Online Accounts: Account plugins

Can't add GMAIL to online accounts

Bug #1074733 reported by faical117
264
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Online Accounts: Account plugins
Fix Released
High
Alberto Mardegan
Online Accounts: Sign-on UI
Fix Released
High
Alberto Mardegan

Bug Description

After I entered the gmail verification code and hit Verify Button its redirected me to new tab of firefox so i get blocked in blank window of online accounts :-(

See original description

Related branches

lp:~mardy/signon-ui/lp1074733
David King (community): Approve
Diff: 52 lines (+14/-0)
1 file modified
src/browser-request.cpp (+14/-0)
lp:~mardy/account-plugins/lp1074733
David King (community): Approve
Diff: 32 lines (+11/-2)
2 files modified
data/webkit-options/accounts.google.com.conf (+4/-2)
src/google.vala (+7/-0)
Revision history for this message
faical117 (faical117) wrote :
faical117 (faical117)
description: updated
faical117 (faical117)
no longer affects: unity-lens-gdocs
Revision history for this message
Alberto Mardegan (mardy) wrote :

Hi Faical, and thanks for your bug report.
  Could you please run these commands:

  killall signon-ui
  export SSOUI_LOGGING_LEVEL=2
  signon-ui

and then try to reproduce the bug again?

Changed in online-accounts-account-plugins:
status: New → Incomplete
assignee: nobody → Alberto Mardegan (mardy)
importance: Undecided → High
Revision history for this message
faical117 (faical117) wrote :

......
browser-request.cpp 302 onLoadFinished Load finished true
browser-request.cpp 649 initializeField Couldn't find element: "input[name=Email]"
browser-request.cpp 649 initializeField Couldn't find element: "input[name=Passwd]"
browser-request.cpp 105 acceptNavigationRequest QUrl ...........
....................
browser-request.cpp 143 urlIsBlocked Scheme not allowed: "http"
cookie-jar-manager.cpp 129 save saving to "/home/faycel/.cache/signon-ui/cookies/11.jar"

Revision history for this message
Alberto Mardegan (mardy) wrote :

This is strange: Google is trying to authenticate you via plain http, and not secure http (https) as it should. Are you behind a proxy?
Because of security reasons, some time ago we decided to support only https (see bug 1037169); however, there is a way to allow using plain http as well, by reconfiguring the account using the terminal:

  sudo apt-get install account-plugin-tools
  account-console list

Find the numeric ID of the google account; let's suppose it's 1234, and substitute it in the following commands:

  account-console edit 1234 -s "as:auth/oauth2/web_server/AllowedSchemes=['https','http']"
  account-console edit 1234 -s "as:auth/oauth2/user_agent/AllowedSchemes=['https','http']"

Then, if you restart the session, it should work.

Revision history for this message
faical117 (faical117) wrote :
Download full text (24.3 KiB)

No, I'm not behind a proxy.

/******************************************************************/
 signon-ui
service.cpp 206 queryDialog Got request: QMap(("Caption", QVariant(QString, "Google") ) ( "ClientData" , QVariant(QDBusArgument, ) ) ( "FinalUrl" , QVariant(QString, "https://wiki.ubuntu.com/") ) ( "Identity" , QVariant(uint, 12) ) ( "OpenUrl" , QVariant(QString, "https://accounts.google.com/o/oauth2/auth?client_id=759250720802-4sii0me9963n9fdqdmi7cepn6ub8luoh.apps.googleusercontent.com&redirect_uri=https://wiki.ubuntu.com/&response_type=token&type=user_agent&scope=https://docs.google.com/feeds/ https://www.googleapis.com/auth/googletalk https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile https://picasaweb.google.com/data/") ) ( "StoredIdentity" , QVariant(bool, true) ) ( "requestId" , QVariant(QString, "/com/google/code/AccountsSSO/SingleSignOn/AuthSession_2") ) )
service.cpp 129 runQueue Head: SignOnUi::BrowserRequest(0x26f98b0)
browser-request.cpp 105 acceptNavigationRequest QUrl( "https://accounts.google.com/o/oauth2/auth?client_id=759250720802-4sii0me9963n9fdqdmi7cepn6ub8luoh.apps.googleusercontent.com&redirect_uri=https://wiki.ubuntu.com/&response_type=token&type=user_agent&scope=https://docs.google.com/feeds/ https://www.googleapis.com/auth/googletalk https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile https://picasaweb.google.com/data/" )
browser-request.cpp 507 buildDialog Dialog was built
request.cpp 179 setWidget Requesting widget embedding
browser-request.cpp 105 acceptNavigationRequest QUrl( "https://accounts.google.com/ServiceLogin?service=lso&passive=1209600&continue=https://accounts.google.com/o/oauth2/auth?scope=https://docs.google.com/feeds/+https://www.googleapis.com/auth/googletalk+https://www.googleapis.com/auth/userinfo.email+https://www.googleapis.com/auth/userinfo.profile+https://picasaweb.google.com/data/&response_type=token&redirect_uri=https://wiki.ubuntu.com/&client_id=759250720802-4sii0me9963n9fdqdmi7cepn6ub8luoh.apps.googleusercontent.com&type=user_agent&hl=fr&from_login=1&as=-1aaab5b474fcc1c4&ltmpl=popup&shdf=CtoCCxIRdGhpcmRQYXJ0eUxvZ29Vcmwa7QEvL2ltYWdlcy1sc28tb3BlbnNvY2lhbC5nb29nbGV1c2VyY29udGVudC5jb20vZ2FkZ2V0cy9wcm94eT91cmw9aHR0cHM6Ly93aWtpLnVidW50dS5jb20vSWNvbnNQYWdlP2FjdGlvbiUzREF0dGFjaEZpbGUlMjZkbyUzRGdldCUyNnRhcmdldCUzRGljb25DaXJjbGU0OC5wbmcmY29udGFpbmVyPWxzbyZnYWRnZXQ9YSZyZXdyaXRlTWltZT1pbWFnZS8qJnJlc2l6ZV9oPTEyMCZyZXNpemVfdz0xMjAmbm9fZXhwYW5kPTEMCxIVdGhpcmRQYXJ0eURpc3BsYXlOYW1lGgZVYnVudHUMCxIGZG9tYWluGgZVYnVudHUMCxIVdGhpcmRQYXJ0eURpc3BsYXlUeXBlGgdERUZBVUxUDBIDbHNvIhQQMBh9GPl6daJnce2NetLI2Hd6OygBMhQIshfn88-uM7m4drXK9WWtEdnwGg&scc=1" )
cookie-jar-manager.cpp 48 setCookiesFromUrl Setting cookies for url: QUrl( "https://accounts.google.com/ServiceLogin?service=lso&passive=1209600&continue=https://accounts.google.com/o/oauth2/auth?scope=https://docs.google.com/feeds/+https://www.googleapis.com/auth/googletalk+https://www.googleapis.com/auth/userinfo.email+https://www.googleapis.com/auth/userinfo.profile+https://picasaweb.google.com/data/&response_type=token&redirect_uri=https://wiki.ubuntu.com/&cl...

faical117 (faical117)
information type: Public → Private
faical117 (faical117)
information type: Private → Public Security
Alberto Mardegan (mardy)
Changed in online-accounts-account-plugins:
status: Incomplete → In Progress
Changed in online-accounts-signon-ui:
status: New → In Progress
assignee: nobody → Alberto Mardegan (mardy)
importance: Undecided → High
Alberto Mardegan (mardy)
Changed in online-accounts-account-plugins:
status: In Progress → Fix Committed
Changed in online-accounts-signon-ui:
status: In Progress → Fix Committed
Revision history for this message
Alberto Mardegan (mardy) wrote :

I made a couple of changes which should fix this issue: signon-ui will now use a regular expression to identify which URLs are allowed, and the google account plugin will provide one that matches all "https" sites and all URLs of the form http://<something>.google.<country>/accounts/..., like the one used by Google in Algeria.

I propose that this fix is included in a SRU, as there might be many users affected by this issue. The risk of regressions is minimal, because the regular expression *extends* the set of URLs accepted, to accomodate those extra http-only URLs.

For other account plugins, there is no change, as the code path to check for the regular expression is activated only if the account plugin provides such expression (and all the other plugins don't).

Revision history for this message
faical117 (faical117) wrote :

Thanks alberto and good job :-)

Alberto Mardegan (mardy)
Changed in signon-ui:
status: Fix Committed → Fix Released
Changed in account-plugins:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Bug attachments

Remote bug watches

Bug watches keep track of this bug in other bug trackers.