From 0cd854424f3dee5987c365791600b9932edf6f05 Mon Sep 17 00:00:00 2001
From: Milan Crha <mcrha@redhat.com>
Date: Wed, 15 Nov 2023 10:46:50 +0100
Subject: [PATCH] Related: RHEL-10492 (Add margin around OAuth2 prompt content)

---
 0003-Drop-dependency-on-WebKitGTK-139.patch | 317 +++++++-------------
 gnome-online-accounts.spec                  |   5 +-
 2 files changed, 113 insertions(+), 209 deletions(-)

diff --git a/0003-Drop-dependency-on-WebKitGTK-139.patch b/0003-Drop-dependency-on-WebKitGTK-139.patch
index 00884fc..c7773a1 100644
--- a/0003-Drop-dependency-on-WebKitGTK-139.patch
+++ b/0003-Drop-dependency-on-WebKitGTK-139.patch
@@ -1,51 +1,3 @@
-From 2e3a599fd725ce5647f1496c54b66acde436b357 Mon Sep 17 00:00:00 2001
-From: rpm-build <rpm-build>
-Date: Wed, 8 Nov 2023 15:49:49 +0100
-Subject: [PATCH] 0003-Drop-dependency-on-WebKitGTK-139.patch
-
----
- configure.ac                                  |   20 +-
- data/Makefile.am                              |   15 +
- ...org.gnome.OnlineAccounts.OAuth2.desktop.in |    6 +
- doc/goa-docs.xml                              |    1 -
- doc/goa-sections.txt                          |   30 -
- doc/goa.types                                 |    1 -
- po/POTFILES.in                                |    1 -
- src/goabackend/Makefile.am                    |   48 +-
- src/goabackend/goafacebookprovider.c          |   26 -
- src/goabackend/goaflickrprovider.c            |  364 ----
- src/goabackend/goaflickrprovider.h            |   37 -
- src/goabackend/goafoursquareprovider.c        |   26 -
- src/goabackend/goagoogleprovider.c            |   32 -
- src/goabackend/goaoauth2handler.c             |  173 ++
- src/goabackend/goaoauth2provider-priv.h       |   17 -
- .../goaoauth2provider-web-extension.h         |   40 -
- src/goabackend/goaoauth2provider-web-view.h   |   37 -
- src/goabackend/goaoauth2provider.c            |  482 +++--
- src/goabackend/goaoauthprovider.c             | 1638 -----------------
- src/goabackend/goaoauthprovider.h             |  143 --
- src/goabackend/goaprovider.c                  |    4 -
- src/goabackend/goawebextension.c              |  268 ---
- src/goabackend/goawebextension.h              |   37 -
- src/goabackend/goawebextensionmain.c          |   46 -
- src/goabackend/goawebview.c                   |  515 ------
- src/goabackend/goawebview.h                   |   38 -
- src/goabackend/goawindowsliveprovider.c       |   34 +-
- 27 files changed, 453 insertions(+), 3626 deletions(-)
- create mode 100644 data/org.gnome.OnlineAccounts.OAuth2.desktop.in
- delete mode 100644 src/goabackend/goaflickrprovider.c
- delete mode 100644 src/goabackend/goaflickrprovider.h
- create mode 100644 src/goabackend/goaoauth2handler.c
- delete mode 100644 src/goabackend/goaoauth2provider-web-extension.h
- delete mode 100644 src/goabackend/goaoauth2provider-web-view.h
- delete mode 100644 src/goabackend/goaoauthprovider.c
- delete mode 100644 src/goabackend/goaoauthprovider.h
- delete mode 100644 src/goabackend/goawebextension.c
- delete mode 100644 src/goabackend/goawebextension.h
- delete mode 100644 src/goabackend/goawebextensionmain.c
- delete mode 100644 src/goabackend/goawebview.c
- delete mode 100644 src/goabackend/goawebview.h
-
 diff --git a/configure.ac b/configure.ac
 index 332a0bf..70962d6 100644
 --- a/configure.ac
@@ -93,10 +45,10 @@ index 332a0bf..70962d6 100644
  # IMAP/SMTP
  AC_DEFINE(GOA_IMAP_SMTP_NAME, ["imap_smtp"], [ProviderType and extension point name])
 diff --git a/data/Makefile.am b/data/Makefile.am
-index e3608a1..f778935 100644
+index e3608a1..c3f1009 100644
 --- a/data/Makefile.am
 +++ b/data/Makefile.am
-@@ -19,17 +19,32 @@ endif
+@@ -19,17 +19,33 @@ endif
  service_DATA     = $(service_in_files:.service.in=.service)
  %.service: %.service.in Makefile
  	@sed -e "s|\@libexecdir\@|$(libexecdir)|" $< > $@
@@ -106,9 +58,10 @@ index e3608a1..f778935 100644
 +desktopdir       = $(datadir)/applications
 +desktop_in_files = org.gnome.OnlineAccounts.OAuth2.desktop.in
 +desktop_DATA     = $(desktop_in_files:.desktop.in=.desktop)
-+oauth2_schemes=x-scheme-handler/goa-oauth2;
 +if GOOGLE_ENABLED
-+  oauth2_schemes+=x-scheme-handler/com.googleusercontent.apps.44438659992-7kgjeitenc16ssihbtdjbgguch7ju55s;
++  oauth2_schemes=x-scheme-handler/com.googleusercontent.apps.44438659992-7kgjeitenc16ssihbtdjbgguch7ju55s;
++else
++  oauth2_schemes=
  endif
  
 +%.desktop: %.desktop.in Makefile
@@ -131,7 +84,7 @@ index e3608a1..f778935 100644
  
 diff --git a/data/org.gnome.OnlineAccounts.OAuth2.desktop.in b/data/org.gnome.OnlineAccounts.OAuth2.desktop.in
 new file mode 100644
-index 0000000..c3bd4d7
+index 0000000..d0478aa
 --- /dev/null
 +++ b/data/org.gnome.OnlineAccounts.OAuth2.desktop.in
 @@ -0,0 +1,6 @@
@@ -139,9 +92,8 @@ index 0000000..c3bd4d7
 +Name=GNOME OAuth2 Handler
 +Exec=@libexecdir@/goa-oauth2-handler %u
 +Type=Application
-+MimeType=@oauth2_schemes@
++MimeType=x-scheme-handler/goa-oauth2;@oauth2_schemes@
 +NoDisplay=true
-\ No newline at end of file
 diff --git a/doc/goa-docs.xml b/doc/goa-docs.xml
 index 0abb53a..a9d45e1 100644
 --- a/doc/goa-docs.xml
@@ -825,10 +777,72 @@ index c1e4146..def21cb 100644
    oauth2_class->add_account_key_values   = add_account_key_values;
  }
 diff --git a/src/goabackend/goagoogleprovider.c b/src/goabackend/goagoogleprovider.c
-index b3c0f8f..52c09a8 100644
+index b3c0f8f..0fb40c3 100644
 --- a/src/goabackend/goagoogleprovider.c
 +++ b/src/goabackend/goagoogleprovider.c
-@@ -228,37 +228,6 @@ get_identity_sync (GoaOAuth2Provider  *oauth2_provider,
+@@ -32,6 +32,7 @@
+ struct _GoaGoogleProvider
+ {
+   GoaOAuth2Provider parent_instance;
++  gchar *redirect_uri;
+ };
+ 
+ G_DEFINE_TYPE_WITH_CODE (GoaGoogleProvider, goa_google_provider, GOA_TYPE_OAUTH2_PROVIDER,
+@@ -76,19 +77,50 @@ get_provider_features (GoaProvider *provider)
+ static const gchar *
+ get_authorization_uri (GoaOAuth2Provider *oauth2_provider)
+ {
+-  return "https://accounts.google.com/o/oauth2/auth";
++  return "https://accounts.google.com/o/oauth2/v2/auth";
+ }
+ 
+ static const gchar *
+ get_token_uri (GoaOAuth2Provider *oauth2_provider)
+ {
+-  return "https://accounts.google.com/o/oauth2/token";
++  return "https://oauth2.googleapis.com/token";
+ }
+ 
+ static const gchar *
+ get_redirect_uri (GoaOAuth2Provider *oauth2_provider)
+ {
+-  return "http://localhost";
++  G_LOCK_DEFINE_STATIC (redirect_uri);
++  GoaGoogleProvider *self = GOA_GOOGLE_PROVIDER (oauth2_provider);
++
++  G_LOCK (redirect_uri);
++
++  if (!self->redirect_uri) {
++    GPtrArray *array;
++    gchar **strv;
++    gchar *joinstr;
++    guint ii;
++
++    strv = g_strsplit (GOA_GOOGLE_CLIENT_ID, ".", -1);
++    array = g_ptr_array_new ();
++
++    for (ii = 0; strv[ii]; ii++) {
++      g_ptr_array_insert (array, 0, strv[ii]);
++    }
++
++    g_ptr_array_add (array, NULL);
++
++    joinstr = g_strjoinv (".", (gchar **) array->pdata);
++    /* Use reverse-DNS of the client ID with the below path */
++    self->redirect_uri = g_strconcat (joinstr, ":/oauth2redirect", NULL);
++
++    g_ptr_array_free (array, TRUE);
++    g_strfreev (strv);
++    g_free (joinstr);
++  }
++
++  G_UNLOCK (redirect_uri);
++
++  return self->redirect_uri;
+ }
+ 
+ static const gchar *
+@@ -228,37 +260,6 @@ get_identity_sync (GoaOAuth2Provider  *oauth2_provider,
  
  /* ---------------------------------------------------------------------------------------------------- */
  
@@ -866,7 +880,35 @@ index b3c0f8f..52c09a8 100644
  static gboolean
  build_object (GoaProvider         *provider,
                GoaObjectSkeleton   *object,
-@@ -426,7 +395,6 @@ goa_google_provider_class_init (GoaGoogleProviderClass *klass)
+@@ -400,6 +401,16 @@ add_account_key_values (GoaOAuth2Provider  *oauth2_provider,
+ 
+ /* ---------------------------------------------------------------------------------------------------- */
+ 
++static void
++goa_google_finalize (GObject *object)
++{
++  GoaGoogleProvider *self = GOA_GOOGLE_PROVIDER (object);
++
++  g_free (self->redirect_uri);
++
++  G_OBJECT_CLASS (goa_google_provider_parent_class)->finalize (object);
++}
++
+ static void
+ goa_google_provider_init (GoaGoogleProvider *self)
+ {
+@@ -410,6 +421,10 @@ goa_google_provider_class_init (GoaGoogleProviderClass *klass)
+ {
+   GoaProviderClass *provider_class;
+   GoaOAuth2ProviderClass *oauth2_class;
++  GObjectClass *object_class;
++
++  object_class = G_OBJECT_CLASS (klass);
++  object_class->finalize = goa_google_finalize;
+ 
+   provider_class = GOA_PROVIDER_CLASS (klass);
+   provider_class->get_provider_type          = get_provider_type;
+@@ -426,7 +441,6 @@ goa_google_provider_class_init (GoaGoogleProviderClass *klass)
    oauth2_class->get_identity_sync         = get_identity_sync;
    oauth2_class->get_redirect_uri          = get_redirect_uri;
    oauth2_class->get_scope                 = get_scope;
@@ -1187,7 +1229,7 @@ index f2dae5e..0000000
 -
 -#endif /* __GOA_OAUTH2_PROVIDER_WEB_VIEW_H__ */
 diff --git a/src/goabackend/goaoauth2provider.c b/src/goabackend/goaoauth2provider.c
-index 3715431..9359489 100644
+index 3715431..e7d5d2e 100644
 --- a/src/goabackend/goaoauth2provider.c
 +++ b/src/goabackend/goaoauth2provider.c
 @@ -22,16 +22,13 @@
@@ -1717,7 +1759,7 @@ index 3715431..9359489 100644
  
    /* TODO: use oauth2_proxy_build_login_url_full() */
    escaped_redirect_uri = g_uri_escape_string (goa_oauth2_provider_get_redirect_uri (self), NULL, TRUE);
-@@ -946,40 +910,70 @@ get_tokens_and_identity (GoaOAuth2Provider  *self,
+@@ -946,40 +910,71 @@ get_tokens_and_identity (GoaOAuth2Provider  *self,
      escaped_scope = g_uri_escape_string (goa_oauth2_provider_get_scope (self), NULL, TRUE);
    else
      escaped_scope = NULL;
@@ -1744,6 +1786,7 @@ index 3715431..9359489 100644
 +                       "hexpand",     TRUE,
 +                       "valign",      GTK_ALIGN_CENTER,
 +                       "vexpand",     TRUE,
++                       "margin",      12,
 +                       NULL);
    gtk_container_add (GTK_CONTAINER (vbox), grid);
  
@@ -1814,7 +1857,7 @@ index 3715431..9359489 100644
  
    /* We can have either the auth code, with which we'll obtain the token, or
     * the token directly if we are using a client side flow, since we don't
-@@ -1038,12 +1032,14 @@ get_tokens_and_identity (GoaOAuth2Provider  *self,
+@@ -1038,12 +1033,14 @@ get_tokens_and_identity (GoaOAuth2Provider  *self,
      }
  
    ret = TRUE;
@@ -1830,7 +1873,7 @@ index 3715431..9359489 100644
    return ret;
  }
  
-@@ -1107,6 +1103,7 @@ goa_oauth2_provider_add_account (GoaProvider *provider,
+@@ -1107,6 +1104,7 @@ goa_oauth2_provider_add_account (GoaProvider *provider,
    g_return_val_if_fail (error == NULL || *error == NULL, NULL);
  
    priv = goa_oauth2_provider_get_instance_private (self);
@@ -1838,7 +1881,7 @@ index 3715431..9359489 100644
  
    if (!get_tokens_and_identity (self, TRUE, NULL, dialog, vbox))
      goto out;
-@@ -1141,7 +1138,6 @@ goa_oauth2_provider_add_account (GoaProvider *provider,
+@@ -1141,7 +1139,6 @@ goa_oauth2_provider_add_account (GoaProvider *provider,
                                  NULL, /* GCancellable* */
                                  (GAsyncReadyCallback) add_account_cb,
                                  self);
@@ -1846,7 +1889,7 @@ index 3715431..9359489 100644
    g_main_loop_run (priv->loop);
    if (priv->error != NULL)
      goto out;
-@@ -1191,6 +1187,7 @@ goa_oauth2_provider_refresh_account (GoaProvider  *provider,
+@@ -1191,6 +1188,7 @@ goa_oauth2_provider_refresh_account (GoaProvider  *provider,
    g_return_val_if_fail (error == NULL || *error == NULL, FALSE);
  
    priv = goa_oauth2_provider_get_instance_private (self);
@@ -1854,7 +1897,7 @@ index 3715431..9359489 100644
  
    dialog = gtk_dialog_new_with_buttons (NULL,
                                          parent,
-@@ -1601,6 +1598,8 @@ goa_oauth2_provider_finalize (GObject *object)
+@@ -1601,6 +1599,8 @@ goa_oauth2_provider_finalize (GObject *object)
    g_free (priv->authorization_code);
    g_free (priv->access_token);
    g_free (priv->refresh_token);
@@ -1863,7 +1906,7 @@ index 3715431..9359489 100644
  
    G_OBJECT_CLASS (goa_oauth2_provider_parent_class)->finalize (object);
  }
-@@ -1626,12 +1625,9 @@ goa_oauth2_provider_class_init (GoaOAuth2ProviderClass *klass)
+@@ -1626,12 +1626,9 @@ goa_oauth2_provider_class_init (GoaOAuth2ProviderClass *klass)
    provider_class->ensure_credentials_sync    = goa_oauth2_provider_ensure_credentials_sync;
  
    klass->build_authorization_uri  = goa_oauth2_provider_build_authorization_uri_default;
@@ -4683,145 +4726,3 @@ index be35746..0ac5efb 100644
 -  oauth2_class->is_identity_node         = is_identity_node;
    oauth2_class->add_account_key_values   = add_account_key_values;
  }
--- 
-2.39.3
-
-diff --git a/src/goabackend/goagoogleprovider.c b/src/goabackend/goagoogleprovider.c
-index 52c09a8..0fb40c3 100644
---- a/src/goabackend/goagoogleprovider.c
-+++ b/src/goabackend/goagoogleprovider.c
-@@ -32,6 +32,7 @@
- struct _GoaGoogleProvider
- {
-   GoaOAuth2Provider parent_instance;
-+  gchar *redirect_uri;
- };
- 
- G_DEFINE_TYPE_WITH_CODE (GoaGoogleProvider, goa_google_provider, GOA_TYPE_OAUTH2_PROVIDER,
-@@ -76,19 +77,50 @@ get_provider_features (GoaProvider *provider)
- static const gchar *
- get_authorization_uri (GoaOAuth2Provider *oauth2_provider)
- {
--  return "https://accounts.google.com/o/oauth2/auth";
-+  return "https://accounts.google.com/o/oauth2/v2/auth";
- }
- 
- static const gchar *
- get_token_uri (GoaOAuth2Provider *oauth2_provider)
- {
--  return "https://accounts.google.com/o/oauth2/token";
-+  return "https://oauth2.googleapis.com/token";
- }
- 
- static const gchar *
- get_redirect_uri (GoaOAuth2Provider *oauth2_provider)
- {
--  return "http://localhost";
-+  G_LOCK_DEFINE_STATIC (redirect_uri);
-+  GoaGoogleProvider *self = GOA_GOOGLE_PROVIDER (oauth2_provider);
-+
-+  G_LOCK (redirect_uri);
-+
-+  if (!self->redirect_uri) {
-+    GPtrArray *array;
-+    gchar **strv;
-+    gchar *joinstr;
-+    guint ii;
-+
-+    strv = g_strsplit (GOA_GOOGLE_CLIENT_ID, ".", -1);
-+    array = g_ptr_array_new ();
-+
-+    for (ii = 0; strv[ii]; ii++) {
-+      g_ptr_array_insert (array, 0, strv[ii]);
-+    }
-+
-+    g_ptr_array_add (array, NULL);
-+
-+    joinstr = g_strjoinv (".", (gchar **) array->pdata);
-+    /* Use reverse-DNS of the client ID with the below path */
-+    self->redirect_uri = g_strconcat (joinstr, ":/oauth2redirect", NULL);
-+
-+    g_ptr_array_free (array, TRUE);
-+    g_strfreev (strv);
-+    g_free (joinstr);
-+  }
-+
-+  G_UNLOCK (redirect_uri);
-+
-+  return self->redirect_uri;
- }
- 
- static const gchar *
-@@ -369,6 +401,16 @@ add_account_key_values (GoaOAuth2Provider  *oauth2_provider,
- 
- /* ---------------------------------------------------------------------------------------------------- */
- 
-+static void
-+goa_google_finalize (GObject *object)
-+{
-+  GoaGoogleProvider *self = GOA_GOOGLE_PROVIDER (object);
-+
-+  g_free (self->redirect_uri);
-+
-+  G_OBJECT_CLASS (goa_google_provider_parent_class)->finalize (object);
-+}
-+
- static void
- goa_google_provider_init (GoaGoogleProvider *self)
- {
-@@ -379,6 +421,10 @@ goa_google_provider_class_init (GoaGoogleProviderClass *klass)
- {
-   GoaProviderClass *provider_class;
-   GoaOAuth2ProviderClass *oauth2_class;
-+  GObjectClass *object_class;
-+
-+  object_class = G_OBJECT_CLASS (klass);
-+  object_class->finalize = goa_google_finalize;
- 
-   provider_class = GOA_PROVIDER_CLASS (klass);
-   provider_class->get_provider_type          = get_provider_type;
-diff --git a/data/Makefile.am b/data/Makefile.am
-index f778935..33794ed 100644
---- a/data/Makefile.am
-+++ b/data/Makefile.am
-@@ -25,9 +25,9 @@ endif
- desktopdir       = $(datadir)/applications
- desktop_in_files = org.gnome.OnlineAccounts.OAuth2.desktop.in
- desktop_DATA     = $(desktop_in_files:.desktop.in=.desktop)
--oauth2_schemes=x-scheme-handler/goa-oauth2;
-+oauth2_schemes=
- if GOOGLE_ENABLED
--  oauth2_schemes+=x-scheme-handler/com.googleusercontent.apps.44438659992-7kgjeitenc16ssihbtdjbgguch7ju55s;
-+  oauth2_schemes=x-scheme-handler/com.googleusercontent.apps.44438659992-7kgjeitenc16ssihbtdjbgguch7ju55s;
- endif
- 
- %.desktop: %.desktop.in Makefile
-diff --git a/data/org.gnome.OnlineAccounts.OAuth2.desktop.in b/data/org.gnome.OnlineAccounts.OAuth2.desktop.in
-index c3bd4d7..d0478aa 100644
---- a/data/org.gnome.OnlineAccounts.OAuth2.desktop.in
-+++ b/data/org.gnome.OnlineAccounts.OAuth2.desktop.in
-@@ -2,5 +2,5 @@
- Name=GNOME OAuth2 Handler
- Exec=@libexecdir@/goa-oauth2-handler %u
- Type=Application
--MimeType=@oauth2_schemes@
--NoDisplay=true
-\ No newline at end of file
-+MimeType=x-scheme-handler/goa-oauth2;@oauth2_schemes@
-+NoDisplay=true
-diff --git a/data/Makefile.am b/data/Makefile.am
-index 33794ed..c3f1009 100644
---- a/data/Makefile.am
-+++ b/data/Makefile.am
-@@ -25,9 +25,10 @@ endif
- desktopdir       = $(datadir)/applications
- desktop_in_files = org.gnome.OnlineAccounts.OAuth2.desktop.in
- desktop_DATA     = $(desktop_in_files:.desktop.in=.desktop)
--oauth2_schemes=
- if GOOGLE_ENABLED
-   oauth2_schemes=x-scheme-handler/com.googleusercontent.apps.44438659992-7kgjeitenc16ssihbtdjbgguch7ju55s;
-+else
-+  oauth2_schemes=
- endif
- 
- %.desktop: %.desktop.in Makefile
diff --git a/gnome-online-accounts.spec b/gnome-online-accounts.spec
index 17e5918..03ea01e 100644
--- a/gnome-online-accounts.spec
+++ b/gnome-online-accounts.spec
@@ -5,7 +5,7 @@
 
 Name:		gnome-online-accounts
 Version:	3.40.0
-Release:	5%{?dist}
+Release:	6%{?dist}
 Summary:	Single sign-on framework for GNOME
 
 License:	LGPLv2+
@@ -135,6 +135,9 @@ find $RPM_BUILD_ROOT -name '*.la' -delete
 %{_datadir}/vala/
 
 %changelog
+* Wed Nov 15 2023 Milan Crha <mcrha@redhat.com> - 3.40.0-6
+- Related: RHEL-10492 (Add margin around OAuth2 prompt content)
+
 * Wed Nov 08 2023 Milan Crha <mcrha@redhat.com> - 3.40.0-5
 - Resolves: RHEL-10492 (Move account types that depend on WebKitGTK into separate optional subpackage)
 - backport upstream fix to use external browser for OAuth2