21#include <QMutexLocker>
24#include <QSqlDatabase>
33#include <QDomDocument>
34#include <QRegularExpression>
35#include <QCoreApplication>
36#include <QRandomGenerator>
41#include <QSslConfiguration>
62const QString QgsAuthManager::AUTH_CONFIG_TABLE = QStringLiteral(
"auth_configs" );
63const QString QgsAuthManager::AUTH_SERVERS_TABLE = QStringLiteral(
"auth_servers" );
65const QString QgsAuthManager::AUTH_CFG_REGEX = QStringLiteral(
"authcfg=([a-z]|[A-Z]|[0-9]){7}" );
68const QLatin1String QgsAuthManager::AUTH_PASSWORD_HELPER_KEY_NAME_BASE(
"QGIS-Master-Password" );
69const QLatin1String QgsAuthManager::AUTH_PASSWORD_HELPER_FOLDER_NAME(
"QGIS" );
75#elif defined(Q_OS_WIN)
77#elif defined(Q_OS_LINUX)
86 QMutexLocker locker( &sMutex );
97 mMutex = std::make_unique<QRecursiveMutex>();
98 mMasterPasswordMutex = std::make_unique<QRecursiveMutex>();
100 this, &QgsAuthManager::writeToConsole );
114 QMutexLocker locker( mMutex.get() );
119 return storage->authDatabaseConnection();
133 const QList<QgsAuthConfigurationStorage *> storages { storageRegistry->
readyStorages() };
136 if (
auto dbStorage = qobject_cast<QgsAuthConfigurationStorageDb *>( storage ) )
140 return dbStorage->quotedQualifiedIdentifier( dbStorage->methodConfigTableName() );
153 const auto drivers { QSqlDatabase::drivers() };
154 for (
const QString &driver : std::as_const( drivers ) )
156 if ( driver != ( QStringLiteral(
"QSQLITE" ) ) && driver != ( QStringLiteral(
"QSPATIALITE" ) ) && uri.startsWith( driver ) )
166 return mAuthDatabaseConnectionUri;
171 QRegularExpression re( QStringLiteral(
"password=(.*)" ) );
172 QString uri = mAuthDatabaseConnectionUri;
173 return uri.replace( re, QStringLiteral(
"password=*****" ) );
179 mAuthDatabaseConnectionUri = authDatabasePath.startsWith( QLatin1String(
"QSQLITE://" ) ) ? authDatabasePath : QStringLiteral(
"QSQLITE://" ) + authDatabasePath;
180 return initPrivate( pluginPath );
185 static QRecursiveMutex sInitializationMutex;
186 static bool sInitialized =
false;
188 sInitializationMutex.lock();
191 sInitializationMutex.unlock();
192 return mLazyInitResult;
195 mLazyInitResult =
const_cast< QgsAuthManager *
>( this )->initPrivate( mPluginPath );
197 sInitializationMutex.unlock();
199 return mLazyInitResult;
202bool QgsAuthManager::initPrivate(
const QString &pluginPath )
211 mQcaInitializer = std::make_unique<QCA::Initializer>( QCA::Practical, 256 );
214 QCA::scanForPlugins();
216 QgsDebugMsgLevel( QStringLiteral(
"QCA Plugin Diagnostics Context: %1" ).arg( QCA::pluginDiagnosticText() ), 2 );
217 QStringList capabilities;
219 capabilities = QCA::supportedFeatures();
220 QgsDebugMsgLevel( QStringLiteral(
"QCA supports: %1" ).arg( capabilities.join(
"," ) ), 2 );
223 if ( !QCA::isSupported(
"cert", QStringLiteral(
"qca-ossl" ) ) )
225 mAuthDisabled =
true;
226 mAuthDisabledMessage = tr(
"QCA's OpenSSL plugin (qca-ossl) is missing" );
230 QgsDebugMsgLevel( QStringLiteral(
"Prioritizing qca-ossl over all other QCA providers..." ), 2 );
231 const QCA::ProviderList provds = QCA::providers();
233 for ( QCA::Provider *p : provds )
235 QString pn = p->name();
237 if ( pn != QLatin1String(
"qca-ossl" ) )
239 pr = QCA::providerPriority( pn ) + 1;
241 QCA::setProviderPriority( pn, pr );
242 prlist << QStringLiteral(
"%1:%2" ).arg( pn ).arg( QCA::providerPriority( pn ) );
244 QgsDebugMsgLevel( QStringLiteral(
"QCA provider priorities: %1" ).arg( prlist.join(
", " ) ), 2 );
251 QgsDebugMsgLevel( QStringLiteral(
"Authentication methods found: %1" ).arg( methods.join(
", " ) ), 2 );
253 if ( methods.isEmpty() )
255 mAuthDisabled =
true;
256 mAuthDisabledMessage = tr(
"No authentication method plugins found" );
262 mAuthDisabled =
true;
263 mAuthDisabledMessage = tr(
"No authentication method plugins could be loaded" );
267 QgsDebugMsgLevel( QStringLiteral(
"Auth database URI: %1" ).arg( mAuthDatabaseConnectionUri ), 2 );
270 const QString sqliteDbPath { sqliteDatabasePath() };
271 if ( ! sqliteDbPath.isEmpty() )
275 else if ( ! mAuthDatabaseConnectionUri.isEmpty() )
298 const QString err = tr(
"Failed to initialize storage %1: %2" ).arg( storage->
name(), storage->
lastError() );
316 const char *passenv =
"QGIS_AUTH_PASSWORD_FILE";
319 QString passpath( getenv( passenv ) );
329 QFile passfile( passpath );
330 if ( passfile.exists() && passfile.open( QIODevice::ReadOnly | QIODevice::Text ) )
332 QTextStream passin( &passfile );
333 while ( !passin.atEnd() )
335 masterpass = passin.readLine();
340 if ( !masterpass.isEmpty() )
344 QgsDebugMsgLevel( QStringLiteral(
"Authentication master password set from QGIS_AUTH_PASSWORD_FILE" ), 2 );
348 QgsDebugError(
"QGIS_AUTH_PASSWORD_FILE set, but FAILED to set password using: " + passpath );
354 QgsDebugError(
"QGIS_AUTH_PASSWORD_FILE set, but FAILED to read password from: " + passpath );
364 mPluginPath = pluginPath;
365 mAuthDatabaseConnectionUri = authDatabasePath;
374 QgsDebugError( QStringLiteral(
"Authentication system DISABLED: QCA's qca-ossl (OpenSSL) plugin is missing" ) );
376 return mAuthDisabled;
383 return tr(
"Authentication system is DISABLED:\n%1" ).arg( mAuthDisabledMessage );
387const QString QgsAuthManager::sqliteDatabasePath()
const
395 QString path = mAuthDatabaseConnectionUri;
396 if ( path.startsWith( QStringLiteral(
"QSQLITE://" ), Qt::CaseSensitivity::CaseInsensitive ) )
398 path = path.mid( 10 );
400 else if ( path.startsWith( QStringLiteral(
"QSPATIALITE://" ), Qt::CaseSensitivity::CaseInsensitive ) )
402 path = path.mid( 14 );
405 return QDir::cleanPath( path );
410 return sqliteDatabasePath();
417 QMutexLocker locker( mMasterPasswordMutex.get() );
421 if ( mScheduledDbErase )
424 if ( mMasterPass.isEmpty() )
426 QgsDebugMsgLevel( QStringLiteral(
"Master password is not yet set by user" ), 2 );
427 if ( !masterPasswordInput() )
429 QgsDebugMsgLevel( QStringLiteral(
"Master password input canceled by user" ), 2 );
443 QgsDebugMsgLevel( QStringLiteral(
"Master password is set and verified" ), 2 );
451 QMutexLocker locker( mMutex.get() );
455 if ( mScheduledDbErase )
459 QString prevpass = QString( mMasterPass );
463 mMasterPass = prevpass;
464 const char *err = QT_TR_NOOP(
"Master password set: FAILED to verify, reset to previous" );
470 QgsDebugMsgLevel( QStringLiteral(
"Master password set: SUCCESS%1" ).arg( verify ?
" and verified" :
"" ), 2 );
482 if ( !masterPasswordRowsInDb( &rows ) )
484 const char *err = QT_TR_NOOP(
"Master password: FAILED to access database" );
492 QgsDebugMsgLevel( QStringLiteral(
"Master password: %1 rows in database" ).arg( rows ), 2 );
496 const char *err = QT_TR_NOOP(
"Master password: FAILED to find just one master password record in database" );
503 else if ( rows == 1 )
505 if ( !masterPasswordCheckAgainstDb( compare ) )
507 if ( compare.isNull() )
509 const char *err = QT_TR_NOOP(
"Master password: FAILED to verify against hash in database" );
518 if ( mPassTries >= 5 )
520 mAuthDisabled =
true;
521 const char *err = QT_TR_NOOP(
"Master password: failed 5 times authentication system DISABLED" );
529 QgsDebugMsgLevel( QStringLiteral(
"Master password: verified against hash in database" ), 2 );
530 if ( compare.isNull() )
534 else if ( compare.isNull() )
536 if ( !masterPasswordStoreInDb() )
538 const char *err = QT_TR_NOOP(
"Master password: hash FAILED to be stored in database" );
547 QgsDebugMsgLevel( QStringLiteral(
"Master password: hash stored in database" ), 2 );
550 if ( !masterPasswordCheckAgainstDb() )
552 const char *err = QT_TR_NOOP(
"Master password: FAILED to verify against hash in database" );
562 QgsDebugMsgLevel( QStringLiteral(
"Master password: verified against hash in database" ), 2 );
574 return !mMasterPass.isEmpty();
581 return mMasterPass == pass;
585 bool keepbackup, QString *backuppath )
601 QgsDebugMsgLevel( QStringLiteral(
"Master password reset: backed up current database" ), 2 );
604 QString prevpass = QString( mMasterPass );
605 QString prevciv = QString( masterPasswordCiv() );
611 if ( ok && !masterPasswordClearDb() )
614 const char *err = QT_TR_NOOP(
"Master password reset FAILED: could not clear current password from database" );
620 QgsDebugMsgLevel( QStringLiteral(
"Master password reset: cleared current password from database" ), 2 );
627 if ( ok && !masterPasswordStoreInDb() )
630 const char *err = QT_TR_NOOP(
"Master password reset FAILED: could not store new password in database" );
636 QgsDebugMsgLevel( QStringLiteral(
"Master password reset: stored new password in database" ), 2 );
643 const char *err = QT_TR_NOOP(
"Master password reset FAILED: could not verify new password in database" );
649 if ( ok && !reencryptAllAuthenticationConfigs( prevpass, prevciv ) )
652 const char *err = QT_TR_NOOP(
"Master password reset FAILED: could not re-encrypt configs in database" );
658 QgsDebugMsgLevel( QStringLiteral(
"Master password reset: re-encrypted configs in database" ), 2 );
662 if ( ok && !verifyPasswordCanDecryptConfigs() )
665 const char *err = QT_TR_NOOP(
"Master password reset FAILED: could not verify password can decrypt re-encrypted configs" );
670 if ( ok && !reencryptAllAuthenticationSettings( prevpass, prevciv ) )
673 const char *err = QT_TR_NOOP(
"Master password reset FAILED: could not re-encrypt settings in database" );
678 if ( ok && !reencryptAllAuthenticationIdentities( prevpass, prevciv ) )
681 const char *err = QT_TR_NOOP(
"Master password reset FAILED: could not re-encrypt identities in database" );
690 QString errdbbackup( dbbackup );
691 errdbbackup.replace( QLatin1String(
".db" ), QLatin1String(
"_ERROR.db" ) );
692 QFile::rename( sqliteDatabasePath(), errdbbackup );
693 QgsDebugError( QStringLiteral(
"Master password reset FAILED: backed up failed db at %1" ).arg( errdbbackup ) );
695 QFile::rename( dbbackup, sqliteDatabasePath() );
696 mMasterPass = prevpass;
697 QgsDebugError( QStringLiteral(
"Master password reset FAILED: reinstated previous password and database" ) );
701 *backuppath = errdbbackup;
707 if ( !keepbackup && !QFile::remove( dbbackup ) )
709 const char *err = QT_TR_NOOP(
"Master password reset: could not remove old database backup" );
717 QgsDebugMsgLevel( QStringLiteral(
"Master password reset: backed up previous db at %1" ).arg( dbbackup ), 2 );
719 *backuppath = dbbackup;
731 mScheduledDbErase = scheduleErase;
733 mScheduledDbEraseRequestEmitted =
false;
734 mScheduledDbEraseRequestCount = 0;
738 if ( !mScheduledDbEraseTimer )
740 mScheduledDbEraseTimer =
new QTimer(
this );
741 connect( mScheduledDbEraseTimer, &QTimer::timeout,
this, &QgsAuthManager::tryToStartDbErase );
742 mScheduledDbEraseTimer->start( mScheduledDbEraseRequestWait * 1000 );
744 else if ( !mScheduledDbEraseTimer->isActive() )
746 mScheduledDbEraseTimer->start();
751 if ( mScheduledDbEraseTimer && mScheduledDbEraseTimer->isActive() )
752 mScheduledDbEraseTimer->stop();
761 qDeleteAll( mAuthMethods );
762 mAuthMethods.clear();
764 for (
const auto &authMethodKey : methods )
769 return !mAuthMethods.isEmpty();
781#ifndef __clang_analyzer__
784 QTimer::singleShot( 3, &loop, &QEventLoop::quit );
791 for (
int i = 0; i < len; i++ )
793 switch ( QRandomGenerator::system()->generate() % 2 )
796 id +=
static_cast<char>(
'0' + QRandomGenerator::system()->generate() % 10 );
799 id +=
static_cast<char>(
'a' + QRandomGenerator::system()->generate() % 26 );
803 if ( !configids.contains(
id ) )
808 QgsDebugMsgLevel( QStringLiteral(
"Generated unique ID: %1" ).arg(
id ), 2 );
821 const char *err = QT_TR_NOOP(
"Config ID is empty" );
827 return !configids.contains(
id );
832 const thread_local QRegularExpression authCfgRegExp( AUTH_CFG_REGEX );
833 return txt.indexOf( authCfgRegExp ) != -1;
840 QMutexLocker locker( mMutex.get() );
841 QStringList providerAuthMethodsKeys;
842 if ( !dataprovider.isEmpty() )
859 if ( providerAuthMethodsKeys.isEmpty() || providerAuthMethodsKeys.contains( config.method() ) )
862 if ( baseConfigs.contains( config.id() ) )
869 baseConfigs.insert( config.id(), config );
875 if ( storages.empty() )
878 QgsDebugError( QStringLiteral(
"No credentials storages found" ) );
897 if ( !
configIds.contains( config.id() ) )
899 mConfigAuthMethods.insert( config.id(), config.method() );
900 QgsDebugMsgLevel( QStringLiteral(
"Stored auth config/methods:\n%1 %2" ).arg( config.id(), config.method() ), 2 );
906 QgsDebugMsgLevel( QStringLiteral(
"A config with same id %1 was already added, skipping from %2" ).arg( config.id(), storage->
name() ), 2 );
919 if ( !mConfigAuthMethods.contains( authcfg ) )
921 QgsDebugError( QStringLiteral(
"No config auth method found in database for authcfg: %1" ).arg( authcfg ) );
925 QString authMethodKey = mConfigAuthMethods.value( authcfg );
937 return mConfigAuthMethods.value( authcfg, QString() );
952 if ( !mAuthMethods.contains( authMethodKey ) )
954 QgsDebugError( QStringLiteral(
"No auth method registered for auth method key: %1" ).arg( authMethodKey ) );
958 return mAuthMethods.value( authMethodKey );
965 if ( !mAuthMethods.contains( authMethodKey ) )
967 QgsDebugError( QStringLiteral(
"No auth method registered for auth method key: %1" ).arg( authMethodKey ) );
979 if ( dataprovider.isEmpty() )
985 QgsAuthMethodsMap::const_iterator i = mAuthMethods.constBegin();
986 while ( i != mAuthMethods.constEnd() )
989 && ( i.value()->supportedDataProviders().contains( QStringLiteral(
"all" ) )
990 || i.value()->supportedDataProviders().contains( dataprovider ) ) )
992 filteredmap.insert( i.key(), i.value() );
1000QWidget *QgsAuthManager::authMethodEditWidget(
const QString &authMethodKey, QWidget *parent )
1006 return method->editWidget( parent );
1031 QMutexLocker locker( mMutex.get() );
1038 const char *err = QT_TR_NOOP(
"Store config: FAILED because config is invalid" );
1044 QString uid = config.
id();
1045 bool passedinID = !uid.isEmpty();
1046 if ( uid.isEmpty() )
1054 const char *err = QT_TR_NOOP(
"Store config: FAILED because pre-defined config ID %1 is not unique" );
1062 const char *err = QT_TR_NOOP(
"Store config: FAILED because pre-defined config ID %1 could not be removed" );
1071 if ( configstring.isEmpty() )
1073 const char *err = QT_TR_NOOP(
"Store config: FAILED because config string is empty" );
1081 if ( defaultStorage->isEncrypted() )
1088 configCopy.
setId( uid );
1089 if ( !defaultStorage->storeMethodConfig( configCopy, configstring ) )
1103 config.
setId( uid );
1107 QgsDebugMsgLevel( QStringLiteral(
"Store config SUCCESS for authcfg: %1" ).arg( uid ), 2 );
1115 QMutexLocker locker( mMutex.get() );
1120 if ( !config.
isValid(
true ) )
1122 const char *err = QT_TR_NOOP(
"Update config: FAILED because config is invalid" );
1129 if ( configstring.isEmpty() )
1131 const char *err = QT_TR_NOOP(
"Update config: FAILED because config is empty" );
1162 if ( storages.empty() )
1173 QgsDebugMsgLevel( QStringLiteral(
"Update config SUCCESS for authcfg: %1" ).arg( config.
id() ), 2 );
1188 QMutexLocker locker( mMutex.get() );
1200 if ( ! config.
isValid(
true ) || ( full && payload.isEmpty() ) )
1223 QgsDebugError( QStringLiteral(
"Update of authcfg %1 FAILED for auth method %2" ).arg( authcfg, authMethodKey ) );
1226 QgsDebugMsgLevel( QStringLiteral(
"Load %1 config SUCCESS for authcfg: %2" ).arg( full ?
"full" :
"base", authcfg ), 2 );
1231 if ( storages.empty() )
1247 QMutexLocker locker( mMutex.get() );
1251 if ( authcfg.isEmpty() )
1270 QgsDebugMsgLevel( QStringLiteral(
"REMOVED config for authcfg: %1" ).arg( authcfg ), 2 );
1277 if ( storages.empty() )
1294 if ( filename.isEmpty() )
1297 QDomDocument document( QStringLiteral(
"qgis_authentication" ) );
1298 QDomElement root = document.createElement( QStringLiteral(
"qgis_authentication" ) );
1299 document.appendChild( root );
1302 if ( !password.isEmpty() )
1307 root.setAttribute( QStringLiteral(
"salt" ), salt );
1308 root.setAttribute( QStringLiteral(
"hash" ), hash );
1309 root.setAttribute( QStringLiteral(
"civ" ), civ );
1312 QDomElement configurations = document.createElement( QStringLiteral(
"configurations" ) );
1313 for (
const QString &authcfg : authcfgs )
1320 authMethodConfig.
writeXml( configurations, document );
1323 if ( !password.isEmpty() )
1325 QString configurationsString;
1326 QTextStream ts( &configurationsString );
1327#if QT_VERSION < QT_VERSION_CHECK(6, 0, 0)
1328 ts.setCodec(
"UTF-8" );
1330 configurations.save( ts, 2 );
1331 root.appendChild( document.createTextNode(
QgsAuthCrypto::encrypt( password, civ, configurationsString ) ) );
1335 root.appendChild( configurations );
1338 QFile file( filename );
1339 if ( !file.open( QFile::WriteOnly | QIODevice::Truncate ) )
1342 QTextStream ts( &file );
1343#if QT_VERSION < QT_VERSION_CHECK(6, 0, 0)
1344 ts.setCodec(
"UTF-8" );
1346 document.save( ts, 2 );
1355 QFile file( filename );
1356 if ( !file.open( QFile::ReadOnly ) )
1361 QDomDocument document( QStringLiteral(
"qgis_authentication" ) );
1362 if ( !document.setContent( &file ) )
1369 QDomElement root = document.documentElement();
1370 if ( root.tagName() != QLatin1String(
"qgis_authentication" ) )
1375 QDomElement configurations;
1376 if ( root.hasAttribute( QStringLiteral(
"salt" ) ) )
1378 QString salt = root.attribute( QStringLiteral(
"salt" ) );
1379 QString hash = root.attribute( QStringLiteral(
"hash" ) );
1380 QString civ = root.attribute( QStringLiteral(
"civ" ) );
1385 configurations = document.firstChild().toElement();
1389 configurations = root.firstChildElement( QStringLiteral(
"configurations" ) );
1392 QDomElement configuration = configurations.firstChildElement();
1393 while ( !configuration.isNull() )
1396 authMethodConfig.
readXml( configuration );
1399 configuration = configuration.nextSiblingElement();
1408 QMutexLocker locker( mMutex.get() );
1414 if ( defaultStorage->clearMethodConfigs() )
1418 QgsDebugMsgLevel( QStringLiteral(
"REMOVED all configs from the default storage" ), 2 );
1423 QgsDebugMsgLevel( QStringLiteral(
"FAILED to remove all configs from the default storage" ), 2 );
1439 QMutexLocker locker( mMutex.get() );
1441 if ( sqliteDatabasePath().isEmpty() )
1443 const char *err = QT_TR_NOOP(
"The authentication database is not filesystem-based" );
1449 if ( !QFile::exists( sqliteDatabasePath() ) )
1451 const char *err = QT_TR_NOOP(
"No authentication database found" );
1461 if ( authConn.isValid() && authConn.isOpen() )
1465 QString datestamp( QDateTime::currentDateTime().toString( QStringLiteral(
"yyyy-MM-dd-hhmmss" ) ) );
1466 QString dbbackup( sqliteDatabasePath() );
1467 dbbackup.replace( QLatin1String(
".db" ), QStringLiteral(
"_%1.db" ).arg( datestamp ) );
1469 if ( !QFile::copy( sqliteDatabasePath(), dbbackup ) )
1471 const char *err = QT_TR_NOOP(
"Could not back up authentication database" );
1478 *backuppath = dbbackup;
1480 QgsDebugMsgLevel( QStringLiteral(
"Backed up auth database at %1" ).arg( dbbackup ), 2 );
1488 QMutexLocker locker( mMutex.get() );
1499 if ( backuppath && !dbbackup.isEmpty() )
1500 *backuppath = dbbackup;
1504 if ( defaultStorage->erase() )
1506 mMasterPass = QString();
1534 const QString &dataprovider )
1546 QgsDebugError( QStringLiteral(
"Network request updating not supported by authcfg: %1" ).arg( authcfg ) );
1561 const QString &dataprovider )
1573 QgsDebugMsgLevel( QStringLiteral(
"Network reply updating not supported by authcfg: %1" ).arg( authcfg ), 3 );
1589 const QString &dataprovider )
1601 QgsDebugError( QStringLiteral(
"Data source URI updating not supported by authcfg: %1" ).arg( authcfg ) );
1628 QgsDebugError( QStringLiteral(
"Proxy updating not supported by authcfg: %1" ).arg( authcfg ) );
1637 QgsDebugMsgLevel( QStringLiteral(
"Proxy updated successfully from authcfg: %1" ).arg( authcfg ), 2 );
1648 QMutexLocker locker( mMutex.get() );
1649 if ( key.isEmpty() )
1652 QString storeval( value.toString() );
1675 if ( !defaultStorage->storeAuthSetting( key, storeval ) )
1693 QMutexLocker locker( mMutex.get() );
1694 if ( key.isEmpty() )
1700 QVariant value = defaultValue;
1708 if ( !storeval.isEmpty() )
1719 if ( storages.empty() )
1731 QMutexLocker locker( mMutex.get() );
1732 if ( key.isEmpty() )
1746 if ( storages.empty() )
1758 QMutexLocker locker( mMutex.get() );
1759 if ( key.isEmpty() )
1786 if ( storages.empty() )
1801 QMutexLocker locker( mMutex.get() );
1807 mCustomConfigByHostCache.clear();
1808 mHasCheckedIfCustomConfigByHostExists =
false;
1811 QgsDebugError( QStringLiteral(
"Init of SSL caches FAILED" ) );
1819 QMutexLocker locker( mMutex.get() );
1820 if ( cert.isNull() )
1822 QgsDebugError( QStringLiteral(
"Passed certificate is null" ) );
1827 QgsDebugError( QStringLiteral(
"Passed private key is null" ) );
1839 QgsDebugError( QStringLiteral(
"Store certificate identity: FAILED to remove pre-existing certificate identity %1" ).arg(
id ) );
1847 if ( !defaultStorage->storeCertIdentity( cert, keypem ) )
1865 QMutexLocker locker( mMutex.get() );
1867 QSslCertificate cert;
1878 if ( !cert.isNull() )
1884 if ( storages.empty() )
1896 QMutexLocker locker( mMutex.get() );
1897 QPair<QSslCertificate, QSslKey> bundle;
1912 if ( encryptedBundle.first.isNull() )
1914 QgsDebugError( QStringLiteral(
"Certificate identity bundle is null for id: %1" ).arg(
id ) );
1917 QSslKey key(
QgsAuthCrypto::decrypt( mMasterPass, masterPasswordCiv(), encryptedBundle.second ).toLatin1(),
1918 QSsl::Rsa, QSsl::Pem, QSsl::PrivateKey );
1921 QgsDebugError( QStringLiteral(
"Certificate identity bundle: FAILED to create private key" ) );
1924 bundle = qMakePair( encryptedBundle.first, key );
1929 if ( storages.empty() )
1942 QMutexLocker locker( mMutex.get() );
1946 return QStringList() << QString( bundle.first.toPem() ) << QString( bundle.second.toPem() );
1948 return QStringList();
1955 QMutexLocker locker( mMutex.get() );
1956 QList<QSslCertificate> certs;
1963 const QList<QSslCertificate> storageCerts = storage->
certIdentities();
1965 for (
const QSslCertificate &cert : std::as_const( storageCerts ) )
1967 if ( !certs.contains( cert ) )
1969 certs.append( cert );
1978 if ( storages.empty() )
1990 QMutexLocker locker( mMutex.get() );
2004 for (
const QString &
id : std::as_const( storageIds ) )
2006 if ( !ids.contains(
id ) )
2024 QMutexLocker locker( mMutex.get() );
2039 if ( storages.empty() )
2051 QMutexLocker locker( mMutex.get() );
2054 QgsDebugError( QStringLiteral(
"Passed bundle ID is empty" ) );
2074 if ( storages.empty() )
2087 QMutexLocker locker( mMutex.get() );
2099 QgsDebugError( QStringLiteral(
"Store SSL certificate custom config: FAILED to remove pre-existing config %1" ).arg(
id ) );
2105 if ( !defaultStorage->storeSslCertCustomConfig( config ) )
2118 mCustomConfigByHostCache.clear();
2127 QMutexLocker locker( mMutex.get() );
2130 if (
id.isEmpty() || hostport.isEmpty() )
2132 QgsDebugError( QStringLiteral(
"Passed config ID or host:port is empty" ) );
2156 if ( storages.empty() )
2170 if ( hostport.isEmpty() )
2175 QMutexLocker locker( mMutex.get() );
2177 if ( mCustomConfigByHostCache.contains( hostport ) )
2178 return mCustomConfigByHostCache.value( hostport );
2188 mCustomConfigByHostCache.insert( hostport, config );
2193 if ( storages.empty() )
2205 QMutexLocker locker( mMutex.get() );
2206 QList<QgsAuthConfigSslServer> configs;
2217 for (
const auto &config : std::as_const( storageConfigs ) )
2220 const QString hostPort = config.sslHostPort();
2221 const QString shaHostPort( QStringLiteral(
"%1:%2" ).arg(
id, hostPort ) );
2222 if ( ! ids.contains( shaHostPort ) )
2224 ids.append( shaHostPort );
2225 configs.append( config );
2232 configs.append( storageConfigs );
2235 if ( storages.empty() )
2247 QMutexLocker locker( mMutex.get() );
2248 if (
id.isEmpty() || hostPort.isEmpty() )
2250 QgsDebugError( QStringLiteral(
"Passed config ID or host:port is empty" ) );
2265 if ( storages.empty() )
2277 QMutexLocker locker( mMutex.get() );
2278 if (
id.isEmpty() || hostport.isEmpty() )
2280 QgsDebugError( QStringLiteral(
"Passed config ID or host:port is empty" ) );
2284 mCustomConfigByHostCache.clear();
2298 const QString shaHostPort( QStringLiteral(
"%1:%2" ).arg(
id, hostport ) );
2299 if ( mIgnoredSslErrorsCache.contains( shaHostPort ) )
2301 mIgnoredSslErrorsCache.remove( shaHostPort );
2307 if ( storages.empty() )
2320 QMutexLocker locker( mMutex.get() );
2321 if ( !mIgnoredSslErrorsCache.isEmpty() )
2323 QgsDebugMsgLevel( QStringLiteral(
"Ignored SSL errors cache items:" ), 1 );
2324 QHash<QString, QSet<QSslError::SslError> >::const_iterator i = mIgnoredSslErrorsCache.constBegin();
2325 while ( i != mIgnoredSslErrorsCache.constEnd() )
2328 for (
auto err : i.value() )
2332 QgsDebugMsgLevel( QStringLiteral(
"%1 = %2" ).arg( i.key(), errs.join(
", " ) ), 1 );
2346 QMutexLocker locker( mMutex.get() );
2353 QString shahostport( QStringLiteral(
"%1:%2" )
2356 if ( mIgnoredSslErrorsCache.contains( shahostport ) )
2358 mIgnoredSslErrorsCache.remove( shahostport );
2361 if ( !errenums.isEmpty() )
2363 mIgnoredSslErrorsCache.insert( shahostport, QSet<QSslError::SslError>( errenums.begin(), errenums.end() ) );
2364 QgsDebugMsgLevel( QStringLiteral(
"Update of ignored SSL errors cache SUCCEEDED for sha:host:port = %1" ).arg( shahostport ), 2 );
2369 QgsDebugMsgLevel( QStringLiteral(
"No ignored SSL errors to cache for sha:host:port = %1" ).arg( shahostport ), 2 );
2377 QMutexLocker locker( mMutex.get() );
2378 const thread_local QRegularExpression rx( QRegularExpression::anchoredPattern(
"\\S+:\\S+:\\d+" ) );
2379 if ( !rx.match( shahostport ).hasMatch() )
2381 QgsDebugError(
"Passed shahostport does not match \\S+:\\S+:\\d+, "
2382 "e.g. 74a4ef5ea94512a43769b744cda0ca5049a72491:www.example.com:443" );
2386 if ( mIgnoredSslErrorsCache.contains( shahostport ) )
2388 mIgnoredSslErrorsCache.remove( shahostport );
2391 if ( errors.isEmpty() )
2393 QgsDebugError( QStringLiteral(
"Passed errors list empty" ) );
2397 QSet<QSslError::SslError> errs;
2398 for (
const auto &error : errors )
2400 if ( error.error() == QSslError::NoError )
2403 errs.insert( error.error() );
2406 if ( errs.isEmpty() )
2408 QgsDebugError( QStringLiteral(
"Passed errors list does not contain errors" ) );
2412 mIgnoredSslErrorsCache.insert( shahostport, errs );
2414 QgsDebugMsgLevel( QStringLiteral(
"Update of ignored SSL errors cache SUCCEEDED for sha:host:port = %1" ).arg( shahostport ), 2 );
2423 QMutexLocker locker( mMutex.get() );
2424 QHash<QString, QSet<QSslError::SslError> > prevcache( mIgnoredSslErrorsCache );
2425 QHash<QString, QSet<QSslError::SslError> > nextcache;
2435 for (
const auto &config : std::as_const( customConfigs ) )
2438 if ( ! ids.contains( shaHostPort ) )
2440 ids.append( shaHostPort );
2441 if ( !config.sslIgnoredErrorEnums().isEmpty() )
2443 nextcache.insert( config.sslHostPort(), QSet<QSslError::SslError>( config.sslIgnoredErrorEnums().cbegin(), config.sslIgnoredErrorEnums().cend() ) );
2445 if ( prevcache.contains( config.sslHostPort() ) )
2447 prevcache.remove( config.sslHostPort() );
2457 if ( !prevcache.isEmpty() )
2460 QHash<QString, QSet<QSslError::SslError> >::const_iterator i = prevcache.constBegin();
2461 while ( i != prevcache.constEnd() )
2463 nextcache.insert( i.key(), i.value() );
2468 if ( nextcache != mIgnoredSslErrorsCache )
2470 mIgnoredSslErrorsCache.clear();
2471 mIgnoredSslErrorsCache = nextcache;
2472 QgsDebugMsgLevel( QStringLiteral(
"Rebuild of ignored SSL errors cache SUCCEEDED" ), 2 );
2477 QgsDebugMsgLevel( QStringLiteral(
"Rebuild of ignored SSL errors cache SAME AS BEFORE" ), 2 );
2486 QMutexLocker locker( mMutex.get() );
2487 if ( certs.isEmpty() )
2489 QgsDebugError( QStringLiteral(
"Passed certificate list has no certs" ) );
2493 for (
const auto &cert : certs )
2505 QMutexLocker locker( mMutex.get() );
2508 if ( cert.isNull() )
2510 QgsDebugError( QStringLiteral(
"Passed certificate is null" ) );
2516 QgsDebugError( QStringLiteral(
"Store certificate authority: FAILED to remove pre-existing certificate authority" ) );
2522 return defaultStorage->storeCertAuthority( cert );
2537 QMutexLocker locker( mMutex.get() );
2538 QSslCertificate emptycert;
2539 QSslCertificate cert;
2549 if ( !cert.isNull() )
2555 if ( storages.empty() )
2568 QMutexLocker locker( mMutex.get() );
2569 if ( cert.isNull() )
2571 QgsDebugError( QStringLiteral(
"Passed certificate is null" ) );
2586 if ( storages.empty() )
2598 QMutexLocker locker( mMutex.get() );
2599 if ( cert.isNull() )
2601 QgsDebugError( QStringLiteral(
"Passed certificate is null" ) );
2628 if ( storages.empty() )
2638 return QSslConfiguration::systemCaCertificates();
2645 QMutexLocker locker( mMutex.get() );
2646 QList<QSslCertificate> certs;
2647 QList<QSslCertificate> filecerts;
2656 QString cafile( cafileval.toString() );
2657 if ( !cafile.isEmpty() && QFile::exists( cafile ) )
2662 for (
const auto &cert : std::as_const( filecerts ) )
2664 if ( !allowinvalid.toBool() && ( cert.isBlacklisted()
2666 || cert.expiryDate() <= QDateTime::currentDateTime()
2667 || cert.effectiveDate() > QDateTime::currentDateTime() ) )
2684 QMutexLocker locker( mMutex.get() );
2689 QList<QSslCertificate> certs;
2693 const QList<QSslCertificate> storageCerts = storage->
caCerts();
2695 for (
const QSslCertificate &cert : std::as_const( storageCerts ) )
2697 if ( !certs.contains( cert ) )
2699 certs.append( cert );
2708 if ( storages.empty() )
2720 QMutexLocker locker( mMutex.get() );
2728 QMutexLocker locker( mMutex.get() );
2729 mCaCertsCache.clear();
2735 bool res = !mCaCertsCache.isEmpty();
2737 QgsDebugError( QStringLiteral(
"Rebuild of CA certs cache FAILED" ) );
2745 QMutexLocker locker( mMutex.get() );
2746 if ( cert.isNull() )
2748 QgsDebugError( QStringLiteral(
"Passed certificate is null." ) );
2765 return defaultStorage->storeCertTrustPolicy( cert, policy );
2778 QMutexLocker locker( mMutex.get() );
2779 if ( cert.isNull() )
2781 QgsDebugError( QStringLiteral(
"Passed certificate is null" ) );
2797 if ( storages.empty() )
2809 QMutexLocker locker( mMutex.get() );
2810 if ( certs.empty() )
2812 QgsDebugError( QStringLiteral(
"Passed certificate list has no certs" ) );
2816 for (
const auto &cert : certs )
2828 QMutexLocker locker( mMutex.get() );
2829 if ( cert.isNull() )
2831 QgsDebugError( QStringLiteral(
"Passed certificate is null" ) );
2857 if ( storages.empty() )
2869 QMutexLocker locker( mMutex.get() );
2870 if ( cert.isNull() )
2880 if ( trustedids.contains(
id ) )
2884 else if ( untrustedids.contains(
id ) )
2900 return storeAuthSetting( QStringLiteral(
"certdefaulttrust" ),
static_cast< int >( policy ) );
2907 QMutexLocker locker( mMutex.get() );
2908 QVariant policy(
authSetting( QStringLiteral(
"certdefaulttrust" ) ) );
2920 QMutexLocker locker( mMutex.get() );
2921 mCertTrustCache.clear();
2932 for (
auto it = trustedCerts.cbegin(); it != trustedCerts.cend(); ++it )
2934 const QString
id { it.key( )};
2935 if ( ! ids.contains(
id ) )
2956 if ( ! storages.empty() )
2958 QgsDebugMsgLevel( QStringLiteral(
"Rebuild of cert trust policy cache SUCCEEDED" ), 2 );
2972 QMutexLocker locker( mMutex.get() );
2976 const QList<QPair<QgsAuthCertUtils::CaCertSource, QSslCertificate> > &certpairs( mCaCertsCache.values() );
2978 QList<QSslCertificate> trustedcerts;
2979 for (
int i = 0; i < certpairs.size(); ++i )
2981 QSslCertificate cert( certpairs.at( i ).second );
2983 if ( trustedids.contains( certid ) )
2986 trustedcerts.append( cert );
2992 trustedcerts.append( cert );
2997 QSslConfiguration sslconfig( QSslConfiguration::defaultConfiguration() );
2998 sslconfig.setCaCertificates( trustedcerts );
2999 QSslConfiguration::setDefaultConfiguration( sslconfig );
3001 return trustedcerts;
3008 QMutexLocker locker( mMutex.get() );
3009 if ( trustedCAs.isEmpty() )
3011 if ( mTrustedCaCertsCache.isEmpty() )
3018 const QList<QPair<QgsAuthCertUtils::CaCertSource, QSslCertificate> > &certpairs( mCaCertsCache.values() );
3020 QList<QSslCertificate> untrustedCAs;
3021 for (
int i = 0; i < certpairs.size(); ++i )
3023 QSslCertificate cert( certpairs.at( i ).second );
3024 if ( !trustedCAs.contains( cert ) )
3026 untrustedCAs.append( cert );
3029 return untrustedCAs;
3036 QMutexLocker locker( mMutex.get() );
3038 QgsDebugMsgLevel( QStringLiteral(
"Rebuilt trusted cert authorities cache" ), 2 );
3047 QMutexLocker locker( mMutex.get() );
3055 QMutexLocker locker( mMutex.get() );
3058 return passwordHelperWrite( mMasterPass );
3076 for (
const auto &authcfg : ids )
3096void QgsAuthManager::writeToConsole(
const QString &message,
3112 msg += QLatin1String(
"WARNING: " );
3115 msg += QLatin1String(
"ERROR: " );
3122 QTextStream out( stdout, QIODevice::WriteOnly );
3123 out << msg << Qt::endl;
3126void QgsAuthManager::tryToStartDbErase()
3130 ++mScheduledDbEraseRequestCount;
3132 int trycutoff = 90 / ( mScheduledDbEraseRequestWait ? mScheduledDbEraseRequestWait : 3 );
3133 if ( mScheduledDbEraseRequestCount >= trycutoff )
3136 QgsDebugMsgLevel( QStringLiteral(
"authDatabaseEraseRequest emitting/scheduling canceled" ), 2 );
3141 QgsDebugMsgLevel( QStringLiteral(
"authDatabaseEraseRequest attempt (%1 of %2)" )
3142 .arg( mScheduledDbEraseRequestCount ).arg( trycutoff ), 2 );
3148 mScheduledDbEraseRequestEmitted =
true;
3153 QgsDebugMsgLevel( QStringLiteral(
"authDatabaseEraseRequest emitted" ), 2 );
3156 QgsDebugMsgLevel( QStringLiteral(
"authDatabaseEraseRequest emit skipped" ), 2 );
3162 QMutexLocker locker( mMutex.get() );
3164 QMapIterator<QThread *, QMetaObject::Connection> iterator( mConnectedThreads );
3165 while ( iterator.hasNext() )
3168 QThread::disconnect( iterator.value() );
3179 qDeleteAll( mAuthMethods );
3184 if ( authConn.isValid() && authConn.isOpen() )
3187 delete mScheduledDbEraseTimer;
3188 mScheduledDbEraseTimer =
nullptr;
3189 QSqlDatabase::removeDatabase( QStringLiteral(
"authentication.configs" ) );
3194 QMutexLocker locker( mMutex.get() );
3195 if ( ! mAuthConfigurationStorageRegistry )
3197 mAuthConfigurationStorageRegistry = std::make_unique<QgsAuthConfigurationStorageRegistry>();
3199 return mAuthConfigurationStorageRegistry.get();
3203QString QgsAuthManager::passwordHelperName()
const
3205 return tr(
"Password Helper" );
3209void QgsAuthManager::passwordHelperLog(
const QString &msg )
const
3225 QKeychain::DeletePasswordJob job( AUTH_PASSWORD_HELPER_FOLDER_NAME );
3228 job.setAutoDelete(
false );
3229 job.setKey( authPasswordHelperKeyName() );
3231 connect( &job, &QKeychain::Job::finished, &loop, &QEventLoop::quit );
3236 mPasswordHelperErrorCode = job.error();
3237 mPasswordHelperErrorMessage = tr(
"Delete password failed: %1." ).arg( job.errorString() );
3248 passwordHelperProcessError();
3252QString QgsAuthManager::passwordHelperRead()
3259 QKeychain::ReadPasswordJob job( AUTH_PASSWORD_HELPER_FOLDER_NAME );
3262 job.setAutoDelete(
false );
3263 job.setKey( authPasswordHelperKeyName() );
3265 connect( &job, &QKeychain::Job::finished, &loop, &QEventLoop::quit );
3270 mPasswordHelperErrorCode = job.error();
3277 password = job.textData();
3279 if ( password.isEmpty() )
3281 mPasswordHelperErrorCode = QKeychain::EntryNotFound;
3292 passwordHelperProcessError();
3296bool QgsAuthManager::passwordHelperWrite(
const QString &password )
3300 Q_ASSERT( !password.isEmpty() );
3303 QKeychain::WritePasswordJob job( AUTH_PASSWORD_HELPER_FOLDER_NAME );
3306 job.setAutoDelete(
false );
3307 job.setKey( authPasswordHelperKeyName() );
3308 job.setTextData( password );
3310 connect( &job, &QKeychain::Job::finished, &loop, &QEventLoop::quit );
3315 mPasswordHelperErrorCode = job.error();
3323 passwordHelperClearErrors();
3328 passwordHelperProcessError();
3343 emit
messageLog( enabled ? tr(
"Your %1 will be <b>used from now</b> on to store and retrieve the master password." )
3345 tr(
"Your %1 will <b>not be used anymore</b> to store and retrieve the master password." )
3362void QgsAuthManager::passwordHelperClearErrors()
3364 mPasswordHelperErrorCode = QKeychain::NoError;
3365 mPasswordHelperErrorMessage.clear();
3368void QgsAuthManager::passwordHelperProcessError()
3372 if ( mPasswordHelperErrorCode == QKeychain::AccessDenied ||
3373 mPasswordHelperErrorCode == QKeychain::AccessDeniedByUser ||
3374 mPasswordHelperErrorCode == QKeychain::NoBackendAvailable ||
3375 mPasswordHelperErrorCode == QKeychain::NotImplemented )
3381 mPasswordHelperErrorMessage = tr(
"There was an error and integration with your %1 system has been disabled. "
3382 "You can re-enable it at any time through the \"Utilities\" menu "
3383 "in the Authentication pane of the options dialog. %2" )
3386 if ( mPasswordHelperErrorCode != QKeychain::NoError )
3392 passwordHelperClearErrors();
3396bool QgsAuthManager::masterPasswordInput()
3404 bool storedPasswordIsValid =
false;
3410 pass = passwordHelperRead();
3411 if ( ! pass.isEmpty() && ( mPasswordHelperErrorCode == QKeychain::NoError ) )
3417 storedPasswordIsValid =
true;
3433 if ( ok && !pass.isEmpty() && mMasterPass != pass )
3438 if ( passwordHelperWrite( pass ) )
3452bool QgsAuthManager::masterPasswordRowsInDb(
int *rows )
const
3461 QMutexLocker locker( mMutex.get() );
3479 if ( storages.empty() )
3496 if ( !masterPasswordRowsInDb( &rows ) )
3498 const char *err = QT_TR_NOOP(
"Master password: FAILED to access database" );
3504 return ( rows == 1 );
3507bool QgsAuthManager::masterPasswordCheckAgainstDb(
const QString &compare )
const
3519 const QList<QgsAuthConfigurationStorage::MasterPasswordConfig> passwords { defaultStorage->masterPasswords( ) };
3520 if ( passwords.size() == 0 )
3543bool QgsAuthManager::masterPasswordStoreInDb()
const
3550 QString salt, hash, civ;
3558 return defaultStorage->storeMasterPassword( { salt, civ, hash } );
3574bool QgsAuthManager::masterPasswordClearDb()
3586 return defaultStorage->clearMasterPasswords();
3603const QString QgsAuthManager::masterPasswordCiv()
const
3614 const QList<QgsAuthConfigurationStorage::MasterPasswordConfig> passwords { defaultStorage->masterPasswords( ) };
3615 if ( passwords.size() == 0 )
3620 return passwords.first().civ;
3640 QStringList configKeys = QStringList();
3654 for (
auto it = configs.cbegin(); it != configs.cend(); ++it )
3656 if ( !configKeys.contains( it.key() ) )
3658 configKeys.append( it.key() );
3676bool QgsAuthManager::verifyPasswordCanDecryptConfigs()
const
3699 for (
auto it = configs.cbegin(); it != configs.cend(); ++it )
3701 QString configstring(
QgsAuthCrypto::decrypt( mMasterPass, masterPasswordCiv(), it.value().config( QStringLiteral(
"encrypted_payload" ) ) ) );
3702 if ( configstring.isEmpty() )
3704 QgsDebugError( QStringLiteral(
"Verify password can decrypt configs FAILED, could not decrypt a config (id: %1) from storage %2" )
3705 .arg( it.key(), storage->
name() ) );
3719 if ( storages.empty() )
3728bool QgsAuthManager::reencryptAllAuthenticationConfigs(
const QString &prevpass,
const QString &prevciv )
3737 for (
const auto &configid : ids )
3739 res = res && reencryptAuthenticationConfig( configid, prevpass, prevciv );
3744bool QgsAuthManager::reencryptAuthenticationConfig(
const QString &authcfg,
const QString &prevpass,
const QString &prevciv )
3769 if ( payload.isEmpty() || ! config.
isValid(
true ) )
3771 QgsDebugError( QStringLiteral(
"Reencrypt FAILED, could not find config (id: %1)" ).arg( authcfg ) );
3776 if ( configstring.isEmpty() )
3778 QgsDebugError( QStringLiteral(
"Reencrypt FAILED, could not decrypt config (id: %1)" ).arg( authcfg ) );
3800 if ( storages.empty() )
3812bool QgsAuthManager::reencryptAllAuthenticationSettings(
const QString &prevpass,
const QString &prevciv )
3817 Q_UNUSED( prevpass )
3830 QStringList encryptedsettings;
3831 encryptedsettings <<
"";
3833 for (
const auto & sett, std::as_const( encryptedsettings ) )
3840 QSqlQuery query( authDbConnection() );
3842 query.prepare( QStringLiteral(
"SELECT value FROM %1 "
3843 "WHERE setting = :setting" ).arg( authDbSettingsTable() ) );
3845 query.bindValue(
":setting", sett );
3847 if ( !authDbQuery( &query ) )
3850 if ( !query.isActive() || !query.isSelect() )
3852 QgsDebugError( QStringLiteral(
"Reencrypt FAILED, query not active or a select operation for setting: %2" ).arg( sett ) );
3856 if ( query.first() )
3862 query.prepare( QStringLiteral(
"UPDATE %1 "
3863 "SET value = :value "
3864 "WHERE setting = :setting" ).arg( authDbSettingsTable() ) );
3866 query.bindValue(
":setting", sett );
3869 if ( !authDbStartTransaction() )
3872 if ( !authDbQuery( &query ) )
3875 if ( !authDbCommit() )
3878 QgsDebugMsgLevel( QStringLiteral(
"Reencrypt SUCCESS for setting: %2" ).arg( sett ), 2 );
3883 QgsDebugError( QStringLiteral(
"Reencrypt FAILED, could not find in db setting: %2" ).arg( sett ) );
3889 QgsDebugError( QStringLiteral(
"Select contains more than one for setting: %1" ).arg( sett ) );
3900bool QgsAuthManager::reencryptAllAuthenticationIdentities(
const QString &prevpass,
const QString &prevciv )
3909 for (
const auto &identid : ids )
3911 res = res && reencryptAuthenticationIdentity( identid, prevpass, prevciv );
3916bool QgsAuthManager::reencryptAuthenticationIdentity(
3917 const QString &identid,
3918 const QString &prevpass,
3919 const QString &prevciv )
3947 if ( keystring.isEmpty() )
3949 QgsDebugError( QStringLiteral(
"Reencrypt FAILED, could not decrypt identity id: %1" ).arg( identid ) );
3965 if ( storages.empty() )
3981 for (
const auto &cert : certs )
3984 QPair<QgsAuthCertUtils::CaCertSource, QSslCertificate>( source, cert ) );
3988QString QgsAuthManager::authPasswordHelperKeyName()
const
3992 QString dbProfilePath;
3998 const QFileInfo info( mAuthDatabaseConnectionUri );
3999 dbProfilePath = info.dir().dirName();
4003 dbProfilePath = QCryptographicHash::hash( ( mAuthDatabaseConnectionUri.toUtf8() ), QCryptographicHash::Md5 ).toHex();
4007 return AUTH_PASSWORD_HELPER_KEY_NAME_BASE + ( dbProfilePath.compare( QLatin1String(
"default" ), Qt::CaseInsensitive ) == 0 ? QString() : dbProfilePath );
4016 if ( qobject_cast<QgsAuthConfigurationStorageDb *>( storage ) )
MessageLevel
Level for messages This will be used both for message log and message bar in application.
@ Warning
Warning message.
@ Critical
Critical/error message.
@ Info
Information message.
AuthConfigurationStorageCapability
Authentication configuration storage capabilities.
@ CreateSetting
Can create a new authentication setting.
@ CreateConfiguration
Can create a new authentication configuration.
@ ClearStorage
Can clear all configurations from storage.
@ DeleteCertificateAuthority
Can delete a certificate authority.
@ DeleteSslCertificateCustomConfig
Can delete a SSL certificate custom config.
@ DeleteSetting
Can delete the authentication setting.
@ ReadSslCertificateCustomConfig
Can read a SSL certificate custom config.
@ DeleteMasterPassword
Can delete the master password.
@ CreateSslCertificateCustomConfig
Can create a new SSL certificate custom config.
@ ReadCertificateTrustPolicy
Can read a certificate trust policy.
@ ReadConfiguration
Can read an authentication configuration.
@ UpdateConfiguration
Can update an authentication configuration.
@ ReadCertificateAuthority
Can read a certificate authority.
@ CreateCertificateAuthority
Can create a new certificate authority.
@ DeleteConfiguration
Can deleet an authentication configuration.
@ ReadSetting
Can read the authentication settings.
@ CreateCertificateIdentity
Can create a new certificate identity.
@ ReadCertificateIdentity
Can read a certificate identity.
@ CreateCertificateTrustPolicy
Can create a new certificate trust policy.
@ ReadMasterPassword
Can read the master password.
@ CreateMasterPassword
Can create a new master password.
@ DeleteCertificateTrustPolicy
Can delete a certificate trust policy.
static QString sslErrorEnumString(QSslError::SslError errenum)
Gets short strings describing an SSL error.
static QString shaHexForCert(const QSslCertificate &cert, bool formatted=false)
Gets the sha1 hash for certificate.
CertTrustPolicy
Type of certificate trust policy.
static QMap< QString, QSslCertificate > mapDigestToCerts(const QList< QSslCertificate > &certs)
Map certificate sha1 to certificate as simple cache.
static QByteArray certsToPemText(const QList< QSslCertificate > &certs)
certsToPemText dump a list of QSslCertificates to PEM text
static bool certIsViable(const QSslCertificate &cert)
certIsViable checks for viability errors of cert and whether it is NULL
static QList< QSslCertificate > certsFromFile(const QString &certspath)
Returns a list of concatenated certs from a PEM or DER formatted file.
static bool certificateIsAuthorityOrIssuer(const QSslCertificate &cert)
Gets whether a certificate is an Authority or can at least sign other certificates.
CaCertSource
Type of CA certificate source.
Configuration container for SSL server connection exceptions or overrides.
bool isNull() const
Whether configuration is null (missing components)
const QList< QSslError::SslError > sslIgnoredErrorEnums() const
SSL server errors (as enum list) to ignore in connections.
const QSslCertificate sslCertificate() const
Server certificate object.
const QString sslHostPort() const
Server host:port string.
QSqlDatabase based implementation of QgsAuthConfigurationStorage.
bool removeCertTrustPolicy(const QSslCertificate &cert) override
Remove certificate trust policy.
const QgsAuthConfigSslServer loadSslCertCustomConfigByHost(const QString &hostport) const override
Loads an SSL certificate custom config by hostport (host:port)
QString loadAuthSetting(const QString &key) const override
Load an authentication setting from the storage.
bool removeAuthSetting(const QString &key) override
Remove an authentication setting from the storage.
const QMap< QString, QgsAuthCertUtils::CertTrustPolicy > caCertsPolicy() const override
Returns the map of CA certificates hashes in the storages and their trust policy.
QgsAuthCertUtils::CertTrustPolicy loadCertTrustPolicy(const QSslCertificate &cert) const override
Load certificate trust policy.
bool sslCertCustomConfigExists(const QString &id, const QString &hostport) override
Check if SSL certificate custom config exists.
bool removeCertIdentity(const QSslCertificate &cert) override
Remove a certificate identity from the storage.
const QPair< QSslCertificate, QString > loadCertIdentityBundle(const QString &id) const override
Returns a certificate identity bundle by id (sha hash).
const QList< QgsAuthConfigurationStorage::MasterPasswordConfig > masterPasswords() const override
Returns the list of (encrypted) master passwords stored in the database.
bool methodConfigExists(const QString &id) const override
Check if an authentication configuration exists in the storage.
QStringList certIdentityIds() const override
certIdentityIds get list of certificate identity ids from database
bool initialize() override
Initializes the storage.
bool storeMethodConfig(const QgsAuthMethodConfig &mconfig, const QString &payload) override
Store an authentication config in the database.
bool removeCertAuthority(const QSslCertificate &cert) override
Remove a certificate authority.
const QSslCertificate loadCertIdentity(const QString &id) const override
certIdentity get a certificate identity by id (sha hash)
const QList< QgsAuthConfigSslServer > sslCertCustomConfigs() const override
sslCertCustomConfigs get SSL certificate custom configs
QgsAuthMethodConfigsMap authMethodConfigs(const QStringList &allowedMethods=QStringList()) const override
Returns a mapping of authentication configurations available from this storage.
const QList< QSslCertificate > caCerts() const override
Returns the list of CA certificates in the storage.
bool certTrustPolicyExists(const QSslCertificate &cert) const override
Check if certificate trust policy exists.
const QSslCertificate loadCertAuthority(const QString &id) const override
certAuthority get a certificate authority by id (sha hash)
bool removeMethodConfig(const QString &id) override
Removes the authentication configuration with the specified id.
QgsAuthMethodConfigsMap authMethodConfigsWithPayload() const override
Returns a mapping of authentication configurations available from this storage.
bool certIdentityExists(const QString &id) const override
Check if the certificate identity exists.
bool certAuthorityExists(const QSslCertificate &cert) const override
Check if a certificate authority exists.
QgsAuthMethodConfig loadMethodConfig(const QString &id, QString &payload, bool full=false) const override
Load an authentication configuration from the database.
bool storeCertIdentity(const QSslCertificate &cert, const QString &keyPem) override
Store a certificate identity in the storage.
bool removeSslCertCustomConfig(const QString &id, const QString &hostport) override
Remove an SSL certificate custom config.
const QList< QSslCertificate > certIdentities() const override
certIdentities get certificate identities
QString name() const override
Returns a human readable localized short name of the storage implementation (e.g "SQLite").
bool authSettingExists(const QString &key) const override
Check if an authentication setting exists in the storage.
const QgsAuthConfigSslServer loadSslCertCustomConfig(const QString &id, const QString &hostport) const override
Loads an SSL certificate custom config by id (sha hash) and hostport (host:port)
Registry for authentication configuration storages.
QgsAuthConfigurationStorage * firstReadyStorageWithCapability(Qgis::AuthConfigurationStorageCapability capability) const
Returns the first ready (and enabled) authentication configuration storage which has the required cap...
QList< QgsAuthConfigurationStorage * > storages() const
Returns the list of all registered authentication configuration storages.
QList< QgsAuthConfigurationStorage * > readyStoragesWithCapability(Qgis::AuthConfigurationStorageCapability capability) const
Returns the list of all ready (and enabled) authentication configuration storage with the required ca...
QList< QgsAuthConfigurationStorage * > readyStorages() const
Returns the list of all ready (and enabled) authentication configuration storage.
bool addStorage(QgsAuthConfigurationStorage *storage)
Add an authentication configuration storage to the registry.
Abstract class that defines the interface for all authentication configuration storage implementation...
virtual void setReadOnly(bool readOnly)
Utility method to unset all editing capabilities.
void methodConfigChanged()
Emitted when the storage method config table was changed.
Qgis::AuthConfigurationStorageCapabilities capabilities() const
Returns the capabilities of the storage.
bool isEnabled() const
Returns true if the storage is enabled.
bool isEncrypted() const
Returns true if the storage is encrypted.
void messageLog(const QString &message, const QString &tag=QStringLiteral("Authentication"), Qgis::MessageLevel level=Qgis::MessageLevel::Info)
Custom logging signal to relay to console output and QgsMessageLog.
virtual QString lastError() const
Returns the last error message.
static void passwordKeyHash(const QString &pass, QString *salt, QString *hash, QString *cipheriv=nullptr)
Generate SHA256 hash for master password, with iterations and salt.
static const QString encrypt(const QString &pass, const QString &cipheriv, const QString &text)
Encrypt data using master password.
static bool verifyPasswordKeyHash(const QString &pass, const QString &salt, const QString &hash, QString *hashderived=nullptr)
Verify existing master password hash to a re-generated one.
static const QString decrypt(const QString &pass, const QString &cipheriv, const QString &text)
Decrypt data using master password.
Singleton offering an interface to manage the authentication configuration database and to utilize co...
bool storeAuthSetting(const QString &key, const QVariant &value, bool encrypt=false)
Store an authentication setting (stored as string via QVariant( value ).toString() )
bool setDefaultCertTrustPolicy(QgsAuthCertUtils::CertTrustPolicy policy)
Sets the default certificate trust policy preferred by user.
void clearAllCachedConfigs()
Clear all authentication configs from authentication method caches.
const QSslCertificate certIdentity(const QString &id)
certIdentity get a certificate identity by id (sha hash)
const QStringList certIdentityBundleToPem(const QString &id)
certIdentityBundleToPem get a certificate identity bundle by id (sha hash) returned as PEM text
bool updateIgnoredSslErrorsCache(const QString &shahostport, const QList< QSslError > &errors)
Update ignored SSL error cache with possible ignored SSL errors, using sha:host:port key.
bool verifyMasterPassword(const QString &compare=QString())
Verify the supplied master password against any existing hash in authentication database.
bool updateIgnoredSslErrorsCacheFromConfig(const QgsAuthConfigSslServer &config)
Update ignored SSL error cache with possible ignored SSL errors, using server config.
const QString disabledMessage() const
Standard message for when QCA's qca-ossl plugin is missing and system is disabled.
const QList< QSslCertificate > trustedCaCertsCache()
trustedCaCertsCache cache of trusted certificate authorities, ready for network connections
QgsAuthMethod * configAuthMethod(const QString &authcfg)
Gets authentication method from the config/provider cache.
static bool isFilesystemBasedDatabase(const QString &uri)
Returns the true if the uri is a filesystem-based database (SQLite).
bool storeCertIdentity(const QSslCertificate &cert, const QSslKey &key)
Store a certificate identity.
QgsAuthMethodsMap authMethodsMap(const QString &dataprovider=QString())
Gets available authentication methods mapped to their key.
bool rebuildIgnoredSslErrorCache()
Rebuild ignoredSSL error cache.
bool initSslCaches()
Initialize various SSL authentication caches.
const QList< QSslCertificate > extraFileCAs()
extraFileCAs extra file-based certificate authorities
bool removeAuthSetting(const QString &key)
Remove an authentication setting.
bool storeCertTrustPolicy(const QSslCertificate &cert, QgsAuthCertUtils::CertTrustPolicy policy)
Store user trust value for a certificate.
bool rebuildCaCertsCache()
Rebuild certificate authority cache.
bool scheduledAuthDatabaseErase()
Whether there is a scheduled opitonal erase of authentication database.
bool eraseAuthenticationDatabase(bool backup, QString *backuppath=nullptr)
Erase all rows from all tables in authentication database.
static bool passwordHelperEnabled()
Password helper enabled getter.
void passwordHelperMessageLog(const QString &message, const QString &tag=QgsAuthManager::AUTH_MAN_TAG, Qgis::MessageLevel level=Qgis::MessageLevel::Info)
Custom logging signal to inform the user about master password <-> password manager interactions.
bool exportAuthenticationConfigsToXml(const QString &filename, const QStringList &authcfgs, const QString &password=QString())
Export authentication configurations to an XML file.
Q_DECL_DEPRECATED bool init(const QString &pluginPath=QString(), const QString &authDatabasePath=QString())
init initialize QCA, prioritize qca-ossl plugin and optionally set up the authentication database
void authDatabaseChanged()
Emitted when the authentication db is significantly changed, e.g. large record removal,...
void setPasswordHelperEnabled(bool enabled)
Password helper enabled setter.
void setScheduledAuthDatabaseErase(bool scheduleErase)
Schedule an optional erase of authentication database, starting when mutex is lockable.
const QList< QgsAuthConfigSslServer > sslCertCustomConfigs()
sslCertCustomConfigs get SSL certificate custom configs
const QList< QSslCertificate > untrustedCaCerts(QList< QSslCertificate > trustedCAs=QList< QSslCertificate >())
untrustedCaCerts get list of untrusted certificate authorities
const QString uniqueConfigId() const
Gets a unique generated 7-character string to assign to as config id.
const QPair< QSslCertificate, QSslKey > certIdentityBundle(const QString &id)
Gets a certificate identity bundle by id (sha hash).
bool isDisabled() const
Whether QCA has the qca-ossl plugin, which a base run-time requirement.
QVariant authSetting(const QString &key, const QVariant &defaultValue=QVariant(), bool decrypt=false)
authSetting get an authentication setting (retrieved as string and returned as QVariant( QString ))
static const QString AUTH_MAN_TAG
The display name of the Authentication Manager.
QgsAuthCertUtils::CertTrustPolicy defaultCertTrustPolicy()
Gets the default certificate trust policy preferred by user.
const QByteArray trustedCaCertsPemText()
trustedCaCertsPemText get concatenated string of all trusted CA certificates
static bool hasConfigId(const QString &txt)
Returns whether a string includes an authcfg ID token.
bool removeAllAuthenticationConfigs()
Clear all authentication configs from table in database and from provider caches.
QgsAuthCertUtils::CertTrustPolicy certificateTrustPolicy(const QSslCertificate &cert)
certificateTrustPolicy get trust policy for a particular certificate cert
static bool passwordHelperLoggingEnabled()
Password helper logging enabled getter.
QgsAuthConfigurationStorageRegistry * authConfigurationStorageRegistry() const
Returns the authentication configuration storage registry.
bool rebuildCertTrustCache()
Rebuild certificate authority cache.
Q_DECL_DEPRECATED const QString authenticationDatabasePath() const
The standard authentication database file in ~/.qgis3/ or defined location.
static const QList< QSslCertificate > systemRootCAs()
systemRootCAs get root system certificate authorities
bool removeCertAuthority(const QSslCertificate &cert)
Remove a certificate authority.
const QList< QSslCertificate > trustedCaCerts(bool includeinvalid=false)
trustedCaCerts get list of all trusted CA certificates
bool existsCertAuthority(const QSslCertificate &cert)
Check if a certificate authority exists.
const QMap< QString, QSslCertificate > mappedDatabaseCAs()
mappedDatabaseCAs get sha1-mapped database-stored certificate authorities
bool importAuthenticationConfigsFromXml(const QString &filename, const QString &password=QString(), bool overwrite=false)
Import authentication configurations from an XML file.
bool configIdUnique(const QString &id) const
Verify if provided authentication id is unique.
QStringList configIds() const
Gets list of authentication ids from database.
QString authManTag() const
Simple text tag describing authentication system for message logs.
bool loadAuthenticationConfig(const QString &authcfg, QgsAuthMethodConfig &mconfig, bool full=false)
Load an authentication config from the database into subclass.
QgsAuthCertUtils::CertTrustPolicy certTrustPolicy(const QSslCertificate &cert)
certTrustPolicy get whether certificate cert is trusted by user
bool masterPasswordHashInDatabase() const
Verify a password hash existing in authentication database.
Q_DECL_DEPRECATED void messageOut(const QString &message, const QString &tag=QgsAuthManager::AUTH_MAN_TAG, QgsAuthManager::MessageLevel level=QgsAuthManager::INFO) const
Custom logging signal to relay to console output and QgsMessageLog.
QgsAuthConfigurationStorageDb * defaultDbStorage() const
Transitional proxy to the first ready storage of database type.
bool updateNetworkProxy(QNetworkProxy &proxy, const QString &authcfg, const QString &dataprovider=QString())
Provider call to update a QNetworkProxy with an authentication config.
const QSslCertificate certAuthority(const QString &id)
Gets a certificate authority by id (sha hash)
void passwordHelperSuccess()
Signals emitted on password helper success, mainly used in the tests to exit main application loop.
bool registerCoreAuthMethods()
Instantiate and register existing C++ core authentication methods from plugins.
bool passwordHelperDelete()
Delete master password from wallet.
~QgsAuthManager() override
void dumpIgnoredSslErrorsCache_()
Utility function to dump the cache for debug purposes.
const QList< QSslCertificate > databaseCAs()
databaseCAs get database-stored certificate authorities
void messageLog(const QString &message, const QString &tag=QgsAuthManager::AUTH_MAN_TAG, Qgis::MessageLevel level=Qgis::MessageLevel::Info) const
Custom logging signal to relay to console output and QgsMessageLog.
bool backupAuthenticationDatabase(QString *backuppath=nullptr)
Close connection to current authentication database and back it up.
void authDatabaseEraseRequested()
Emitted when a user has indicated they may want to erase the authentication db.
void passwordHelperFailure()
Signals emitted on password helper failure, mainly used in the tests to exit main application loop.
bool existsSslCertCustomConfig(const QString &id, const QString &hostport)
Check if SSL certificate custom config exists.
bool existsAuthSetting(const QString &key)
Check if an authentication setting exists.
void clearCachedConfig(const QString &authcfg)
Clear an authentication config from its associated authentication method cache.
void clearMasterPassword()
Clear supplied master password.
bool updateNetworkRequest(QNetworkRequest &request, const QString &authcfg, const QString &dataprovider=QString())
Provider call to update a QNetworkRequest with an authentication config.
const QList< QSslCertificate > certIdentities()
certIdentities get certificate identities
bool storeCertAuthority(const QSslCertificate &cert)
Store a certificate authority.
QStringList certIdentityIds() const
certIdentityIds get list of certificate identity ids from database
bool removeCertTrustPolicies(const QList< QSslCertificate > &certs)
Remove a group certificate authorities.
QgsAuthMethod * authMethod(const QString &authMethodKey)
Gets authentication method from the config/provider cache via its key.
bool updateDataSourceUriItems(QStringList &connectionItems, const QString &authcfg, const QString &dataprovider=QString())
Provider call to update a QgsDataSourceUri with an authentication config.
void setup(const QString &pluginPath=QString(), const QString &authDatabasePath=QString())
Sets up the authentication manager configuration.
static QgsAuthManager * instance()
Enforce singleton pattern.
Q_DECL_DEPRECATED QSqlDatabase authDatabaseConnection() const
Sets up the application instance of the authentication database connection.
void updateConfigAuthMethods()
Sync the confg/authentication method cache with what is in database.
bool storeSslCertCustomConfig(const QgsAuthConfigSslServer &config)
Store an SSL certificate custom config.
static void setPasswordHelperLoggingEnabled(bool enabled)
Password helper logging enabled setter.
bool ensureInitialized() const
Performs lazy initialization of the authentication framework, if it has not already been done.
const QgsAuthConfigSslServer sslCertCustomConfigByHost(const QString &hostport)
sslCertCustomConfigByHost get an SSL certificate custom config by hostport (host:port)
bool updateAuthenticationConfig(const QgsAuthMethodConfig &config)
Update an authentication config in the database.
bool existsCertIdentity(const QString &id)
Check if a certificate identity exists.
const QString authenticationDatabaseUri() const
Returns the authentication database connection URI.
bool resetMasterPassword(const QString &newpass, const QString &oldpass, bool keepbackup, QString *backuppath=nullptr)
Reset the master password to a new one, then re-encrypt all previous configs in a new database file,...
QStringList authMethodsKeys(const QString &dataprovider=QString())
Gets keys of supported authentication methods.
bool passwordHelperSync()
Store the password manager into the wallet.
bool masterPasswordIsSet() const
Whether master password has be input and verified, i.e. authentication database is accessible.
const QString methodConfigTableName() const
Returns the database table from the first ready storage that stores authentication configs,...
void masterPasswordVerified(bool verified)
Emitted when a password has been verify (or not)
bool setMasterPassword(bool verify=false)
Main call to initially set or continually check master password is set.
bool storeCertAuthorities(const QList< QSslCertificate > &certs)
Store multiple certificate authorities.
bool removeSslCertCustomConfig(const QString &id, const QString &hostport)
Remove an SSL certificate custom config.
static const QString AUTH_PASSWORD_HELPER_DISPLAY_NAME
The display name of the password helper (platform dependent)
bool updateNetworkReply(QNetworkReply *reply, const QString &authcfg, const QString &dataprovider=QString())
Provider call to update a QNetworkReply with an authentication config (used to skip known SSL errors,...
bool rebuildTrustedCaCertsCache()
Rebuild trusted certificate authorities cache.
const QgsAuthMethodMetadata * authMethodMetadata(const QString &authMethodKey)
Gets authentication method metadata via its key.
bool removeAuthenticationConfig(const QString &authcfg)
Remove an authentication config in the database.
bool removeCertTrustPolicy(const QSslCertificate &cert)
Remove a certificate authority.
const QString authenticationDatabaseUriStripped() const
Returns the authentication database connection URI with the password stripped.
QgsAuthMethod::Expansions supportedAuthMethodExpansions(const QString &authcfg)
Gets supported authentication method expansion(s), e.g.
const QgsAuthConfigSslServer sslCertCustomConfig(const QString &id, const QString &hostport)
sslCertCustomConfig get an SSL certificate custom config by id (sha hash) and hostport (host:port)
QgsAuthMethodConfigsMap availableAuthMethodConfigs(const QString &dataprovider=QString())
Gets mapping of authentication config ids and their base configs (not decrypted data)
bool masterPasswordSame(const QString &password) const
Check whether supplied password is the same as the one already set.
bool storeAuthenticationConfig(QgsAuthMethodConfig &mconfig, bool overwrite=false)
Store an authentication config in the database.
bool removeCertIdentity(const QString &id)
Remove a certificate identity.
QString configAuthMethodKey(const QString &authcfg) const
Gets key of authentication method associated with config ID.
Configuration storage class for authentication method configurations.
bool isValid(bool validateid=false) const
Whether the configuration is valid.
bool readXml(const QDomElement &element)
from a DOM element.
const QString configString() const
The extended configuration, as stored and retrieved from the authentication database.
const QString id() const
Gets 'authcfg' 7-character alphanumeric ID of the config.
void loadConfigString(const QString &configstr)
Load existing extended configuration.
bool writeXml(QDomElement &parentElement, QDomDocument &document)
Stores the configuration in a DOM.
void setId(const QString &id)
Sets auth config ID.
A registry / canonical manager of authentication methods.
const QgsAuthMethodMetadata * authMethodMetadata(const QString &authMethodKey) const
Returns metadata of the auth method or nullptr if not found.
static QgsAuthMethodRegistry * instance(const QString &pluginPath=QString())
Means of accessing canonical single instance.
QStringList authMethodList() const
Returns list of available auth methods by their keys.
QgsAuthMethod * createAuthMethod(const QString &authMethodKey)
Create an instance of the auth method.
Abstract base class for authentication method plugins.
virtual bool updateNetworkProxy(QNetworkProxy &proxy, const QString &authcfg, const QString &dataprovider=QString())
Update proxy settings with authentication components.
virtual bool updateNetworkRequest(QNetworkRequest &request, const QString &authcfg, const QString &dataprovider=QString())
Update a network request with authentication components.
QgsAuthMethod::Expansions supportedExpansions() const
Flags that represent the update points (where authentication configurations are expanded) supported b...
virtual void clearCachedConfig(const QString &authcfg)=0
Clear any cached configuration.
virtual void updateMethodConfig(QgsAuthMethodConfig &mconfig)=0
Update an authentication configuration in place.
virtual bool updateNetworkReply(QNetworkReply *reply, const QString &authcfg, const QString &dataprovider=QString())
Update a network reply with authentication components.
virtual bool updateDataSourceUriItems(QStringList &connectionItems, const QString &authcfg, const QString &dataprovider=QString())
Update data source connection items with authentication components.
QFlags< Expansion > Expansions
static QgsCredentials * instance()
retrieves instance
bool getMasterPassword(QString &password, bool stored=false)
static void logMessage(const QString &message, const QString &tag=QString(), Qgis::MessageLevel level=Qgis::MessageLevel::Warning, bool notifyUser=true)
Adds a message to the log instance (and creates it if necessary).
Custom exception class which is raised when an operation is not supported.
Scoped object for logging of the runtime for a single operation or group of operations.
This class is a composition of two QSettings instances:
QVariant value(const QString &key, const QVariant &defaultValue=QVariant(), Section section=NoSection) const
Returns the value for setting key.
void setValue(const QString &key, const QVariant &value, QgsSettings::Section section=QgsSettings::NoSection)
Sets the value of setting key to value.
static bool isNull(const QVariant &variant, bool silenceNullWarnings=false)
Returns true if the specified variant should be considered a NULL value.
#define Q_NOWARN_DEPRECATED_POP
#define Q_NOWARN_DEPRECATED_PUSH
QHash< QString, QgsAuthMethodConfig > QgsAuthMethodConfigsMap
QHash< QString, QgsAuthMethod * > QgsAuthMethodsMap
#define QgsDebugMsgLevel(str, level)
#define QgsDebugError(str)
Structure that holds the (encrypted) master password elements.