[feature][needs-docs] Master Password integration with OS password ma…

…nager This PR adds (optional) synchronization of the master password with the OS password manager (AKA wallet/keychain). A set of new menu items has been added in the options -> authentication -> utilities to manage the new behavior. Notifications are handled by the message bar unless the password r/w operation is triggered from a modal dialog, in this case the notifications will be routed through the recently exposed QgisApp::showSystemNotification that uses the OS tray notifications. This new feature requires libqt5keychain, and was tested with v. 0.5+
qgis · Apr 11, 2017 · 090d530 · 090d530
1 parent 669fa87
commit 090d530
Show file tree

Hide file tree

Showing 31 changed files with 714 additions and 18 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -278,6 +278,8 @@ ENDIF (WITH_QTMOBILITY)
 # search for QScintilla2 (C++ lib)
 FIND_PACKAGE(QScintilla REQUIRED)
 
+# Password helper
+FIND_PACKAGE(QtKeychain REQUIRED)
 # Master password hash and authentication encryption
 FIND_PACKAGE(QCA REQUIRED)
 # Check for runtime dependency of qca-ossl plugin

diff --git a/ci/travis/linux/before_install.sh b/ci/travis/linux/before_install.sh
@@ -22,7 +22,7 @@
 pushd ${HOME}
 
 # fetching data from github should be just as fast as S3
-curl -s -S -L https://github.com/opengisch/osgeo4travis/archive/qt5bin.tar.gz | tar --strip-components=1 -xz -C /home/travis &
+curl -s -S -L https://github.com/opengisch/osgeo4travis/archive/qt55bin.tar.gz | tar --strip-components=1 -xz -C /home/travis &
 SETUP_OSGEO4W_PID=$!
 
 mkdir /home/travis/osgeo4travis

diff --git a/cmake/FindQtKeychain.cmake b/cmake/FindQtKeychain.cmake
@@ -0,0 +1,51 @@
+# Find QtKeychain
+# ~~~~~~~~~~~~~~~
+# Copyright (c) 2016, Boundless Spatial
+# Author: Larry Shaffer <lshaffer (at) boundlessgeo (dot) com>
+#
+# Redistribution and use is allowed according to the terms of the BSD license.
+# For details see the accompanying COPYING-CMAKE-SCRIPTS file.
+#
+# CMake module to search for QtKeychain library from:
+#    https://github.com/frankosterfeld/qtkeychain
+#
+# If it's found it sets QTKEYCHAIN_FOUND to TRUE
+# and following variables are set:
+#    QTKEYCHAIN_INCLUDE_DIR
+#    QTKEYCHAIN_LIBRARY
+
+FIND_PATH(QTKEYCHAIN_INCLUDE_DIR keychain.h
+  PATHS
+  ${LIB_DIR}/include
+  "$ENV{LIB_DIR}/include"
+  $ENV{INCLUDE}
+  /usr/local/include
+  /usr/include
+  PATH_SUFFIXES qt5keychain qtkeychain
+)
+
+FIND_LIBRARY(QTKEYCHAIN_LIBRARY NAMES qt5keychain qtkeychain
+  PATHS
+  ${LIB_DIR}
+  "$ENV{LIB_DIR}"
+  $ENV{LIB}
+  /usr/local/lib
+  /usr/lib
+)
+
+
+IF (QTKEYCHAIN_INCLUDE_DIR AND QTKEYCHAIN_LIBRARY)
+  SET(QTKEYCHAIN_FOUND TRUE)
+ELSE()
+  SET(QTKEYCHAIN_FOUND FALSE)
+ENDIF (QTKEYCHAIN_INCLUDE_DIR AND QTKEYCHAIN_LIBRARY)
+
+IF (QTKEYCHAIN_FOUND)
+   IF (NOT QTKEYCHAIN_FIND_QUIETLY)
+      MESSAGE(STATUS "Found QtKeychain: ${QTKEYCHAIN_LIBRARY}")
+   ENDIF (NOT QTKEYCHAIN_FIND_QUIETLY)
+ELSE (QTKEYCHAIN_FOUND)
+   IF (QTKEYCHAIN_FIND_REQUIRED)
+      MESSAGE(FATAL_ERROR "Could not find QtKeychain")
+   ENDIF (QTKEYCHAIN_FIND_REQUIRED)
+ENDIF (QTKEYCHAIN_FOUND)
diff --git a/python/CMakeLists.txt b/python/CMakeLists.txt
@@ -89,6 +89,7 @@ INCLUDE_DIRECTORIES(SYSTEM
   ${QEXTSERIALPORT_INCLUDE_DIR}
   ${QSCINTILLA_INCLUDE_DIR}
   ${QCA_INCLUDE_DIR}
+  ${QTKEYCHAIN_INCLUDE_DIR}
   ${SQLITE3_INCLUDE_DIR}
 )
 INCLUDE_DIRECTORIES(

diff --git a/python/core/auth/qgsauthmanager.sip b/python/core/auth/qgsauthmanager.sip
@@ -442,14 +442,36 @@ class QgsAuthManager : QObject
     QMutex *mutex();
 
   signals:
+
+    /**
+     * Signals emitted on password helper failure,
+     * mainly used in the tests to exit main application loop
+     */
+    void passwordHelperFailure();
+
+    /**
+     * Signals emitted on password helper success,
+     * mainly used in the tests to exit main application loop
+     */
+    void passwordHelperSuccess();
+
     /**
      * Custom logging signal to relay to console output and QgsMessageLog
      * @see QgsMessageLog
      * @param message Message to send
      * @param tag Associated tag (title)
      * @param level Message log level
      */
-    void messageOut( const QString& message, const QString& tag, QgsAuthManager::MessageLevel level = INFO ) const;
+    void messageOut( const QString& message, const QString& tag = QgsAuthManager::AUTH_MAN_TAG, QgsAuthManager::MessageLevel level = INFO ) const;
+
+    /**
+     * Custom logging signal to inform the user about master password <-> password manager interactions
+     * @see QgsMessageLog
+     * @param message Message to send
+     * @param tag Associated tag (title)
+     * @param level Message log level
+     */
+    void passwordHelperMessageOut( const QString &message, const QString &tag = QgsAuthManager::AUTH_MAN_TAG, QgsAuthManager::MessageLevel level = INFO ) const;
 
     /**
      * Emitted when a password has been verify (or not)

diff --git a/src/app/CMakeLists.txt b/src/app/CMakeLists.txt
@@ -578,6 +578,7 @@ INCLUDE_DIRECTORIES(SYSTEM
   ${GDAL_INCLUDE_DIR}
   ${QWTPOLAR_INCLUDE_DIR}
   ${QCA_INCLUDE_DIR}
+  ${QTKEYCHAIN_INCLUDE_DIR}
   )
 
 IF(ENABLE_MODELTEST)

diff --git a/src/app/qgisapp.cpp b/src/app/qgisapp.cpp
@@ -12254,6 +12254,8 @@ void QgisApp::masterPasswordSetup()
 {
   connect( QgsAuthManager::instance(), &QgsAuthManager::messageOut,
            this, &QgisApp::authMessageOut );
+  connect( QgsAuthManager::instance(), &QgsAuthManager::passwordHelperMessageOut,
+           this, &QgisApp::authMessageOut );
   connect( QgsAuthManager::instance(), &QgsAuthManager::authDatabaseEraseRequested,
            this, &QgisApp::eraseAuthenticationDatabase );
 }
@@ -12289,12 +12291,17 @@ void QgisApp::eraseAuthenticationDatabase()
 
 void QgisApp::authMessageOut( const QString &message, const QString &authtag, QgsAuthManager::MessageLevel level )
 {
-  // only if main window is active window
+  // Use system notifications if the main window is not the active one,
+  // push message to the message bar if the main window is active
   if ( qApp->activeWindow() != this )
-    return;
-
-  int levelint = static_cast< int >( level );
-  messageBar()->pushMessage( authtag, message, static_cast< QgsMessageBar::MessageLevel >( levelint ), 7 );
+  {
+    showSystemNotification( tr( "QGIS Authentication" ), message );
+  }
+  else
+  {
+    int levelint = static_cast< int >( level );
+    messageBar()->pushMessage( authtag, message, static_cast< QgsMessageBar::MessageLevel >( levelint ), 7 );
+  }
 }
 
 void QgisApp::completeInitialization()

diff --git a/src/auth/basic/CMakeLists.txt b/src/auth/basic/CMakeLists.txt
@@ -24,6 +24,7 @@ INCLUDE_DIRECTORIES (
 )
 INCLUDE_DIRECTORIES (SYSTEM
   ${QCA_INCLUDE_DIR}
+  ${QTKEYCHAIN_INCLUDE_DIR}
 )
 INCLUDE_DIRECTORIES (
   ../../gui

diff --git a/src/auth/identcert/CMakeLists.txt b/src/auth/identcert/CMakeLists.txt
@@ -24,6 +24,7 @@ INCLUDE_DIRECTORIES (
 )
 INCLUDE_DIRECTORIES (SYSTEM
   ${QCA_INCLUDE_DIR}
+  ${QTKEYCHAIN_INCLUDE_DIR}
 )
 INCLUDE_DIRECTORIES (
   ../../gui

diff --git a/src/auth/pkipaths/CMakeLists.txt b/src/auth/pkipaths/CMakeLists.txt
@@ -24,6 +24,7 @@ INCLUDE_DIRECTORIES (
 )
 INCLUDE_DIRECTORIES (SYSTEM
   ${QCA_INCLUDE_DIR}
+  ${QTKEYCHAIN_INCLUDE_DIR}
 )
 INCLUDE_DIRECTORIES (
   ../../gui

diff --git a/src/auth/pkipkcs12/CMakeLists.txt b/src/auth/pkipkcs12/CMakeLists.txt
@@ -24,6 +24,7 @@ INCLUDE_DIRECTORIES (
 )
 INCLUDE_DIRECTORIES (SYSTEM
   ${QCA_INCLUDE_DIR}
+  ${QTKEYCHAIN_INCLUDE_DIR}
 )
 INCLUDE_DIRECTORIES (
   ../../gui

diff --git a/src/core/CMakeLists.txt b/src/core/CMakeLists.txt
@@ -980,6 +980,7 @@ INCLUDE_DIRECTORIES(SYSTEM
   ${SQLITE3_INCLUDE_DIR}
   ${SPATIALITE_INCLUDE_DIR}
   ${QCA_INCLUDE_DIR}
+  ${QTKEYCHAIN_INCLUDE_DIR}
 )
 
 #for PAL classes
@@ -1071,7 +1072,7 @@ TARGET_LINK_LIBRARIES(qgis_core
   ${OPTIONAL_QTWEBKIT}
   ${QT_QTSQL_LIBRARY}
   ${QCA_LIBRARY}
-
+  ${QTKEYCHAIN_LIBRARY}
   ${PROJ_LIBRARY}
   ${GEOS_LIBRARY}
   ${GDAL_LIBRARY}