From bb2fddc1eb0ed843cc1e039e1f4ed4e723bce26a2837ec0f9511ae7e25286b7b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B8rn=20Lie?= <zaitor@opensuse.org>
Date: Thu, 28 Aug 2014 08:55:41 +0000
Subject: [PATCH] Accepting request 246685 from GNOME:Next

Add 0001-Bug-735311-Adapt-to-new-Google-HTTP-restriction.patch:
  adapt to Google Calendar new HTTP restriction (bnc#893775,
  bgo#735311).

OBS-URL: https://build.opensuse.org/request/show/246685
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/evolution-data-server?expand=0&rev=197
---
 ...Adapt-to-new-Google-HTTP-restriction.patch | 187 ++++++++++++++++++
 evolution-data-server.changes                 |   7 +
 evolution-data-server.spec                    |   3 +
 3 files changed, 197 insertions(+)
 create mode 100644 0001-Bug-735311-Adapt-to-new-Google-HTTP-restriction.patch

diff --git a/0001-Bug-735311-Adapt-to-new-Google-HTTP-restriction.patch b/0001-Bug-735311-Adapt-to-new-Google-HTTP-restriction.patch
new file mode 100644
index 0000000..19eec97
--- /dev/null
+++ b/0001-Bug-735311-Adapt-to-new-Google-HTTP-restriction.patch
@@ -0,0 +1,187 @@
+From 5e9d80092b19f9bd2c02712ab0a50fa70b052c74 Mon Sep 17 00:00:00 2001
+From: Matthew Barnes <mbarnes@redhat.com>
+Date: Mon, 25 Aug 2014 11:01:20 -0400
+Subject: Bug 735311 - Adapt to new Google HTTP restriction
+
+Google has recently imposed a limit on the number of unauthorized HTTP
+requests to its OAuth2-based interfaces.
+
+The normal operation of SoupSession is to issue the first HTTP request
+unauthorized and see if the server issues a "401 Unauthorized" response
+(since not all HTTP services require authorization).
+
+On a "401 Unauthorized" response, SoupSession emits an "authenticate"
+signal, which the application is supposed to handle.  Once credentials
+are in hand, SoupSession resends the same HTTP request and subsequent
+requests with an Authenticate header while the socket connection holds.
+
+Google's unauthorized request limit breaks this logic flow.  Once the
+limit is exceeded, the Google server issues a "403 Forbidden" response
+instead of "401 Unauthorized" to an unauthorized HTTP request.  This
+breaks error handling in the E-D-S CalDAV backend.
+
+The workaround is to preload the SoupAuthManager with a pre-configured
+SoupAuth when using OAuth 2.0 authentication.  This avoids the initial
+unauthorized HTTP round-trip.
+
+The backend implements the GInitable interface for this since obtaining
+a valid access token is a failable step.
+
+(cherry picked from commit 00a465670ef3d8adbaf011b3e697ba5befb00623)
+
+diff --git a/calendar/backends/caldav/e-cal-backend-caldav.c b/calendar/backends/caldav/e-cal-backend-caldav.c
+index f189126..686020e 100644
+--- a/calendar/backends/caldav/e-cal-backend-caldav.c
++++ b/calendar/backends/caldav/e-cal-backend-caldav.c
+@@ -133,6 +133,8 @@ struct _ECalBackendCalDAVPrivate {
+ };
+ 
+ /* Forward Declarations */
++static void	e_caldav_backend_initable_init
++				(GInitableIface *interface);
+ static void	caldav_source_authenticator_init
+ 				(ESourceAuthenticatorInterface *iface);
+ 
+@@ -141,6 +143,9 @@ G_DEFINE_TYPE_WITH_CODE (
+ 	e_cal_backend_caldav,
+ 	E_TYPE_CAL_BACKEND_SYNC,
+ 	G_IMPLEMENT_INTERFACE (
++		G_TYPE_INITABLE,
++		e_caldav_backend_initable_init)
++	G_IMPLEMENT_INTERFACE (
+ 		E_TYPE_SOURCE_AUTHENTICATOR,
+ 		caldav_source_authenticator_init))
+ 
+@@ -5238,11 +5243,83 @@ e_cal_backend_caldav_finalize (GObject *object)
+ 	G_OBJECT_CLASS (parent_class)->finalize (object);
+ }
+ 
+-static void
+-e_cal_backend_caldav_init (ECalBackendCalDAV *cbdav)
++static gboolean
++caldav_backend_initable_init (GInitable *initable,
++                              GCancellable *cancellable,
++                              GError **error)
+ {
++	ECalBackendCalDAVPrivate *priv;
+ 	SoupSessionFeature *feature;
++	ESource *source;
++	const gchar *extension_name;
++	gchar *auth_method = NULL;
++	gboolean success = TRUE;
++
++	priv = E_CAL_BACKEND_CALDAV_GET_PRIVATE (initable);
++
++	feature = soup_session_get_feature (
++		priv->session, SOUP_TYPE_AUTH_MANAGER);
++
++	/* Add the "Bearer" auth type to support OAuth 2.0. */
++	soup_session_feature_add_feature (feature, E_TYPE_SOUP_AUTH_BEARER);
++	g_mutex_init (&priv->bearer_auth_error_lock);
++
++	/* Preload the SoupAuthManager with a valid "Bearer" token
++	 * when using OAuth 2.0.  This avoids an extra unauthorized
++	 * HTTP round-trip, which apparently Google doesn't like. */
++
++	source = e_backend_get_source (E_BACKEND (initable));
++
++	extension_name = E_SOURCE_EXTENSION_AUTHENTICATION;
++	if (e_source_has_extension (source, extension_name)) {
++		ESourceAuthentication *extension;
++
++		extension = e_source_get_extension (source, extension_name);
++		auth_method = e_source_authentication_dup_method (extension);
++	}
++
++	if (g_strcmp0 (auth_method, "OAuth2") == 0) {
++		ESourceWebdav *extension;
++		SoupAuth *soup_auth;
++		SoupURI *soup_uri;
++		gchar *access_token = NULL;
++		gint expires_in_seconds = -1;
++
++		extension_name = E_SOURCE_EXTENSION_WEBDAV_BACKEND;
++		extension = e_source_get_extension (source, extension_name);
++		soup_uri = e_source_webdav_dup_soup_uri (extension);
+ 
++		soup_auth = g_object_new (
++			E_TYPE_SOUP_AUTH_BEARER,
++			SOUP_AUTH_HOST, soup_uri->host, NULL);
++
++		success = e_source_get_oauth2_access_token_sync (
++			source, cancellable, &access_token,
++			&expires_in_seconds, error);
++
++		if (success) {
++			e_soup_auth_bearer_set_access_token (
++				E_SOUP_AUTH_BEARER (soup_auth),
++				access_token, expires_in_seconds);
++
++			soup_auth_manager_use_auth (
++				SOUP_AUTH_MANAGER (feature),
++				soup_uri, soup_auth);
++		}
++
++		g_free (access_token);
++		g_object_unref (soup_auth);
++		soup_uri_free (soup_uri);
++	}
++
++	g_free (auth_method);
++
++	return success;
++}
++
++static void
++e_cal_backend_caldav_init (ECalBackendCalDAV *cbdav)
++{
+ 	cbdav->priv = E_CAL_BACKEND_CALDAV_GET_PRIVATE (cbdav);
+ 	cbdav->priv->session = soup_session_sync_new ();
+ 	g_object_set (
+@@ -5257,17 +5334,6 @@ e_cal_backend_caldav_init (ECalBackendCalDAV *cbdav)
+ 		cbdav->priv->session, "proxy-resolver",
+ 		G_BINDING_SYNC_CREATE);
+ 
+-	/* XXX SoupAuthManager is public API as of libsoup 2.42, but
+-	 *     this isn't worth bumping our libsoup requirement over.
+-	 *     So get the SoupAuthManager GType by its type name. */
+-	feature = soup_session_get_feature (
+-		cbdav->priv->session,
+-		g_type_from_name ("SoupAuthManager"));
+-
+-	/* Add the "Bearer" auth type to support OAuth 2.0. */
+-	soup_session_feature_add_feature (feature, E_TYPE_SOUP_AUTH_BEARER);
+-	g_mutex_init (&cbdav->priv->bearer_auth_error_lock);
+-
+ 	if (G_UNLIKELY (caldav_debug_show (DEBUG_MESSAGE)))
+ 		caldav_debug_setup (cbdav->priv->session);
+ 
+@@ -5337,3 +5403,10 @@ e_cal_backend_caldav_class_init (ECalBackendCalDAVClass *class)
+ 
+ 	backend_class->start_view = caldav_start_view;
+ }
++
++static void
++e_caldav_backend_initable_init (GInitableIface *interface)
++{
++	interface->init = caldav_backend_initable_init;
++}
++
+diff --git a/libedataserver/e-source-webdav.c b/libedataserver/e-source-webdav.c
+index eda83d5..9ddbbc0 100644
+--- a/libedataserver/e-source-webdav.c
++++ b/libedataserver/e-source-webdav.c
+@@ -244,7 +244,9 @@ source_webdav_update_soup_uri_from_properties (ESourceWebdav *webdav_extension)
+ 
+ 	soup_uri_set_user (soup_uri, user);
+ 	soup_uri_set_host (soup_uri, host);
+-	soup_uri_set_port (soup_uri, port);
++
++	if (port > 0)
++		soup_uri_set_port (soup_uri, port);
+ 
+ 	/* SoupURI doesn't like NULL paths. */
+ 	soup_uri_set_path (soup_uri, (path != NULL) ? path : "");
+-- 
+cgit v0.10.1
+
diff --git a/evolution-data-server.changes b/evolution-data-server.changes
index 3ab77f6..24c3be5 100644
--- a/evolution-data-server.changes
+++ b/evolution-data-server.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Wed Aug 27 12:17:03 UTC 2014 - fcrozat@suse.com
+
+- Add 0001-Bug-735311-Adapt-to-new-Google-HTTP-restriction.patch:
+  adapt to Google Calendar new HTTP restriction (bnc#893775,
+  bgo#735311).
+
 -------------------------------------------------------------------
 Mon Aug 11 08:48:04 UTC 2014 - zaitor@opensuse.org
 
diff --git a/evolution-data-server.spec b/evolution-data-server.spec
index d51a2e1..69458ac 100644
--- a/evolution-data-server.spec
+++ b/evolution-data-server.spec
@@ -40,6 +40,8 @@ Group:          Development/Libraries/GNOME
 Url:            http://www.gnome.org
 Source0:        http://download.gnome.org/sources/evolution-data-server/3.12/%{name}-%{version}.tar.xz
 Source99:       baselibs.conf
+# PATCH-FIX-UPSTREAM 0001-Bug-735311-Adapt-to-new-Google-HTTP-restriction.patch bnc#893775 bgo#735311 fcrozat@suse.com -- Adapt to new Google HTTP restriction
+Patch0:         0001-Bug-735311-Adapt-to-new-Google-HTTP-restriction.patch
 BuildRequires:  db-devel
 %if %USE_EVOLDAP
 BuildRequires:  evoldap2-devel
@@ -255,6 +257,7 @@ This package contains developer documentation.
 %prep
 %setup -q
 translation-update-upstream
+%patch0 -p1
 
 %build
 %{configure} \