build: Make OAuth 1.0 support optional and disabled by default

liboauth is unmaintained and hard to compile at the moment. OAuth 1.0 itself has been deprecated in Google APIs since 2012, in favour of OAuth 2.0 or other more modern authentication/authorisation methods. Add a new configure option for `oauth1`, and disable it by default. If it’s disabled, the `GDataOAuth1Authorizer` will return errors when used (but the API is still available and not marked as deprecated yet). Eventually the `GDataOAuth1Authorizer` API will be marked as deprecated, but we can’t do that at the moment as we’re in API freeze. Signed-off-by: Philip Withnall <withnall@endlessm.com> Fixes: #1
author: Philip Withnall <withnall@endlessm.com> 2019-08-21 11:41:06 +0300
committer: Philip Withnall <withnall@endlessm.com> 2019-08-21 12:31:30 +0300
commit: 427e3bed7b5e6edaa23ca4cc48e3caa9a224e6ed (patch)
tree: 63d96223d1cd12cbbb6bc6a056f016a0aa615e57
parent: 43c6e45e14267cd4b932b3f3824bf3438466f18d (diff)
download: libgdata-427e3bed7b5e6edaa23ca4cc48e3caa9a224e6ed.tar.gz
4 files changed, 68 insertions, 2 deletions
diff --git a/gdata/gdata-oauth1-authorizer.c b/gdata/gdata-oauth1-authorizer.c
index ecea5cbe..09d766ec 100644
--- a/gdata/gdata-oauth1-authorizer.c
+++ b/gdata/gdata-oauth1-authorizer.c
@@ -23,6 +23,8 @@
  * @stability: Stable
  * @include: gdata/gdata-oauth1-authorizer.h
  *
+ * OAuth 1.0 has been deprecated since 2012, and OAuth 2.0 (#GDataOAuth2Authorizer) should be used instead.
+ *
  * #GDataOAuth1Authorizer provides an implementation of the #GDataAuthorizer interface for authentication and authorization using the
  * <ulink type="http" url="http://code.google.com/apis/accounts/docs/OAuthForInstalledApps.html">OAuth 1.0</ulink> process,
  * which was preferred by Google until OAuth 2.0 was released — it is now
@@ -140,10 +142,13 @@
 
 #include <config.h>
 #include <string.h>
-#include <oauth.h>
 #include <glib.h>
 #include <glib/gi18n-lib.h>
 
+#ifdef ENABLE_OAUTH1
+#include <oauth.h>
+#endif
+
 #include "gdata-oauth1-authorizer.h"
 #include "gdata-private.h"
 
@@ -457,6 +462,7 @@ is_authorized_for_domain (GDataAuthorizer *self, GDataAuthorizationDomain *domai
 static void
 sign_message (GDataOAuth1Authorizer *self, SoupMessage *message, const gchar *token, const gchar *token_secret, GHashTable *parameters)
 {
+#ifdef ENABLE_OAUTH1
 	GHashTableIter iter;
 	const gchar *key, *value, *consumer_key, *consumer_secret, *signature_method;
 	gsize params_length = 0;
@@ -620,6 +626,7 @@ sign_message (GDataOAuth1Authorizer *self, SoupMessage *message, const gchar *to
 	free (signature);
 	g_free (timestamp);
 	free (nonce);
+#endif  /* ENABLE_OAUTH1 */
 }
 
 /**
@@ -729,6 +736,7 @@ gchar *
 gdata_oauth1_authorizer_request_authentication_uri (GDataOAuth1Authorizer *self, gchar **token, gchar **token_secret,
                                                     GCancellable *cancellable, GError **error)
 {
+#ifdef ENABLE_OAUTH1
 	GDataOAuth1AuthorizerPrivate *priv;
 	SoupMessage *message;
 	guint status;
@@ -741,6 +749,7 @@ gdata_oauth1_authorizer_request_authentication_uri (GDataOAuth1Authorizer *self,
 	GHashTable *response_details;
 	const gchar *callback_uri, *_token, *_token_secret, *callback_confirmed;
 	SoupURI *_uri;
+#endif
 
 	g_return_val_if_fail (GDATA_IS_OAUTH1_AUTHORIZER (self), NULL);
 	g_return_val_if_fail (token != NULL, NULL);
@@ -748,6 +757,7 @@ gdata_oauth1_authorizer_request_authentication_uri (GDataOAuth1Authorizer *self,
 	g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL);
 	g_return_val_if_fail (error == NULL || *error == NULL, NULL);
 
+#ifdef ENABLE_OAUTH1
 	priv = self->priv;
 
 	/* This implements OAuthGetRequestToken and returns the URI for OAuthAuthorizeToken, which the client must then use themselves (e.g. in an
@@ -862,6 +872,16 @@ gdata_oauth1_authorizer_request_authentication_uri (GDataOAuth1Authorizer *self,
 	g_hash_table_destroy (response_details);
 
 	return g_string_free (authentication_uri, FALSE);
+#else  /* if !ENABLE_OAUTH1 */
+	*token = NULL;
+	*token_secret = NULL;
+
+	if (!g_cancellable_set_error_if_cancelled (cancellable, error))
+		g_set_error_literal (error, GDATA_SERVICE_ERROR, GDATA_SERVICE_ERROR_UNAVAILABLE,
+		                     _("OAuth 1.0 support is disabled."));
+
+	return NULL;
+#endif
 }
 
 typedef struct {
@@ -1025,6 +1045,7 @@ gboolean
 gdata_oauth1_authorizer_request_authorization (GDataOAuth1Authorizer *self, const gchar *token, const gchar *token_secret, const gchar *verifier,
                                                GCancellable *cancellable, GError **error)
 {
+#ifdef ENABLE_OAUTH1
 	GDataOAuth1AuthorizerPrivate *priv;
 	SoupMessage *message;
 	guint status;
@@ -1033,6 +1054,7 @@ gdata_oauth1_authorizer_request_authorization (GDataOAuth1Authorizer *self, cons
 	GHashTable *response_details;
 	const gchar *_token, *_token_secret;
 	SoupURI *_uri;
+#endif
 
 	g_return_val_if_fail (GDATA_IS_OAUTH1_AUTHORIZER (self), FALSE);
 	g_return_val_if_fail (token != NULL && *token != '\0', FALSE);
@@ -1041,6 +1063,7 @@ gdata_oauth1_authorizer_request_authorization (GDataOAuth1Authorizer *self, cons
 	g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), FALSE);
 	g_return_val_if_fail (error == NULL || *error == NULL, FALSE);
 
+#ifdef ENABLE_OAUTH1
 	/* This implements OAuthGetAccessToken using the request token returned by OAuthGetRequestToken and the verification code returned by
 	 * OAuthAuthorizeToken. See:
 	 *  • http://code.google.com/apis/accounts/docs/OAuth_ref.html#AccessToken
@@ -1125,6 +1148,13 @@ gdata_oauth1_authorizer_request_authorization (GDataOAuth1Authorizer *self, cons
 	g_hash_table_destroy (response_details);
 
 	return TRUE;
+#else  /* if !ENABLE_OAUTH1 */
+	if (!g_cancellable_set_error_if_cancelled (cancellable, error))
+		g_set_error_literal (error, GDATA_SERVICE_ERROR, GDATA_SERVICE_ERROR_UNAVAILABLE,
+		                     _("OAuth 1.0 support is disabled."));
+
+	return FALSE;
+#endif
 }
 
 typedef struct {
diff --git a/gdata/tests/oauth1-authorizer.c b/gdata/tests/oauth1-authorizer.c
index 20c5505a..63d50d9b 100644
--- a/gdata/tests/oauth1-authorizer.c
+++ b/gdata/tests/oauth1-authorizer.c
@@ -17,6 +17,7 @@
  * License along with GData Client.  If not, see <http://www.gnu.org/licenses/>.
  */
 
+#include <config.h>
 #include <glib.h>
 #include <gdata/gdata.h>
 
@@ -476,6 +477,7 @@ test_oauth1_authorizer_request_authentication_uri_sync (OAuth1AuthorizerData *da
 	gdata_test_mock_server_start_trace (mock_server, "oauth1-authorizer-request-authentication-uri-sync");
 
 	authentication_uri = gdata_oauth1_authorizer_request_authentication_uri (data->authorizer, &token, &token_secret, NULL, &error);
+#ifdef ENABLE_OAUTH1
 	g_assert_no_error (error);
 	g_assert (authentication_uri != NULL && *authentication_uri != '\0');
 	g_assert (token != NULL && *token != '\0');
@@ -488,6 +490,11 @@ test_oauth1_authorizer_request_authentication_uri_sync (OAuth1AuthorizerData *da
 	g_free (authentication_uri);
 	g_free (token);
 	g_free (token_secret);
+#else
+	g_assert_error (error, GDATA_SERVICE_ERROR, GDATA_SERVICE_ERROR_UNAVAILABLE);
+	g_assert_null (authentication_uri);
+	g_clear_error (&error);
+#endif
 
 	uhm_server_end_trace (mock_server);
 }
@@ -566,6 +573,7 @@ test_oauth1_authorizer_request_authentication_uri_async_cb (GDataOAuth1Authorize
 	GError *error = NULL;
 
 	authentication_uri = gdata_oauth1_authorizer_request_authentication_uri_finish (authorizer, async_result, &token, &token_secret, &error);
+#ifdef ENABLE_OAUTH1
 	g_assert_no_error (error);
 	g_assert (authentication_uri != NULL && *authentication_uri != '\0');
 	g_assert (token != NULL && *token != '\0');
@@ -578,6 +586,11 @@ test_oauth1_authorizer_request_authentication_uri_async_cb (GDataOAuth1Authorize
 	g_free (authentication_uri);
 	g_free (token);
 	g_free (token_secret);
+#else
+	g_assert_error (error, GDATA_SERVICE_ERROR, GDATA_SERVICE_ERROR_UNAVAILABLE);
+	g_assert_null (authentication_uri);
+	g_clear_error (&error);
+#endif
 
 	g_main_loop_quit (data->main_loop);
 }
@@ -676,6 +689,7 @@ set_up_oauth1_authorizer_interactive_data (OAuth1AuthorizerInteractiveData *data
 	uhm_server_end_trace (mock_server);
 }
 
+#ifdef ENABLE_OAUTH1
 static void
 set_up_oauth1_authorizer_interactive_data_bad_credentials (OAuth1AuthorizerInteractiveData *data, gconstpointer user_data)
 {
@@ -698,6 +712,7 @@ set_up_oauth1_authorizer_interactive_data_bad_credentials (OAuth1AuthorizerInter
 
 	uhm_server_end_trace (mock_server);
 }
+#endif  /* ENABLE_OAUTH1 */
 
 static void
 tear_down_oauth1_authorizer_interactive_data (OAuth1AuthorizerInteractiveData *data, gconstpointer user_data)
@@ -743,6 +758,7 @@ test_oauth1_authorizer_request_authorization_sync (OAuth1AuthorizerInteractiveDa
 	uhm_server_end_trace (mock_server);
 }
 
+#ifdef ENABLE_OAUTH1
 /* Test that synchronously authorizing a request token fails if an invalid verifier is provided. */
 static void
 test_oauth1_authorizer_request_authorization_sync_bad_credentials (OAuth1AuthorizerInteractiveData *data, gconstpointer user_data)
@@ -769,6 +785,7 @@ test_oauth1_authorizer_request_authorization_sync_bad_credentials (OAuth1Authori
 
 	uhm_server_end_trace (mock_server);
 }
+#endif  /* ENABLE_OAUTH1 */
 
 /* Test that cancellation of synchronously authorizing a request token works. Note that this test has to be interactive, as the user has to visit the
  * authentication URI to retrieve a verifier for the request token. */
@@ -826,6 +843,7 @@ set_up_oauth1_authorizer_interactive_async_data (OAuth1AuthorizerInteractiveAsyn
 	data->main_loop = g_main_loop_new (NULL, FALSE);
 }
 
+#ifdef ENABLE_OAUTH1
 static void
 set_up_oauth1_authorizer_interactive_async_data_bad_credentials (OAuth1AuthorizerInteractiveAsyncData *data, gconstpointer user_data)
 {
@@ -835,6 +853,7 @@ set_up_oauth1_authorizer_interactive_async_data_bad_credentials (OAuth1Authorize
 	/* Set up the main loop */
 	data->main_loop = g_main_loop_new (NULL, FALSE);
 }
+#endif  /* ENABLE_OAUTH1 */
 
 static void
 tear_down_oauth1_authorizer_interactive_async_data (OAuth1AuthorizerInteractiveAsyncData *data, gconstpointer user_data)
@@ -890,6 +909,7 @@ test_oauth1_authorizer_request_authorization_async (OAuth1AuthorizerInteractiveA
 	uhm_server_end_trace (mock_server);
 }
 
+#ifdef ENABLE_OAUTH1
 static void
 test_oauth1_authorizer_request_authorization_async_bad_credentials_cb (GDataOAuth1Authorizer *authorizer, GAsyncResult *async_result,
                                                                        OAuth1AuthorizerInteractiveAsyncData *data)
@@ -930,6 +950,7 @@ test_oauth1_authorizer_request_authorization_async_bad_credentials (OAuth1Author
 
 	uhm_server_end_trace (mock_server);
 }
+#endif  /* ENABLE_OAUTH1 */
 
 static void
 test_oauth1_authorizer_request_authorization_async_cancellation_cb (GDataOAuth1Authorizer *authorizer, GAsyncResult *async_result,
@@ -1079,9 +1100,11 @@ main (int argc, char *argv[])
 		            tear_down_oauth1_authorizer_interactive_data);
 	}
 
+#ifdef ENABLE_OAUTH1
 	g_test_add ("/oauth1-authorizer/request-authorization/sync/bad-credentials", OAuth1AuthorizerInteractiveData, NULL,
 	            set_up_oauth1_authorizer_interactive_data_bad_credentials,
 	            test_oauth1_authorizer_request_authorization_sync_bad_credentials, tear_down_oauth1_authorizer_interactive_data);
+#endif
 
 	/* Async request-authorization tests */
 	if (gdata_test_interactive () == TRUE) {
@@ -1093,9 +1116,11 @@ main (int argc, char *argv[])
 		            tear_down_oauth1_authorizer_interactive_async_data);
 	}
 
+#ifdef ENABLE_OAUTH1
 	g_test_add ("/oauth1-authorizer/request-authorization/async/bad-credentials", OAuth1AuthorizerInteractiveAsyncData, NULL,
 	            set_up_oauth1_authorizer_interactive_async_data_bad_credentials,
 	            test_oauth1_authorizer_request_authorization_async_bad_credentials, tear_down_oauth1_authorizer_interactive_async_data);
+#endif
 
 	/* Miscellaneous tests */
 	if (gdata_test_interactive () == TRUE) {
diff --git a/meson.build b/meson.build
index f9686ea3..e6fe3ca7 100644
--- a/meson.build
+++ b/meson.build
@@ -91,9 +91,15 @@ common_c_args = [
 # Private dependencies for libgdata (specifically used for pkgconfig)
 gdata_private_deps = [
   dependency('gthread-2.0'),
-  dependency('oauth', version: '>= 0.9.4'),
 ]
 
+oauth_dep = dependency('oauth', version: '>= 0.9.4', required: get_option('oauth1'))
+enable_oauth1 = oauth_dep.found()
+if enable_oauth1
+  gdata_private_deps += oauth_dep
+endif
+config_h.set('ENABLE_OAUTH1', enable_oauth1)
+
 libsoup_dep = dependency('libsoup-2.4', version: '>= 2.42.0')
 gdata_deps += libsoup_dep
 # libsoup 2.47.3 is needed for the new SoupServer API; but it contained a bug in
diff --git a/meson_options.txt b/meson_options.txt
index 25cc6b55..68c63729 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -13,6 +13,11 @@ option('goa',
   value: 'enabled',
   description: 'enable Gnome Online Accounts (goa) support')
 
+option('oauth1',
+  type: 'feature',
+  value: 'disabled',
+  description: 'enable OAuth 1.0 support (deprecated)')
+
 # Enable always building tests (default: yes)
 option('always_build_tests',
   type: 'boolean',
author	Philip Withnall <withnall@endlessm.com>	2019-08-21 11:41:06 +0300
committer	Philip Withnall <withnall@endlessm.com>	2019-08-21 12:31:30 +0300
commit	427e3bed7b5e6edaa23ca4cc48e3caa9a224e6ed (patch)
tree	63d96223d1cd12cbbb6bc6a056f016a0aa615e57
parent	43c6e45e14267cd4b932b3f3824bf3438466f18d (diff)
download	libgdata-427e3bed7b5e6edaa23ca4cc48e3caa9a224e6ed.tar.gz