Skip to content
Permalink
Browse files

[auth] Fix #13507; ensure auth widgets are disabled if auth system is

  • Loading branch information
dakcarto committed Oct 6, 2015
1 parent e933332 commit 6a7332f4777099c84a8f24c6f052568d77bbdd79
Showing with 542 additions and 163 deletions.
  1. +2 −1 src/app/qgisapp.cpp
  2. +1 −1 src/core/qgsnetworkaccessmanager.cpp
  3. +6 −1 src/gui/auth/qgsauthauthoritieseditor.cpp
  4. +1 −0 src/gui/auth/qgsauthauthoritieseditor.h
  5. +33 −21 src/gui/auth/qgsauthcertificateinfo.cpp
  6. +2 −0 src/gui/auth/qgsauthcertificateinfo.h
  7. +8 −1 src/gui/auth/qgsauthcerttrustpolicycombobox.cpp
  8. +11 −2 src/gui/auth/qgsauthconfigeditor.cpp
  9. +1 −0 src/gui/auth/qgsauthconfigeditor.h
  10. +1 −1 src/gui/auth/qgsauthconfigidedit.cpp
  11. +52 −11 src/gui/auth/qgsauthconfigselect.cpp
  12. +6 −1 src/gui/auth/qgsauthconfigselect.h
  13. +26 −7 src/gui/auth/qgsautheditorwidgets.cpp
  14. +3 −0 src/gui/auth/qgsautheditorwidgets.h
  15. +6 −1 src/gui/auth/qgsauthidentitieseditor.cpp
  16. +1 −0 src/gui/auth/qgsauthidentitieseditor.h
  17. +65 −26 src/gui/auth/qgsauthimportcertdialog.cpp
  18. +5 −1 src/gui/auth/qgsauthimportcertdialog.h
  19. +37 −5 src/gui/auth/qgsauthimportidentitydialog.cpp
  20. +6 −2 src/gui/auth/qgsauthimportidentitydialog.h
  21. +6 −1 src/gui/auth/qgsauthserverseditor.cpp
  22. +1 −0 src/gui/auth/qgsauthserverseditor.h
  23. +150 −12 src/gui/auth/qgsauthsslconfigwidget.cpp
  24. +8 −4 src/gui/auth/qgsauthsslconfigwidget.h
  25. +37 −14 src/gui/auth/qgsauthsslerrorsdialog.cpp
  26. +2 −0 src/gui/auth/qgsauthsslerrorsdialog.h
  27. +52 −40 src/gui/auth/qgsauthsslimportdialog.cpp
  28. +3 −0 src/gui/auth/qgsauthsslimportdialog.h
  29. +6 −1 src/gui/auth/qgsauthtrustedcasdialog.cpp
  30. +1 −0 src/gui/auth/qgsauthtrustedcasdialog.h
  31. +3 −9 src/ui/auth/qgsauthsslerrorsdialog.ui
@@ -564,7 +564,8 @@ QgisApp::QgisApp( QSplashScreen *splash, bool restorePlugins, QWidget * parent,
QgsAuthManager::instance()->init( QgsApplication::pluginPath() );
if ( QgsAuthManager::instance()->isDisabled() )
{
QMessageBox::warning( this, tr( "Authentication System" ),
// Don't pass 'this' as parent, or menubar doesn't complete loading of submenus (at least on Mac)
QMessageBox::warning( 0, tr( "Authentication System" ),
QgsAuthManager::instance()->disabledMessage() + "\n\n" +
tr( "Resources authenticating via the system can not be accessed." ) );
}
@@ -172,7 +172,7 @@ QNetworkReply *QgsNetworkAccessManager::createRequest( QNetworkAccessManager::Op
#ifndef QT_NO_OPENSSL
bool ishttps = pReq->url().scheme().toLower() == "https";
QgsAuthConfigSslServer servconfig;
if ( ishttps )
if ( ishttps && !QgsAuthManager::instance()->isDisabled() )
{
// check for SSL cert custom config
QString hostport( QString( "%1:%2" )
@@ -48,11 +48,13 @@ QgsAuthAuthoritiesEditor::QgsAuthAuthoritiesEditor( QWidget *parent )
, mDbCaSecItem( 0 )
, mDefaultTrustPolicy( QgsAuthCertUtils::DefaultTrust )
, mUtilitiesMenu( 0 )
, mDisabled( false )
, mActionDefaultTrustPolicy( 0 )
, mActionShowTrustedCAs( 0 )
{
if ( QgsAuthManager::instance()->isDisabled() )
{
mDisabled = true;
mAuthNotifyLayout = new QVBoxLayout;
this->setLayout( mAuthNotifyLayout );
mAuthNotify = new QLabel( QgsAuthManager::instance()->disabledMessage(), this );
@@ -775,7 +777,10 @@ void QgsAuthAuthoritiesEditor::authMessageOut( const QString& message, const QSt

void QgsAuthAuthoritiesEditor::showEvent( QShowEvent * e )
{
treeWidgetCAs->setFocus();
if ( !mDisabled )
{
treeWidgetCAs->setFocus();
}
QWidget::showEvent( e );
}

@@ -129,6 +129,7 @@ class GUI_EXPORT QgsAuthAuthoritiesEditor : public QWidget, private Ui::QgsAuthA
QMap<QgsAuthCertUtils::CertTrustPolicy, QStringList > mCertTrustCache;

QMenu * mUtilitiesMenu;
bool mDisabled;
QAction * mActionDefaultTrustPolicy;
QAction * mActionShowTrustedCAs;
};
@@ -64,37 +64,49 @@ QgsAuthCertInfo::QgsAuthCertInfo( QSslCertificate cert,
, mGrpCert( 0 )
, mGrpPkey( 0 )
, mGrpExts( 0 )
, mAuthNotifyLayout( 0 )
, mAuthNotify( 0 )
{
setupUi( this );
if ( QgsAuthManager::instance()->isDisabled() )
{
mAuthNotifyLayout = new QVBoxLayout;
this->setLayout( mAuthNotifyLayout );
mAuthNotify = new QLabel( QgsAuthManager::instance()->disabledMessage(), this );
mAuthNotifyLayout->addWidget( mAuthNotify );
}
else
{
setupUi( this );

lblError->setHidden( true );
lblError->setHidden( true );

treeHierarchy->setRootIsDecorated( false );
treeHierarchy->setRootIsDecorated( false );

connect( treeHierarchy, SIGNAL( currentItemChanged( QTreeWidgetItem *, QTreeWidgetItem * ) ),
this, SLOT( currentCertItemChanged( QTreeWidgetItem*, QTreeWidgetItem* ) ) );
connect( treeHierarchy, SIGNAL( currentItemChanged( QTreeWidgetItem *, QTreeWidgetItem * ) ),
this, SLOT( currentCertItemChanged( QTreeWidgetItem*, QTreeWidgetItem* ) ) );

mCaCertsCache = QgsAuthManager::instance()->getCaCertsCache();
mCaCertsCache = QgsAuthManager::instance()->getCaCertsCache();

setUpCertDetailsTree();
setUpCertDetailsTree();

grpbxTrust->setVisible( mManageTrust );
grpbxTrust->setVisible( mManageTrust );

// trust policy is still queried, even if not managing the policy, so public getter will work
mDefaultTrustPolicy = QgsAuthManager::instance()->defaultCertTrustPolicy();
mCurrentTrustPolicy = QgsAuthCertUtils::DefaultTrust;
// trust policy is still queried, even if not managing the policy, so public getter will work
mDefaultTrustPolicy = QgsAuthManager::instance()->defaultCertTrustPolicy();
mCurrentTrustPolicy = QgsAuthCertUtils::DefaultTrust;

bool res;
res = populateQcaCertCollection();
if ( res )
res = setQcaCertificate( cert );
if ( res )
res = populateCertChain();
if ( res )
setCertHierarchy();
bool res;
res = populateQcaCertCollection();
if ( res )
res = setQcaCertificate( cert );
if ( res )
res = populateCertChain();
if ( res )
setCertHierarchy();

connect( cmbbxTrust, SIGNAL( currentIndexChanged( int ) ),
this, SLOT( currentPolicyIndexChanged( int ) ) );
connect( cmbbxTrust, SIGNAL( currentIndexChanged( int ) ),
this, SLOT( currentPolicyIndexChanged( int ) ) );
}
}

QgsAuthCertInfo::~QgsAuthCertInfo()
@@ -126,6 +126,8 @@ class GUI_EXPORT QgsAuthCertInfo : public QWidget, private Ui::QgsAuthCertInfo
QTreeWidgetItem *mGrpPkey;
QTreeWidgetItem *mGrpExts;

QVBoxLayout *mAuthNotifyLayout;
QLabel *mAuthNotify;
};

//////////////// Embed in dialog ///////////////////
@@ -113,7 +113,14 @@ const QString QgsAuthCertTrustPolicyComboBox::defaultTrustText( QgsAuthCertUtils
{
if ( defaultpolicy == QgsAuthCertUtils::DefaultTrust )
{
defaultpolicy = QgsAuthManager::instance()->defaultCertTrustPolicy();
if ( !QgsAuthManager::instance()->isDisabled() )
{
defaultpolicy = QgsAuthManager::instance()->defaultCertTrustPolicy();
}
else
{
defaultpolicy = QgsAuthCertUtils::Trusted;
}
}
return QString( "%1 (%2)" )
.arg( QgsAuthCertUtils::getCertTrustName( QgsAuthCertUtils::DefaultTrust ) )
@@ -37,11 +37,13 @@ QgsAuthConfigEditor::QgsAuthConfigEditor( QWidget *parent, bool showUtilities, b
, mActionClearCachedAuthConfigs( 0 )
, mActionRemoveAuthConfigs( 0 )
, mActionEraseAuthDatabase( 0 )
, mDisabled( false )
, mAuthNotifyLayout( 0 )
, mAuthNotify( 0 )
{
if ( QgsAuthManager::instance()->isDisabled() )
{
mDisabled = true;
mAuthNotifyLayout = new QVBoxLayout;
this->setLayout( mAuthNotifyLayout );
mAuthNotify = new QLabel( QgsAuthManager::instance()->disabledMessage(), this );
@@ -166,19 +168,26 @@ void QgsAuthConfigEditor::authMessageOut( const QString& message, const QString&

void QgsAuthConfigEditor::toggleTitleVisibility( bool visible )
{
if ( !QgsAuthManager::instance()->isDisabled() )
if ( !mDisabled )
{
lblAuthConfigDb->setVisible( visible );
}
}

void QgsAuthConfigEditor::setShowUtilitiesButton( bool show )
{
btnAuthUtilities->setVisible( show );
if ( !mDisabled )
{
btnAuthUtilities->setVisible( show );
}
}

void QgsAuthConfigEditor::setRelayMessages( bool relay )
{
if ( mDisabled )
{
return;
}
if ( relay == mRelayMessages )
{
return;
@@ -105,6 +105,7 @@ class GUI_EXPORT QgsAuthConfigEditor : public QWidget, private Ui::QgsAuthConfig
QAction *mActionRemoveAuthConfigs;
QAction *mActionEraseAuthDatabase;

bool mDisabled;
QVBoxLayout *mAuthNotifyLayout;
QLabel *mAuthNotify;
};
@@ -56,7 +56,7 @@ bool QgsAuthConfigIdEdit::validate()
bool curvalid = (( authcfg == mAuthCfgOrig && authcfg.size() == 7 )
|| ( mAllowEmpty && authcfg.size() == 0 ) );

if ( !curvalid && authcfg.size() == 7 && isAlphaNumeric( authcfg ) )
if ( !QgsAuthManager::instance()->isDisabled() && !curvalid && authcfg.size() == 7 && isAlphaNumeric( authcfg ) )
{
curvalid = QgsAuthManager::instance()->configIdUnique( authcfg );
}
@@ -33,11 +33,13 @@ QgsAuthConfigSelect::QgsAuthConfigSelect( QWidget *parent, const QString &datapr
, mAuthCfg( QString() )
, mDataProvider( dataprovider )
, mConfigs( QgsAuthMethodConfigsMap() )
, mDisabled( false )
, mAuthNotifyLayout( 0 )
, mAuthNotify( 0 )
{
if ( QgsAuthManager::instance()->isDisabled() )
{
mDisabled = true;
mAuthNotifyLayout = new QVBoxLayout;
this->setLayout( mAuthNotifyLayout );
mAuthNotify = new QLabel( QgsAuthManager::instance()->disabledMessage(), this );
@@ -62,7 +64,7 @@ QgsAuthConfigSelect::~QgsAuthConfigSelect()

void QgsAuthConfigSelect::setConfigId( const QString& authcfg )
{
if ( QgsAuthManager::instance()->isDisabled() && mAuthNotify )
if ( mDisabled && mAuthNotify )
{
mAuthNotify->setText( QgsAuthManager::instance()->disabledMessage() + "\n\n" +
tr( "Authentication config id not loaded: %1" ).arg( authcfg ) );
@@ -80,6 +82,11 @@ void QgsAuthConfigSelect::setConfigId( const QString& authcfg )

void QgsAuthConfigSelect::setDataProviderKey( const QString &key )
{
if ( mDisabled )
{
return;
}

mDataProvider = key;
populateConfigSelector();
}
@@ -156,12 +163,20 @@ void QgsAuthConfigSelect::populateConfigSelector()

void QgsAuthConfigSelect::showMessage( const QString &msg )
{
if ( mDisabled )
{
return;
}
leConfigMsg->setText( msg );
frConfigMsg->setVisible( true );
}

void QgsAuthConfigSelect::clearMessage()
{
if ( mDisabled )
{
return;
}
leConfigMsg->clear();
frConfigMsg->setVisible( false );
}
@@ -241,22 +256,36 @@ QgsAuthConfigUriEdit::QgsAuthConfigUriEdit( QWidget *parent, const QString &data
, mAuthCfg( QString() )
, mDataUri( QString() )
, mDataUriOrig( QString() )
, mDisabled( false )
, mAuthNotifyLayout( 0 )
, mAuthNotify( 0 )
{
setupUi( this );
if ( QgsAuthManager::instance()->isDisabled() )
{
mDisabled = true;
mAuthNotifyLayout = new QVBoxLayout;
this->setLayout( mAuthNotifyLayout );
mAuthNotify = new QLabel( QgsAuthManager::instance()->disabledMessage(), this );
mAuthNotifyLayout->addWidget( mAuthNotify );
}
else
{
setupUi( this );

setWindowTitle( tr( "Authentication Config ID String Editor" ) );
setWindowTitle( tr( "Authentication Config ID String Editor" ) );

buttonBox->button( QDialogButtonBox::Close )->setDefault( true );
connect( buttonBox, SIGNAL( rejected() ), this, SLOT( close() ) );
connect( buttonBox, SIGNAL( accepted() ), this, SLOT( saveChanges() ) );
buttonBox->button( QDialogButtonBox::Close )->setDefault( true );
connect( buttonBox, SIGNAL( rejected() ), this, SLOT( close() ) );
connect( buttonBox, SIGNAL( accepted() ), this, SLOT( saveChanges() ) );

connect( buttonBox->button( QDialogButtonBox::Reset ), SIGNAL( clicked() ), this, SLOT( resetChanges() ) );
connect( buttonBox->button( QDialogButtonBox::Reset ), SIGNAL( clicked() ), this, SLOT( resetChanges() ) );

connect( wdgtAuthSelect, SIGNAL( selectedConfigIdChanged( QString ) ), this , SLOT( authCfgUpdated( QString ) ) );
connect( wdgtAuthSelect, SIGNAL( selectedConfigIdRemoved( QString ) ), this , SLOT( authCfgRemoved( QString ) ) );
connect( wdgtAuthSelect, SIGNAL( selectedConfigIdChanged( QString ) ), this , SLOT( authCfgUpdated( QString ) ) );
connect( wdgtAuthSelect, SIGNAL( selectedConfigIdRemoved( QString ) ), this , SLOT( authCfgRemoved( QString ) ) );

wdgtAuthSelect->setDataProviderKey( dataprovider );
setDataSourceUri( datauri );
wdgtAuthSelect->setDataProviderKey( dataprovider );
setDataSourceUri( datauri );
}
}

QgsAuthConfigUriEdit::~QgsAuthConfigUriEdit()
@@ -265,6 +294,10 @@ QgsAuthConfigUriEdit::~QgsAuthConfigUriEdit()

void QgsAuthConfigUriEdit::setDataSourceUri( const QString &datauri )
{
if ( mDisabled )
{
return;
}
if ( datauri.isEmpty() )
return;

@@ -291,11 +324,19 @@ void QgsAuthConfigUriEdit::setDataSourceUri( const QString &datauri )

QString QgsAuthConfigUriEdit::dataSourceUri()
{
if ( mDisabled )
{
return QString();
}
return mDataUri;
}

bool QgsAuthConfigUriEdit::hasConfigID( const QString &txt )
{
if ( QgsAuthManager::instance()->isDisabled() )
{
return false;
}
return QgsAuthManager::instance()->hasConfigId( txt );
}

@@ -86,6 +86,7 @@ class GUI_EXPORT QgsAuthConfigSelect : public QWidget, private Ui::QgsAuthConfig
QString mDataProvider;
QgsAuthMethodConfigsMap mConfigs;

bool mDisabled;
QVBoxLayout *mAuthNotifyLayout;
QLabel *mAuthNotify;
};
@@ -122,7 +123,7 @@ class GUI_EXPORT QgsAuthConfigUriEdit : public QDialog, private Ui::QgsAuthConfi
/** The returned, possibly edited data source URI */
QString dataSourceUri();

/** Whether a string conatins an authcfg ID */
/** Whether a string contains an authcfg ID */
static bool hasConfigID( const QString &txt );

private slots:
@@ -148,6 +149,10 @@ class GUI_EXPORT QgsAuthConfigUriEdit : public QDialog, private Ui::QgsAuthConfi
QString mAuthCfg;
QString mDataUri;
QString mDataUriOrig;

bool mDisabled;
QVBoxLayout *mAuthNotifyLayout;
QLabel *mAuthNotify;
};

#endif // QGSAUTHCONFIGSELECT_H

0 comments on commit 6a7332f

Please sign in to comment.
You can’t perform that action at this time.