From This Day - blog

QOAuth 1.0.1 - needs love on Windows

2010-08-01T14:37:00Z

Hey there, QOAuth 1.0.1 is out. Here’s the changelog:

new API (refer to the API docs for more info):
- QOAuth::Interface::networkAccessManager()
- QOAuth::Interface::setNetworkAccessManager()
- QOAuth::Interface::ignoreSslErrors()
- QOAuth::Interface::setIgnoreSslErrors()
added missing export statements to some global functions,
Percent encode consumer secret and token secret for the Signature Base String signing key [#8],
Parse for request content when sending POST [#10],
API docs and examples fixes [#9],
temporarily removed QOAuth::DELETE from QOAuth::HttpMethod enum on Windows [#4],
buildsystem fixes – install under /usr/lib64 on 64-bit Unix-like systems and fix headers installation path in oauth.prf.

There is a room for future improvements, but I’m in terrible lack of free time (or time that I can spend on developing QOAuth), so I can’t promise anything at the moment. If there’s anyone that can help me with QOAuth, I’d be extremely happy to share the work.

Also, I’m not going to maintain QOAuth on Windows anymore. Sorry for that, but I have no Windows box and having to care about Windows stuff with no Windows machine around makes my life even more miserable… Again, I’d greatly appreciate a Windows maintainer for QOAuth. If you happen to use the library on Windows, and you find it more or less useful, please consider contacting me (d at ayoy dot net) regarding handling QOAuth releases for Windows.

Thanks a lot :)

qTwitter 0.10.0: no idea

2009-11-02T21:57:00Z

Don’t know what to write here, let’s be brief and concrete this time. qTwitter 0.10.0 is out. It brings some new handy functionalities, like:

mentions timeline (no shit! should be there half a year ago :P) that is merged together with the friends timeline,
automatic tagging thingy – it converts your selected words into #hashtags and it’s smart enough not to touch URLs and StatusNet !groups,
improved URL shortening – now shortening all the urls in a status at one go, plus comes with a customizable shortcut,
notifications fixed to notify about new statuses AND NOT unread ones,
fixes in parsing URLs in statuses (kudos to Stephan Beyer).

Plus some code clean-ups, build system fixes, and so on. I provided some initial plugin interface, but I don’t really want to talk about it in public yet, as it’s immature, not ready and you won’t do too much with it at the moment ;) but it allowed me to write two extensions already, and they seem to be working fine so far.

So, qTwitter is here. Precisely, here. Happy twitting!

BTW. qTwitter 0.9.2 and QOAuth 1.0 stable in Gentoo Portage since a while ago :)

qTwitter 0.9.2 (via 0.9.1): let's go stealth

2009-10-01T20:49:00Z

Few weeks ago I was about to start working on qTwitter 1.0-like but then I got a bit busy with life and I ended up bugfixing 0.9.0 release. And that was even better idea. I received some complaints (still not too much – this surprised me a bit) about qTwitter crashing after an update. That’s because I wanted very much to provide seamless config file conversion between versions. In theory it should work, but there were a few gotchas, causing a real mess from time to time.

Starting from 0.9.1, all the accounts settings from

Then I thought about some small but nice improvements here and there. And in addition I received several requests for providing more flexibility to various features. All in all, starting from 0.9.1 you get:

configurable tray icon visibility (always vs. when minimized),
configurable close button behavior (hiding vs. closing),
dock icon in OS X—comes together with the unnecessary menu bar, but still it’s better to have qTwitter available under ⌘+Tab,
in KDE 4.3 notifications displayed using Plasma visual notifications engine,
on X11-compatible platforms only one instance of the application can be created,
Norwegian translation (by Egil Hanger, the guy that also suggested some changes – thanks!).

And in 0.9.2, which came exactly the next day after 0.9.1:

all connections to Twitter and Identi.ca use SSL encryption,
Norwegian translation is complete (I failed on updating the file for 0.9.1),
when you remove all Identi.ca accounts, the Identi.ca URL doesn’t disappear making Identi.ca unusable.

And one important thing: the support for basic authentication for Twitter was discontinued in qTwitter 0.9.1. Now it relies on OAuth (and QOAuth) and I hope I’m not making a mistake. OAuth is here from July, it seems to be working fine now, there were no complaints about it and I’m quite happy with it. Let’s hope things don’t get broken now :)

Download qTwitter 0.9.2 qt-apps.org if you didn’t do it yet, or get the source from github. Enjoy!

!qtwitter at Identi.ca

2009-09-13T10:57:00Z

Okay, I guess the time to benefit from the whole Identi.ca’s goodness has come also for me. I created a group for qTwitter users, info, news and anouncements. Also wishes, complaints, and whatever you like. So join !qtwitter now and be the first to receive updates on your social networking client :)

qTwitter 0.9.0: all hail StatusNet

2009-09-11T17:51:00Z

New qTwitter is here. This time it was (again) about rewriting some significant part of code, all of this in order to give support for StatusNet (former laconica) based services other than Identi.ca. So now every TwitArmy, BrainBird, Mozillaca and what not is working with qTwitter, with the functionality dependent on version of StatusNet software they use (it’s not always the newest one like in Identi.ca).

The changelog for 0.9.0 release is as follows:

left/right arrow key goes to next/prev unread status (by Stephan Beyer),
status author’s display mode made customizable (name, nick or name+nick),
added parsing StatusNet groups (!sth),
fixed unwanted ‘new statuses’ on the bottom of the list (#63),
applied system palette to status edit field (#61),
added (awesome!) Czech translation (by DragonJake – #62),
added b.oooom.net URL shortening (by dubkat – #57),
improved storing data between sessions,
improvements in Twitter API library,
numerous minor UI, performance, architectural and build system fixes.

Also, the automatic check for updates module seems to display the above changelog for 0.8.3 users, and encourage them to visit qt-apps.org to get the new version. Enjoy! :)

qTwitter 0.8.3: for saving resources

2009-08-09T10:26:00Z

Just a note here, since QOAuth was updated to 1.0 and its API changed almost completely, there was a need to change how it’s used inside qTwitter. By the way I fixed an issue with sysmacros.h (#56) that might have occurred on some configurations, and also fixed the statuses updating when closing settings dialog. Settings dialog now triggers lists refresh only when the accounts were changed. It worked some versions ago, but then stopped with changes I’ve been applying over time, and I was reluctant (namely, too lazy :P) to fix it.

I’d really like it to be the last release before 0.9, so that I could now concentrate on messing with the code to extend functionality, and not having to constantly update qTwitter in order to follow changes in Twitter’s OAuth authorization (like it was for 0.8.1 and 0.8.2). qTwitter 0.8.3 is here and, as I said, requires QOAuth 1.0 from here. Hopefully my packages work :P

QOAuth 1.0 released

2009-08-09T09:36:00Z

Lastly I improved some things in the QOAuth library, also did small code refactoring and provided new functionality. All in all, I’m pretty much able to call the new version 1.0 and say that it’s mostly feature complete. Here’s exactly what I did:

Added support for RSA-SHA1 signing algorithm, also working with passphrase-protected private RSA keys. Passphrase is passed as a QCA::SecureArray, so it won’t be cached on disk or left in memory after quitting the application.
Added initial support for PLAINTEXT authorization. It seems to be working, however it may fail with untrusted SSL connections. I didn’t find a service that takes PLAINTEXT into use, only tested it with a test server which communicates over HTTP (unencrypted). But still, if anybody uses PLAINTEXT authorization and provides untrusted server to handle it, it kinda sucks…
inlineParameters() extended by the parameter specifying parsing method – now it’s usable for both GET and POST requests,
Introduced the QOAuth namespace, with QOAuth::Interface class holding the core functionality.

The detailed documentation (together with simple usage examples) resides here. The library was tested with a test server at http://term.ie/oauth/example and appears to be working. The test set is distributed alongside the library. I also use QOAuth for communication with Twitter API in qTwitter and find HMAC-SHA1 signing working properly.

The source code repository for QOAuth is hosted on GitHub. The framework for MacOS X as well as packages for several Linux distros are available from qt-apps.org. Gentoo users do emerge qoauth :)

qTwitter 0.8.2: Twitter's OAuth improving constantly

2009-07-31T10:45:00Z

Just a small note here – Twitter guys are messing around their OAuth authorization flow and they improved something that broke the current qTwitter. The problem was (and, well, remained) quite mysterious, because URLs produced by qTwitter to access user’s data worked e.g. with curl and didn’t work with qTwitter itself. This was solved by switching to another authorization method from provided by OAuth.

By the way, the Identi.ca support was enhanced by the ability to disfavor statuses. This was recently introduced in laconi.ca. Also the annoying bug with recognizing status as URL link in some situations was fixed.

qTwitter 0.8.2 is available from qt-apps.org :)

qTwitter 0.8.1: unconstraining stuff

2009-07-16T06:00:00Z

From what I see and hear, the OAuth support seems to be working fine in qTwitter. But then the day has come when Twitter changed their OAuth PIN length – that one entered in application to confirm its authorization for the account. Since I was pretty sure that this is not likely to change (at least not without a notice), I put tight restrictions on the input field for the PIN number in qTwitter 0.8.0. And now, when the PIN is 7, and not 6 digits long, there’s actually no way to authorize the application. To follow Twitter’s changes, I allowed putting more than 6 digits to the PIN input field. Grab your own qTwitter 0.8.1 from the place.

qTwitter 0.8.0: powered by OAuth

2009-07-13T19:00:00Z

Here comes the new, fresh qTwitter! As Twitter is slowly switching from basic authorization scheme towards OAuth, the client applications should follow the change. The support for OAuth was the main milestone for qTwitter 0.8.0, and here it goes. It’s basing on the QOAuth library, which uses QCA and stuff and introduces, uh, dependencies, but in the same time it ensures far higher security for Twitter accounts.

What does it mean for the user? You’re not going to be asked to give your Twitter password inside qTwitter. Moreover, qTwitter won’t ever know your password and store it anywhere. Instead it will be given a unique token, which combined with it’s own token issued by Twitter (and with some other info like the current time and a totally random text string) will be used to request your account’s data from Twitter. How will qTwitter get the key? It will open a browser with a special Twitter login page, where you would be able to authorize it to access your data. Cutey, isn’t it?

Apart from this big thing, other smaller features have been added. This time I put some effort into finishing what was started some time ago and abandoned for some unknown reason (was it my laziness? hm…). Anyway, here’s what comes with the new qTwitter:

automatic (or not – it’s fully confgurable) checking for available updates,
storing statuses lists together with their read/unread states between sessions,
improved look and feel, meant by revisiting themes, colors, sizes, layouts, fonts, ...

The public timeline support was dropped, because it “was decided” that it’s not the most wanted feature on Earth. And since it was making some additional mess inside the code, I was just purely happy to remove it. Thanks :)

As for new contributions, this time Thúlio Costa came up with support for migre.me URL shortening service, and Faster provided Italian translation. Thanks a lot guys!

qTwitter 0.8.0 is available from qt-apps.org (no shit, Sherlock…), but hah! It’s not so trivial this time. As I mentioned, OAuth support, although done by me, is an external package, and both Debian/Ubuntu and Fedora will ask for libqoauth before allowing you to install qtwitter. Then the QOAuth library is available from… qt-apps.org. Thank you qt-apps.org, you rock!

I tried to do my best at packaging and it seems to be working, but don’t hesitate to contact me in case of any troubles.

And finally, note that the OAuth authorization is now a preferred scheme for qTwitter, although for those of you that insist on using basic authorization (or not pulling in more dependencies than Qt itself, or whatever) a possibility of compiling qTwitter without OAuth support is given. To do this, get the sources (e.g. from the above-mentioned Qt applications portal or GitHub), and comment out a define in qtwitter.pri:

1	DEFINES += OAUTH #comment out to disable OAuth

That’s it. Enjoy qTwitter!

Bringing easy OAuth to Qt

2009-06-24T05:00:00Z

Lastly I spent some time looking for a decent OAuth support for C++. I found that the only available libary (which is actually a pure C code), surely does what I expect, but provides pretty complicated API making it inconvenient to use. And I’m kind of a lazy guy (oh who’s not :-) ) and I’m getting scared with just thinking of writing tens of lines of code to complete just a single OAuth request. Plus, instead of endlessly converting from QString and QByteArray to char* I’d prefer to have some friendly, Qt-compatible way to deal with the whole OAuth thing. That’s how the idea of QOAuth came up.

What is QOAuth?

QOAuth is an attempt to support interaction with OAuth-powered network services in a Qt way, i.e. simply, clearly and efficiently. It gives the application developer no more than 4 methods, namely:

requestToken() – to obtain an unauthorized Request Token,
accessToken() – to exchange Request Token for the Access Token,
createParametersString() – to construct a request according to OAuth authorization scheme.
inlineParameters() – provided for convenience, to create a query string from given parameters.

First two methods serve application authorization purposes, whilst the other two are used for accessing Protected Resources (all funny names by OAuth Core 1.0 Specification – but don’t go there if you’re not familiar with OAuth, you better start here).

QOAuth internally makes use of QCA (Qt Cryptographic Architecture), thus depends on it. It’s also known to send and process network requests, so apart from QtCore it will need QtNetwork module to work.

OAuth authorization with QOAuth

As I mentioned, the point in QOAuth is to be user-friendly, yet powerful. See the code example of obtaining a Request Token form the Service Provider:

QByteArray token;
QByteArray tokenSecret;

QOAuth qoauth = new QOAuth;
// set the consumer key and secret
qoauth->setConsumerKey( "75b3d557c9268c49cfdf041a" );
qoauth->setConsumerSecret( "fd12803fbf0760d34cd2ceb9955199ce" );
// set a timeout for requests (in msecs)
qoauth->setRequestTimeout( 10000 );

// send a request for an unauthorized token
QOAuth::ParamMap reply =
    qoauth->requestToken( "http://example.com/request_token",
                          QOAuth::GET, QOAuth::HMAC_SHA1 );

// if no error occurred, read the received token and token secret
if ( qoauth->error() == QOAuth::NoError ) {
  token = reply.value( QOAuth::ParamToken );
  tokenSecret = reply.value( QOAuth::ParamTokenSecret );
}

The QOAuth::ParamMap is a typedef for QMultiMap<QByteArray,QByteArray>. Everything else should be clear. Similarly, one can request the Access Token (after the previous authorization of the Request Token by User):

// if necessary, create a map of additional arguments required by the Service Provider
QOAuth::ParamMap otherArgs;
otherArgs.insert( "misc_arg1", "value1" );
otherArgs.insert( "misc_arg2", "value2" );

// send a request to exchange Request Token for an Access Token
QOAuth::ParamMap reply =
    qoauth->accessToken( "http://example.com/access_token", QOAuth::POST, token,
                         tokenSecret, QOAuth::HMAC_SHA1, otherArgs );

// if no error occurred, read the Access Token (and other arguments, if applicable)
if ( qoauth->error() == QOAuth::NoError ) {
  token = reply.value( QOAuth::ParamToken );
  tokenSecret = reply.value( QOAuth::ParamTokenSecret );
  otherInfo = reply.value( "misc_arg3" );
}

This step ends the OAuth authorization procedure, providing User’s authorized Access Token to be used when requesting further data from server.

Creating OAuth requests

Once authorized, the client application is allowed to access User’s data, each time authenticating itself with User’s Access Token. However, each and every request still has to be signed and encrypted according to OAuth rules. The third method provided by QOAuth library does all the dirty work of signing and encrypting the so called Signature Base String. All you need to do is provide the request parameters. Let’s say that you ask for an image named flower_48.png, of the small size:

QByteArray url( "http://example.com/get_photo");
// create a request parameters map
QOAuth::ParamMap map;
map.insert( "file", "flower_48.jpg" );
map.insert( "size", "small" );

// construct the parameters string
QByteArray content =
    qoauth->createParametersString( requestUrl, QOAuth::GET, QOAuth::HMAC_SHA1,
                                    token, tokenSecret, map,
                                    QOAuth::ParseForInlineQuery );
// append parameters string to the URL
url.append( content );
QNetworkRequest request( QUrl( url ) );
// etc...

Just send this request, and receive the photo. Doesn’t seem too complicated, does it? If you like it, you may be interested in much more detailed documentation. Note that this is very preliminary version of the library, and so far it supports only HMAC-SHA1 encryption and may have some problems with GET requests containing percent-encoded data. But it copes well with POST requests, even those with non-ASCII data. After all, it’s mainly POST that is used for transferring wierd data :) Anyway, the work has started just a few days ago, and there’s still a looooot to do.

Where I can get it?

QOAuth’s code is hosted at GitHub. After qmake, make and make install, all you have to do to get QOAuth working, is to append one line to your project file:

CONFIG += oauth

and then include this header in your source:

#include <QtOAuth>

Some binaries will be available soon from qt-apps.org. All the bugs and issues can be reported at QOAuth’s Lighthouseapp bug tracking system.

qTwitter 0.7.1: The Twitapocalypse is outta here

2009-06-13T14:27:00Z

Ok, I must admit that I forgot about the whole thing, so called Twitapocalypse. According to what was predicted before and happened a few hours ago, qTwitter 0.7.0 is not updating timelines correctly. A small patch fixed this unwelcome behavior and it was instantly applied, making qTwitter 0.7.1. So please update your app to the newest version that deals with huge IDs of Twitter statuses. Get it, as you always do, from qt-apps.org. Apart from the fix, in 0.7.1 release you’ll get support for digg.com URL shortening service and some look and feel corrections concerning the user info popup dialogs. Happy tweeting :)

qTwitter 0.7.0: Hello, Identi.ca!

2009-06-09T16:25:00Z

The time has come (or I just couldn’t wait any more) to give out fresh new qTwitter app. After 1.5 months of sleepless nights (btw: curse you, Finnish summer :P) I’m happy to welcome Identi.ca onboard. Apart from support for getting updates from and posting new ones to Identi.ca, additional missing features were provided, such as:

favoring and disfavoring statuses,
sending, replying and deleting direct messages.
user info popups,
recognizing hashtags.

User interface was significantly improved — three context-sensitive icons now allow for quick performing the most common actions on tweets and messages. The accounts settings page was revisited, compacted and made usable. Of course still no one will know that Ctrl+J shortens links :P Oh, by the way — URL shortening support was extended by 3 additional services, including my favorite tiny➡s!

Speaking of “computers”, the newest release needed a huge amount of code to be reorganized to provide better user experience of switching between currently displayed accounts. This allowed also to avoid some very uncool memory leaks. Another significant, but smaller amount of code was added in order to get Identi.ca working — laconi.ca’s Twitter-compatible API is being used and the support is well integrated inside libtwitterapi in order for others to be able to make use of it.

And from here I must give giant thanks to everyone involved in development, i.e. wiorka and wijet, and Flavio which made an effort to give qTwitter a decent look and feel on Maemo platorm. Thanks goes also to all translators, especially to Márcio Moraes and Alvaro Ortiz for fresh new Portuguese and Spanish translations.

Get your own qTwitter now from usual places — qt-apps.org for packages, github.com for sources. Enjoy!

Deploying Qt-based frameworks made simple

2009-05-10T19:41:00Z

Last time when I was deploying a Qt application on MacOS X I spent several hours struggling with otool and install_name_tool to make my app see all the bundled Qt frameworks and plugins. Then I found out that there is a dedicated tool for it, called macdeployqt and, what is more, it’s nothing new. To be honest, it’s so well known that it is currently shipped together with Qt. Shame on me.

Great then, macdeployqt reduces the deployment work to one line in terminal, and time thereof to several seconds :) However, my application, apart from Qt frameworks uses other custom, self-made frameworks that depend on Qt. It seems that macdeployqt doesn’t support deploying frameworks, as it searches for application binary located in <bundle_name>/Contents/MacOS, which simply doesn’t exist in a framework bundle. So I created a simple script, called frameworkdeployqt.pl that does the dirty work of deploying frameworks written in Qt. The basic concept is:

you want to deploy a Qt application on MacOS X,
your application uses custom/self-made/third-party frameworks written in Qt,
all the frameworks are going to be located in <bundle_name>/Contents/Frameworks.

Then you deploy the application in two simple steps:

run macdeployqt to copy needed Qt frameworks to the application bundle and adjust its internal framework references,
run frameworkdeployqt.pl to make your custom frameworks use Qt frameworks bundled with your application. You’ll of course need perl, but it comes out of the box with MacOS X.

The script looks for non-Qt frameworks inside the bundle given as an argument (namely, it searches <bundle_name>/Contents/Frameworks for frameworks other than Qt*) and then replaces their references to Qt frameworks so that they point to the ones that macdeployqt have just copied to the bundle. For now it’s a bit dumb, i.e. it doesn’t check the existence of Qt frameworks, so if your custom framework uses other Qt modules than the application (or macdeployqt somehow failed to copy them), you’ll have to copy them manually to the bundle.

Other drawback is that you can’t create a dmg image directly using macdeployqt, but anyway, if you happen to need frameworkdeployqt.pl, that dmg would have been useless for you.

The script is available from GitHub. Enjoy!

net-im/qtwitter enters Gentoo Portage

2009-05-01T12:42:00Z

I’m incredibly proud to announce that as of April 30th, as stated here, qTwitter oficially becomes a part of the main Gentoo GNU/Linux Portage tree. So from now on, installing qTwitter in Gentoo is as simple as typing:

$ emerge qtwitter

For those who prefer to have the most fresh version, a live ebuild is still available in layman’s qting-edge overlay.

Huge thanks to Markos Chandras from Gentoo KDE team for testing qTwitter on Gentoo and committing it to the main Portage tree.