Merge lp:~mardy/account-plugins/lp1029289 into lp:account-plugins

Proposed by Alberto Mardegan on 2012-12-07
Status: Merged
Approved by: Alberto Mardegan on 2013-01-11
Approved revision: 83
Merged at revision: 89
Proposed branch: lp:~mardy/account-plugins/lp1029289
Merge into: lp:account-plugins
Diff against target: 87 lines (+42/-4)
2 files modified
debian/rules (+1/-0)
src/google.vala (+41/-4)
To merge this branch: bzr merge lp:~mardy/account-plugins/lp1029289
Reviewer Review Type Date Requested Status
PS Jenkins bot (community) continuous-integration Approve on 2012-12-10
David King (community) 2012-12-07 Approve on 2012-12-10
Review via email: mp+138779@code.launchpad.net

Commit message

Use web-server authentication with Google, to take advantage of refresh tokens

Use the web-authentication as described in https://developers.google.com/accounts/docs/OAuth2#installed

To post a comment you must log in.
David King (amigadave) wrote :

Looks fine, except:

32 + var oauth_params = get_parameters(ParametersUser.ACCOUNT_PLUGIN);
33 + set_oauth_parameters (oauth_params);
34 +
35 + oauth_params = get_parameters(ParametersUser.CLIENT_APPLICATIONS);
36 + set_account_oauth_parameters (oauth_params);
37 +
38 + set_mechanism(Ap.OAuthMechanism.WEB_SERVER);
39 +
40 + set_ignore_cookies (true);

It is better to be consistent by adding a space before every opening bracket.

review: Needs Fixing
lp:~mardy/account-plugins/lp1029289 updated on 2012-12-10
83. By Alberto Mardegan on 2012-12-10

Fix coding style

Alberto Mardegan (mardy) wrote :

> It is better to be consistent by adding a space before every opening bracket.

Indeed. I updated the code, should be better now.

David King (amigadave) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/rules'
2--- debian/rules 2012-11-09 16:15:25 +0000
3+++ debian/rules 2012-12-10 07:54:21 +0000
4@@ -13,6 +13,7 @@
5 --with-windows-live-client-id="00000000400D5635" \
6 --with-foursquare-client-id="1I2UNJXPHNDZT3OPZOOA5LCPIUEUJFMKRXSF42UFCN1KXKTK" \
7 --with-google-client-id="759250720802-4sii0me9963n9fdqdmi7cepn6ub8luoh.apps.googleusercontent.com" \
8+ --with-google-client-secret="juFngKUcuhB7IRQqHtSLavqJ" \
9 --with-flickr-consumer-key="d87224f0b467093b2a87fd788d950e27" \
10 --with-flickr-consumer-secret="4c7e48102c226509"
11
12
13=== modified file 'src/google.vala'
14--- src/google.vala 2012-11-12 11:24:22 +0000
15+++ src/google.vala 2012-12-10 07:54:21 +0000
16@@ -20,12 +20,31 @@
17 */
18
19 public class GooglePlugin : Ap.OAuthPlugin {
20+ private enum ParametersUser
21+ {
22+ ACCOUNT_PLUGIN,
23+ CLIENT_APPLICATIONS
24+ }
25+
26 public GooglePlugin (Ag.Account account) {
27 Object (account: account);
28 }
29
30 construct
31 {
32+ var oauth_params = get_parameters (ParametersUser.ACCOUNT_PLUGIN);
33+ set_oauth_parameters (oauth_params);
34+
35+ oauth_params = get_parameters (ParametersUser.CLIENT_APPLICATIONS);
36+ set_account_oauth_parameters (oauth_params);
37+
38+ set_mechanism (Ap.OAuthMechanism.WEB_SERVER);
39+
40+ set_ignore_cookies (true);
41+ }
42+
43+ private HashTable<string, GLib.Value?> get_parameters (ParametersUser user)
44+ {
45 var oauth_params = new HashTable<string, GLib.Value?> (str_hash, null);
46 oauth_params.insert ("Host", "accounts.google.com");
47 oauth_params.insert ("AuthPath", "o/oauth2/auth");
48@@ -33,8 +52,28 @@
49 oauth_params.insert ("RedirectUri",
50 "https://wiki.ubuntu.com/");
51 oauth_params.insert ("ClientId", Config.GOOGLE_CLIENT_ID);
52- oauth_params.insert ("ResponseType", "token");
53+ oauth_params.insert ("ClientSecret", Config.GOOGLE_CLIENT_SECRET);
54
55+ /* Note the evil trick here: Google uses a couple of non-standard OAuth
56+ * parameters: "access_type" and "approval_prompt"; the signon OAuth
57+ * plugin doesn't (yet?) give us a way to provide extra parameters, so
58+ * we fool it by appending them to the value of the "ResponseType".
59+ *
60+ * We need to specify "access_type=offline" if we want Google to return
61+ * us a refresh token.
62+ */
63+ if (user == ParametersUser.ACCOUNT_PLUGIN)
64+ {
65+ /* The "approval_prompt=force" string forces Google to ask for
66+ * authentication. */
67+ oauth_params.insert ("ResponseType",
68+ "code&access_type=offline&approval_prompt=force");
69+ }
70+ else
71+ {
72+ oauth_params.insert ("ResponseType",
73+ "code&access_type=offline");
74+ }
75 string[] scopes = {
76 "https://docs.google.com/feeds/",
77 "https://www.googleapis.com/auth/googletalk",
78@@ -50,9 +89,7 @@
79 };
80 oauth_params.insert ("AllowedSchemes", schemes);
81
82- set_oauth_parameters (oauth_params);
83-
84- set_ignore_cookies (true);
85+ return oauth_params;
86 }
87 }
88

Subscribers

People subscribed via source and target branches

to all changes: