Invalidated tokens not handled gracefully

Bug #1248326 reported by Martin Albisetti on 2013-11-05
34
This bug affects 4 people
Affects Status Importance Assigned to Milestone
Ubuntu One Client
High
Unassigned
Ubuntu One Control Panel
High
Mike McCracken
ubuntuone-credentials (Ubuntu)
High
Unassigned
unity-scope-click (Ubuntu)
Undecided
Unassigned

Bug Description

Currently, when you remove a token/device from U1, you're stuck with a broken account.
U1 client applications should handle this more gracefully and ask the user for his password again and get a new token, transparently.

Related branches

Jamie Strandboge (jdstrand) wrote :

Workaround: delete the UbuntuOne account and recreate it. Note, after deleting the UbuntuOne account, you can't create a new UbuntuOne account in System Settings/Accounts without restart System Settings/Accounts.

Alberto Mardegan (mardy) wrote :

The way I think this bug should be solved: when the U1 client receives an error and becomes aware that the token is invalid, it asks Online Accounts to reauthenticate, but adding a special keyword to the parameters map, which the signon U1 plugin recognizes and uses to first clear any pre-existing tokens. For example, the key could be "ClearTokens": true.

Changed in ubuntu-system-settings-online-accounts:
assignee: nobody → Alberto Mardegan (mardy)
status: New → Triaged
Mike McCracken (mikemc) wrote :

@Alberto, ubuntuone-credentials uses signon-plugin-password. We don't use a custom signon plugin.
This was the fastest path to code we could be confident in - it reuses most of the previously working code that used the keyring.

Remember, we have custom QML UI for the login screen, which means we have these options:
1. a U1 signon plugin has to display that UI (no plugin exists, and AFAIK, it is not currently supported for plugins to show QML UI on Touch)
2. we add support to libubuntuoneauth for the client app to show the login UI (possible, but not trivial, and breaks the 'everything in online-accounts' goal)
3. in the client, we simply delete the current U1 account via existing tested API in libubuntuoneauth, and show the user a message to go recreate it. This is the fastest way to a better experience - it's a small change, it's well tested and it's only a bit more annoying.
It also doesn't lose any per-app access settings (which would be one reason to avoid just nuking an existing account), because u1 doesn't use any.

description: updated
Mike McCracken (mikemc) wrote :

So I'm removing the 'affects' for system-settings-online-accounts, because I don't think the fix requires any changes there.

no longer affects: ubuntu-system-settings-online-accounts

On 11/20/2013 12:30 AM, Mike McCracken wrote:
> @Alberto, ubuntuone-credentials uses signon-plugin-password. We don't use a custom signon plugin.
> This was the fastest path to code we could be confident in - it reuses most of the previously working code that used the keyring.

Right, I forgot about it.

> Remember, we have custom QML UI for the login screen, which means we have these options:
> 1. a U1 signon plugin has to display that UI (no plugin exists, and AFAIK, it is not currently supported for plugins to show QML UI on Touch)
> 2. we add support to libubuntuoneauth for the client app to show the login UI (possible, but not trivial, and breaks the 'everything in online-accounts' goal)
> 3. in the client, we simply delete the current U1 account via existing tested API in libubuntuoneauth, and show the user a message to go recreate it. This is the fastest way to a better experience - it's a small change, it's well tested and it's only a bit more annoying.
> It also doesn't lose any per-app access settings (which would be one reason to avoid just nuking an existing account), because u1 doesn't use any.

I agree with you that option #2 is bad. #3 is obviously a workaround, so
I'm all for option #1.
It's actually easier than what you think: signond already supports a
special parameter to clear the stored password ("UiPolicy": 1 -- it's an
enum, defined in <SignOn/SessionData> aka
/usr/include/signon-qt5/SignOn/session-data.h). With this flag, the
signon-plugin-password will receive an empty password, and will ask
signond to fire up signon-ui to request a new password from the user.

This can work already now on the desktop, however I didn't try it on the
phone; given that for this code-path signon-ui is using a QWidget-based
UI, things might not work.
However, it shouldn't be too hard to implement the same UI in QML, and
it's something that needs to be done anyway, sooner or later.

So, please try this out and let me know. If things don't work, I can
prioritize this work in signon-ui.

dobey (dobey) on 2013-11-20
Changed in ubuntuone-credentials:
importance: Undecided → High
status: New → Confirmed
Changed in ubuntuone-control-panel:
importance: Undecided → High
status: New → Confirmed
Changed in ubuntuone-client:
status: New → Confirmed
importance: Undecided → High

When we implemented the Ubuntu One plug-in to online-accounts for 13.10, it was not possible to use a standard OAuth way of getting a token, and using the pre-existing infrastructure for OAuth that exists in online-accounts.

However, there have been some recent improvements on the server side, and we may be able to scrap all the existing plug-in code, in favor of using the standard OAuth method and plug-ins. This will require at least an additional change on the server to implement the OAuth 1.0a protocol for token acquisition, and may require a few smaller changes to the server as well. It may also require that the clients which are currently using the Ubuntu One token via online-accounts, be modified to work with the service like it would any other OAuth online account. We are currently investigating this possibility, as it would be the most beneficial for us I think.

Mike McCracken (mikemc) on 2013-11-26
Changed in ubuntuone-control-panel:
assignee: nobody → Mike McCracken (mikemc)
dobey (dobey) on 2013-11-26
summary: - Handle invalidated token in a more user-friendly way
+ Invalidated tokens not handled gracefully
Changed in ubuntuone-control-panel:
status: Confirmed → Fix Committed
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

dobey (dobey) on 2013-12-12
affects: unity-scope-click → unity-scope-click (Ubuntu)
Changed in unity-scope-click (Ubuntu):
status: New → Confirmed
dobey (dobey) on 2013-12-12
affects: ubuntuone-credentials → ubuntuone-credentials (Ubuntu)
Mike McCracken (mikemc) on 2013-12-18
Changed in unity-scope-click (Ubuntu):
status: New → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (3.2 KiB)

This bug was fixed in the package unity-scope-click - 0.1+14.04.20140113-0ubuntu1

---------------
unity-scope-click (0.1+14.04.20140113-0ubuntu1) trusty; urgency=low

  [ Michal Hruby ]
  * Update definition of non-click apps, so we don't waste time trying
    to find them. (LP: #1239745)

  [ Ying-Chun Liu ]
  * Fix GVariant critical errors. (LP: 1234833). (LP: #1234833)

  [ Leo Arias ]
  * Added a simple autopilot test that opens the scope.

  [ Alejandro J. Cura ]
  * Reinstate get_dotdesktop test.
  * When opening a preview, check if there's a download in progress.
  * Handle invalidated tokens by removing UOA account. (LP: #1248326).
    (LP: #1248326)

  [ Michael McCracken ]
  * Generate app preview for purchasing in response to a buy action.
    Handle purchase succeeded/failed.
  * When opening a preview, check if there's a download in progress.
  * Handle invalidated tokens by removing UOA account. (LP: #1248326).
    (LP: #1248326)
  * Send correct application:/// url to preview after install (LP:
    #1262780). (LP: #1262780)
  * Check for download progress when building default preview (LP:
    #1263807). (LP: #1263807)

  [ Rodney Dawes ]
  * Add a CLICK_PACKAGE_ARCH env var to override the architecture for
    testing. (LP: #1237514)
  * Use a "Buy" button for uninstalled apps with non-zero prices. (LP:
    #1257292)
  * Get rid of tests that depend too heavily on external processes or
    data. (LP: #1257474)
  * Run the tests during make check. Rename click-scope-tests to more
    standard test-scope-click. Move click-scope-tests to a noinst
    program to avoid installation to system. . (LP: #1257475, #1257478,
    #1257479)
  * Bring back the get_credentials test, using a fake class to avoid
    dbus.
  * Refactor preview building to pass the ScopeResult, rather than only
    some values. (LP: #1258239)
  * Refactor the price to not be converted to a string until necessary.
    Show the price in the Buy button. (LP: #1258519)
  * Don't reimplement generated rules for vala. Take advantage of
    VALA_CHECK_MODULES to find vala packages. Split non-compatible
    mdoules to another PKG_CHECK_MODULES. Build majority of the code as
    a noinst lib, which click-scope and tests link to. Update the
    .bzrignore for an autools project. . (LP: #1258559)
  * Fix test_get_dotdesktop to use fake data, and remove the fake
    script. Move the contents of gcov.m4 to acinclude.m4 and remove the
    m4 directory. (LP: #1258177, #1257466)
  * Add autopkgtest configuration to the package. Remove the build-
    depends on libsecret-dev as we don't use it any longer. Simplify the
    vcs-bzr URL to just be the lp:unity-scope-click alias. (LP:
    #1261852)
  * Use $PROTOCOLPRIVATELIBDIR as $libdir may not be set to same path
    during build. (LP: #1262327)
  * Remove test_available_apps to avoid network access, and as the rest
    of the search() code is already tested in other tests. (LP:
    #1262364)
  * Replace the webservice object on the scope to avoid network access.
    (LP: #1262821)
  * Add dependency on ubuntu-purchase-service. Update the control file
    with wrap-and-sort -a -t.

  [ Ubuntu daily release ]
  * Automatic snaps...

Read more...

Changed in unity-scope-click (Ubuntu):
status: Fix Committed → Fix Released
dobey (dobey) on 2014-10-01
Changed in ubuntuone-client:
status: Confirmed → Won't Fix
Changed in ubuntuone-control-panel:
status: Fix Committed → Fix Released
Andrea Bernabei (faenil) wrote :

any update?

My krillin (Aquaris E4.5 phone) just forgot its U1 login and unexpectedly asked me to sign in again...

after discussing with @mardy, it turns out it's this bug

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers