Skip to content
Permalink
Browse files

Merge pull request #5446 from boundlessgeo/BD-2279-authmanager-singleton

[auth] Authmanager singleton API removal
  • Loading branch information
elpaso committed Oct 26, 2017
2 parents d414822 + c780ab9 commit 92b3b5bcbca1ee569e296e0c146b6dac99133f94
Showing with 372 additions and 297 deletions.
  1. +10 −12 python/core/auth/qgsauthmanager.sip
  2. +11 −0 python/core/qgsapplication.sip
  3. +15 −19 src/app/qgisapp.cpp
  4. +2 −1 src/auth/basic/qgsauthbasicmethod.cpp
  5. +1 −1 src/auth/identcert/qgsauthidentcertedit.cpp
  6. +4 −3 src/auth/identcert/qgsauthidentcertmethod.cpp
  7. +5 −4 src/auth/pkipaths/qgsauthpkipathsmethod.cpp
  8. +5 −4 src/auth/pkipkcs12/qgsauthpkcs12method.cpp
  9. +8 −7 src/core/auth/qgsauthcertutils.cpp
  10. +17 −10 src/core/auth/qgsauthmanager.cpp
  11. +17 −6 src/core/auth/qgsauthmanager.h
  12. +18 −3 src/core/qgsapplication.cpp
  13. +10 −0 src/core/qgsapplication.h
  14. +2 −1 src/core/qgsdatasourceuri.cpp
  15. +2 −2 src/core/qgsfiledownloader.cpp
  16. +2 −2 src/core/qgsgml.cpp
  17. +1 −1 src/core/qgsmaplayer.cpp
  18. +6 −4 src/core/qgsnetworkaccessmanager.cpp
  19. +41 −41 src/gui/auth/qgsauthauthoritieseditor.cpp
  20. +9 −9 src/gui/auth/qgsauthcertificateinfo.cpp
  21. +3 −2 src/gui/auth/qgsauthcerttrustpolicycombobox.cpp
  22. +17 −16 src/gui/auth/qgsauthconfigedit.cpp
  23. +11 −10 src/gui/auth/qgsauthconfigeditor.cpp
  24. +3 −2 src/gui/auth/qgsauthconfigidedit.cpp
  25. +13 −13 src/gui/auth/qgsauthconfigselect.cpp
  26. +9 −8 src/gui/auth/qgsautheditorwidgets.cpp
  27. +26 −25 src/gui/auth/qgsauthguiutils.cpp
  28. +12 −12 src/gui/auth/qgsauthidentitieseditor.cpp
  29. +3 −2 src/gui/auth/qgsauthimportcertdialog.cpp
  30. +3 −2 src/gui/auth/qgsauthimportidentitydialog.cpp
  31. +6 −5 src/gui/auth/qgsauthmasterpassresetdialog.cpp
  32. +11 −11 src/gui/auth/qgsauthserverseditor.cpp
  33. +2 −1 src/gui/auth/qgsauthsettingswidget.cpp
  34. +5 −4 src/gui/auth/qgsauthsslconfigwidget.cpp
  35. +4 −3 src/gui/auth/qgsauthsslerrorsdialog.cpp
  36. +4 −3 src/gui/auth/qgsauthsslimportdialog.cpp
  37. +7 −7 src/gui/auth/qgsauthtrustedcasdialog.cpp
  38. +7 −6 src/gui/qgscredentialdialog.cpp
  39. +2 −2 src/providers/wcs/qgswcscapabilities.cpp
  40. +3 −2 src/providers/wcs/qgswcsprovider.h
  41. +3 −2 src/providers/wfs/qgswfsdatasourceuri.h
  42. +3 −2 src/providers/wms/qgswmscapabilities.h
  43. +2 −2 src/server/qgsserver.cpp
  44. +11 −11 tests/src/core/testqgsauthmanager.cpp
  45. +3 −3 tests/src/python/test_authmanager_password_ows.py
  46. +2 −1 tests/src/python/test_authmanager_pki_ows.py
  47. +2 −1 tests/src/python/test_authmanager_pki_postgres.py
  48. +3 −3 tests/src/python/test_authmanager_proxy.py
  49. +2 −2 tests/src/python/test_authsettingswidget.py
  50. +2 −2 tests/src/python/test_offline_editing_wfs.py
  51. +2 −2 tests/src/python/test_qgsauthsystem.py
@@ -32,13 +32,15 @@ class QgsAuthManager : QObject
CRITICAL
};

static QgsAuthManager *instance();
bool init( const QString &pluginPath = QString(), const QString &authDatabasePath = QString() );
%Docstring
Enforce singleton pattern
.. note::

To set up the manager instance and initialize everything use QgsAuthManager.instance()->init()
:rtype: QgsAuthManager
init initialize QCA, prioritize qca-ossl plugin and optionally set up the authentication database
\param pluginPath the plugin path
\param authDatabasePath the authentication DB path
:return: true on success
.. seealso:: QgsApplication.pluginPath
.. seealso:: QgsApplication.qgisAuthDatabaseFilePath
:rtype: bool
%End

~QgsAuthManager();
@@ -61,11 +63,6 @@ Name of the authentication database table that stores server exceptions/configs
:rtype: str
%End

bool init( const QString &pluginPath = QString() );
%Docstring
Initialize QCA, prioritize qca-ossl plugin and optionally set up the authentication database
:rtype: bool
%End

bool isDisabled() const;
%Docstring
@@ -738,7 +735,8 @@ Clear an authentication config from its associated authentication method cache
%End

protected:
explicit QgsAuthManager();



};

@@ -682,6 +682,17 @@ Returns path to the build output directory. Valid only when running from build d
:rtype: QgsMessageLog
%End

static QgsAuthManager *authManager();
%Docstring
Returns the application's authentication manager instance
.. note::

this can be a null pointer if called before initQgis
.. seealso:: initQgis
.. versionadded:: 3.0
:rtype: QgsAuthManager
%End

static QgsProcessingRegistry *processingRegistry();
%Docstring
Returns the application's processing registry, used for managing processing providers,
@@ -683,19 +683,6 @@ QgisApp::QgisApp( QSplashScreen *splash, bool restorePlugins, bool skipVersionCh
mTray->setIcon( QIcon( QgsApplication::appIconPath() ) );
mTray->hide();

startProfile( QStringLiteral( "Initializing authentication" ) );
mSplash->showMessage( tr( "Initializing authentication" ), Qt::AlignHCenter | Qt::AlignBottom );
qApp->processEvents();
QgsAuthManager::instance()->init( QgsApplication::pluginPath() );
if ( !QgsAuthManager::instance()->isDisabled() )
{
masterPasswordSetup();
}
endProfile();

// Setup QgsNetworkAccessManager (this needs to happen after authentication, for proxy settings)
namSetup();

// Create the themes folder for the user
startProfile( QStringLiteral( "Creating theme folder" ) );
QgsApplication::createThemeFolder();
@@ -1014,6 +1001,15 @@ QgisApp::QgisApp( QSplashScreen *splash, bool restorePlugins, bool skipVersionCh
qApp->processEvents();
QgsApplication::initQgis();

if ( !QgsApplication::authManager()->isDisabled() )
{
// Most of the auth initialization is now done inside initQgis, no need to profile here
masterPasswordSetup();
}

// Setup QgsNetworkAccessManager (this needs to happen after authentication, for proxy settings)
namSetup();

QgsApplication::dataItemProviderRegistry()->addProvider( new QgsQlrDataItemProvider() );
registerCustomDropHandler( new QgsQlrDropHandler() );
QgsApplication::dataItemProviderRegistry()->addProvider( new QgsQptDataItemProvider() );
@@ -9929,7 +9925,7 @@ QgsVectorLayer *QgisApp::addVectorLayer( const QString &vectorLayerPath, const Q
authok = false;
if ( !QgsAuthGuiUtils::isDisabled( messageBar(), messageTimeout() ) )
{
authok = QgsAuthManager::instance()->setMasterPassword( true );
authok = QgsApplication::authManager()->setMasterPassword( true );
}
}

@@ -12648,7 +12644,7 @@ void QgisApp::namSslErrors( QNetworkReply *reply, const QList<QSslError> &errors
QString digest( QgsAuthCertUtils::shaHexForCert( reply->sslConfiguration().peerCertificate() ) );
QString dgsthostport( QStringLiteral( "%1:%2" ).arg( digest, hostport ) );

const QHash<QString, QSet<QSslError::SslError> > &errscache( QgsAuthManager::instance()->getIgnoredSslErrorCache() );
const QHash<QString, QSet<QSslError::SslError> > &errscache( QgsApplication::authManager()->getIgnoredSslErrorCache() );

if ( errscache.contains( dgsthostport ) )
{
@@ -12727,11 +12723,11 @@ void QgisApp::namUpdate()

void QgisApp::masterPasswordSetup()
{
connect( QgsAuthManager::instance(), &QgsAuthManager::messageOut,
connect( QgsApplication::authManager(), &QgsAuthManager::messageOut,
this, &QgisApp::authMessageOut );
connect( QgsAuthManager::instance(), &QgsAuthManager::passwordHelperMessageOut,
connect( QgsApplication::authManager(), &QgsAuthManager::passwordHelperMessageOut,
this, &QgisApp::authMessageOut );
connect( QgsAuthManager::instance(), &QgsAuthManager::authDatabaseEraseRequested,
connect( QgsApplication::authManager(), &QgsAuthManager::authDatabaseEraseRequested,
this, &QgisApp::eraseAuthenticationDatabase );
}

@@ -12749,7 +12745,7 @@ void QgisApp::eraseAuthenticationDatabase()
if ( layertree && layertree->customProperty( QStringLiteral( "loading" ) ).toBool() )
{
QgsDebugMsg( "Project loading, skipping auth db erase" );
QgsAuthManager::instance()->setScheduledAuthDatabaseEraseRequestEmitted( false );
QgsApplication::authManager()->setScheduledAuthDatabaseEraseRequestEmitted( false );
return;
}
}
@@ -19,6 +19,7 @@

#include "qgsauthmanager.h"
#include "qgslogger.h"
#include "qgsapplication.h"

#include <QNetworkProxy>
#include <QMutexLocker>
@@ -182,7 +183,7 @@ QgsAuthMethodConfig QgsAuthBasicMethod::getMethodConfig( const QString &authcfg,
}

// else build basic bundle
if ( !QgsAuthManager::instance()->loadAuthenticationConfig( authcfg, mconfig, fullconfig ) )
if ( !QgsApplication::authManager()->loadAuthenticationConfig( authcfg, mconfig, fullconfig ) )
{
QgsDebugMsg( QString( "Retrieve config FAILED for authcfg: %1" ).arg( authcfg ) );
return QgsAuthMethodConfig();
@@ -75,7 +75,7 @@ void QgsAuthIdentCertEdit::populateIdentityComboBox()
{
cmbIdentityCert->addItem( tr( "Select identity..." ), "" );

QList<QSslCertificate> certs( QgsAuthManager::instance()->getCertIdentities() );
QList<QSslCertificate> certs( QgsApplication::authManager()->getCertIdentities() );
if ( !certs.isEmpty() )
{
cmbIdentityCert->setIconSize( QSize( 26, 22 ) );
@@ -30,6 +30,7 @@
#include "qgsauthcertutils.h"
#include "qgsauthmanager.h"
#include "qgslogger.h"
#include "qgsapplication.h"

static const QString AUTH_METHOD_KEY = QStringLiteral( "Identity-Cert" );
static const QString AUTH_METHOD_DESCRIPTION = QStringLiteral( "Identity certificate authentication" );
@@ -143,7 +144,7 @@ bool QgsAuthIdentCertMethod::updateDataSourceUriItems( QStringList &connectionIt
// save CAs to temp file
QString caFilePath = QgsAuthCertUtils::pemTextToTempFile(
pkiTempFileBase.arg( QUuid::createUuid().toString() ),
QgsAuthManager::instance()->getTrustedCaCertsPemText() );
QgsApplication::authManager()->getTrustedCaCertsPemText() );
if ( caFilePath.isEmpty() )
{
return false;
@@ -238,14 +239,14 @@ QgsPkiConfigBundle *QgsAuthIdentCertMethod::getPkiConfigBundle( const QString &a
// else build PKI bundle
QgsAuthMethodConfig mconfig;

if ( !QgsAuthManager::instance()->loadAuthenticationConfig( authcfg, mconfig, true ) )
if ( !QgsApplication::authManager()->loadAuthenticationConfig( authcfg, mconfig, true ) )
{
QgsDebugMsg( QString( "PKI bundle for authcfg %1: FAILED to retrieve config" ).arg( authcfg ) );
return bundle;
}

// get identity from database
QPair<QSslCertificate, QSslKey> cibundle( QgsAuthManager::instance()->getCertIdentityBundle( mconfig.config( QStringLiteral( "certid" ) ) ) );
QPair<QSslCertificate, QSslKey> cibundle( QgsApplication::authManager()->getCertIdentityBundle( mconfig.config( QStringLiteral( "certid" ) ) ) );

// init client cert
// Note: if this is not valid, no sense continuing
@@ -30,6 +30,7 @@
#include "qgsauthcertutils.h"
#include "qgsauthmanager.h"
#include "qgslogger.h"
#include "qgsapplication.h"


static const QString AUTH_METHOD_KEY = QStringLiteral( "PKI-Paths" );
@@ -160,17 +161,17 @@ bool QgsAuthPkiPathsMethod::updateDataSourceUriItems( QStringList &connectionIte
{
if ( pkibundle->config().config( QStringLiteral( "addrootca" ), QStringLiteral( "false" ) ) == QStringLiteral( "true" ) )
{
cas = QgsAuthCertUtils::casMerge( QgsAuthManager::instance()->getTrustedCaCerts(), pkibundle->caChain() );
cas = QgsAuthCertUtils::casMerge( QgsApplication::authManager()->getTrustedCaCerts(), pkibundle->caChain() );
}
else
{
cas = QgsAuthCertUtils::casMerge( QgsAuthManager::instance()->getTrustedCaCerts(),
cas = QgsAuthCertUtils::casMerge( QgsApplication::authManager()->getTrustedCaCerts(),
QgsAuthCertUtils::casRemoveSelfSigned( pkibundle->caChain() ) );
}
}
else
{
cas = QgsAuthManager::instance()->getTrustedCaCerts();
cas = QgsApplication::authManager()->getTrustedCaCerts();
}

// save CAs to temp file
@@ -274,7 +275,7 @@ QgsPkiConfigBundle *QgsAuthPkiPathsMethod::getPkiConfigBundle( const QString &au
// else build PKI bundle
QgsAuthMethodConfig mconfig;

if ( !QgsAuthManager::instance()->loadAuthenticationConfig( authcfg, mconfig, true ) )
if ( !QgsApplication::authManager()->loadAuthenticationConfig( authcfg, mconfig, true ) )
{
QgsDebugMsg( QString( "PKI bundle for authcfg %1: FAILED to retrieve config" ).arg( authcfg ) );
return bundle;
@@ -30,6 +30,7 @@
#include "qgsauthcertutils.h"
#include "qgsauthmanager.h"
#include "qgslogger.h"
#include "qgsapplication.h"


static const QString AUTH_METHOD_KEY = QStringLiteral( "PKI-PKCS#12" );
@@ -160,17 +161,17 @@ bool QgsAuthPkcs12Method::updateDataSourceUriItems( QStringList &connectionItems
{
if ( pkibundle->config().config( QStringLiteral( "addrootca" ), QStringLiteral( "false" ) ) == QStringLiteral( "true" ) )
{
cas = QgsAuthCertUtils::casMerge( QgsAuthManager::instance()->getTrustedCaCerts(), pkibundle->caChain() );
cas = QgsAuthCertUtils::casMerge( QgsApplication::authManager()->getTrustedCaCerts(), pkibundle->caChain() );
}
else
{
cas = QgsAuthCertUtils::casMerge( QgsAuthManager::instance()->getTrustedCaCerts(),
cas = QgsAuthCertUtils::casMerge( QgsApplication::authManager()->getTrustedCaCerts(),
QgsAuthCertUtils::casRemoveSelfSigned( pkibundle->caChain() ) );
}
}
else
{
cas = QgsAuthManager::instance()->getTrustedCaCerts();
cas = QgsApplication::authManager()->getTrustedCaCerts();
}

// save CAs to temp file
@@ -273,7 +274,7 @@ QgsPkiConfigBundle *QgsAuthPkcs12Method::getPkiConfigBundle( const QString &auth
// else build PKI bundle
QgsAuthMethodConfig mconfig;

if ( !QgsAuthManager::instance()->loadAuthenticationConfig( authcfg, mconfig, true ) )
if ( !QgsApplication::authManager()->loadAuthenticationConfig( authcfg, mconfig, true ) )
{
QgsDebugMsg( QString( "PKI bundle for authcfg %1: FAILED to retrieve config" ).arg( authcfg ) );
return bundle;
@@ -25,6 +25,7 @@

#include "qgsauthmanager.h"
#include "qgslogger.h"
#include "qgsapplication.h"

QString QgsAuthCertUtils::getSslProtocolName( QSsl::SslProtocol protocol )
{
@@ -419,7 +420,7 @@ QString QgsAuthCertUtils::getCertDistinguishedName( const QSslCertificate &qcert
const QCA::Certificate &acert,
bool issuer )
{
if ( QgsAuthManager::instance()->isDisabled() )
if ( QgsApplication::authManager()->isDisabled() )
return QString();

if ( acert.isNull() )
@@ -505,7 +506,7 @@ QString QgsAuthCertUtils::shaHexForCert( const QSslCertificate &cert, bool forma

QCA::Certificate QgsAuthCertUtils::qtCertToQcaCert( const QSslCertificate &cert )
{
if ( QgsAuthManager::instance()->isDisabled() )
if ( QgsApplication::authManager()->isDisabled() )
return QCA::Certificate();

QCA::ConvertResult res;
@@ -521,7 +522,7 @@ QCA::Certificate QgsAuthCertUtils::qtCertToQcaCert( const QSslCertificate &cert
QCA::CertificateCollection QgsAuthCertUtils::qtCertsToQcaCollection( const QList<QSslCertificate> &certs )
{
QCA::CertificateCollection qcacoll;
if ( QgsAuthManager::instance()->isDisabled() )
if ( QgsApplication::authManager()->isDisabled() )
return qcacoll;

for ( const auto &cert : certs )
@@ -690,7 +691,7 @@ QList<QgsAuthCertUtils::CertUsageType> QgsAuthCertUtils::certificateUsageTypes(
{
QList<QgsAuthCertUtils::CertUsageType> usages;

if ( QgsAuthManager::instance()->isDisabled() )
if ( QgsApplication::authManager()->isDisabled() )
return usages;

QCA::ConvertResult res;
@@ -724,9 +725,9 @@ QList<QgsAuthCertUtils::CertUsageType> QgsAuthCertUtils::certificateUsageTypes(

// ask QCA what it thinks about potential usages
QCA::CertificateCollection trustedCAs(
qtCertsToQcaCollection( QgsAuthManager::instance()->getTrustedCaCertsCache() ) );
qtCertsToQcaCollection( QgsApplication::authManager()->getTrustedCaCertsCache() ) );
QCA::CertificateCollection untrustedCAs(
qtCertsToQcaCollection( QgsAuthManager::instance()->getUntrustedCaCerts() ) );
qtCertsToQcaCollection( QgsApplication::authManager()->getUntrustedCaCerts() ) );

QCA::Validity v_any;
v_any = qcacert.validate( trustedCAs, untrustedCAs, QCA::UsageAny, QCA::ValidateAll );
@@ -790,7 +791,7 @@ bool QgsAuthCertUtils::certificateIsSslServer( const QSslCertificate &cert )
// only what it should not be able to do (cert sign, etc.). The logic here may need refined
// see: http://security.stackexchange.com/a/26650

if ( QgsAuthManager::instance()->isDisabled() )
if ( QgsApplication::authManager()->isDisabled() )
return false;

QCA::ConvertResult res;

0 comments on commit 92b3b5b

Please sign in to comment.
You can’t perform that action at this time.