Manager class only provides access to one (random?) service ID for an account
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
online-accounts-api (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
The Manager class seems to be de-duplicating the list of accounts using accountId as a key. If an account has multiple service IDs, it seems like it is random chance whether I'll see the service ID I'm interested in.
As a test, I wrote a little program to list available accounts using Manager:
Account 7:
Name: <email address hidden>
Service ID: twitter-poll
But when I tried invoking the underlying D-Bus method directly I could see that the service was returning multiple account results for account #7 (output reindented for readability):
$ gdbus call --session --dest com.ubuntu.
([(uint32 7, {'authMethod': <1>,
(7, {'authMethod': <1>,
...],)
So this clearly looks like a bug in the client library. It should be using (accountId, serviceId) as the key for managing it's local representation of the accounts.
Related branches
- Alberto Mardegan (community): Approve
-
Diff: 221 lines (+84/-13)6 files modifieddebian/libonline-accounts-qt1.symbols (+1/-0)
src/lib/OnlineAccounts/manager.cpp (+23/-8)
src/lib/OnlineAccounts/manager.h (+1/-0)
src/lib/OnlineAccounts/manager_p.h (+3/-2)
tests/lib/OnlineAccounts/functional_tests/functional_tests.cpp (+55/-2)
tests/lib/qml_module/tst_qml_module.cpp (+1/-1)
The new API has been built with the assumption that each client application will have access at most to one service per account. /docs.google. com/document/ d/1inf_ HhRPdyERMBlET01 baTnoeqeYXn0pUv zlBuE0m0k/ edit#heading= h.ug99hyx6imji
See the last paragraph in
https:/
Now, this means that the service should never return the same account ID twice, but you found a case where this is not true. This is probably a bug, but please read on.
The new API is more limited than the old one, and has been designed to support click apps and scopes. For these clients, we expect to be able to identify them by their app-id, either by inferring it from their apparmor label or (for unconfined processes) by receiving it as an explicit parameter.
Your gdbus invocation doesn't fall in either of these scenarios, because what we get is a request from an unconfined process which does not specify an "applicationId" parameter.
I believe that if you add such an "applicationId" parameter pointing to a valid application ID, you will not get any accounts listed twice. If that's not the case, please let me know.
Now, what is certainly true is that in this specific case the API does not behave in a deterministic way. I would suggest that we "morph" the bug about having an explicit D-Bus error when an unconfined client makes a request without specifying an "applicationId" parameter. WDYT?