Autoconfig fails when unsupported OAuth2 is preferred authentication method
Categories
(Thunderbird :: Account Manager, defect)
Tracking
(thunderbird_esr115 fixed)
| Tracking | Status | |
|---|---|---|
| thunderbird_esr115 | --- | fixed |
People
(Reporter: cketti, Assigned: cketti)
References
Details
Attachments
(1 file, 1 obsolete file)
|
48 bytes,
text/x-phabricator-request
|
wsmwk
:
approval-comm-esr115+
|
Details | Review |
FetchConfig will return a config where OAuth2 is the preferred authentication method, even when OAuth2 isn't supported with the incoming or outgoing server. Account setup will then fail with the error message "Could not get OAuth2 details for hostname=…"
Right now this is a problem for the comcast.net configuration in ISPDB. Thunderbird Daily has the necessary OAuth2 credentials for Comcast (see bug 1844810). However, we can't update the config in ISPDB because stable Thunderbird and older versions (without the necessary OAuth2 credentials) would try to use OAuth2 and fail.
My suggestion is to clean up the AccountConfig instance returned by the Autoconfig parser and strip occurrences of OAuth2 when the app doesn't support OAuth2 with the incoming or outgoing server. If there's an alternative authentication method, the app will fall back to that.
In the future this will allow providers (and ISPDB) to publish configs where OAuth2 is the preferred authentication method, even when stable or older versions of Thunderbird don't support it with that provider. Those app versions will then use a fallback authentication method or let the user know that no supported config was found.
Updated•2 years ago
|
Comment 2•2 years ago
|
||
Thanks for noticing this bug. I thought we already did that.
Yes, it was always the idea that the client would ignore the OAuth2 authentication option, if the client cannot use it, for whatever reason. That's why it's just the first and preferred option, and there is a fallback.
I will review the concrete patch later.
Comment 3•2 years ago
|
||
Review done. Waiting for revision of the patch.
Comment 5•2 years ago
|
||
Instead of processing the xml, wouldn't it be simpler to just remove a possible no-op OAuth2 config after fetching. It shouldn't be many lines to add a check, probably around here: https://searchfox.org/comm-central/rev/20293ca81e7f17705aaaf2a395210daddab44106/mail/components/accountcreation/content/accountSetup.js#817
Comment 6•2 years ago
|
||
I proposed that as well, but cketti correctly pointed out that this will break the fallback mechanisms, so this is not a good place. Details see the review in Phab.
Comment 7•2 years ago
|
||
I see. It depends a bit on how we would allow fallbacks. I think we can say, if a config file was found, it must be usable. I never saw a case where we would find two different configs.
Or, we could do such a check slightly earlier, like at https://searchfox.org/comm-central/rev/20293ca81e7f17705aaaf2a395210daddab44106/mail/components/accountcreation/content/accountSetup.js#649 so a success is never called unless it's all good.
Updated•2 years ago
|
Updated•2 years ago
|
Updated•2 years ago
|
Updated•2 years ago
|
Pushed by geoff@darktrojan.net:
https://hg.mozilla.org/comm-central/rev/d9bb43629625
Ignore OAuth2 from Autoconfig when not supported with the server. r=BenB,mkmelin
Updated•2 years ago
|
Comment 9•2 years ago
|
||
Nice that we have a full set of tests!
Uplift to 115 after a full clean cycle of beta?
Updated•2 years ago
|
| Assignee | ||
Comment 10•2 years ago
|
||
Uplift to 115 after a full clean cycle of beta?
Sounds good to me. I don't think this will cause any problems.
Comment 11•2 years ago
|
||
Comment on attachment 9367779 [details]
Bug 1869122 - Ignore OAuth2 from Autoconfig when not supported with the server. r=BenB,mkmelin
[Triage Comment]
Approved for esr115 per comment 10
Comment 12•2 years ago
|
||
| bugherder uplift | ||
Thunderbird 115.8.0:
https://hg.mozilla.org/releases/comm-esr115/rev/f3684112888f
Description
•