Online Accounts: Account plugins

Merge lp:~mardy/account-plugins/new-keys into lp:account-plugins

  1. new-keys
  2. Merge into trunk
Proposed by Alberto Mardegan
Status: Merged
Approved by: Alberto Mardegan
Approved revision: 72
Merged at revision: 72
Proposed branch: lp:~mardy/account-plugins/new-keys
Merge into: lp:account-plugins
Diff against target: 75 lines (+4/-41)
1 file modified
src/google.vala (+4/-41)
To merge this branch: bzr merge lp:~mardy/account-plugins/new-keys
Reviewer Review Type Date Requested Status
Ken VanDine Approve
jenkins (community) continuous-integration Needs Fixing
Review via email: mp+128676@code.launchpad.net

Description of the change

Do not reveal Google secret API key.

This was used to get a refresh token; however, since we are achieving the same
goal (long lived sessions) by means of the session cookies, this is no longer
necessary.
We might want to revert this patch if at some point we get confirmation that
Google doesn't mind us sharing the secret API key; but while in doubt, let's
keep it out of the source code.

To post a comment you must log in.
Revision history for this message
jenkins (martin-mrazik+qa) wrote :

FAILED: Continuous integration, rev:72
http://s-jenkins:8080/job/online-accounts-account-plugins-ci/12/
Executed test runs:
    FAILURE: http://s-jenkins:8080/job/online-accounts-account-plugins-ci/./label=quantal/12/console

review: Needs Fixing (continuous-integration)
Revision history for this message
Ken VanDine (ken-vandine) wrote :

Works as intended and looks fine.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'src/google.vala'
--- src/google.vala 2012-08-31 09:52:33 +0000
+++ src/google.vala 2012-10-09 10:39:23 +0000
@@ -21,31 +21,12 @@
21 */21 */
2222
23public class GooglePlugin : Ap.OAuthPlugin {23public class GooglePlugin : Ap.OAuthPlugin {
24 private enum ParametersUser
25 {
26 ACCOUNT_PLUGIN,
27 CLIENT_APPLICATIONS
28 }
29
30 public GooglePlugin (Ag.Account account) {24 public GooglePlugin (Ag.Account account) {
31 Object (account: account);25 Object (account: account);
32 }26 }
3327
34 construct28 construct
35 {29 {
36 var oauth_params = get_parameters(ParametersUser.ACCOUNT_PLUGIN);
37 set_oauth_parameters (oauth_params);
38
39 oauth_params = get_parameters(ParametersUser.CLIENT_APPLICATIONS);
40 set_account_oauth_parameters (oauth_params);
41
42 set_mechanism(Ap.OAuthMechanism.WEB_SERVER);
43
44 set_ignore_cookies (true);
45 }
46
47 private HashTable<string, GLib.Value?> get_parameters (ParametersUser user)
48 {
49 var oauth_params = new HashTable<string, GLib.Value?> (str_hash, null);30 var oauth_params = new HashTable<string, GLib.Value?> (str_hash, null);
50 oauth_params.insert ("Host", "accounts.google.com");31 oauth_params.insert ("Host", "accounts.google.com");
51 oauth_params.insert ("AuthPath", "o/oauth2/auth");32 oauth_params.insert ("AuthPath", "o/oauth2/auth");
@@ -53,28 +34,8 @@
53 oauth_params.insert ("RedirectUri",34 oauth_params.insert ("RedirectUri",
54 "https://wiki.ubuntu.com/");35 "https://wiki.ubuntu.com/");
55 oauth_params.insert ("ClientId", Config.GOOGLE_CLIENT_ID);36 oauth_params.insert ("ClientId", Config.GOOGLE_CLIENT_ID);
56 oauth_params.insert ("ClientSecret", Config.GOOGLE_CLIENT_SECRET);37 oauth_params.insert ("ResponseType", "token");
5738
58 /* Note the evil trick here: Google uses a couple of non-standard OAuth
59 * parameters: "access_type" and "approval_prompt"; the signon OAuth
60 * plugin doesn't (yet?) give us a way to provide extra parameters, so
61 * we fool it by appending them to the value of the "ResponseType".
62 *
63 * We need to specify "access_type=offline" if we want Google to return
64 * us a refresh token.
65 */
66 if (user == ParametersUser.ACCOUNT_PLUGIN)
67 {
68 /* The "approval_prompt=force" string forces Google to ask for
69 * authentication. */
70 oauth_params.insert ("ResponseType",
71 "code&access_type=offline&approval_prompt=force");
72 }
73 else
74 {
75 oauth_params.insert ("ResponseType",
76 "code&access_type=offline");
77 }
78 string[] scopes = {39 string[] scopes = {
79 "https://docs.google.com/feeds/",40 "https://docs.google.com/feeds/",
80 "https://www.googleapis.com/auth/googletalk",41 "https://www.googleapis.com/auth/googletalk",
@@ -83,7 +44,9 @@
83 "https://picasaweb.google.com/data/"44 "https://picasaweb.google.com/data/"
84 };45 };
85 oauth_params.insert ("Scope", scopes);46 oauth_params.insert ("Scope", scopes);
86 return oauth_params;47 set_oauth_parameters (oauth_params);
48
49 set_ignore_cookies (true);
87 }50 }
88}51}
8952

Subscribers

People subscribed via source and target branches