[epiphany/gnome-3-18] form-auth-data: Properly normalize URI when accessing secret service



commit 8c0b67b6b37e7d48f373a27429a91b66fd77e28f
Author: Michael Catanzaro <mcatanzaro gnome org>
Date:   Thu Feb 2 19:51:15 2017 -0600

    form-auth-data: Properly normalize URI when accessing secret service
    
    I've mishandled this issue pretty badly. Incredibly, my previous patch,
    which was intended to ensure we always normalize URIs to security
    origins when working with form auth data, only fixed use of the form
    auth data cache. It didn't actually fix any use of the secret service
    itself. Fix that.
    
    This commit notably removes support for mailman passwords, which is
    making the code way too complicated and conflicts with the goal of
    storing only security origins and not full URIs in the secret service.
    
    Note: this normalization is way better than what we were doing before.
    In particular, it incidentally fixes odd bugs like the URI framgment,
    even the empty fragment #, being sufficient to trick our password
    manager into storing separate passwords, so this should also make the
    password filling significantly more reliable than it used to be. (Unless
    you need per-URI passwords without a username, i.e. mailman passwords,
    in which case you're just out of luck, sorry!)
    
    https://bugzilla.gnome.org/show_bug.cgi?id=752738

 lib/ephy-form-auth-data.c |   68 +++++++++++++-------------------------------
 1 files changed, 20 insertions(+), 48 deletions(-)
---
diff --git a/lib/ephy-form-auth-data.c b/lib/ephy-form-auth-data.c
index 99be228..1d699e2 100644
--- a/lib/ephy-form-auth-data.c
+++ b/lib/ephy-form-auth-data.c
@@ -43,36 +43,32 @@ ephy_form_auth_data_get_password_schema (void)
   return &schema;
 }
 
-static void
-normalize_and_prepare_uri (SoupURI  *uri,
-                           gboolean  remove_path)
-{
-  g_assert (uri != NULL);
-
-  soup_uri_set_query (uri, NULL);
-  if (remove_path)
-    soup_uri_set_path (uri, "/");
-}
-
 static GHashTable *
 ephy_form_auth_data_get_secret_attributes_table (const char *uri,
                                                  const char *field_username,
                                                  const char *field_password,
                                                  const char *username)
 {
+  GHashTable *attributes;
+  char *origin;
+
+  origin = ephy_uri_to_security_origin (uri);
   if (field_username)
     return secret_attributes_build (EPHY_FORM_PASSWORD_SCHEMA,
-                                    URI_KEY, uri,
+                                    URI_KEY, origin,
                                     FORM_USERNAME_KEY, field_username,
                                     FORM_PASSWORD_KEY, field_password,
                                     username ? USERNAME_KEY : NULL, username,
                                     NULL);
   else
-    return secret_attributes_build (EPHY_FORM_PASSWORD_SCHEMA,
-                                    URI_KEY, uri,
-                                    FORM_PASSWORD_KEY, field_password,
-                                    username ? USERNAME_KEY : NULL, username,
-                                    NULL);
+    attributes = secret_attributes_build (EPHY_FORM_PASSWORD_SCHEMA,
+                                          URI_KEY, origin,
+                                          FORM_PASSWORD_KEY, field_password,
+                                          username ? USERNAME_KEY : NULL, username,
+                                          NULL);
+  g_free (origin);
+
+  return attributes;
 }
 
 static void
@@ -100,10 +96,9 @@ ephy_form_auth_data_store (const char *uri,
                            GAsyncReadyCallback callback,
                            gpointer userdata)
 {
-  SoupURI *fake_uri;
-  char *fake_uri_str;
   SecretValue *value;
   GHashTable *attributes;
+  char *origin;
   char *label;
   GTask *task;
 
@@ -112,32 +107,24 @@ ephy_form_auth_data_store (const char *uri,
   g_return_if_fail (password);
   g_return_if_fail ((form_username && username) || (!form_username && !username));
 
-  fake_uri = soup_uri_new (uri);
-  g_return_if_fail (fake_uri);
-
   task = g_task_new (NULL, NULL, callback, userdata);
 
-  /* Mailman passwords need the full URI */
-  if (!form_username && g_strcmp0 (form_password, "adminpw") == 0)
-    normalize_and_prepare_uri (fake_uri, FALSE);
-  else
-    normalize_and_prepare_uri (fake_uri, TRUE);
-  fake_uri_str = soup_uri_to_string (fake_uri, FALSE);
   value = secret_value_new (password, -1, "text/plain");
-  attributes = ephy_form_auth_data_get_secret_attributes_table (fake_uri_str, form_username,
+  attributes = ephy_form_auth_data_get_secret_attributes_table (uri, form_username,
                                                                 form_password, username);
+  origin = ephy_uri_to_security_origin (uri);
   if (username != NULL) {
     /* Translators: The first %s is the username and the second one is the
      * security origin where this is happening. Example: gnome gmail com and
      * https://mail.google.com.
      */
     label = g_strdup_printf (_("Password for %s in a form in %s"),
-                             username, fake_uri_str);
+                             username, origin);
   } else {
     /* Translators: The first %s is the security origin where this is happening.
      * Example: https://mail.google.com.
      */
-    label = g_strdup_printf (_("Password in a form in %s"), fake_uri_str);
+    label = g_strdup_printf (_("Password in a form in %s"), origin);
   }
   secret_service_store (NULL, EPHY_FORM_PASSWORD_SCHEMA,
                         attributes, NULL, label, value,
@@ -148,8 +135,7 @@ ephy_form_auth_data_store (const char *uri,
   g_free (label);
   secret_value_unref (value);
   g_hash_table_unref (attributes);
-  soup_uri_free (fake_uri);
-  g_free (fake_uri_str);
+  g_free (origin);
   g_object_unref (task);
 }
 
@@ -231,25 +217,13 @@ ephy_form_auth_data_query (const char *uri,
                            gpointer user_data,
                            GDestroyNotify destroy_data)
 {
-  SoupURI *key;
-  char *key_str;
   EphyFormAuthDataQueryClosure *closure;
   GHashTable *attributes;
 
   g_return_if_fail (uri);
   g_return_if_fail (form_password);
 
-  key = soup_uri_new (uri);
-  g_return_if_fail (key);
-
-  if (!form_username && g_strcmp0 (form_password, "adminpw") == 0)
-    normalize_and_prepare_uri (key, FALSE);
-  else
-    normalize_and_prepare_uri (key, TRUE);
-
-  key_str = soup_uri_to_string (key, FALSE);
-
-  attributes = ephy_form_auth_data_get_secret_attributes_table (key_str,
+  attributes = ephy_form_auth_data_get_secret_attributes_table (uri,
                                                                 form_username,
                                                                 form_password,
                                                                 username);
@@ -267,8 +241,6 @@ ephy_form_auth_data_query (const char *uri,
                          closure);
 
   g_hash_table_unref (attributes);
-  soup_uri_free (key);
-  g_free (key_str);
 }
 
 static EphyFormAuthData *


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]