From 34b900e7e4aad8b0454649dab0b4ebaaddb2adc4 Mon Sep 17 00:00:00 2001

From: Debarshi Ray <debarshir@gnome.org>

Date: Tue, 11 Jun 2013 16:58:21 +0200

Subject: [PATCH 1/3] google: Bump credentials generation

Access to the following were turned on in the Google APIs Console:

 - Calendar API

 - Google Calendar CalDAV API

 - Google Contacts CardDAV API

Of these, only the last two are new. We were already requesting the

scope for Calendar API, but looks like the APIs Console is the way

to go now. Interestingly the APIs Console does not list all the other

services that we are interested in, or it is does but is not obvious

to me.

In any case we need access to their new CalDAV API which works with

OAuth2 because that would let us work with 2-factor authenticated

accounts again.

See: https://bugzilla.gnome.org/show_bug.cgi?id=686804

     https://bugzilla.gnome.org/show_bug.cgi?id=688364

---

 src/goabackend/goagoogleprovider.c | 2 +-

 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/goabackend/goagoogleprovider.c b/src/goabackend/goagoogleprovider.c

index b3accdb..1c5c04b 100644

--- a/src/goabackend/goagoogleprovider.c

+++ b/src/goabackend/goagoogleprovider.c

@@ -137,7 +137,7 @@ get_scope (GoaOAuth2Provider *provider)

 static guint

 get_credentials_generation (GoaProvider *provider)

 {

-  return 3;

+  return 4;

 }

 static const gchar *

-- 

1.8.4.2

From 930a86add739b065b2cc43e2efae7fa30dfeee07 Mon Sep 17 00:00:00 2001

From: Debarshi Ray <debarshir@gnome.org>

Date: Wed, 19 Jun 2013 17:04:38 +0200

Subject: [PATCH 2/3] google: Export CalDAV and CardDAV endpoints

According to:

https://developers.google.com/google-apps/calendar/caldav/v2/guide/

https://developers.google.com/google-apps/carddav/

See: https://bugzilla.gnome.org/show_bug.cgi?id=686804

     https://bugzilla.gnome.org/show_bug.cgi?id=688364

---

 src/goabackend/goagoogleprovider.c | 18 ++++++++++++++++--

 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/src/goabackend/goagoogleprovider.c b/src/goabackend/goagoogleprovider.c

index 1c5c04b..5b413f7 100644

--- a/src/goabackend/goagoogleprovider.c

+++ b/src/goabackend/goagoogleprovider.c

@@ -355,6 +355,7 @@ build_object (GoaProvider         *provider,

   gboolean contacts_enabled;

   gboolean chat_enabled;

   gboolean documents_enabled;

+  const gchar *email_address;

   account = NULL;

   mail = NULL;

@@ -389,6 +390,7 @@ build_object (GoaProvider         *provider,

     }

   account = goa_object_get_account (GOA_OBJECT (object));

+  email_address = goa_account_get_identity (account);

   /* Email */

   mail = goa_object_get_mail (GOA_OBJECT (object));

@@ -397,8 +399,6 @@ build_object (GoaProvider         *provider,

     {

       if (mail == NULL)

         {

-          const gchar *email_address;

-          email_address = goa_account_get_identity (account);

           mail = goa_mail_skeleton_new ();

           g_object_set (G_OBJECT (mail),

                         "email-address",   email_address,

@@ -428,8 +428,19 @@ build_object (GoaProvider         *provider,

     {

       if (calendar == NULL)

         {

+          gchar *uri_caldav;

+

+          uri_caldav = g_strconcat ("https://apidata.googleusercontent.com/caldav/v2/",

+                                    email_address,

+                                    "/user",

+                                    NULL);

+

           calendar = goa_calendar_skeleton_new ();

+          g_object_set (G_OBJECT (calendar),

+                        "uri", uri_caldav,

+                        NULL);

           goa_object_skeleton_set_calendar (object, calendar);

+          g_free (uri_caldav);

         }

     }

   else

@@ -446,6 +457,9 @@ build_object (GoaProvider         *provider,

       if (contacts == NULL)

         {

           contacts = goa_contacts_skeleton_new ();

+          g_object_set (G_OBJECT (contacts),

+                        "uri", "https://www.googleapis.com/.well-known/carddav",

+                        NULL);

           goa_object_skeleton_set_contacts (object, contacts);

         }

     }

-- 

1.8.4.2

From e3a72091bca2d48ee3c87530b0d8b30d87c21ff0 Mon Sep 17 00:00:00 2001

From: Debarshi Ray <debarshir@gnome.org>

Date: Fri, 28 Jun 2013 14:22:07 +0200

Subject: [PATCH 3/3] google: Don't offer a PasswordBased interface

This was a temporary measure back when Google did not support OAuth2

for CalDAV. Now that they do, we can drop this.

In any case, the workaround didn't work with accounts using 2-factor

authentication. This will make those people happy.

This reverts 89c335479c1bb8409af8296c99ffea602a28b71f

See: https://bugzilla.gnome.org/show_bug.cgi?id=686804

     https://bugzilla.gnome.org/show_bug.cgi?id=688364

---

 src/goabackend/goagoogleprovider.c | 215 -------------------------------------

 1 file changed, 215 deletions(-)

diff --git a/src/goabackend/goagoogleprovider.c b/src/goabackend/goagoogleprovider.c

index 5b413f7..065845d 100644

--- a/src/goabackend/goagoogleprovider.c

+++ b/src/goabackend/goagoogleprovider.c

@@ -32,8 +32,6 @@

 #include "goaprovider-priv.h"

 #include "goaoauth2provider.h"

 #include "goagoogleprovider.h"

-#include "goahttpclient.h"

-#include "goautils.h"

 /**

  * GoaGoogleProvider:

@@ -71,8 +69,6 @@ G_DEFINE_TYPE_WITH_CODE (GoaGoogleProvider, goa_google_provider, GOA_TYPE_OAUTH2

 /* ---------------------------------------------------------------------------------------------------- */

-static const gchar *CALDAV_ENDPOINT = "https://www.google.com/calendar/dav/%s/events/";

-

 static const gchar *

 get_provider_type (GoaProvider *_provider)

 {

@@ -291,48 +287,8 @@ is_identity_node (GoaOAuth2Provider *provider, WebKitDOMHTMLInputElement *elemen

   return ret;

 }

-static gboolean

-is_password_node (GoaOAuth2Provider *provider, WebKitDOMHTMLInputElement *element)

-{

-  gboolean ret;

-  gchar *element_type;

-  gchar *id;

-  gchar *name;

-

-  element_type = NULL;

-  id = NULL;

-  name = NULL;

-

-  ret = FALSE;

-

-  g_object_get (element, "type", &element_type, NULL);

-  if (g_strcmp0 (element_type, "password") != 0)

-    goto out;

-

-  id = webkit_dom_html_element_get_id (WEBKIT_DOM_HTML_ELEMENT (element));

-  if (g_strcmp0 (id, "Passwd") != 0)

-    goto out;

-

-  name = webkit_dom_html_input_element_get_name (element);

-  if (g_strcmp0 (name, "Passwd") != 0)

-    goto out;

-

-  ret = TRUE;

-

- out:

-  g_free (element_type);

-  g_free (id);

-  g_free (name);

-  return ret;

-}

-

 /* ---------------------------------------------------------------------------------------------------- */

-static gboolean on_handle_get_password (GoaPasswordBased      *interface,

-                                        GDBusMethodInvocation *invocation,

-                                        const gchar           *id,

-                                        gpointer               user_data);

-

 static gboolean

 build_object (GoaProvider         *provider,

               GoaObjectSkeleton   *object,

@@ -348,7 +304,6 @@ build_object (GoaProvider         *provider,

   GoaContacts *contacts;

   GoaChat *chat;

   GoaDocuments *documents;

-  GoaPasswordBased *password_based;

   gboolean ret;

   gboolean mail_enabled;

   gboolean calendar_enabled;

@@ -375,20 +330,6 @@ build_object (GoaProvider         *provider,

                                                                             error))

     goto out;

-  password_based = goa_object_get_password_based (GOA_OBJECT (object));

-  if (password_based == NULL)

-    {

-      password_based = goa_password_based_skeleton_new ();

-      /* Ensure D-Bus method invocations run in their own thread */

-      g_dbus_interface_skeleton_set_flags (G_DBUS_INTERFACE_SKELETON (password_based),

-                                           G_DBUS_INTERFACE_SKELETON_FLAGS_HANDLE_METHOD_INVOCATIONS_IN_THREAD);

-      goa_object_skeleton_set_password_based (object, password_based);

-      g_signal_connect (password_based,

-                        "handle-get-password",

-                        G_CALLBACK (on_handle_get_password),

-                        NULL);

-    }

-

   account = goa_object_get_account (GOA_OBJECT (object));

   email_address = goa_account_get_identity (account);

@@ -549,103 +490,6 @@ build_object (GoaProvider         *provider,

 /* ---------------------------------------------------------------------------------------------------- */

 static gboolean

-ensure_credentials_sync (GoaProvider   *provider,

-                         GoaObject     *object,

-                         gint          *out_expires_in,

-                         GCancellable  *cancellable,

-                         GError       **error)

-{

-  GVariant *credentials;

-  GoaAccount *account;

-  GoaHttpClient *http_client;

-  gboolean ret;

-  const gchar *username;

-  gchar *password;

-  gchar *uri_caldav;

-

-  credentials = NULL;

-  http_client = NULL;

-  password = NULL;

-  uri_caldav = NULL;

-

-  ret = FALSE;

-

-  /* Chain up */

-  if (!GOA_PROVIDER_CLASS (goa_google_provider_parent_class)->ensure_credentials_sync (provider,

-                                                                                       object,

-                                                                                       out_expires_in,

-                                                                                       cancellable,

-                                                                                       error))

-    goto out;

-

-  credentials = goa_utils_lookup_credentials_sync (provider,

-                                                   object,

-                                                   cancellable,

-                                                   error);

-  if (credentials == NULL)

-    {

-      if (error != NULL)

-        {

-          (*error)->domain = GOA_ERROR;

-          (*error)->code = GOA_ERROR_NOT_AUTHORIZED;

-        }

-      goto out;

-    }

-

-  account = goa_object_peek_account (object);

-  username = goa_account_get_presentation_identity (account);

-  uri_caldav = g_strdup_printf (CALDAV_ENDPOINT, username);

-

-  if (!g_variant_lookup (credentials, "password", "s", &password))

-    {

-      if (error != NULL)

-        {

-          *error = g_error_new (GOA_ERROR,

-                                GOA_ERROR_NOT_AUTHORIZED,

-                                _("Did not find password with identity `%s' in credentials"),

-                                username);

-        }

-      goto out;

-    }

-

-  http_client = goa_http_client_new ();

-  ret = goa_http_client_check_sync (http_client,

-                                    uri_caldav,

-                                    username,

-                                    password,

-                                    FALSE,

-                                    cancellable,

-                                    error);

-  if (!ret)

-    {

-      if (error != NULL)

-        {

-          g_prefix_error (error,

-                          /* Translators: the first %s is the username

-                           * (eg., debarshi.ray@gmail.com or rishi), and the

-                           * (%s, %d) is the error domain and code.

-                           */

-                          _("Invalid password with username `%s' (%s, %d): "),

-                          username,

-                          g_quark_to_string ((*error)->domain),

-                          (*error)->code);

-          (*error)->domain = GOA_ERROR;

-          (*error)->code = GOA_ERROR_NOT_AUTHORIZED;

-        }

-      goto out;

-    }

-

- out:

-  g_clear_object (&http_client);

-  g_free (password);

-  g_free (uri_caldav);

-  g_clear_pointer (&credentials, (GDestroyNotify) g_variant_unref);

-  return ret;

-}

-

-/* ---------------------------------------------------------------------------------------------------- */

-

-static gboolean

 get_use_mobile_browser (GoaOAuth2Provider *provider)

 {

   return TRUE;

@@ -726,7 +570,6 @@ goa_google_provider_class_init (GoaGoogleProviderClass *klass)

   provider_class->get_provider_name          = get_provider_name;

   provider_class->get_provider_group         = get_provider_group;

   provider_class->build_object               = build_object;

-  provider_class->ensure_credentials_sync    = ensure_credentials_sync;

   provider_class->show_account               = show_account;

   provider_class->get_credentials_generation = get_credentials_generation;

@@ -740,65 +583,7 @@ goa_google_provider_class_init (GoaGoogleProviderClass *klass)

   oauth2_class->get_scope                 = get_scope;

   oauth2_class->is_deny_node              = is_deny_node;

   oauth2_class->is_identity_node          = is_identity_node;

-  oauth2_class->is_password_node          = is_password_node;

   oauth2_class->get_token_uri             = get_token_uri;

   oauth2_class->get_use_mobile_browser    = get_use_mobile_browser;

   oauth2_class->add_account_key_values    = add_account_key_values;

 }

-

-/* ---------------------------------------------------------------------------------------------------- */

-

-/* runs in a thread dedicated to handling @invocation */

-static gboolean

-on_handle_get_password (GoaPasswordBased      *interface,

-                        GDBusMethodInvocation *invocation,

-                        const gchar           *id, /* unused */

-                        gpointer               user_data)

-{

-  GoaObject *object;

-  GoaAccount *account;

-  GoaProvider *provider;

-  GError *error;

-  GVariant *credentials;

-  const gchar *identity;

-  gchar *password;

-

-  /* TODO: maybe log what app is requesting access */

-

-  password = NULL;

-  credentials = NULL;

-

-  object = GOA_OBJECT (g_dbus_interface_get_object (G_DBUS_INTERFACE (interface)));

-  account = goa_object_peek_account (object);

-  identity = goa_account_get_identity (account);

-  provider = goa_provider_get_for_provider_type (goa_account_get_provider_type (account));

-

-  error = NULL;

-  credentials = goa_utils_lookup_credentials_sync (provider,

-                                                   object,

-                                                   NULL, /* GCancellable* */

-                                                   &error);

-  if (credentials == NULL)

-    {

-      g_dbus_method_invocation_take_error (invocation, error);

-      goto out;

-    }

-

-  if (!g_variant_lookup (credentials, "password", "s", &password))

-    {

-      g_dbus_method_invocation_return_error (invocation,

-                                             GOA_ERROR,

-                                             GOA_ERROR_FAILED, /* TODO: more specific */

-                                             _("Did not find password with identity `%s' in credentials"),

-                                             identity);

-      goto out;

-    }

-

-  goa_password_based_complete_get_password (interface, invocation, password);

-

- out:

-  g_free (password);

-  g_clear_pointer (&credentials, (GDestroyNotify) g_variant_unref);

-  g_object_unref (provider);

-  return TRUE; /* invocation was handled */

-}

-- 

1.8.4.2