Ubuntu Single Sign On Client

[UIFe] Provide a dialog so that a user can accept SSL certificates

Bug #933729 reported by Manuel de la Peña on 2012-02-16

This bug affects 2 people

	Status	Importance	Assigned to	Milestone
Ubuntu Single Sign On Client	Status tracked in Trunk
Stable-3-0	Fix Released	Undecided	Unassigned	Ubuntu Single Sign On Client 2.99.90
Trunk	Fix Released	Medium	Manuel de la Peña
ubuntu-sso-client (Ubuntu)	Fix Released	Undecided	Unassigned
Precise	Fix Released	Undecided	Unassigned

Bug Description

With the addition of proxy support a new dialog is required. If a user connect to a proxy that uses a SSL certificate that has one of following issues:

* The proxy is using a self-signed certificate
* The proxy is using a free SSL Certificate
* The proxy is using a trusted SSL certificate but it is missing a chain/intermediate certificate.
* The certificate does no match
* etc..

A dialog should be prompted to the user stating there is a security issue. This is fundamental since if the proxy is not trusted the application should not use it.

Emails sent to Docs and Translators lists:

https://lists.ubuntu.com/archives/ubuntu-doc/2012-February/016352.html
https://lists.ubuntu.com/archives/ubuntu-translators/2012-February/005161.html

See original description

Tags:

Related branches

lp:~mandel/ubuntu-sso-client/ssl-dialog

Merged into lp:ubuntu-sso-client at revision 891

Natalia Bidart (community): Approve on 2012-03-01

Diego Sarmentero (community): Approve on 2012-02-29

lp:~mandel/ubuntu-sso-client/appname-ssl

Merged into lp:ubuntu-sso-client at revision 900

Natalia Bidart (community): Approve on 2012-03-05

lp:~nataliabidart/ubuntu-sso-client/stable-3-0-update-2.99.90

Merged into lp:ubuntu-sso-client/stable-3-0 at revision 828

Roberto Alsina (community): Approve on 2012-03-06

Diff: 9631 lines (+3846/-3620)

64 files modified

bin/ubuntu-sso-proxy-creds-qt (+0/-4)
bin/ubuntu-sso-ssl-certificate-qt (+25/-0)
data/qt/choose_sign_in.ui (+0/-165)
data/qt/current_user_sign_in.ui (+163/-184)
data/qt/email_verification.ui (+105/-116)
data/qt/error_message.ui (+28/-31)
data/qt/forgotten_password.ui (+111/-188)
data/qt/loadingoverlay.ui (+3/-6)
data/qt/network_detection.ui (+139/-142)
data/qt/proxy_credentials_dialog.ui (+12/-15)
data/qt/reset_password.ui (+348/-357)
data/qt/setup_account.ui (+661/-700)
data/qt/ssl_dialog.ui (+205/-0)
data/qt/stylesheet.qss (+22/-30)
data/qt/success_message.ui (+32/-35)
run-tests.bat (+1/-1)
setup.py (+1/-0)
ubuntu_sso/credentials.py (+7/-0)
ubuntu_sso/main/glib.py (+4/-2)
ubuntu_sso/main/qt.py (+5/-3)
ubuntu_sso/networkstate/linux.py (+3/-1)
ubuntu_sso/networkstate/tests/test_linux.py (+3/-3)
ubuntu_sso/qt/__init__.py (+5/-0)
ubuntu_sso/qt/arrow.py (+68/-0)
ubuntu_sso/qt/current_user_sign_in_page.py (+32/-49)
ubuntu_sso/qt/email_verification_page.py (+39/-39)
ubuntu_sso/qt/enhanced_check_box.py (+1/-1)
ubuntu_sso/qt/error_page.py (+11/-4)
ubuntu_sso/qt/expander.py (+115/-0)
ubuntu_sso/qt/forgotten_password_page.py (+43/-113)
ubuntu_sso/qt/loadingoverlay.py (+7/-11)
ubuntu_sso/qt/main.py (+5/-0)
ubuntu_sso/qt/network_detection_page.py (+20/-9)
ubuntu_sso/qt/proxy_dialog.py (+6/-6)
ubuntu_sso/qt/reset_password_page.py (+31/-52)
ubuntu_sso/qt/setup_account_page.py (+95/-106)
ubuntu_sso/qt/sign_in_page.py (+0/-97)
ubuntu_sso/qt/ssl_dialog.py (+161/-0)
ubuntu_sso/qt/sso_wizard_page.py (+111/-33)
ubuntu_sso/qt/success_page.py (+13/-4)
ubuntu_sso/qt/tests/__init__.py (+160/-45)
ubuntu_sso/qt/tests/test_arrow.py (+90/-0)
ubuntu_sso/qt/tests/test_current_user_sign_in_page.py (+53/-143)
ubuntu_sso/qt/tests/test_email_verification.py (+34/-90)
ubuntu_sso/qt/tests/test_enchanced_line_edit.py (+2/-5)
ubuntu_sso/qt/tests/test_error_page.py (+26/-0)
ubuntu_sso/qt/tests/test_expander.py (+119/-0)
ubuntu_sso/qt/tests/test_forgotten_password.py (+38/-181)
ubuntu_sso/qt/tests/test_loadingoverlay.py (+8/-8)
ubuntu_sso/qt/tests/test_network_detection.py (+14/-34)
ubuntu_sso/qt/tests/test_reset_password.py (+25/-52)
ubuntu_sso/qt/tests/test_setup_account.py (+55/-105)
ubuntu_sso/qt/tests/test_sign_in_page.py (+0/-69)
ubuntu_sso/qt/tests/test_ssl_dialog.py (+199/-0)
ubuntu_sso/qt/tests/test_sso_wizard_page.py (+61/-97)
ubuntu_sso/qt/tests/test_success_page.py (+26/-0)
ubuntu_sso/qt/tests/test_ubuntu_sso_wizard.py (+91/-37)
ubuntu_sso/qt/ubuntu_sso_wizard.py (+95/-191)
ubuntu_sso/tests/test_credentials.py (+35/-6)
ubuntu_sso/utils/runner/__init__.py (+7/-9)
ubuntu_sso/utils/runner/tests/test_glib.py (+0/-1)
ubuntu_sso/utils/runner/tests/test_qt.py (+0/-1)
ubuntu_sso/utils/runner/tests/test_runner.py (+3/-2)
ubuntu_sso/utils/ui.py (+64/-37)

Superseded for merging into lp:ubuntu-sso-client

Ubuntu One hackers: Pending requested 2012-03-06

lp:ubuntu/precise/ubuntu-sso-client

Manuel de la Peña (mandel) on 2012-02-21

Changed in ubuntu-sso-client:
status:	New → In Progress
assignee:	nobody → Manuel de la Peña (mandel)
importance:	Undecided → Medium

Natalia Bidart (nataliabidart) on 2012-02-23

summary:

- Provide a dialog so that a user can accept SSL certificates
+ [UIFe] Provide a dialog so that a user can accept SSL certificates

Manuel de la Peña (mandel) on 2012-02-23

description:

updated

Manuel de la Peña (mandel) on 2012-02-23

tags:

added: u1-proxy-uife

Joshua Hoover (joshuahoover) on 2012-02-23

tags:

added: u1-fe

Joshua Hoover (joshuahoover) on 2012-02-23

description:

updated

Revision history for this message

Launchpad Janitor (janitor) wrote on 2012-02-24:

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in ubuntu-sso-client (Ubuntu):
status:	New → Confirmed

Revision history for this message

Martin Pitt (pitti) wrote on 2012-02-27:

Approved to show a dialog. However, please differ between self-signed/low trust certificates and mismatches. In the former case, a mild warning dialog is sufficient, but if SSL certificate validation fails because of a mismatch (e. g. server name changed) you should outright abort the operation and show an error; that's the very situation SSL is supposed to protect from, so asking the user to "do it anyway?" sounds dangerous. Unless I misunderstood what you meant with "mismatch"?

Revision history for this message

Manuel de la Peña (mandel) wrote on 2012-02-29:

Martin,

This bug is just related to the required dialog that will be shown to the user. It does not include the logic that is used to ensure that the correct thing is done. I have done in such a way because I believe that having bugs with a single concern is the way to go. That is missing UI, later logic to show the ui and behave accordingly.

Leaving the scope of the bug aside, the situation in which such a certificate mismatch might occur is very limited since we are dealing with the proxy settings and not a general web page. Lets assume that the certificate is wrong, what could have happened:

* User used the IP of the proxy rather than the domain used in the certificate.
* The company forces the user to use the proxy with a bad set up certificate (I have work in a number of companies than do such a thing)

If we let the user accept the certificate this will be a pinned certificate, that is, the user explicitly decided to accept the certificate. Preventing the user from doing stupid things is a lovely goal, but preventing them getting their software from working because someone in their corporation screwed up (bad certificate) is not. I have been talking with upstream (Gnome) recently of giving a hand with http://developer.gnome.org/gcr/unstable/gcr-Trust-Storage-and-Lookups.html so that it can be used in Ubuntu One and more widely used in the desktop which, I believe, the way to go.

Ubuntu One Auto Pilot (otto-pilot) on 2012-03-01

Changed in ubuntu-sso-client:
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2012-03-06:

This bug was fixed in the package ubuntu-sso-client - 2.99.90-0ubuntu1

---------------
ubuntu-sso-client (2.99.90-0ubuntu1) precise; urgency=low

  * New upstream release:
    [ Diego Sarmentero <email address hidden> ]
      - Hide the errors label on refresh captcha (LP: #947202).
      - Changed the name of the function assigned to the lambda that is called
        on passwordChanged signal from reset_password_page (LP: #945080).
      - Made on_user_validated also emit stopProcessing so callers can hide
        any processing overlay they are showing (LP: #945094).
      - Fixed: Qt UI: there is not loading overvaly while validating an
        email address (LP: #944767).
      - Fixed: Qt UI: clicking on the "Set Up Account" button takes me
        instantly to the verification page, even if there are form errors
        (LP: #934502).
      - Fix: [UIFe] Improve the display of errors in the Qt UI (LP: #938604).
      - Fixed: The header in the pages is above the overlay (LP: #934523).
      - Fixed: [UIFE] The padding of the wizard pages in the Qt UI is not
        correct (LP: #934519).
    [ Manuel de la Pena <email address hidden> ]
      - Ensure that the strings used in sso do not have "ubuntu one" in them
        (LP: #933729).
      - Ensure that the strings used are the ones provided by design
        (LP: #937905).
      - Added the dialog that will be used to show that a certificate has issues
        (LP: #933729).
    [ Natalia B. Bidart <email address hidden> ]
      - Add proper titles and subtitles for the Login and Forgot password
        pages (LP: #945061).
      - Made UI modules to setup the gui logging logger (LP: #947469).
      - Fallback to the GTK+ UI when the specified ui_executable does
        not exist (LP: #939821).
      - Move the 'choose sign in page' to client code (U1 control panel
        in this case) (LP: #933576).
      - Do not mask ImportError by importing inside a function (LP: #939173).
      - No more strings coming up from the Designer ui files (LP: #938626).
    [ Roberto Alsina <email address hidden> ]
      - Made the network detection code return ONLINE if NM is not available
        (but still UNKNOWN if it's available and fails) (LP: #939703).
  * debian/control:
    - Updated Standards-Version to 3.9.93.
  * debian/watch:
    - Updated to fetch latest milestone.
  * Removed patches which were included upstream.
-- Natalia Bidart (nessita) <email address hidden> Tue, 06 Mar 2012 15:57:56 -0300

This bug was fixed in the package ubuntu-sso-client - 2.99.90-0ubuntu1

---------------
ubuntu-sso-client (2.99.90-0ubuntu1) precise; urgency=low

* New upstream release:
    [ Diego Sarmentero <diego.sarmentero@canonical.com> ]
      - Hide the errors label on refresh captcha (LP: #947202).
      - Changed the name of the function assigned to the lambda that is called
        on passwordChanged signal from reset_password_page (LP: #945080).
      - Made on_user_validated also emit stopProcessing so callers can hide
        any processing overlay they are showing (LP: #945094).
      - Fixed: Qt UI: there is not loading overvaly while validating an
        email address (LP: #944767).
      - Fixed: Qt UI: clicking on the "Set Up Account" button takes me
        instantly to the verification page, even if there are form errors
        (LP: #934502).
      - Fix: [UIFe] Improve the display of errors in the Qt UI (LP: #938604).
      - Fixed: The header in the pages is above the overlay (LP: #934523).
      - Fixed: [UIFE] The padding of the wizard pages in the Qt UI is not
        correct  (LP: #934519).
    [ Manuel de la Pena <manuel.delapena@canonical.com> ]
      - Ensure that the strings used in sso do not have "ubuntu one" in them
        (LP: #933729).
      - Ensure that the strings used are the ones provided by design
        (LP: #937905).
      - Added the dialog that will be used to show that a certificate has issues
        (LP: #933729).
    [ Natalia B. Bidart <natalia.bidart@canonical.com> ]
      - Add proper titles and subtitles for the Login and Forgot password
        pages (LP: #945061).
      - Made UI modules to setup the gui logging logger (LP: #947469).
      - Fallback to the GTK+ UI when the specified ui_executable does
        not exist (LP: #939821).
      - Move the 'choose sign in page' to client code (U1 control panel
        in this case) (LP: #933576).
      - Do not mask ImportError by importing inside a function (LP: #939173).
      - No more strings coming up from the Designer ui files (LP: #938626).
    [ Roberto Alsina <roberto.alsina@canonical.com> ]
      - Made the network detection code return ONLINE if NM is not available
        (but still UNKNOWN if it's available and fails) (LP: #939703).
  * debian/control:
    - Updated Standards-Version to 3.9.93.
  * debian/watch:
    - Updated to fetch latest milestone.
  * Removed patches which were included upstream.
 -- Natalia Bidart (nessita) <natalia.bidart@ubuntu.com>   Tue, 06 Mar 2012 15:57:56 -0300