X-Git-Url: http://git.linex4red.de/pub/Android/ownCloud.git/blobdiff_plain/0713ba613d90563874a8acb6152a3b93d5ee84f8..e1245bbda7894e1a3028d2b54a6918e4bdd46ae2:/src/com/owncloud/android/authentication/AuthenticatorActivity.java diff --git a/src/com/owncloud/android/authentication/AuthenticatorActivity.java b/src/com/owncloud/android/authentication/AuthenticatorActivity.java index d1f79cf1..6928d414 100644 --- a/src/com/owncloud/android/authentication/AuthenticatorActivity.java +++ b/src/com/owncloud/android/authentication/AuthenticatorActivity.java @@ -18,21 +18,7 @@ package com.owncloud.android.authentication; -import com.owncloud.android.Log_OC; -import com.owncloud.android.ui.dialog.SslValidatorDialog; -import com.owncloud.android.ui.dialog.SslValidatorDialog.OnSslValidatorListener; -import com.owncloud.android.utils.OwnCloudVersion; -import com.owncloud.android.network.OwnCloudClientUtils; -import com.owncloud.android.operations.OwnCloudServerCheckOperation; -import com.owncloud.android.operations.ExistenceCheckOperation; -import com.owncloud.android.operations.OAuth2GetAccessToken; -import com.owncloud.android.operations.OnRemoteOperationListener; -import com.owncloud.android.operations.RemoteOperation; -import com.owncloud.android.operations.RemoteOperationResult; -import com.owncloud.android.operations.RemoteOperationResult.ResultCode; - import android.accounts.Account; -import android.accounts.AccountAuthenticatorActivity; import android.accounts.AccountManager; import android.app.AlertDialog; import android.app.Dialog; @@ -47,6 +33,7 @@ import android.net.Uri; import android.os.Bundle; import android.os.Handler; import android.preference.PreferenceManager; +import android.support.v4.app.Fragment; import android.text.Editable; import android.text.InputType; import android.text.TextWatcher; @@ -57,17 +44,32 @@ import android.view.View.OnFocusChangeListener; import android.view.View.OnTouchListener; import android.view.Window; import android.view.inputmethod.EditorInfo; -import android.webkit.WebView; +import android.widget.Button; import android.widget.CheckBox; import android.widget.EditText; -import android.widget.Button; import android.widget.TextView; -import android.widget.Toast; import android.widget.TextView.OnEditorActionListener; +import com.actionbarsherlock.app.SherlockDialogFragment; +import com.owncloud.android.MainApp; import com.owncloud.android.R; - -import eu.alefzero.webdav.WebdavClient; +import com.owncloud.android.authentication.SsoWebViewClient.SsoWebViewClientListener; +import com.owncloud.android.oc_framework.accounts.AccountTypeUtils; +import com.owncloud.android.oc_framework.accounts.OwnCloudAccount; +import com.owncloud.android.oc_framework.network.webdav.OwnCloudClientFactory; +import com.owncloud.android.oc_framework.network.webdav.WebdavClient; +import com.owncloud.android.operations.ExistenceCheckOperation; +import com.owncloud.android.operations.OAuth2GetAccessToken; +import com.owncloud.android.oc_framework.operations.OnRemoteOperationListener; +import com.owncloud.android.operations.OwnCloudServerCheckOperation; +import com.owncloud.android.oc_framework.operations.RemoteOperation; +import com.owncloud.android.oc_framework.operations.RemoteOperationResult; +import com.owncloud.android.oc_framework.operations.RemoteOperationResult.ResultCode; +import com.owncloud.android.ui.dialog.SamlWebViewDialog; +import com.owncloud.android.ui.dialog.SslValidatorDialog; +import com.owncloud.android.ui.dialog.SslValidatorDialog.OnSslValidatorListener; +import com.owncloud.android.utils.Log_OC; +import com.owncloud.android.oc_framework.utils.OwnCloudVersion; /** * This Activity is used to add an ownCloud account to the App @@ -76,7 +78,7 @@ import eu.alefzero.webdav.WebdavClient; * @author David A. Velasco */ public class AuthenticatorActivity extends AccountAuthenticatorActivity -implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeListener, OnEditorActionListener { +implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeListener, OnEditorActionListener, SsoWebViewClientListener{ private static final String TAG = AuthenticatorActivity.class.getSimpleName(); @@ -86,6 +88,8 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList public static final String EXTRA_ACTION = "ACTION"; public static final String EXTRA_ENFORCED_UPDATE = "ENFORCE_UPDATE"; + private static final String KEY_AUTH_MESSAGE_VISIBILITY = "AUTH_MESSAGE_VISIBILITY"; + private static final String KEY_AUTH_MESSAGE_TEXT = "AUTH_MESSAGE_TEXT"; private static final String KEY_HOST_URL_TEXT = "HOST_URL_TEXT"; private static final String KEY_OC_VERSION = "OC_VERSION"; private static final String KEY_ACCOUNT = "ACCOUNT"; @@ -96,19 +100,16 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList private static final String KEY_SERVER_STATUS_ICON = "SERVER_STATUS_ICON"; private static final String KEY_IS_SSL_CONN = "IS_SSL_CONN"; private static final String KEY_PASSWORD_VISIBLE = "PASSWORD_VISIBLE"; - private static final String KEY_AUTH_METHOD = "AUTH_METHOD"; private static final String KEY_AUTH_STATUS_TEXT = "AUTH_STATUS_TEXT"; private static final String KEY_AUTH_STATUS_ICON = "AUTH_STATUS_ICON"; private static final String KEY_REFRESH_BUTTON_ENABLED = "KEY_REFRESH_BUTTON_ENABLED"; + + private static final String KEY_OC_USERNAME_EQUALS = "oc_username="; private static final String AUTH_ON = "on"; private static final String AUTH_OFF = "off"; private static final String AUTH_OPTIONAL = "optional"; - private static final int AUTH_METHOD_BASIC_HTTP = 0; - private static final int AUTH_METHOD_OAUTH2 = 1; - private static final int AUTH_METHOD_SAML_WEB_SSO = 2; - private static final int DIALOG_LOGIN_PROGRESS = 0; private static final int DIALOG_SSL_VALIDATOR = 1; private static final int DIALOG_CERT_NOT_SAVED = 2; @@ -117,10 +118,13 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList public static final byte ACTION_CREATE = 0; public static final byte ACTION_UPDATE_TOKEN = 1; + private static final String TAG_SAML_DIALOG = "samlWebViewDialog"; + private String mHostBaseUrl; private OwnCloudVersion mDiscoveredVersion; - private int mServerStatusText, mServerStatusIcon; + private String mAuthMessageText; + private int mAuthMessageVisibility, mServerStatusText, mServerStatusIcon; private boolean mServerIsChecked, mServerIsValid, mIsSslConn; private int mAuthStatusText, mAuthStatusIcon; private TextView mAuthStatusLayout; @@ -138,25 +142,29 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList private byte mAction; private Account mAccount; + private TextView mAuthMessage; + private EditText mHostUrlInput; private boolean mHostUrlInputEnabled; private View mRefreshButton; - private int mCurrentAuthorizationMethod; + private String mAuthTokenType; private EditText mUsernameInput; private EditText mPasswordInput; private CheckBox mOAuth2Check; - private String mOAuthAccessToken; private TextView mOAuthAuthEndpointText; private TextView mOAuthTokenEndpointText; - private TextView mAccountNameInput; - private WebView mWebSsoView; + private SamlWebViewDialog mSamlDialog; private View mOkButton; + + private String mAuthToken; + + private boolean mResumed; // Control if activity is resumed /** @@ -171,6 +179,7 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList /// set view and get references to view elements setContentView(R.layout.account_setup); + mAuthMessage = (TextView) findViewById(R.id.auth_message); mHostUrlInput = (EditText) findViewById(R.id.hostUrlInput); mHostUrlInput.setText(getString(R.string.server_url)); // valid although R.string.server_url is an empty string mUsernameInput = (EditText) findViewById(R.id.account_username); @@ -178,19 +187,22 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList mOAuthAuthEndpointText = (TextView)findViewById(R.id.oAuthEntryPoint_1); mOAuthTokenEndpointText = (TextView)findViewById(R.id.oAuthEntryPoint_2); mOAuth2Check = (CheckBox) findViewById(R.id.oauth_onOff_check); - mAccountNameInput = (EditText) findViewById(R.id.account_name); - mWebSsoView = (WebView) findViewById(R.id.web_sso_view); mOkButton = findViewById(R.id.buttonOK); mAuthStatusLayout = (TextView) findViewById(R.id.auth_status_text); /// set Host Url Input Enabled mHostUrlInputEnabled = getResources().getBoolean(R.bool.show_server_url_input); - - /// complete label for 'register account' button - Button b = (Button) findViewById(R.id.account_register); - if (b != null) { - b.setText(String.format(getString(R.string.auth_register), getString(R.string.app_name))); + /// set visibility of link for new users + boolean accountRegisterVisibility = getResources().getBoolean(R.bool.show_welcome_link); + Button welcomeLink = (Button) findViewById(R.id.welcome_link); + if (welcomeLink != null) { + if (accountRegisterVisibility) { + welcomeLink.setVisibility(View.VISIBLE); + welcomeLink.setText(String.format(getString(R.string.auth_register), getString(R.string.app_name))); + } else { + findViewById(R.id.welcome_link).setVisibility(View.GONE); + } } /// initialization @@ -212,7 +224,9 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList } if (savedInstanceState == null) { + mResumed = false; /// connection state and info + mAuthMessageVisibility = View.GONE; mServerStatusText = mServerStatusIcon = 0; mServerIsValid = false; mServerIsChecked = false; @@ -222,23 +236,27 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList /// retrieve extras from intent mAccount = getIntent().getExtras().getParcelable(EXTRA_ACCOUNT); if (mAccount != null) { - String ocVersion = mAccountMgr.getUserData(mAccount, AccountAuthenticator.KEY_OC_VERSION); + String ocVersion = mAccountMgr.getUserData(mAccount, OwnCloudAccount.Constants.KEY_OC_VERSION); if (ocVersion != null) { mDiscoveredVersion = new OwnCloudVersion(ocVersion); } - mHostBaseUrl = normalizeUrl(mAccountMgr.getUserData(mAccount, AccountAuthenticator.KEY_OC_BASE_URL)); + mHostBaseUrl = normalizeUrl(mAccountMgr.getUserData(mAccount, OwnCloudAccount.Constants.KEY_OC_BASE_URL)); mHostUrlInput.setText(mHostBaseUrl); + String userName = mAccount.name.substring(0, mAccount.name.lastIndexOf('@')); + mUsernameInput.setText(userName); } initAuthorizationMethod(); // checks intent and setup.xml to determine mCurrentAuthorizationMethod - mOAuth2Check.setChecked(mCurrentAuthorizationMethod == AUTH_METHOD_OAUTH2); mJustCreated = true; if (mAction == ACTION_UPDATE_TOKEN || !mHostUrlInputEnabled) { checkOcServer(); } - + } else { + mResumed = true; /// connection state and info + mAuthMessageVisibility = savedInstanceState.getInt(KEY_AUTH_MESSAGE_VISIBILITY); + mAuthMessageText = savedInstanceState.getString(KEY_AUTH_MESSAGE_TEXT); mServerIsValid = savedInstanceState.getBoolean(KEY_SERVER_VALID); mServerIsChecked = savedInstanceState.getBoolean(KEY_SERVER_CHECKED); mServerStatusText = savedInstanceState.getInt(KEY_SERVER_STATUS_TEXT); @@ -259,7 +277,11 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList // account data, if updating mAccount = savedInstanceState.getParcelable(KEY_ACCOUNT); - mCurrentAuthorizationMethod = savedInstanceState.getInt(KEY_AUTH_METHOD, AUTH_METHOD_BASIC_HTTP); + mAuthTokenType = savedInstanceState.getString(AccountAuthenticator.KEY_AUTH_TOKEN_TYPE); + if (mAuthTokenType == null) { + mAuthTokenType = AccountTypeUtils.getAuthTokenTypePass(MainApp.getAccountType()); + + } // check if server check was interrupted by a configuration change if (savedInstanceState.getBoolean(KEY_SERVER_CHECK_IN_PROGRESS, false)) { @@ -272,6 +294,12 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList } + if (mAuthMessageVisibility== View.VISIBLE) { + showAuthMessage(mAuthMessageText); + } + else { + hideAuthMessage(); + } adaptViewAccordingToAuthenticationMethod(); showServerStatus(); showAuthStatus(); @@ -289,14 +317,17 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList if (mServerIsChecked && !mServerIsValid && refreshButtonEnabled) showRefreshButton(); mOkButton.setEnabled(mServerIsValid); // state not automatically recovered in configuration changes - if (mCurrentAuthorizationMethod == AUTH_METHOD_SAML_WEB_SSO || !AUTH_OPTIONAL.equals(getString(R.string.auth_method_oauth2))) { + if (AccountTypeUtils.getAuthTokenTypeSamlSessionCookie(MainApp.getAccountType()).equals(mAuthTokenType) || + !AUTH_OPTIONAL.equals(getString(R.string.auth_method_oauth2))) { mOAuth2Check.setVisibility(View.GONE); } mPasswordInput.setText(""); // clean password to avoid social hacking (disadvantage: password in removed if the device is turned aside) - /// bind view elements to listeners + /// bind view elements to listeners and other friends mHostUrlInput.setOnFocusChangeListener(this); + mHostUrlInput.setImeOptions(EditorInfo.IME_ACTION_NEXT); + mHostUrlInput.setOnEditorActionListener(this); mHostUrlInput.addTextChangedListener(new TextWatcher() { @Override @@ -307,12 +338,20 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList } @Override - public void beforeTextChanged(CharSequence s, int start, int count, int after) {} + public void beforeTextChanged(CharSequence s, int start, int count, int after) { + } @Override - public void onTextChanged(CharSequence s, int start, int before, int count) {} - + public void onTextChanged(CharSequence s, int start, int before, int count) { + if (!mResumed) { + mAuthStatusIcon = 0; + mAuthStatusText = 0; + showAuthStatus(); + } + mResumed = false; + } }); + mPasswordInput.setOnFocusChangeListener(this); mPasswordInput.setImeOptions(EditorInfo.IME_ACTION_DONE); mPasswordInput.setOnEditorActionListener(this); @@ -324,44 +363,60 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList } return true; } - }); + }); + + findViewById(R.id.scroll).setOnTouchListener(new OnTouchListener() { + @Override + public boolean onTouch(View view, MotionEvent event) { + if (event.getAction() == MotionEvent.ACTION_DOWN) { + if (AccountTypeUtils.getAuthTokenTypeSamlSessionCookie(MainApp.getAccountType()).equals(mAuthTokenType) && + mHostUrlInput.hasFocus()) { + checkOcServer(); + } + } + return false; + } + }); } + + private void initAuthorizationMethod() { boolean oAuthRequired = false; boolean samlWebSsoRequired = false; - String tokenType = getIntent().getExtras().getString(AccountAuthenticator.KEY_AUTH_TOKEN_TYPE); + mAuthTokenType = getIntent().getExtras().getString(AccountAuthenticator.KEY_AUTH_TOKEN_TYPE); mAccount = getIntent().getExtras().getParcelable(EXTRA_ACCOUNT); - if (tokenType != null) { - /// use the authentication method requested by caller - oAuthRequired = AccountAuthenticator.AUTH_TOKEN_TYPE_ACCESS_TOKEN.equals(tokenType); - samlWebSsoRequired = AccountAuthenticator.AUTH_TOKEN_TYPE_SAML_WEB_SSO_SESSION_COOKIE.equals(tokenType); - - } else if (mAccount != null) { - /// same authentication method than the one used to create the account to update - oAuthRequired = (mAccountMgr.getUserData(mAccount, AccountAuthenticator.KEY_SUPPORTS_OAUTH2) != null); - samlWebSsoRequired = (mAccountMgr.getUserData(mAccount, AccountAuthenticator.KEY_SUPPORTS_SAML_WEB_SSO) != null); - - } else { - /// use the one set in setup.xml - oAuthRequired = AUTH_ON.equals(getString(R.string.auth_method_oauth2)); - samlWebSsoRequired = AUTH_ON.equals(getString(R.string.auth_method_saml_web_sso)); - } + // TODO could be a good moment to validate the received token type, if not null - if (oAuthRequired) { - mCurrentAuthorizationMethod = AUTH_METHOD_OAUTH2; - } else if (samlWebSsoRequired) { - mCurrentAuthorizationMethod = AUTH_METHOD_SAML_WEB_SSO; - } else { - mCurrentAuthorizationMethod = AUTH_METHOD_BASIC_HTTP; + if (mAuthTokenType == null) { + if (mAccount != null) { + /// same authentication method than the one used to create the account to update + oAuthRequired = (mAccountMgr.getUserData(mAccount, OwnCloudAccount.Constants.KEY_SUPPORTS_OAUTH2) != null); + samlWebSsoRequired = (mAccountMgr.getUserData(mAccount, OwnCloudAccount.Constants.KEY_SUPPORTS_SAML_WEB_SSO) != null); + + } else { + /// use the one set in setup.xml + oAuthRequired = AUTH_ON.equals(getString(R.string.auth_method_oauth2)); + samlWebSsoRequired = AUTH_ON.equals(getString(R.string.auth_method_saml_web_sso)); + } + if (oAuthRequired) { + mAuthTokenType = AccountTypeUtils.getAuthTokenTypeAccessToken(MainApp.getAccountType()); + } else if (samlWebSsoRequired) { + mAuthTokenType = AccountTypeUtils.getAuthTokenTypeSamlSessionCookie(MainApp.getAccountType()); + } else { + mAuthTokenType = AccountTypeUtils.getAuthTokenTypePass(MainApp.getAccountType()); + } } - + if (mAccount != null) { String userName = mAccount.name.substring(0, mAccount.name.lastIndexOf('@')); mUsernameInput.setText(userName); } + + mOAuth2Check.setChecked(AccountTypeUtils.getAuthTokenTypeAccessToken(MainApp.getAccountType()).equals(mAuthTokenType)); + } /** @@ -377,6 +432,8 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList super.onSaveInstanceState(outState); /// connection state and info + outState.putInt(KEY_AUTH_MESSAGE_VISIBILITY, mAuthMessage.getVisibility()); + outState.putString(KEY_AUTH_MESSAGE_TEXT, mAuthMessage.getText().toString()); outState.putInt(KEY_SERVER_STATUS_TEXT, mServerStatusText); outState.putInt(KEY_SERVER_STATUS_ICON, mServerStatusIcon); outState.putBoolean(KEY_SERVER_VALID, mServerIsValid); @@ -397,10 +454,11 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList if (mAccount != null) { outState.putParcelable(KEY_ACCOUNT, mAccount); } - outState.putInt(KEY_AUTH_METHOD, mCurrentAuthorizationMethod); + outState.putString(AccountAuthenticator.KEY_AUTH_TOKEN_TYPE, mAuthTokenType); // refresh button enabled outState.putBoolean(KEY_REFRESH_BUTTON_ENABLED, (mRefreshButton.getVisibility() == View.VISIBLE)); + } @@ -430,10 +488,16 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList protected void onResume() { super.onResume(); if (mAction == ACTION_UPDATE_TOKEN && mJustCreated && getIntent().getBooleanExtra(EXTRA_ENFORCED_UPDATE, false)) { - if (mOAuth2Check.isChecked()) - Toast.makeText(this, R.string.auth_expired_oauth_token_toast, Toast.LENGTH_LONG).show(); - else - Toast.makeText(this, R.string.auth_expired_basic_auth_toast, Toast.LENGTH_LONG).show(); + if (AccountTypeUtils.getAuthTokenTypeAccessToken(MainApp.getAccountType()).equals(mAuthTokenType)) { + //Toast.makeText(this, R.string.auth_expired_oauth_token_toast, Toast.LENGTH_LONG).show(); + showAuthMessage(getString(R.string.auth_expired_oauth_token_toast)); + } else if (AccountTypeUtils.getAuthTokenTypeSamlSessionCookie(MainApp.getAccountType()).equals(mAuthTokenType)) { + //Toast.makeText(this, R.string.auth_expired_saml_sso_token_toast, Toast.LENGTH_LONG).show(); + showAuthMessage(getString(R.string.auth_expired_saml_sso_token_toast)); + } else { + //Toast.makeText(this, R.string.auth_expired_basic_auth_toast, Toast.LENGTH_LONG).show(); + showAuthMessage(getString(R.string.auth_expired_basic_auth_toast)); + } } if (mNewCapturedUriFromOAuth2Redirection != null) { @@ -441,6 +505,7 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList } mJustCreated = false; + } @@ -462,7 +527,7 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList getString(R.string.oauth2_grant_type), queryParameters); //WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(getString(R.string.oauth2_url_endpoint_access)), getApplicationContext()); - WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(mOAuthTokenEndpointText.getText().toString().trim()), getApplicationContext()); + WebdavClient client = OwnCloudClientFactory.createOwnCloudClient(Uri.parse(mOAuthTokenEndpointText.getText().toString().trim()), getApplicationContext(), true); operation.execute(client, this, mHandler); } @@ -526,7 +591,7 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList mServerStatusIcon = R.drawable.progress_small; showServerStatus(); mOcServerChkOperation = new OwnCloudServerCheckOperation(uri, this); - WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(uri), this); + WebdavClient client = OwnCloudClientFactory.createOwnCloudClient(Uri.parse(uri), this, true); mOperationThread = mOcServerChkOperation.execute(client, this, mHandler); } else { mServerStatusText = 0; @@ -626,9 +691,10 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList return; } - if (mOAuth2Check.isChecked()) { + if (AccountTypeUtils.getAuthTokenTypeAccessToken(MainApp.getAccountType()).equals(mAuthTokenType)) { startOauthorization(); - + } else if (AccountTypeUtils.getAuthTokenTypeSamlSessionCookie(MainApp.getAccountType()).equals(mAuthTokenType)) { + startSamlBasedFederatedSingleSignOnAuthorization(); } else { checkBasicAuthorization(); } @@ -641,7 +707,7 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList */ private void checkBasicAuthorization() { /// get the path to the root folder through WebDAV from the version server - String webdav_path = AccountUtils.getWebdavPath(mDiscoveredVersion, false); + String webdav_path = AccountUtils.getWebdavPath(mDiscoveredVersion, mAuthTokenType); /// get basic credentials entered by user String username = mUsernameInput.getText().toString(); @@ -652,7 +718,7 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList /// test credentials accessing the root folder mAuthCheckOperation = new ExistenceCheckOperation("", this, false); - WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(mHostBaseUrl + webdav_path), this); + WebdavClient client = OwnCloudClientFactory.createOwnCloudClient(Uri.parse(mHostBaseUrl + webdav_path), this, true); client.setBasicCredentials(username, password); mOperationThread = mAuthCheckOperation.execute(client, this, mHandler); } @@ -667,6 +733,7 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList mAuthStatusIcon = R.drawable.progress_small; mAuthStatusText = R.string.oauth_login_connection; showAuthStatus(); + // GET AUTHORIZATION request //Uri uri = Uri.parse(getString(R.string.oauth2_url_endpoint_auth)); @@ -685,6 +752,27 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList /** + * Starts the Web Single Sign On flow to get access to the root folder + * in the server. + */ + private void startSamlBasedFederatedSingleSignOnAuthorization() { + // be gentle with the user + mAuthStatusIcon = R.drawable.progress_small; + mAuthStatusText = R.string.auth_connecting_auth_server; + showAuthStatus(); + showDialog(DIALOG_LOGIN_PROGRESS); + + /// get the path to the root folder through WebDAV from the version server + String webdav_path = AccountUtils.getWebdavPath(mDiscoveredVersion, mAuthTokenType); + + /// test credentials accessing the root folder + mAuthCheckOperation = new ExistenceCheckOperation("", this, false); + WebdavClient client = OwnCloudClientFactory.createOwnCloudClient(Uri.parse(mHostBaseUrl + webdav_path), this, false); + mOperationThread = mAuthCheckOperation.execute(client, this, mHandler); + + } + + /** * Callback method invoked when a RemoteOperation executed by this Activity finishes. * * Dispatches the operation flow to the right method. @@ -699,10 +787,42 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList onGetOAuthAccessTokenFinish((OAuth2GetAccessToken)operation, result); } else if (operation instanceof ExistenceCheckOperation) { - onAuthorizationCheckFinish((ExistenceCheckOperation)operation, result); - + if (AccountTypeUtils.getAuthTokenTypeSamlSessionCookie(MainApp.getAccountType()).equals(mAuthTokenType)) { + onSamlBasedFederatedSingleSignOnAuthorizationStart(operation, result); + + } else { + onAuthorizationCheckFinish((ExistenceCheckOperation)operation, result); + } } } + + + private void onSamlBasedFederatedSingleSignOnAuthorizationStart(RemoteOperation operation, RemoteOperationResult result) { + try { + dismissDialog(DIALOG_LOGIN_PROGRESS); + } catch (IllegalArgumentException e) { + // NOTHING TO DO ; can't find out what situation that leads to the exception in this code, but user logs signal that it happens + } + + //if (result.isTemporalRedirection() && result.isIdPRedirection()) { + if (result.isIdPRedirection()) { + String url = result.getRedirectedLocation(); + String targetUrl = mHostBaseUrl + AccountUtils.getWebdavPath(mDiscoveredVersion, mAuthTokenType); + + // Show dialog + mSamlDialog = SamlWebViewDialog.newInstance(url, targetUrl); + mSamlDialog.show(getSupportFragmentManager(), TAG_SAML_DIALOG); + + mAuthStatusIcon = 0; + mAuthStatusText = 0; + + } else { + mAuthStatusIcon = R.drawable.common_error; + mAuthStatusText = R.string.auth_unsupported_auth_method; + + } + showAuthStatus(); + } /** @@ -767,7 +887,6 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList } } - Log_OC.d(TAG, "URL Normalize " + url); return (url != null ? url : ""); } @@ -927,6 +1046,12 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList case OAUTH2_ERROR_ACCESS_DENIED: mAuthStatusText = R.string.auth_oauth_error_access_denied; break; + case ACCOUNT_NOT_NEW: + mAuthStatusText = R.string.auth_account_not_new; + break; + case ACCOUNT_NOT_THE_SAME: + mAuthStatusText = R.string.auth_account_not_the_same; + break; case UNHANDLED_HTTP_CODE: case UNKNOWN_ERROR: mAuthStatusText = R.string.auth_unknown_error_title; @@ -952,17 +1077,17 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList // NOTHING TO DO ; can't find out what situation that leads to the exception in this code, but user logs signal that it happens } - String webdav_path = AccountUtils.getWebdavPath(mDiscoveredVersion, true); + String webdav_path = AccountUtils.getWebdavPath(mDiscoveredVersion, mAuthTokenType); if (result.isSuccess() && webdav_path != null) { /// be gentle with the user showDialog(DIALOG_LOGIN_PROGRESS); /// time to test the retrieved access token on the ownCloud server - mOAuthAccessToken = ((OAuth2GetAccessToken)operation).getResultTokenMap().get(OAuth2Constants.KEY_ACCESS_TOKEN); - Log_OC.d(TAG, "Got ACCESS TOKEN: " + mOAuthAccessToken); + mAuthToken = ((OAuth2GetAccessToken)operation).getResultTokenMap().get(OAuth2Constants.KEY_ACCESS_TOKEN); + Log_OC.d(TAG, "Got ACCESS TOKEN: " + mAuthToken); mAuthCheckOperation = new ExistenceCheckOperation("", this, false); - WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(mHostBaseUrl + webdav_path), this); - client.setBearerCredentials(mOAuthAccessToken); + WebdavClient client = OwnCloudClientFactory.createOwnCloudClient(Uri.parse(mHostBaseUrl + webdav_path), this, true); + client.setBearerCredentials(mAuthToken); mAuthCheckOperation.execute(client, this, mHandler); } else { @@ -991,14 +1116,17 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList if (result.isSuccess()) { Log_OC.d(TAG, "Successful access - time to save the account"); + boolean success = false; if (mAction == ACTION_CREATE) { - createAccount(); + success = createAccount(); } else { - updateToken(); + success = updateToken(); } - finish(); + if (success) { + finish(); + } } else if (result.isServerFail() || result.isException()) { /// if server fail or exception in authorization, the UI is updated as when a server check failed @@ -1031,6 +1159,7 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList showAuthStatus(); Log_OC.d(TAG, "Access failed: " + result.getLogMessage()); } + } @@ -1038,20 +1167,39 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList * Sets the proper response to get that the Account Authenticator that started this activity saves * a new authorization token for mAccount. */ - private void updateToken() { + private boolean updateToken() { Bundle response = new Bundle(); response.putString(AccountManager.KEY_ACCOUNT_NAME, mAccount.name); response.putString(AccountManager.KEY_ACCOUNT_TYPE, mAccount.type); - boolean isOAuth = mOAuth2Check.isChecked(); - if (isOAuth) { - response.putString(AccountManager.KEY_AUTHTOKEN, mOAuthAccessToken); + + if (AccountTypeUtils.getAuthTokenTypeAccessToken(MainApp.getAccountType()).equals(mAuthTokenType)) { + response.putString(AccountManager.KEY_AUTHTOKEN, mAuthToken); + // the next line is necessary; by now, notifications are calling directly to the AuthenticatorActivity to update, without AccountManager intervention + mAccountMgr.setAuthToken(mAccount, mAuthTokenType, mAuthToken); + + } else if (AccountTypeUtils.getAuthTokenTypeSamlSessionCookie(MainApp.getAccountType()).equals(mAuthTokenType)) { + String username = getUserNameForSamlSso(); + if (!mUsernameInput.getText().toString().equals(username)) { + // fail - not a new account, but an existing one; disallow + RemoteOperationResult result = new RemoteOperationResult(ResultCode.ACCOUNT_NOT_THE_SAME); + updateAuthStatusIconAndText(result); + showAuthStatus(); + Log_OC.d(TAG, result.getLogMessage()); + + return false; + } + + response.putString(AccountManager.KEY_AUTHTOKEN, mAuthToken); // the next line is necessary; by now, notifications are calling directly to the AuthenticatorActivity to update, without AccountManager intervention - mAccountMgr.setAuthToken(mAccount, AccountAuthenticator.AUTH_TOKEN_TYPE_ACCESS_TOKEN, mOAuthAccessToken); + mAccountMgr.setAuthToken(mAccount, mAuthTokenType, mAuthToken); + } else { response.putString(AccountManager.KEY_AUTHTOKEN, mPasswordInput.getText().toString()); mAccountMgr.setPassword(mAccount, mPasswordInput.getText().toString()); } setAccountAuthenticatorResult(response); + + return true; } @@ -1062,59 +1210,88 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList * * TODO Decide how to name the OAuth accounts */ - private void createAccount() { + private boolean createAccount() { /// create and save new ownCloud account - boolean isOAuth = mOAuth2Check.isChecked(); + boolean isOAuth = AccountTypeUtils.getAuthTokenTypeAccessToken(MainApp.getAccountType()).equals(mAuthTokenType); + boolean isSaml = AccountTypeUtils.getAuthTokenTypeSamlSessionCookie(MainApp.getAccountType()).equals(mAuthTokenType); Uri uri = Uri.parse(mHostBaseUrl); String username = mUsernameInput.getText().toString().trim(); - if (isOAuth) { + if (isSaml) { + username = getUserNameForSamlSso(); + + } else if (isOAuth) { username = "OAuth_user" + (new java.util.Random(System.currentTimeMillis())).nextLong(); } String accountName = username + "@" + uri.getHost(); if (uri.getPort() >= 0) { accountName += ":" + uri.getPort(); } - mAccount = new Account(accountName, AccountAuthenticator.ACCOUNT_TYPE); - if (isOAuth) { - mAccountMgr.addAccountExplicitly(mAccount, "", null); // with our implementation, the password is never input in the app + mAccount = new Account(accountName, MainApp.getAccountType()); + if (AccountUtils.exists(mAccount, getApplicationContext())) { + // fail - not a new account, but an existing one; disallow + RemoteOperationResult result = new RemoteOperationResult(ResultCode.ACCOUNT_NOT_NEW); + updateAuthStatusIconAndText(result); + showAuthStatus(); + Log_OC.d(TAG, result.getLogMessage()); + return false; + } else { - mAccountMgr.addAccountExplicitly(mAccount, mPasswordInput.getText().toString(), null); - } - - /// add the new account as default in preferences, if there is none already - Account defaultAccount = AccountUtils.getCurrentOwnCloudAccount(this); - if (defaultAccount == null) { - SharedPreferences.Editor editor = PreferenceManager - .getDefaultSharedPreferences(this).edit(); - editor.putString("select_oc_account", accountName); - editor.commit(); + + if (isOAuth || isSaml) { + mAccountMgr.addAccountExplicitly(mAccount, "", null); // with external authorizations, the password is never input in the app + } else { + mAccountMgr.addAccountExplicitly(mAccount, mPasswordInput.getText().toString(), null); + } + + /// add the new account as default in preferences, if there is none already + Account defaultAccount = AccountUtils.getCurrentOwnCloudAccount(this); + if (defaultAccount == null) { + SharedPreferences.Editor editor = PreferenceManager + .getDefaultSharedPreferences(this).edit(); + editor.putString("select_oc_account", accountName); + editor.commit(); + } + + /// prepare result to return to the Authenticator + // TODO check again what the Authenticator makes with it; probably has the same effect as addAccountExplicitly, but it's not well done + final Intent intent = new Intent(); + intent.putExtra(AccountManager.KEY_ACCOUNT_TYPE, MainApp.getAccountType()); + intent.putExtra(AccountManager.KEY_ACCOUNT_NAME, mAccount.name); + /*if (!isOAuth) + intent.putExtra(AccountManager.KEY_AUTHTOKEN, MainApp.getAccountType()); */ + intent.putExtra(AccountManager.KEY_USERDATA, username); + if (isOAuth || isSaml) { + mAccountMgr.setAuthToken(mAccount, mAuthTokenType, mAuthToken); + } + /// add user data to the new account; TODO probably can be done in the last parameter addAccountExplicitly, or in KEY_USERDATA + mAccountMgr.setUserData(mAccount, OwnCloudAccount.Constants.KEY_OC_VERSION, mDiscoveredVersion.toString()); + mAccountMgr.setUserData(mAccount, OwnCloudAccount.Constants.KEY_OC_BASE_URL, mHostBaseUrl); + if (isSaml) { + mAccountMgr.setUserData(mAccount, OwnCloudAccount.Constants.KEY_SUPPORTS_SAML_WEB_SSO, "TRUE"); + } else if (isOAuth) { + mAccountMgr.setUserData(mAccount, OwnCloudAccount.Constants.KEY_SUPPORTS_OAUTH2, "TRUE"); + } + + setAccountAuthenticatorResult(intent.getExtras()); + setResult(RESULT_OK, intent); + + return true; } + } - /// prepare result to return to the Authenticator - // TODO check again what the Authenticator makes with it; probably has the same effect as addAccountExplicitly, but it's not well done - final Intent intent = new Intent(); - intent.putExtra(AccountManager.KEY_ACCOUNT_TYPE, AccountAuthenticator.ACCOUNT_TYPE); - intent.putExtra(AccountManager.KEY_ACCOUNT_NAME, mAccount.name); - if (!isOAuth) - intent.putExtra(AccountManager.KEY_AUTHTOKEN, AccountAuthenticator.ACCOUNT_TYPE); // TODO check this; not sure it's right; maybe - intent.putExtra(AccountManager.KEY_USERDATA, username); - if (isOAuth) { - mAccountMgr.setAuthToken(mAccount, AccountAuthenticator.AUTH_TOKEN_TYPE_ACCESS_TOKEN, mOAuthAccessToken); + + private String getUserNameForSamlSso() { + if (mAuthToken != null) { + String [] cookies = mAuthToken.split(";"); + for (int i=0; i