Online Accounts: Account plugins

Merge lp:~mardy/account-plugins/new-keys into lp:account-plugins

  1. new-keys
  2. Merge into trunk
Proposed by Alberto Mardegan
Status: Merged
Approved by: Alberto Mardegan
Approved revision: 72
Merged at revision: 72
Proposed branch: lp:~mardy/account-plugins/new-keys
Merge into: lp:account-plugins
Diff against target: 75 lines (+4/-41)
1 file modified
src/google.vala (+4/-41)
To merge this branch: bzr merge lp:~mardy/account-plugins/new-keys
Reviewer Review Type Date Requested Status
Ken VanDine Approve
jenkins (community) continuous-integration Needs Fixing
Review via email: mp+128676@code.launchpad.net

Description of the change

Do not reveal Google secret API key.

This was used to get a refresh token; however, since we are achieving the same
goal (long lived sessions) by means of the session cookies, this is no longer
necessary.
We might want to revert this patch if at some point we get confirmation that
Google doesn't mind us sharing the secret API key; but while in doubt, let's
keep it out of the source code.

To post a comment you must log in.
Revision history for this message
jenkins (martin-mrazik+qa) wrote :

FAILED: Continuous integration, rev:72
http://s-jenkins:8080/job/online-accounts-account-plugins-ci/12/
Executed test runs:
    FAILURE: http://s-jenkins:8080/job/online-accounts-account-plugins-ci/./label=quantal/12/console

review: Needs Fixing (continuous-integration)
Revision history for this message
Ken VanDine (ken-vandine) wrote :

Works as intended and looks fine.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'src/google.vala'
2--- src/google.vala 2012-08-31 09:52:33 +0000
3+++ src/google.vala 2012-10-09 10:39:23 +0000
4@@ -21,31 +21,12 @@
5 */
6
7 public class GooglePlugin : Ap.OAuthPlugin {
8- private enum ParametersUser
9- {
10- ACCOUNT_PLUGIN,
11- CLIENT_APPLICATIONS
12- }
13-
14 public GooglePlugin (Ag.Account account) {
15 Object (account: account);
16 }
17
18 construct
19 {
20- var oauth_params = get_parameters(ParametersUser.ACCOUNT_PLUGIN);
21- set_oauth_parameters (oauth_params);
22-
23- oauth_params = get_parameters(ParametersUser.CLIENT_APPLICATIONS);
24- set_account_oauth_parameters (oauth_params);
25-
26- set_mechanism(Ap.OAuthMechanism.WEB_SERVER);
27-
28- set_ignore_cookies (true);
29- }
30-
31- private HashTable<string, GLib.Value?> get_parameters (ParametersUser user)
32- {
33 var oauth_params = new HashTable<string, GLib.Value?> (str_hash, null);
34 oauth_params.insert ("Host", "accounts.google.com");
35 oauth_params.insert ("AuthPath", "o/oauth2/auth");
36@@ -53,28 +34,8 @@
37 oauth_params.insert ("RedirectUri",
38 "https://wiki.ubuntu.com/");
39 oauth_params.insert ("ClientId", Config.GOOGLE_CLIENT_ID);
40- oauth_params.insert ("ClientSecret", Config.GOOGLE_CLIENT_SECRET);
41+ oauth_params.insert ("ResponseType", "token");
42
43- /* Note the evil trick here: Google uses a couple of non-standard OAuth
44- * parameters: "access_type" and "approval_prompt"; the signon OAuth
45- * plugin doesn't (yet?) give us a way to provide extra parameters, so
46- * we fool it by appending them to the value of the "ResponseType".
47- *
48- * We need to specify "access_type=offline" if we want Google to return
49- * us a refresh token.
50- */
51- if (user == ParametersUser.ACCOUNT_PLUGIN)
52- {
53- /* The "approval_prompt=force" string forces Google to ask for
54- * authentication. */
55- oauth_params.insert ("ResponseType",
56- "code&access_type=offline&approval_prompt=force");
57- }
58- else
59- {
60- oauth_params.insert ("ResponseType",
61- "code&access_type=offline");
62- }
63 string[] scopes = {
64 "https://docs.google.com/feeds/",
65 "https://www.googleapis.com/auth/googletalk",
66@@ -83,7 +44,9 @@
67 "https://picasaweb.google.com/data/"
68 };
69 oauth_params.insert ("Scope", scopes);
70- return oauth_params;
71+ set_oauth_parameters (oauth_params);
72+
73+ set_ignore_cookies (true);
74 }
75 }
76

Subscribers

People subscribed via source and target branches