Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Auth manager ux tweaks #60441

Merged
merged 7 commits into from
Feb 5, 2025
Merged

Auth manager ux tweaks #60441

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
db7b9af
Use translated string for password helper
nyalldawson Feb 4, 2025
57a108b
Use more precise string if we're running on KDE
nyalldawson Feb 4, 2025
e9a6e05
Don't offer to backup auth database if non-sqlite storage in use
nyalldawson Feb 4, 2025
349ab7e
Remove useless signal blocking
nyalldawson Feb 4, 2025
57979ff
Simplify password validation in reset password dialog
nyalldawson Feb 4, 2025
5ae9dfe
Add new password confirmation step to reset master password dialog
nyalldawson Feb 4, 2025
cbee832
Can't use SIP_DEPRECATED with non-methods
nyalldawson Feb 4, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion python/PyQt6/core/auto_additions/qgsauthmanager.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,11 @@
QgsAuthManager.CRITICAL = QgsAuthManager.MessageLevel.CRITICAL
QgsAuthManager.MessageLevel.baseClass = QgsAuthManager
try:
QgsAuthManager.__attribute_docs__ = {'AUTH_PASSWORD_HELPER_DISPLAY_NAME': 'The display name of the password helper (platform dependent)', 'AUTH_MAN_TAG': 'The display name of the Authentication Manager', 'passwordHelperFailure': 'Signals emitted on password helper failure,\nmainly used in the tests to exit main application loop\n', 'passwordHelperSuccess': 'Signals emitted on password helper success,\nmainly used in the tests to exit main application loop\n', 'messageOut': 'Custom logging signal to relay to console output and :py:class:`QgsMessageLog`\n\n:param message: Message to send\n:param tag: Associated tag (title)\n:param level: Message log level\n\n.. seealso:: :py:class:`QgsMessageLog`\n\n.. deprecated:: 3.40\n\n Use :py:func:`~QgsAuthManager.messageLog` instead.\n', 'messageLog': 'Custom logging signal to relay to console output and :py:class:`QgsMessageLog`\n\n:param message: Message to send\n:param tag: Associated tag (title)\n:param level: Message log level\n\n.. seealso:: :py:class:`QgsMessageLog`\n\n.. versionadded:: 3.40\n', 'passwordHelperMessageOut': 'Custom logging signal to inform the user about master password <-> password manager interactions\n\n:param message: Message to send\n:param tag: Associated tag (title)\n:param level: Message log level\n\n.. seealso:: :py:class:`QgsMessageLog`\n\n.. deprecated:: 3.40\n\n Use :py:func:`~QgsAuthManager.passwordHelperMessageLog` instead.\n', 'passwordHelperMessageLog': 'Custom logging signal to inform the user about master password <-> password manager interactions\n\n:param message: Message to send\n:param tag: Associated tag (title)\n:param level: Message log level\n\n.. seealso:: :py:class:`QgsMessageLog`\n\n.. versionadded:: 3.40\n', 'masterPasswordVerified': "Emitted when a password has been verify (or not)\n\n:param verified: The state of password's verification\n", 'authDatabaseEraseRequested': 'Emitted when a user has indicated they may want to erase the authentication db.\n', 'authDatabaseChanged': 'Emitted when the authentication db is significantly changed, e.g. large record removal, erased, etc.\n'}
QgsAuthManager.__attribute_docs__ = {'AUTH_PASSWORD_HELPER_DISPLAY_NAME': 'The display name of the password helper (platform dependent).\n\nThis is deprecated, use :py:func:`~QgsAuthManager.passwordHelperDisplayName` instead.', 'AUTH_MAN_TAG': 'The display name of the Authentication Manager', 'passwordHelperFailure': 'Signals emitted on password helper failure,\nmainly used in the tests to exit main application loop\n', 'passwordHelperSuccess': 'Signals emitted on password helper success,\nmainly used in the tests to exit main application loop\n', 'messageOut': 'Custom logging signal to relay to console output and :py:class:`QgsMessageLog`\n\n:param message: Message to send\n:param tag: Associated tag (title)\n:param level: Message log level\n\n.. seealso:: :py:class:`QgsMessageLog`\n\n.. deprecated:: 3.40\n\n Use :py:func:`~QgsAuthManager.messageLog` instead.\n', 'messageLog': 'Custom logging signal to relay to console output and :py:class:`QgsMessageLog`\n\n:param message: Message to send\n:param tag: Associated tag (title)\n:param level: Message log level\n\n.. seealso:: :py:class:`QgsMessageLog`\n\n.. versionadded:: 3.40\n', 'passwordHelperMessageOut': 'Custom logging signal to inform the user about master password <-> password manager interactions\n\n:param message: Message to send\n:param tag: Associated tag (title)\n:param level: Message log level\n\n.. seealso:: :py:class:`QgsMessageLog`\n\n.. deprecated:: 3.40\n\n Use :py:func:`~QgsAuthManager.passwordHelperMessageLog` instead.\n', 'passwordHelperMessageLog': 'Custom logging signal to inform the user about master password <-> password manager interactions\n\n:param message: Message to send\n:param tag: Associated tag (title)\n:param level: Message log level\n\n.. seealso:: :py:class:`QgsMessageLog`\n\n.. versionadded:: 3.40\n', 'masterPasswordVerified': "Emitted when a password has been verify (or not)\n\n:param verified: The state of password's verification\n", 'authDatabaseEraseRequested': 'Emitted when a user has indicated they may want to erase the authentication db.\n', 'authDatabaseChanged': 'Emitted when the authentication db is significantly changed, e.g. large record removal, erased, etc.\n'}
QgsAuthManager.isFilesystemBasedDatabase = staticmethod(QgsAuthManager.isFilesystemBasedDatabase)
QgsAuthManager.hasConfigId = staticmethod(QgsAuthManager.hasConfigId)
QgsAuthManager.passwordHelperEnabled = staticmethod(QgsAuthManager.passwordHelperEnabled)
QgsAuthManager.passwordHelperDisplayName = staticmethod(QgsAuthManager.passwordHelperDisplayName)
QgsAuthManager.__signal_arguments__ = {'passwordHelperMessageLog': ['message: str', 'tag: str = QgsAuthManager.AUTH_MAN_TAG', 'level: Qgis.MessageLevel = Qgis.MessageLevel.Info'], 'masterPasswordVerified': ['verified: bool']}
QgsAuthManager.__group__ = ['auth']
except (NameError, AttributeError):
Expand Down
11 changes: 11 additions & 0 deletions python/PyQt6/core/auto_generated/auth/qgsauthmanager.sip.in
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -810,8 +810,19 @@ Store the password manager into the wallet
Available in Python bindings since QGIS 3.8.0
%End


static const QString AUTH_PASSWORD_HELPER_DISPLAY_NAME;

static QString passwordHelperDisplayName( bool titleCase = false );
%Docstring
Returns a translated display name of the password helper (platform dependent).

If ``titleCase`` is ``True`` then a title case version of the string will be returned. Otherwise
a mid-sentence case version will be returned.

.. versionadded:: 3.42
%End

static const QString AUTH_MAN_TAG;


Expand Down
3 changes: 2 additions & 1 deletion python/core/auto_additions/qgsauthmanager.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,11 @@
# The following has been generated automatically from src/core/auth/qgsauthmanager.h
QgsAuthManager.MessageLevel.baseClass = QgsAuthManager
try:
QgsAuthManager.__attribute_docs__ = {'AUTH_PASSWORD_HELPER_DISPLAY_NAME': 'The display name of the password helper (platform dependent)', 'AUTH_MAN_TAG': 'The display name of the Authentication Manager', 'passwordHelperFailure': 'Signals emitted on password helper failure,\nmainly used in the tests to exit main application loop\n', 'passwordHelperSuccess': 'Signals emitted on password helper success,\nmainly used in the tests to exit main application loop\n', 'messageOut': 'Custom logging signal to relay to console output and :py:class:`QgsMessageLog`\n\n:param message: Message to send\n:param tag: Associated tag (title)\n:param level: Message log level\n\n.. seealso:: :py:class:`QgsMessageLog`\n\n.. deprecated:: 3.40\n\n Use :py:func:`~QgsAuthManager.messageLog` instead.\n', 'messageLog': 'Custom logging signal to relay to console output and :py:class:`QgsMessageLog`\n\n:param message: Message to send\n:param tag: Associated tag (title)\n:param level: Message log level\n\n.. seealso:: :py:class:`QgsMessageLog`\n\n.. versionadded:: 3.40\n', 'passwordHelperMessageOut': 'Custom logging signal to inform the user about master password <-> password manager interactions\n\n:param message: Message to send\n:param tag: Associated tag (title)\n:param level: Message log level\n\n.. seealso:: :py:class:`QgsMessageLog`\n\n.. deprecated:: 3.40\n\n Use :py:func:`~QgsAuthManager.passwordHelperMessageLog` instead.\n', 'passwordHelperMessageLog': 'Custom logging signal to inform the user about master password <-> password manager interactions\n\n:param message: Message to send\n:param tag: Associated tag (title)\n:param level: Message log level\n\n.. seealso:: :py:class:`QgsMessageLog`\n\n.. versionadded:: 3.40\n', 'masterPasswordVerified': "Emitted when a password has been verify (or not)\n\n:param verified: The state of password's verification\n", 'authDatabaseEraseRequested': 'Emitted when a user has indicated they may want to erase the authentication db.\n', 'authDatabaseChanged': 'Emitted when the authentication db is significantly changed, e.g. large record removal, erased, etc.\n'}
QgsAuthManager.__attribute_docs__ = {'AUTH_PASSWORD_HELPER_DISPLAY_NAME': 'The display name of the password helper (platform dependent).\n\nThis is deprecated, use :py:func:`~QgsAuthManager.passwordHelperDisplayName` instead.', 'AUTH_MAN_TAG': 'The display name of the Authentication Manager', 'passwordHelperFailure': 'Signals emitted on password helper failure,\nmainly used in the tests to exit main application loop\n', 'passwordHelperSuccess': 'Signals emitted on password helper success,\nmainly used in the tests to exit main application loop\n', 'messageOut': 'Custom logging signal to relay to console output and :py:class:`QgsMessageLog`\n\n:param message: Message to send\n:param tag: Associated tag (title)\n:param level: Message log level\n\n.. seealso:: :py:class:`QgsMessageLog`\n\n.. deprecated:: 3.40\n\n Use :py:func:`~QgsAuthManager.messageLog` instead.\n', 'messageLog': 'Custom logging signal to relay to console output and :py:class:`QgsMessageLog`\n\n:param message: Message to send\n:param tag: Associated tag (title)\n:param level: Message log level\n\n.. seealso:: :py:class:`QgsMessageLog`\n\n.. versionadded:: 3.40\n', 'passwordHelperMessageOut': 'Custom logging signal to inform the user about master password <-> password manager interactions\n\n:param message: Message to send\n:param tag: Associated tag (title)\n:param level: Message log level\n\n.. seealso:: :py:class:`QgsMessageLog`\n\n.. deprecated:: 3.40\n\n Use :py:func:`~QgsAuthManager.passwordHelperMessageLog` instead.\n', 'passwordHelperMessageLog': 'Custom logging signal to inform the user about master password <-> password manager interactions\n\n:param message: Message to send\n:param tag: Associated tag (title)\n:param level: Message log level\n\n.. seealso:: :py:class:`QgsMessageLog`\n\n.. versionadded:: 3.40\n', 'masterPasswordVerified': "Emitted when a password has been verify (or not)\n\n:param verified: The state of password's verification\n", 'authDatabaseEraseRequested': 'Emitted when a user has indicated they may want to erase the authentication db.\n', 'authDatabaseChanged': 'Emitted when the authentication db is significantly changed, e.g. large record removal, erased, etc.\n'}
QgsAuthManager.isFilesystemBasedDatabase = staticmethod(QgsAuthManager.isFilesystemBasedDatabase)
QgsAuthManager.hasConfigId = staticmethod(QgsAuthManager.hasConfigId)
QgsAuthManager.passwordHelperEnabled = staticmethod(QgsAuthManager.passwordHelperEnabled)
QgsAuthManager.passwordHelperDisplayName = staticmethod(QgsAuthManager.passwordHelperDisplayName)
QgsAuthManager.__signal_arguments__ = {'passwordHelperMessageLog': ['message: str', 'tag: str = QgsAuthManager.AUTH_MAN_TAG', 'level: Qgis.MessageLevel = Qgis.MessageLevel.Info'], 'masterPasswordVerified': ['verified: bool']}
QgsAuthManager.__group__ = ['auth']
except (NameError, AttributeError):
Expand Down
11 changes: 11 additions & 0 deletions python/core/auto_generated/auth/qgsauthmanager.sip.in
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -810,8 +810,19 @@ Store the password manager into the wallet
Available in Python bindings since QGIS 3.8.0
%End


static const QString AUTH_PASSWORD_HELPER_DISPLAY_NAME;

static QString passwordHelperDisplayName( bool titleCase = false );
%Docstring
Returns a translated display name of the password helper (platform dependent).

If ``titleCase`` is ``True`` then a title case version of the string will be returned. Otherwise
a mid-sentence case version will be returned.

.. versionadded:: 3.42
%End

static const QString AUTH_MAN_TAG;


Expand Down
55 changes: 40 additions & 15 deletions src/core/auth/qgsauthmanager.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,7 @@ const QLatin1String QgsAuthManager::AUTH_PASSWORD_HELPER_FOLDER_NAME( "QGIS" );



Q_NOWARN_DEPRECATED_PUSH
#if defined(Q_OS_MAC)
const QString QgsAuthManager::AUTH_PASSWORD_HELPER_DISPLAY_NAME( "Keychain" );
#elif defined(Q_OS_WIN)
Expand All @@ -80,6 +81,7 @@ const QString QgsAuthManager::AUTH_PASSWORD_HELPER_DISPLAY_NAME( QStringLiteral(
#else
const QString QgsAuthManager::AUTH_PASSWORD_HELPER_DISPLAY_NAME( "Password Manager" );
#endif
Q_NOWARN_DEPRECATED_POP

QgsAuthManager *QgsAuthManager::instance()
{
Expand Down Expand Up @@ -399,7 +401,7 @@ const QString QgsAuthManager::disabledMessage() const
}


const QString QgsAuthManager::sqliteDatabasePath() const
QString QgsAuthManager::sqliteDatabasePath() const
{
if ( !QgsAuthManager::isFilesystemBasedDatabase( mAuthDatabaseConnectionUri ) )
{
Expand Down Expand Up @@ -3074,6 +3076,29 @@ bool QgsAuthManager::passwordHelperSync()
return false;
}

QString QgsAuthManager::passwordHelperDisplayName( bool titleCase )
{
#if defined(Q_OS_MAC)
return titleCase ? QObject::tr( "Keychain" ) : QObject::tr( "keychain" );
#elif defined(Q_OS_WIN)
return titleCase ? QObject::tr( "Password Manager" ) : QObject::tr( "password manager" );
#elif defined(Q_OS_LINUX)

const QString desktopSession = qgetenv( "DESKTOP_SESSION" );
const QString currentDesktop = qgetenv( "XDG_CURRENT_DESKTOP" );
const QString gdmSession = qgetenv( "GDMSESSION" );
// lets use a more precise string if we're running on KDE!
if ( desktopSession.contains( QLatin1String( "kde" ), Qt::CaseInsensitive ) || currentDesktop.contains( QLatin1String( "kde" ), Qt::CaseInsensitive ) || gdmSession.contains( QLatin1String( "kde" ), Qt::CaseInsensitive ) )
{
return titleCase ? QObject::tr( "Wallet" ) : QObject::tr( "wallet" );
}

return titleCase ? QObject::tr( "Wallet/Key Ring" ) : QObject::tr( "wallet/key ring" );
#else
return titleCase ? QObject::tr( "Password Manager" ) : QObject::tr( "password manager" );
#endif
}


////////////////// Certificate calls - end ///////////////////////

Expand Down Expand Up @@ -3234,7 +3259,7 @@ bool QgsAuthManager::passwordHelperDelete()
{
ensureInitialized();

passwordHelperLog( tr( "Opening %1 for DELETE…" ).arg( AUTH_PASSWORD_HELPER_DISPLAY_NAME ) );
passwordHelperLog( tr( "Opening %1 for DELETE…" ).arg( passwordHelperDisplayName() ) );
bool result;
QKeychain::DeletePasswordJob job( AUTH_PASSWORD_HELPER_FOLDER_NAME );
QgsSettings settings;
Expand Down Expand Up @@ -3269,7 +3294,7 @@ QString QgsAuthManager::passwordHelperRead()

// Retrieve it!
QString password;
passwordHelperLog( tr( "Opening %1 for READ…" ).arg( AUTH_PASSWORD_HELPER_DISPLAY_NAME ) );
passwordHelperLog( tr( "Opening %1 for READ…" ).arg( passwordHelperDisplayName() ) );
QKeychain::ReadPasswordJob job( AUTH_PASSWORD_HELPER_FOLDER_NAME );
QgsSettings settings;
job.setInsecureFallback( settings.value( QStringLiteral( "password_helper_insecure_fallback" ), false, QgsSettings::Section::Auth ).toBool() );
Expand All @@ -3282,7 +3307,7 @@ QString QgsAuthManager::passwordHelperRead()
if ( job.error() )
{
mPasswordHelperErrorCode = job.error();
mPasswordHelperErrorMessage = tr( "Retrieving password from your %1 failed: %2." ).arg( AUTH_PASSWORD_HELPER_DISPLAY_NAME, job.errorString() );
mPasswordHelperErrorMessage = tr( "Retrieving password from your %1 failed: %2." ).arg( passwordHelperDisplayName(), job.errorString() );
// Signals used in the tests to exit main application loop
emit passwordHelperFailure();
}
Expand All @@ -3293,7 +3318,7 @@ QString QgsAuthManager::passwordHelperRead()
if ( password.isEmpty() )
{
mPasswordHelperErrorCode = QKeychain::EntryNotFound;
mPasswordHelperErrorMessage = tr( "Empty password retrieved from your %1." ).arg( AUTH_PASSWORD_HELPER_DISPLAY_NAME );
mPasswordHelperErrorMessage = tr( "Empty password retrieved from your %1." ).arg( passwordHelperDisplayName( true ) );
// Signals used in the tests to exit main application loop
emit passwordHelperFailure();
}
Expand All @@ -3313,7 +3338,7 @@ bool QgsAuthManager::passwordHelperWrite( const QString &password )

Q_ASSERT( !password.isEmpty() );
bool result;
passwordHelperLog( tr( "Opening %1 for WRITE…" ).arg( AUTH_PASSWORD_HELPER_DISPLAY_NAME ) );
passwordHelperLog( tr( "Opening %1 for WRITE…" ).arg( passwordHelperDisplayName() ) );
QKeychain::WritePasswordJob job( AUTH_PASSWORD_HELPER_FOLDER_NAME );
QgsSettings settings;
job.setInsecureFallback( settings.value( QStringLiteral( "password_helper_insecure_fallback" ), false, QgsSettings::Section::Auth ).toBool() );
Expand All @@ -3327,7 +3352,7 @@ bool QgsAuthManager::passwordHelperWrite( const QString &password )
if ( job.error() )
{
mPasswordHelperErrorCode = job.error();
mPasswordHelperErrorMessage = tr( "Storing password in your %1 failed: %2." ).arg( AUTH_PASSWORD_HELPER_DISPLAY_NAME, job.errorString() );
mPasswordHelperErrorMessage = tr( "Storing password in your %1 failed: %2." ).arg( passwordHelperDisplayName(), job.errorString() );
// Signals used in the tests to exit main application loop
emit passwordHelperFailure();
result = false;
Expand Down Expand Up @@ -3355,9 +3380,9 @@ void QgsAuthManager::setPasswordHelperEnabled( const bool enabled )
QgsSettings settings;
settings.setValue( QStringLiteral( "use_password_helper" ), enabled, QgsSettings::Section::Auth );
emit messageLog( enabled ? tr( "Your %1 will be <b>used from now</b> on to store and retrieve the master password." )
.arg( AUTH_PASSWORD_HELPER_DISPLAY_NAME ) :
.arg( passwordHelperDisplayName() ) :
tr( "Your %1 will <b>not be used anymore</b> to store and retrieve the master password." )
.arg( AUTH_PASSWORD_HELPER_DISPLAY_NAME ) );
.arg( passwordHelperDisplayName() ) );
}

bool QgsAuthManager::passwordHelperLoggingEnabled()
Expand Down Expand Up @@ -3395,12 +3420,12 @@ void QgsAuthManager::passwordHelperProcessError()
mPasswordHelperErrorMessage = tr( "There was an error and integration with your %1 system has been disabled. "
"You can re-enable it at any time through the \"Utilities\" menu "
"in the Authentication pane of the options dialog. %2" )
.arg( AUTH_PASSWORD_HELPER_DISPLAY_NAME, mPasswordHelperErrorMessage );
.arg( passwordHelperDisplayName(), mPasswordHelperErrorMessage );
}
if ( mPasswordHelperErrorCode != QKeychain::NoError )
{
// We've got an error from the wallet
passwordHelperLog( tr( "Error in %1: %2" ).arg( AUTH_PASSWORD_HELPER_DISPLAY_NAME, mPasswordHelperErrorMessage ) );
passwordHelperLog( tr( "Error in %1: %2" ).arg( passwordHelperDisplayName(), mPasswordHelperErrorMessage ) );
emit passwordHelperMessageLog( mPasswordHelperErrorMessage, authManTag(), Qgis::MessageLevel::Critical );
}
passwordHelperClearErrors();
Expand Down Expand Up @@ -3429,11 +3454,11 @@ bool QgsAuthManager::masterPasswordInput()
{
ok = true;
storedPasswordIsValid = true;
emit passwordHelperMessageLog( tr( "Master password has been successfully read from your %1" ).arg( AUTH_PASSWORD_HELPER_DISPLAY_NAME ), authManTag(), Qgis::MessageLevel::Info );
emit passwordHelperMessageLog( tr( "Master password has been successfully read from your %1" ).arg( passwordHelperDisplayName() ), authManTag(), Qgis::MessageLevel::Info );
}
else
{
emit passwordHelperMessageLog( tr( "Master password stored in your %1 is not valid" ).arg( AUTH_PASSWORD_HELPER_DISPLAY_NAME ), authManTag(), Qgis::MessageLevel::Warning );
emit passwordHelperMessageLog( tr( "Master password stored in your %1 is not valid" ).arg( passwordHelperDisplayName() ), authManTag(), Qgis::MessageLevel::Warning );
}
}
}
Expand All @@ -3451,11 +3476,11 @@ bool QgsAuthManager::masterPasswordInput()
{
if ( passwordHelperWrite( pass ) )
{
emit passwordHelperMessageLog( tr( "Master password has been successfully written to your %1" ).arg( AUTH_PASSWORD_HELPER_DISPLAY_NAME ), authManTag(), Qgis::MessageLevel::Info );
emit passwordHelperMessageLog( tr( "Master password has been successfully written to your %1" ).arg( passwordHelperDisplayName() ), authManTag(), Qgis::MessageLevel::Info );
}
else
{
emit passwordHelperMessageLog( tr( "Master password could not be written to your %1" ).arg( AUTH_PASSWORD_HELPER_DISPLAY_NAME ), authManTag(), Qgis::MessageLevel::Warning );
emit passwordHelperMessageLog( tr( "Master password could not be written to your %1" ).arg( passwordHelperDisplayName() ), authManTag(), Qgis::MessageLevel::Warning );
}
}
return true;
Expand Down
Loading