3D-printing/Cura
1
0
Fork 0
mirror of https://github.com/Ultimaker/Cura.git synced 2025-07-13 09:47:50 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Windows workaround for OAuth data removal from config.

Browse source 
Windows won't allow long keys in the backend the keyring python package uses as a backend. This means the access_token part can't be stored in the obvious way. Timeboxed some attempts at working around this limitation, but couldn't make it work within the time set. As this is mostly an extra precaustion protecting users that share config folders around against themselves (in other words, if this goes wrong it's not unreasonable to blame the user) it's not top critical, and the important part of that (the refresh_token) can proceed, giving any potential attacker only a 10 minute window from the moment any user shares their %appdata%/cura files (again, this is not how we intent for users to behave, but they can and will do it this way).

CURA-7180
This commit is contained in:
Remco Burema 2020-12-24 14:39:22 +01:00
parent bff3ba577b
commit a25a51eddb
No known key found for this signature in database
GPG key ID: 215C49431D43F98C
1 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

6
cura/OAuth2/AuthorizationService.py
View file

@ -231,7 +231,7 @@ class AuthorizationService:
preferences_data = json.loads(self._preferences.getValue(self._settings.AUTH_DATA_PREFERENCE_KEY)) preferences_data = json.loads(self._preferences.getValue(self._settings.AUTH_DATA_PREFERENCE_KEY))
# Since we stored all the sensitive stuff in the keyring, restore that now. # Since we stored all the sensitive stuff in the keyring, restore that now.
preferences_data["access_token"] = keyring.get_password("cura", "access_token") # Don't store the access_token, as it's very long and that (or tried workarounds) causes issues on Windows.
preferences_data["refresh_token"] = keyring.get_password("cura", "refresh_token") preferences_data["refresh_token"] = keyring.get_password("cura", "refresh_token")
if preferences_data: if preferences_data:
@ -262,11 +262,11 @@ class AuthorizationService:
self._user_profile = self.getUserProfile() self._user_profile = self.getUserProfile()
# Store all the sensitive stuff in the keyring # Store all the sensitive stuff in the keyring
keyring.set_password("cura", "access_token", auth_data.access_token) # Don't store the access_token, as it's very long and that (or tried workarounds) causes issues on Windows.
keyring.set_password("cura", "refresh_token", auth_data.refresh_token) keyring.set_password("cura", "refresh_token", auth_data.refresh_token)
# And remove that data again so it isn't stored in the preferences. # And remove that data again so it isn't stored in the preferences.
auth_data.access_token = None # Keep the access_token, as it's very long and that (or tried workarounds) causes issues on Windows.
auth_data.refresh_token = None auth_data.refresh_token = None
self._preferences.setValue(self._settings.AUTH_DATA_PREFERENCE_KEY, json.dumps(vars(auth_data))) self._preferences.setValue(self._settings.AUTH_DATA_PREFERENCE_KEY, json.dumps(vars(auth_data)))