Commit 3a4f47ec authored by Milan Crha's avatar Milan Crha

Do not delete passwords during authentication session

The stored password was deleted before actual password prompt
was shown, which is not correct, because the reason to fail with
the stored password can be either that the password on the server
changed or some issue with libsecret, not providing the correct
stored password. As it happens sometimes that the libsecret fails,
then it is quite bad to reenter all the passwords only due to this
reason, thus better do not delete the password at all. The worse
thing on the fact that the password is deleted before the actual
password prompt is shown is that the password prompts pile in a queue,
thus even if the source registry process is killed quickly enough,
at the first false password prompt, all the other stored passwords
are already gone. Not talking that the piled password prompts
can be cancelled meanwhile.
parent 51f4daf6
......@@ -504,20 +504,6 @@ authentication_session_execute_sync (EAuthenticationSession *session,
g_warn_if_fail (auth_result == E_SOURCE_AUTHENTICATION_REJECTED);
/* The stored password is bad so delete it from the keyring.
* Failure here does not affect the outcome of this operation,
* but leave a breadcrumb as evidence that something went wrong. */
if (source != NULL) {
e_source_delete_password_sync (
source, cancellable, &local_error);
if (local_error != NULL) {
g_warning ("%s: %s", G_STRFUNC, local_error->message);
g_clear_error (&local_error);
}
}
/* Check if we're allowed to interrupt the user for a password.
* If not, we have no choice but to dismiss the authentication
* request. */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment