2 * empathy-auth-uoa.c - Source for Uoa SASL authentication
3 * Copyright (C) 2012 Collabora Ltd.
4 * @author Xavier Claessens <xavier.claessens@collabora.co.uk>
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
22 #include "empathy-uoa-auth-handler.h"
24 #include <libaccounts-glib/ag-account.h>
25 #include <libaccounts-glib/ag-account-service.h>
26 #include <libaccounts-glib/ag-auth-data.h>
27 #include <libaccounts-glib/ag-manager.h>
28 #include <libaccounts-glib/ag-service.h>
30 #include <libsignon-glib/signon-identity.h>
31 #include <libsignon-glib/signon-auth-session.h>
33 #include <tp-account-widgets/tpaw-keyring.h>
35 #include "empathy-utils.h"
36 #include "empathy-uoa-utils.h"
37 #include "empathy-sasl-mechanisms.h"
39 #define DEBUG_FLAG EMPATHY_DEBUG_SASL
40 #include "empathy-debug.h"
42 struct _EmpathyUoaAuthHandlerPriv
47 G_DEFINE_TYPE (EmpathyUoaAuthHandler, empathy_uoa_auth_handler, G_TYPE_OBJECT);
50 empathy_uoa_auth_handler_init (EmpathyUoaAuthHandler *self)
52 self->priv = G_TYPE_INSTANCE_GET_PRIVATE (self,
53 EMPATHY_TYPE_UOA_AUTH_HANDLER, EmpathyUoaAuthHandlerPriv);
55 self->priv->manager = empathy_uoa_manager_dup ();
59 empathy_uoa_auth_handler_dispose (GObject *object)
61 EmpathyUoaAuthHandler *self = (EmpathyUoaAuthHandler *) object;
63 tp_clear_object (&self->priv->manager);
65 G_OBJECT_CLASS (empathy_uoa_auth_handler_parent_class)->dispose (object);
69 empathy_uoa_auth_handler_class_init (EmpathyUoaAuthHandlerClass *klass)
71 GObjectClass *oclass = G_OBJECT_CLASS (klass);
73 oclass->dispose = empathy_uoa_auth_handler_dispose;
75 g_type_class_add_private (klass, sizeof (EmpathyUoaAuthHandlerPriv));
78 EmpathyUoaAuthHandler *
79 empathy_uoa_auth_handler_new (void)
81 return g_object_new (EMPATHY_TYPE_UOA_AUTH_HANDLER, NULL);
87 AgAccountService *service;
88 AgAuthData *auth_data;
89 SignonIdentity *identity;
90 SignonAuthSession *session;
96 auth_context_new (TpChannel *channel,
97 AgAccountService *service)
102 ctx = g_slice_new0 (AuthContext);
103 ctx->channel = g_object_ref (channel);
104 ctx->service = g_object_ref (service);
106 ctx->auth_data = ag_account_service_get_auth_data (service);
107 if (ctx->auth_data == NULL)
110 cred_id = ag_auth_data_get_credentials_id (ctx->auth_data);
114 ctx->identity = signon_identity_new_from_db (cred_id);
115 if (ctx->identity == NULL)
118 ctx->session = signon_identity_create_session (ctx->identity,
119 ag_auth_data_get_method (ctx->auth_data), NULL);
120 if (ctx->session == NULL)
128 auth_context_free (AuthContext *ctx)
130 g_clear_object (&ctx->channel);
131 g_clear_object (&ctx->service);
132 tp_clear_pointer (&ctx->auth_data, ag_auth_data_unref);
133 g_clear_object (&ctx->session);
134 g_clear_object (&ctx->identity);
135 g_free (ctx->username);
137 g_slice_free (AuthContext, ctx);
141 auth_context_done (AuthContext *ctx)
143 tp_channel_close_async (ctx->channel, NULL, NULL);
144 auth_context_free (ctx);
148 request_password_session_process_cb (SignonAuthSession *session,
149 GHashTable *session_data,
153 AuthContext *ctx = user_data;
157 DEBUG ("Error processing the session to request user's attention: %s",
161 auth_context_done (ctx);
165 request_password (AuthContext *ctx)
167 GHashTable *extra_params;
169 DEBUG ("Invalid credentials, request user action");
171 /* Inform SSO that the access token (or password) didn't work and it should
172 * ask user to re-grant access (or retype password). */
173 extra_params = tp_asv_new (
174 SIGNON_SESSION_DATA_UI_POLICY, G_TYPE_INT,
175 SIGNON_POLICY_REQUEST_PASSWORD,
178 ag_auth_data_insert_parameters (ctx->auth_data, extra_params);
180 signon_auth_session_process (ctx->session,
181 ag_auth_data_get_parameters (ctx->auth_data),
182 ag_auth_data_get_mechanism (ctx->auth_data),
183 request_password_session_process_cb, ctx);
185 g_hash_table_unref (extra_params);
189 auth_cb (GObject *source,
190 GAsyncResult *result,
193 TpChannel *channel = (TpChannel *) source;
194 AuthContext *ctx = user_data;
195 GError *error = NULL;
197 if (!empathy_sasl_auth_finish (channel, result, &error))
199 DEBUG ("SASL Mechanism error: %s", error->message);
200 g_clear_error (&error);
202 request_password (ctx);
206 DEBUG ("Auth on %s suceeded", tp_proxy_get_object_path (channel));
207 auth_context_done (ctx);
212 session_process_cb (SignonAuthSession *session,
213 GHashTable *session_data,
217 AuthContext *ctx = user_data;
218 const gchar *access_token;
219 const gchar *client_id;
223 DEBUG ("Error processing the session: %s", error->message);
224 auth_context_done (ctx);
228 access_token = tp_asv_get_string (session_data, "AccessToken");
229 client_id = tp_asv_get_string (ag_auth_data_get_parameters (ctx->auth_data),
232 switch (empathy_sasl_channel_select_mechanism (ctx->channel))
234 case EMPATHY_SASL_MECHANISM_FACEBOOK:
235 empathy_sasl_auth_facebook_async (ctx->channel,
236 client_id, access_token,
240 case EMPATHY_SASL_MECHANISM_WLM:
241 empathy_sasl_auth_wlm_async (ctx->channel,
246 case EMPATHY_SASL_MECHANISM_GOOGLE:
247 empathy_sasl_auth_google_async (ctx->channel,
248 ctx->username, access_token,
252 case EMPATHY_SASL_MECHANISM_PASSWORD:
253 empathy_sasl_auth_password_async (ctx->channel,
254 tp_asv_get_string (session_data, "Secret"),
259 g_assert_not_reached ();
264 identity_query_info_cb (SignonIdentity *identity,
265 const SignonIdentityInfo *info,
269 AuthContext *ctx = user_data;
273 DEBUG ("Error querying info from identity: %s", error->message);
274 auth_context_done (ctx);
278 ctx->username = g_strdup (signon_identity_info_get_username (info));
280 signon_auth_session_process (ctx->session,
281 ag_auth_data_get_parameters (ctx->auth_data),
282 ag_auth_data_get_mechanism (ctx->auth_data),
288 set_account_password_cb (GObject *source,
289 GAsyncResult *result,
292 TpAccount *tp_account = (TpAccount *) source;
293 AuthContext *ctx = user_data;
294 AuthContext *new_ctx;
295 GError *error = NULL;
297 if (!tpaw_keyring_set_account_password_finish (tp_account, result, &error))
299 DEBUG ("Failed to set empty password on UOA account: %s", error->message);
300 auth_context_done (ctx);
304 new_ctx = auth_context_new (ctx->channel, ctx->service);
305 auth_context_free (ctx);
307 if (new_ctx->session != NULL)
309 /* The trick worked! */
310 request_password (new_ctx);
314 DEBUG ("Still can't get a signon session, even after setting empty pwd");
315 auth_context_done (new_ctx);
319 empathy_uoa_auth_handler_start (EmpathyUoaAuthHandler *self,
321 TpAccount *tp_account)
323 const GValue *id_value;
327 AgAccountService *service;
330 g_return_if_fail (TP_IS_CHANNEL (channel));
331 g_return_if_fail (TP_IS_ACCOUNT (tp_account));
332 g_return_if_fail (empathy_uoa_auth_handler_supports (self, channel,
335 DEBUG ("Start UOA auth for account: %s",
336 tp_proxy_get_object_path (tp_account));
338 id_value = tp_account_get_storage_identifier (tp_account);
339 id = g_value_get_uint (id_value);
341 account = ag_manager_get_account (self->priv->manager, id);
343 l = ag_account_list_services_by_type (account, EMPATHY_UOA_SERVICE_TYPE);
346 DEBUG ("Couldn't find IM service for AgAccountId %u", id);
347 g_object_unref (account);
348 tp_channel_close_async (channel, NULL, NULL);
352 /* Assume there is only one IM service */
353 service = ag_account_service_new (account, l->data);
354 ag_service_list_free (l);
355 g_object_unref (account);
357 ctx = auth_context_new (channel, service);
358 if (ctx->session == NULL)
360 /* This (usually?) means we never stored credentials for this account.
361 * To ask user to type his password SSO needs a SignonIdentity bound to
362 * our account. Let's store an empty password. */
363 DEBUG ("Couldn't create a signon session");
364 tpaw_keyring_set_account_password_async (tp_account, "", FALSE,
365 set_account_password_cb, ctx);
369 /* All is fine! Query UOA for more info */
370 signon_identity_query_info (ctx->identity,
371 identity_query_info_cb, ctx);
374 g_object_unref (service);
378 empathy_uoa_auth_handler_supports (EmpathyUoaAuthHandler *self,
382 const gchar *provider;
383 EmpathySaslMechanism mech;
385 g_return_val_if_fail (TP_IS_CHANNEL (channel), FALSE);
386 g_return_val_if_fail (TP_IS_ACCOUNT (account), FALSE);
388 provider = tp_account_get_storage_provider (account);
390 if (tp_strdiff (provider, EMPATHY_UOA_PROVIDER))
393 mech = empathy_sasl_channel_select_mechanism (channel);
394 return mech == EMPATHY_SASL_MECHANISM_FACEBOOK ||
395 mech == EMPATHY_SASL_MECHANISM_WLM ||
396 mech == EMPATHY_SASL_MECHANISM_GOOGLE ||
397 mech == EMPATHY_SASL_MECHANISM_PASSWORD;