WebDAV: handle 403 during Google OAuth authentication

When sending an access token with insufficient scope (for example, because the Ubuntu Online Accounts service definition was incomplete, as documented in FDO #86824), Google responds with a 403 "service denied" error. Neon (arguably correctly) treats this as a permanent error and not as a transient authentication error. Google should better send a 401 error. To activate the 401 error handling in SyncEvolution, detect this special case and turn the general SE_ERROR error into SE_AUTH.
author: Patrick Ohly <patrick.ohly@intel.com> 2015-02-13 07:52:37 -0800
committer: Patrick Ohly <patrick.ohly@intel.com> 2015-03-03 10:44:03 +0100
commit: 84a30285a9cc649baf093846ef664d47fefee646 (patch)
tree: 1aa9996acfe5ca48cee810f562917391be003d37
parent: d84f3233981d80ea3436a21f8c6a89b1a4a61731 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/src/backends/webdav/NeonCXX.cpp b/src/backends/webdav/NeonCXX.cpp
index 4fb9120a..dc0eb575 100644
--- a/src/backends/webdav/NeonCXX.cpp
+++ b/src/backends/webdav/NeonCXX.cpp
@@ -603,6 +603,12 @@ bool Session::checkError(int error, int code, const ne_status *status,
         }
     }
 
+    // Detect 403 returned by Google for a bad access token and treat that like
+    // 401 = NE_AUTH. Neon itself doesn't do that.
+    if (m_authProvider && error == NE_ERROR && code == 403) {
+        error = NE_AUTH;
+    }
+
     switch (error) {
     case NE_OK:
         // request itself completed, but might still have resulted in bad status
author	Patrick Ohly <patrick.ohly@intel.com>	2015-02-13 07:52:37 -0800
committer	Patrick Ohly <patrick.ohly@intel.com>	2015-03-03 10:44:03 +0100
commit	84a30285a9cc649baf093846ef664d47fefee646 (patch)
tree	1aa9996acfe5ca48cee810f562917391be003d37
parent	d84f3233981d80ea3436a21f8c6a89b1a4a61731 (diff)