desktopcouch

Merge lp:~apachelogger/desktopcouch/kwallet-support into lp:desktopcouch

kwallet-support
Merge into trunk

Proposed by Harald Sitter on 2010-07-28

Status:	Rejected
Rejected by:	Vincenzo Di Somma on 2010-11-02
Proposed branch:	lp:~apachelogger/desktopcouch/kwallet-support
Merge into:	lp:desktopcouch
Diff against target:	109 lines (+60/-4) 1 file modified desktopcouch/local_files.py (+60/-4)
To merge this branch:	bzr merge lp:~apachelogger/desktopcouch/kwallet-support
Related bugs:	Link a bug report

Reviewer	Date Requested	Status
Rodrigo Moya (community)		Needs Fixing on 2010-08-06
Tim Cole (community)	2010-07-28	Approve on 2010-08-02
Review via email: mp+31135@code.launchpad.net

Description of the Change

Store tokens also if KWallet (if pykde is available). Please note that this will work with either pykde or python-gnome-keyring available or both to allow applications/libraries to read from both KWallet AND gnome-keyring in a mixed environment.

Also: currently the ubuntu packaging depends on gnome-keyring that probably should be changed to recommends on pygnomekeyring | pykde.

Tim Cole (tcole) wrote on 2010-08-02:

Looks like a good start. Is this something we can factor out into a library?

review: Approve

Harald Sitter (apachelogger) wrote on 2010-08-02:

IMHO a library to throw content at should be possible and would be a good idea (supposedly it could use the same approach to cover both gnomekeyring and kwallet).

For now however I would just like to get this in as-is to make the way free for ubuntuone-kde stuff.

Rodrigo Moya (rodrigo-moya) wrote on 2010-08-06:

Wouldn't it be easier to use python-keyring? Also, the way the code is written, it will always check for kwallet first and then, whether it found it or not, check again for gnomekeyring:

22 + if ctx.wallet is not None:
...
43 if ctx.keyring is not None:

review: Needs Fixing

Harald Sitter (apachelogger) wrote on 2010-08-19:

IIRC python-keyring has at least on the KWallet side of things a desktop experience flaw because it will trigger authentication (to the wallet) for Python and not the particular app.
Eitherway I wanted it to be as non-intrusive as possible as to prevent regression.

The fact that it does look for kwallet and keyring is intentional since one user can run apps that try to access either backend, since the specification @ fdo does not go into any detail regarding multiple keyrings. In one implementation it is entirely possible that someone writes a KDE library that only accesses kwallet (which is entirely valid considering the spec says that one has to get the token from the keyring, but not any specific one or in any particular order), so if desktopcouch can access kwallet then it _must_ drop its token there (and technically any other keyring system it can find as to not limit client implementations).
If it did not do that then it sort of requires client implementations to search all keyring systems for tokens since desktopcouch might have dropped them in either of them.

Vincenzo Di Somma (vds) wrote on 2010-11-02:

Due to changes this branch doesn't apply anymore.

Unmerged revisions

168. By Harald Sitter on 2010-07-28: add as non-intrusive kwallet support as possible

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Elliot Murphy

Harald Sitter

Ubuntu One hackers

 === modified file 'desktopcouch/local_files.py'
 --- desktopcouch/local_files.py	2010-07-14 21:02:43 +0000
 +++ desktopcouch/local_files.py	2010-07-28 09:38:43 +0000
@@ -1,4 +1,5 @@
  # Copyright 2009 Canonical Ltd.
++# Copyright 2010 Harald Sitter <apachelogger@ubuntu.com>
+ #
  # This file is part of desktopcouch.
+ #
@@ -31,7 +32,6 @@
  import random
  import string
  import re
--import gnomekeyring
  try:
      import ConfigParser as configparser
  except ImportError:
@@ -86,7 +86,29 @@
          if ctx.with_auth:
              admin_username = self._make_random_string(10)
              admin_password = self._make_random_string(10)
++            if ctx.wallet is not None:
++                if ctx.wallet.isOpen():
++                    write_basic = False
++                    if ctx.wallet.setFolder("desktopcouch"):
++                        fail, value = ctx.wallet.readMap("basic")
++                        if not fail and len(value) == 2:
++                            admin_username = basic["admin_username"]
++                            admin_password = basic["admin_password"]
++                        else:
++                            write_basic = True
++                    else:
++                        ctx.wallet.createFolder("desktopcouch")
++                        ctx.wallet.setFolder("desktopcouch")
++                        write_basic = True
++                    if write_basic:
++                        value = dict()
++                        value["admin_username"] = admin_username
++                        value["admin_password"] = admin_password
++                        ctx.wallet.writeMap("basic", value)
++                else:
++                    logging.warn("There is no wallet to store our admin credentials.")
              if ctx.keyring is not None:
++                import gnomekeyring # (Re)import for errors.
                  try:
                      data = ctx.keyring.find_items_sync(gnomekeyring.ITEM_GENERIC_SECRET,
                              {'desktopcouch': 'basic'})
@@ -110,9 +132,22 @@
              token = self._make_random_string(10)
              token_secret = self._make_random_string(10)
++            # Save the new OAuth creds so that 3rd-party apps can authenticate by
++            # accessing the keyring first.  This is one-way.  We don't read from keyring.
++            if ctx.wallet is not None:
++                if ctx.wallet.isOpen():
++                    if str(ctx.wallet.currentFolder()) != "desktopcouch":
++                        ctx.wallet.setFolder("desktopcouch")
++                    value = dict()
++                    value["consumer_key"] = consumer_key
++                    value["consumer_secret"] = consumer_secret
++                    value["token"] = token
++                    value["token_secret"] = token_secret
++                    ctx.wallet.writeMap("oauth", value)
++                else:
++                    logging.warn("There is no wallet to store our oauth credentials.")
              if ctx.keyring is not None:
--                # Save the new OAuth creds so that 3rd-party apps can authenticate by
--                # accessing the keyring first.  This is one-way.  We don't read from keyring.
++                import gnomekeyring # (Re)import for errors.
                  try:
                      ctx.keyring.item_create_sync(None,
                              gnomekeyring.ITEM_GENERIC_SECRET,
@@ -207,7 +242,27 @@
      depend on environment variables."""
      def __init__(self, run_dir, db_dir, config_dir, with_auth=True,
--            keyring=gnomekeyring):  # (cache, data, config)
++            wallet=None, keyring=None):  # (cache, data, config)
++
++        try:
++            from PyQt4.QtCore import QCoreApplication
++            from PyKDE4.kdeui import KWallet
++
++            # KWallet uses a QEventLoop. This only works if a QApp is present.
++            # We only can have one instance - ever!
++            if QCoreApplication.instance() == None:
++                a = QCoreApplication([""])
++                a.setApplicationName("Desktop Couch")
++
++            wallet = KWallet.Wallet.openWallet(KWallet.Wallet.LocalWallet(), 0, KWallet.Wallet.Synchronous)
++        except ImportError:
++            wallet = None # just to be save
++
++        try:
++            import gnomekeyring
++            keyring = gnomekeyring
++        except ImportError:
++            keyring = None # just to be save
          self.couchdb_log_level = 'notice'
@@ -221,6 +276,7 @@
          self.config_dir = os.path.realpath(config_dir)
          self.db_dir = os.path.realpath(db_dir)
          self.with_auth = with_auth
++        self.wallet = wallet
          self.keyring = keyring
          self.file_ini = os.path.join(config_dir, "desktop-couchdb.ini")