| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
Change-Id: I42834d098efb3757341fdb01ad4817506818469b
Reviewed-by: Qt Submodule Update Bot <qt_submodule_update_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While not explicitly documented as thread-safe, this function
maintains unprotected global state, and OAuth classes are surely used
outside the main thread, so independent OAuth objects performing this
operation at the same time means data race, iow: UB.
Protect with a mutex.
As a drive-by, use Q_GLOBAL_STATIC instead of magic statics, and make
the char array constexpr instead of static const, to statically assert
that it plays no role in thread-safety.
Also seed the PRNG with QRandomGenerator::system() instead of the
moral equivalent of gettimeoday(). The OAuth1 RFC5849¹ doesn't mention
it, but the OpenID² spec asks for the nonce to be "unguessable to
attackers". A gettimeofday()-seeded PRNG, esp. with only millisecond
resolution, clearly doesn't fulfil that requirement.
QRandomGenerator::system(), OTOH, is documented to be "securely
seeded", and provides a seed_seq-like interface so the _whole_ mt19937
state can be seeded, not just a 32-bit fraction of it.
Keep the local PRNG to not exhaust the kernel's entropy pool through
excessive system() usage.
¹ https://datatracker.ietf.org/doc/html/rfc5849#section-3.3
² https://openid.net/specs/openid-connect-core-1_0.html#NonceNotes
Amends a6dc1c01da723a93e1c174a6950eb4bab8cab3fc.
Pick-to: 6.7 6.5 6.2 5.15
Change-Id: Id09b04cc2ae342a7374a9f7a6803c860360d132c
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Jesus Fernandez <jsfdez@gmail.com>
|
|
|
|
|
| |
Change-Id: I84001c70b888602e6773f3f64a77cc5c1f5234a3
Reviewed-by: Qt Submodule Update Bot <qt_submodule_update_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
| |
Move-assignment operators might be self-explanatory, but if
we document them, then we need to document the parameters.
Change-Id: I5f15c73b905d6853925dc55848c276815537b070
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
Reviewed-by: Andreas Eliasson <andreas.eliasson@qt.io>
|
|
|
|
|
| |
Change-Id: I23698f4e0492c729b38d7ec970df10f584bd856c
Reviewed-by: Qt Submodule Update Bot <qt_submodule_update_bot@qt-project.org>
|
|
|
|
|
| |
Change-Id: I5a341f25bbcdf9245f38a0e0b930e621afdcbdf3
Reviewed-by: Qt Submodule Update Bot <qt_submodule_update_bot@qt-project.org>
|
|
|
|
|
| |
Change-Id: I02db26489fbbd2185384fe88c71239ac6987ec27
Reviewed-by: Qt Submodule Update Bot <qt_submodule_update_bot@qt-project.org>
|
|
|
|
|
| |
Change-Id: I362e529c3da84c1c4e2e0ff927814766ae55f685
Reviewed-by: Qt Submodule Update Bot <qt_submodule_update_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Google recently changed the way they send their code and it is now
already percent encoded. This patch checks for the percent presence in
the code and does not change it again if it's there.
The alternative is to use:
google = new QOAuth2AuthorizationCodeFlow;
// Setup authentication parameters
google->setModifyParametersFunction(
[](QAbstractOAuth::Stage stage,
QMultiMap<QString, QVariant>* parameters) {
if (stage == QAbstractOAuth::Stage::RequestingAccessToken) {
QByteArray code = parameters->take("code").toByteArray();
parameters->insert("code", QUrl::fromPercentEncoding(code));
}
});
[ChangeLog][OAuth2] OAuth2 providers might be sending the authentication
code already percent encoded. This is the case of Google. This now a
supported use case and the code is not systematically encoded anymore.
Fixes: QTBUG-81624
Change-Id: I43d66223a2aedf01fe0996de6798acc6d881c16b
Reviewed-by: Juha Vuolle <juha.vuolle@qt.io>
|
|
|
|
|
| |
Change-Id: Ie402ca4d02093de29f15dc4582ad0135cb3c2b95
Reviewed-by: Qt Submodule Update Bot <qt_submodule_update_bot@qt-project.org>
|
|
|
|
|
| |
Change-Id: Ibb1030c6a884b6d5b4abcddfc97dd2bc0e641b6c
Reviewed-by: Qt Submodule Update Bot <qt_submodule_update_bot@qt-project.org>
|
|
|
|
|
| |
Change-Id: I7567b67201d2a944148ea638ece90c5f61c50873
Reviewed-by: Qt Submodule Update Bot <qt_submodule_update_bot@qt-project.org>
|
|
|
|
|
| |
Change-Id: Iafcf4a6b2e8a0f198c555fa275cd1ca4f14b8db4
Reviewed-by: Qt Submodule Update Bot <qt_submodule_update_bot@qt-project.org>
|
|
|
|
|
| |
Change-Id: I0bdcbb788e85afbcc522e5cd9145bcd60d62ac5a
Reviewed-by: Qt Submodule Update Bot <qt_submodule_update_bot@qt-project.org>
|
|
|
|
|
| |
Change-Id: I8966548d7f17f8bbb030ce20840c5b0ea3ad995d
Reviewed-by: Qt Submodule Update Bot <qt_submodule_update_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The license test in qtqa reads this file
in order to check the validity of the license used.
This file reproduce the QUIP-18 [1] rules, with some exceptions.
Each entry in the file corresponds to a set of licensing rules.
A set of licensing rules can depend on the file ending,
registered in "file_pattern_ending". The last entry in the
file has no "file_pattern_ending", it sets the rules for the
files whose licensing does not depend on their ending.
The license to be used depends on the location
of the file within the Qt module repository.
Let's call this "<true_location>".
The "<true_location>" can also correspond to a file name,
offering flexibility for exceptions to the rule.
The "<true_location>" are registered in "location".
For each "<true_location>" there is a
"file type" entry and a "spdx" entry.
The "spdx" entry gives the rule:
the expected license tag(s) in SPDX format
for the file ending (if applicable) and "<true_location>".
The "file type" informs on the QUIP-18 type
the tested file corresponds to. It is purely informational
for the reader.
The set of rules are tested in order of appearance
in the json file. For this reason, a more constraining
ending (like "special.txt") needs to appear in
a "file_pattern_ending" located before
the "file_pattern_ending" of a less constraining ending (like ".txt").
Also, a file ending cannot be present in two "file_pattern_ending".
"file_pattern_ending" and "spdx" should list strings.
"<true_location>" can be regular expressions.
During the test the deeper "<true_location>" are
checked first. The order is which they appear in the json file
does not matter.
To test this file, run
QT_MODULE_TO_TEST=../qtnetworkauth perl tests/prebuild/license/tst_licenses.pl
[1]: https://contribute.qt-project.org/quips/18
Pick-to: 6.7
Task-number: QTBUG-121039
Change-Id: Iedbb1d0156ad8937eb98ede3e7bcc89437b8875c
Reviewed-by: Kai Köhne <kai.koehne@qt.io>
|
|
|
|
|
| |
Change-Id: Iee71feb8de518c40cfa8891b1692260463ce84de
Reviewed-by: Qt Submodule Update Bot <qt_submodule_update_bot@qt-project.org>
|
|
|
|
|
| |
Change-Id: Ia6c99d531a20d5a2dfaf64cf34064314156a36da
Reviewed-by: Qt Submodule Update Bot <qt_submodule_update_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Example takes precedence over build system file type.
According to QUIP-18 [1], all examples file should be
LicenseRef-Qt-Commercial OR BSD-3-Clause
[1]: https://contribute.qt-project.org/quips/18
Pick-to: 6.7
Task-number: QTBUG-121787
Change-Id: I62c8328ab19bb60b4370cd651bb60b4795d8c619
Reviewed-by: Kai Köhne <kai.koehne@qt.io>
|
|
|
|
|
|
|
|
|
|
|
|
| |
According to QUIP-18 [1], all test files should be
LicenseRef-Qt-Commercial OR GPL-3.0-only
[1]: https://contribute.qt-project.org/quips/18
Pick-to: 6.7
Task-number: QTBUG-121787
Change-Id: Ia7b5193dc62217ae8afb4a80725645e113dcc874
Reviewed-by: Kai Köhne <kai.koehne@qt.io>
|
|
|
|
|
| |
Change-Id: I3e5fbfaf158a4f733166b09e6d9a9cb377675980
Reviewed-by: Qt Submodule Update Bot <qt_submodule_update_bot@qt-project.org>
|
|
|
|
|
| |
Change-Id: Id01bb2de2b2397b6062665bb59b06a02ec41af22
Reviewed-by: Qt Submodule Update Bot <qt_submodule_update_bot@qt-project.org>
|
|
|
|
|
| |
Change-Id: I99f612a397c00a0d2b0d3b35d6e249d24b253dcc
Reviewed-by: Qt Submodule Update Bot <qt_submodule_update_bot@qt-project.org>
|
|
|
|
|
| |
Change-Id: Iffeb752b070669eda520e4274e05b10fd24ba8ea
Reviewed-by: Qt Submodule Update Bot <qt_submodule_update_bot@qt-project.org>
|
|
|
|
|
| |
Change-Id: I992dd3586f5ed8a59a9e691995d8a9f3b0cbf427
Reviewed-by: Qt Submodule Update Bot <qt_submodule_update_bot@qt-project.org>
|
|
|
|
|
| |
Change-Id: I7a428bfcc9bc26bb76ac2de8aa9fdf6b7c6e2051
Reviewed-by: Qt Submodule Update Bot <qt_submodule_update_bot@qt-project.org>
|
|
|
|
|
| |
Change-Id: I1256f0ff39d48c44d2e634f4e9664da345b650dc
Reviewed-by: Qt Submodule Update Bot <qt_submodule_update_bot@qt-project.org>
|
|
|
|
|
| |
Change-Id: Ib27461eab31ea202d4dde33cbcb20dcbe6c6c520
Reviewed-by: Qt Submodule Update Bot <qt_submodule_update_bot@qt-project.org>
|
|
|
|
|
| |
Change-Id: I1e404de8723a9c16cb526aa6418bbed95277840e
Reviewed-by: Qt Submodule Update Bot <qt_submodule_update_bot@qt-project.org>
|
|
|
|
|
| |
Change-Id: Ia1377fa41d8a8b913fa1654c00bf2f7202490df8
Reviewed-by: Qt Submodule Update Bot <qt_submodule_update_bot@qt-project.org>
|
|
|
|
|
| |
Change-Id: Ib18ffa5444cf1230f511c06ec676474a5abddc15
Reviewed-by: Qt Submodule Update Bot <qt_submodule_update_bot@qt-project.org>
|
|
|
|
|
| |
Change-Id: I1b6cf7de1b69678e166ba4e68fde4896fd4537ac
Reviewed-by: Qt Submodule Update Bot <qt_submodule_update_bot@qt-project.org>
|
|
|
|
|
| |
Change-Id: Ia24953382e242b0a0f94e9509863183bd18b2918
Reviewed-by: Qt Submodule Update Bot <qt_submodule_update_bot@qt-project.org>
|
|
|
|
|
| |
Change-Id: I92746d061d2fb76d3dd0d39267a86f091b9e2db5
Reviewed-by: Qt Submodule Update Bot <qt_submodule_update_bot@qt-project.org>
|
|
|
|
|
| |
Change-Id: I7337e8f987b24855eeecf36d8e6c4dd3ce391c26
Reviewed-by: Qt Submodule Update Bot <qt_submodule_update_bot@qt-project.org>
|
|
|
|
|
| |
Change-Id: I984a70bba89603d3a6b6a2ed22c292e343938dac
Reviewed-by: Qt Submodule Update Bot <qt_submodule_update_bot@qt-project.org>
|
|
|
|
|
|
|
|
|
| |
Since we now send the headers in lower-case we also need to be prepared
for them to be lower-case on the server-side here.
Fixes: QTBUG-121727
Change-Id: I83b52277842b2c88b65fe13071123d223ccc6e19
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
|
|
|
|
|
| |
Change-Id: I66f5b954396ab57d20e247c4a6c1b3e3439b170c
Reviewed-by: Qt Submodule Update Bot <qt_submodule_update_bot@qt-project.org>
|
|
|
|
|
|
| |
Task-number: QTBUG-84884
Change-Id: I1010f3dca690e30f7a7115a0002a97361c411969
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
|
|
|
|
|
| |
Change-Id: Iac73b22e8bfc3e5c0513a06a4337b859b3948934
Reviewed-by: Qt Submodule Update Bot <qt_submodule_update_bot@qt-project.org>
|
|
|
|
|
| |
Change-Id: Ia46f41ef1fda478e9da14933e7218a5b5b22cef6
Reviewed-by: Qt Submodule Update Bot <qt_submodule_update_bot@qt-project.org>
|
|
|
|
|
| |
Change-Id: I8a1a786536f90aa63a11d848045bd0b3acd0ca2e
Reviewed-by: Qt Submodule Update Bot <qt_submodule_update_bot@qt-project.org>
|
|
|
|
|
| |
Change-Id: Ibdcb9c11bf4dd61cb95661bb633c9ad4fe1cb4c7
Reviewed-by: Qt Submodule Update Bot <qt_submodule_update_bot@qt-project.org>
|
|
|
|
|
| |
Change-Id: I07b878f39ea83a38d3aac3b5ff5fa805775e402f
Reviewed-by: Qt Submodule Update Bot <qt_submodule_update_bot@qt-project.org>
|
|
|
|
|
| |
Change-Id: I8cd31588ae3a9fbd3f077bb4126fde4b9f7f77af
Reviewed-by: Qt Submodule Update Bot <qt_submodule_update_bot@qt-project.org>
|
|
|
|
|
| |
Change-Id: I75b7a1cad46447e0b1e1148daf55e8baf480b74f
Reviewed-by: Qt Submodule Update Bot <qt_submodule_update_bot@qt-project.org>
|
|
|
|
|
| |
Change-Id: I1ae4c5b737af2e0402e2e511e1e1bc65e4ba67f8
Reviewed-by: Qt Submodule Update Bot <qt_submodule_update_bot@qt-project.org>
|
|
|
|
|
| |
Change-Id: I2523114c2a50318c7adea6f598286eb38ca2c8cc
Reviewed-by: Qt Submodule Update Bot <qt_submodule_update_bot@qt-project.org>
|
|
|
|
|
| |
Change-Id: Id77768732d38f400931bdfaaf32084d65c4ec64b
Reviewed-by: Qt Submodule Update Bot <qt_submodule_update_bot@qt-project.org>
|
|
|
|
|
| |
Change-Id: I1fe2c24fe84455afd2ff3f03ce94b0ade9e18d3c
Reviewed-by: Qt Submodule Update Bot <qt_submodule_update_bot@qt-project.org>
|