Bug 137582 - Protocol change
Summary: Protocol change
Status: RESOLVED FIXED
Alias: None
Product: digikam
Classification: Applications
Component: Plugin-WebService-Piwigo (show other bugs)
Version: unspecified
Platform: Compiled Sources Linux
: NOR normal
Target Milestone: ---
Assignee: Digikam Developers
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-11-19 17:38 UTC by Pierre Paour
Modified: 2023-02-25 08:23 UTC (History)
3 users (show)

See Also:
Latest Commit:
Version Fixed In: 0.1.0


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Pierre Paour 2006-11-19 17:38:05 UTC
Version:            (using KDE Devel)
Installed from:    Compiled sources

Hi all,

In the upcoming G2.2, we are introducing a security mechanism to protect against cross-site scripting attacks that will probably require that you update your clients.

Basically, each request made through the Gallery protocol will return an additional property: auth_token.

You will need to send the auth_token received in the previous response when you make your next request, as the URL parameter g2_authToken. Commands such as login and no-op do not require an auth_token.

You'll find a bit more details at the brand-new documentation page for the protocol: <http://codex.gallery2.org/index.php/Gallery_Remote:Protocol>

The change has not yet been commited to SVN, but it will be shortly.

Pierre, author of Gallery Remote
Comment 1 Colin Guthrie 2006-12-10 13:02:39 UTC
Thanks for the heads-up on this Pierre. I'll look into ensuring that this plugin supports this additional change. 
Comment 2 Colin Guthrie 2007-01-02 16:02:06 UTC
SVN commit 619005 by cguthrie:

Implement new security feature required by upcoming Gallery v2.2.
This is as yet untested but I have tested with Gallery v2.1 to ensure no regressions.
Hopefully when Gallery v2.2 is releases this will Just Work(tm), if not then I will have to patch it accordingly.
I have assumed as per the spec doc suggests that the auth token will not change since login.
BUG: 137582


 M  +7 -3      TODO  
 M  +3 -0      gallerympform.cpp  
 M  +11 -4     gallerytalker.cpp  
 M  +4 -1      gallerytalker.h  


--- trunk/extragear/libs/kipi-plugins/galleryexport/TODO #619004:619005
@@ -1,9 +1,13 @@
 Somewhat immediate implementation needed:
 
-* return more sensible error strings
-* implement logging to backtrace problems
+* Implement *.ui files for all dialogs that don't want to be kdialog[base] based
+* Return more sensible error strings
+* Implement logging to backtrace problems
+* Abstract the communications layer 100%
+* Rename to websync
+* Add support for other web backends
 
 For the lazy times:
 
-* polish the html code used to render the thumbnails, better
+* Polish the html code used to render the thumbnails, better
   fonts sizes and layout
--- trunk/extragear/libs/kipi-plugins/galleryexport/gallerympform.cpp #619004:619005
@@ -45,6 +45,9 @@
     if (GalleryTalker::isGallery2())
     {
       addPairRaw("g2_controller", "remote:GalleryRemote");
+      QString auth_token = GalleryTalker::getAuthToken();
+      if (!auth_token.isEmpty())
+        addPairRaw("g2_authToken", auth_token);
     }
 }
 
--- trunk/extragear/libs/kipi-plugins/galleryexport/gallerytalker.cpp #619004:619005
@@ -54,6 +54,7 @@
 }
 
 bool GalleryTalker::s_using_gallery2 = true;
+QString GalleryTalker::s_authToken = "";
 
 bool GalleryTalker::loggedIn() const
 {
@@ -329,6 +330,8 @@
     QString     line;
     bool foundResponse = false;
 
+    m_loggedIn = false;
+    
     while (!ts.atEnd())
     {
         line = ts.readLine();
@@ -342,10 +345,14 @@
             QStringList strlist = QStringList::split("=", line);
             if (strlist.count() == 2)
             {
-                m_loggedIn = (strlist[0] == "status") &&
-                             (strlist[1] == "0");
-                if (m_loggedIn)
-                    break;
+                if (("status" == strlist[0]) && ("0" == strlist[1]))
+                {
+                  m_loggedIn = true;
+                }
+                else if (strlist[0] == "auth_token")
+                {
+                  s_authToken = strlist[1];
+                }
             }
         }
     }
--- trunk/extragear/libs/kipi-plugins/galleryexport/gallerytalker.h #619004:619005
@@ -55,6 +55,8 @@
 
     static void setGallery2(bool usegallery2) {s_using_gallery2 = usegallery2;};
     static bool isGallery2() {return s_using_gallery2;};
+    
+    static QString getAuthToken() {return s_authToken;};
 
     bool loggedIn() const;
 
@@ -83,7 +85,8 @@
     bool       m_loggedIn;
     QByteArray m_buffer;
 
-    static bool s_using_gallery2;
+    static bool    s_using_gallery2;
+    static QString s_authToken;
 
 private: