projects / pub / Android / ownCloud.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'saml_based_federated_single_sign_on' into saml_based_federated_single_s...
[pub/Android/ownCloud.git] / src / com / owncloud / android / authentication / AuthenticatorActivity.java
1 /* ownCloud Android client application
2 * Copyright (C) 2012 Bartek Przybylski
3 * Copyright (C) 2012-2013 ownCloud Inc.
4 *
5 * This program is free software: you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2,
7 * as published by the Free Software Foundation.
8 *
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program. If not, see <http://www.gnu.org/licenses/>.
16 *
17 */
18
19 package com.owncloud.android.authentication;
20
21 import com.owncloud.android.Log_OC;
22 import com.owncloud.android.ui.dialog.SslValidatorDialog;
23 import com.owncloud.android.ui.dialog.SslValidatorDialog.OnSslValidatorListener;
24 import com.owncloud.android.utils.OwnCloudVersion;
25 import com.owncloud.android.authentication.SsoWebViewClient.SsoWebViewClientListener;
26 import com.owncloud.android.network.OwnCloudClientUtils;
27 import com.owncloud.android.operations.OwnCloudServerCheckOperation;
28 import com.owncloud.android.operations.ExistenceCheckOperation;
29 import com.owncloud.android.operations.OAuth2GetAccessToken;
30 import com.owncloud.android.operations.OnRemoteOperationListener;
31 import com.owncloud.android.operations.RemoteOperation;
32 import com.owncloud.android.operations.RemoteOperationResult;
33 import com.owncloud.android.operations.RemoteOperationResult.ResultCode;
34
35 import android.accounts.Account;
36 import android.accounts.AccountAuthenticatorActivity;
37 import android.accounts.AccountManager;
38 import android.annotation.SuppressLint;
39 import android.app.AlertDialog;
40 import android.app.Dialog;
41 import android.app.ProgressDialog;
42 import android.content.ContentResolver;
43 import android.content.DialogInterface;
44 import android.content.Intent;
45 import android.content.SharedPreferences;
46 import android.graphics.Rect;
47 import android.graphics.drawable.Drawable;
48 import android.net.Uri;
49 import android.os.Bundle;
50 import android.os.Handler;
51 import android.preference.PreferenceManager;
52 import android.text.Editable;
53 import android.text.InputType;
54 import android.text.TextWatcher;
55 import android.view.KeyEvent;
56 import android.view.MotionEvent;
57 import android.view.View;
58 import android.view.View.OnFocusChangeListener;
59 import android.view.View.OnTouchListener;
60 import android.view.Window;
61 import android.view.inputmethod.EditorInfo;
62 import android.webkit.CookieManager;
63 import android.webkit.WebSettings;
64 import android.webkit.WebView;
65 import android.widget.CheckBox;
66 import android.widget.EditText;
67 import android.widget.Button;
68 import android.widget.TextView;
69 import android.widget.Toast;
70 import android.widget.TextView.OnEditorActionListener;
71
72 import com.owncloud.android.R;
73
74 import eu.alefzero.webdav.WebdavClient;
75
76 /**
77 * This Activity is used to add an ownCloud account to the App
78 *
79 * @author Bartek Przybylski
80 * @author David A. Velasco
81 */
82 public class AuthenticatorActivity extends AccountAuthenticatorActivity
83 implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeListener, OnEditorActionListener, SsoWebViewClientListener {
84
85 private static final String TAG = AuthenticatorActivity.class.getSimpleName();
86
87 public static final String EXTRA_ACCOUNT = "ACCOUNT";
88 public static final String EXTRA_USER_NAME = "USER_NAME";
89 public static final String EXTRA_HOST_NAME = "HOST_NAME";
90 public static final String EXTRA_ACTION = "ACTION";
91 public static final String EXTRA_ENFORCED_UPDATE = "ENFORCE_UPDATE";
92
93 private static final String KEY_HOST_URL_TEXT = "HOST_URL_TEXT";
94 private static final String KEY_OC_VERSION = "OC_VERSION";
95 private static final String KEY_ACCOUNT = "ACCOUNT";
96 private static final String KEY_SERVER_VALID = "SERVER_VALID";
97 private static final String KEY_SERVER_CHECKED = "SERVER_CHECKED";
98 private static final String KEY_SERVER_CHECK_IN_PROGRESS = "SERVER_CHECK_IN_PROGRESS";
99 private static final String KEY_SERVER_STATUS_TEXT = "SERVER_STATUS_TEXT";
100 private static final String KEY_SERVER_STATUS_ICON = "SERVER_STATUS_ICON";
101 private static final String KEY_IS_SSL_CONN = "IS_SSL_CONN";
102 private static final String KEY_PASSWORD_VISIBLE = "PASSWORD_VISIBLE";
103 private static final String KEY_AUTH_STATUS_TEXT = "AUTH_STATUS_TEXT";
104 private static final String KEY_AUTH_STATUS_ICON = "AUTH_STATUS_ICON";
105 private static final String KEY_REFRESH_BUTTON_ENABLED = "KEY_REFRESH_BUTTON_ENABLED";
106
107 private static final String AUTH_ON = "on";
108 private static final String AUTH_OFF = "off";
109 private static final String AUTH_OPTIONAL = "optional";
110
111 private static final int DIALOG_LOGIN_PROGRESS = 0;
112 private static final int DIALOG_SSL_VALIDATOR = 1;
113 private static final int DIALOG_CERT_NOT_SAVED = 2;
114 private static final int DIALOG_OAUTH2_LOGIN_PROGRESS = 3;
115
116 public static final byte ACTION_CREATE = 0;
117 public static final byte ACTION_UPDATE_TOKEN = 1;
118
119 private String mHostBaseUrl;
120 private OwnCloudVersion mDiscoveredVersion;
121
122 private int mServerStatusText, mServerStatusIcon;
123 private boolean mServerIsChecked, mServerIsValid, mIsSslConn;
124 private int mAuthStatusText, mAuthStatusIcon;
125 private TextView mAuthStatusLayout;
126
127 private final Handler mHandler = new Handler();
128 private Thread mOperationThread;
129 private OwnCloudServerCheckOperation mOcServerChkOperation;
130 private ExistenceCheckOperation mAuthCheckOperation;
131 private RemoteOperationResult mLastSslUntrustedServerResult;
132
133 private Uri mNewCapturedUriFromOAuth2Redirection;
134
135 private AccountManager mAccountMgr;
136 private boolean mJustCreated;
137 private byte mAction;
138 private Account mAccount;
139
140 private EditText mHostUrlInput;
141 private boolean mHostUrlInputEnabled;
142 private View mRefreshButton;
143
144 private String mCurrentAuthTokenType;
145
146 private EditText mUsernameInput;
147 private EditText mPasswordInput;
148
149 private CheckBox mOAuth2Check;
150
151 private TextView mOAuthAuthEndpointText;
152 private TextView mOAuthTokenEndpointText;
153
154 private TextView mAccountNameInput;
155 private WebView mSsoWebView;
156 private SsoWebViewClient mWebViewClient;
157
158 private View mOkButton;
159
160 private String mAuthToken;
161
162
163 /**
164 * {@inheritDoc}
165 *
166 * IMPORTANT ENTRY POINT 1: activity is shown to the user
167 */
168 @Override
169 protected void onCreate(Bundle savedInstanceState) {
170 super.onCreate(savedInstanceState);
171 getWindow().requestFeature(Window.FEATURE_NO_TITLE);
172
173 /// set view and get references to view elements
174 setContentView(R.layout.account_setup);
175 mHostUrlInput = (EditText) findViewById(R.id.hostUrlInput);
176 mHostUrlInput.setText(getString(R.string.server_url)); // valid although R.string.server_url is an empty string
177 mUsernameInput = (EditText) findViewById(R.id.account_username);
178 mPasswordInput = (EditText) findViewById(R.id.account_password);
179 mOAuthAuthEndpointText = (TextView)findViewById(R.id.oAuthEntryPoint_1);
180 mOAuthTokenEndpointText = (TextView)findViewById(R.id.oAuthEntryPoint_2);
181 mOAuth2Check = (CheckBox) findViewById(R.id.oauth_onOff_check);
182 mAccountNameInput = (EditText) findViewById(R.id.account_name);
183 mSsoWebView = (WebView) findViewById(R.id.web_sso_view);
184 mOkButton = findViewById(R.id.buttonOK);
185 mAuthStatusLayout = (TextView) findViewById(R.id.auth_status_text);
186
187 /// set Host Url Input Enabled
188 mHostUrlInputEnabled = getResources().getBoolean(R.bool.show_server_url_input);
189
190
191 /// complete label for 'register account' button
192 Button b = (Button) findViewById(R.id.account_register);
193 if (b != null) {
194 b.setText(String.format(getString(R.string.auth_register), getString(R.string.app_name)));
195 }
196
197 /// initialization
198 mAccountMgr = AccountManager.get(this);
199 mNewCapturedUriFromOAuth2Redirection = null;
200 mAction = getIntent().getByteExtra(EXTRA_ACTION, ACTION_CREATE);
201 mAccount = null;
202 mHostBaseUrl = "";
203 boolean refreshButtonEnabled = false;
204
205 // URL input configuration applied
206 if (!mHostUrlInputEnabled)
207 {
208 findViewById(R.id.hostUrlFrame).setVisibility(View.GONE);
209 mRefreshButton = findViewById(R.id.centeredRefreshButton);
210
211 } else {
212 mRefreshButton = findViewById(R.id.embeddedRefreshButton);
213 }
214
215 if (savedInstanceState == null) {
216 /// connection state and info
217 mServerStatusText = mServerStatusIcon = 0;
218 mServerIsValid = false;
219 mServerIsChecked = false;
220 mIsSslConn = false;
221 mAuthStatusText = mAuthStatusIcon = 0;
222
223 /// retrieve extras from intent
224 mAccount = getIntent().getExtras().getParcelable(EXTRA_ACCOUNT);
225 if (mAccount != null) {
226 String ocVersion = mAccountMgr.getUserData(mAccount, AccountAuthenticator.KEY_OC_VERSION);
227 if (ocVersion != null) {
228 mDiscoveredVersion = new OwnCloudVersion(ocVersion);
229 }
230 mHostBaseUrl = normalizeUrl(mAccountMgr.getUserData(mAccount, AccountAuthenticator.KEY_OC_BASE_URL));
231 mHostUrlInput.setText(mHostBaseUrl);
232 String userName = mAccount.name.substring(0, mAccount.name.lastIndexOf('@'));
233 mUsernameInput.setText(userName);
234 mAccountNameInput.setText(userName);
235 }
236 initAuthorizationMethod(); // checks intent and setup.xml to determine mCurrentAuthorizationMethod
237 mJustCreated = true;
238
239 if (mAction == ACTION_UPDATE_TOKEN || !mHostUrlInputEnabled) {
240 checkOcServer();
241 }
242
243 } else {
244 /// connection state and info
245 mServerIsValid = savedInstanceState.getBoolean(KEY_SERVER_VALID);
246 mServerIsChecked = savedInstanceState.getBoolean(KEY_SERVER_CHECKED);
247 mServerStatusText = savedInstanceState.getInt(KEY_SERVER_STATUS_TEXT);
248 mServerStatusIcon = savedInstanceState.getInt(KEY_SERVER_STATUS_ICON);
249 mIsSslConn = savedInstanceState.getBoolean(KEY_IS_SSL_CONN);
250 mAuthStatusText = savedInstanceState.getInt(KEY_AUTH_STATUS_TEXT);
251 mAuthStatusIcon = savedInstanceState.getInt(KEY_AUTH_STATUS_ICON);
252 if (savedInstanceState.getBoolean(KEY_PASSWORD_VISIBLE, false)) {
253 showPassword();
254 }
255
256 /// server data
257 String ocVersion = savedInstanceState.getString(KEY_OC_VERSION);
258 if (ocVersion != null) {
259 mDiscoveredVersion = new OwnCloudVersion(ocVersion);
260 }
261 mHostBaseUrl = savedInstanceState.getString(KEY_HOST_URL_TEXT);
262
263 // account data, if updating
264 mAccount = savedInstanceState.getParcelable(KEY_ACCOUNT);
265 mCurrentAuthTokenType = savedInstanceState.getString(AccountAuthenticator.KEY_AUTH_TOKEN_TYPE);
266 if (mCurrentAuthTokenType == null) {
267 mCurrentAuthTokenType = AccountAuthenticator.AUTH_TOKEN_TYPE_PASSWORD;
268
269 } else if (AccountAuthenticator.AUTH_TOKEN_TYPE_SAML_WEB_SSO_SESSION_COOKIE.equals(mCurrentAuthTokenType)) {
270 restoreWebView(savedInstanceState);
271 }
272
273 // check if server check was interrupted by a configuration change
274 if (savedInstanceState.getBoolean(KEY_SERVER_CHECK_IN_PROGRESS, false)) {
275 checkOcServer();
276 }
277
278 // refresh button enabled
279 refreshButtonEnabled = savedInstanceState.getBoolean(KEY_REFRESH_BUTTON_ENABLED);
280
281
282 }
283
284 adaptViewAccordingToAuthenticationMethod();
285 showServerStatus();
286 showAuthStatus();
287
288 if (mAction == ACTION_UPDATE_TOKEN) {
289 /// lock things that should not change
290 mHostUrlInput.setEnabled(false);
291 mHostUrlInput.setFocusable(false);
292 mUsernameInput.setEnabled(false);
293 mUsernameInput.setFocusable(false);
294 mOAuth2Check.setVisibility(View.GONE);
295 mAccountNameInput.setEnabled(false);
296 mAccountNameInput.setFocusable(false);
297 }
298
299 //if (mServerIsChecked && !mServerIsValid && mRefreshButtonEnabled) showRefreshButton();
300 if (mServerIsChecked && !mServerIsValid && refreshButtonEnabled) showRefreshButton();
301 mOkButton.setEnabled(mServerIsValid); // state not automatically recovered in configuration changes
302
303 if (AccountAuthenticator.AUTH_TOKEN_TYPE_SAML_WEB_SSO_SESSION_COOKIE.equals(mCurrentAuthTokenType) ||
304 !AUTH_OPTIONAL.equals(getString(R.string.auth_method_oauth2))) {
305 mOAuth2Check.setVisibility(View.GONE);
306 }
307
308 mPasswordInput.setText(""); // clean password to avoid social hacking (disadvantage: password in removed if the device is turned aside)
309
310 /// bind view elements to listeners and other friends
311 mHostUrlInput.setOnFocusChangeListener(this);
312 mHostUrlInput.addTextChangedListener(new TextWatcher() {
313
314 @Override
315 public void afterTextChanged(Editable s) {
316 if (!mHostBaseUrl.equals(normalizeUrl(mHostUrlInput.getText().toString()))) {
317 mOkButton.setEnabled(false);
318 }
319 }
320
321 @Override
322 public void beforeTextChanged(CharSequence s, int start, int count, int after) {}
323
324 @Override
325 public void onTextChanged(CharSequence s, int start, int before, int count) {}
326
327 });
328 mPasswordInput.setOnFocusChangeListener(this);
329 mPasswordInput.setImeOptions(EditorInfo.IME_ACTION_DONE);
330 mPasswordInput.setOnEditorActionListener(this);
331 mPasswordInput.setOnTouchListener(new RightDrawableOnTouchListener() {
332 @Override
333 public boolean onDrawableTouch(final MotionEvent event) {
334 if (event.getAction() == MotionEvent.ACTION_UP) {
335 AuthenticatorActivity.this.onViewPasswordClick();
336 }
337 return true;
338 }
339 });
340
341 }
342
343 @SuppressLint("SetJavaScriptEnabled")
344 private void initWebView() {
345 CookieManager cookieManager = CookieManager.getInstance();
346 cookieManager.setAcceptCookie(true);
347 cookieManager.removeAllCookie();
348
349 mWebViewClient = new SsoWebViewClient(mHandler, this);
350 mSsoWebView.setWebViewClient(mWebViewClient);
351 WebSettings webSettings = mSsoWebView.getSettings();
352 webSettings.setJavaScriptEnabled(true);
353 webSettings.setBuiltInZoomControls(true);
354 webSettings.setLoadWithOverviewMode(false);
355 webSettings.setSavePassword(false);
356 webSettings.setUserAgentString(WebdavClient.USER_AGENT);
357 }
358
359 @SuppressLint("SetJavaScriptEnabled")
360 private void restoreWebView(Bundle savedInstanceState) {
361 mSsoWebView.restoreState(savedInstanceState);
362
363 CookieManager cookieManager = CookieManager.getInstance();
364 Log_OC.e(TAG, "Accept Cookie: " + cookieManager.acceptCookie());
365
366 mWebViewClient = new SsoWebViewClient(mHandler, this);
367 mSsoWebView.setWebViewClient(mWebViewClient);
368 mWebViewClient.setTargetUrl(mHostBaseUrl + AccountUtils.getWebdavPath(mDiscoveredVersion, mCurrentAuthTokenType));
369
370 WebSettings webSettings = mSsoWebView.getSettings();
371 webSettings.setJavaScriptEnabled(true); // at least this one is not being kept by WebView#restoreState
372 webSettings.setBuiltInZoomControls(true);
373 webSettings.setLoadWithOverviewMode(false);
374 webSettings.setSavePassword(false);
375 webSettings.setUserAgentString(WebdavClient.USER_AGENT);
376 }
377
378 private void initAuthorizationMethod() {
379 boolean oAuthRequired = false;
380 boolean samlWebSsoRequired = false;
381
382 mCurrentAuthTokenType = getIntent().getExtras().getString(AccountAuthenticator.KEY_AUTH_TOKEN_TYPE);
383 mAccount = getIntent().getExtras().getParcelable(EXTRA_ACCOUNT);
384
385 // TODO could be a good moment to validate the received token type, if not null
386
387 if (mCurrentAuthTokenType == null) {
388 if (mAccount != null) {
389 /// same authentication method than the one used to create the account to update
390 oAuthRequired = (mAccountMgr.getUserData(mAccount, AccountAuthenticator.KEY_SUPPORTS_OAUTH2) != null);
391 samlWebSsoRequired = (mAccountMgr.getUserData(mAccount, AccountAuthenticator.KEY_SUPPORTS_SAML_WEB_SSO) != null);
392
393 } else {
394 /// use the one set in setup.xml
395 oAuthRequired = AUTH_ON.equals(getString(R.string.auth_method_oauth2));
396 samlWebSsoRequired = AUTH_ON.equals(getString(R.string.auth_method_saml_web_sso));
397 }
398 if (oAuthRequired) {
399 mCurrentAuthTokenType = AccountAuthenticator.AUTH_TOKEN_TYPE_ACCESS_TOKEN;
400 } else if (samlWebSsoRequired) {
401 mCurrentAuthTokenType = AccountAuthenticator.AUTH_TOKEN_TYPE_SAML_WEB_SSO_SESSION_COOKIE;
402 } else {
403 mCurrentAuthTokenType = AccountAuthenticator.AUTH_TOKEN_TYPE_PASSWORD;
404 }
405 }
406
407 if (mAccount != null) {
408 String userName = mAccount.name.substring(0, mAccount.name.lastIndexOf('@'));
409 mUsernameInput.setText(userName);
410 }
411
412 if (AccountAuthenticator.AUTH_TOKEN_TYPE_SAML_WEB_SSO_SESSION_COOKIE.equals(mCurrentAuthTokenType)) {
413 initWebView();
414 }
415 mOAuth2Check.setChecked(AccountAuthenticator.AUTH_TOKEN_TYPE_ACCESS_TOKEN.equals(mCurrentAuthTokenType));
416
417 }
418
419 /**
420 * Saves relevant state before {@link #onPause()}
421 *
422 * Do NOT save {@link #mNewCapturedUriFromOAuth2Redirection}; it keeps a temporal flag, intended to defer the
423 * processing of the redirection caught in {@link #onNewIntent(Intent)} until {@link #onResume()}
424 *
425 * See {@link #loadSavedInstanceState(Bundle)}
426 */
427 @Override
428 protected void onSaveInstanceState(Bundle outState) {
429 super.onSaveInstanceState(outState);
430
431 /// connection state and info
432 outState.putInt(KEY_SERVER_STATUS_TEXT, mServerStatusText);
433 outState.putInt(KEY_SERVER_STATUS_ICON, mServerStatusIcon);
434 outState.putBoolean(KEY_SERVER_VALID, mServerIsValid);
435 outState.putBoolean(KEY_SERVER_CHECKED, mServerIsChecked);
436 outState.putBoolean(KEY_SERVER_CHECK_IN_PROGRESS, (!mServerIsValid && mOcServerChkOperation != null));
437 outState.putBoolean(KEY_IS_SSL_CONN, mIsSslConn);
438 outState.putBoolean(KEY_PASSWORD_VISIBLE, isPasswordVisible());
439 outState.putInt(KEY_AUTH_STATUS_ICON, mAuthStatusIcon);
440 outState.putInt(KEY_AUTH_STATUS_TEXT, mAuthStatusText);
441
442 /// server data
443 if (mDiscoveredVersion != null) {
444 outState.putString(KEY_OC_VERSION, mDiscoveredVersion.toString());
445 }
446 outState.putString(KEY_HOST_URL_TEXT, mHostBaseUrl);
447
448 /// account data, if updating
449 if (mAccount != null) {
450 outState.putParcelable(KEY_ACCOUNT, mAccount);
451 }
452 outState.putString(AccountAuthenticator.KEY_AUTH_TOKEN_TYPE, mCurrentAuthTokenType);
453 if (AccountAuthenticator.AUTH_TOKEN_TYPE_SAML_WEB_SSO_SESSION_COOKIE.equals(mCurrentAuthTokenType)) {
454 mSsoWebView.saveState(outState);
455 }
456
457 // refresh button enabled
458 outState.putBoolean(KEY_REFRESH_BUTTON_ENABLED, (mRefreshButton.getVisibility() == View.VISIBLE));
459
460 }
461
462
463 /**
464 * The redirection triggered by the OAuth authentication server as response to the GET AUTHORIZATION request
465 * is caught here.
466 *
467 * To make this possible, this activity needs to be qualified with android:launchMode = "singleTask" in the
468 * AndroidManifest.xml file.
469 */
470 @Override
471 protected void onNewIntent (Intent intent) {
472 Log_OC.d(TAG, "onNewIntent()");
473 Uri data = intent.getData();
474 if (data != null && data.toString().startsWith(getString(R.string.oauth2_redirect_uri))) {
475 mNewCapturedUriFromOAuth2Redirection = data;
476 }
477 }
478
479
480 /**
481 * The redirection triggered by the OAuth authentication server as response to the GET AUTHORIZATION, and
482 * deferred in {@link #onNewIntent(Intent)}, is processed here.
483 */
484 @Override
485 protected void onResume() {
486 super.onResume();
487 if (mAction == ACTION_UPDATE_TOKEN && mJustCreated && getIntent().getBooleanExtra(EXTRA_ENFORCED_UPDATE, false)) {
488 if (AccountAuthenticator.AUTH_TOKEN_TYPE_ACCESS_TOKEN.equals(mCurrentAuthTokenType)) {
489 Toast.makeText(this, R.string.auth_expired_oauth_token_toast, Toast.LENGTH_LONG).show();
490
491 } else if (AccountAuthenticator.AUTH_TOKEN_TYPE_SAML_WEB_SSO_SESSION_COOKIE.equals(mCurrentAuthTokenType)) {
492 Toast.makeText(this, R.string.auth_expired_saml_sso_token_toast, Toast.LENGTH_LONG).show();
493
494 } else {
495 Toast.makeText(this, R.string.auth_expired_basic_auth_toast, Toast.LENGTH_LONG).show();
496 }
497 }
498
499 if (mNewCapturedUriFromOAuth2Redirection != null) {
500 getOAuth2AccessTokenFromCapturedRedirection();
501 }
502
503 mJustCreated = false;
504 }
505
506
507 /**
508 * Parses the redirection with the response to the GET AUTHORIZATION request to the
509 * oAuth server and requests for the access token (GET ACCESS TOKEN)
510 */
511 private void getOAuth2AccessTokenFromCapturedRedirection() {
512 /// Parse data from OAuth redirection
513 String queryParameters = mNewCapturedUriFromOAuth2Redirection.getQuery();
514 mNewCapturedUriFromOAuth2Redirection = null;
515
516 /// Showing the dialog with instructions for the user.
517 showDialog(DIALOG_OAUTH2_LOGIN_PROGRESS);
518
519 /// GET ACCESS TOKEN to the oAuth server
520 RemoteOperation operation = new OAuth2GetAccessToken( getString(R.string.oauth2_client_id),
521 getString(R.string.oauth2_redirect_uri),
522 getString(R.string.oauth2_grant_type),
523 queryParameters);
524 //WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(getString(R.string.oauth2_url_endpoint_access)), getApplicationContext());
525 WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(mOAuthTokenEndpointText.getText().toString().trim()), getApplicationContext(), true);
526 operation.execute(client, this, mHandler);
527 }
528
529
530
531 /**
532 * Handles the change of focus on the text inputs for the server URL and the password
533 */
534 public void onFocusChange(View view, boolean hasFocus) {
535 if (view.getId() == R.id.hostUrlInput) {
536 if (!hasFocus) {
537 onUrlInputFocusLost((TextView) view);
538 }
539 else {
540 hideRefreshButton();
541 }
542
543 } else if (view.getId() == R.id.account_password) {
544 onPasswordFocusChanged((TextView) view, hasFocus);
545 }
546 }
547
548
549 /**
550 * Handles changes in focus on the text input for the server URL.
551 *
552 * IMPORTANT ENTRY POINT 2: When (!hasFocus), user wrote the server URL and changed to
553 * other field. The operation to check the existence of the server in the entered URL is
554 * started.
555 *
556 * When hasFocus: user 'comes back' to write again the server URL.
557 *
558 * @param hostInput TextView with the URL input field receiving the change of focus.
559 */
560 private void onUrlInputFocusLost(TextView hostInput) {
561 if (!mHostBaseUrl.equals(normalizeUrl(mHostUrlInput.getText().toString()))) {
562 checkOcServer();
563 } else {
564 mOkButton.setEnabled(mServerIsValid);
565 if (!mServerIsValid) {
566 showRefreshButton();
567 }
568 }
569 }
570
571
572 private void checkOcServer() {
573 String uri = trimUrlWebdav(mHostUrlInput.getText().toString().trim());
574
575 if (!mHostUrlInputEnabled){
576 uri = getString(R.string.server_url);
577 }
578
579 mServerIsValid = false;
580 mServerIsChecked = false;
581 mOkButton.setEnabled(false);
582 mDiscoveredVersion = null;
583 hideRefreshButton();
584 if (uri.length() != 0) {
585 mServerStatusText = R.string.auth_testing_connection;
586 mServerStatusIcon = R.drawable.progress_small;
587 showServerStatus();
588 mOcServerChkOperation = new OwnCloudServerCheckOperation(uri, this);
589 WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(uri), this, true);
590 mOperationThread = mOcServerChkOperation.execute(client, this, mHandler);
591 } else {
592 mServerStatusText = 0;
593 mServerStatusIcon = 0;
594 showServerStatus();
595 }
596 }
597
598
599 /**
600 * Handles changes in focus on the text input for the password (basic authorization).
601 *
602 * When (hasFocus), the button to toggle password visibility is shown.
603 *
604 * When (!hasFocus), the button is made invisible and the password is hidden.
605 *
606 * @param passwordInput TextView with the password input field receiving the change of focus.
607 * @param hasFocus 'True' if focus is received, 'false' if is lost
608 */
609 private void onPasswordFocusChanged(TextView passwordInput, boolean hasFocus) {
610 if (hasFocus) {
611 showViewPasswordButton();
612 } else {
613 hidePassword();
614 hidePasswordButton();
615 }
616 }
617
618
619 private void showViewPasswordButton() {
620 //int drawable = android.R.drawable.ic_menu_view;
621 int drawable = R.drawable.ic_view;
622 if (isPasswordVisible()) {
623 //drawable = android.R.drawable.ic_secure;
624 drawable = R.drawable.ic_hide;
625 }
626 mPasswordInput.setCompoundDrawablesWithIntrinsicBounds(0, 0, drawable, 0);
627 }
628
629 private boolean isPasswordVisible() {
630 return ((mPasswordInput.getInputType() & InputType.TYPE_TEXT_VARIATION_VISIBLE_PASSWORD) == InputType.TYPE_TEXT_VARIATION_VISIBLE_PASSWORD);
631 }
632
633 private void hidePasswordButton() {
634 mPasswordInput.setCompoundDrawablesWithIntrinsicBounds(0, 0, 0, 0);
635 }
636
637 private void showPassword() {
638 mPasswordInput.setInputType(InputType.TYPE_CLASS_TEXT | InputType.TYPE_TEXT_VARIATION_VISIBLE_PASSWORD);
639 showViewPasswordButton();
640 }
641
642 private void hidePassword() {
643 mPasswordInput.setInputType(InputType.TYPE_CLASS_TEXT | InputType.TYPE_TEXT_VARIATION_PASSWORD);
644 showViewPasswordButton();
645 }
646
647
648 /**
649 * Cancels the authenticator activity
650 *
651 * IMPORTANT ENTRY POINT 3: Never underestimate the importance of cancellation
652 *
653 * This method is bound in the layout/acceoun_setup.xml resource file.
654 *
655 * @param view Cancel button
656 */
657 public void onCancelClick(View view) {
658 setResult(RESULT_CANCELED); // TODO review how is this related to AccountAuthenticator (debugging)
659 finish();
660 }
661
662
663
664 /**
665 * Checks the credentials of the user in the root of the ownCloud server
666 * before creating a new local account.
667 *
668 * For basic authorization, a check of existence of the root folder is
669 * performed.
670 *
671 * For OAuth, starts the flow to get an access token; the credentials test
672 * is postponed until it is available.
673 *
674 * IMPORTANT ENTRY POINT 4
675 *
676 * @param view OK button
677 */
678 public void onOkClick(View view) {
679 // this check should be unnecessary
680 if (mDiscoveredVersion == null || !mDiscoveredVersion.isVersionValid() || mHostBaseUrl == null || mHostBaseUrl.length() == 0) {
681 mServerStatusIcon = R.drawable.common_error;
682 mServerStatusText = R.string.auth_wtf_reenter_URL;
683 showServerStatus();
684 mOkButton.setEnabled(false);
685 Log_OC.wtf(TAG, "The user was allowed to click 'connect' to an unchecked server!!");
686 return;
687 }
688
689 if (AccountAuthenticator.AUTH_TOKEN_TYPE_ACCESS_TOKEN.equals(mCurrentAuthTokenType)) {
690 startOauthorization();
691 } else if (AccountAuthenticator.AUTH_TOKEN_TYPE_SAML_WEB_SSO_SESSION_COOKIE.equals(mCurrentAuthTokenType)) {
692 startSamlBasedFederatedSingleSignOnAuthorization();
693 } else {
694 checkBasicAuthorization();
695 }
696 }
697
698
699 /**
700 * Tests the credentials entered by the user performing a check of existence on
701 * the root folder of the ownCloud server.
702 */
703 private void checkBasicAuthorization() {
704 /// get the path to the root folder through WebDAV from the version server
705 String webdav_path = AccountUtils.getWebdavPath(mDiscoveredVersion, mCurrentAuthTokenType);
706
707 /// get basic credentials entered by user
708 String username = mUsernameInput.getText().toString();
709 String password = mPasswordInput.getText().toString();
710
711 /// be gentle with the user
712 showDialog(DIALOG_LOGIN_PROGRESS);
713
714 /// test credentials accessing the root folder
715 mAuthCheckOperation = new ExistenceCheckOperation("", this, false);
716 WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(mHostBaseUrl + webdav_path), this, true);
717 client.setBasicCredentials(username, password);
718 mOperationThread = mAuthCheckOperation.execute(client, this, mHandler);
719 }
720
721
722 /**
723 * Starts the OAuth 'grant type' flow to get an access token, with
724 * a GET AUTHORIZATION request to the BUILT-IN authorization server.
725 */
726 private void startOauthorization() {
727 // be gentle with the user
728 mAuthStatusIcon = R.drawable.progress_small;
729 mAuthStatusText = R.string.oauth_login_connection;
730 showAuthStatus();
731
732
733 // GET AUTHORIZATION request
734 //Uri uri = Uri.parse(getString(R.string.oauth2_url_endpoint_auth));
735 Uri uri = Uri.parse(mOAuthAuthEndpointText.getText().toString().trim());
736 Uri.Builder uriBuilder = uri.buildUpon();
737 uriBuilder.appendQueryParameter(OAuth2Constants.KEY_RESPONSE_TYPE, getString(R.string.oauth2_response_type));
738 uriBuilder.appendQueryParameter(OAuth2Constants.KEY_REDIRECT_URI, getString(R.string.oauth2_redirect_uri));
739 uriBuilder.appendQueryParameter(OAuth2Constants.KEY_CLIENT_ID, getString(R.string.oauth2_client_id));
740 uriBuilder.appendQueryParameter(OAuth2Constants.KEY_SCOPE, getString(R.string.oauth2_scope));
741 //uriBuilder.appendQueryParameter(OAuth2Constants.KEY_STATE, whateverwewant);
742 uri = uriBuilder.build();
743 Log_OC.d(TAG, "Starting browser to view " + uri.toString());
744 Intent i = new Intent(Intent.ACTION_VIEW, uri);
745 startActivity(i);
746 }
747
748
749 /**
750 * Starts the Web Single Sign On flow to get access to the root folder
751 * in the server.
752 */
753 private void startSamlBasedFederatedSingleSignOnAuthorization() {
754 // be gentle with the user
755 mAuthStatusIcon = R.drawable.progress_small;
756 mAuthStatusText = R.string.auth_connecting_auth_server;
757 showAuthStatus();
758 showDialog(DIALOG_LOGIN_PROGRESS);
759
760 /// get the path to the root folder through WebDAV from the version server
761 String webdav_path = AccountUtils.getWebdavPath(mDiscoveredVersion, mCurrentAuthTokenType);
762
763 /// test credentials accessing the root folder
764 mAuthCheckOperation = new ExistenceCheckOperation("", this, false);
765 WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(mHostBaseUrl + webdav_path), this, false);
766 mOperationThread = mAuthCheckOperation.execute(client, this, mHandler);
767 }
768
769 /**
770 * Callback method invoked when a RemoteOperation executed by this Activity finishes.
771 *
772 * Dispatches the operation flow to the right method.
773 */
774 @Override
775 public void onRemoteOperationFinish(RemoteOperation operation, RemoteOperationResult result) {
776
777 if (operation instanceof OwnCloudServerCheckOperation) {
778 onOcServerCheckFinish((OwnCloudServerCheckOperation) operation, result);
779
780 } else if (operation instanceof OAuth2GetAccessToken) {
781 onGetOAuthAccessTokenFinish((OAuth2GetAccessToken)operation, result);
782
783 } else if (operation instanceof ExistenceCheckOperation) {
784 if (AccountAuthenticator.AUTH_TOKEN_TYPE_SAML_WEB_SSO_SESSION_COOKIE.equals(mCurrentAuthTokenType)) {
785 onSamlBasedFederatedSingleSignOnAuthorizationStart(operation, result);
786
787 } else {
788 onAuthorizationCheckFinish((ExistenceCheckOperation)operation, result);
789 }
790 }
791 }
792
793
794 private void onSamlBasedFederatedSingleSignOnAuthorizationStart(RemoteOperation operation, RemoteOperationResult result) {
795 try {
796 dismissDialog(DIALOG_LOGIN_PROGRESS);
797 } catch (IllegalArgumentException e) {
798 // NOTHING TO DO ; can't find out what situation that leads to the exception in this code, but user logs signal that it happens
799 }
800
801 if (result.isTemporalRedirection()) {
802 String url = result.getRedirectedLocation();
803 mWebViewClient.setTargetUrl(mHostBaseUrl + AccountUtils.getWebdavPath(mDiscoveredVersion, mCurrentAuthTokenType));
804 mSsoWebView.loadUrl(url);
805
806 mAuthStatusIcon = android.R.drawable.ic_secure;
807 mAuthStatusText = R.string.auth_follow_auth_server;
808
809 } else {
810 mAuthStatusIcon = R.drawable.common_error;
811 mAuthStatusText = R.string.auth_unsupported_auth_method;
812
813 }
814 showAuthStatus();
815 }
816
817
818 /**
819 * Processes the result of the server check performed when the user finishes the enter of the
820 * server URL.
821 *
822 * @param operation Server check performed.
823 * @param result Result of the check.
824 */
825 private void onOcServerCheckFinish(OwnCloudServerCheckOperation operation, RemoteOperationResult result) {
826 if (operation.equals(mOcServerChkOperation)) {
827 /// save result state
828 mServerIsChecked = true;
829 mServerIsValid = result.isSuccess();
830 mIsSslConn = (result.getCode() == ResultCode.OK_SSL);
831 mOcServerChkOperation = null;
832
833 /// update status icon and text
834 if (mServerIsValid) {
835 hideRefreshButton();
836 } else {
837 showRefreshButton();
838 }
839 updateServerStatusIconAndText(result);
840 showServerStatus();
841
842 /// very special case (TODO: move to a common place for all the remote operations)
843 if (result.getCode() == ResultCode.SSL_RECOVERABLE_PEER_UNVERIFIED) {
844 mLastSslUntrustedServerResult = result;
845 showDialog(DIALOG_SSL_VALIDATOR);
846 }
847
848 /// retrieve discovered version and normalize server URL
849 mDiscoveredVersion = operation.getDiscoveredVersion();
850 mHostBaseUrl = normalizeUrl(mHostUrlInput.getText().toString());
851
852 /// allow or not the user try to access the server
853 mOkButton.setEnabled(mServerIsValid);
854
855 } // else nothing ; only the last check operation is considered;
856 // multiple can be triggered if the user amends a URL before a previous check can be triggered
857 }
858
859
860 private String normalizeUrl(String url) {
861 if (url != null && url.length() > 0) {
862 url = url.trim();
863 if (!url.toLowerCase().startsWith("http://") &&
864 !url.toLowerCase().startsWith("https://")) {
865 if (mIsSslConn) {
866 url = "https://" + url;
867 } else {
868 url = "http://" + url;
869 }
870 }
871
872 // OC-208: Add suffix remote.php/webdav to normalize (OC-34)
873 url = trimUrlWebdav(url);
874
875 if (url.endsWith("/")) {
876 url = url.substring(0, url.length() - 1);
877 }
878
879 }
880 Log_OC.d(TAG, "URL Normalize " + url);
881 return (url != null ? url : "");
882 }
883
884
885 private String trimUrlWebdav(String url){
886 if(url.toLowerCase().endsWith(AccountUtils.WEBDAV_PATH_4_0)){
887 url = url.substring(0, url.length() - AccountUtils.WEBDAV_PATH_4_0.length());
888 } else if(url.toLowerCase().endsWith(AccountUtils.WEBDAV_PATH_2_0)){
889 url = url.substring(0, url.length() - AccountUtils.WEBDAV_PATH_2_0.length());
890 } else if (url.toLowerCase().endsWith(AccountUtils.WEBDAV_PATH_1_2)){
891 url = url.substring(0, url.length() - AccountUtils.WEBDAV_PATH_1_2.length());
892 }
893 return (url != null ? url : "");
894 }
895
896
897 /**
898 * Chooses the right icon and text to show to the user for the received operation result.
899 *
900 * @param result Result of a remote operation performed in this activity
901 */
902 private void updateServerStatusIconAndText(RemoteOperationResult result) {
903 mServerStatusIcon = R.drawable.common_error; // the most common case in the switch below
904
905 switch (result.getCode()) {
906 case OK_SSL:
907 mServerStatusIcon = android.R.drawable.ic_secure;
908 mServerStatusText = R.string.auth_secure_connection;
909 break;
910
911 case OK_NO_SSL:
912 case OK:
913 if (mHostUrlInput.getText().toString().trim().toLowerCase().startsWith("http://") ) {
914 mServerStatusText = R.string.auth_connection_established;
915 mServerStatusIcon = R.drawable.ic_ok;
916 } else {
917 mServerStatusText = R.string.auth_nossl_plain_ok_title;
918 mServerStatusIcon = android.R.drawable.ic_partial_secure;
919 }
920 break;
921
922 case NO_NETWORK_CONNECTION:
923 mServerStatusIcon = R.drawable.no_network;
924 mServerStatusText = R.string.auth_no_net_conn_title;
925 break;
926
927 case SSL_RECOVERABLE_PEER_UNVERIFIED:
928 mServerStatusText = R.string.auth_ssl_unverified_server_title;
929 break;
930 case BAD_OC_VERSION:
931 mServerStatusText = R.string.auth_bad_oc_version_title;
932 break;
933 case WRONG_CONNECTION:
934 mServerStatusText = R.string.auth_wrong_connection_title;
935 break;
936 case TIMEOUT:
937 mServerStatusText = R.string.auth_timeout_title;
938 break;
939 case INCORRECT_ADDRESS:
940 mServerStatusText = R.string.auth_incorrect_address_title;
941 break;
942 case SSL_ERROR:
943 mServerStatusText = R.string.auth_ssl_general_error_title;
944 break;
945 case UNAUTHORIZED:
946 mServerStatusText = R.string.auth_unauthorized;
947 break;
948 case HOST_NOT_AVAILABLE:
949 mServerStatusText = R.string.auth_unknown_host_title;
950 break;
951 case INSTANCE_NOT_CONFIGURED:
952 mServerStatusText = R.string.auth_not_configured_title;
953 break;
954 case FILE_NOT_FOUND:
955 mServerStatusText = R.string.auth_incorrect_path_title;
956 break;
957 case OAUTH2_ERROR:
958 mServerStatusText = R.string.auth_oauth_error;
959 break;
960 case OAUTH2_ERROR_ACCESS_DENIED:
961 mServerStatusText = R.string.auth_oauth_error_access_denied;
962 break;
963 case UNHANDLED_HTTP_CODE:
964 case UNKNOWN_ERROR:
965 mServerStatusText = R.string.auth_unknown_error_title;
966 break;
967 default:
968 mServerStatusText = 0;
969 mServerStatusIcon = 0;
970 }
971 }
972
973
974 /**
975 * Chooses the right icon and text to show to the user for the received operation result.
976 *
977 * @param result Result of a remote operation performed in this activity
978 */
979 private void updateAuthStatusIconAndText(RemoteOperationResult result) {
980 mAuthStatusIcon = R.drawable.common_error; // the most common case in the switch below
981
982 switch (result.getCode()) {
983 case OK_SSL:
984 mAuthStatusIcon = android.R.drawable.ic_secure;
985 mAuthStatusText = R.string.auth_secure_connection;
986 break;
987
988 case OK_NO_SSL:
989 case OK:
990 if (mHostUrlInput.getText().toString().trim().toLowerCase().startsWith("http://") ) {
991 mAuthStatusText = R.string.auth_connection_established;
992 mAuthStatusIcon = R.drawable.ic_ok;
993 } else {
994 mAuthStatusText = R.string.auth_nossl_plain_ok_title;
995 mAuthStatusIcon = android.R.drawable.ic_partial_secure;
996 }
997 break;
998
999 case NO_NETWORK_CONNECTION:
1000 mAuthStatusIcon = R.drawable.no_network;
1001 mAuthStatusText = R.string.auth_no_net_conn_title;
1002 break;
1003
1004 case SSL_RECOVERABLE_PEER_UNVERIFIED:
1005 mAuthStatusText = R.string.auth_ssl_unverified_server_title;
1006 break;
1007 case BAD_OC_VERSION:
1008 mAuthStatusText = R.string.auth_bad_oc_version_title;
1009 break;
1010 case WRONG_CONNECTION:
1011 mAuthStatusText = R.string.auth_wrong_connection_title;
1012 break;
1013 case TIMEOUT:
1014 mAuthStatusText = R.string.auth_timeout_title;
1015 break;
1016 case INCORRECT_ADDRESS:
1017 mAuthStatusText = R.string.auth_incorrect_address_title;
1018 break;
1019 case SSL_ERROR:
1020 mAuthStatusText = R.string.auth_ssl_general_error_title;
1021 break;
1022 case UNAUTHORIZED:
1023 mAuthStatusText = R.string.auth_unauthorized;
1024 break;
1025 case HOST_NOT_AVAILABLE:
1026 mAuthStatusText = R.string.auth_unknown_host_title;
1027 break;
1028 case INSTANCE_NOT_CONFIGURED:
1029 mAuthStatusText = R.string.auth_not_configured_title;
1030 break;
1031 case FILE_NOT_FOUND:
1032 mAuthStatusText = R.string.auth_incorrect_path_title;
1033 break;
1034 case OAUTH2_ERROR:
1035 mAuthStatusText = R.string.auth_oauth_error;
1036 break;
1037 case OAUTH2_ERROR_ACCESS_DENIED:
1038 mAuthStatusText = R.string.auth_oauth_error_access_denied;
1039 break;
1040 case UNHANDLED_HTTP_CODE:
1041 case UNKNOWN_ERROR:
1042 mAuthStatusText = R.string.auth_unknown_error_title;
1043 break;
1044 default:
1045 mAuthStatusText = 0;
1046 mAuthStatusIcon = 0;
1047 }
1048 }
1049
1050
1051 /**
1052 * Processes the result of the request for and access token send
1053 * to an OAuth authorization server.
1054 *
1055 * @param operation Operation performed requesting the access token.
1056 * @param result Result of the operation.
1057 */
1058 private void onGetOAuthAccessTokenFinish(OAuth2GetAccessToken operation, RemoteOperationResult result) {
1059 try {
1060 dismissDialog(DIALOG_OAUTH2_LOGIN_PROGRESS);
1061 } catch (IllegalArgumentException e) {
1062 // NOTHING TO DO ; can't find out what situation that leads to the exception in this code, but user logs signal that it happens
1063 }
1064
1065 String webdav_path = AccountUtils.getWebdavPath(mDiscoveredVersion, mCurrentAuthTokenType);
1066 if (result.isSuccess() && webdav_path != null) {
1067 /// be gentle with the user
1068 showDialog(DIALOG_LOGIN_PROGRESS);
1069
1070 /// time to test the retrieved access token on the ownCloud server
1071 mAuthToken = ((OAuth2GetAccessToken)operation).getResultTokenMap().get(OAuth2Constants.KEY_ACCESS_TOKEN);
1072 Log_OC.d(TAG, "Got ACCESS TOKEN: " + mAuthToken);
1073 mAuthCheckOperation = new ExistenceCheckOperation("", this, false);
1074 WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(mHostBaseUrl + webdav_path), this, true);
1075 client.setBearerCredentials(mAuthToken);
1076 mAuthCheckOperation.execute(client, this, mHandler);
1077
1078 } else {
1079 updateAuthStatusIconAndText(result);
1080 showAuthStatus();
1081 Log_OC.d(TAG, "Access failed: " + result.getLogMessage());
1082 }
1083 }
1084
1085
1086 /**
1087 * Processes the result of the access check performed to try the user credentials.
1088 *
1089 * Creates a new account through the AccountManager.
1090 *
1091 * @param operation Access check performed.
1092 * @param result Result of the operation.
1093 */
1094 private void onAuthorizationCheckFinish(ExistenceCheckOperation operation, RemoteOperationResult result) {
1095 try {
1096 dismissDialog(DIALOG_LOGIN_PROGRESS);
1097 } catch (IllegalArgumentException e) {
1098 // NOTHING TO DO ; can't find out what situation that leads to the exception in this code, but user logs signal that it happens
1099 }
1100
1101 if (result.isSuccess()) {
1102 Log_OC.d(TAG, "Successful access - time to save the account");
1103
1104 if (mAction == ACTION_CREATE) {
1105 createAccount();
1106
1107 } else {
1108 updateToken();
1109 }
1110
1111 finish();
1112
1113 } else if (result.isServerFail() || result.isException()) {
1114 /// if server fail or exception in authorization, the UI is updated as when a server check failed
1115 mServerIsChecked = true;
1116 mServerIsValid = false;
1117 mIsSslConn = false;
1118 mOcServerChkOperation = null;
1119 mDiscoveredVersion = null;
1120 mHostBaseUrl = normalizeUrl(mHostUrlInput.getText().toString());
1121
1122 // update status icon and text
1123 updateServerStatusIconAndText(result);
1124 showServerStatus();
1125 mAuthStatusIcon = 0;
1126 mAuthStatusText = 0;
1127 showAuthStatus();
1128
1129 // update input controls state
1130 showRefreshButton();
1131 mOkButton.setEnabled(false);
1132
1133 // very special case (TODO: move to a common place for all the remote operations) (dangerous here?)
1134 if (result.getCode() == ResultCode.SSL_RECOVERABLE_PEER_UNVERIFIED) {
1135 mLastSslUntrustedServerResult = result;
1136 showDialog(DIALOG_SSL_VALIDATOR);
1137 }
1138
1139 } else { // authorization fail due to client side - probably wrong credentials
1140 updateAuthStatusIconAndText(result);
1141 showAuthStatus();
1142 Log_OC.d(TAG, "Access failed: " + result.getLogMessage());
1143 }
1144 }
1145
1146
1147 /**
1148 * Sets the proper response to get that the Account Authenticator that started this activity saves
1149 * a new authorization token for mAccount.
1150 */
1151 private void updateToken() {
1152 Bundle response = new Bundle();
1153 response.putString(AccountManager.KEY_ACCOUNT_NAME, mAccount.name);
1154 response.putString(AccountManager.KEY_ACCOUNT_TYPE, mAccount.type);
1155
1156 if (AccountAuthenticator.AUTH_TOKEN_TYPE_ACCESS_TOKEN.equals(mCurrentAuthTokenType)) {
1157 response.putString(AccountManager.KEY_AUTHTOKEN, mAuthToken);
1158 // the next line is necessary; by now, notifications are calling directly to the AuthenticatorActivity to update, without AccountManager intervention
1159 mAccountMgr.setAuthToken(mAccount, mCurrentAuthTokenType, mAuthToken);
1160
1161 } else if (AccountAuthenticator.AUTH_TOKEN_TYPE_SAML_WEB_SSO_SESSION_COOKIE.equals(mCurrentAuthTokenType)) {
1162 response.putString(AccountManager.KEY_AUTHTOKEN, mAuthToken);
1163 // the next line is necessary; by now, notifications are calling directly to the AuthenticatorActivity to update, without AccountManager intervention
1164 mAccountMgr.setAuthToken(mAccount, mCurrentAuthTokenType, mAuthToken);
1165
1166 } else {
1167 response.putString(AccountManager.KEY_AUTHTOKEN, mPasswordInput.getText().toString());
1168 mAccountMgr.setPassword(mAccount, mPasswordInput.getText().toString());
1169 }
1170 setAccountAuthenticatorResult(response);
1171 }
1172
1173
1174 /**
1175 * Creates a new account through the Account Authenticator that started this activity.
1176 *
1177 * This makes the account permanent.
1178 *
1179 * TODO Decide how to name the OAuth accounts
1180 */
1181 private void createAccount() {
1182 /// create and save new ownCloud account
1183 boolean isOAuth = AccountAuthenticator.AUTH_TOKEN_TYPE_ACCESS_TOKEN.equals(mCurrentAuthTokenType);
1184 boolean isSaml = AccountAuthenticator.AUTH_TOKEN_TYPE_SAML_WEB_SSO_SESSION_COOKIE.equals(mCurrentAuthTokenType);
1185
1186 Uri uri = Uri.parse(mHostBaseUrl);
1187 String username = mUsernameInput.getText().toString().trim();
1188 if (isSaml) {
1189 username = mAccountNameInput.getText().toString().trim();
1190
1191 } else if (isOAuth) {
1192 username = "OAuth_user" + (new java.util.Random(System.currentTimeMillis())).nextLong();
1193 }
1194 String accountName = username + "@" + uri.getHost();
1195 if (uri.getPort() >= 0) {
1196 accountName += ":" + uri.getPort();
1197 }
1198 mAccount = new Account(accountName, AccountAuthenticator.ACCOUNT_TYPE);
1199 if (isOAuth || isSaml) {
1200 mAccountMgr.addAccountExplicitly(mAccount, "", null); // with external authorizations, the password is never input in the app
1201 } else {
1202 mAccountMgr.addAccountExplicitly(mAccount, mPasswordInput.getText().toString(), null);
1203 }
1204
1205 /// add the new account as default in preferences, if there is none already
1206 Account defaultAccount = AccountUtils.getCurrentOwnCloudAccount(this);
1207 if (defaultAccount == null) {
1208 SharedPreferences.Editor editor = PreferenceManager
1209 .getDefaultSharedPreferences(this).edit();
1210 editor.putString("select_oc_account", accountName);
1211 editor.commit();
1212 }
1213
1214 /// prepare result to return to the Authenticator
1215 // TODO check again what the Authenticator makes with it; probably has the same effect as addAccountExplicitly, but it's not well done
1216 final Intent intent = new Intent();
1217 intent.putExtra(AccountManager.KEY_ACCOUNT_TYPE, AccountAuthenticator.ACCOUNT_TYPE);
1218 intent.putExtra(AccountManager.KEY_ACCOUNT_NAME, mAccount.name);
1219 /*if (!isOAuth)
1220 intent.putExtra(AccountManager.KEY_AUTHTOKEN, AccountAuthenticator.ACCOUNT_TYPE); */
1221 intent.putExtra(AccountManager.KEY_USERDATA, username);
1222 if (isOAuth || isSaml) {
1223 mAccountMgr.setAuthToken(mAccount, mCurrentAuthTokenType, mAuthToken);
1224 }
1225 /// add user data to the new account; TODO probably can be done in the last parameter addAccountExplicitly, or in KEY_USERDATA
1226 mAccountMgr.setUserData(mAccount, AccountAuthenticator.KEY_OC_VERSION, mDiscoveredVersion.toString());
1227 mAccountMgr.setUserData(mAccount, AccountAuthenticator.KEY_OC_BASE_URL, mHostBaseUrl);
1228 if (isSaml) {
1229 mAccountMgr.setUserData(mAccount, AccountAuthenticator.KEY_SUPPORTS_SAML_WEB_SSO, "TRUE");
1230 } else if (isOAuth) {
1231 mAccountMgr.setUserData(mAccount, AccountAuthenticator.KEY_SUPPORTS_OAUTH2, "TRUE");
1232 }
1233
1234 setAccountAuthenticatorResult(intent.getExtras());
1235 setResult(RESULT_OK, intent);
1236
1237 /// immediately request for the synchronization of the new account
1238 Bundle bundle = new Bundle();
1239 bundle.putBoolean(ContentResolver.SYNC_EXTRAS_MANUAL, true);
1240 ContentResolver.requestSync(mAccount, AccountAuthenticator.AUTHORITY, bundle);
1241 }
1242
1243
1244 /**
1245 * {@inheritDoc}
1246 *
1247 * Necessary to update the contents of the SSL Dialog
1248 *
1249 * TODO move to some common place for all possible untrusted SSL failures
1250 */
1251 @Override
1252 protected void onPrepareDialog(int id, Dialog dialog, Bundle args) {
1253 switch (id) {
1254 case DIALOG_LOGIN_PROGRESS:
1255 case DIALOG_CERT_NOT_SAVED:
1256 case DIALOG_OAUTH2_LOGIN_PROGRESS:
1257 break;
1258 case DIALOG_SSL_VALIDATOR: {
1259 ((SslValidatorDialog)dialog).updateResult(mLastSslUntrustedServerResult);
1260 break;
1261 }
1262 default:
1263 Log_OC.e(TAG, "Incorrect dialog called with id = " + id);
1264 }
1265 }
1266
1267
1268 /**
1269 * {@inheritDoc}
1270 */
1271 @Override
1272 protected Dialog onCreateDialog(int id) {
1273 Dialog dialog = null;
1274 switch (id) {
1275 case DIALOG_LOGIN_PROGRESS: {
1276 /// simple progress dialog
1277 ProgressDialog working_dialog = new ProgressDialog(this);
1278 working_dialog.setMessage(getResources().getString(R.string.auth_trying_to_login));
1279 working_dialog.setIndeterminate(true);
1280 working_dialog.setCancelable(true);
1281 working_dialog
1282 .setOnCancelListener(new DialogInterface.OnCancelListener() {
1283 @Override
1284 public void onCancel(DialogInterface dialog) {
1285 /// TODO study if this is enough
1286 Log_OC.i(TAG, "Login canceled");
1287 if (mOperationThread != null) {
1288 mOperationThread.interrupt();
1289 finish();
1290 }
1291 }
1292 });
1293 dialog = working_dialog;
1294 break;
1295 }
1296 case DIALOG_OAUTH2_LOGIN_PROGRESS: {
1297 ProgressDialog working_dialog = new ProgressDialog(this);
1298 working_dialog.setMessage(String.format("Getting authorization"));
1299 working_dialog.setIndeterminate(true);
1300 working_dialog.setCancelable(true);
1301 working_dialog
1302 .setOnCancelListener(new DialogInterface.OnCancelListener() {
1303 @Override
1304 public void onCancel(DialogInterface dialog) {
1305 Log_OC.i(TAG, "Login canceled");
1306 finish();
1307 }
1308 });
1309 dialog = working_dialog;
1310 break;
1311 }
1312 case DIALOG_SSL_VALIDATOR: {
1313 /// TODO start to use new dialog interface, at least for this (it is a FragmentDialog already)
1314 dialog = SslValidatorDialog.newInstance(this, mLastSslUntrustedServerResult, this);
1315 break;
1316 }
1317 case DIALOG_CERT_NOT_SAVED: {
1318 AlertDialog.Builder builder = new AlertDialog.Builder(this);
1319 builder.setMessage(getResources().getString(R.string.ssl_validator_not_saved));
1320 builder.setCancelable(false);
1321 builder.setPositiveButton(R.string.common_ok, new DialogInterface.OnClickListener() {
1322 @Override
1323 public void onClick(DialogInterface dialog, int which) {
1324 dialog.dismiss();
1325 };
1326 });
1327 dialog = builder.create();
1328 break;
1329 }
1330 default:
1331 Log_OC.e(TAG, "Incorrect dialog called with id = " + id);
1332 }
1333 return dialog;
1334 }
1335
1336
1337 /**
1338 * Starts and activity to open the 'new account' page in the ownCloud web site
1339 *
1340 * @param view 'Account register' button
1341 */
1342 public void onRegisterClick(View view) {
1343 Intent register = new Intent(Intent.ACTION_VIEW, Uri.parse(getString(R.string.url_account_register)));
1344 setResult(RESULT_CANCELED);
1345 startActivity(register);
1346 }
1347
1348
1349 /**
1350 * Updates the content and visibility state of the icon and text associated
1351 * to the last check on the ownCloud server.
1352 */
1353 private void showServerStatus() {
1354 TextView tv = (TextView) findViewById(R.id.server_status_text);
1355
1356 if (mServerStatusIcon == 0 && mServerStatusText == 0) {
1357 tv.setVisibility(View.INVISIBLE);
1358
1359 } else {
1360 tv.setText(mServerStatusText);
1361 tv.setCompoundDrawablesWithIntrinsicBounds(mServerStatusIcon, 0, 0, 0);
1362 tv.setVisibility(View.VISIBLE);
1363 }
1364
1365 }
1366
1367
1368 /**
1369 * Updates the content and visibility state of the icon and text associated
1370 * to the interactions with the OAuth authorization server.
1371 */
1372 private void showAuthStatus() {
1373 if (mAuthStatusIcon == 0 && mAuthStatusText == 0) {
1374 mAuthStatusLayout.setVisibility(View.INVISIBLE);
1375
1376 } else {
1377 mAuthStatusLayout.setText(mAuthStatusText);
1378 mAuthStatusLayout.setCompoundDrawablesWithIntrinsicBounds(mAuthStatusIcon, 0, 0, 0);
1379 mAuthStatusLayout.setVisibility(View.VISIBLE);
1380 }
1381 }
1382
1383
1384 private void showRefreshButton() {
1385 mRefreshButton.setVisibility(View.VISIBLE);
1386 }
1387
1388 private void hideRefreshButton() {
1389 mRefreshButton.setVisibility(View.GONE);
1390 }
1391
1392 /**
1393 * Called when the refresh button in the input field for ownCloud host is clicked.
1394 *
1395 * Performs a new check on the URL in the input field.
1396 *
1397 * @param view Refresh 'button'
1398 */
1399 public void onRefreshClick(View view) {
1400 checkOcServer();
1401 }
1402
1403
1404 /**
1405 * Called when the eye icon in the password field is clicked.
1406 *
1407 * Toggles the visibility of the password in the field.
1408 */
1409 public void onViewPasswordClick() {
1410 int selectionStart = mPasswordInput.getSelectionStart();
1411 int selectionEnd = mPasswordInput.getSelectionEnd();
1412 if (isPasswordVisible()) {
1413 hidePassword();
1414 } else {
1415 showPassword();
1416 }
1417 mPasswordInput.setSelection(selectionStart, selectionEnd);
1418 }
1419
1420
1421 /**
1422 * Called when the checkbox for OAuth authorization is clicked.
1423 *
1424 * Hides or shows the input fields for user & password.
1425 *
1426 * @param view 'View password' 'button'
1427 */
1428 public void onCheckClick(View view) {
1429 CheckBox oAuth2Check = (CheckBox)view;
1430 if (oAuth2Check.isChecked()) {
1431 mCurrentAuthTokenType = AccountAuthenticator.AUTH_TOKEN_TYPE_ACCESS_TOKEN;
1432 } else {
1433 mCurrentAuthTokenType = AccountAuthenticator.AUTH_TOKEN_TYPE_PASSWORD;
1434 }
1435 adaptViewAccordingToAuthenticationMethod();
1436 }
1437
1438
1439 /**
1440 * Changes the visibility of input elements depending on
1441 * the current authorization method.
1442 */
1443 private void adaptViewAccordingToAuthenticationMethod () {
1444 if (AccountAuthenticator.AUTH_TOKEN_TYPE_ACCESS_TOKEN.equals(mCurrentAuthTokenType)) {
1445 // OAuth 2 authorization
1446 mOAuthAuthEndpointText.setVisibility(View.VISIBLE);
1447 mOAuthTokenEndpointText.setVisibility(View.VISIBLE);
1448 mUsernameInput.setVisibility(View.GONE);
1449 mPasswordInput.setVisibility(View.GONE);
1450 mAccountNameInput.setVisibility(View.GONE);
1451 mSsoWebView.setVisibility(View.GONE);
1452
1453 } else if (AccountAuthenticator.AUTH_TOKEN_TYPE_SAML_WEB_SSO_SESSION_COOKIE.equals(mCurrentAuthTokenType)) {
1454 // SAML-based web Single Sign On
1455 mOAuthAuthEndpointText.setVisibility(View.GONE);
1456 mOAuthTokenEndpointText.setVisibility(View.GONE);
1457 mUsernameInput.setVisibility(View.GONE);
1458 mPasswordInput.setVisibility(View.GONE);
1459 mAccountNameInput.setVisibility(View.VISIBLE);
1460 mSsoWebView.setVisibility(View.VISIBLE);
1461
1462 } else {
1463 // basic HTTP authorization
1464 mOAuthAuthEndpointText.setVisibility(View.GONE);
1465 mOAuthTokenEndpointText.setVisibility(View.GONE);
1466 mUsernameInput.setVisibility(View.VISIBLE);
1467 mPasswordInput.setVisibility(View.VISIBLE);
1468 mAccountNameInput.setVisibility(View.GONE);
1469 mSsoWebView.setVisibility(View.GONE);
1470 }
1471 }
1472
1473 /**
1474 * Called from SslValidatorDialog when a new server certificate was correctly saved.
1475 */
1476 public void onSavedCertificate() {
1477 checkOcServer();
1478 }
1479
1480 /**
1481 * Called from SslValidatorDialog when a new server certificate could not be saved
1482 * when the user requested it.
1483 */
1484 @Override
1485 public void onFailedSavingCertificate() {
1486 showDialog(DIALOG_CERT_NOT_SAVED);
1487 }
1488
1489
1490 /**
1491 * Called when the 'action' button in an IME is pressed ('enter' in software keyboard).
1492 *
1493 * Used to trigger the authorization check when the user presses 'enter' after writing the password.
1494 */
1495 @Override
1496 public boolean onEditorAction(TextView inputField, int actionId, KeyEvent event) {
1497 if (inputField != null && inputField.equals(mPasswordInput) &&
1498 actionId == EditorInfo.IME_ACTION_DONE) {
1499 if (mOkButton.isEnabled()) {
1500 mOkButton.performClick();
1501 }
1502 }
1503 return false; // always return false to grant that the software keyboard is hidden anyway
1504 }
1505
1506
1507 private abstract static class RightDrawableOnTouchListener implements OnTouchListener {
1508
1509 private int fuzz = 75;
1510
1511 /**
1512 * {@inheritDoc}
1513 */
1514 @Override
1515 public boolean onTouch(View view, MotionEvent event) {
1516 Drawable rightDrawable = null;
1517 if (view instanceof TextView) {
1518 Drawable[] drawables = ((TextView)view).getCompoundDrawables();
1519 if (drawables.length > 2) {
1520 rightDrawable = drawables[2];
1521 }
1522 }
1523 if (rightDrawable != null) {
1524 final int x = (int) event.getX();
1525 final int y = (int) event.getY();
1526 final Rect bounds = rightDrawable.getBounds();
1527 if (x >= (view.getRight() - bounds.width() - fuzz) && x <= (view.getRight() - view.getPaddingRight() + fuzz)
1528 && y >= (view.getPaddingTop() - fuzz) && y <= (view.getHeight() - view.getPaddingBottom()) + fuzz) {
1529
1530 return onDrawableTouch(event);
1531 }
1532 }
1533 return false;
1534 }
1535
1536 public abstract boolean onDrawableTouch(final MotionEvent event);
1537 }
1538
1539
1540 @Override
1541 public void onSsoFinished(String sessionCookie) {
1542 //Toast.makeText(this, "got cookies: " + sessionCookie, Toast.LENGTH_LONG).show();
1543
1544 if (sessionCookie != null && sessionCookie.length() > 0) {
1545 Log_OC.d(TAG, "Successful SSO - time to save the account");
1546 mAuthToken = sessionCookie;
1547 if (mAction == ACTION_CREATE) {
1548 createAccount();
1549
1550 } else {
1551 updateToken();
1552 }
1553
1554 finish();
1555
1556 } else {
1557 // TODO - show fail
1558 Log_OC.d(TAG, "SSO failed");
1559 }
1560 }
1561
1562 }
ownCloud Android App