letsfindaway
commented
3 months ago I have not tested, but I'm quite sure that the YouTube upload does not work in the current version of OpenBoard: https://github.com/OpenBoard-org/OpenBoard/blob/753eadad57b92ce510b80f07775f20818d5f3201/src/podcast/youtube/UBYouTubePublisher.cpp#L107 This URL which is used for login produces a 404 error. In the end this means that the complete YouTube upload cannot work.
Later the video is uploaded to the following URL: https://github.com/OpenBoard-org/OpenBoard/blob/753eadad57b92ce510b80f07775f20818d5f3201/src/podcast/youtube/UBYouTubePublisher.cpp#L198 Here not even the server exists.
So the question is finally whether we should remove YouTube upload support completely - or fix it. I would vote for removal, as apparently nobody missed it.
Vekhir
OpenBoard saves the credentials for proxy connections and for uploading to YouTube. Since those need to be forwarded, they cannot be hashed, instead they are encrypted. This encryption is out of date and insecure. The code has been imported from Open-Sankoré, i.e. it's over 13 years old. In the meantime, password managers have become widespread and easy-to-use, while being much more secure and better audited than the solution within OpenBoard. As such, they are better suited for storing the passwords, while OpenBoard will only ask and forward them without persistently storing them.
The proxy credentials need to be accessible from the
UBNetworkAccessManager, so they are saved in a setting which is cleared at shutdown, i.e. no persistent storage. The YouTube credentials are immediately forwarded, while the email can optionally be stored. The password is never saved.In combination with #1019, this allows to get rid of the explicit OpenSSL dependency - it is of course still required implicitly via Qt.
Tested on Arch Linux with the community build and Qt6. While I have made sure that
qmakeshould work too, I unfortunately cannot test that. I don't expect any differences with Qt5.Questions and suggestions are welcome.
Closes #1021