QGIS API Documentation  3.17.0-Master (a035f434f4)
Public Types | Public Slots | Signals | Public Member Functions | Static Public Attributes | Protected Member Functions | Static Protected Member Functions | Friends | List of all members
QgsAuthManager Class Reference

Singleton offering an interface to manage the authentication configuration database and to utilize configurations through various authentication method plugins. More...

#include <qgsauthmanager.h>

Inheritance diagram for QgsAuthManager:
Inheritance graph
[legend]

Public Types

enum  MessageLevel { INFO = 0, WARNING = 1, CRITICAL = 2 }
 Message log level (mirrors that of QgsMessageLog, so it can also output there) More...
 

Public Slots

void clearAllCachedConfigs ()
 Clear all authentication configs from authentication method caches. More...
 
void clearCachedConfig (const QString &authcfg)
 Clear an authentication config from its associated authentication method cache. More...
 

Signals

void authDatabaseChanged ()
 Emitted when the authentication db is significantly changed, e.g. large record removal, erased, etc. More...
 
void authDatabaseEraseRequested ()
 Emitted when a user has indicated they may want to erase the authentication db. More...
 
void masterPasswordVerified (bool verified)
 Emitted when a password has been verify (or not) More...
 
void messageOut (const QString &message, const QString &tag=QgsAuthManager::AUTH_MAN_TAG, QgsAuthManager::MessageLevel level=QgsAuthManager::INFO) const
 Custom logging signal to relay to console output and QgsMessageLog. More...
 
void passwordHelperFailure ()
 Signals emitted on password helper failure, mainly used in the tests to exit main application loop. More...
 
void passwordHelperMessageOut (const QString &message, const QString &tag=QgsAuthManager::AUTH_MAN_TAG, QgsAuthManager::MessageLevel level=QgsAuthManager::INFO)
 Custom logging signal to inform the user about master password <-> password manager interactions. More...
 
void passwordHelperSuccess ()
 Signals emitted on password helper success, mainly used in the tests to exit main application loop. More...
 

Public Member Functions

 ~QgsAuthManager () override
 
const QString authDatabaseConfigTable () const
 Name of the authentication database table that stores configs. More...
 
QSqlDatabase authDatabaseConnection () const
 Sets up the application instance of the authentication database connection. More...
 
const QString authDatabaseServersTable () const
 Name of the authentication database table that stores server exceptions/configs. More...
 
const QString authenticationDatabasePath () const
 The standard authentication database file in ~/.qgis3/ or defined location. More...
 
QString authManTag () const
 Simple text tag describing authentication system for message logs. More...
 
QgsAuthMethodauthMethod (const QString &authMethodKey)
 Gets authentication method from the config/provider cache via its key. More...
 
QWidget * authMethodEditWidget (const QString &authMethodKey, QWidget *parent)
 Gets authentication method edit widget via its key. More...
 
QStringList authMethodsKeys (const QString &dataprovider=QString())
 Gets keys of supported authentication methods. More...
 
QgsAuthMethodsMap authMethodsMap (const QString &dataprovider=QString())
 Gets available authentication methods mapped to their key. More...
 
QVariant authSetting (const QString &key, const QVariant &defaultValue=QVariant(), bool decrypt=false)
 authSetting get an authentication setting (retrieved as string and returned as QVariant( QString )) More...
 
QgsAuthMethodConfigsMap availableAuthMethodConfigs (const QString &dataprovider=QString())
 Gets mapping of authentication config ids and their base configs (not decrypted data) More...
 
bool backupAuthenticationDatabase (QString *backuppath=nullptr)
 Close connection to current authentication database and back it up. More...
 
const QMap< QString, QPair< QgsAuthCertUtils::CaCertSource, QSslCertificate > > caCertsCache ()
 caCertsCache get all CA certs mapped to their sha1 from cache. More...
 
const QSslCertificate certAuthority (const QString &id)
 Gets a certificate authority by id (sha hash) More...
 
const QList< QSslCertificate > certIdentities ()
 certIdentities get certificate identities More...
 
const QSslCertificate certIdentity (const QString &id)
 certIdentity get a certificate identity by id (sha hash) More...
 
const QPair< QSslCertificate, QSslKey > certIdentityBundle (const QString &id)
 Gets a certificate identity bundle by id (sha hash). More...
 
const QStringList certIdentityBundleToPem (const QString &id)
 certIdentityBundleToPem get a certificate identity bundle by id (sha hash) returned as PEM text More...
 
QStringList certIdentityIds () const
 certIdentityIds get list of certificate identity ids from database More...
 
QgsAuthCertUtils::CertTrustPolicy certificateTrustPolicy (const QSslCertificate &cert)
 certificateTrustPolicy get trust policy for a particular certificate cert More...
 
const QMap< QgsAuthCertUtils::CertTrustPolicy, QStringList > certTrustCache ()
 certTrustCache get cache of certificate sha1s, per trust policy More...
 
QgsAuthCertUtils::CertTrustPolicy certTrustPolicy (const QSslCertificate &cert)
 certTrustPolicy get whether certificate cert is trusted by user More...
 
void clearMasterPassword ()
 Clear supplied master password. More...
 
QgsAuthMethodconfigAuthMethod (const QString &authcfg)
 Gets authentication method from the config/provider cache. More...
 
QString configAuthMethodKey (const QString &authcfg) const
 Gets key of authentication method associated with config ID. More...
 
QString configIdRegex () const
 Returns the regular expression for authcfg=.{7} key/value token for authentication ids. More...
 
QStringList configIds () const
 Gets list of authentication ids from database. More...
 
bool configIdUnique (const QString &id) const
 Verify if provided authentication id is unique. More...
 
const QList< QSslCertificate > databaseCAs ()
 databaseCAs get database-stored certificate authorities More...
 
QgsAuthCertUtils::CertTrustPolicy defaultCertTrustPolicy ()
 Gets the default certificate trust policy preferred by user. More...
 
const QString disabledMessage () const
 Standard message for when QCA's qca-ossl plugin is missing and system is disabled. More...
 
void dumpIgnoredSslErrorsCache_ ()
 Utility function to dump the cache for debug purposes. More...
 
bool eraseAuthenticationDatabase (bool backup, QString *backuppath=nullptr)
 Erase all rows from all tables in authentication database. More...
 
bool existsAuthSetting (const QString &key)
 Check if an authentication setting exists. More...
 
bool existsCertAuthority (const QSslCertificate &cert)
 Check if a certificate authority exists. More...
 
bool existsCertIdentity (const QString &id)
 Check if a certificate identity exists. More...
 
bool existsSslCertCustomConfig (const QString &id, const QString &hostport)
 Check if SSL certificate custom config exists. More...
 
const QList< QSslCertificate > extraFileCAs ()
 extraFileCAs extra file-based certificate authorities More...
 
bool hasConfigId (const QString &txt) const
 Returns whether a string includes an authcfg ID token. More...
 
QHash< QString, QSet< QSslError::SslError > > ignoredSslErrorCache ()
 ignoredSslErrorCache Get ignored SSL error cache, keyed with cert/connection's sha:host:port. More...
 
bool init (const QString &pluginPath=QString(), const QString &authDatabasePath=QString())
 init initialize QCA, prioritize qca-ossl plugin and optionally set up the authentication database More...
 
bool initSslCaches ()
 Initialize various SSL authentication caches. More...
 
bool isDisabled () const
 Whether QCA has the qca-ossl plugin, which a base run-time requirement. More...
 
bool loadAuthenticationConfig (const QString &authcfg, QgsAuthMethodConfig &mconfig, bool full=false)
 Load an authentication config from the database into subclass. More...
 
const QMap< QString, QSslCertificate > mappedDatabaseCAs ()
 mappedDatabaseCAs get sha1-mapped database-stored certificate authorities More...
 
bool masterPasswordHashInDatabase () const
 Verify a password hash existing in authentication database. More...
 
bool masterPasswordIsSet () const
 Whether master password has be input and verified, i.e. authentication database is accessible. More...
 
bool masterPasswordSame (const QString &pass) const
 Check whether supplied password is the same as the one already set. More...
 
bool passwordHelperDelete ()
 Delete master password from wallet. More...
 
bool passwordHelperEnabled () const
 Password helper enabled getter. More...
 
const QString passwordHelperErrorMessage ()
 Error message getter. More...
 
bool passwordHelperLoggingEnabled () const
 Password helper logging enabled getter. More...
 
bool passwordHelperSync ()
 Store the password manager into the wallet. More...
 
bool rebuildCaCertsCache ()
 Rebuild certificate authority cache. More...
 
bool rebuildCertTrustCache ()
 Rebuild certificate authority cache. More...
 
bool rebuildIgnoredSslErrorCache ()
 Rebuild ignoredSSL error cache. More...
 
bool rebuildTrustedCaCertsCache ()
 Rebuild trusted certificate authorities cache. More...
 
bool registerCoreAuthMethods ()
 Instantiate and register existing C++ core authentication methods from plugins. More...
 
bool removeAllAuthenticationConfigs ()
 Clear all authentication configs from table in database and from provider caches. More...
 
bool removeAuthenticationConfig (const QString &authcfg)
 Remove an authentication config in the database. More...
 
bool removeAuthSetting (const QString &key)
 Remove an authentication setting. More...
 
bool removeCertAuthority (const QSslCertificate &cert)
 Remove a certificate authority. More...
 
bool removeCertIdentity (const QString &id)
 Remove a certificate identity. More...
 
bool removeCertTrustPolicies (const QList< QSslCertificate > &certs)
 Remove a group certificate authorities. More...
 
bool removeCertTrustPolicy (const QSslCertificate &cert)
 Remove a certificate authority. More...
 
bool removeSslCertCustomConfig (const QString &id, const QString &hostport)
 Remove an SSL certificate custom config. More...
 
bool resetMasterPassword (const QString &newpass, const QString &oldpass, bool keepbackup, QString *backuppath=nullptr)
 Reset the master password to a new one, then re-encrypt all previous configs in a new database file, optionally backup curren database. More...
 
bool scheduledAuthDatabaseErase ()
 Whether there is a scheduled opitonal erase of authentication database. More...
 
bool setDefaultCertTrustPolicy (QgsAuthCertUtils::CertTrustPolicy policy)
 Sets the default certificate trust policy preferred by user. More...
 
bool setMasterPassword (bool verify=false)
 Main call to initially set or continually check master password is set. More...
 
bool setMasterPassword (const QString &pass, bool verify=false)
 Overloaded call to reset master password or set it initially without user interaction. More...
 
void setPasswordHelperEnabled (bool enabled)
 Password helper enabled setter. More...
 
void setPasswordHelperLoggingEnabled (bool enabled)
 Password helper logging enabled setter. More...
 
void setScheduledAuthDatabaseErase (bool scheduleErase)
 Schedule an optional erase of authentication database, starting when mutex is lockable. More...
 
void setScheduledAuthDatabaseEraseRequestEmitted (bool emitted)
 Re-emit a signal to schedule an optional erase of authentication database. More...
 
const QgsAuthConfigSslServer sslCertCustomConfig (const QString &id, const QString &hostport)
 sslCertCustomConfig get an SSL certificate custom config by id (sha hash) and hostport (host:port) More...
 
const QgsAuthConfigSslServer sslCertCustomConfigByHost (const QString &hostport)
 sslCertCustomConfigByHost get an SSL certificate custom config by hostport (host:port) More...
 
const QList< QgsAuthConfigSslServersslCertCustomConfigs ()
 sslCertCustomConfigs get SSL certificate custom configs More...
 
bool storeAuthenticationConfig (QgsAuthMethodConfig &mconfig)
 Store an authentication config in the database. More...
 
bool storeAuthSetting (const QString &key, const QVariant &value, bool encrypt=false)
 Store an authentication setting (stored as string via QVariant( value ).toString() ) More...
 
bool storeCertAuthorities (const QList< QSslCertificate > &certs)
 Store multiple certificate authorities. More...
 
bool storeCertAuthority (const QSslCertificate &cert)
 Store a certificate authority. More...
 
bool storeCertIdentity (const QSslCertificate &cert, const QSslKey &key)
 Store a certificate identity. More...
 
bool storeCertTrustPolicy (const QSslCertificate &cert, QgsAuthCertUtils::CertTrustPolicy policy)
 Store user trust value for a certificate. More...
 
bool storeSslCertCustomConfig (const QgsAuthConfigSslServer &config)
 Store an SSL certificate custom config. More...
 
QgsAuthMethod::Expansions supportedAuthMethodExpansions (const QString &authcfg)
 Gets supported authentication method expansion(s), e.g. More...
 
const QList< QSslCertificate > systemRootCAs ()
 systemRootCAs get root system certificate authorities More...
 
const QList< QSslCertificate > trustedCaCerts (bool includeinvalid=false)
 trustedCaCerts get list of all trusted CA certificates More...
 
const QList< QSslCertificate > trustedCaCertsCache ()
 trustedCaCertsCache cache of trusted certificate authorities, ready for network connections More...
 
const QByteArray trustedCaCertsPemText ()
 trustedCaCertsPemText get concatenated string of all trusted CA certificates More...
 
const QString uniqueConfigId () const
 Gets a unique generated 7-character string to assign to as config id. More...
 
const QList< QSslCertificate > untrustedCaCerts (QList< QSslCertificate > trustedCAs=QList< QSslCertificate >())
 untrustedCaCerts get list of untrusted certificate authorities More...
 
bool updateAuthenticationConfig (const QgsAuthMethodConfig &config)
 Update an authentication config in the database. More...
 
void updateConfigAuthMethods ()
 Sync the confg/authentication method cache with what is in database. More...
 
bool updateDataSourceUriItems (QStringList &connectionItems, const QString &authcfg, const QString &dataprovider=QString())
 Provider call to update a QgsDataSourceUri with an authentication config. More...
 
bool updateIgnoredSslErrorsCache (const QString &shahostport, const QList< QSslError > &errors)
 Update ignored SSL error cache with possible ignored SSL errors, using sha:host:port key. More...
 
bool updateIgnoredSslErrorsCacheFromConfig (const QgsAuthConfigSslServer &config)
 Update ignored SSL error cache with possible ignored SSL errors, using server config. More...
 
bool updateNetworkProxy (QNetworkProxy &proxy, const QString &authcfg, const QString &dataprovider=QString())
 Provider call to update a QNetworkProxy with an authentication config. More...
 
bool updateNetworkReply (QNetworkReply *reply, const QString &authcfg, const QString &dataprovider=QString())
 Provider call to update a QNetworkReply with an authentication config (used to skip known SSL errors, etc.) More...
 
bool updateNetworkRequest (QNetworkRequest &request, const QString &authcfg, const QString &dataprovider=QString())
 Provider call to update a QNetworkRequest with an authentication config. More...
 
bool verifyMasterPassword (const QString &compare=QString())
 Verify the supplied master password against any existing hash in authentication database. More...
 

Static Public Attributes

static const QString AUTH_MAN_TAG = QObject::tr( "Authentication Manager" )
 The display name of the Authentication Manager. More...
 
static const QString AUTH_PASSWORD_HELPER_DISPLAY_NAME
 The display name of the password helper (platform dependent) More...
 

Protected Member Functions

 QgsAuthManager ()
 

Static Protected Member Functions

static QgsAuthManagerinstance ()
 Enforce singleton pattern. More...
 

Friends

class QgsApplication
 

Detailed Description

Singleton offering an interface to manage the authentication configuration database and to utilize configurations through various authentication method plugins.

QgsAuthManager should not usually be directly created, but rather accessed through QgsApplication::authManager().

Definition at line 64 of file qgsauthmanager.h.

Member Enumeration Documentation

◆ MessageLevel

Message log level (mirrors that of QgsMessageLog, so it can also output there)

Enumerator
INFO 
WARNING 
CRITICAL 

Definition at line 71 of file qgsauthmanager.h.

Constructor & Destructor Documentation

◆ ~QgsAuthManager()

QgsAuthManager::~QgsAuthManager ( )
override

Definition at line 3026 of file qgsauthmanager.cpp.

◆ QgsAuthManager()

QgsAuthManager::QgsAuthManager ( )
explicitprotected

Definition at line 101 of file qgsauthmanager.cpp.

Member Function Documentation

◆ authDatabaseChanged

void QgsAuthManager::authDatabaseChanged ( )
signal

Emitted when the authentication db is significantly changed, e.g. large record removal, erased, etc.

◆ authDatabaseConfigTable()

const QString QgsAuthManager::authDatabaseConfigTable ( ) const
inline

Name of the authentication database table that stores configs.

Definition at line 95 of file qgsauthmanager.h.

◆ authDatabaseConnection()

QSqlDatabase QgsAuthManager::authDatabaseConnection ( ) const

Sets up the application instance of the authentication database connection.

Definition at line 109 of file qgsauthmanager.cpp.

◆ authDatabaseEraseRequested

void QgsAuthManager::authDatabaseEraseRequested ( )
signal

Emitted when a user has indicated they may want to erase the authentication db.

◆ authDatabaseServersTable()

const QString QgsAuthManager::authDatabaseServersTable ( ) const
inline

Name of the authentication database table that stores server exceptions/configs.

Definition at line 98 of file qgsauthmanager.h.

◆ authenticationDatabasePath()

const QString QgsAuthManager::authenticationDatabasePath ( ) const
inline

The standard authentication database file in ~/.qgis3/ or defined location.

See also
QgsApplication::qgisAuthDatabaseFilePath

Definition at line 111 of file qgsauthmanager.h.

◆ authManTag()

QString QgsAuthManager::authManTag ( ) const
inline

Simple text tag describing authentication system for message logs.

Definition at line 194 of file qgsauthmanager.h.

◆ authMethod()

QgsAuthMethod * QgsAuthManager::authMethod ( const QString &  authMethodKey)

Gets authentication method from the config/provider cache via its key.

Parameters
authMethodKeyAuthentication method key

Definition at line 1021 of file qgsauthmanager.cpp.

◆ authMethodEditWidget()

QWidget * QgsAuthManager::authMethodEditWidget ( const QString &  authMethodKey,
QWidget *  parent 
)

Gets authentication method edit widget via its key.

Parameters
authMethodKeyAuthentication method key
parentParent widget

Definition at line 1054 of file qgsauthmanager.cpp.

◆ authMethodsKeys()

QStringList QgsAuthManager::authMethodsKeys ( const QString &  dataprovider = QString())

Gets keys of supported authentication methods.

Definition at line 1016 of file qgsauthmanager.cpp.

◆ authMethodsMap()

QgsAuthMethodsMap QgsAuthManager::authMethodsMap ( const QString &  dataprovider = QString())

Gets available authentication methods mapped to their key.

Parameters
dataproviderProvider key filter, returning only methods that support a particular provider
Note
not available in Python bindings

Definition at line 1032 of file qgsauthmanager.cpp.

◆ authSetting()

QVariant QgsAuthManager::authSetting ( const QString &  key,
const QVariant &  defaultValue = QVariant(),
bool  decrypt = false 
)

authSetting get an authentication setting (retrieved as string and returned as QVariant( QString ))

Parameters
keysetting key
defaultValue
decryptif the value needs decrypted
Returns
QVariant( QString ) authentication setting
Since
QGIS 3.0

Definition at line 1602 of file qgsauthmanager.cpp.

◆ availableAuthMethodConfigs()

QgsAuthMethodConfigsMap QgsAuthManager::availableAuthMethodConfigs ( const QString &  dataprovider = QString())

Gets mapping of authentication config ids and their base configs (not decrypted data)

Definition at line 917 of file qgsauthmanager.cpp.

◆ backupAuthenticationDatabase()

bool QgsAuthManager::backupAuthenticationDatabase ( QString *  backuppath = nullptr)

Close connection to current authentication database and back it up.

Returns
Path to backup

Definition at line 1342 of file qgsauthmanager.cpp.

◆ caCertsCache()

const QMap<QString, QPair<QgsAuthCertUtils::CaCertSource, QSslCertificate> > QgsAuthManager::caCertsCache ( )
inline

caCertsCache get all CA certs mapped to their sha1 from cache.

Returns
map of sha1 <source, certificates>
Note
not available in Python bindings
Since
QGIS 3.0

Definition at line 550 of file qgsauthmanager.h.

◆ certAuthority()

const QSslCertificate QgsAuthManager::certAuthority ( const QString &  id)

Gets a certificate authority by id (sha hash)

certAuthority get a certificate authority by id (sha hash)

Parameters
idsha hash
Returns
a certificate
Since
QGIS 3.0

Definition at line 2456 of file qgsauthmanager.cpp.

◆ certIdentities()

const QList< QSslCertificate > QgsAuthManager::certIdentities ( )

certIdentities get certificate identities

Returns
list of certificates
Since
QGIS 3.0

Definition at line 1871 of file qgsauthmanager.cpp.

◆ certIdentity()

const QSslCertificate QgsAuthManager::certIdentity ( const QString &  id)

certIdentity get a certificate identity by id (sha hash)

Parameters
idsha hash of the cert
Returns
the certificate
Since
QGIS 3.0

Definition at line 1771 of file qgsauthmanager.cpp.

◆ certIdentityBundle()

const QPair< QSslCertificate, QSslKey > QgsAuthManager::certIdentityBundle ( const QString &  id)

Gets a certificate identity bundle by id (sha hash).

Parameters
idsha shash
Returns
a pair with the certificate and its SSL key
Note
not available in Python bindings
Since
QGIS 3.0

Definition at line 1805 of file qgsauthmanager.cpp.

◆ certIdentityBundleToPem()

const QStringList QgsAuthManager::certIdentityBundleToPem ( const QString &  id)

certIdentityBundleToPem get a certificate identity bundle by id (sha hash) returned as PEM text

Parameters
idsha hash
Returns
a list of strings
Since
QGIS 3.0

Definition at line 1860 of file qgsauthmanager.cpp.

◆ certIdentityIds()

QStringList QgsAuthManager::certIdentityIds ( ) const

certIdentityIds get list of certificate identity ids from database

Returns
list of certificate ids
Since
QGIS 3.0

Definition at line 1893 of file qgsauthmanager.cpp.

◆ certificateTrustPolicy()

QgsAuthCertUtils::CertTrustPolicy QgsAuthManager::certificateTrustPolicy ( const QSslCertificate &  cert)

certificateTrustPolicy get trust policy for a particular certificate cert

Parameters
cert
Returns
DefaultTrust if certificate sha not in trust table, i.e. follows default trust policy
Since
QGIS 3.0

Definition at line 2768 of file qgsauthmanager.cpp.

◆ certTrustCache()

const QMap<QgsAuthCertUtils::CertTrustPolicy, QStringList > QgsAuthManager::certTrustCache ( )
inline

certTrustCache get cache of certificate sha1s, per trust policy

Returns
trust-policy-mapped certificate sha1s
Since
QGIS 3.0

Definition at line 594 of file qgsauthmanager.h.

◆ certTrustPolicy()

QgsAuthCertUtils::CertTrustPolicy QgsAuthManager::certTrustPolicy ( const QSslCertificate &  cert)

certTrustPolicy get whether certificate cert is trusted by user

Parameters
cert
Returns
DefaultTrust if certificate sha not in trust table, i.e. follows default trust policy
Since
QGIS 3.0

Definition at line 2682 of file qgsauthmanager.cpp.

◆ clearAllCachedConfigs

void QgsAuthManager::clearAllCachedConfigs ( )
slot

Clear all authentication configs from authentication method caches.

Definition at line 2938 of file qgsauthmanager.cpp.

◆ clearCachedConfig

void QgsAuthManager::clearCachedConfig ( const QString &  authcfg)
slot

Clear an authentication config from its associated authentication method cache.

Definition at line 2950 of file qgsauthmanager.cpp.

◆ clearMasterPassword()

void QgsAuthManager::clearMasterPassword ( )
inline

Clear supplied master password.

Note
This will not necessarily clear authenticated connections cached in network connection managers

Definition at line 145 of file qgsauthmanager.h.

◆ configAuthMethod()

QgsAuthMethod * QgsAuthManager::configAuthMethod ( const QString &  authcfg)

Gets authentication method from the config/provider cache.

Parameters
authcfgAuthentication config id

Definition at line 991 of file qgsauthmanager.cpp.

◆ configAuthMethodKey()

QString QgsAuthManager::configAuthMethodKey ( const QString &  authcfg) const

Gets key of authentication method associated with config ID.

Parameters
authcfg

Definition at line 1007 of file qgsauthmanager.cpp.

◆ configIdRegex()

QString QgsAuthManager::configIdRegex ( ) const
inline

Returns the regular expression for authcfg=.{7} key/value token for authentication ids.

Definition at line 264 of file qgsauthmanager.h.

◆ configIds()

QStringList QgsAuthManager::configIds ( ) const

Gets list of authentication ids from database.

Definition at line 3400 of file qgsauthmanager.cpp.

◆ configIdUnique()

bool QgsAuthManager::configIdUnique ( const QString &  id) const

Verify if provided authentication id is unique.

Parameters
idId to check

Definition at line 895 of file qgsauthmanager.cpp.

◆ databaseCAs()

const QList< QSslCertificate > QgsAuthManager::databaseCAs ( )

databaseCAs get database-stored certificate authorities

Returns
list of certificate authorities
Since
QGIS 3.0

Definition at line 2600 of file qgsauthmanager.cpp.

◆ defaultCertTrustPolicy()

QgsAuthCertUtils::CertTrustPolicy QgsAuthManager::defaultCertTrustPolicy ( )

Gets the default certificate trust policy preferred by user.

Definition at line 2803 of file qgsauthmanager.cpp.

◆ disabledMessage()

const QString QgsAuthManager::disabledMessage ( ) const

Standard message for when QCA's qca-ossl plugin is missing and system is disabled.

Definition at line 488 of file qgsauthmanager.cpp.

◆ dumpIgnoredSslErrorsCache_()

void QgsAuthManager::dumpIgnoredSslErrorsCache_ ( )

Utility function to dump the cache for debug purposes.

Definition at line 2244 of file qgsauthmanager.cpp.

◆ eraseAuthenticationDatabase()

bool QgsAuthManager::eraseAuthenticationDatabase ( bool  backup,
QString *  backuppath = nullptr 
)

Erase all rows from all tables in authentication database.

Parameters
backupWhether to backup of current database
backuppathWhere the backup is locate
Returns
Whether operation succeeded

Definition at line 1378 of file qgsauthmanager.cpp.

◆ existsAuthSetting()

bool QgsAuthManager::existsAuthSetting ( const QString &  key)

Check if an authentication setting exists.

Definition at line 1645 of file qgsauthmanager.cpp.

◆ existsCertAuthority()

bool QgsAuthManager::existsCertAuthority ( const QSslCertificate &  cert)

Check if a certificate authority exists.

Definition at line 2490 of file qgsauthmanager.cpp.

◆ existsCertIdentity()

bool QgsAuthManager::existsCertIdentity ( const QString &  id)

Check if a certificate identity exists.

Definition at line 1919 of file qgsauthmanager.cpp.

◆ existsSslCertCustomConfig()

bool QgsAuthManager::existsSslCertCustomConfig ( const QString &  id,
const QString &  hostport 
)

Check if SSL certificate custom config exists.

Definition at line 2167 of file qgsauthmanager.cpp.

◆ extraFileCAs()

const QList< QSslCertificate > QgsAuthManager::extraFileCAs ( )

extraFileCAs extra file-based certificate authorities

Returns
list of certificate authorities
Since
QGIS 3.0

Definition at line 2563 of file qgsauthmanager.cpp.

◆ hasConfigId()

bool QgsAuthManager::hasConfigId ( const QString &  txt) const

Returns whether a string includes an authcfg ID token.

Parameters
txtString to check

Definition at line 911 of file qgsauthmanager.cpp.

◆ ignoredSslErrorCache()

QHash<QString, QSet<QSslError::SslError> > QgsAuthManager::ignoredSslErrorCache ( )
inline

ignoredSslErrorCache Get ignored SSL error cache, keyed with cert/connection's sha:host:port.

Returns
hash keyed with cert/connection's sha:host:port.
Note
not available in Python bindings
Since
QGIS 3.0

Definition at line 479 of file qgsauthmanager.h.

◆ init()

bool QgsAuthManager::init ( const QString &  pluginPath = QString(),
const QString &  authDatabasePath = QString() 
)

init initialize QCA, prioritize qca-ossl plugin and optionally set up the authentication database

Parameters
pluginPaththe plugin path
authDatabasePaththe authentication DB path
Returns
true on success
See also
QgsApplication::pluginPath
QgsApplication::qgisAuthDatabaseFilePath

Definition at line 172 of file qgsauthmanager.cpp.

◆ initSslCaches()

bool QgsAuthManager::initSslCaches ( )

Initialize various SSL authentication caches.

Definition at line 1709 of file qgsauthmanager.cpp.

◆ instance()

QgsAuthManager * QgsAuthManager::instance ( )
staticprotected

Enforce singleton pattern.

Note
To set up the manager instance and initialize everything use QgsAuthManager::instance()->init()

Definition at line 89 of file qgsauthmanager.cpp.

◆ isDisabled()

bool QgsAuthManager::isDisabled ( ) const

Whether QCA has the qca-ossl plugin, which a base run-time requirement.

Definition at line 479 of file qgsauthmanager.cpp.

◆ loadAuthenticationConfig()

bool QgsAuthManager::loadAuthenticationConfig ( const QString &  authcfg,
QgsAuthMethodConfig mconfig,
bool  full = false 
)

Load an authentication config from the database into subclass.

Parameters
authcfgAssociated authentication config id
mconfigSubclassed config to load into
fullWhether to decrypt and populate all sensitive data in subclass
Returns
Whether operation succeeded

Definition at line 1220 of file qgsauthmanager.cpp.

◆ mappedDatabaseCAs()

const QMap< QString, QSslCertificate > QgsAuthManager::mappedDatabaseCAs ( )

mappedDatabaseCAs get sha1-mapped database-stored certificate authorities

Returns
sha1-mapped certificate authorities
Since
QGIS 3.0

Definition at line 2622 of file qgsauthmanager.cpp.

◆ masterPasswordHashInDatabase()

bool QgsAuthManager::masterPasswordHashInDatabase ( ) const

Verify a password hash existing in authentication database.

Definition at line 3306 of file qgsauthmanager.cpp.

◆ masterPasswordIsSet()

bool QgsAuthManager::masterPasswordIsSet ( ) const

Whether master password has be input and verified, i.e. authentication database is accessible.

Definition at line 644 of file qgsauthmanager.cpp.

◆ masterPasswordSame()

bool QgsAuthManager::masterPasswordSame ( const QString &  pass) const

Check whether supplied password is the same as the one already set.

Parameters
passPassword to verify

Definition at line 649 of file qgsauthmanager.cpp.

◆ masterPasswordVerified

void QgsAuthManager::masterPasswordVerified ( bool  verified)
signal

Emitted when a password has been verify (or not)

Parameters
verifiedThe state of password's verification

◆ messageOut

void QgsAuthManager::messageOut ( const QString &  message,
const QString &  tag = QgsAuthManager::AUTH_MAN_TAG,
QgsAuthManager::MessageLevel  level = QgsAuthManager::INFO 
) const
signal

Custom logging signal to relay to console output and QgsMessageLog.

Parameters
messageMessage to send
tagAssociated tag (title)
levelMessage log level
See also
QgsMessageLog

◆ passwordHelperDelete()

bool QgsAuthManager::passwordHelperDelete ( )

Delete master password from wallet.

Note
not available in Python bindings

Definition at line 3066 of file qgsauthmanager.cpp.

◆ passwordHelperEnabled()

bool QgsAuthManager::passwordHelperEnabled ( ) const

Password helper enabled getter.

Note
Available in Python bindings since QGIS 3.8.0

Definition at line 3173 of file qgsauthmanager.cpp.

◆ passwordHelperErrorMessage()

const QString QgsAuthManager::passwordHelperErrorMessage ( )
inline

Error message getter.

Note
not available in Python bindings

Definition at line 637 of file qgsauthmanager.h.

◆ passwordHelperFailure

void QgsAuthManager::passwordHelperFailure ( )
signal

Signals emitted on password helper failure, mainly used in the tests to exit main application loop.

◆ passwordHelperLoggingEnabled()

bool QgsAuthManager::passwordHelperLoggingEnabled ( ) const

Password helper logging enabled getter.

Note
not available in Python bindings

Definition at line 3190 of file qgsauthmanager.cpp.

◆ passwordHelperMessageOut

void QgsAuthManager::passwordHelperMessageOut ( const QString &  message,
const QString &  tag = QgsAuthManager::AUTH_MAN_TAG,
QgsAuthManager::MessageLevel  level = QgsAuthManager::INFO 
)
signal

Custom logging signal to inform the user about master password <-> password manager interactions.

Parameters
messageMessage to send
tagAssociated tag (title)
levelMessage log level
See also
QgsMessageLog

◆ passwordHelperSuccess

void QgsAuthManager::passwordHelperSuccess ( )
signal

Signals emitted on password helper success, mainly used in the tests to exit main application loop.

◆ passwordHelperSync()

bool QgsAuthManager::passwordHelperSync ( )

Store the password manager into the wallet.

Note
Available in Python bindings since QGIS 3.8.0

Definition at line 2923 of file qgsauthmanager.cpp.

◆ rebuildCaCertsCache()

bool QgsAuthManager::rebuildCaCertsCache ( )

Rebuild certificate authority cache.

Definition at line 2628 of file qgsauthmanager.cpp.

◆ rebuildCertTrustCache()

bool QgsAuthManager::rebuildCertTrustCache ( )

Rebuild certificate authority cache.

Definition at line 2814 of file qgsauthmanager.cpp.

◆ rebuildIgnoredSslErrorCache()

bool QgsAuthManager::rebuildIgnoredSslErrorCache ( )

Rebuild ignoredSSL error cache.

Definition at line 2341 of file qgsauthmanager.cpp.

◆ rebuildTrustedCaCertsCache()

bool QgsAuthManager::rebuildTrustedCaCertsCache ( )

Rebuild trusted certificate authorities cache.

Definition at line 2908 of file qgsauthmanager.cpp.

◆ registerCoreAuthMethods()

bool QgsAuthManager::registerCoreAuthMethods ( )

Instantiate and register existing C++ core authentication methods from plugins.

Definition at line 828 of file qgsauthmanager.cpp.

◆ removeAllAuthenticationConfigs()

bool QgsAuthManager::removeAllAuthenticationConfigs ( )

Clear all authentication configs from table in database and from provider caches.

Returns
Whether operation succeeded

Definition at line 1321 of file qgsauthmanager.cpp.

◆ removeAuthenticationConfig()

bool QgsAuthManager::removeAuthenticationConfig ( const QString &  authcfg)

Remove an authentication config in the database.

Parameters
authcfgAssociated authentication config id
Returns
Whether operation succeeded

Definition at line 1288 of file qgsauthmanager.cpp.

◆ removeAuthSetting()

bool QgsAuthManager::removeAuthSetting ( const QString &  key)

Remove an authentication setting.

Definition at line 1678 of file qgsauthmanager.cpp.

◆ removeCertAuthority()

bool QgsAuthManager::removeCertAuthority ( const QSslCertificate &  cert)

Remove a certificate authority.

Definition at line 2528 of file qgsauthmanager.cpp.

◆ removeCertIdentity()

bool QgsAuthManager::removeCertIdentity ( const QString &  id)

Remove a certificate identity.

Definition at line 1952 of file qgsauthmanager.cpp.

◆ removeCertTrustPolicies()

bool QgsAuthManager::removeCertTrustPolicies ( const QList< QSslCertificate > &  certs)

Remove a group certificate authorities.

Definition at line 2720 of file qgsauthmanager.cpp.

◆ removeCertTrustPolicy()

bool QgsAuthManager::removeCertTrustPolicy ( const QSslCertificate &  cert)

Remove a certificate authority.

Definition at line 2737 of file qgsauthmanager.cpp.

◆ removeSslCertCustomConfig()

bool QgsAuthManager::removeSslCertCustomConfig ( const QString &  id,
const QString &  hostport 
)

Remove an SSL certificate custom config.

Definition at line 2205 of file qgsauthmanager.cpp.

◆ resetMasterPassword()

bool QgsAuthManager::resetMasterPassword ( const QString &  newpass,
const QString &  oldpass,
bool  keepbackup,
QString *  backuppath = nullptr 
)

Reset the master password to a new one, then re-encrypt all previous configs in a new database file, optionally backup curren database.

Parameters
newpassNew master password to replace existing
oldpassCurrent master password to replace existing
keepbackupWhether to keep the generated backup of current database
backuppathWhere the backup is located, if kept

Definition at line 654 of file qgsauthmanager.cpp.

◆ scheduledAuthDatabaseErase()

bool QgsAuthManager::scheduledAuthDatabaseErase ( )
inline

Whether there is a scheduled opitonal erase of authentication database.

Note
not available in Python bindings

Definition at line 167 of file qgsauthmanager.h.

◆ setDefaultCertTrustPolicy()

bool QgsAuthManager::setDefaultCertTrustPolicy ( QgsAuthCertUtils::CertTrustPolicy  policy)

Sets the default certificate trust policy preferred by user.

Definition at line 2792 of file qgsauthmanager.cpp.

◆ setMasterPassword() [1/2]

bool QgsAuthManager::setMasterPassword ( bool  verify = false)

Main call to initially set or continually check master password is set.

Note
If it is not set, the user is asked for its input
Parameters
verifyWhether password's hash was saved in authentication database

Definition at line 493 of file qgsauthmanager.cpp.

◆ setMasterPassword() [2/2]

bool QgsAuthManager::setMasterPassword ( const QString &  pass,
bool  verify = false 
)

Overloaded call to reset master password or set it initially without user interaction.

Note
Only use this in trusted reset functions, unit tests or user/app setup scripts!
Parameters
passPassword to use
verifyWhether password's hash was saved in authentication database

Definition at line 525 of file qgsauthmanager.cpp.

◆ setPasswordHelperEnabled()

void QgsAuthManager::setPasswordHelperEnabled ( bool  enabled)

Password helper enabled setter.

Note
Available in Python bindings since QGIS 3.8.0

Definition at line 3180 of file qgsauthmanager.cpp.

◆ setPasswordHelperLoggingEnabled()

void QgsAuthManager::setPasswordHelperLoggingEnabled ( bool  enabled)

Password helper logging enabled setter.

Note
not available in Python bindings

Definition at line 3197 of file qgsauthmanager.cpp.

◆ setScheduledAuthDatabaseErase()

void QgsAuthManager::setScheduledAuthDatabaseErase ( bool  scheduleErase)

Schedule an optional erase of authentication database, starting when mutex is lockable.

Note
When an erase is scheduled, any attempt to set the master password, e.g. password input dialog, is effectively canceled. For example: In a GUI app, this keeps excess password input dialogs from popping up when a user has initiated an erase, from a password input dialog, because they forgot their password. The created schedule timer will emit a request to gain access to the user, through the given application, to prompt the erase operation (e.g. via a dialog); if no access to user interaction occurs within 90 seconds, it cancels the schedule.
not available in Python bindings

Definition at line 801 of file qgsauthmanager.cpp.

◆ setScheduledAuthDatabaseEraseRequestEmitted()

void QgsAuthManager::setScheduledAuthDatabaseEraseRequestEmitted ( bool  emitted)
inline

Re-emit a signal to schedule an optional erase of authentication database.

Note
This can be called from the slot connected to a previously emitted scheduling signal, so that the slot can ask for another emit later, if the slot noticies the current GUI processing state is not ready for interacting with the user, e.g. project is still loading
Parameters
emittedSetting to false will cause signal to be emitted by the schedule timer. Setting to true will stop any emitting, but will not stop the schedule timer.

Definition at line 191 of file qgsauthmanager.h.

◆ sslCertCustomConfig()

const QgsAuthConfigSslServer QgsAuthManager::sslCertCustomConfig ( const QString &  id,
const QString &  hostport 
)

sslCertCustomConfig get an SSL certificate custom config by id (sha hash) and hostport (host:port)

Parameters
idsha hash
hostportstring host:port
Returns
a SSL certificate custom config
Since
QGIS 3.0

Definition at line 2024 of file qgsauthmanager.cpp.

◆ sslCertCustomConfigByHost()

const QgsAuthConfigSslServer QgsAuthManager::sslCertCustomConfigByHost ( const QString &  hostport)

sslCertCustomConfigByHost get an SSL certificate custom config by hostport (host:port)

Parameters
hostporthost:port
Returns
a SSL certificate custom config
Since
QGIS 3.0

Definition at line 2066 of file qgsauthmanager.cpp.

◆ sslCertCustomConfigs()

const QList< QgsAuthConfigSslServer > QgsAuthManager::sslCertCustomConfigs ( )

sslCertCustomConfigs get SSL certificate custom configs

Returns
list of SSL certificate custom config
Since
QGIS 3.0

Definition at line 2140 of file qgsauthmanager.cpp.

◆ storeAuthenticationConfig()

bool QgsAuthManager::storeAuthenticationConfig ( QgsAuthMethodConfig mconfig)

Store an authentication config in the database.

Parameters
mconfigAssociated authentication config id
Returns
Whether operation succeeded

Definition at line 1072 of file qgsauthmanager.cpp.

◆ storeAuthSetting()

bool QgsAuthManager::storeAuthSetting ( const QString &  key,
const QVariant &  value,
bool  encrypt = false 
)

Store an authentication setting (stored as string via QVariant( value ).toString() )

Definition at line 1561 of file qgsauthmanager.cpp.

◆ storeCertAuthorities()

bool QgsAuthManager::storeCertAuthorities ( const QList< QSslCertificate > &  certs)

Store multiple certificate authorities.

Definition at line 2403 of file qgsauthmanager.cpp.

◆ storeCertAuthority()

bool QgsAuthManager::storeCertAuthority ( const QSslCertificate &  cert)

Store a certificate authority.

Definition at line 2420 of file qgsauthmanager.cpp.

◆ storeCertIdentity()

bool QgsAuthManager::storeCertIdentity ( const QSslCertificate &  cert,
const QSslKey &  key 
)

Store a certificate identity.

Definition at line 1727 of file qgsauthmanager.cpp.

◆ storeCertTrustPolicy()

bool QgsAuthManager::storeCertTrustPolicy ( const QSslCertificate &  cert,
QgsAuthCertUtils::CertTrustPolicy  policy 
)

Store user trust value for a certificate.

Definition at line 2643 of file qgsauthmanager.cpp.

◆ storeSslCertCustomConfig()

bool QgsAuthManager::storeSslCertCustomConfig ( const QgsAuthConfigSslServer config)

Store an SSL certificate custom config.

Definition at line 1980 of file qgsauthmanager.cpp.

◆ supportedAuthMethodExpansions()

QgsAuthMethod::Expansions QgsAuthManager::supportedAuthMethodExpansions ( const QString &  authcfg)

Gets supported authentication method expansion(s), e.g.

NetworkRequest | DataSourceURI, as flags

Parameters
authcfg

Definition at line 1059 of file qgsauthmanager.cpp.

◆ systemRootCAs()

const QList< QSslCertificate > QgsAuthManager::systemRootCAs ( )

systemRootCAs get root system certificate authorities

Returns
list of certificate authorities
Since
QGIS 3.0

Definition at line 2558 of file qgsauthmanager.cpp.

◆ trustedCaCerts()

const QList< QSslCertificate > QgsAuthManager::trustedCaCerts ( bool  includeinvalid = false)

trustedCaCerts get list of all trusted CA certificates

Parameters
includeinvalidwhether invalid certs needs to be returned
Returns
list of certificates
Since
QGIS 3.0

Definition at line 2848 of file qgsauthmanager.cpp.

◆ trustedCaCertsCache()

const QList<QSslCertificate> QgsAuthManager::trustedCaCertsCache ( )
inline

trustedCaCertsCache cache of trusted certificate authorities, ready for network connections

Returns
list of certificates
Since
QGIS 3.0

Definition at line 622 of file qgsauthmanager.h.

◆ trustedCaCertsPemText()

const QByteArray QgsAuthManager::trustedCaCertsPemText ( )

trustedCaCertsPemText get concatenated string of all trusted CA certificates

Returns
bye array with all PEM encoded trusted CAs
Since
QGIS 3.0

Definition at line 2917 of file qgsauthmanager.cpp.

◆ uniqueConfigId()

const QString QgsAuthManager::uniqueConfigId ( ) const

Gets a unique generated 7-character string to assign to as config id.

Definition at line 844 of file qgsauthmanager.cpp.

◆ untrustedCaCerts()

const QList< QSslCertificate > QgsAuthManager::untrustedCaCerts ( QList< QSslCertificate >  trustedCAs = QList<QSslCertificate>())

untrustedCaCerts get list of untrusted certificate authorities

Returns
list of certificates
Since
QGIS 3.0

Definition at line 2882 of file qgsauthmanager.cpp.

◆ updateAuthenticationConfig()

bool QgsAuthManager::updateAuthenticationConfig ( const QgsAuthMethodConfig config)

Update an authentication config in the database.

Parameters
configAssociated authentication config id
Returns
Whether operation succeeded

Definition at line 1149 of file qgsauthmanager.cpp.

◆ updateConfigAuthMethods()

void QgsAuthManager::updateConfigAuthMethods ( )

Sync the confg/authentication method cache with what is in database.

Definition at line 962 of file qgsauthmanager.cpp.

◆ updateDataSourceUriItems()

bool QgsAuthManager::updateDataSourceUriItems ( QStringList &  connectionItems,
const QString &  authcfg,
const QString &  dataprovider = QString() 
)

Provider call to update a QgsDataSourceUri with an authentication config.

Parameters
connectionItemsThe connection items, e.g. username=myname, of QgsDataSourceUri
authcfgAssociated authentication config id
dataproviderProvider key filter, offering logic branching in authentication method
Returns
Whether operation succeeded

Definition at line 1509 of file qgsauthmanager.cpp.

◆ updateIgnoredSslErrorsCache()

bool QgsAuthManager::updateIgnoredSslErrorsCache ( const QString &  shahostport,
const QList< QSslError > &  errors 
)

Update ignored SSL error cache with possible ignored SSL errors, using sha:host:port key.

Definition at line 2297 of file qgsauthmanager.cpp.

◆ updateIgnoredSslErrorsCacheFromConfig()

bool QgsAuthManager::updateIgnoredSslErrorsCacheFromConfig ( const QgsAuthConfigSslServer config)

Update ignored SSL error cache with possible ignored SSL errors, using server config.

Definition at line 2268 of file qgsauthmanager.cpp.

◆ updateNetworkProxy()

bool QgsAuthManager::updateNetworkProxy ( QNetworkProxy &  proxy,
const QString &  authcfg,
const QString &  dataprovider = QString() 
)

Provider call to update a QNetworkProxy with an authentication config.

Parameters
proxythe QNetworkProxy
authcfgAssociated authentication config id
dataproviderProvider key filter, offering logic branching in authentication method
Returns
Whether operation succeeded

Definition at line 1535 of file qgsauthmanager.cpp.

◆ updateNetworkReply()

bool QgsAuthManager::updateNetworkReply ( QNetworkReply *  reply,
const QString &  authcfg,
const QString &  dataprovider = QString() 
)

Provider call to update a QNetworkReply with an authentication config (used to skip known SSL errors, etc.)

Parameters
replyThe QNetworkReply
authcfgAssociated authentication config id
dataproviderProvider key filter, offering logic branching in authentication method
Returns
Whether operation succeeded

Definition at line 1483 of file qgsauthmanager.cpp.

◆ updateNetworkRequest()

bool QgsAuthManager::updateNetworkRequest ( QNetworkRequest &  request,
const QString &  authcfg,
const QString &  dataprovider = QString() 
)

Provider call to update a QNetworkRequest with an authentication config.

Parameters
requestThe QNetworkRequest
authcfgAssociated authentication config id
dataproviderProvider key filter, offering logic branching in authentication method
Returns
Whether operation succeeded

Definition at line 1458 of file qgsauthmanager.cpp.

◆ verifyMasterPassword()

bool QgsAuthManager::verifyMasterPassword ( const QString &  compare = QString())

Verify the supplied master password against any existing hash in authentication database.

Note
Do not emit verification signals when only comparing
Parameters
comparePassword to compare against

Definition at line 550 of file qgsauthmanager.cpp.

Friends And Related Function Documentation

◆ QgsApplication

friend class QgsApplication
friend

Definition at line 911 of file qgsauthmanager.h.

Member Data Documentation

◆ AUTH_MAN_TAG

const QString QgsAuthManager::AUTH_MAN_TAG = QObject::tr( "Authentication Manager" )
static

The display name of the Authentication Manager.

Definition at line 679 of file qgsauthmanager.h.

◆ AUTH_PASSWORD_HELPER_DISPLAY_NAME

const QString QgsAuthManager::AUTH_PASSWORD_HELPER_DISPLAY_NAME
static

The display name of the password helper (platform dependent)

Definition at line 676 of file qgsauthmanager.h.


The documentation for this class was generated from the following files: