Token auth

Author: TheOneRing

src/cmd/CMakeLists.txt

@@ -1,7 +1,7 @@
-# Currently disabled until we implemented app token support
-return()
 add_executable(cmd
     cmd.cpp
+        tokencredentials.cpp
+        tokencredentials.h
 )
 set_target_properties(cmd PROPERTIES OUTPUT_NAME "${APPLICATION_EXECUTABLE}cmd")
 ecm_mark_nongui_executable(cmd)

src/cmd/cmd.cpp

@@ -15,10 +15,10 @@
  */
 
 #include "account.h"
+#include "cmd/tokencredentials.h"
 #include "common/syncjournaldb.h"
 #include "common/version.h"
 #include "configfile.h" // ONLY ACCESS THE STATIC FUNCTIONS!
-#include "httpcredentialstext.h"
 #include "libsync/logger.h"
 #include "libsync/theme.h"
 #include "networkjobs/checkserverjobfactory.h"
@@ -50,10 +50,8 @@ struct CmdOptions
     QUrl target_url;
     QUrl server_url;
 
-    QString remoteFolder;
-    QString config_directory;
-    QString user;
-    QString password;
+    QByteArray username;
+    QByteArray token;
     QString proxy;
     bool silent = false;
     bool trustSSL = false;
@@ -76,7 +74,6 @@ struct SyncCTX
     CmdOptions options;
     bool promptRemoveAllFiles;
     AccountPtr account;
-    QString user;
 };
 
 /* If the selective sync list is different from before, we need to disable the read from db
@@ -135,8 +132,7 @@ void sync(const SyncCTX &ctx)
     }
 
     SyncOptions opt{QSharedPointer<Vfs>(VfsPluginManager::instance().createVfsFromPlugin(Vfs::Off).release())};
-    auto engine = new SyncEngine(
-        ctx.account, ctx.options.target_url, ctx.options.source_dir, ctx.options.remoteFolder, db);
+    auto engine = new SyncEngine(ctx.account, ctx.options.target_url, ctx.options.source_dir, {}, db);
     engine->setSyncOptions(opt);
     engine->setParent(db);
 
@@ -192,18 +188,6 @@ void setupCredentials(SyncCTX &ctx)
     // 2. From options
     // 3. From prompt (if interactive)
 
-    const auto &url = ctx.options.target_url;
-    ctx.user = url.userName();
-    QString password = url.password();
-
-    if (!ctx.options.user.isEmpty()) {
-        ctx.user = ctx.options.user;
-    }
-
-    if (!ctx.options.password.isEmpty()) {
-        password = ctx.options.password;
-    }
-
     if (!ctx.options.proxy.isNull()) {
         QString host;
         uint32_t port = 0;
@@ -243,7 +227,7 @@ void setupCredentials(SyncCTX &ctx)
         f.close();
     }
 
-    ctx.account->setCredentials(HttpCredentialsText::create(ctx.options.interactive, ctx.user, password));
+    ctx.account->setCredentials(new TokenCredentials(std::move(ctx.options.username), std::move(ctx.options.token)));
     if (ctx.options.trustSSL) {
         QObject::connect(ctx.account->accessManager(), &QNetworkAccessManager::sslErrors, qApp,
             [](QNetworkReply *reply, const QList<QSslError> &errors) { reply->ignoreSslErrors(errors); });
@@ -277,16 +261,16 @@ CmdOptions parseOptions(const QStringList &app_args)
         return option;
     };
 
+    auto serverOption = addOption({{QStringLiteral("server")}, QStringLiteral("The URL for the server"), QStringLiteral("url")});
+    auto userOption = addOption({{QStringLiteral("u"), QStringLiteral("user")}, QStringLiteral("Username"), QStringLiteral("name")});
+    auto tokenOption = addOption({{QStringLiteral("t"), QStringLiteral("token")}, QStringLiteral("Authentication token"), QStringLiteral("token")});
+
     auto silentOption = addOption({ { QStringLiteral("s"), QStringLiteral("silent") }, QStringLiteral("Don't be so verbose.") });
     auto httpproxyOption = addOption({ { QStringLiteral("httpproxy") }, QStringLiteral("Specify a http proxy to use."), QStringLiteral("http://server:port") });
     auto trustOption = addOption({ { QStringLiteral("trust") }, QStringLiteral("Trust the SSL certification") });
     auto excludeOption = addOption({ { QStringLiteral("exclude") }, QStringLiteral("Path to an exclude list [file]"), QStringLiteral("file") });
     auto unsyncedfoldersOption = addOption({ { QStringLiteral("unsyncedfolders") }, QStringLiteral("File containing the list of unsynced remote folders (selective sync)"), QStringLiteral("file") });
 
-    auto serverOption = addOption({{QStringLiteral("server")}, QStringLiteral("Use [url] as the location of the server."), QStringLiteral("url")});
-    auto userOption = addOption({ { QStringLiteral("u"), QStringLiteral("user") }, QStringLiteral("Use [name] as the login name"), QStringLiteral("name") });
-    auto passwordOption = addOption({{QStringLiteral("p"), QStringLiteral("password")}, QStringLiteral("Use [pass] as password"), QStringLiteral("password")});
-
     auto nonInterActiveOption = addOption({ { QStringLiteral("non-interactive") }, QStringLiteral("Do not block execution with interaction") });
     auto maxRetriesOption = addOption({ { QStringLiteral("max-sync-retries") }, QStringLiteral("Retries maximum n times (default to 3)"), QStringLiteral("n") });
     auto uploadLimitOption = addOption({ { QStringLiteral("uplimit") }, QStringLiteral("Limit the upload speed of files to n KB/s"), QStringLiteral("n") });
@@ -302,8 +286,7 @@ CmdOptions parseOptions(const QStringList &app_args)
     parser.addVersionOption();
 
     parser.addPositionalArgument(QStringLiteral("source_dir"), QStringLiteral("The source dir"));
-    parser.addPositionalArgument(QStringLiteral("server_url"), QStringLiteral("The URL to the server"));
-    parser.addPositionalArgument(QStringLiteral("remote_folder"), QStringLiteral("A remote folder"));
+    parser.addPositionalArgument(QStringLiteral("space_url"), QStringLiteral("The URL to the space"));
 
     parser.process(app_args);
 
@@ -313,11 +296,11 @@ CmdOptions parseOptions(const QStringList &app_args)
         parser.showHelp(EXIT_FAILURE);
     }
 
-    options.source_dir = [arg = args[0]] {
+    options.source_dir = [&parser, arg = args[0]] {
         const QFileInfo fi(arg);
         if (!fi.exists()) {
             qCritical() << "Source dir" << arg << "does not exist.";
-            exit(EXIT_FAILURE);
+            parser.showHelp(EXIT_FAILURE);
         }
         QString sourceDir = fi.absoluteFilePath();
         if (!sourceDir.endsWith(QLatin1Char('/'))) {
@@ -326,9 +309,6 @@ CmdOptions parseOptions(const QStringList &app_args)
         return sourceDir;
     }();
     options.target_url = QUrl::fromUserInput(args[1]);
-    if (args.size() == 3) {
-        options.remoteFolder = args[2];
-    }
 
     if (parser.isSet(httpproxyOption)) {
         options.proxy = parser.value(httpproxyOption);
@@ -345,13 +325,20 @@ CmdOptions parseOptions(const QStringList &app_args)
     if (parser.isSet(serverOption)) {
         options.server_url = QUrl::fromUserInput(parser.value(serverOption));
     } else {
-        options.server_url = options.target_url;
+        qCritical() << "Server not set";
+        parser.showHelp(EXIT_FAILURE);
     }
-    if (parser.isSet(userOption)) {
-        options.user = parser.value(userOption);
+    if (parser.isSet(tokenOption)) {
+        options.token = parser.value(tokenOption).toUtf8();
+    } else {
+        qCritical() << "Token not set";
+        parser.showHelp(EXIT_FAILURE);
     }
-    if (parser.isSet(passwordOption)) {
-        options.password = parser.value(passwordOption);
+    if (parser.isSet(userOption)) {
+        options.username = parser.value(userOption).toUtf8();
+    } else {
+        qCritical() << "Username not set";
+        parser.showHelp(EXIT_FAILURE);
     }
     if (parser.isSet(excludeOption)) {
         options.exclude = parser.value(excludeOption);
@@ -417,16 +404,8 @@ int main(int argc, char **argv)
         ctx.options.server_url = ctx.options.server_url.adjusted(QUrl::RemoveUserInfo);
         ctx.options.target_url = ctx.options.target_url.adjusted(QUrl::RemoveUserInfo);
 
-        const QUrl baseUrl = [&ctx] {
-            auto tmp = ctx.options.server_url;
-            // Find the url leading to the dav root
-            QStringList splitted = tmp.path().split(ctx.account->davPath());
-            tmp.setPath(splitted.value(0));
-            return tmp;
-        }();
-
 
-        ctx.account->setUrl(baseUrl);
+        ctx.account->setUrl(ctx.options.server_url);
 
         auto *checkServerJob = CheckServerJobFactory(ctx.account->accessManager()).startJob(ctx.account->url(), qApp);
 
@@ -460,24 +439,9 @@ int main(int argc, char **argv)
                         exit(EXIT_FAILURE);
                     }
 
-                    auto userJob = new JsonApiJob(ctx.account, QStringLiteral("ocs/v1.php/cloud/user"), {}, {}, nullptr);
-                    QObject::connect(userJob, &JsonApiJob::finishedSignal, qApp, [userJob, ctx = ctx]() mutable {
-                        const QJsonObject data = userJob->data().value(QStringLiteral("ocs")).toObject().value(QStringLiteral("data")).toObject();
-                        ctx.account->setDavUser(data.value(QStringLiteral("id")).toString());
-                        ctx.account->setDavDisplayName(data.value(QStringLiteral("display-name")).toString());
-
-                        if (ctx.options.server_url == ctx.options.target_url) {
-                            // guess dav path
-                            if (!ctx.options.target_url.path().contains(ctx.account->davPath())) {
-                                ctx.options.target_url = OCC::Utility::concatUrlPath(ctx.options.target_url, ctx.account->davPath());
-                            }
-                        }
-
-                        // much lower age than the default since this utility is usually made to be run right after a change in the tests
-                        SyncEngine::minimumFileAgeForUpload = std::chrono::seconds(0);
-                        sync(ctx);
-                    });
-                    userJob->start();
+                    // much lower age than the default since this utility is usually made to be run right after a change in the tests
+                    SyncEngine::minimumFileAgeForUpload = std::chrono::seconds(0);
+                    sync(ctx);
                 });
                 capabilitiesJob->start();
             } else {

src/cmd/tokencredentials.cpp

@@ -0,0 +1,72 @@
+/*
+ * Copyright (C) by Hannah von Reth <h.vonreth@opencloud.eu>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "tokencredentials.h"
+
+#include "creds/httpcredentials.h"
+#include "libsync/accessmanager.h"
+
+using namespace OCC;
+
+class OCC::TokensAccessManager : public AccessManager
+{
+    Q_OBJECT
+public:
+    TokensAccessManager(QByteArray &&username, QByteArray &&token, QObject *parent)
+        : AccessManager(parent)
+        , _token("Basic " + QByteArray(username + ':' + token).toBase64())
+    {
+    }
+
+protected:
+    QNetworkReply *createRequest(Operation op, const QNetworkRequest &request, QIODevice *outgoingData) override
+    {
+        QNetworkRequest req(request);
+        if (!req.attribute(HttpCredentials::DontAddCredentialsAttribute).toBool()) {
+            req.setRawHeader("Authorization", _token);
+        }
+        return AccessManager::createRequest(op, req, outgoingData);
+    }
+
+private:
+    QByteArray _token;
+};
+
+TokenCredentials::TokenCredentials(QByteArray &&username, QByteArray &&token)
+    : _accessManager(new TokensAccessManager(std::move(username), std::move(token), this))
+{
+}
+
+AccessManager *TokenCredentials::createAM() const
+{
+    return _accessManager;
+}
+
+bool TokenCredentials::ready() const
+{
+    return true;
+}
+
+void TokenCredentials::fetchFromKeychain() { }
+
+void TokenCredentials::restartOauth() { }
+
+void TokenCredentials::persist() { }
+
+void TokenCredentials::invalidateToken() { }
+
+void TokenCredentials::forgetSensitiveData() { }
+
+
+#include "tokencredentials.moc"

src/cmd/tokencredentials.h

@@ -0,0 +1,40 @@
+/*
+ * Copyright (C) by Hannah von Reth <h.vonreth@opencloud.eu>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#pragma once
+
+#include "libsync/creds/abstractcredentials.h"
+
+namespace OCC {
+class TokensAccessManager;
+
+class TokenCredentials : public AbstractCredentials
+{
+private:
+    Q_OBJECT
+public:
+    TokenCredentials(QByteArray &&username, QByteArray &&token);
+
+    AccessManager *createAM() const override;
+    bool ready() const override;
+    void fetchFromKeychain() override;
+    void restartOauth() override;
+    void persist() override;
+    void invalidateToken() override;
+    void forgetSensitiveData() override;
+
+private:
+    TokensAccessManager *_accessManager;
+};
+}

src/libsync/creds/abstractcredentials.h

@@ -44,7 +44,6 @@ class OPENCLOUD_SYNC_EXPORT AbstractCredentials : public QObject
      */
     virtual void setAccount(Account *account);
 
-    virtual QString authType() const = 0;
     virtual AccessManager *createAM() const = 0;
 
     /** Whether there are credentials that can be used for a connection attempt. */

src/libsync/creds/httpcredentials.cpp

@@ -80,16 +80,6 @@ HttpCredentials::HttpCredentials(const QString &accessToken)
 {
 }
 
-QString HttpCredentials::authType() const
-{
-    return QStringLiteral("http");
-}
-
-void HttpCredentials::setAccount(Account *account)
-{
-    AbstractCredentials::setAccount(account);
-}
-
 AccessManager *HttpCredentials::createAM() const
 {
     AccessManager *am = new HttpCredentialsAccessManager(this);

src/libsync/creds/httpcredentials.h

@@ -53,7 +53,6 @@ class OPENCLOUD_SYNC_EXPORT HttpCredentials : public AbstractCredentials
 
     explicit HttpCredentials(const QString &accessToken);
 
-    QString authType() const override;
     AccessManager *createAM() const override;
     bool ready() const override;
     void fetchFromKeychain() override;
@@ -67,7 +66,6 @@ class OPENCLOUD_SYNC_EXPORT HttpCredentials : public AbstractCredentials
      */
     bool refreshAccessToken();
 
-    void setAccount(Account *account) override;
 
 protected:
     HttpCredentials() = default;

test/testutils/syncenginetestutils.h

@@ -508,7 +508,6 @@ class FakeCredentials : public OCC::AbstractCredentials
     {
     }
 
-    QString authType() const override { return QStringLiteral("test"); }
     OCC::AccessManager *createAM() const override { return _am; }
     bool ready() const override { return true; }
     void fetchFromKeychain() override { }