commit 1d08d03c80cb01c5495c9e04301ad20b21ae06bb Author: Sukhbir Singh sukhbir@torproject.org Date: Mon May 9 10:43:35 2016 -0400
Set authentication for Gmail to OAuth2 (#17118)
For Gmail, the authentication type is set to OAuth2 instead of the default "normal password" which is what most providers use (Google doesn't allow non-OAuth2 logins). To make this work with the manual configuration wizard in TorBirdy, the authorization step takes place when the user checks the account for the first time, and is not done automatically. We can probably improve this but it's better to wait for the patches that secure the automatic configuration wizard to be merged upstream. See bugzilla 669238. --- chrome/content/emailwizard.js | 16 ++++++++++++++++ components/torbirdy.js | 4 ++-- 2 files changed, 18 insertions(+), 2 deletions(-)
diff --git a/chrome/content/emailwizard.js b/chrome/content/emailwizard.js index 0223e7a..d38828e 100644 --- a/chrome/content/emailwizard.js +++ b/chrome/content/emailwizard.js @@ -13,6 +13,7 @@ if(!org.torbirdy.emailwizard) org.torbirdy.emailwizard = new function() {
fixupTorbirdySettingsOnNewAccount = function(account) { var idkey = account.defaultIdentity.key; + var outgoing = account.defaultIdentity.smtpServerKey; var serverkey = account.incomingServer.key; var protocol = account.incomingServer.type;
@@ -21,6 +22,12 @@ if(!org.torbirdy.emailwizard) org.torbirdy.emailwizard = new function() { ['mail.server.%serverkey%.login_at_startup', false] ];
+ // 10 specifies OAuth2 as the authentication method (used for Gmail). + if (pub.isGmail) { + pref_spec.push(['mail.smtpserver.%outgoing%.authMethod', 10]); + pref_spec.push(['mail.server.%serverkey%.authMethod', 10]); + } + // Make sure that drafts are saved to Local Folders if it is an IMAP account. if (protocol === "imap") { pref_spec.push(['mail.identity.%idkey%.draft_folder', @@ -35,6 +42,7 @@ if(!org.torbirdy.emailwizard) org.torbirdy.emailwizard = new function() { for each (var [pref_template, value] in pref_spec) { var pref = pref_template.replace("%idkey%", idkey); pref = pref.replace("%serverkey%", serverkey); + pref = pref.replace("%outgoing%", outgoing); Preferences.set(pref, value); } } @@ -78,9 +86,17 @@ if(!org.torbirdy.emailwizard) org.torbirdy.emailwizard = new function() { config.outgoing.socketType = 2;
// Set the authentication to 'Normal' (connection is already encrypted). + // This is true for all providers except Gmail, which uses OAuth2. config.incoming.auth = 3; config.outgoing.auth = 3;
+ // We will deal with Gmail later because it makes it easier to handle + // OAuth2 with the manual configuration. + let emailDomain = email.split("@")[1]; + if (emailDomain === "gmail.com") { + pub.isGmail = true; + } + // Default the outgoing SMTP port. config.outgoing.port = 465;
diff --git a/components/torbirdy.js b/components/torbirdy.js index 276c745..4f83513 100644 --- a/components/torbirdy.js +++ b/components/torbirdy.js @@ -85,8 +85,8 @@ const TorBirdyPrefs = { // We don't want user's of Thunderbird to even come close to such a bypass // issue and so we have disabled websockets out of an abundance of caution. "network.websocket.enabled": false, - // No cookies are allowed. - "network.cookie.cookieBehavior": 2, + // Cookies are allowed, but not third-party cookies. For Gmail and Twitter. + "network.cookie.cookieBehavior": 1, // Disable link prefetching. "network.prefetch-next": false,
tor-commits@lists.torproject.org