[online-accounts] re-authenticating an account does not work

Bug #1420934 reported by Renato Araujo Oliveira Filho on 2015-02-11
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Canonical System Image
High
David Barth
signon-plugin-oauth2 (Ubuntu)
Undecided
Alberto Mardegan
signon-plugin-oauth2 (Ubuntu RTM)
Undecided
Alberto Mardegan
sync-monitor (Ubuntu)
High
Renato Araujo Oliveira Filho

Bug Description

After a online account token became invalid we should use the function "AccountService.authenticate" to re-validate the account. But is is not working for google accounts.

Related branches

Bill Filler (bfiller) on 2015-02-12
Changed in ubuntu-system-settings-online-accounts:
importance: Undecided → High
assignee: nobody → Alberto Mardegan (mardy)
Changed in canonical-devices-system-image:
importance: Undecided → High
tags: added: ww09
Bill Filler (bfiller) wrote :

This is needed to solve bug with syncing failing without a way for user to recover:
https://bugs.launchpad.net/canonical-devices-system-image/+bug/1420002

Bill Filler (bfiller) on 2015-02-12
summary: - Fail to re-authenticate the account
+ [online-accounts] re-authenticating an account does not work
Changed in canonical-devices-system-image:
milestone: none → ww09-2015
status: New → Confirmed
tags: added: calendar
Changed in canonical-devices-system-image:
assignee: nobody → David Barth (dbarth)
Alberto Mardegan (mardy) wrote :

I've been debugging the issue here, according to the steps (and the logs) which Renato provided me with.

So, a problem arises if the access token has expires and the refresh token (which can be used to request a new access token without UI interactions) is still valid, but the client application has been revoked access from https://myaccount.google.com/ (section "Connected apps and services"). In that case, here's the logs:

Feb 13 15:02:15 ubuntu-phablet signonpluginprocess[13128]: oauth2plugin.cpp 111 OAuth2Plugin :
Feb 13 15:02:15 ubuntu-phablet signonpluginprocess[13128]: oauth2plugin.cpp 206 respondWithStoredToken : Stored token is expired
Feb 13 15:02:15 ubuntu-phablet signonpluginprocess[13128]: oauth2plugin.cpp 586 refreshOAuth2Token : "1/XXXX"
Feb 13 15:02:15 ubuntu-phablet signonpluginprocess[13128]: oauth2plugin.cpp 598 sendOAuth2PostRequest :
Feb 13 15:02:15 ubuntu-phablet signonpluginprocess[13128]: oauth2plugin.cpp 623 sendOAuth2PostRequest : Query string = QUrl( "?grant_type=refresh_token&refresh_token=1/XXXX&client_id=759250720802-4sii0me9963n9fdqdmi7cepn6ub8luoh.apps.googleusercontent.com&client_secret=juFngKUcuhB7IRQqHtSLavqJ" )
Feb 13 15:02:15 ubuntu-phablet signonpluginprocess[13128]: base-plugin.cpp 112 postRequest : Posting request: QUrl( "https://accounts.google.com/o/oauth2/token" )
Feb 13 15:02:15 ubuntu-phablet signonpluginprocess[13128]: ../../../../src/remotepluginprocess/remotepluginprocess.cpp 496 startTask operation is completed
Feb 13 15:02:16 ubuntu-phablet signonpluginprocess[13128]: base-plugin.cpp 152 handleNetworkError : error signal received: 302
Feb 13 15:02:16 ubuntu-phablet signonpluginprocess[13128]: base-plugin.cpp 167 handleNetworkError : Contents: "{#012 "error" : "invalid_grant",#012 "error_description" : "Token has been revoked."#012}"

So, this is a but in signon-plugin-oauth2, which should discard the refresh token and try the authentication again if some error happens while using the refresh token.

affects: ubuntu-system-settings-online-accounts (Ubuntu) → signon-plugin-oauth2 (Ubuntu)
Changed in signon-plugin-oauth2 (Ubuntu):
assignee: nobody → Alberto Mardegan (mardy)
no longer affects: ubuntu-system-settings-online-accounts
Changed in signon-plugin-oauth2 (Ubuntu):
status: New → In Progress
affects: ubuntu-system-settings-online-accounts (Ubuntu RTM) → signon-plugin-oauth2 (Ubuntu RTM)
Changed in signon-plugin-oauth2 (Ubuntu RTM):
assignee: nobody → Alberto Mardegan (mardy)
status: New → Confirmed
David Barth (dbarth) on 2015-02-19
Changed in signon-plugin-oauth2 (Ubuntu RTM):
status: Confirmed → Fix Committed
Changed in signon-plugin-oauth2 (Ubuntu):
status: In Progress → Fix Committed

I can not test this anymore, I tried to revoke the account manually, and re-sync but now syncevolution is getting stuck on 0%.
This is the log from syncevolution.

      <br/>invisiblefilter:</li>
        <li><i>[2015-02-19 19:41:11.114]</i>&nbsp;ContextSupport ReadNextItem:allfields</li>
        <li><i>[2015-02-19 19:41:11.114]</i>&nbsp;Executing Script 'initscript'</li>
        <li><i>[2015-02-19 19:41:11.114]</i>&nbsp;Now reading local sync set: report changes since reference1 at &lt;no time&gt;, and since reference2 at &lt;no time&gt;</li>
        <li><i>[2015-02-19 19:41:11.114]</i>&nbsp;slow sync or testing, do full item scan to detect changes</li>
        <li><i>[2015-02-19 19:41:11.114]</i>&nbsp;starting PROPFIND, credentials unverified, deadline in 300.0s</li>
        <li><i>[2015-02-19 19:41:11.115]</i>&nbsp;retrieving OAuth2 token, attempt 0</li>
        <li><i>[2015-02-19 19:41:11.115]</i>&nbsp;asking for OAuth2 token with method oauth2, mechanism web_server and parameters {'ForceClientAuthViaRequestBody': &lt;true&gt;, 'Host': &lt;'accounts.google.com'&gt;, 'AllowedSchemes': &lt;['https', 'http']&gt;, 'Scope': &lt;['email', 'https://www.googleapis.com/auth/carddav']&gt;, 'UiPolicy': &lt;uint32 0&gt;, 'ClientId': &lt;'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'&gt;, 'ResponseType': &lt;'code'&gt;, 'AuthPath': &lt;'o/oauth2/auth?access_type=offline'&gt;, 'ClientSecret': XXXXXXXXXXXXXXXXXXXXXXXXXXXX'&gt;, 'RedirectUri': &lt;'https://wiki.ubuntu.com/'&gt;, 'TokenPath': &lt;'o/oauth2/token'&gt;}</li>
        <li><i>[2015-02-19 19:41:43.111]</i>&nbsp;signon-identity.c:360: identity_remote_object_destroyed_cb 360</li>

Changed in canonical-devices-system-image:
milestone: ww09-2015 → ww13-2015
status: Confirmed → In Progress
Changed in sync-monitor (Ubuntu):
assignee: nobody → Renato Araujo Oliveira Filho (renatofilho)
status: New → In Progress
importance: Undecided → High
David Barth (dbarth) on 2015-03-31
Changed in canonical-devices-system-image:
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package sync-monitor - 0.1+15.04.20150327-0ubuntu1

---------------
sync-monitor (0.1+15.04.20150327-0ubuntu1) vivid; urgency=medium

  [ CI Train Bot ]
  * New rebuild forced.

  [ Renato Araujo Oliveira Filho ]
  * Created sync-monitor-helper to re-authenticate accounts. (LP:
    #1420934)
 -- CI Train Bot <email address hidden> Fri, 27 Mar 2015 11:13:09 +0000

Changed in sync-monitor (Ubuntu):
status: In Progress → Fix Released
Changed in canonical-devices-system-image:
milestone: ww13-2015 → ww26-2015
David Barth (dbarth) on 2015-06-11
Changed in webapps-sprint:
assignee: nobody → Alberto Mardegan (mardy)
milestone: none → sprint-10
importance: Undecided → High
David Barth (dbarth) wrote :

This is fixed in all but older RTM releases. OTA-4 has the fix as well, so no point in backporting.

no longer affects: webapps-sprint
Changed in canonical-devices-system-image:
milestone: ww26-2015 → ww28-2015
Alberto Mardegan (mardy) wrote :

The online-accounts fixes landed into vivid in 19.03.2015.

Changed in canonical-devices-system-image:
status: Fix Committed → Fix Released
Changed in signon-plugin-oauth2 (Ubuntu):
status: Fix Committed → Fix Released
Changed in signon-plugin-oauth2 (Ubuntu RTM):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Bug attachments