\r
package com.owncloud.android.authentication;\r
\r
-import com.owncloud.android.Log_OC;\r
-import com.owncloud.android.ui.dialog.SslValidatorDialog;\r
-import com.owncloud.android.ui.dialog.SslValidatorDialog.OnSslValidatorListener;\r
-import com.owncloud.android.utils.OwnCloudVersion;\r
-import com.owncloud.android.network.OwnCloudClientUtils;\r
-import com.owncloud.android.operations.OwnCloudServerCheckOperation;\r
-import com.owncloud.android.operations.ExistenceCheckOperation;\r
-import com.owncloud.android.operations.OAuth2GetAccessToken;\r
-import com.owncloud.android.operations.OnRemoteOperationListener;\r
-import com.owncloud.android.operations.RemoteOperation;\r
-import com.owncloud.android.operations.RemoteOperationResult;\r
-import com.owncloud.android.operations.RemoteOperationResult.ResultCode;\r
-\r
import android.accounts.Account;\r
-import android.accounts.AccountAuthenticatorActivity;\r
import android.accounts.AccountManager;\r
import android.app.AlertDialog;\r
import android.app.Dialog;\r
import android.view.View.OnTouchListener;\r
import android.view.Window;\r
import android.view.inputmethod.EditorInfo;\r
-import android.webkit.WebView;\r
+import android.widget.Button;\r
import android.widget.CheckBox;\r
import android.widget.EditText;\r
-import android.widget.Button;\r
import android.widget.TextView;\r
-import android.widget.Toast;\r
import android.widget.TextView.OnEditorActionListener;\r
+import android.widget.Toast;\r
\r
+import com.owncloud.android.Log_OC;\r
import com.owncloud.android.R;\r
+import com.owncloud.android.authentication.SsoWebViewClient.SsoWebViewClientListener;\r
+import com.owncloud.android.network.OwnCloudClientUtils;\r
+import com.owncloud.android.operations.ExistenceCheckOperation;\r
+import com.owncloud.android.operations.OAuth2GetAccessToken;\r
+import com.owncloud.android.operations.OnRemoteOperationListener;\r
+import com.owncloud.android.operations.OwnCloudServerCheckOperation;\r
+import com.owncloud.android.operations.RemoteOperation;\r
+import com.owncloud.android.operations.RemoteOperationResult;\r
+import com.owncloud.android.operations.RemoteOperationResult.ResultCode;\r
+import com.owncloud.android.ui.dialog.SamlWebViewDialog;\r
+import com.owncloud.android.ui.dialog.SslValidatorDialog;\r
+import com.owncloud.android.ui.dialog.SslValidatorDialog.OnSslValidatorListener;\r
+import com.owncloud.android.utils.OwnCloudVersion;\r
\r
import eu.alefzero.webdav.WebdavClient;\r
\r
* @author David A. Velasco\r
*/\r
public class AuthenticatorActivity extends AccountAuthenticatorActivity\r
-implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeListener, OnEditorActionListener {\r
+implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeListener, OnEditorActionListener, SsoWebViewClientListener{\r
\r
private static final String TAG = AuthenticatorActivity.class.getSimpleName();\r
\r
public static final byte ACTION_CREATE = 0;\r
public static final byte ACTION_UPDATE_TOKEN = 1;\r
\r
+ private static final String TAG_SAML_DIALOG = "samlWebViewDialog";\r
+ \r
private String mHostBaseUrl;\r
private OwnCloudVersion mDiscoveredVersion;\r
\r
private EditText mPasswordInput;\r
\r
private CheckBox mOAuth2Check;\r
- private String mOAuthAccessToken;\r
\r
private TextView mOAuthAuthEndpointText;\r
private TextView mOAuthTokenEndpointText;\r
\r
private TextView mAccountNameInput;\r
- private WebView mWebSsoView;\r
+ private SamlWebViewDialog mSamlDialog;\r
\r
private View mOkButton;\r
+ \r
+ private String mAuthToken;\r
\r
\r
/**\r
mOAuthTokenEndpointText = (TextView)findViewById(R.id.oAuthEntryPoint_2);\r
mOAuth2Check = (CheckBox) findViewById(R.id.oauth_onOff_check);\r
mAccountNameInput = (EditText) findViewById(R.id.account_name);\r
- mWebSsoView = (WebView) findViewById(R.id.web_sso_view);\r
mOkButton = findViewById(R.id.buttonOK);\r
mAuthStatusLayout = (TextView) findViewById(R.id.auth_status_text); \r
\r
mHostUrlInput.setText(mHostBaseUrl);\r
}\r
initAuthorizationMethod(); // checks intent and setup.xml to determine mCurrentAuthorizationMethod\r
- mOAuth2Check.setChecked(mCurrentAuthTokenType == AccountAuthenticator.AUTH_TOKEN_TYPE_ACCESS_TOKEN);\r
mJustCreated = true;\r
\r
if (mAction == ACTION_UPDATE_TOKEN || !mHostUrlInputEnabled) {\r
checkOcServer(); \r
}\r
-\r
+ \r
} else {\r
/// connection state and info\r
mServerIsValid = savedInstanceState.getBoolean(KEY_SERVER_VALID);\r
\r
// account data, if updating\r
mAccount = savedInstanceState.getParcelable(KEY_ACCOUNT);\r
- mCurrentAuthTokenType = savedInstanceState.getString(AccountAuthenticator.KEY_AUTH_TOKEN_TYPE, AccountAuthenticator.AUTH_TOKEN_TYPE_PASSWORD);\r
+ mCurrentAuthTokenType = savedInstanceState.getString(AccountAuthenticator.KEY_AUTH_TOKEN_TYPE);\r
+ if (mCurrentAuthTokenType == null) {\r
+ mCurrentAuthTokenType = AccountAuthenticator.AUTH_TOKEN_TYPE_PASSWORD;\r
+ \r
+ }\r
\r
// check if server check was interrupted by a configuration change\r
if (savedInstanceState.getBoolean(KEY_SERVER_CHECK_IN_PROGRESS, false)) {\r
if (mServerIsChecked && !mServerIsValid && refreshButtonEnabled) showRefreshButton();\r
mOkButton.setEnabled(mServerIsValid); // state not automatically recovered in configuration changes\r
\r
- if (mCurrentAuthTokenType == AccountAuthenticator.AUTH_TOKEN_TYPE_SAML_WEB_SSO_SESSION_COOKIE || \r
+ if (AccountAuthenticator.AUTH_TOKEN_TYPE_SAML_WEB_SSO_SESSION_COOKIE.equals(mCurrentAuthTokenType) || \r
!AUTH_OPTIONAL.equals(getString(R.string.auth_method_oauth2))) {\r
mOAuth2Check.setVisibility(View.GONE);\r
}\r
\r
mPasswordInput.setText(""); // clean password to avoid social hacking (disadvantage: password in removed if the device is turned aside)\r
\r
- /// bind view elements to listeners\r
+ /// bind view elements to listeners and other friends\r
mHostUrlInput.setOnFocusChangeListener(this);\r
mHostUrlInput.addTextChangedListener(new TextWatcher() {\r
\r
}\r
return true;\r
}\r
- });
+ });\r
+ \r
}\r
+ \r
+ \r
\r
private void initAuthorizationMethod() {\r
boolean oAuthRequired = false;\r
String userName = mAccount.name.substring(0, mAccount.name.lastIndexOf('@'));\r
mUsernameInput.setText(userName);\r
}\r
+ \r
+ mOAuth2Check.setChecked(AccountAuthenticator.AUTH_TOKEN_TYPE_ACCESS_TOKEN.equals(mCurrentAuthTokenType));\r
+ \r
}\r
\r
/**\r
\r
// refresh button enabled\r
outState.putBoolean(KEY_REFRESH_BUTTON_ENABLED, (mRefreshButton.getVisibility() == View.VISIBLE));\r
+ \r
\r
}\r
\r
}\r
\r
mJustCreated = false;\r
+ \r
}\r
\r
\r
getString(R.string.oauth2_grant_type),\r
queryParameters);\r
//WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(getString(R.string.oauth2_url_endpoint_access)), getApplicationContext());\r
- WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(mOAuthTokenEndpointText.getText().toString().trim()), getApplicationContext());\r
+ WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(mOAuthTokenEndpointText.getText().toString().trim()), getApplicationContext(), true);\r
operation.execute(client, this, mHandler);\r
}\r
\r
mServerStatusIcon = R.drawable.progress_small;\r
showServerStatus();\r
mOcServerChkOperation = new OwnCloudServerCheckOperation(uri, this);\r
- WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(uri), this);\r
+ WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(uri), this, true);\r
mOperationThread = mOcServerChkOperation.execute(client, this, mHandler);\r
} else {\r
mServerStatusText = 0;\r
\r
/// test credentials accessing the root folder\r
mAuthCheckOperation = new ExistenceCheckOperation("", this, false);\r
- WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(mHostBaseUrl + webdav_path), this);\r
+ WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(mHostBaseUrl + webdav_path), this, true);\r
client.setBasicCredentials(username, password);\r
mOperationThread = mAuthCheckOperation.execute(client, this, mHandler);\r
}\r
mAuthStatusIcon = R.drawable.progress_small;\r
mAuthStatusText = R.string.oauth_login_connection;\r
showAuthStatus();\r
+ \r
\r
// GET AUTHORIZATION request\r
//Uri uri = Uri.parse(getString(R.string.oauth2_url_endpoint_auth));\r
* in the server.\r
*/\r
private void startSamlBasedFederatedSingleSignOnAuthorization() {\r
+ // be gentle with the user\r
+ mAuthStatusIcon = R.drawable.progress_small;\r
+ mAuthStatusText = R.string.auth_connecting_auth_server;\r
+ showAuthStatus();\r
+ showDialog(DIALOG_LOGIN_PROGRESS);\r
+ \r
/// get the path to the root folder through WebDAV from the version server\r
String webdav_path = AccountUtils.getWebdavPath(mDiscoveredVersion, mCurrentAuthTokenType);\r
\r
/// test credentials accessing the root folder\r
mAuthCheckOperation = new ExistenceCheckOperation("", this, false);\r
- WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(mHostBaseUrl + webdav_path), this);\r
+ WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(mHostBaseUrl + webdav_path), this, false);\r
mOperationThread = mAuthCheckOperation.execute(client, this, mHandler);\r
}\r
\r
\r
} else if (operation instanceof ExistenceCheckOperation) {\r
if (AccountAuthenticator.AUTH_TOKEN_TYPE_SAML_WEB_SSO_SESSION_COOKIE.equals(mCurrentAuthTokenType)) {\r
- Toast.makeText(this, result.getLogMessage(), Toast.LENGTH_LONG).show();\r
+ onSamlBasedFederatedSingleSignOnAuthorizationStart(operation, result);\r
\r
} else {\r
onAuthorizationCheckFinish((ExistenceCheckOperation)operation, result);\r
}\r
}\r
}\r
+ \r
+ \r
+ private void onSamlBasedFederatedSingleSignOnAuthorizationStart(RemoteOperation operation, RemoteOperationResult result) {\r
+ try {\r
+ dismissDialog(DIALOG_LOGIN_PROGRESS);\r
+ } catch (IllegalArgumentException e) {\r
+ // NOTHING TO DO ; can't find out what situation that leads to the exception in this code, but user logs signal that it happens\r
+ }\r
+ \r
+ if (result.isTemporalRedirection()) {\r
+ String url = result.getRedirectedLocation();\r
+ String targetUrl = mHostBaseUrl + AccountUtils.getWebdavPath(mDiscoveredVersion, mCurrentAuthTokenType);\r
+ \r
+ // Show dialog\r
+ mSamlDialog = SamlWebViewDialog.newInstance(url, targetUrl); \r
+ mSamlDialog.show(getSupportFragmentManager(), TAG_SAML_DIALOG);\r
+ \r
+ mAuthStatusIcon = android.R.drawable.ic_secure;\r
+ mAuthStatusText = R.string.auth_follow_auth_server;\r
+ \r
+ } else {\r
+ mAuthStatusIcon = R.drawable.common_error;\r
+ mAuthStatusText = R.string.auth_unsupported_auth_method;\r
+ \r
+ }\r
+ showAuthStatus();\r
+ }\r
\r
\r
/**\r
showDialog(DIALOG_LOGIN_PROGRESS);\r
\r
/// time to test the retrieved access token on the ownCloud server\r
- mOAuthAccessToken = ((OAuth2GetAccessToken)operation).getResultTokenMap().get(OAuth2Constants.KEY_ACCESS_TOKEN);\r
- Log_OC.d(TAG, "Got ACCESS TOKEN: " + mOAuthAccessToken);\r
+ mAuthToken = ((OAuth2GetAccessToken)operation).getResultTokenMap().get(OAuth2Constants.KEY_ACCESS_TOKEN);\r
+ Log_OC.d(TAG, "Got ACCESS TOKEN: " + mAuthToken);\r
mAuthCheckOperation = new ExistenceCheckOperation("", this, false);\r
- WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(mHostBaseUrl + webdav_path), this);\r
- client.setBearerCredentials(mOAuthAccessToken);\r
+ WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(mHostBaseUrl + webdav_path), this, true);\r
+ client.setBearerCredentials(mAuthToken);\r
mAuthCheckOperation.execute(client, this, mHandler);\r
\r
} else {\r
Bundle response = new Bundle();\r
response.putString(AccountManager.KEY_ACCOUNT_NAME, mAccount.name);\r
response.putString(AccountManager.KEY_ACCOUNT_TYPE, mAccount.type);\r
- boolean isOAuth = mOAuth2Check.isChecked();\r
- if (isOAuth) {\r
- response.putString(AccountManager.KEY_AUTHTOKEN, mOAuthAccessToken);\r
+ \r
+ if (AccountAuthenticator.AUTH_TOKEN_TYPE_ACCESS_TOKEN.equals(mCurrentAuthTokenType)) { \r
+ response.putString(AccountManager.KEY_AUTHTOKEN, mAuthToken);\r
+ // the next line is necessary; by now, notifications are calling directly to the AuthenticatorActivity to update, without AccountManager intervention\r
+ mAccountMgr.setAuthToken(mAccount, mCurrentAuthTokenType, mAuthToken);\r
+ \r
+ } else if (AccountAuthenticator.AUTH_TOKEN_TYPE_SAML_WEB_SSO_SESSION_COOKIE.equals(mCurrentAuthTokenType)) {\r
+ response.putString(AccountManager.KEY_AUTHTOKEN, mAuthToken);\r
// the next line is necessary; by now, notifications are calling directly to the AuthenticatorActivity to update, without AccountManager intervention\r
- mAccountMgr.setAuthToken(mAccount, AccountAuthenticator.AUTH_TOKEN_TYPE_ACCESS_TOKEN, mOAuthAccessToken);\r
+ mAccountMgr.setAuthToken(mAccount, mCurrentAuthTokenType, mAuthToken);\r
+ \r
} else {\r
response.putString(AccountManager.KEY_AUTHTOKEN, mPasswordInput.getText().toString());\r
mAccountMgr.setPassword(mAccount, mPasswordInput.getText().toString());\r
*/\r
private void createAccount() {\r
/// create and save new ownCloud account\r
- boolean isOAuth = mOAuth2Check.isChecked();\r
+ boolean isOAuth = AccountAuthenticator.AUTH_TOKEN_TYPE_ACCESS_TOKEN.equals(mCurrentAuthTokenType);\r
+ boolean isSaml = AccountAuthenticator.AUTH_TOKEN_TYPE_SAML_WEB_SSO_SESSION_COOKIE.equals(mCurrentAuthTokenType);\r
\r
Uri uri = Uri.parse(mHostBaseUrl);\r
String username = mUsernameInput.getText().toString().trim();\r
- if (isOAuth) {\r
+ if (isSaml) {\r
+ username = mAccountNameInput.getText().toString().trim();\r
+ \r
+ } else if (isOAuth) {\r
username = "OAuth_user" + (new java.util.Random(System.currentTimeMillis())).nextLong();\r
} \r
String accountName = username + "@" + uri.getHost();\r
accountName += ":" + uri.getPort();\r
}\r
mAccount = new Account(accountName, AccountAuthenticator.ACCOUNT_TYPE);\r
- if (isOAuth) {\r
- mAccountMgr.addAccountExplicitly(mAccount, "", null); // with our implementation, the password is never input in the app\r
+ if (isOAuth || isSaml) {\r
+ mAccountMgr.addAccountExplicitly(mAccount, "", null); // with external authorizations, the password is never input in the app\r
} else {\r
mAccountMgr.addAccountExplicitly(mAccount, mPasswordInput.getText().toString(), null);\r
}\r
final Intent intent = new Intent(); \r
intent.putExtra(AccountManager.KEY_ACCOUNT_TYPE, AccountAuthenticator.ACCOUNT_TYPE);\r
intent.putExtra(AccountManager.KEY_ACCOUNT_NAME, mAccount.name);\r
- if (!isOAuth)\r
- intent.putExtra(AccountManager.KEY_AUTHTOKEN, AccountAuthenticator.ACCOUNT_TYPE); // TODO check this; not sure it's right; maybe\r
+ /*if (!isOAuth)\r
+ intent.putExtra(AccountManager.KEY_AUTHTOKEN, AccountAuthenticator.ACCOUNT_TYPE); */\r
intent.putExtra(AccountManager.KEY_USERDATA, username);\r
- if (isOAuth) {\r
- mAccountMgr.setAuthToken(mAccount, AccountAuthenticator.AUTH_TOKEN_TYPE_ACCESS_TOKEN, mOAuthAccessToken);\r
+ if (isOAuth || isSaml) {\r
+ mAccountMgr.setAuthToken(mAccount, mCurrentAuthTokenType, mAuthToken);\r
}\r
/// add user data to the new account; TODO probably can be done in the last parameter addAccountExplicitly, or in KEY_USERDATA\r
mAccountMgr.setUserData(mAccount, AccountAuthenticator.KEY_OC_VERSION, mDiscoveredVersion.toString());\r
mAccountMgr.setUserData(mAccount, AccountAuthenticator.KEY_OC_BASE_URL, mHostBaseUrl);\r
- if (isOAuth)\r
- mAccountMgr.setUserData(mAccount, AccountAuthenticator.KEY_SUPPORTS_OAUTH2, "TRUE"); // TODO this flag should be unnecessary\r
+ if (isSaml) {\r
+ mAccountMgr.setUserData(mAccount, AccountAuthenticator.KEY_SUPPORTS_SAML_WEB_SSO, "TRUE"); \r
+ } else if (isOAuth) {\r
+ mAccountMgr.setUserData(mAccount, AccountAuthenticator.KEY_SUPPORTS_OAUTH2, "TRUE"); \r
+ }\r
\r
setAccountAuthenticatorResult(intent.getExtras());\r
setResult(RESULT_OK, intent);\r
mUsernameInput.setVisibility(View.GONE);\r
mPasswordInput.setVisibility(View.GONE);\r
mAccountNameInput.setVisibility(View.GONE);\r
- mWebSsoView.setVisibility(View.GONE);\r
\r
} else if (AccountAuthenticator.AUTH_TOKEN_TYPE_SAML_WEB_SSO_SESSION_COOKIE.equals(mCurrentAuthTokenType)) {\r
// SAML-based web Single Sign On\r
mUsernameInput.setVisibility(View.GONE);\r
mPasswordInput.setVisibility(View.GONE);\r
mAccountNameInput.setVisibility(View.VISIBLE);\r
- mWebSsoView.setVisibility(View.VISIBLE);\r
- \r
} else {\r
// basic HTTP authorization\r
mOAuthAuthEndpointText.setVisibility(View.GONE);\r
mUsernameInput.setVisibility(View.VISIBLE);\r
mPasswordInput.setVisibility(View.VISIBLE);\r
mAccountNameInput.setVisibility(View.GONE);\r
- mWebSsoView.setVisibility(View.GONE);\r
}\r
}\r
\r
public abstract boolean onDrawableTouch(final MotionEvent event);\r
}\r
\r
+\r
+ public void onSamlDialogSuccess(String sessionCookie){\r
+ mAuthToken = sessionCookie;\r
+ \r
+ if (sessionCookie != null && sessionCookie.length() > 0) {\r
+ Log_OC.d(TAG, "Successful SSO - time to save the account");\r
+ mAuthToken = sessionCookie;\r
+ if (mAction == ACTION_CREATE) {\r
+ createAccount();\r
+\r
+ } else {\r
+ updateToken();\r
+ }\r
+\r
+ finish();\r
+\r
+ }\r
+ }\r
+\r
+\r
+\r
+ @Override\r
+ public void onSsoFinished(String sessionCookie) {\r
+ //Toast.makeText(this, "got cookies: " + sessionCookie, Toast.LENGTH_LONG).show();\r
+\r
+ if (sessionCookie != null && sessionCookie.length() > 0) {\r
+ Log_OC.d(TAG, "Successful SSO - time to save the account");\r
+ onSamlDialogSuccess(sessionCookie);\r
+ finish();\r
+\r
+ } else { \r
+ // TODO - show fail\r
+ Log_OC.d(TAG, "SSO failed");\r
+ }\r
+ }\r
+ \r
+ \r
+\r
}\r
projects / pub / Android / ownCloud.git / blobdiff