From gladhorn at kde.org Sat Mar 16 10:25:07 2013 From: gladhorn at kde.org (Frederik Gladhorn) Date: Sat, 16 Mar 2013 17:25:07 -0000 Subject: [Ocs] Review Request 109504: Do basic HTTP authentication using QNetworkAccessManager, not manually In-Reply-To: <20130315173106.11791.49343@vidsolbach.de> References: <20130315173106.11791.49343@vidsolbach.de> Message-ID: <20130316172507.24515.7691@vidsolbach.de> ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: http://git.reviewboard.kde.org/r/109504/#review29324 ----------------------------------------------------------- lib/atticabasejob.cpp It would be nice to use an enum instead of User+1/2 here. enum NetworkRequestCustomAttributes { UserAttribute = QNR::User + 1, PasswordAttribute } I completely agree with the change. Using an enum would make it a little nicer (see inline comment). - Frederik Gladhorn On March 15, 2013, 5:31 p.m., Sven Brauch wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > http://git.reviewboard.kde.org/r/109504/ > ----------------------------------------------------------- > > (Updated March 15, 2013, 5:31 p.m.) > > > Review request for Attica and Frederik Gladhorn. > > > Description > ------- > > Until now, attica wrote the credentials into the URL and into the header > on every request as soon as the user had entered them. > This could lead to warning dialogs from the HTTP kioslave about > possible address spoofing, since credentials must only be sent if the > server requests them explicitly. I noticed this when writing my own OCS server; > please don't ask me why it even works for opendesktop ;) Possibly it has to do with > the SSL encryption they use. > This patch changes attica to use the "official" way to supply credentials, which is > connecting to the signal the QNetworkAccessManager procides, and filling in > the credentials there. > To keep this change as local as possible, the credentials are stored in > the User attribute fields of the QNetworkRequest, because then they > can be both set and read in one central place. > > > Diffs > ----- > > lib/atticabasejob.h 9259fa3 > lib/atticabasejob.cpp feffab8 > lib/provider.cpp 309e117 > > Diff: http://git.reviewboard.kde.org/r/109504/diff/ > > > Testing > ------- > > Manual testing. > > > Thanks, > > Sven Brauch > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From gladhorn at kde.org Sun Mar 17 02:13:08 2013 From: gladhorn at kde.org (Frederik Gladhorn) Date: Sun, 17 Mar 2013 09:13:08 -0000 Subject: [Ocs] Review Request 109504: Do basic HTTP authentication using QNetworkAccessManager, not manually In-Reply-To: <20130316185113.1936.70859@vidsolbach.de> References: <20130316185113.1936.70859@vidsolbach.de> Message-ID: <20130317091308.4916.66639@vidsolbach.de> ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: http://git.reviewboard.kde.org/r/109504/#review29357 ----------------------------------------------------------- Ship it! There are two style nit-picks that you could fix, but please commit it. I guess master is the right spot. Thanks! lib/atticabasejob.h deleting this line is unrelated, but I don't care too much lib/provider.cpp one set of parenthesis would be enough, (QNetworkRequest::Attribute) BaseJob::UserAttribute, but I don't care much either way. - Frederik Gladhorn On March 16, 2013, 6:51 p.m., Sven Brauch wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > http://git.reviewboard.kde.org/r/109504/ > ----------------------------------------------------------- > > (Updated March 16, 2013, 6:51 p.m.) > > > Review request for Attica and Frederik Gladhorn. > > > Description > ------- > > Until now, attica wrote the credentials into the URL and into the header > on every request as soon as the user had entered them. > This could lead to warning dialogs from the HTTP kioslave about > possible address spoofing, since credentials must only be sent if the > server requests them explicitly. I noticed this when writing my own OCS server; > please don't ask me why it even works for opendesktop ;) Possibly it has to do with > the SSL encryption they use. > This patch changes attica to use the "official" way to supply credentials, which is > connecting to the signal the QNetworkAccessManager procides, and filling in > the credentials there. > To keep this change as local as possible, the credentials are stored in > the User attribute fields of the QNetworkRequest, because then they > can be both set and read in one central place. > > > Diffs > ----- > > lib/atticabasejob.h 9259fa3 > lib/atticabasejob.cpp feffab8 > lib/provider.cpp 309e117 > > Diff: http://git.reviewboard.kde.org/r/109504/diff/ > > > Testing > ------- > > Manual testing. > > > Thanks, > > Sven Brauch > > -------------- next part -------------- An HTML attachment was scrubbed... URL: