From a25a51eddbce84c68fbe8a520b54ea1c0f07241d Mon Sep 17 00:00:00 2001
From: Remco Burema <r.burema@ultimaker.com>
Date: Thu, 24 Dec 2020 14:39:22 +0100
Subject: [PATCH] Windows workaround for OAuth data removal from config.

Windows won't allow long keys in the backend the keyring python package uses as a backend. This means the access_token part can't be stored in the obvious way. Timeboxed some attempts at working around this limitation, but couldn't make it work within the time set. As this is mostly an extra precaustion protecting users that share config folders around against themselves (in other words, if this goes wrong it's not unreasonable to blame the user) it's not top critical, and the important part of that (the refresh_token) can proceed, giving any potential attacker only a 10 minute window from the moment any user shares their %appdata%/cura files (again, this is not how we intent for users to behave, but they can and will do it this way).

CURA-7180
---
 cura/OAuth2/AuthorizationService.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/cura/OAuth2/AuthorizationService.py b/cura/OAuth2/AuthorizationService.py
index af9d884d6c..a71468a157 100644
--- a/cura/OAuth2/AuthorizationService.py
+++ b/cura/OAuth2/AuthorizationService.py
@@ -231,7 +231,7 @@ class AuthorizationService:
             preferences_data = json.loads(self._preferences.getValue(self._settings.AUTH_DATA_PREFERENCE_KEY))
 
             # Since we stored all the sensitive stuff in the keyring, restore that now.
-            preferences_data["access_token"] = keyring.get_password("cura", "access_token")
+            # Don't store the access_token, as it's very long and that (or tried workarounds) causes issues on Windows.
             preferences_data["refresh_token"] = keyring.get_password("cura", "refresh_token")
 
             if preferences_data:
@@ -262,11 +262,11 @@ class AuthorizationService:
             self._user_profile = self.getUserProfile()
 
             # Store all the sensitive stuff in the keyring
-            keyring.set_password("cura", "access_token", auth_data.access_token)
+            # Don't store the access_token, as it's very long and that (or tried workarounds) causes issues on Windows.
             keyring.set_password("cura", "refresh_token", auth_data.refresh_token)
 
             # And remove that data again so it isn't stored in the preferences.
-            auth_data.access_token = None
+            # Keep the access_token, as it's very long and that (or tried workarounds) causes issues on Windows.
             auth_data.refresh_token = None
 
             self._preferences.setValue(self._settings.AUTH_DATA_PREFERENCE_KEY, json.dumps(vars(auth_data)))