[oauth] Automatic management of state parameter

Ported from https://github.com/securedimensions/QGIS-OAuth2-Plugin

The Boundless Geo version of the plugin requests the state parameter to be provided by the user.
We have changed that as we think that the user must not be responsible for providing that,
as a duplication of a state parameter could lead to unintentional errors.
The Testbed 13 version generates the state parameter automatically for each authorization
request to the Authorization Server and checks the value from the redirect to ensure no CSRF attacks.

Author: elpaso

src/auth/oauth2/qgsauthoauth2config.cpp

@@ -44,7 +44,6 @@ QgsAuthOAuth2Config::QgsAuthOAuth2Config( QObject *parent )
   connect( this, &QgsAuthOAuth2Config::usernameChanged, this, &QgsAuthOAuth2Config::configChanged );
   connect( this, &QgsAuthOAuth2Config::passwordChanged, this, &QgsAuthOAuth2Config::configChanged );
   connect( this, &QgsAuthOAuth2Config::scopeChanged, this, &QgsAuthOAuth2Config::configChanged );
-  connect( this, &QgsAuthOAuth2Config::stateChanged, this, &QgsAuthOAuth2Config::configChanged );
   connect( this, &QgsAuthOAuth2Config::apiKeyChanged, this, &QgsAuthOAuth2Config::configChanged );
   connect( this, &QgsAuthOAuth2Config::persistTokenChanged, this, &QgsAuthOAuth2Config::configChanged );
   connect( this, &QgsAuthOAuth2Config::accessMethodChanged, this, &QgsAuthOAuth2Config::configChanged );
@@ -187,14 +186,6 @@ void QgsAuthOAuth2Config::setScope( const QString &value )
     emit scopeChanged( mScope );
 }
 
-void QgsAuthOAuth2Config::setState( const QString &value )
-{
-  QString preval( mState );
-  mState = value;
-  if ( preval != value )
-    emit stateChanged( mState );
-}
-
 void QgsAuthOAuth2Config::setApiKey( const QString &value )
 {
   QString preval( mApiKey );
@@ -253,7 +244,6 @@ void QgsAuthOAuth2Config::setToDefaults()
   setUsername( QString() );
   setPassword( QString() );
   setScope( QString() );
-  setState( QString() );
   setApiKey( QString() );
   setPersistToken( false );
   setAccessMethod( QgsAuthOAuth2Config::Header );
@@ -278,7 +268,6 @@ bool QgsAuthOAuth2Config::operator==( const QgsAuthOAuth2Config &other ) const
            && other.username() == this->username()
            && other.password() == this->password()
            && other.scope() == this->scope()
-           && other.state() == this->state()
            && other.apiKey() == this->apiKey()
            && other.persistToken() == this->persistToken()
            && other.accessMethod() == this->accessMethod()
@@ -410,7 +399,6 @@ QVariantMap QgsAuthOAuth2Config::mappedProperties() const
   vmap.insert( QStringLiteral( "requestTimeout" ), this->requestTimeout() );
   vmap.insert( QStringLiteral( "requestUrl" ), this->requestUrl() );
   vmap.insert( QStringLiteral( "scope" ), this->scope() );
-  vmap.insert( QStringLiteral( "state" ), this->state() );
   vmap.insert( QStringLiteral( "tokenUrl" ), this->tokenUrl() );
   vmap.insert( QStringLiteral( "username" ), this->username() );
   vmap.insert( QStringLiteral( "version" ), this->version() );

src/auth/oauth2/qgsauthoauth2config.h

@@ -50,7 +50,6 @@ class QgsAuthOAuth2Config : public QObject
     Q_PROPERTY( QString username READ username WRITE setUsername NOTIFY usernameChanged )
     Q_PROPERTY( QString password READ password WRITE setPassword NOTIFY passwordChanged )
     Q_PROPERTY( QString scope READ scope WRITE setScope NOTIFY scopeChanged )
-    Q_PROPERTY( QString state READ state WRITE setState NOTIFY stateChanged )
     Q_PROPERTY( QString apiKey READ apiKey WRITE setApiKey NOTIFY apiKeyChanged )
     Q_PROPERTY( bool persistToken READ persistToken WRITE setPersistToken NOTIFY persistTokenChanged )
     Q_PROPERTY( AccessMethod accessMethod READ accessMethod WRITE setAccessMethod NOTIFY accessMethodChanged )
@@ -139,9 +138,6 @@ class QgsAuthOAuth2Config : public QObject
     //! Scope of authentication
     QString scope() const { return mScope; }
 
-    //! State passed with request
-    QString state() const { return mState; }
-
     //! API key
     QString apiKey() const { return mApiKey; }
 
@@ -282,8 +278,6 @@ class QgsAuthOAuth2Config : public QObject
     void setPassword( const QString &value );
     //! Set scope to \a value
     void setScope( const QString &value );
-    //! Set state to \a value
-    void setState( const QString &value );
     //! Set api key to \a value
     void setApiKey( const QString &value );
     // advanced
@@ -335,8 +329,6 @@ class QgsAuthOAuth2Config : public QObject
     void passwordChanged( const QString & );
     //! Emitted when configuration scope has changed
     void scopeChanged( const QString & );
-    //! Emitted when configuration state has changed
-    void stateChanged( const QString & );
     //! Emitted when configuration API key has changed
     void apiKeyChanged( const QString & );
 
@@ -369,7 +361,6 @@ class QgsAuthOAuth2Config : public QObject
     QString mUsername;
     QString mPassword;
     QString mScope;
-    QString mState;
     QString mApiKey;
     bool mPersistToken = false;
     AccessMethod mAccessMethod = AccessMethod::Header;

src/auth/oauth2/qgsauthoauth2edit.cpp

@@ -161,7 +161,6 @@ void QgsAuthOAuth2Edit::setupConnections()
   connect( leUsername, &QLineEdit::textChanged, mOAuthConfigCustom.get(), &QgsAuthOAuth2Config::setUsername );
   connect( lePassword, &QgsPasswordLineEdit::textChanged, mOAuthConfigCustom.get(), &QgsAuthOAuth2Config::setPassword );
   connect( leScope, &QLineEdit::textChanged, mOAuthConfigCustom.get(), &QgsAuthOAuth2Config::setScope );
-  connect( leState, &QLineEdit::textChanged, mOAuthConfigCustom.get(), &QgsAuthOAuth2Config::setState );
   connect( leApiKey, &QLineEdit::textChanged, mOAuthConfigCustom.get(), &QgsAuthOAuth2Config::setApiKey );
   connect( chkbxTokenPersist, &QCheckBox::toggled, mOAuthConfigCustom.get(), &QgsAuthOAuth2Config::setPersistToken );
   connect( cmbbxAccessMethod, static_cast<void ( QComboBox::* )( int )>( &QComboBox::currentIndexChanged ),
@@ -380,7 +379,6 @@ void QgsAuthOAuth2Edit::loadFromOAuthConfig( const QgsAuthOAuth2Config *config )
     leUsername->setText( config->username() );
     lePassword->setText( config->password() );
     leScope->setText( config->scope() );
-    leState->setText( config->state() );
     leApiKey->setText( config->apiKey() );
 
     // advanced