From 7fd7a1d3693e9ab0b023ae9d864793298d1da33c Mon Sep 17 00:00:00 2001
From: Patrick Ohly <patrick.ohly@intel.com>
Date: Fri, 13 Feb 2015 07:52:37 -0800
Subject: [PATCH 5/5] WebDAV: handle 403 during Google OAuth authentication

When sending an access token with insufficient scope (for example,
because the Ubuntu Online Accounts service definition was incomplete,
as documented in FDO #86824), Google responds with a 403 "service
denied" error.

Neon (arguably correctly) treats this as a permanent error and not
as a transient authentication error. Google should better send
a 401 error.

To activate the 401 error handling in SyncEvolution, detect this
special case and turn the general SE_ERROR error into SE_AUTH.
---
 src/backends/webdav/NeonCXX.cpp | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/backends/webdav/NeonCXX.cpp b/src/backends/webdav/NeonCXX.cpp
index 60fa572..9c0230e 100644
--- a/src/backends/webdav/NeonCXX.cpp
+++ b/src/backends/webdav/NeonCXX.cpp
@@ -600,6 +600,12 @@ bool Session::checkError(int error, int code, const ne_status *status,
         }
     }
 
+    // Detect 403 returned by Google for a bad access token and treat that like
+    // 401 = NE_AUTH. Neon itself doesn't do that.
+    if (m_authProvider && error == NE_ERROR && code == 403) {
+        error = NE_AUTH;
+    }
+
     switch (error) {
     case NE_OK:
         // request itself completed, but might still have resulted in bad status
-- 
1.8.4.5