Add patch for GNOME bug #735311 (Adapt to new Google HTTP restriction)
This commit is contained in:
parent
f05d5d4509
commit
7202ccb3c8
185
evolution-data-server-3.13.5-google-caldav-login.patch
Normal file
185
evolution-data-server-3.13.5-google-caldav-login.patch
Normal file
@ -0,0 +1,185 @@
|
||||
From 00a465670ef3d8adbaf011b3e697ba5befb00623 Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Barnes <mbarnes@redhat.com>
|
||||
Date: Mon, 25 Aug 2014 11:01:20 -0400
|
||||
Subject: Bug 735311 - Adapt to new Google HTTP restriction
|
||||
|
||||
Google has recently imposed a limit on the number of unauthorized HTTP
|
||||
requests to its OAuth2-based interfaces.
|
||||
|
||||
The normal operation of SoupSession is to issue the first HTTP request
|
||||
unauthorized and see if the server issues a "401 Unauthorized" response
|
||||
(since not all HTTP services require authorization).
|
||||
|
||||
On a "401 Unauthorized" response, SoupSession emits an "authenticate"
|
||||
signal, which the application is supposed to handle. Once credentials
|
||||
are in hand, SoupSession resends the same HTTP request and subsequent
|
||||
requests with an Authenticate header while the socket connection holds.
|
||||
|
||||
Google's unauthorized request limit breaks this logic flow. Once the
|
||||
limit is exceeded, the Google server issues a "403 Forbidden" response
|
||||
instead of "401 Unauthorized" to an unauthorized HTTP request. This
|
||||
breaks error handling in the E-D-S CalDAV backend.
|
||||
|
||||
The workaround is to preload the SoupAuthManager with a pre-configured
|
||||
SoupAuth when using OAuth 2.0 authentication. This avoids the initial
|
||||
unauthorized HTTP round-trip.
|
||||
|
||||
The backend implements the GInitable interface for this since obtaining
|
||||
a valid access token is a failable step.
|
||||
|
||||
diff --git a/calendar/backends/caldav/e-cal-backend-caldav.c b/calendar/backends/caldav/e-cal-backend-caldav.c
|
||||
index 7f10720..f94a5a9 100644
|
||||
--- a/calendar/backends/caldav/e-cal-backend-caldav.c
|
||||
+++ b/calendar/backends/caldav/e-cal-backend-caldav.c
|
||||
@@ -130,6 +130,8 @@ struct _ECalBackendCalDAVPrivate {
|
||||
};
|
||||
|
||||
/* Forward Declarations */
|
||||
+static void e_caldav_backend_initable_init
|
||||
+ (GInitableIface *interface);
|
||||
static void caldav_source_authenticator_init
|
||||
(ESourceAuthenticatorInterface *iface);
|
||||
|
||||
@@ -138,6 +140,9 @@ G_DEFINE_TYPE_WITH_CODE (
|
||||
e_cal_backend_caldav,
|
||||
E_TYPE_CAL_BACKEND_SYNC,
|
||||
G_IMPLEMENT_INTERFACE (
|
||||
+ G_TYPE_INITABLE,
|
||||
+ e_caldav_backend_initable_init)
|
||||
+ G_IMPLEMENT_INTERFACE (
|
||||
E_TYPE_SOURCE_AUTHENTICATOR,
|
||||
caldav_source_authenticator_init))
|
||||
|
||||
@@ -5206,11 +5211,83 @@ e_cal_backend_caldav_finalize (GObject *object)
|
||||
G_OBJECT_CLASS (parent_class)->finalize (object);
|
||||
}
|
||||
|
||||
-static void
|
||||
-e_cal_backend_caldav_init (ECalBackendCalDAV *cbdav)
|
||||
+static gboolean
|
||||
+caldav_backend_initable_init (GInitable *initable,
|
||||
+ GCancellable *cancellable,
|
||||
+ GError **error)
|
||||
{
|
||||
+ ECalBackendCalDAVPrivate *priv;
|
||||
SoupSessionFeature *feature;
|
||||
+ ESource *source;
|
||||
+ const gchar *extension_name;
|
||||
+ gchar *auth_method = NULL;
|
||||
+ gboolean success = TRUE;
|
||||
+
|
||||
+ priv = E_CAL_BACKEND_CALDAV_GET_PRIVATE (initable);
|
||||
+
|
||||
+ feature = soup_session_get_feature (
|
||||
+ priv->session, SOUP_TYPE_AUTH_MANAGER);
|
||||
+
|
||||
+ /* Add the "Bearer" auth type to support OAuth 2.0. */
|
||||
+ soup_session_feature_add_feature (feature, E_TYPE_SOUP_AUTH_BEARER);
|
||||
+ g_mutex_init (&priv->bearer_auth_error_lock);
|
||||
+
|
||||
+ /* Preload the SoupAuthManager with a valid "Bearer" token
|
||||
+ * when using OAuth 2.0. This avoids an extra unauthorized
|
||||
+ * HTTP round-trip, which apparently Google doesn't like. */
|
||||
+
|
||||
+ source = e_backend_get_source (E_BACKEND (initable));
|
||||
+
|
||||
+ extension_name = E_SOURCE_EXTENSION_AUTHENTICATION;
|
||||
+ if (e_source_has_extension (source, extension_name)) {
|
||||
+ ESourceAuthentication *extension;
|
||||
+
|
||||
+ extension = e_source_get_extension (source, extension_name);
|
||||
+ auth_method = e_source_authentication_dup_method (extension);
|
||||
+ }
|
||||
+
|
||||
+ if (g_strcmp0 (auth_method, "OAuth2") == 0) {
|
||||
+ ESourceWebdav *extension;
|
||||
+ SoupAuth *soup_auth;
|
||||
+ SoupURI *soup_uri;
|
||||
+ gchar *access_token = NULL;
|
||||
+ gint expires_in_seconds = -1;
|
||||
+
|
||||
+ extension_name = E_SOURCE_EXTENSION_WEBDAV_BACKEND;
|
||||
+ extension = e_source_get_extension (source, extension_name);
|
||||
+ soup_uri = e_source_webdav_dup_soup_uri (extension);
|
||||
|
||||
+ soup_auth = g_object_new (
|
||||
+ E_TYPE_SOUP_AUTH_BEARER,
|
||||
+ SOUP_AUTH_HOST, soup_uri->host, NULL);
|
||||
+
|
||||
+ success = e_source_get_oauth2_access_token_sync (
|
||||
+ source, cancellable, &access_token,
|
||||
+ &expires_in_seconds, error);
|
||||
+
|
||||
+ if (success) {
|
||||
+ e_soup_auth_bearer_set_access_token (
|
||||
+ E_SOUP_AUTH_BEARER (soup_auth),
|
||||
+ access_token, expires_in_seconds);
|
||||
+
|
||||
+ soup_auth_manager_use_auth (
|
||||
+ SOUP_AUTH_MANAGER (feature),
|
||||
+ soup_uri, soup_auth);
|
||||
+ }
|
||||
+
|
||||
+ g_free (access_token);
|
||||
+ g_object_unref (soup_auth);
|
||||
+ soup_uri_free (soup_uri);
|
||||
+ }
|
||||
+
|
||||
+ g_free (auth_method);
|
||||
+
|
||||
+ return success;
|
||||
+}
|
||||
+
|
||||
+static void
|
||||
+e_cal_backend_caldav_init (ECalBackendCalDAV *cbdav)
|
||||
+{
|
||||
cbdav->priv = E_CAL_BACKEND_CALDAV_GET_PRIVATE (cbdav);
|
||||
cbdav->priv->session = soup_session_sync_new ();
|
||||
g_object_set (
|
||||
@@ -5225,17 +5302,6 @@ e_cal_backend_caldav_init (ECalBackendCalDAV *cbdav)
|
||||
cbdav->priv->session, "proxy-resolver",
|
||||
G_BINDING_SYNC_CREATE);
|
||||
|
||||
- /* XXX SoupAuthManager is public API as of libsoup 2.42, but
|
||||
- * this isn't worth bumping our libsoup requirement over.
|
||||
- * So get the SoupAuthManager GType by its type name. */
|
||||
- feature = soup_session_get_feature (
|
||||
- cbdav->priv->session,
|
||||
- g_type_from_name ("SoupAuthManager"));
|
||||
-
|
||||
- /* Add the "Bearer" auth type to support OAuth 2.0. */
|
||||
- soup_session_feature_add_feature (feature, E_TYPE_SOUP_AUTH_BEARER);
|
||||
- g_mutex_init (&cbdav->priv->bearer_auth_error_lock);
|
||||
-
|
||||
if (G_UNLIKELY (caldav_debug_show (DEBUG_MESSAGE)))
|
||||
caldav_debug_setup (cbdav->priv->session);
|
||||
|
||||
@@ -5305,3 +5371,10 @@ e_cal_backend_caldav_class_init (ECalBackendCalDAVClass *class)
|
||||
|
||||
backend_class->start_view = caldav_start_view;
|
||||
}
|
||||
+
|
||||
+static void
|
||||
+e_caldav_backend_initable_init (GInitableIface *interface)
|
||||
+{
|
||||
+ interface->init = caldav_backend_initable_init;
|
||||
+}
|
||||
+
|
||||
diff --git a/libedataserver/e-source-webdav.c b/libedataserver/e-source-webdav.c
|
||||
index 5ec6b9a..c30d353 100644
|
||||
--- a/libedataserver/e-source-webdav.c
|
||||
+++ b/libedataserver/e-source-webdav.c
|
||||
@@ -244,7 +244,9 @@ source_webdav_update_soup_uri_from_properties (ESourceWebdav *webdav_extension)
|
||||
|
||||
soup_uri_set_user (soup_uri, user);
|
||||
soup_uri_set_host (soup_uri, host);
|
||||
- soup_uri_set_port (soup_uri, port);
|
||||
+
|
||||
+ if (port > 0)
|
||||
+ soup_uri_set_port (soup_uri, port);
|
||||
|
||||
/* SoupURI doesn't like NULL paths. */
|
||||
soup_uri_set_path (soup_uri, (path != NULL) ? path : "");
|
||||
--
|
||||
cgit v0.10.1
|
||||
|
@ -32,7 +32,7 @@
|
||||
|
||||
Name: evolution-data-server
|
||||
Version: 3.13.5
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
Group: System Environment/Libraries
|
||||
Summary: Backend data server for Evolution
|
||||
License: LGPLv2+
|
||||
@ -48,6 +48,8 @@ Obsoletes: evolution-webcal < 2.24.0
|
||||
# RH bug #243296
|
||||
Patch01: evolution-data-server-1.11.5-fix-64bit-acinclude.patch
|
||||
|
||||
Patch02: evolution-data-server-3.13.5-google-caldav-login.patch
|
||||
|
||||
### Dependencies ###
|
||||
|
||||
Requires: dconf
|
||||
@ -144,6 +146,7 @@ the functionality of the installed %{name} package.
|
||||
%setup -q
|
||||
|
||||
%patch01 -p1 -b .fix-64bit-acinclude
|
||||
%patch02 -p1 -b .google-caldav-login
|
||||
|
||||
%build
|
||||
%if %{ldap_support}
|
||||
@ -400,6 +403,9 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &>/dev/null || :
|
||||
%{_datadir}/installed-tests
|
||||
|
||||
%changelog
|
||||
* Wed Aug 27 2014 Milan Crha <mcrha@redhat.com> - 3.13.5-3
|
||||
- Add patch for GNOME bug #735311 (Adapt to new Google HTTP restriction)
|
||||
|
||||
* Tue Aug 26 2014 David Tardon <dtardon@redhat.com> - 3.13.5-2
|
||||
- rebuild for ICU 53.1
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user