Closed Bug 1920419 Opened 2 months ago Closed 2 months ago

Cached `OAuth2` objects aren't reused if their scope changes

Categories

(Thunderbird :: Account Manager, defect)

Product:
Thunderbird
Component:
Account Manager
Type:
defect

Tracking

(thunderbird_esr115 unaffected, thunderbird_esr128+ wontfix)

Status:
RESOLVED FIXED
Milestone:
132 Branch
Tracking Flags:
Tracking Status
thunderbird_esr115 --- unaffected
thunderbird_esr128 + wontfix

People

(Reporter: darktrojan, Assigned: darktrojan)

References

Details

Attachments

(4 files)

Bug 1920419 - Test that OAuth2Module correctly saves and restores tokens. r=#thunderbird-reviewers
48 bytes, text/x-phabricator-request
Details | Review
Bug 1920419 - Handle OAuth scopes with Set functions, and fix cache checking. r=#thunderbird-reviewers
48 bytes, text/x-phabricator-request
Details | Review
Bug 1920419 - Add logging to OAuth2Module.sys.mjs. r=#thunderbird-reviewers
48 bytes, text/x-phabricator-request
Details | Review
Bug 1920419 - Fix what happens if an *.oauth2.scope pref is empty. r=#thunderbird-reviewers
48 bytes, text/x-phabricator-request
Details | Review

In bug 1880211 I added a cache for OAuth2 objects created by OAuthModule.sys.mjs to solve a problem with multiple authentication problems appearing for the same account. When checking if a cached object can be reused, the OAuth scopes are only checked for string equality, and this will break if the server grants different scopes from those requested. A cached object should be reused if the scopes it has are a superset of the scopes that are wanted.

Using isSupersetOf makes the intention of the code clearer, and hopefully prevents future mistakes.

Pushed by geoff@darktrojan.net:
https://hg.mozilla.org/comm-central/rev/4651b592ec50
Test that OAuth2Module correctly saves and restores tokens. r=mkmelin
https://hg.mozilla.org/comm-central/rev/975ed9f251a7
Handle OAuth scopes with Set functions, and fix cache checking. r=mkmelin
https://hg.mozilla.org/comm-central/rev/d7a05df28f55
Add logging to OAuth2Module.sys.mjs. r=mkmelin

Status: ASSIGNED → RESOLVED
Closed: 2 months ago
Resolution: --- → FIXED
Target Milestone: --- → 132 Branch

Found an edge case, and a bad log message.

Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Keywords: checkin-needed-tb

Pushed by geoff@darktrojan.net:
https://hg.mozilla.org/comm-central/rev/6b462bda90c9
Fix what happens if an *.oauth2.scope pref is empty. r=mkmelin

Status: REOPENED → RESOLVED
Closed: 2 months ago2 months ago
Keywords: checkin-needed-tb
Resolution: --- → FIXED

Uplift to 128?

Nope. This depends on six patches ahead of it, which you have experience with, and I've no intention of pushing them to ESR again this side of Christmas, especially while we're deep in other problems on ESR.

status-thunderbird_esr128: affectedwontfix
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: