[evolution-data-server/f21] Add patch for GNOME bug #735311 (Adapt to new Google HTTP restriction)
Milan Crha
mcrha at fedoraproject.org
Wed Aug 27 06:20:33 UTC 2014
commit f703b17f5f162c138d8c3b7ed6b562e43c11c8b4
Author: Milan Crha <mcrha at redhat.com>
Date: Wed Aug 27 08:20:27 2014 +0200
Add patch for GNOME bug #735311 (Adapt to new Google HTTP restriction)
...on-data-server-3.12.5-google-caldav-login.patch | 187 ++++++++++++++++++++
evolution-data-server.spec | 8 +-
2 files changed, 194 insertions(+), 1 deletions(-)
---
diff --git a/evolution-data-server-3.12.5-google-caldav-login.patch b/evolution-data-server-3.12.5-google-caldav-login.patch
new file mode 100644
index 0000000..523f336
--- /dev/null
+++ b/evolution-data-server-3.12.5-google-caldav-login.patch
@@ -0,0 +1,187 @@
+From 5e9d80092b19f9bd2c02712ab0a50fa70b052c74 Mon Sep 17 00:00:00 2001
+From: Matthew Barnes <mbarnes at redhat.com>
+Date: Mon, 25 Aug 2014 11:01:20 -0400
+Subject: Bug 735311 - Adapt to new Google HTTP restriction
+
+Google has recently imposed a limit on the number of unauthorized HTTP
+requests to its OAuth2-based interfaces.
+
+The normal operation of SoupSession is to issue the first HTTP request
+unauthorized and see if the server issues a "401 Unauthorized" response
+(since not all HTTP services require authorization).
+
+On a "401 Unauthorized" response, SoupSession emits an "authenticate"
+signal, which the application is supposed to handle. Once credentials
+are in hand, SoupSession resends the same HTTP request and subsequent
+requests with an Authenticate header while the socket connection holds.
+
+Google's unauthorized request limit breaks this logic flow. Once the
+limit is exceeded, the Google server issues a "403 Forbidden" response
+instead of "401 Unauthorized" to an unauthorized HTTP request. This
+breaks error handling in the E-D-S CalDAV backend.
+
+The workaround is to preload the SoupAuthManager with a pre-configured
+SoupAuth when using OAuth 2.0 authentication. This avoids the initial
+unauthorized HTTP round-trip.
+
+The backend implements the GInitable interface for this since obtaining
+a valid access token is a failable step.
+
+(cherry picked from commit 00a465670ef3d8adbaf011b3e697ba5befb00623)
+
+diff --git a/calendar/backends/caldav/e-cal-backend-caldav.c b/calendar/backends/caldav/e-cal-backend-caldav.c
+index f189126..686020e 100644
+--- a/calendar/backends/caldav/e-cal-backend-caldav.c
++++ b/calendar/backends/caldav/e-cal-backend-caldav.c
+@@ -133,6 +133,8 @@ struct _ECalBackendCalDAVPrivate {
+ };
+
+ /* Forward Declarations */
++static void e_caldav_backend_initable_init
++ (GInitableIface *interface);
+ static void caldav_source_authenticator_init
+ (ESourceAuthenticatorInterface *iface);
+
+@@ -141,6 +143,9 @@ G_DEFINE_TYPE_WITH_CODE (
+ e_cal_backend_caldav,
+ E_TYPE_CAL_BACKEND_SYNC,
+ G_IMPLEMENT_INTERFACE (
++ G_TYPE_INITABLE,
++ e_caldav_backend_initable_init)
++ G_IMPLEMENT_INTERFACE (
+ E_TYPE_SOURCE_AUTHENTICATOR,
+ caldav_source_authenticator_init))
+
+@@ -5238,11 +5243,83 @@ e_cal_backend_caldav_finalize (GObject *object)
+ G_OBJECT_CLASS (parent_class)->finalize (object);
+ }
+
+-static void
+-e_cal_backend_caldav_init (ECalBackendCalDAV *cbdav)
++static gboolean
++caldav_backend_initable_init (GInitable *initable,
++ GCancellable *cancellable,
++ GError **error)
+ {
++ ECalBackendCalDAVPrivate *priv;
+ SoupSessionFeature *feature;
++ ESource *source;
++ const gchar *extension_name;
++ gchar *auth_method = NULL;
++ gboolean success = TRUE;
++
++ priv = E_CAL_BACKEND_CALDAV_GET_PRIVATE (initable);
++
++ feature = soup_session_get_feature (
++ priv->session, SOUP_TYPE_AUTH_MANAGER);
++
++ /* Add the "Bearer" auth type to support OAuth 2.0. */
++ soup_session_feature_add_feature (feature, E_TYPE_SOUP_AUTH_BEARER);
++ g_mutex_init (&priv->bearer_auth_error_lock);
++
++ /* Preload the SoupAuthManager with a valid "Bearer" token
++ * when using OAuth 2.0. This avoids an extra unauthorized
++ * HTTP round-trip, which apparently Google doesn't like. */
++
++ source = e_backend_get_source (E_BACKEND (initable));
++
++ extension_name = E_SOURCE_EXTENSION_AUTHENTICATION;
++ if (e_source_has_extension (source, extension_name)) {
++ ESourceAuthentication *extension;
++
++ extension = e_source_get_extension (source, extension_name);
++ auth_method = e_source_authentication_dup_method (extension);
++ }
++
++ if (g_strcmp0 (auth_method, "OAuth2") == 0) {
++ ESourceWebdav *extension;
++ SoupAuth *soup_auth;
++ SoupURI *soup_uri;
++ gchar *access_token = NULL;
++ gint expires_in_seconds = -1;
++
++ extension_name = E_SOURCE_EXTENSION_WEBDAV_BACKEND;
++ extension = e_source_get_extension (source, extension_name);
++ soup_uri = e_source_webdav_dup_soup_uri (extension);
+
++ soup_auth = g_object_new (
++ E_TYPE_SOUP_AUTH_BEARER,
++ SOUP_AUTH_HOST, soup_uri->host, NULL);
++
++ success = e_source_get_oauth2_access_token_sync (
++ source, cancellable, &access_token,
++ &expires_in_seconds, error);
++
++ if (success) {
++ e_soup_auth_bearer_set_access_token (
++ E_SOUP_AUTH_BEARER (soup_auth),
++ access_token, expires_in_seconds);
++
++ soup_auth_manager_use_auth (
++ SOUP_AUTH_MANAGER (feature),
++ soup_uri, soup_auth);
++ }
++
++ g_free (access_token);
++ g_object_unref (soup_auth);
++ soup_uri_free (soup_uri);
++ }
++
++ g_free (auth_method);
++
++ return success;
++}
++
++static void
++e_cal_backend_caldav_init (ECalBackendCalDAV *cbdav)
++{
+ cbdav->priv = E_CAL_BACKEND_CALDAV_GET_PRIVATE (cbdav);
+ cbdav->priv->session = soup_session_sync_new ();
+ g_object_set (
+@@ -5257,17 +5334,6 @@ e_cal_backend_caldav_init (ECalBackendCalDAV *cbdav)
+ cbdav->priv->session, "proxy-resolver",
+ G_BINDING_SYNC_CREATE);
+
+- /* XXX SoupAuthManager is public API as of libsoup 2.42, but
+- * this isn't worth bumping our libsoup requirement over.
+- * So get the SoupAuthManager GType by its type name. */
+- feature = soup_session_get_feature (
+- cbdav->priv->session,
+- g_type_from_name ("SoupAuthManager"));
+-
+- /* Add the "Bearer" auth type to support OAuth 2.0. */
+- soup_session_feature_add_feature (feature, E_TYPE_SOUP_AUTH_BEARER);
+- g_mutex_init (&cbdav->priv->bearer_auth_error_lock);
+-
+ if (G_UNLIKELY (caldav_debug_show (DEBUG_MESSAGE)))
+ caldav_debug_setup (cbdav->priv->session);
+
+@@ -5337,3 +5403,10 @@ e_cal_backend_caldav_class_init (ECalBackendCalDAVClass *class)
+
+ backend_class->start_view = caldav_start_view;
+ }
++
++static void
++e_caldav_backend_initable_init (GInitableIface *interface)
++{
++ interface->init = caldav_backend_initable_init;
++}
++
+diff --git a/libedataserver/e-source-webdav.c b/libedataserver/e-source-webdav.c
+index eda83d5..9ddbbc0 100644
+--- a/libedataserver/e-source-webdav.c
++++ b/libedataserver/e-source-webdav.c
+@@ -244,7 +244,9 @@ source_webdav_update_soup_uri_from_properties (ESourceWebdav *webdav_extension)
+
+ soup_uri_set_user (soup_uri, user);
+ soup_uri_set_host (soup_uri, host);
+- soup_uri_set_port (soup_uri, port);
++
++ if (port > 0)
++ soup_uri_set_port (soup_uri, port);
+
+ /* SoupURI doesn't like NULL paths. */
+ soup_uri_set_path (soup_uri, (path != NULL) ? path : "");
+--
+cgit v0.10.1
+
diff --git a/evolution-data-server.spec b/evolution-data-server.spec
index 3ff3fa9..ed45711 100644
--- a/evolution-data-server.spec
+++ b/evolution-data-server.spec
@@ -32,7 +32,7 @@
Name: evolution-data-server
Version: 3.12.5
-Release: 2%{?dist}
+Release: 3%{?dist}
Group: System Environment/Libraries
Summary: Backend data server for Evolution
License: LGPLv2+
@@ -48,6 +48,8 @@ Obsoletes: evolution-webcal < 2.24.0
# RH bug #243296
Patch01: evolution-data-server-1.11.5-fix-64bit-acinclude.patch
+Patch02: evolution-data-server-3.12.5-google-caldav-login.patch
+
### Dependencies ###
Requires: dconf
@@ -135,6 +137,7 @@ This package contains developer documentation for %{name}.
%setup -q
%patch01 -p1 -b .fix-64bit-acinclude
+%patch02 -p1 -b .google-caldav-login
%build
%if %{ldap_support}
@@ -382,6 +385,9 @@ glib-compile-schemas %{_datadir}/glib-2.0/schemas &>/dev/null || :
%endif
%changelog
+* Wed Aug 27 2014 Milan Crha <mcrha at redhat.com> - 3.12.5-3
+- Add patch for GNOME bug #735311 (Adapt to new Google HTTP restriction)
+
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.12.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
More information about the scm-commits
mailing list