feat(PiConnect): Warning on token overwrite + fix token positional param

paulober · paulober · commit a65e4948835e · 2025-10-22T11:25:11.000+01:00
Signed-off-by: paulober &lt;44974737+paulober@users.noreply.github.com&gt;
diff --git a/src/imagewriter.cpp b/src/imagewriter.cpp
@@ -44,6 +44,10 @@
 #include <QWindow>
 #include <QGuiApplication>
 #endif
+#include <QUrl>
+#include <QUrlQuery>
+#include <QString>
+#include <QStringList>
 #include <QHostAddress>
 #include <QNetworkAccessManager>
 #include <QNetworkReply>
@@ -2547,15 +2551,53 @@ void ImageWriter::openUrl(const QUrl &url)
     }
 }
 
+static QString parseTokenFromUrl(const QUrl &url) {
+    // Handle QUrl or string, accept token/code/deploy_key/auth_key
+    if (!url.isValid()) {
+        return {};
+    }
+
+    QUrlQuery q(url);
+    static const QStringList keys {
+        QStringLiteral("token"),
+        QStringLiteral("code"),
+        QStringLiteral("deploy_key"),
+        QStringLiteral("auth_key")
+    };
+
+    for (const auto& key : keys) {
+        const QString val = q.queryItemValue(key, QUrl::FullyDecoded);
+        if (!val.isEmpty())
+            return val;
+    }
+
+    return {};
+}
+
 void ImageWriter::handleIncomingUrl(const QUrl &url)
 {
     qDebug() << "Incoming URL:" << url;
-    emit connectCallbackReceived(QVariant::fromValue(url));
+
+    auto token = parseTokenFromUrl(url);
+    if (!token.isEmpty()) {
+        if (!_piConnectToken.isEmpty()) {
+            if (_piConnectToken != token) {
+                // Let QML decide whether to overwrite
+                emit connectTokenConflictDetected(token);
+            }
+
+            return;
+        }
+
+        overwriteConnectToken(token);
+    }
 }
 
-void ImageWriter::setRuntimeConnectToken(const QString &token)
+void ImageWriter::overwriteConnectToken(const QString &token)
 {
+    // Ephemeral session-only Connect token (never persisted)
     _piConnectToken = token;
+    emit connectTokenReceived(token);
 }
 
 QString ImageWriter::getRuntimeConnectToken() const
diff --git a/src/imagewriter.h b/src/imagewriter.h
@@ -267,8 +267,7 @@ class ImageWriter : public QObject
     Q_INVOKABLE void reboot();
     Q_INVOKABLE void openUrl(const QUrl &url);
     Q_INVOKABLE void handleIncomingUrl(const QUrl &url);
-    // Ephemeral session-only Connect token (never persisted)
-    Q_INVOKABLE void setRuntimeConnectToken(const QString &token);
+    Q_INVOKABLE void overwriteConnectToken(const QString &token);
     Q_INVOKABLE QString getRuntimeConnectToken() const;
     
     /* Override OS list refresh schedule (in minutes); pass negative to clear override */
@@ -299,7 +298,8 @@ class ImageWriter : public QObject
     void keychainPermissionRequested();
     void keychainPermissionResponseReceived();
     void writeStateChanged();
-    void connectCallbackReceived(QVariant url);
+    void connectTokenReceived(const QString &token);
+    void connectTokenConflictDetected(const QString &token);
     void cacheStatusChanged();
 
 protected slots:
diff --git a/src/wizard/PiConnectCustomizationStep.qml b/src/wizard/PiConnectCustomizationStep.qml
@@ -84,49 +84,34 @@ WizardStepBase {
     property bool connectTokenReceived: false
     property string connectToken: ""
 
-    function parseTokenFromUrl(u) {
-        // Handle QUrl or string, accept token/code/deploy_key/auth_key
-        var s = ""
-        try {
-            if (u && typeof u.toString === 'function') s = u.toString(); else s = String(u)
-        } catch(e) { s = String(u) }
-        if (!s || s.length === 0) return ""
-        var qIndex = s.indexOf('?')
-        if (qIndex === -1) return ""
-        var query = s.substring(qIndex+1)
-        var parts = query.split('&')
-        var token = ""
-        for (var i = 0; i < parts.length; i++) {
-            var kv = parts[i].split('=')
-            if (kv.length >= 2) {
-                var key = decodeURIComponent(kv[0])
-                var val = decodeURIComponent(kv.slice(1).join('='))
-                if (key === 'token' || key === 'code' || key === 'deploy_key' || key === 'auth_key') {
-                    token = val
-                    break
-                }
+    Connections {
+        target: root.imageWriter
+
+        // Listen for callback with token
+        function connectTokenReceived(token){
+            if (token && token.length > 0) {
+                connectTokenReceived = true
+                connectToken = token
             }
         }
-        return token
     }
 
     Component.onCompleted: {
         root.registerFocusGroup("pi_connect", function(){ return [btnOpenConnect, useTokenPill.focusItem] }, 0)
+
+        var token = root.imageWriter.getRuntimeConnectToken()
+        if (token && token.length > 0) {
+            connectTokenReceived = true
+            connectToken = token
+        }
+
         var saved = imageWriter.getSavedCustomizationSettings()
         // Never load token from persistent settings; token is session-only
-        if (saved.piConnectEnabled === true || saved.piConnectEnabled === "true") {
+        // auto enable if token has already been provided
+        if (saved.piConnectEnabled === true || saved.piConnectEnabled === "true" || connectTokenReceived) {
             useTokenPill.checked = true
             wizardContainer.piConnectEnabled = true
         }
-        // Listen for callback with token
-        root.imageWriter.connectCallbackReceived.connect(function(url){
-            var t = parseTokenFromUrl(url)
-            if (t && t.length > 0) {
-                connectTokenReceived = true
-                connectToken = t
-                imageWriter.setRuntimeConnectToken(t)
-            }
-        })
     }
 
     onNextClicked: {
diff --git a/src/wizard/WizardContainer.qml b/src/wizard/WizardContainer.qml
@@ -944,6 +944,120 @@ Item {
             onNextClicked: root.wizardCompleted()
         }
     }
+
+    // Token conflict dialog — based on your BaseDialog pattern
+    BaseDialog {
+        id: tokenConflictDialog
+        parent: root
+        anchors.centerIn: parent
+
+        // carry the new token we just received
+        property string newToken: ""
+        property bool allowAccept: false
+
+        // small safety delay before enabling "Replace"
+        Timer {
+            id: acceptEnableDelay
+            interval: 1500
+            running: false
+            repeat: false
+            onTriggered: tokenConflictDialog.allowAccept = true
+        }
+
+        function openWithToken(tok) {
+            newToken = tok
+            allowAccept = false
+            acceptEnableDelay.start()
+            tokenConflictDialog.open()
+        }
+
+        // ESC closes
+        function escapePressed() { tokenConflictDialog.close() }
+
+        Component.onCompleted: {
+            // match your focus group style
+            registerFocusGroup("token_conflict_buttons", function() {
+                return [keepBtn, replaceBtn]
+            }, 0)
+        }
+
+        onClosed: {
+            acceptEnableDelay.stop()
+            allowAccept = false
+            newToken = ""
+        }
+
+        // ----- CONTENT -----
+        Text {
+            id: titleText
+            text: qsTr("Replace existing Raspberry Pi Connect token?")
+            font.pixelSize: Style.fontSizeHeading
+            font.family: Style.fontFamilyBold
+            font.bold: true
+            color: Style.formLabelColor
+            wrapMode: Text.WordWrap
+            Layout.fillWidth: true
+            Accessible.role: Accessible.Heading
+            Accessible.name: text
+            Accessible.ignored: false
+        }
+
+        // Body / security note
+        Text {
+            id: bodyText
+            text: qsTr("A new Raspberry Pi Connect token was received that differs from your current one.\n\n") +
+                  qsTr("Do you want to overwrite the existing token?\n\n") +
+                  qsTr("Warning: Only replace the token if you initiated this action. ") +
+                  qsTr("If you didn't, someone could be trying to push a bad token to RPi Imager.")
+            font.pixelSize: Style.fontSizeFormLabel
+            font.family: Style.fontFamily
+            color: Style.formLabelColor
+            wrapMode: Text.WordWrap
+            Layout.fillWidth: true
+            Accessible.role: Accessible.StaticText
+            Accessible.name: text
+            Accessible.ignored: false
+        }
+
+        // Buttons row
+        RowLayout {
+            id: btnRow
+            Layout.fillWidth: true
+            Layout.topMargin: Style.spacingSmall
+            spacing: Style.spacingMedium
+
+            Item { Layout.fillWidth: true }
+
+            ImButton {
+                id: replaceBtn
+                text: tokenConflictDialog.allowAccept ? qsTr("Replace token") : qsTr("Please wait…")
+                accessibleDescription: qsTr("Replace the current token with the newly received one")
+                enabled: tokenConflictDialog.allowAccept
+                activeFocusOnTab: true
+                onClicked: {
+                    tokenConflictDialog.close()
+                    // Overwrite in C++ and re-emit to existing listeners
+                    root.imageWriter.overwriteConnectToken(tokenConflictDialog.newToken)
+                }
+            }
+
+            ImButtonRed {
+                id: keepBtn
+                text: qsTr("Keep existing")
+                accessibleDescription: qsTr("Keep your current Raspberry Pi Connect token")
+                activeFocusOnTab: true
+                onClicked: tokenConflictDialog.close()
+            }
+        }
+    }
+
+    Connections {
+        target: root.imageWriter
+        function onConnectTokenConflictDetected(newToken) {
+            tokenConflictDialog.openWithToken(newToken)
+        }
+    }
+
     
     function onFinalizing() {
         // Forward to the WritingStep if currently active
