For those of us who have typed dd in vi quickly followed by :wq this is a most serious thing indeed 
1 Like
okay here is the whole file with my credentials: .import Sailfish.Weather 1.0 as Weather
.pragma library
var user = “s-ebastianmatkovich”
var password = “RjvRUJlWj2AE”
var token = “eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC9wZmEuZm9yZWNhLmNvbVwvYXV0aG9yaXplXC90b2tlbiIsImlhdCI6MTcwMDAzMTIxNSwiZXhwIjo5OTk5OTk5OTk5LCJuYmYiOjE3MDAwMzEyMTUsImp0aSI6IjhhMzAwYjJlZmUyYzhjOGMiLCJzdWIiOiJzLWViYXN0aWFubWF0a292aWNoIiwiZm10IjoiWERjT2hqQzQwK0FMamxZVHRqYk9pQT09In0.WlbbqSu5m3kaCW1vW-FapgxVJ__lsiavND_pbXwMU20”
var tokenRequest
var pendingTokenRequests = []
var lastUpdate = new Date()
function fetchToken(model) {
if (model == undefined) {
console.warn(“Token requested for undefined or null model”)
return false
}
if (token.length > 0 && !updateAllowed()) {
model.token = token
return true
} else {
if (!tokenRequest) {
if (user.length === 0 || password.length === 0) {
var keyProvider = Qt.createQmlObject(
"import com.jolla.settings.accounts 1.0; StoredKeyProvider {}",
model, "StoreKeyProvider")
user = keyProvider.storedKey("foreca", "", "user")
password = keyProvider.storedKey("foreca", "", "password")
keyProvider.destroy()
if (user.length === 0 || password.length === 0) {
console.warn("Unable to get Foreca credentials needed to identify with the service")
return false
}
}
tokenRequest = new XMLHttpRequest()
var url = "https://pfa.foreca.com/authorize/token?user=" + user + "&password=" + password
// Send the proper header information along with the tokenRequest
tokenRequest.onreadystatechange = function() { // Call a function when the state changes.
if (tokenRequest.readyState == XMLHttpRequest.DONE) {
if (tokenRequest.status == 200) {
var json = JSON.parse(tokenRequest.responseText)
token = json["access_token"]
} else {
token = ""
console.log("Failed to obtain Foreca token. HTTP error code: " + tokenRequest.status)
}
for (var i = 0; i < pendingTokenRequests.length; i++) {
pendingTokenRequests[i].token = token
if (tokenRequest.status !== 200) {
pendingTokenRequests[i].status = (tokenRequest.status === 401) ? Weather.Weather.Unauthorized : Weather.Weather.Error
}
}
pendingTokenRequests = []
tokenRequest = undefined
}
}
tokenRequest.open("GET", url)
tokenRequest.send()
}
pendingTokenRequests[pendingTokenRequests.length] = model
}
return false
}
function updateAllowed(interval) {
// only update token if older than 45 minutes
interval = interval === undefined ? 45601000 : interval
var now = new Date()
var updateAllowed = now.getDate() != lastUpdate.getDate() || (now - interval > lastUpdate)
if (updateAllowed) {
lastUpdate = now
}
return updateAllowed
}
Um. No personal information please. Let’s keep it to knicknames and avatars
1 Like
in less than 1 month the personal information is useless anyway
Real hackers can grep foreca /usr/share/libsailfishkeyprovider/storedkeys.ini as root (or from a privileged shell), write a little program (or a script) that xor’s your foreca username and password with the provided key and then update that file 
This way, you won’t have to modify any .js files. You probably have to restart lipstick after updating storedkeys.ini to make sure that home screen pulls in your new credentials.
2 Likes
Why in less than a month? Id say its already all for sale ? 
Yeah, I was serious, why the attitude @smatkovi?, you did not have to include your API key, which is no fkin good to me or anyone else anyway. Wow, attitude with some people here {{{smh}}}.
Basically, although it’s a rooky mistake, I edited the said file without making a back up. I had edited my user/pass/key and the next few lines after, which is why I asked for the first 10 lines, not the whole file or your api key/username/password. Next time I need such information, I will better define what I’m asking.
Thanks for posting the necessary file, I now have fixed what I’d deleted from ForecaToken.js
@slava, thanks for details. I’m not trying or wanting to hack anyone. I’m not a hacker and would not even call myself a coder/programmer despite making dozens of my own apps for my device.
Although the wiki python version, XOR cipher - Wikipedia, will do, I think @slava may have a more interesting solution in c
It’s hard to believe Jolla would leave the weather app broken for three months. It can only be a lack of money, surely? Did Foreca up their license fee so dramatically Jolla couldn’t afford it? Or is Jolla’s financial situation so dire they’re cutting any and every cost. It’s disappointing.
2 Likes
They are in legal restructuring process, see
https://forum.sailfishos.org/t/re-organisation-of-jolla-company/17133/17?u=davidrasch
This might limit their ability to spend any money.
4 Likes
As much as i love foreca, and it’s also the most accurate weather for my area, i guess they should “for the moment” switch to something else, like yr.no, which is free to use
Unfortunately as much as i like meecast i would still prefer to use the default app…
3 Likes
I wonder if we could crowdsource the funds to buy a shared Foreca token until Jolla gets back on their feet?
3 Likes
This was the point of starting on https://keypeer.org (api rough sketches at: Swagger UI ) but I just haven’t had enough time to ‘go there’. The idea is, be a broker between apps requiring a key and a payment platform (https://opencollective.com/europe for instance). anyone who has some time to sink (hope, hope)…
2 Likes
That was an idea i proposed on the italian group, count me in
My idea was to give money to someone trusted from the community and let him buy the key to share to us
I guess the lowest tier should be ok
Still anyway, if the amount is resonable do count me in
2 Likes
I’d also be ok with paying a few euros per month just to avoid the inconvenience of periodically renewing foreca trial token.
1 Like
The sailmates , well, @jojo in the main, had been in discussions for a key for the club. I’m asking what our status is. The idea could obviously extend to other services.
2 Likes
Indeed we tried. I exchanged mails with Foreca. Currently you can only have 10 API keys per account and we wanted to, at least, have one for each of the Sailmates members. Unfortunately Foreca refused it. They were also against the idea of having one account for multiple persons, for example, one Sailmates account, and one API key per member. Here is their last reply:
I discussed this with my colleagues and we cannot allow larger distribution of API keys, since we cannot be 100% sure of every keys use case. If you would like to acquire Foreca Weather API, the standard terms apply. Please let me know if you would like to review our Content & Licence Agreement.
I did explain at repeated occasions, as seen by the other Sailmates members, that we were a not-for-profit and the context behind our request. I don’t think their current API service targets individuals, but rather companies that need weather services for some reason.
An alternative solution was to have only one API key for Sailmates, and use a service such as the one @poetaster wanted to develop for redistributing keys. This might be against their service agreements (i did not check).
9 Likes
Underrated comment:) Nice find and the calendar works pretty well for this!
4 Likes
I still would like to use the Weather-App again. Changing from Foreca.fi to a free weather service provider would allow the long term usage.
Yr.no provides a free service for any location.
So how could we convince the Jolla management to change the weather service provider or to open the Weather App for SFOS community?
5 Likes
The only realistic way is for Jolla to release the source code of the app, or to adapt the app and provide more info how to develop third party plugins for other weather forecast providers.
I have the feeling this issue will not be addressed in the forthcoming release.
If you ask how can Jolla be convinced, hm i do not think it’s possible
3 Likes