fix #1753: option to use short-lived tokens in cloud storages

2021-03-21 17:22:38 +01:00 · 2021-03-21 17:22:38 +01:00 · e66f52a8ce
parent 8023bcea96
commit e66f52a8ce
9 changed files with 44 additions and 10 deletions
--- a/app/scripts/const/default-app-settings.js
+++ b/app/scripts/const/default-app-settings.js
@ -46,6 +46,7 @@ const DefaultAppSettings = {
    deviceOwnerAuth: null, // Touch ID: null / 'memory' / 'file'
    deviceOwnerAuthTimeoutMinutes: 0, // how often master password is required with Touch ID
    disableOfflineStorage: false, // don't cache loaded files in offline storage
+    shortLivedStorageToken: false, // short-lived sessions in cloud storage providers

    yubiKeyShowIcon: true, // show an icon to open OTP codes from YubiKey
    yubiKeyAutoOpen: false, // auto-load one-time codes when there are open files
--- a/app/scripts/locales/base.json
+++ b/app/scripts/locales/base.json
@ -455,6 +455,7 @@
    "setGenLockOrSleep": "When the computer is locked or put to sleep",
    "setGenStorage": "Storage",
    "setGenDisableOfflineStorage": "Don't cache loaded files in offline storage",
+    "setGenShortLivedStorageToken": "Use short-lived sessions in cloud storage providers",
    "setGenStorageLogout": "Log out",
    "setGenShowAdvanced": "Show advanced settings",
    "setGenDevTools": "Show dev tools",
--- a/app/scripts/storage/impl/storage-dropbox.js
+++ b/app/scripts/storage/impl/storage-dropbox.js
@ -83,7 +83,9 @@ class StorageDropbox extends StorageBase {
            pkce: true,
            width: 600,
            height: 400,
-            urlParams: { 'token_access_type': 'offline' }
+            urlParams: this.appSettings.shortLivedStorageToken
+                ? {}
+                : { 'token_access_type': 'offline' }
        };
    }

--- a/app/scripts/storage/impl/storage-gdrive.js
+++ b/app/scripts/storage/impl/storage-gdrive.js
@ -254,9 +254,9 @@ class StorageGDrive extends StorageBase {
            width: 600,
            height: 400,
            pkce: true,
-            redirectUrlParams: {
-                'access_type': 'offline'
-            }
+            redirectUrlParams: this.appSettings.shortLivedStorageToken
+                ? {}
+                : { 'access_type': 'offline' }
        };
    }
 }
--- a/app/scripts/storage/impl/storage-onedrive.js
+++ b/app/scripts/storage/impl/storage-onedrive.js
@ -230,10 +230,14 @@ class StorageOneDrive extends StorageBase {
                ({ id: clientId, secret: clientSecret } = OneDriveApps.Production);
            }
        }
+        let scope = 'files.readwrite';
+        if (!this.appSettings.shortLivedStorageToken) {
+            scope += ' offline_access';
+        }
        return {
            url: 'https://login.microsoftonline.com/common/oauth2/v2.0/authorize',
            tokenUrl: 'https://login.microsoftonline.com/common/oauth2/v2.0/token',
-            scope: 'files.readwrite offline_access',
+            scope,
            clientId,
            clientSecret,
            pkce: true,
--- a/app/scripts/storage/storage-base.js
+++ b/app/scripts/storage/storage-base.js
@ -50,6 +50,10 @@ class StorageBase {

    logout() {}

+    deleteStoredToken() {
+        delete this.runtimeData[this.name + 'OAuthToken'];
+    }
+
    _xhr(config) {
        this.logger.info('HTTP request', config.method || 'GET', config.url);
        if (config.data) {
@ -315,7 +319,9 @@ class StorageBase {
        const token = this._oauthMsgToToken(message);
        if (token && !token.error) {
            this._oauthToken = token;
-            this.runtimeData[this.name + 'OAuthToken'] = token;
+            if (!this.appSettings.shortLivedStorageToken) {
+                this.runtimeData[this.name + 'OAuthToken'] = token;
+            }
            this.logger.debug('OAuth token received');
        }
        return token;
@ -343,7 +349,9 @@ class StorageBase {

    _oauthGetNewToken(callback) {
        this._oauthToken.expired = true;
-        this.runtimeData[this.name + 'OAuthToken'] = this._oauthToken;
+        if (!this.appSettings.shortLivedStorageToken) {
+            this.runtimeData[this.name + 'OAuthToken'] = this._oauthToken;
+        }
        if (this._oauthToken.refreshToken) {
            this._oauthExchangeRefreshToken(callback);
        } else {
--- a/app/scripts/views/settings/settings-general-view.js
+++ b/app/scripts/views/settings/settings-general-view.js
@ -62,6 +62,7 @@ class SettingsGeneralView extends View {
        'click .settings__general-download-update-btn': 'downloadUpdate',
        'click .settings__general-update-found-btn': 'installFoundUpdate',
        'change .settings__general-disable-offline-storage': 'changeDisableOfflineStorage',
+        'change .settings__general-short-lived-storage-token': 'changeShortLivedStorageToken',
        'change .settings__general-prv-check': 'changeStorageEnabled',
        'click .settings__general-prv-logout': 'logoutFromStorage',
        'click .settings__general-show-advanced': 'showAdvancedSettings',
@ -142,7 +143,8 @@ class SettingsGeneralView extends View {
            hasDeviceOwnerAuth: Features.isDesktop && Features.isMac,
            deviceOwnerAuth: AppSettingsModel.deviceOwnerAuth,
            deviceOwnerAuthTimeout: AppSettingsModel.deviceOwnerAuthTimeoutMinutes,
-            disableOfflineStorage: AppSettingsModel.disableOfflineStorage
+            disableOfflineStorage: AppSettingsModel.disableOfflineStorage,
+            shortLivedStorageToken: AppSettingsModel.shortLivedStorageToken
        });
        this.renderProviderViews(storageProviders);
    }
@ -486,6 +488,16 @@ class SettingsGeneralView extends View {
        }
    }

+    changeShortLivedStorageToken(e) {
+        const shortLivedStorageToken = e.target.checked;
+        AppSettingsModel.shortLivedStorageToken = shortLivedStorageToken;
+        if (shortLivedStorageToken) {
+            for (const storage of Object.values(Storage)) {
+                storage.deleteStoredToken();
+            }
+        }
+    }
+
    changeStorageEnabled(e) {
        const storage = Storage[$(e.target).data('storage')];
        if (storage) {
--- a/app/templates/settings/settings-general.hbs
+++ b/app/templates/settings/settings-general.hbs
@ -312,6 +312,11 @@
               {{#if disableOfflineStorage}}checked{{/if}} />
        <label for="settings__general-disable-offline-storage">{{res 'setGenDisableOfflineStorage'}}</label>
    </div>
+    <div>
+        <input type="checkbox" class="settings__input input-base settings__general-short-lived-storage-token" id="settings__general-short-lived-storage-token"
+               {{#if shortLivedStorageToken}}checked{{/if}} />
+        <label for="settings__general-short-lived-storage-token">{{res 'setGenShortLivedStorageToken'}}</label>
+    </div>

    {{#each storageProviders as |prv|}}
    <h4 class="settings__general-storage-header"><input
--- a/release-notes.md
+++ b/release-notes.md
@ -1,11 +1,12 @@
 Release notes
 -------------
 ##### v1.18.0 (TBD)
-`-` legacy auto-type removed  
 `+` optimized memory consumption for large files  
+`+` option to use short-lived tokens in cloud storages  
 `+` opening XML and CSV files using the Open button  
 `-` ykman v4 support  
-`-` setting expire date in the past  
+`-` setting expiry date in the past
+`-` legacy auto-type removed

 ##### v1.17.4 (2021-03-18)
 `-` fix #1740: Windows updater issues