[auth system] Core data source URI integration

qgis · Sep 21, 2015 · 95214e9 · 95214e9
1 parent e65aa99
commit 95214e9
Show file tree

Hide file tree

Showing 9 changed files with 104 additions and 19 deletions.
diff --git a/python/core/qgsdataprovider.sip b/python/core/qgsdataprovider.sip
@@ -50,9 +50,10 @@ class QgsDataProvider : QObject
     /**
      * Get the data source specification. This may be a path or database
      * connection string
+     * @param expandAuthConfig Whether to expand any assigned authentication configuration
      * @return data source specification
      */
-    virtual QString dataSourceUri() const;
+    virtual QString dataSourceUri( bool expandAuthConfig = true ) const;
 
 
     /**

diff --git a/python/core/qgsdatasourceuri.sip b/python/core/qgsdatasourceuri.sip
@@ -21,10 +21,10 @@ class QgsDataSourceURI
     QgsDataSourceURI( QString uri );
 
     //! return connection part of URI
-    QString connectionInfo() const;
+    QString connectionInfo( bool expandAuthConfig = true ) const;
 
     //! return complete uri
-    QString uri() const;
+    QString uri( bool expandAuthConfig = true ) const;
 
     //! return complete encoded uri (generic mode)
     QByteArray encodedUri() const;
@@ -59,14 +59,16 @@ class QgsDataSourceURI
                         const QString& aDatabase,
                         const QString& aUsername,
                         const QString& aPassword,
-                        SSLmode sslmode = SSLprefer );
+                        SSLmode sslmode = SSLprefer,
+                        const QString& authConfigId = QString() );
 
     //! Set all connection related members at once (for the service case)
     void setConnection( const QString& aService,
                         const QString& aDatabase,
                         const QString& aUsername,
                         const QString& aPassword,
-                        SSLmode sslmode = SSLprefer );
+                        SSLmode sslmode = SSLprefer,
+                        const QString& authConfigId = QString() );
 
     //! Set database
     void setDatabase( const QString &database );
@@ -78,6 +80,9 @@ class QgsDataSourceURI
                         const QString& aSql = QString(),
                         const QString& aKeyColumn = QString() );
 
+    //! set authentication configuration ID
+    void setAuthConfigId( const QString& authcfg );
+
     //! set username
     void setUsername( QString username );
 
@@ -87,6 +92,7 @@ class QgsDataSourceURI
     //! Removes password element from uris
     static QString removePassword( const QString& aUri );
 
+    QString authConfigId() const;
     QString username() const;
     QString schema() const;
     QString table() const;

diff --git a/src/app/qgisapp.cpp b/src/app/qgisapp.cpp
@@ -8204,10 +8204,22 @@ QgsVectorLayer* QgisApp::addVectorLayer( QString vectorLayerPath, QString baseNa
                + " with baseName of " + baseName
                + " and providerKey of " + providerKey );
 
+  // if the layer needs authentication, ensure the master password is set
+  bool authok = true;
+  QRegExp rx( "authcfg=([a-z]|[0-9]){7}" );
+  if ( rx.indexIn( vectorLayerPath ) != -1 )
+  {
+    authok = false;
+    if ( !QgsAuthGuiUtils::isDisabled( messageBar(), messageTimeout() ) )
+    {
+      authok = QgsAuthManager::instance()->setMasterPassword( true );
+    }
+  }
+
   // create the layer
   QgsVectorLayer *layer = new QgsVectorLayer( vectorLayerPath, baseName, providerKey, false );
 
-  if ( layer && layer->isValid() )
+  if ( authok && layer && layer->isValid() )
   {
     QStringList sublayers = layer->dataProvider()->subLayers();
     QgsDebugMsg( QString( "got valid layer with %1 sublayers" ).arg( sublayers.count() ) );

diff --git a/src/core/qgsdataprovider.h b/src/core/qgsdataprovider.h
@@ -22,6 +22,7 @@
 #include <QStringList>
 
 //#include "qgsdataitem.h"
+#include "qgsdatasourceuri.h"
 #include "qgserror.h"
 
 typedef int dataCapabilities_t();
@@ -91,11 +92,23 @@ class CORE_EXPORT QgsDataProvider : public QObject
     /**
      * Get the data source specification. This may be a path or database
      * connection string
+     * @param expandAuthConfig Whether to expand any assigned authentication configuration
      * @return data source specification
+     * @note The default authentication configuration expansion is FALSE. This keeps credentials
+     * out of layer data source URIs and project files. Expansion should be specifically done
+     * only when needed within a provider
      */
-    virtual QString dataSourceUri() const
+    virtual QString dataSourceUri( bool expandAuthConfig = false ) const
     {
-      return mDataSourceURI;
+      if ( expandAuthConfig )
+      {
+        QgsDataSourceURI uri( mDataSourceURI );
+        return uri.uri( expandAuthConfig );
+      }
+      else
+      {
+        return mDataSourceURI;
+      }
     }
 
 

diff --git a/src/core/qgsdatasourceuri.cpp b/src/core/qgsdatasourceuri.cpp
@@ -17,6 +17,7 @@
  ***************************************************************************/
 
 #include "qgsdatasourceuri.h"
+#include "qgsauthmanager.h"
 #include "qgslogger.h"
 #include "qgswkbtypes.h"
 
@@ -148,6 +149,10 @@ QgsDataSourceURI::QgsDataSourceURI( QString uri )
       {
         mService = pval;
       }
+      else if ( pname == "authcfg" )
+      {
+        mAuthConfigId = pval;
+      }
       else if ( pname == "user" )
       {
         mUsername = pval;
@@ -253,6 +258,11 @@ QString QgsDataSourceURI::removePassword( const QString& aUri )
   return safeName;
 }
 
+QString QgsDataSourceURI::authConfigId() const
+{
+  return mAuthConfigId;
+}
+
 QString QgsDataSourceURI::username() const
 {
   return mUsername;
@@ -448,7 +458,7 @@ QString QgsDataSourceURI::getValue( const QString &uri, int &i )
   return pval;
 }
 
-QString QgsDataSourceURI::connectionInfo() const
+QString QgsDataSourceURI::connectionInfo( bool expandAuthConfig ) const
 {
   QStringList connectionItems;
 
@@ -493,12 +503,27 @@ QString QgsDataSourceURI::connectionInfo() const
     connectionItems << "sslmode=prefer";
 #endif
 
+  if ( !mAuthConfigId.isEmpty() )
+  {
+    if ( expandAuthConfig )
+    {
+      if ( !QgsAuthManager::instance()->updateDataSourceUriItems( connectionItems, mAuthConfigId ) )
+      {
+        QgsDebugMsg( QString( "Data source URI FAILED to update via loading configuration ID '%1'" ).arg( mAuthConfigId ) );
+      }
+    }
+    else
+    {
+      connectionItems << "authcfg=" + mAuthConfigId;
+    }
+  }
+
   return connectionItems.join( " " );
 }
 
-QString QgsDataSourceURI::uri() const
+QString QgsDataSourceURI::uri( bool expandAuthConfig ) const
 {
-  QString theUri = connectionInfo();
+  QString theUri = connectionInfo( expandAuthConfig );
 
   if ( !mKeyColumn.isEmpty() )
   {
@@ -595,27 +620,31 @@ void QgsDataSourceURI::setConnection( const QString &host,
                                       const QString &database,
                                       const QString &username,
                                       const QString &password,
-                                      SSLmode sslmode )
+                                      SSLmode sslmode,
+                                      const QString &authConfigId )
 {
   mHost = host;
   mDatabase = database;
   mPort = port;
   mUsername = username;
   mPassword = password;
   mSSLmode = sslmode;
+  mAuthConfigId = authConfigId;
 }
 
 void QgsDataSourceURI::setConnection( const QString &service,
                                       const QString &database,
                                       const QString &username,
                                       const QString &password,
-                                      SSLmode sslmode )
+                                      SSLmode sslmode,
+                                      const QString &authConfigId )
 {
   mService = service;
   mDatabase = database;
   mUsername = username;
   mPassword = password;
   mSSLmode = sslmode;
+  mAuthConfigId = authConfigId;
 }
 
 void QgsDataSourceURI::setDataSource( const QString &schema,
@@ -631,6 +660,11 @@ void QgsDataSourceURI::setDataSource( const QString &schema,
   mKeyColumn = keyColumn;
 }
 
+void QgsDataSourceURI::setAuthConfigId( const QString &authcfg )
+{
+  mAuthConfigId = authcfg;
+}
+
 void QgsDataSourceURI::setDatabase( const QString &database )
 {
   mDatabase = database;

diff --git a/src/core/qgsdatasourceuri.h b/src/core/qgsdatasourceuri.h
@@ -47,10 +47,10 @@ class CORE_EXPORT QgsDataSourceURI
     QgsDataSourceURI( const QByteArray & uri );
 
     //! return connection part of URI
-    QString connectionInfo() const;
+    QString connectionInfo( bool expandAuthConfig = true ) const;
 
     //! return complete uri
-    QString uri() const;
+    QString uri( bool expandAuthConfig = true ) const;
 
     //! return complete encoded uri (generic mode)
     QByteArray encodedUri() const;
@@ -89,14 +89,16 @@ class CORE_EXPORT QgsDataSourceURI
                         const QString& aDatabase,
                         const QString& aUsername,
                         const QString& aPassword,
-                        SSLmode sslmode = SSLprefer );
+                        SSLmode sslmode = SSLprefer,
+                        const QString& authConfigId = QString() );
 
     //! Set all connection related members at once (for the service case)
     void setConnection( const QString& aService,
                         const QString& aDatabase,
                         const QString& aUsername,
                         const QString& aPassword,
-                        SSLmode sslmode = SSLprefer );
+                        SSLmode sslmode = SSLprefer,
+                        const QString& authConfigId = QString() );
 
     //! Set database
     void setDatabase( const QString &database );
@@ -108,6 +110,9 @@ class CORE_EXPORT QgsDataSourceURI
                         const QString& aSql = QString(),
                         const QString& aKeyColumn = QString() );
 
+    //! set authentication configuration ID
+    void setAuthConfigId( const QString& authcfg );
+
     //! set username
     void setUsername( QString username );
 
@@ -117,6 +122,7 @@ class CORE_EXPORT QgsDataSourceURI
     //! Removes password element from uris
     static QString removePassword( const QString& aUri );
 
+    QString authConfigId() const;
     QString username() const;
     QString schema() const;
     QString table() const;
@@ -178,6 +184,8 @@ class CORE_EXPORT QgsDataSourceURI
     QString mGeometryColumn;
     //! SQL query or where clause used to limit features returned from the layer
     QString mSql;
+    //! authentication configuration ID
+    QString mAuthConfigId;
     //! username
     QString mUsername;
     //! password

diff --git a/src/core/qgsmaplayer.cpp b/src/core/qgsmaplayer.cpp
@@ -34,6 +34,7 @@
 #include "qgscoordinatereferencesystem.h"
 #include "qgsdatasourceuri.h"
 #include "qgslogger.h"
+#include "qgsauthmanager.h"
 #include "qgsmaplayer.h"
 #include "qgsmaplayerlegend.h"
 #include "qgsmaplayerstylemanager.h"
@@ -182,6 +183,14 @@ bool QgsMapLayer::readLayerXML( const QDomElement& layerElement )
   mne = mnl.toElement();
   mDataSource = mne.text();
 
+  // if the layer needs authentication, ensure the master password is set
+  QRegExp rx( "authcfg=([a-z]|[0-9]){7}" );
+  if (( rx.indexIn( mDataSource ) != -1 )
+      && !QgsAuthManager::instance()->setMasterPassword( true ) )
+  {
+    return false;
+  }
+
   // TODO: this should go to providers
   // see also QgsProject::createEmbeddedLayer
   if ( provider == "spatialite" )

diff --git a/src/providers/memory/qgsmemoryprovider.cpp b/src/providers/memory/qgsmemoryprovider.cpp
@@ -175,8 +175,10 @@ QgsAbstractFeatureSource* QgsMemoryProvider::featureSource() const
   return new QgsMemoryFeatureSource( this );
 }
 
-QString QgsMemoryProvider::dataSourceUri() const
+QString QgsMemoryProvider::dataSourceUri( bool expandAuthConfig ) const
 {
+  Q_UNUSED( expandAuthConfig )
+
   QUrl uri( "memory" );
   QString geometry;
   switch ( mWkbType )

diff --git a/src/providers/memory/qgsmemoryprovider.h b/src/providers/memory/qgsmemoryprovider.h
@@ -40,7 +40,7 @@ class QgsMemoryProvider : public QgsVectorDataProvider
      * Returns the permanent storage type for this layer as a friendly name.
      */
 
-    virtual QString dataSourceUri() const override;
+    virtual QString dataSourceUri( bool expandAuthConfig = true ) const override;
 
     /**
      * Returns the permanent storage type for this layer as a friendly name.