Ubuntu RTM
signon-plugin-oauth2 package

[online-accounts] re-authenticating an account does not work

Bug #1420934 reported by Renato Araujo Oliveira Filho
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Canonical System Image
Fix Released
High
David Barth
Canonical System Image ww28-2015 "ota5"
signon-plugin-oauth2 (Ubuntu)
Fix Released
Undecided
Alberto Mardegan
signon-plugin-oauth2 (Ubuntu RTM)
Fix Released
Undecided
Alberto Mardegan
sync-monitor (Ubuntu)
Fix Released
High
Renato Araujo Oliveira Filho

Bug Description

After a online account token became invalid we should use the function "AccountService.authenticate" to re-validate the account. But is is not working for google accounts.

Tags: calendar ww09

Related branches

lp:~renatofilho/sync-monitor/re-authenticate
PS Jenkins bot: Approve (continuous-integration)
Ubuntu Phablet Team: Pending requested
Diff: 816 lines (+480/-30)
16 files modified
CMakeLists.txt (+2/-0)
authenticator/CMakeLists.txt (+41/-0)
authenticator/main.cpp (+90/-0)
authenticator/main.qml (+196/-0)
authenticator/sync-monitor-helper.qrc (+5/-0)
authenticator/syncmonitorhelper.desktop.in (+7/-0)
authenticator/syncmonitorhelper.url-dispatcher (+5/-0)
debian/control (+15/-0)
debian/sync-monitor-helper.install (+3/-0)
po/CMakeLists.txt (+9/-2)
po/sync-monitor.pot (+50/-23)
src/CMakeLists.txt (+2/-0)
src/sync-account.cpp (+18/-1)
src/sync-account.h (+2/-3)
src/sync-daemon.cpp (+32/-1)
src/sync-daemon.h (+3/-0)
Revision history for this message
Renato Araujo Oliveira Filho (renatofilho) wrote :
Bill Filler (bfiller)
Changed in ubuntu-system-settings-online-accounts:
importance: Undecided → High
assignee: nobody → Alberto Mardegan (mardy)
Changed in canonical-devices-system-image:
importance: Undecided → High
tags: added: ww09
Revision history for this message
Bill Filler (bfiller) wrote :

This is needed to solve bug with syncing failing without a way for user to recover:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1420002

Bill Filler (bfiller)
summary: - Fail to re-authenticate the account
+ [online-accounts] re-authenticating an account does not work
Pat McGowan (pat-mcgowan)
Changed in canonical-devices-system-image:
milestone: none → ww09-2015
status: New → Confirmed
tags: added: calendar
Pat McGowan (pat-mcgowan)
Changed in canonical-devices-system-image:
assignee: nobody → David Barth (dbarth)
Revision history for this message
Alberto Mardegan (mardy) wrote :

I've been debugging the issue here, according to the steps (and the logs) which Renato provided me with.

So, a problem arises if the access token has expires and the refresh token (which can be used to request a new access token without UI interactions) is still valid, but the client application has been revoked access from https://myaccount.google.com/ (section "Connected apps and services"). In that case, here's the logs:

Feb 13 15:02:15 ubuntu-phablet signonpluginprocess[13128]: oauth2plugin.cpp 111 OAuth2Plugin :
Feb 13 15:02:15 ubuntu-phablet signonpluginprocess[13128]: oauth2plugin.cpp 206 respondWithStoredToken : Stored token is expired
Feb 13 15:02:15 ubuntu-phablet signonpluginprocess[13128]: oauth2plugin.cpp 586 refreshOAuth2Token : "1/XXXX"
Feb 13 15:02:15 ubuntu-phablet signonpluginprocess[13128]: oauth2plugin.cpp 598 sendOAuth2PostRequest :
Feb 13 15:02:15 ubuntu-phablet signonpluginprocess[13128]: oauth2plugin.cpp 623 sendOAuth2PostRequest : Query string = QUrl( "?grant_type=refresh_token&refresh_token=1/XXXX&client_id=759250720802-4sii0me9963n9fdqdmi7cepn6ub8luoh.apps.googleusercontent.com&client_secret=juFngKUcuhB7IRQqHtSLavqJ" )
Feb 13 15:02:15 ubuntu-phablet signonpluginprocess[13128]: base-plugin.cpp 112 postRequest : Posting request: QUrl( "https://accounts.google.com/o/oauth2/token" )
Feb 13 15:02:15 ubuntu-phablet signonpluginprocess[13128]: ../../../../src/remotepluginprocess/remotepluginprocess.cpp 496 startTask operation is completed
Feb 13 15:02:16 ubuntu-phablet signonpluginprocess[13128]: base-plugin.cpp 152 handleNetworkError : error signal received: 302
Feb 13 15:02:16 ubuntu-phablet signonpluginprocess[13128]: base-plugin.cpp 167 handleNetworkError : Contents: "{#012 "error" : "invalid_grant",#012 "error_description" : "Token has been revoked."#012}"

So, this is a but in signon-plugin-oauth2, which should discard the refresh token and try the authentication again if some error happens while using the refresh token.

affects: ubuntu-system-settings-online-accounts (Ubuntu) → signon-plugin-oauth2 (Ubuntu)
Changed in signon-plugin-oauth2 (Ubuntu):
assignee: nobody → Alberto Mardegan (mardy)
no longer affects: ubuntu-system-settings-online-accounts
Changed in signon-plugin-oauth2 (Ubuntu):
status: New → In Progress
affects: ubuntu-system-settings-online-accounts (Ubuntu RTM) → signon-plugin-oauth2 (Ubuntu RTM)
Changed in signon-plugin-oauth2 (Ubuntu RTM):
assignee: nobody → Alberto Mardegan (mardy)
status: New → Confirmed
David Barth (dbarth)
Changed in signon-plugin-oauth2 (Ubuntu RTM):
status: Confirmed → Fix Committed
Changed in signon-plugin-oauth2 (Ubuntu):
status: In Progress → Fix Committed
Revision history for this message
Renato Araujo Oliveira Filho (renatofilho) wrote :

I can not test this anymore, I tried to revoke the account manually, and re-sync but now syncevolution is getting stuck on 0%.
This is the log from syncevolution.

      <br/>invisiblefilter:</li>
        <li><i>[2015-02-19 19:41:11.114]</i>&nbsp;ContextSupport ReadNextItem:allfields</li>
        <li><i>[2015-02-19 19:41:11.114]</i>&nbsp;Executing Script 'initscript'</li>
        <li><i>[2015-02-19 19:41:11.114]</i>&nbsp;Now reading local sync set: report changes since reference1 at &lt;no time&gt;, and since reference2 at &lt;no time&gt;</li>
        <li><i>[2015-02-19 19:41:11.114]</i>&nbsp;slow sync or testing, do full item scan to detect changes</li>
        <li><i>[2015-02-19 19:41:11.114]</i>&nbsp;starting PROPFIND, credentials unverified, deadline in 300.0s</li>
        <li><i>[2015-02-19 19:41:11.115]</i>&nbsp;retrieving OAuth2 token, attempt 0</li>
        <li><i>[2015-02-19 19:41:11.115]</i>&nbsp;asking for OAuth2 token with method oauth2, mechanism web_server and parameters {'ForceClientAuthViaRequestBody': &lt;true&gt;, 'Host': &lt;'accounts.google.com'&gt;, 'AllowedSchemes': &lt;['https', 'http']&gt;, 'Scope': &lt;['email', 'https://www.googleapis.com/auth/carddav']&gt;, 'UiPolicy': &lt;uint32 0&gt;, 'ClientId': &lt;'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'&gt;, 'ResponseType': &lt;'code'&gt;, 'AuthPath': &lt;'o/oauth2/auth?access_type=offline'&gt;, 'ClientSecret': XXXXXXXXXXXXXXXXXXXXXXXXXXXX'&gt;, 'RedirectUri': &lt;'https://wiki.ubuntu.com/'&gt;, 'TokenPath': &lt;'o/oauth2/token'&gt;}</li>
        <li><i>[2015-02-19 19:41:43.111]</i>&nbsp;signon-identity.c:360: identity_remote_object_destroyed_cb 360</li>

Pat McGowan (pat-mcgowan)
Changed in canonical-devices-system-image:
milestone: ww09-2015 → ww13-2015
status: Confirmed → In Progress
Changed in sync-monitor (Ubuntu):
assignee: nobody → Renato Araujo Oliveira Filho (renatofilho)
status: New → In Progress
importance: Undecided → High
David Barth (dbarth)
Changed in canonical-devices-system-image:
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package sync-monitor - 0.1+15.04.20150327-0ubuntu1

---------------
sync-monitor (0.1+15.04.20150327-0ubuntu1) vivid; urgency=medium

  [ CI Train Bot ]
  * New rebuild forced.

  [ Renato Araujo Oliveira Filho ]
  * Created sync-monitor-helper to re-authenticate accounts. (LP:
    #1420934)
 -- CI Train Bot <email address hidden> Fri, 27 Mar 2015 11:13:09 +0000

Changed in sync-monitor (Ubuntu):
status: In Progress → Fix Released
Pat McGowan (pat-mcgowan)
Changed in canonical-devices-system-image:
milestone: ww13-2015 → ww26-2015
David Barth (dbarth)
Changed in webapps-sprint:
assignee: nobody → Alberto Mardegan (mardy)
milestone: none → sprint-10
importance: Undecided → High
Revision history for this message
David Barth (dbarth) wrote :

This is fixed in all but older RTM releases. OTA-4 has the fix as well, so no point in backporting.

no longer affects: webapps-sprint
Pat McGowan (pat-mcgowan)
Changed in canonical-devices-system-image:
milestone: ww26-2015 → ww28-2015
Revision history for this message
Alberto Mardegan (mardy) wrote :

The online-accounts fixes landed into vivid in 19.03.2015.

Changed in canonical-devices-system-image:
status: Fix Committed → Fix Released
Changed in signon-plugin-oauth2 (Ubuntu):
status: Fix Committed → Fix Released
Changed in signon-plugin-oauth2 (Ubuntu RTM):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Bug attachments

Remote bug watches

Bug watches keep track of this bug in other bug trackers.