | |
download | libgdata-427e3bed7b5e6edaa23ca4cc48e3caa9a224e6ed.tar.gz |
build: Make OAuth 1.0 support optional and disabled by default
liboauth is unmaintained and hard to compile at the moment. OAuth 1.0
itself has been deprecated in Google APIs since 2012, in favour of OAuth
2.0 or other more modern authentication/authorisation methods.
Add a new configure option for `oauth1`, and disable it by default. If
it’s disabled, the `GDataOAuth1Authorizer` will return errors when used
(but the API is still available and not marked as deprecated yet).
Eventually the `GDataOAuth1Authorizer` API will be marked as deprecated,
but we can’t do that at the moment as we’re in API freeze.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Fixes: #1
-rw-r--r-- | gdata/gdata-oauth1-authorizer.c | 32 | ||||
-rw-r--r-- | gdata/tests/oauth1-authorizer.c | 25 | ||||
-rw-r--r-- | meson.build | 8 | ||||
-rw-r--r-- | meson_options.txt | 5 |
4 files changed, 68 insertions, 2 deletions
diff --git a/gdata/gdata-oauth1-authorizer.c b/gdata/gdata-oauth1-authorizer.c index ecea5cbe..09d766ec 100644 --- a/gdata/gdata-oauth1-authorizer.c +++ b/gdata/gdata-oauth1-authorizer.c @@ -23,6 +23,8 @@ * @stability: Stable * @include: gdata/gdata-oauth1-authorizer.h * + * OAuth 1.0 has been deprecated since 2012, and OAuth 2.0 (#GDataOAuth2Authorizer) should be used instead. + * * #GDataOAuth1Authorizer provides an implementation of the #GDataAuthorizer interface for authentication and authorization using the * <ulink type="http" url="http://code.google.com/apis/accounts/docs/OAuthForInstalledApps.html">OAuth 1.0</ulink> process, * which was preferred by Google until OAuth 2.0 was released — it is now @@ -140,10 +142,13 @@ #include <config.h> #include <string.h> -#include <oauth.h> #include <glib.h> #include <glib/gi18n-lib.h> +#ifdef ENABLE_OAUTH1 +#include <oauth.h> +#endif + #include "gdata-oauth1-authorizer.h" #include "gdata-private.h" @@ -457,6 +462,7 @@ is_authorized_for_domain (GDataAuthorizer *self, GDataAuthorizationDomain *domai static void sign_message (GDataOAuth1Authorizer *self, SoupMessage *message, const gchar *token, const gchar *token_secret, GHashTable *parameters) { +#ifdef ENABLE_OAUTH1 GHashTableIter iter; const gchar *key, *value, *consumer_key, *consumer_secret, *signature_method; gsize params_length = 0; @@ -620,6 +626,7 @@ sign_message (GDataOAuth1Authorizer *self, SoupMessage *message, const gchar *to free (signature); g_free (timestamp); free (nonce); +#endif /* ENABLE_OAUTH1 */ } /** @@ -729,6 +736,7 @@ gchar * gdata_oauth1_authorizer_request_authentication_uri (GDataOAuth1Authorizer *self, gchar **token, gchar **token_secret, GCancellable *cancellable, GError **error) { +#ifdef ENABLE_OAUTH1 GDataOAuth1AuthorizerPrivate *priv; SoupMessage *message; guint status; @@ -741,6 +749,7 @@ gdata_oauth1_authorizer_request_authentication_uri (GDataOAuth1Authorizer *self, GHashTable *response_details; const gchar *callback_uri, *_token, *_token_secret, *callback_confirmed; SoupURI *_uri; +#endif g_return_val_if_fail (GDATA_IS_OAUTH1_AUTHORIZER (self), NULL); g_return_val_if_fail (token != NULL, NULL); @@ -748,6 +757,7 @@ gdata_oauth1_authorizer_request_authentication_uri (GDataOAuth1Authorizer *self, g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL); g_return_val_if_fail (error == NULL || *error == NULL, NULL); +#ifdef ENABLE_OAUTH1 priv = self->priv; /* This implements OAuthGetRequestToken and returns the URI for OAuthAuthorizeToken, which the client must then use themselves (e.g. in an @@ -862,6 +872,16 @@ gdata_oauth1_authorizer_request_authentication_uri (GDataOAuth1Authorizer *self, g_hash_table_destroy (response_details); return g_string_free (authentication_uri, FALSE); +#else /* if !ENABLE_OAUTH1 */ + *token = NULL; + *token_secret = NULL; + + if (!g_cancellable_set_error_if_cancelled (cancellable, error)) + g_set_error_literal (error, GDATA_SERVICE_ERROR, GDATA_SERVICE_ERROR_UNAVAILABLE, + _("OAuth 1.0 support is disabled.")); + + return NULL; +#endif } typedef struct { @@ -1025,6 +1045,7 @@ gboolean gdata_oauth1_authorizer_request_authorization (GDataOAuth1Authorizer *self, const gchar *token, const gchar *token_secret, const gchar *verifier, GCancellable *cancellable, GError **error) { +#ifdef ENABLE_OAUTH1 GDataOAuth1AuthorizerPrivate *priv; SoupMessage *message; guint status; @@ -1033,6 +1054,7 @@ gdata_oauth1_authorizer_request_authorization (GDataOAuth1Authorizer *self, cons GHashTable *response_details; const gchar *_token, *_token_secret; SoupURI *_uri; +#endif g_return_val_if_fail (GDATA_IS_OAUTH1_AUTHORIZER (self), FALSE); g_return_val_if_fail (token != NULL && *token != '\0', FALSE); @@ -1041,6 +1063,7 @@ gdata_oauth1_authorizer_request_authorization (GDataOAuth1Authorizer *self, cons g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), FALSE); g_return_val_if_fail (error == NULL || *error == NULL, FALSE); +#ifdef ENABLE_OAUTH1 /* This implements OAuthGetAccessToken using the request token returned by OAuthGetRequestToken and the verification code returned by * OAuthAuthorizeToken. See: * • http://code.google.com/apis/accounts/docs/OAuth_ref.html#AccessToken @@ -1125,6 +1148,13 @@ gdata_oauth1_authorizer_request_authorization (GDataOAuth1Authorizer *self, cons g_hash_table_destroy (response_details); return TRUE; +#else /* if !ENABLE_OAUTH1 */ + if (!g_cancellable_set_error_if_cancelled (cancellable, error)) + g_set_error_literal (error, GDATA_SERVICE_ERROR, GDATA_SERVICE_ERROR_UNAVAILABLE, + _("OAuth 1.0 support is disabled.")); + + return FALSE; +#endif } typedef struct { diff --git a/gdata/tests/oauth1-authorizer.c b/gdata/tests/oauth1-authorizer.c index 20c5505a..63d50d9b 100644 --- a/gdata/tests/oauth1-authorizer.c +++ b/gdata/tests/oauth1-authorizer.c @@ -17,6 +17,7 @@ * License along with GData Client. If not, see <http://www.gnu.org/licenses/>. */ +#include <config.h> #include <glib.h> #include <gdata/gdata.h> @@ -476,6 +477,7 @@ test_oauth1_authorizer_request_authentication_uri_sync (OAuth1AuthorizerData *da gdata_test_mock_server_start_trace (mock_server, "oauth1-authorizer-request-authentication-uri-sync"); authentication_uri = gdata_oauth1_authorizer_request_authentication_uri (data->authorizer, &token, &token_secret, NULL, &error); +#ifdef ENABLE_OAUTH1 g_assert_no_error (error); g_assert (authentication_uri != NULL && *authentication_uri != '\0'); g_assert (token != NULL && *token != '\0'); @@ -488,6 +490,11 @@ test_oauth1_authorizer_request_authentication_uri_sync (OAuth1AuthorizerData *da g_free (authentication_uri); g_free (token); g_free (token_secret); +#else + g_assert_error (error, GDATA_SERVICE_ERROR, GDATA_SERVICE_ERROR_UNAVAILABLE); + g_assert_null (authentication_uri); + g_clear_error (&error); +#endif uhm_server_end_trace (mock_server); } @@ -566,6 +573,7 @@ test_oauth1_authorizer_request_authentication_uri_async_cb (GDataOAuth1Authorize GError *error = NULL; authentication_uri = gdata_oauth1_authorizer_request_authentication_uri_finish (authorizer, async_result, &token, &token_secret, &error); +#ifdef ENABLE_OAUTH1 g_assert_no_error (error); g_assert (authentication_uri != NULL && *authentication_uri != '\0'); g_assert (token != NULL && *token != '\0'); @@ -578,6 +586,11 @@ test_oauth1_authorizer_request_authentication_uri_async_cb (GDataOAuth1Authorize g_free (authentication_uri); g_free (token); g_free (token_secret); +#else + g_assert_error (error, GDATA_SERVICE_ERROR, GDATA_SERVICE_ERROR_UNAVAILABLE); + g_assert_null (authentication_uri); + g_clear_error (&error); +#endif g_main_loop_quit (data->main_loop); } @@ -676,6 +689,7 @@ set_up_oauth1_authorizer_interactive_data (OAuth1AuthorizerInteractiveData *data uhm_server_end_trace (mock_server); } +#ifdef ENABLE_OAUTH1 static void set_up_oauth1_authorizer_interactive_data_bad_credentials (OAuth1AuthorizerInteractiveData *data, gconstpointer user_data) { @@ -698,6 +712,7 @@ set_up_oauth1_authorizer_interactive_data_bad_credentials (OAuth1AuthorizerInter uhm_server_end_trace (mock_server); } +#endif /* ENABLE_OAUTH1 */ static void tear_down_oauth1_authorizer_interactive_data (OAuth1AuthorizerInteractiveData *data, gconstpointer user_data) @@ -743,6 +758,7 @@ test_oauth1_authorizer_request_authorization_sync (OAuth1AuthorizerInteractiveDa uhm_server_end_trace (mock_server); } +#ifdef ENABLE_OAUTH1 /* Test that synchronously authorizing a request token fails if an invalid verifier is provided. */ static void test_oauth1_authorizer_request_authorization_sync_bad_credentials (OAuth1AuthorizerInteractiveData *data, gconstpointer user_data) @@ -769,6 +785,7 @@ test_oauth1_authorizer_request_authorization_sync_bad_credentials (OAuth1Authori uhm_server_end_trace (mock_server); } +#endif /* ENABLE_OAUTH1 */ /* Test that cancellation of synchronously authorizing a request token works. Note that this test has to be interactive, as the user has to visit the * authentication URI to retrieve a verifier for the request token. */ @@ -826,6 +843,7 @@ set_up_oauth1_authorizer_interactive_async_data (OAuth1AuthorizerInteractiveAsyn data->main_loop = g_main_loop_new (NULL, FALSE); } +#ifdef ENABLE_OAUTH1 static void set_up_oauth1_authorizer_interactive_async_data_bad_credentials (OAuth1AuthorizerInteractiveAsyncData *data, gconstpointer user_data) { @@ -835,6 +853,7 @@ set_up_oauth1_authorizer_interactive_async_data_bad_credentials (OAuth1Authorize /* Set up the main loop */ data->main_loop = g_main_loop_new (NULL, FALSE); } +#endif /* ENABLE_OAUTH1 */ static void tear_down_oauth1_authorizer_interactive_async_data (OAuth1AuthorizerInteractiveAsyncData *data, gconstpointer user_data) @@ -890,6 +909,7 @@ test_oauth1_authorizer_request_authorization_async (OAuth1AuthorizerInteractiveA uhm_server_end_trace (mock_server); } +#ifdef ENABLE_OAUTH1 static void test_oauth1_authorizer_request_authorization_async_bad_credentials_cb (GDataOAuth1Authorizer *authorizer, GAsyncResult *async_result, OAuth1AuthorizerInteractiveAsyncData *data) @@ -930,6 +950,7 @@ test_oauth1_authorizer_request_authorization_async_bad_credentials (OAuth1Author uhm_server_end_trace (mock_server); } +#endif /* ENABLE_OAUTH1 */ static void test_oauth1_authorizer_request_authorization_async_cancellation_cb (GDataOAuth1Authorizer *authorizer, GAsyncResult *async_result, @@ -1079,9 +1100,11 @@ main (int argc, char *argv[]) tear_down_oauth1_authorizer_interactive_data); } +#ifdef ENABLE_OAUTH1 g_test_add ("/oauth1-authorizer/request-authorization/sync/bad-credentials", OAuth1AuthorizerInteractiveData, NULL, set_up_oauth1_authorizer_interactive_data_bad_credentials, test_oauth1_authorizer_request_authorization_sync_bad_credentials, tear_down_oauth1_authorizer_interactive_data); +#endif /* Async request-authorization tests */ if (gdata_test_interactive () == TRUE) { @@ -1093,9 +1116,11 @@ main (int argc, char *argv[]) tear_down_oauth1_authorizer_interactive_async_data); } +#ifdef ENABLE_OAUTH1 g_test_add ("/oauth1-authorizer/request-authorization/async/bad-credentials", OAuth1AuthorizerInteractiveAsyncData, NULL, set_up_oauth1_authorizer_interactive_async_data_bad_credentials, test_oauth1_authorizer_request_authorization_async_bad_credentials, tear_down_oauth1_authorizer_interactive_async_data); +#endif /* Miscellaneous tests */ if (gdata_test_interactive () == TRUE) { diff --git a/meson.build b/meson.build index f9686ea3..e6fe3ca7 100644 --- a/meson.build +++ b/meson.build @@ -91,9 +91,15 @@ common_c_args = [ # Private dependencies for libgdata (specifically used for pkgconfig) gdata_private_deps = [ dependency('gthread-2.0'), - dependency('oauth', version: '>= 0.9.4'), ] +oauth_dep = dependency('oauth', version: '>= 0.9.4', required: get_option('oauth1')) +enable_oauth1 = oauth_dep.found() +if enable_oauth1 + gdata_private_deps += oauth_dep +endif +config_h.set('ENABLE_OAUTH1', enable_oauth1) + libsoup_dep = dependency('libsoup-2.4', version: '>= 2.42.0') gdata_deps += libsoup_dep # libsoup 2.47.3 is needed for the new SoupServer API; but it contained a bug in diff --git a/meson_options.txt b/meson_options.txt index 25cc6b55..68c63729 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -13,6 +13,11 @@ option('goa', value: 'enabled', description: 'enable Gnome Online Accounts (goa) support') +option('oauth1', + type: 'feature', + value: 'disabled', + description: 'enable OAuth 1.0 support (deprecated)') + # Enable always building tests (default: yes) option('always_build_tests', type: 'boolean', |