NOISSUE Provide dummy implementation for the secrets library

7 files changed, 69 insertions, 13 deletions

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 84c4a180..9356f326 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -289,7 +289,10 @@ add_subdirectory(buildconfig)
 
 if(MultiMC_EMBED_SECRETS)
     add_subdirectory(secrets)
+else()
+    add_subdirectory(notsecrets)
 endif()
 
+
 # NOTE: this must always be last to appease the CMake deity of quirky install command evaluation order.
 add_subdirectory(launcher)
diff --git a/launcher/CMakeLists.txt b/launcher/CMakeLists.txt
index 7241b89d..c29ee3e1 100644
--- a/launcher/CMakeLists.txt
+++ b/launcher/CMakeLists.txt
@@ -949,9 +949,7 @@ install(TARGETS MultiMC
     RUNTIME DESTINATION ${BINARY_DEST_DIR} COMPONENT Runtime
 )
 
-if(MultiMC_EMBED_SECRETS)
-    target_link_libraries(MultiMC_logic secrets)
-endif()
+target_link_libraries(MultiMC_logic secrets)
 
 #### The MultiMC bundle mess! ####
 # Bundle utilities are used to complete the portable packages - they add all the libraries that would otherwise be missing on the target system.
diff --git a/launcher/minecraft/auth/flows/AuthContext.cpp b/launcher/minecraft/auth/flows/AuthContext.cpp
index 776f45fe..b4db6c2d 100644
--- a/launcher/minecraft/auth/flows/AuthContext.cpp
+++ b/launcher/minecraft/auth/flows/AuthContext.cpp
@@ -18,9 +18,7 @@
 #include "katabasis/Globals.h"
 #include "AuthRequest.h"
 
-#ifdef EMBED_SECRETS
 #include "Secrets.h"
-#endif
 
 #include "Env.h"
 
@@ -53,13 +51,18 @@ void AuthContext::finishActivity() {
 }
 
 void AuthContext::initMSA() {
-#ifdef EMBED_SECRETS
     if(m_oauth2) {
         return;
     }
+
+    auto clientId = Secrets::getMSAClientID('-');
+    if(clientId.isEmpty()) {
+        return;
+    }
+
     Katabasis::OAuth2::Options opts;
     opts.scope = "XboxLive.signin offline_access";
-    opts.clientIdentifier = Secrets::getMSAClientID('-');
+    opts.clientIdentifier = clientId;
     opts.authorizationUrl = "https://login.microsoftonline.com/consumers/oauth2/v2.0/devicecode";
     opts.accessTokenUrl = "https://login.microsoftonline.com/consumers/oauth2/v2.0/token";
     opts.listenerPorts = {28562, 28563, 28564, 28565, 28566};
@@ -71,7 +74,6 @@ void AuthContext::initMSA() {
     connect(m_oauth2, &OAuth2::linkingSucceeded, this, &AuthContext::onOAuthLinkingSucceeded);
     connect(m_oauth2, &OAuth2::showVerificationUriAndCode, this, &AuthContext::showVerificationUriAndCode);
     connect(m_oauth2, &OAuth2::activityChanged, this, &AuthContext::onOAuthActivityChanged);
-#endif
 }
 
 void AuthContext::initMojang() {
diff --git a/launcher/pages/global/AccountListPage.cpp b/launcher/pages/global/AccountListPage.cpp
index 6bb07b22..f52fa834 100644
--- a/launcher/pages/global/AccountListPage.cpp
+++ b/launcher/pages/global/AccountListPage.cpp
@@ -37,6 +37,8 @@
 #include "BuildConfig.h"
 #include <dialogs/MSALoginDialog.h>
 
+#include "Secrets.h"
+
 AccountListPage::AccountListPage(QWidget *parent)
     : QMainWindow(parent), ui(new Ui::AccountListPage)
 {
@@ -70,11 +72,8 @@ AccountListPage::AccountListPage(QWidget *parent)
 
     updateButtonStates();
 
-    // Xbox authentication won't work without a client identifier, so disable the button
-    // if the build didn't specify one (GH-4012)
-#ifndef EMBED_SECRETS
-    ui->actionAddMicrosoft->setVisible(false);
-#endif
+    // Xbox authentication won't work without a client identifier, so disable the button if it is missing
+    ui->actionAddMicrosoft->setVisible(Secrets::hasMSAClientID());
 }
 
 AccountListPage::~AccountListPage()
diff --git a/notsecrets/CMakeLists.txt b/notsecrets/CMakeLists.txt
new file mode 100644
index 00000000..f27aeb70
--- /dev/null
+++ b/notsecrets/CMakeLists.txt
@@ -0,0 +1,4 @@
+add_library(secrets STATIC Secrets.cpp Secrets.h)
+target_link_libraries(secrets Qt5::Core)
+target_compile_definitions(secrets PUBLIC -DEMBED_SECRETS)
+target_include_directories(secrets PUBLIC .)
diff --git a/notsecrets/Secrets.cpp b/notsecrets/Secrets.cpp
new file mode 100644
index 00000000..88995635
--- /dev/null
+++ b/notsecrets/Secrets.cpp
@@ -0,0 +1,42 @@
+#include "Secrets.h"
+
+#include <array>
+#include <cstdio>
+
+namespace {
+
+/*
+ * This is the MSA client ID. It is confidential and should not be reused.
+ * You can obtain one for yourself by using azure app registration:
+ * https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app
+ *
+ * The app registration should:
+ * - Be only for personal accounts.
+ * - Not have any redirect URI.
+ * - Not have any platform.
+ * - Have no credentials.
+ * - No certificates.
+ * - No client secrets.
+ * - Enable 'Live SDK support' for access to XBox APIs.
+ * - Enable 'public client flows' for OAuth2 device flow.
+ *
+ * By putting one in here, you accept the terms and conditions for using the MS Identity Plaform and assume all responsibilities associated with it.
+ * See: https://docs.microsoft.com/en-us/legal/microsoft-identity-platform/terms-of-use
+ *
+ * Above all else, do not impersonate other applications! This includes the Mojang Launcher and MultiMC - your builds are *NOT* MultiMC.
+ *
+ * If you intend to base your own launcher on this code, take care and customize this to obfuscate the client ID, so it cannot be trivially found by casual attackers.
+ */
+
+QString MSAClientID = "";
+}
+
+namespace Secrets {
+bool hasMSAClientID() {
+    return !MSAClientID.isEmpty();
+}
+
+QString getMSAClientID(uint8_t separator) {
+    return MSAClientID;
+}
+}
diff --git a/notsecrets/Secrets.h b/notsecrets/Secrets.h
new file mode 100644
index 00000000..6872b68e
--- /dev/null
+++ b/notsecrets/Secrets.h
@@ -0,0 +1,8 @@
+#pragma once
+#include <QString>
+#include <cstdint>
+
+namespace Secrets {
+bool hasMSAClientID();
+QString getMSAClientID(uint8_t separator);
+}