NOISSUE Provide dummy implementation for the secrets library

This commit is contained in:
Petr Mrázek 2021-09-05 18:23:49 +02:00
parent d644fb2094
commit 878c4fb810
7 changed files with 69 additions and 13 deletions

View File

@ -289,7 +289,10 @@ add_subdirectory(buildconfig)
if(MultiMC_EMBED_SECRETS)
add_subdirectory(secrets)
else()
add_subdirectory(notsecrets)
endif()
# NOTE: this must always be last to appease the CMake deity of quirky install command evaluation order.
add_subdirectory(launcher)

View File

@ -949,9 +949,7 @@ install(TARGETS MultiMC
RUNTIME DESTINATION ${BINARY_DEST_DIR} COMPONENT Runtime
)
if(MultiMC_EMBED_SECRETS)
target_link_libraries(MultiMC_logic secrets)
endif()
#### The MultiMC bundle mess! ####
# Bundle utilities are used to complete the portable packages - they add all the libraries that would otherwise be missing on the target system.

View File

@ -18,9 +18,7 @@
#include "katabasis/Globals.h"
#include "AuthRequest.h"
#ifdef EMBED_SECRETS
#include "Secrets.h"
#endif
#include "Env.h"
@ -53,13 +51,18 @@ void AuthContext::finishActivity() {
}
void AuthContext::initMSA() {
#ifdef EMBED_SECRETS
if(m_oauth2) {
return;
}
auto clientId = Secrets::getMSAClientID('-');
if(clientId.isEmpty()) {
return;
}
Katabasis::OAuth2::Options opts;
opts.scope = "XboxLive.signin offline_access";
opts.clientIdentifier = Secrets::getMSAClientID('-');
opts.clientIdentifier = clientId;
opts.authorizationUrl = "https://login.microsoftonline.com/consumers/oauth2/v2.0/devicecode";
opts.accessTokenUrl = "https://login.microsoftonline.com/consumers/oauth2/v2.0/token";
opts.listenerPorts = {28562, 28563, 28564, 28565, 28566};
@ -71,7 +74,6 @@ void AuthContext::initMSA() {
connect(m_oauth2, &OAuth2::linkingSucceeded, this, &AuthContext::onOAuthLinkingSucceeded);
connect(m_oauth2, &OAuth2::showVerificationUriAndCode, this, &AuthContext::showVerificationUriAndCode);
connect(m_oauth2, &OAuth2::activityChanged, this, &AuthContext::onOAuthActivityChanged);
#endif
}
void AuthContext::initMojang() {

View File

@ -37,6 +37,8 @@
#include "BuildConfig.h"
#include <dialogs/MSALoginDialog.h>
#include "Secrets.h"
AccountListPage::AccountListPage(QWidget *parent)
: QMainWindow(parent), ui(new Ui::AccountListPage)
{
@ -70,11 +72,8 @@ AccountListPage::AccountListPage(QWidget *parent)
updateButtonStates();
// Xbox authentication won't work without a client identifier, so disable the button
// if the build didn't specify one (GH-4012)
#ifndef EMBED_SECRETS
ui->actionAddMicrosoft->setVisible(false);
#endif
// Xbox authentication won't work without a client identifier, so disable the button if it is missing
ui->actionAddMicrosoft->setVisible(Secrets::hasMSAClientID());
}
AccountListPage::~AccountListPage()

View File

@ -0,0 +1,4 @@
add_library(secrets STATIC Secrets.cpp Secrets.h)
target_link_libraries(secrets Qt5::Core)
target_compile_definitions(secrets PUBLIC -DEMBED_SECRETS)
target_include_directories(secrets PUBLIC .)

42
notsecrets/Secrets.cpp Normal file
View File

@ -0,0 +1,42 @@
#include "Secrets.h"
#include <array>
#include <cstdio>
namespace {
/*
* This is the MSA client ID. It is confidential and should not be reused.
* You can obtain one for yourself by using azure app registration:
* https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app
*
* The app registration should:
* - Be only for personal accounts.
* - Not have any redirect URI.
* - Not have any platform.
* - Have no credentials.
* - No certificates.
* - No client secrets.
* - Enable 'Live SDK support' for access to XBox APIs.
* - Enable 'public client flows' for OAuth2 device flow.
*
* By putting one in here, you accept the terms and conditions for using the MS Identity Plaform and assume all responsibilities associated with it.
* See: https://docs.microsoft.com/en-us/legal/microsoft-identity-platform/terms-of-use
*
* Above all else, do not impersonate other applications! This includes the Mojang Launcher and MultiMC - your builds are *NOT* MultiMC.
*
* If you intend to base your own launcher on this code, take care and customize this to obfuscate the client ID, so it cannot be trivially found by casual attackers.
*/
QString MSAClientID = "";
}
namespace Secrets {
bool hasMSAClientID() {
return !MSAClientID.isEmpty();
}
QString getMSAClientID(uint8_t separator) {
return MSAClientID;
}
}

8
notsecrets/Secrets.h Normal file
View File

@ -0,0 +1,8 @@
#pragma once
#include <QString>
#include <cstdint>
namespace Secrets {
bool hasMSAClientID();
QString getMSAClientID(uint8_t separator);
}