GNOME Bugzilla – Bug 722202
Add support for Rajce.net photo sharing service
Last modified: 2014-05-06 18:14:54 UTC
We received a request on the Shotwell mailing list to add an extras plugin to support Racje.net, a photo sharing service in the Czech Republic. The plugin was developed by Racje.net. I'll attach the original diff to this ticket. It's not a proper patch, but an archive of new and changed files that must be moved into the right locations in the Shotwell source tree.
Created attachment 266291 [details] New and changed files to add Racje.net photo sharing support to Shotwell
There's an issue with this patch. The plugin stores the password in the clear in GSettings. Our other plugins (including in Extras) store authentication tokens generated server-side. Petr, does Rajce.net generate auth tokens for its service? Can those be stored instead of passwords? I've created a branch with this plugin at wip/722202-rajce
(In reply to comment #2) > There's an issue with this patch. The plugin stores the password in the clear > in GSettings. Our other plugins (including in Extras) store authentication > tokens generated server-side. > > Petr, does Rajce.net generate auth tokens for its service? Can those be stored > instead of passwords? > > I've created a branch with this plugin at wip/722202-rajce I've changed the code to be safer - storing hashes instead of unencrypted passwords in GSettings. Rajce.net does generate tokens, but with limited lifetime only. Storing those tokens would be another possibility, but not so reliable.
Petr, can you attach a diff to this ticket, or a link to a repo? I'm wary of hashing the password if your code is simply obfuscating it. If the tokens have a reasonable lifetime, it's okay to store them. Our other web sharing plugins do that as well.
Created attachment 269474 [details] [review] Rajce publishing extra plugin - patch for Shotwell 0.14.1
(In reply to comment #4) > Petr, can you attach a diff to this ticket, or a link to a repo? > > I'm wary of hashing the password if your code is simply obfuscating it. If the > tokens have a reasonable lifetime, it's okay to store them. Our other web > sharing plugins do that as well. Jim, the patch has been attached (as a patch to Shotwell 0.14.1, still the version storing encrypted passwords on client side). I'm going to check usability and exact lifetime of tokens with Rajce.net service developer. If possible, I'll use them in the next version, merged with the latest Shotwell code. Will you agree?
Pushed to master, commit afd4a3 Thanks for your patience, Petr, this is now committed to master. One thing: I don't believe your patch included the racje.png icon file. I've created a new ticket for at at bug #729666. If you attach the file directly to that ticket, I'll commit it to Shotwell.