summaryrefslogtreecommitdiffstats
path: root/src/oauth/qoauthhttpserverreplyhandler_p.h
Commit message (Collapse)AuthorAgeFilesLines
* QtNetworkAuth: simplify QT_NO_HTTP checksIvan Solovev2025-01-091-4/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | The module cannot be built without HTTP support, so each and every file had an `#ifndef QT_NO_HTTP` check. However, commit d49f744968a237b751f0e520f8a9fff59dc283f5 already disabled the module build at the toplevel CMakeLists.txt file if the relevant feature is not found. As a result, we can drop the checks from the private headers and the .cpp files and also remove the QtNetwork/qtnetwork-config.h includes that were added in order to provide access to QT_NO_HTTP definition. This patch still keeps the QT_NO_HTTP check on public headers, because it allows the user code like: #include <QOAuth1> // unconditionally ... #ifndef QT_NO_HTTP QOAuth1 oauth; // use oauth #endif // QT_NO_HTTP Pick-to: 6.9 6.8 6.5 Change-Id: I517aa1da90ed53a5fc013d28530aa1d41a946a79 Reviewed-by: Juha Vuolle <juha.vuolle@qt.io> Reviewed-by: Marc Mutz <marc.mutz@qt.io> Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
* Get rid of QPair and mark the module as QPair freeIvan Solovev2024-12-191-1/+3
| | | | | | | | | | Amends 8e5e1012f9a9a9f01a12f631a3ed34570b6a4c5c which only cleaned up the public headers. Task-number: QTBUG-115841 Pick-to: 6.9 6.8 Change-Id: I16399e3ced49b91134e68c351f190720f88c3044 Reviewed-by: Juha Vuolle <juha.vuolle@qt.io>
* Add a method to manually define http callback hostnameJuha Vuolle2024-12-041-0/+1
| | | | | | | | | | | | | | | This allows setting an arbitrary hostname in case 'localhost' or IP literal are not preferable: http://localhost:1234/cb // pre-existing http://127.0.0.1:1234/cb // pre-existing http://my.localnet:1234/cb // new, possible with this commit [ChangeLog][QOAuthHttpServerReplyHandler] Added new API for manually specifying the callback/redirect_uri hostname Task-number: QTBUG-130159 Change-Id: I0d218fc43ea0dec35383c03b313c7f9d5f0f8593 Reviewed-by: Ivan Solovev <ivan.solovev@qt.io>
* Improve callback/redirect_uri hostname settingJuha Vuolle2024-12-041-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Setting hostname part of redirect uri (callback) is important part to get correct, because authorization servers often expect a verbatim match between what has been registered, and what is sent as part of authorization request. This commit clarifies and improves specifying the hostname part. Historically the callback host was fixed to "127.0.0.1" which has its drawbacks (and can be outright wrong). The situation was later improved by using "localhost" hostname, which correctly maps to both IPv4 and IPv6 interfaces. However, there are authorization servers which require the use of IP literals, and reject "localhost". To address these issues, this commit consists of: - Map Any, AnyIPv4, and AnyIPv6 to "localhost". This mapping is logical because "localhost" will work then independent of what the actual used address is - Map IPv4 and IPv6 loopback addresses (LocalHost, LocalHostIPv6) to their IP literals 127.0.0.1 and ::1 These are well-known IP literal addresses, and mapping them to "localhost" does not bring an advantage - If user has provided a string literal, use that directly - Change default address to "LocalHost", which maps to hostname "127.0.0.1". This, in part, undoes the changed behavior where the default changed to "localhost". With this change, users that don't define callback address shouldn't notice a difference to the very original behavior All in all these changes should improve the compatibility with various authorization servers and provide more flexibility to users. Amends: fd49b7f6543e7b49be7847624c64ee86c4272ccd Amends: 4e03167088181bf513adcfb8aac93fb8efb3f420 [ChangeLog][QOAuthHttpServerReplyHandler] Changed and clarified callback hostname handling (especially localhost vs. 127.0.0.1) Pick-to: 6.8 Fixes: QTBUG-130159 Change-Id: I25dfb996d10f95fe60bdb4f46ea848edcb2528be Reviewed-by: Ivan Solovev <ivan.solovev@qt.io>
* Add https support to QOAuthHttpServerReplyHandlerJuha Vuolle2024-11-141-1/+3
| | | | | | | | | [ChangeLog][QOAuthHttpServerReplyHandler] Added support for https localhost server Fixes: QTBUG-64615 Change-Id: Ic28c74bb382642077e791ea1e6cd0b3ed9ee2264 Reviewed-by: Ivan Solovev <ivan.solovev@qt.io>
* Cache callback value / redirect_uri for later useJuha Vuolle2024-05-231-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | According to 'RFC 8252 Section 8.3' the loopback listening should be closed after receiving authorization response. There were however two things preventing application developers from doing this: 1) The callback (aka redirect_uri) is needed in the subsequent access token request (note: listening is not needed anymore). 2) The callback (aka redirect_uri) is currently used also in refresh token request (this is unnecessary though, and should be removed in a follow-up commit). But the problem for these two was that the QOAuthHttpServerReplyHandler::callback() code asserted (debug) or just returned a wrong value (release) if the handler wasn't listening. This made it unfeasible to close the handler in a timely manner. With this commit the callback/redirect_uri is cached, and consequently the handler can be closed immediately after authorization. Pick-to: 6.7 6.5 6.2 Fixes: QTBUG-124333 Change-Id: I063637029908ed4fa0390a0cb07511c92bd51874 Reviewed-by: Ivan Solovev <ivan.solovev@qt.io> Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
* QOAuthHttpServerReplyHandler: don't assume the server is localhostThiago Macieira2024-05-131-1/+0
| | | | | | | | | | | | | The constructors allow passing a different address than 127.0.0.1, so get the address we did bind to from the QTcpServer and use that in constructing the URL. Additionally, use QUrl to construct the URL, instead of doing string concatenation. This ensures we do get a proper URL. Pick-to: 6.7 Change-Id: Ie30a3caf09ef4176bb36fffd17cd9c921a2fc8c6 Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
* Use SPDX license identifiersLucie Gérard2022-06-161-28/+2
| | | | | | | | | | | Replace the current license disclaimer in files by a SPDX-License-Identifier. License files are organized under LICENSES directory. Pick-to: 6.4 Task-number: QTBUG-67283 Change-Id: Ic012e87171ed4cef6871eff7d76f56994ea3ca1f Reviewed-by: Jesus Fernandez <jsfdez@gmail.com>
* Bump copyright yearJesus Fernandez2017-07-121-1/+1
| | | | | Change-Id: Iaad9fb2096cd01a762c3eace90c6154b0d0ebe59 Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
* Let the users change the path for the callback-url5.8Mårten Nordheim2017-04-101-0/+1
| | | | | | Task-number: QTBUG-59653 Change-Id: I4bf938db2db3624c37b7f1a8d598bfa43052e2e0 Reviewed-by: Timur Pocheptsov <timur.pocheptsov@qt.io>
* Modify licensev5.8.0-rc1v5.8.0Jesus Fernandez2016-12-071-16/+6
| | | | | | | Change-Id: I40cc53ee24ad71a1293dc3b635b2cb545d29a686 Reviewed-by: Lars Knoll <lars.knoll@qt.io> Reviewed-by: Tuukka Turunen <tuukka.turunen@theqtcompany.com> Reviewed-by: Fredrik de Vibe <fredrik.devibe@qt.io>
* OAuth supportJesus Fernandez2016-08-191-0/+122
New library to support OAuth1 and OAuth2 standard in Qt. OAuth provides a method for clients to access server resources on behalf of a resource owner (such as a different client or an end-user). It also provides a process for end-users to authorize third-party access to their server resources without sharing their credentials (typically, a username and password pair), using user-agent redirections. [ChangeLog][OAuth] Added OAuth support Change-Id: I3971456f93bf6ddd7fd46f555202bab2eb777c15 Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-15 01:53:24 +0000