Dynamic oidc registration

owncloud · Jan 18, 2021 · c0b04e4 · c0b04e4
1 parent 98c92b7
commit c0b04e4
Show file tree

Hide file tree

Showing 8 changed files with 235 additions and 57 deletions.
diff --git a/changelog/unreleased/8350 b/changelog/unreleased/8350
@@ -0,0 +1,6 @@
+Change: Add support for dynamic client registration with OIDC
+
+We implemented support for dynamic client registration with an
+OpenID Connect provider.
+
+https://github.com/owncloud/client/pull/8350/
diff --git a/src/libsync/creds/abstractcredentials.cpp b/src/libsync/creds/abstractcredentials.cpp
@@ -16,6 +16,7 @@
 #include <QString>
 #include <QCoreApplication>
 
+#include "account.h"
 #include "common/asserts.h"
 #include "creds/abstractcredentials.h"
 
@@ -35,6 +36,11 @@ void AbstractCredentials::setAccount(Account *account)
     _account = account;
 }
 
+QString AbstractCredentials::keychainServerWideKey(Account *acc, const QString &key)
+{
+    return keychainKey(acc->url().toString(), key, {});
+}
+
 QString AbstractCredentials::keychainKey(const QString &url, const QString &user, const QString &accountId)
 {
     QString u(url);

diff --git a/src/libsync/creds/abstractcredentials.h b/src/libsync/creds/abstractcredentials.h
@@ -87,6 +87,8 @@ class OWNCLOUDSYNC_EXPORT AbstractCredentials : public QObject
      */
     virtual void forgetSensitiveData() = 0;
 
+    // TODO: keys shared for a server could cause a clash when multiple accounts are used
+    static QString keychainServerWideKey(Account *acc, const QString &key);
     static QString keychainKey(const QString &url, const QString &user, const QString &accountId);
 
 Q_SIGNALS:

diff --git a/src/libsync/creds/httpcredentials.cpp b/src/libsync/creds/httpcredentials.cpp
@@ -493,7 +493,7 @@ void HttpCredentials::persist()
         // it's just written if it gets passed into the constructor.
         _account->setCredentialSetting(clientCertBundleC(), _clientCertBundle);
     }
-    _account->wantsAccountSaved(_account);
+    Q_EMIT _account->wantsAccountSaved(_account);
 
     // write secrets to the keychain
     if (!_clientCertBundle.isEmpty()) {

diff --git a/src/libsync/creds/oauth.cpp b/src/libsync/creds/oauth.cpp
diff --git a/src/libsync/creds/oauth.h b/src/libsync/creds/oauth.h
@@ -19,9 +19,9 @@
 #include "accountfwd.h"
 #include "owncloudlib.h"
 
-class SimpleNetworkJob;
 
 namespace OCC {
+class SimpleNetworkJob;
 
 /**
  * Job that do the authorization grant and fetch the access token
@@ -88,23 +88,26 @@ class OWNCLOUDSYNC_EXPORT OAuth : public QObject
 private:
 
     void fetchWellKnown();
-    void finalize(QPointer<QTcpSocket> socket, const QString &accessToken,
-                  const QString &refreshToken, const QString &userId, const QUrl &messageUrl);
+    void finalize(const QPointer<QTcpSocket> &socket, const QString &accessToken,
+        const QString &refreshToken, const QString &userId, const QUrl &messageUrl);
 
     SimpleNetworkJob *postTokenRequest(const QList<QPair<QString, QString>> &queryItems);
 
     QByteArray generateRandomString(size_t size) const;
 
-    QVariant getRequiredField(const QJsonObject &json, const QString &s, QString *error);
 
     Account* _account;
     QTcpServer _server;
     bool _wellKnownFinished = false;
+
+    QString _clientId;
+    QString _clientSecret;
+
     QUrl _authEndpoint;
     QUrl _tokenEndpoint;
+    QUrl _registrationEndpoint;
     QByteArray _pkceCodeVerifier;
     QByteArray _state;
 };
 
-
 } // namespace OCC
diff --git a/src/libsync/networkjobs.cpp b/src/libsync/networkjobs.cpp
@@ -936,6 +936,26 @@ void SimpleNetworkJob::prepareRequest(const QByteArray &verb, const QUrl &url,
     _simpleBody = requestBody;
 }
 
+void SimpleNetworkJob::prepareRequest(const QByteArray &verb, const QUrl &url, const QNetworkRequest &req, const QUrlQuery &arguments)
+{
+    // not a leak
+    auto requestBody = new QBuffer {};
+    requestBody->setData(arguments.query(QUrl::FullyEncoded).toUtf8());
+    auto newReq = req;
+    newReq.setHeader(QNetworkRequest::ContentTypeHeader, QStringLiteral("application/x-www-form-urlencoded; charset=UTF-8"));
+    return prepareRequest(verb, url, newReq, requestBody);
+}
+
+void SimpleNetworkJob::prepareRequest(const QByteArray &verb, const QUrl &url, const QNetworkRequest &req, const QJsonObject &arguments)
+{
+    // not a leak
+    auto requestBody = new QBuffer {};
+    requestBody->setData(QJsonDocument(arguments).toJson());
+    auto newReq = req;
+    newReq.setHeader(QNetworkRequest::ContentTypeHeader, QStringLiteral("application/json"));
+    return prepareRequest(verb, url, newReq, requestBody);
+}
+
 bool SimpleNetworkJob::finished()
 {
     emit finishedSignal(reply());

diff --git a/src/libsync/networkjobs.h b/src/libsync/networkjobs.h
@@ -426,6 +426,14 @@ class OWNCLOUDSYNC_EXPORT SimpleNetworkJob : public AbstractNetworkJob
         QNetworkRequest req = QNetworkRequest(),
         QIODevice *requestBody = nullptr);
 
+    void prepareRequest(const QByteArray &verb, const QUrl &url,
+        const QNetworkRequest &req,
+        const QUrlQuery &arguments);
+
+    void prepareRequest(const QByteArray &verb, const QUrl &url,
+        const QNetworkRequest &req,
+        const QJsonObject &arguments);
+
     void start() override;
 
 signals: