X-Git-Url: http://git.linex4red.de/pub/Android/ownCloud.git/blobdiff_plain/b36914df88ff9abd04c19b422889de894df3a714..b6213a0d5fbc40568c32b36fa12ce24c1780c58b:/src/com/owncloud/android/authentication/AuthenticatorActivity.java diff --git a/src/com/owncloud/android/authentication/AuthenticatorActivity.java b/src/com/owncloud/android/authentication/AuthenticatorActivity.java index ef5c21b5..138c8609 100644 --- a/src/com/owncloud/android/authentication/AuthenticatorActivity.java +++ b/src/com/owncloud/android/authentication/AuthenticatorActivity.java @@ -18,22 +18,7 @@ package com.owncloud.android.authentication; -import com.owncloud.android.AccountUtils; -import com.owncloud.android.Log_OC; -import com.owncloud.android.ui.dialog.SslValidatorDialog; -import com.owncloud.android.ui.dialog.SslValidatorDialog.OnSslValidatorListener; -import com.owncloud.android.utils.OwnCloudVersion; -import com.owncloud.android.network.OwnCloudClientUtils; -import com.owncloud.android.operations.OwnCloudServerCheckOperation; -import com.owncloud.android.operations.ExistenceCheckOperation; -import com.owncloud.android.operations.OAuth2GetAccessToken; -import com.owncloud.android.operations.OnRemoteOperationListener; -import com.owncloud.android.operations.RemoteOperation; -import com.owncloud.android.operations.RemoteOperationResult; -import com.owncloud.android.operations.RemoteOperationResult.ResultCode; - import android.accounts.Account; -import android.accounts.AccountAuthenticatorActivity; import android.accounts.AccountManager; import android.app.AlertDialog; import android.app.Dialog; @@ -42,22 +27,44 @@ import android.content.ContentResolver; import android.content.DialogInterface; import android.content.Intent; import android.content.SharedPreferences; +import android.graphics.Rect; +import android.graphics.drawable.Drawable; import android.net.Uri; import android.os.Bundle; import android.os.Handler; import android.preference.PreferenceManager; +import android.text.Editable; import android.text.InputType; +import android.text.TextWatcher; +import android.view.KeyEvent; +import android.view.MotionEvent; import android.view.View; import android.view.View.OnFocusChangeListener; +import android.view.View.OnTouchListener; import android.view.Window; +import android.view.inputmethod.EditorInfo; +import android.widget.Button; import android.widget.CheckBox; import android.widget.EditText; -import android.widget.Button; -import android.widget.ImageView; import android.widget.TextView; +import android.widget.TextView.OnEditorActionListener; import android.widget.Toast; +import com.owncloud.android.Log_OC; import com.owncloud.android.R; +import com.owncloud.android.authentication.SsoWebViewClient.SsoWebViewClientListener; +import com.owncloud.android.network.OwnCloudClientUtils; +import com.owncloud.android.operations.ExistenceCheckOperation; +import com.owncloud.android.operations.OAuth2GetAccessToken; +import com.owncloud.android.operations.OnRemoteOperationListener; +import com.owncloud.android.operations.OwnCloudServerCheckOperation; +import com.owncloud.android.operations.RemoteOperation; +import com.owncloud.android.operations.RemoteOperationResult; +import com.owncloud.android.operations.RemoteOperationResult.ResultCode; +import com.owncloud.android.ui.dialog.SamlWebViewDialog; +import com.owncloud.android.ui.dialog.SslValidatorDialog; +import com.owncloud.android.ui.dialog.SslValidatorDialog.OnSslValidatorListener; +import com.owncloud.android.utils.OwnCloudVersion; import eu.alefzero.webdav.WebdavClient; @@ -68,7 +75,7 @@ import eu.alefzero.webdav.WebdavClient; * @author David A. Velasco */ public class AuthenticatorActivity extends AccountAuthenticatorActivity - implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeListener { +implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeListener, OnEditorActionListener, SsoWebViewClientListener{ private static final String TAG = AuthenticatorActivity.class.getSimpleName(); @@ -76,21 +83,26 @@ public class AuthenticatorActivity extends AccountAuthenticatorActivity public static final String EXTRA_USER_NAME = "USER_NAME"; public static final String EXTRA_HOST_NAME = "HOST_NAME"; public static final String EXTRA_ACTION = "ACTION"; - + public static final String EXTRA_ENFORCED_UPDATE = "ENFORCE_UPDATE"; + private static final String KEY_HOST_URL_TEXT = "HOST_URL_TEXT"; private static final String KEY_OC_VERSION = "OC_VERSION"; private static final String KEY_ACCOUNT = "ACCOUNT"; - private static final String KEY_STATUS_TEXT = "STATUS_TEXT"; - private static final String KEY_STATUS_ICON = "STATUS_ICON"; - private static final String KEY_STATUS_CORRECT = "STATUS_CORRECT"; + private static final String KEY_SERVER_VALID = "SERVER_VALID"; + private static final String KEY_SERVER_CHECKED = "SERVER_CHECKED"; + private static final String KEY_SERVER_CHECK_IN_PROGRESS = "SERVER_CHECK_IN_PROGRESS"; + private static final String KEY_SERVER_STATUS_TEXT = "SERVER_STATUS_TEXT"; + private static final String KEY_SERVER_STATUS_ICON = "SERVER_STATUS_ICON"; private static final String KEY_IS_SSL_CONN = "IS_SSL_CONN"; - private static final String KEY_OAUTH2_STATUS_TEXT = "OAUTH2_STATUS_TEXT"; - private static final String KEY_OAUTH2_STATUS_ICON = "OAUTH2_STATUS_ICON"; - - private static final String OAUTH_MODE_ON = "on"; - private static final String OAUTH_MODE_OFF = "off"; - private static final String OAUTH_MODE_OPTIONAL = "optional"; + private static final String KEY_PASSWORD_VISIBLE = "PASSWORD_VISIBLE"; + private static final String KEY_AUTH_STATUS_TEXT = "AUTH_STATUS_TEXT"; + private static final String KEY_AUTH_STATUS_ICON = "AUTH_STATUS_ICON"; + private static final String KEY_REFRESH_BUTTON_ENABLED = "KEY_REFRESH_BUTTON_ENABLED"; + private static final String AUTH_ON = "on"; + private static final String AUTH_OFF = "off"; + private static final String AUTH_OPTIONAL = "optional"; + private static final int DIALOG_LOGIN_PROGRESS = 0; private static final int DIALOG_SSL_VALIDATOR = 1; private static final int DIALOG_CERT_NOT_SAVED = 2; @@ -99,14 +111,16 @@ public class AuthenticatorActivity extends AccountAuthenticatorActivity public static final byte ACTION_CREATE = 0; public static final byte ACTION_UPDATE_TOKEN = 1; + private static final String TAG_SAML_DIALOG = "samlWebViewDialog"; private String mHostBaseUrl; private OwnCloudVersion mDiscoveredVersion; - - private int mStatusText, mStatusIcon; - private boolean mStatusCorrect, mIsSslConn; - private int mOAuth2StatusText, mOAuth2StatusIcon; - + + private int mServerStatusText, mServerStatusIcon; + private boolean mServerIsChecked, mServerIsValid, mIsSslConn; + private int mAuthStatusText, mAuthStatusIcon; + private TextView mAuthStatusLayout; + private final Handler mHandler = new Handler(); private Thread mOperationThread; private OwnCloudServerCheckOperation mOcServerChkOperation; @@ -114,26 +128,34 @@ public class AuthenticatorActivity extends AccountAuthenticatorActivity private RemoteOperationResult mLastSslUntrustedServerResult; private Uri mNewCapturedUriFromOAuth2Redirection; - + private AccountManager mAccountMgr; private boolean mJustCreated; private byte mAction; private Account mAccount; - - private ImageView mRefreshButton; - private ImageView mViewPasswordButton; + private EditText mHostUrlInput; + private boolean mHostUrlInputEnabled; + private View mRefreshButton; + + private String mCurrentAuthTokenType; + private EditText mUsernameInput; private EditText mPasswordInput; + private CheckBox mOAuth2Check; - private String mOAuthAccessToken; - private View mOkButton; - private TextView mAuthStatusLayout; private TextView mOAuthAuthEndpointText; private TextView mOAuthTokenEndpointText; + private TextView mAccountNameInput; + private SamlWebViewDialog mSamlDialog; + private View mOkButton; + + private String mAuthToken; + + /** * {@inheritDoc} * @@ -143,82 +165,208 @@ public class AuthenticatorActivity extends AccountAuthenticatorActivity protected void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); getWindow().requestFeature(Window.FEATURE_NO_TITLE); - + /// set view and get references to view elements setContentView(R.layout.account_setup); - mRefreshButton = (ImageView) findViewById(R.id.refreshButton); - mViewPasswordButton = (ImageView) findViewById(R.id.viewPasswordButton); mHostUrlInput = (EditText) findViewById(R.id.hostUrlInput); + mHostUrlInput.setText(getString(R.string.server_url)); // valid although R.string.server_url is an empty string mUsernameInput = (EditText) findViewById(R.id.account_username); mPasswordInput = (EditText) findViewById(R.id.account_password); mOAuthAuthEndpointText = (TextView)findViewById(R.id.oAuthEntryPoint_1); mOAuthTokenEndpointText = (TextView)findViewById(R.id.oAuthEntryPoint_2); mOAuth2Check = (CheckBox) findViewById(R.id.oauth_onOff_check); + mAccountNameInput = (EditText) findViewById(R.id.account_name); mOkButton = findViewById(R.id.buttonOK); mAuthStatusLayout = (TextView) findViewById(R.id.auth_status_text); + /// set Host Url Input Enabled + mHostUrlInputEnabled = getResources().getBoolean(R.bool.show_server_url_input); + + /// complete label for 'register account' button Button b = (Button) findViewById(R.id.account_register); if (b != null) { b.setText(String.format(getString(R.string.auth_register), getString(R.string.app_name))); } - /// bind view elements to listeners - mHostUrlInput.setOnFocusChangeListener(this); - mPasswordInput.setOnFocusChangeListener(this); - /// initialization mAccountMgr = AccountManager.get(this); mNewCapturedUriFromOAuth2Redirection = null; mAction = getIntent().getByteExtra(EXTRA_ACTION, ACTION_CREATE); mAccount = null; + mHostBaseUrl = ""; + boolean refreshButtonEnabled = false; + + // URL input configuration applied + if (!mHostUrlInputEnabled) + { + findViewById(R.id.hostUrlFrame).setVisibility(View.GONE); + mRefreshButton = findViewById(R.id.centeredRefreshButton); + + } else { + mRefreshButton = findViewById(R.id.embeddedRefreshButton); + } if (savedInstanceState == null) { /// connection state and info - mStatusText = mStatusIcon = 0; - mStatusCorrect = false; + mServerStatusText = mServerStatusIcon = 0; + mServerIsValid = false; + mServerIsChecked = false; mIsSslConn = false; - + mAuthStatusText = mAuthStatusIcon = 0; + /// retrieve extras from intent - String tokenType = getIntent().getExtras().getString(AccountAuthenticator.KEY_AUTH_TOKEN_TYPE); - boolean oAuthRequired = AccountAuthenticator.AUTH_TOKEN_TYPE_ACCESS_TOKEN.equals(tokenType) || OAUTH_MODE_ON.equals(getString(R.string.oauth2_mode)); - mAccount = getIntent().getExtras().getParcelable(EXTRA_ACCOUNT); if (mAccount != null) { String ocVersion = mAccountMgr.getUserData(mAccount, AccountAuthenticator.KEY_OC_VERSION); if (ocVersion != null) { mDiscoveredVersion = new OwnCloudVersion(ocVersion); } - mHostBaseUrl = mAccountMgr.getUserData(mAccount, AccountAuthenticator.KEY_OC_BASE_URL); + mHostBaseUrl = normalizeUrl(mAccountMgr.getUserData(mAccount, AccountAuthenticator.KEY_OC_BASE_URL)); mHostUrlInput.setText(mHostBaseUrl); - String userName = mAccount.name.substring(0, mAccount.name.lastIndexOf('@')); - mUsernameInput.setText(userName); - oAuthRequired = (mAccountMgr.getUserData(mAccount, AccountAuthenticator.KEY_SUPPORTS_OAUTH2) != null); } - mOAuth2Check.setChecked(oAuthRequired); - changeViewByOAuth2Check(oAuthRequired); + initAuthorizationMethod(); // checks intent and setup.xml to determine mCurrentAuthorizationMethod + mJustCreated = true; + + if (mAction == ACTION_UPDATE_TOKEN || !mHostUrlInputEnabled) { + checkOcServer(); + } - } else { - loadSavedInstanceState(savedInstanceState); - } - - if (!OAUTH_MODE_OPTIONAL.equals(getString(R.string.oauth2_mode))) { - mOAuth2Check.setVisibility(View.GONE); + /// connection state and info + mServerIsValid = savedInstanceState.getBoolean(KEY_SERVER_VALID); + mServerIsChecked = savedInstanceState.getBoolean(KEY_SERVER_CHECKED); + mServerStatusText = savedInstanceState.getInt(KEY_SERVER_STATUS_TEXT); + mServerStatusIcon = savedInstanceState.getInt(KEY_SERVER_STATUS_ICON); + mIsSslConn = savedInstanceState.getBoolean(KEY_IS_SSL_CONN); + mAuthStatusText = savedInstanceState.getInt(KEY_AUTH_STATUS_TEXT); + mAuthStatusIcon = savedInstanceState.getInt(KEY_AUTH_STATUS_ICON); + if (savedInstanceState.getBoolean(KEY_PASSWORD_VISIBLE, false)) { + showPassword(); + } + + /// server data + String ocVersion = savedInstanceState.getString(KEY_OC_VERSION); + if (ocVersion != null) { + mDiscoveredVersion = new OwnCloudVersion(ocVersion); + } + mHostBaseUrl = savedInstanceState.getString(KEY_HOST_URL_TEXT); + + // account data, if updating + mAccount = savedInstanceState.getParcelable(KEY_ACCOUNT); + mCurrentAuthTokenType = savedInstanceState.getString(AccountAuthenticator.KEY_AUTH_TOKEN_TYPE); + if (mCurrentAuthTokenType == null) { + mCurrentAuthTokenType = AccountAuthenticator.AUTH_TOKEN_TYPE_PASSWORD; + + } + + // check if server check was interrupted by a configuration change + if (savedInstanceState.getBoolean(KEY_SERVER_CHECK_IN_PROGRESS, false)) { + checkOcServer(); + } + + // refresh button enabled + refreshButtonEnabled = savedInstanceState.getBoolean(KEY_REFRESH_BUTTON_ENABLED); + + } + + adaptViewAccordingToAuthenticationMethod(); + showServerStatus(); + showAuthStatus(); if (mAction == ACTION_UPDATE_TOKEN) { /// lock things that should not change mHostUrlInput.setEnabled(false); + mHostUrlInput.setFocusable(false); mUsernameInput.setEnabled(false); + mUsernameInput.setFocusable(false); mOAuth2Check.setVisibility(View.GONE); - checkOcServer(); } + //if (mServerIsChecked && !mServerIsValid && mRefreshButtonEnabled) showRefreshButton(); + if (mServerIsChecked && !mServerIsValid && refreshButtonEnabled) showRefreshButton(); + mOkButton.setEnabled(mServerIsValid); // state not automatically recovered in configuration changes + + if (AccountAuthenticator.AUTH_TOKEN_TYPE_SAML_WEB_SSO_SESSION_COOKIE.equals(mCurrentAuthTokenType) || + !AUTH_OPTIONAL.equals(getString(R.string.auth_method_oauth2))) { + mOAuth2Check.setVisibility(View.GONE); + } + mPasswordInput.setText(""); // clean password to avoid social hacking (disadvantage: password in removed if the device is turned aside) - mJustCreated = true; + + /// bind view elements to listeners and other friends + mHostUrlInput.setOnFocusChangeListener(this); + mHostUrlInput.addTextChangedListener(new TextWatcher() { + + @Override + public void afterTextChanged(Editable s) { + if (!mHostBaseUrl.equals(normalizeUrl(mHostUrlInput.getText().toString()))) { + mOkButton.setEnabled(false); + } + } + + @Override + public void beforeTextChanged(CharSequence s, int start, int count, int after) {} + + @Override + public void onTextChanged(CharSequence s, int start, int before, int count) {} + + }); + mPasswordInput.setOnFocusChangeListener(this); + mPasswordInput.setImeOptions(EditorInfo.IME_ACTION_DONE); + mPasswordInput.setOnEditorActionListener(this); + mPasswordInput.setOnTouchListener(new RightDrawableOnTouchListener() { + @Override + public boolean onDrawableTouch(final MotionEvent event) { + if (event.getAction() == MotionEvent.ACTION_UP) { + AuthenticatorActivity.this.onViewPasswordClick(); + } + return true; + } + }); + } + + + private void initAuthorizationMethod() { + boolean oAuthRequired = false; + boolean samlWebSsoRequired = false; + + mCurrentAuthTokenType = getIntent().getExtras().getString(AccountAuthenticator.KEY_AUTH_TOKEN_TYPE); + mAccount = getIntent().getExtras().getParcelable(EXTRA_ACCOUNT); + + // TODO could be a good moment to validate the received token type, if not null + + if (mCurrentAuthTokenType == null) { + if (mAccount != null) { + /// same authentication method than the one used to create the account to update + oAuthRequired = (mAccountMgr.getUserData(mAccount, AccountAuthenticator.KEY_SUPPORTS_OAUTH2) != null); + samlWebSsoRequired = (mAccountMgr.getUserData(mAccount, AccountAuthenticator.KEY_SUPPORTS_SAML_WEB_SSO) != null); + + } else { + /// use the one set in setup.xml + oAuthRequired = AUTH_ON.equals(getString(R.string.auth_method_oauth2)); + samlWebSsoRequired = AUTH_ON.equals(getString(R.string.auth_method_saml_web_sso)); + } + if (oAuthRequired) { + mCurrentAuthTokenType = AccountAuthenticator.AUTH_TOKEN_TYPE_ACCESS_TOKEN; + } else if (samlWebSsoRequired) { + mCurrentAuthTokenType = AccountAuthenticator.AUTH_TOKEN_TYPE_SAML_WEB_SSO_SESSION_COOKIE; + } else { + mCurrentAuthTokenType = AccountAuthenticator.AUTH_TOKEN_TYPE_PASSWORD; + } + } + + if (mAccount != null) { + String userName = mAccount.name.substring(0, mAccount.name.lastIndexOf('@')); + mUsernameInput.setText(userName); + } + + mOAuth2Check.setChecked(AccountAuthenticator.AUTH_TOKEN_TYPE_ACCESS_TOKEN.equals(mCurrentAuthTokenType)); + + } /** * Saves relevant state before {@link #onPause()} @@ -231,67 +379,37 @@ public class AuthenticatorActivity extends AccountAuthenticatorActivity @Override protected void onSaveInstanceState(Bundle outState) { super.onSaveInstanceState(outState); - + /// connection state and info - outState.putInt(KEY_STATUS_TEXT, mStatusText); - outState.putInt(KEY_STATUS_ICON, mStatusIcon); - outState.putBoolean(KEY_STATUS_CORRECT, mStatusCorrect); + outState.putInt(KEY_SERVER_STATUS_TEXT, mServerStatusText); + outState.putInt(KEY_SERVER_STATUS_ICON, mServerStatusIcon); + outState.putBoolean(KEY_SERVER_VALID, mServerIsValid); + outState.putBoolean(KEY_SERVER_CHECKED, mServerIsChecked); + outState.putBoolean(KEY_SERVER_CHECK_IN_PROGRESS, (!mServerIsValid && mOcServerChkOperation != null)); outState.putBoolean(KEY_IS_SSL_CONN, mIsSslConn); + outState.putBoolean(KEY_PASSWORD_VISIBLE, isPasswordVisible()); + outState.putInt(KEY_AUTH_STATUS_ICON, mAuthStatusIcon); + outState.putInt(KEY_AUTH_STATUS_TEXT, mAuthStatusText); /// server data - if (mDiscoveredVersion != null) + if (mDiscoveredVersion != null) { outState.putString(KEY_OC_VERSION, mDiscoveredVersion.toString()); + } outState.putString(KEY_HOST_URL_TEXT, mHostBaseUrl); - + /// account data, if updating - if (mAccount != null) + if (mAccount != null) { outState.putParcelable(KEY_ACCOUNT, mAccount); + } + outState.putString(AccountAuthenticator.KEY_AUTH_TOKEN_TYPE, mCurrentAuthTokenType); - // Saving the state of oAuth2 components. - outState.putInt(KEY_OAUTH2_STATUS_ICON, mOAuth2StatusIcon); - outState.putInt(KEY_OAUTH2_STATUS_TEXT, mOAuth2StatusText); + // refresh button enabled + outState.putBoolean(KEY_REFRESH_BUTTON_ENABLED, (mRefreshButton.getVisibility() == View.VISIBLE)); - } - - /** - * Loads saved state - * - * See {@link #onSaveInstanceState(Bundle)}. - * - * @param savedInstanceState Saved state, as received in {@link #onCreate(Bundle)}. - */ - private void loadSavedInstanceState(Bundle savedInstanceState) { - /// connection state and info - mStatusCorrect = savedInstanceState.getBoolean(KEY_STATUS_CORRECT); - mIsSslConn = savedInstanceState.getBoolean(KEY_IS_SSL_CONN); - mStatusText = savedInstanceState.getInt(KEY_STATUS_TEXT); - mStatusIcon = savedInstanceState.getInt(KEY_STATUS_ICON); - updateConnStatus(); - - /// UI settings depending upon connection - mOkButton.setEnabled(mStatusCorrect); // TODO really necessary? - if (!mStatusCorrect) - mRefreshButton.setVisibility(View.VISIBLE); // seems that setting visibility is necessary - else - mRefreshButton.setVisibility(View.INVISIBLE); - - /// server data - String ocVersion = savedInstanceState.getString(KEY_OC_VERSION); - if (ocVersion != null) - mDiscoveredVersion = new OwnCloudVersion(ocVersion); - mHostBaseUrl = savedInstanceState.getString(KEY_HOST_URL_TEXT); - - // account data, if updating - mAccount = savedInstanceState.getParcelable(KEY_ACCOUNT); - - // state of oAuth2 components - mOAuth2StatusIcon = savedInstanceState.getInt(KEY_OAUTH2_STATUS_ICON); - mOAuth2StatusText = savedInstanceState.getInt(KEY_OAUTH2_STATUS_TEXT); - // END of getting the state of oAuth2 components. } - + /** * The redirection triggered by the OAuth authentication server as response to the GET AUTHORIZATION request * is caught here. @@ -308,7 +426,7 @@ public class AuthenticatorActivity extends AccountAuthenticatorActivity } } - + /** * The redirection triggered by the OAuth authentication server as response to the GET AUTHORIZATION, and * deferred in {@link #onNewIntent(Intent)}, is processed here. @@ -316,23 +434,22 @@ public class AuthenticatorActivity extends AccountAuthenticatorActivity @Override protected void onResume() { super.onResume(); - // the state of mOAuth2Check is automatically recovered between configuration changes, but not before onCreate() finishes; so keep the next lines here - changeViewByOAuth2Check(mOAuth2Check.isChecked()); - if (mAction == ACTION_UPDATE_TOKEN && mJustCreated) { + if (mAction == ACTION_UPDATE_TOKEN && mJustCreated && getIntent().getBooleanExtra(EXTRA_ENFORCED_UPDATE, false)) { if (mOAuth2Check.isChecked()) Toast.makeText(this, R.string.auth_expired_oauth_token_toast, Toast.LENGTH_LONG).show(); else Toast.makeText(this, R.string.auth_expired_basic_auth_toast, Toast.LENGTH_LONG).show(); } - + if (mNewCapturedUriFromOAuth2Redirection != null) { getOAuth2AccessTokenFromCapturedRedirection(); } - + mJustCreated = false; + } - - + + /** * Parses the redirection with the response to the GET AUTHORIZATION request to the * oAuth server and requests for the access token (GET ACCESS TOKEN) @@ -341,34 +458,39 @@ public class AuthenticatorActivity extends AccountAuthenticatorActivity /// Parse data from OAuth redirection String queryParameters = mNewCapturedUriFromOAuth2Redirection.getQuery(); mNewCapturedUriFromOAuth2Redirection = null; - + /// Showing the dialog with instructions for the user. showDialog(DIALOG_OAUTH2_LOGIN_PROGRESS); /// GET ACCESS TOKEN to the oAuth server RemoteOperation operation = new OAuth2GetAccessToken( getString(R.string.oauth2_client_id), - getString(R.string.oauth2_redirect_uri), // TODO check - necessary here? - getString(R.string.oauth2_grant_type), - queryParameters); + getString(R.string.oauth2_redirect_uri), + getString(R.string.oauth2_grant_type), + queryParameters); //WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(getString(R.string.oauth2_url_endpoint_access)), getApplicationContext()); - WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(mOAuthTokenEndpointText.getText().toString().trim()), getApplicationContext()); + WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(mOAuthTokenEndpointText.getText().toString().trim()), getApplicationContext(), true); operation.execute(client, this, mHandler); } - - + + /** * Handles the change of focus on the text inputs for the server URL and the password */ public void onFocusChange(View view, boolean hasFocus) { - if (view.getId() == R.id.hostUrlInput) { - onUrlInputFocusChanged((TextView) view, hasFocus); - + if (view.getId() == R.id.hostUrlInput) { + if (!hasFocus) { + onUrlInputFocusLost((TextView) view); + } + else { + hideRefreshButton(); + } + } else if (view.getId() == R.id.account_password) { onPasswordFocusChanged((TextView) view, hasFocus); } } - + /** * Handles changes in focus on the text input for the server URL. @@ -380,39 +502,42 @@ public class AuthenticatorActivity extends AccountAuthenticatorActivity * When hasFocus: user 'comes back' to write again the server URL. * * @param hostInput TextView with the URL input field receiving the change of focus. - * @param hasFocus 'True' if focus is received, 'false' if is lost */ - private void onUrlInputFocusChanged(TextView hostInput, boolean hasFocus) { - if (!hasFocus) { + private void onUrlInputFocusLost(TextView hostInput) { + if (!mHostBaseUrl.equals(normalizeUrl(mHostUrlInput.getText().toString()))) { checkOcServer(); - } else { - // avoids that the 'connect' button can be clicked if the test was previously passed - mOkButton.setEnabled(false); + mOkButton.setEnabled(mServerIsValid); + if (!mServerIsValid) { + showRefreshButton(); + } } } private void checkOcServer() { - String uri = mHostUrlInput.getText().toString().trim(); + String uri = trimUrlWebdav(mHostUrlInput.getText().toString().trim()); + + if (!mHostUrlInputEnabled){ + uri = getString(R.string.server_url); + } + + mServerIsValid = false; + mServerIsChecked = false; + mOkButton.setEnabled(false); + mDiscoveredVersion = null; + hideRefreshButton(); if (uri.length() != 0) { - mStatusText = R.string.auth_testing_connection; - mStatusIcon = R.drawable.progress_small; - updateConnStatus(); - /** TODO cancel previous connection check if the user tries to ammend a wrong URL - if(mConnChkOperation != null) { - mConnChkOperation.cancel(); - } */ + mServerStatusText = R.string.auth_testing_connection; + mServerStatusIcon = R.drawable.progress_small; + showServerStatus(); mOcServerChkOperation = new OwnCloudServerCheckOperation(uri, this); - WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(uri), this); - mHostBaseUrl = ""; - mDiscoveredVersion = null; + WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(uri), this, true); mOperationThread = mOcServerChkOperation.execute(client, this, mHandler); } else { - mRefreshButton.setVisibility(View.INVISIBLE); - mStatusText = 0; - mStatusIcon = 0; - updateConnStatus(); + mServerStatusText = 0; + mServerStatusIcon = 0; + showServerStatus(); } } @@ -429,15 +554,42 @@ public class AuthenticatorActivity extends AccountAuthenticatorActivity */ private void onPasswordFocusChanged(TextView passwordInput, boolean hasFocus) { if (hasFocus) { - mViewPasswordButton.setVisibility(View.VISIBLE); + showViewPasswordButton(); } else { - int input_type = InputType.TYPE_CLASS_TEXT | InputType.TYPE_TEXT_VARIATION_PASSWORD; - passwordInput.setInputType(input_type); - mViewPasswordButton.setVisibility(View.INVISIBLE); + hidePassword(); + hidePasswordButton(); } } + private void showViewPasswordButton() { + //int drawable = android.R.drawable.ic_menu_view; + int drawable = R.drawable.ic_view; + if (isPasswordVisible()) { + //drawable = android.R.drawable.ic_secure; + drawable = R.drawable.ic_hide; + } + mPasswordInput.setCompoundDrawablesWithIntrinsicBounds(0, 0, drawable, 0); + } + + private boolean isPasswordVisible() { + return ((mPasswordInput.getInputType() & InputType.TYPE_TEXT_VARIATION_VISIBLE_PASSWORD) == InputType.TYPE_TEXT_VARIATION_VISIBLE_PASSWORD); + } + + private void hidePasswordButton() { + mPasswordInput.setCompoundDrawablesWithIntrinsicBounds(0, 0, 0, 0); + } + + private void showPassword() { + mPasswordInput.setInputType(InputType.TYPE_CLASS_TEXT | InputType.TYPE_TEXT_VARIATION_VISIBLE_PASSWORD); + showViewPasswordButton(); + } + + private void hidePassword() { + mPasswordInput.setInputType(InputType.TYPE_CLASS_TEXT | InputType.TYPE_TEXT_VARIATION_PASSWORD); + showViewPasswordButton(); + } + /** * Cancels the authenticator activity @@ -452,9 +604,9 @@ public class AuthenticatorActivity extends AccountAuthenticatorActivity setResult(RESULT_CANCELED); // TODO review how is this related to AccountAuthenticator (debugging) finish(); } - - - + + + /** * Checks the credentials of the user in the root of the ownCloud server * before creating a new local account. @@ -472,41 +624,42 @@ public class AuthenticatorActivity extends AccountAuthenticatorActivity public void onOkClick(View view) { // this check should be unnecessary if (mDiscoveredVersion == null || !mDiscoveredVersion.isVersionValid() || mHostBaseUrl == null || mHostBaseUrl.length() == 0) { - mStatusIcon = R.drawable.common_error; - mStatusText = R.string.auth_wtf_reenter_URL; - updateConnStatus(); + mServerStatusIcon = R.drawable.common_error; + mServerStatusText = R.string.auth_wtf_reenter_URL; + showServerStatus(); mOkButton.setEnabled(false); Log_OC.wtf(TAG, "The user was allowed to click 'connect' to an unchecked server!!"); return; } - - if (mOAuth2Check.isChecked()) { + + if (AccountAuthenticator.AUTH_TOKEN_TYPE_ACCESS_TOKEN.equals(mCurrentAuthTokenType)) { startOauthorization(); - + } else if (AccountAuthenticator.AUTH_TOKEN_TYPE_SAML_WEB_SSO_SESSION_COOKIE.equals(mCurrentAuthTokenType)) { + startSamlBasedFederatedSingleSignOnAuthorization(); } else { checkBasicAuthorization(); } } - - + + /** * Tests the credentials entered by the user performing a check of existence on * the root folder of the ownCloud server. */ private void checkBasicAuthorization() { /// get the path to the root folder through WebDAV from the version server - String webdav_path = AccountUtils.getWebdavPath(mDiscoveredVersion, false); - + String webdav_path = AccountUtils.getWebdavPath(mDiscoveredVersion, mCurrentAuthTokenType); + /// get basic credentials entered by user String username = mUsernameInput.getText().toString(); String password = mPasswordInput.getText().toString(); - + /// be gentle with the user showDialog(DIALOG_LOGIN_PROGRESS); - + /// test credentials accessing the root folder mAuthCheckOperation = new ExistenceCheckOperation("", this, false); - WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(mHostBaseUrl + webdav_path), this); + WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(mHostBaseUrl + webdav_path), this, true); client.setBasicCredentials(username, password); mOperationThread = mAuthCheckOperation.execute(client, this, mHandler); } @@ -518,10 +671,11 @@ public class AuthenticatorActivity extends AccountAuthenticatorActivity */ private void startOauthorization() { // be gentle with the user - mStatusIcon = R.drawable.progress_small; - mStatusText = R.string.oauth_login_connection; - updateAuthStatus(); + mAuthStatusIcon = R.drawable.progress_small; + mAuthStatusText = R.string.oauth_login_connection; + showAuthStatus(); + // GET AUTHORIZATION request //Uri uri = Uri.parse(getString(R.string.oauth2_url_endpoint_auth)); Uri uri = Uri.parse(mOAuthAuthEndpointText.getText().toString().trim()); @@ -537,7 +691,27 @@ public class AuthenticatorActivity extends AccountAuthenticatorActivity startActivity(i); } - + + /** + * Starts the Web Single Sign On flow to get access to the root folder + * in the server. + */ + private void startSamlBasedFederatedSingleSignOnAuthorization() { + // be gentle with the user + mAuthStatusIcon = R.drawable.progress_small; + mAuthStatusText = R.string.auth_connecting_auth_server; + showAuthStatus(); + showDialog(DIALOG_LOGIN_PROGRESS); + + /// get the path to the root folder through WebDAV from the version server + String webdav_path = AccountUtils.getWebdavPath(mDiscoveredVersion, mCurrentAuthTokenType); + + /// test credentials accessing the root folder + mAuthCheckOperation = new ExistenceCheckOperation("", this, false); + WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(mHostBaseUrl + webdav_path), this, false); + mOperationThread = mAuthCheckOperation.execute(client, this, mHandler); + } + /** * Callback method invoked when a RemoteOperation executed by this Activity finishes. * @@ -548,16 +722,47 @@ public class AuthenticatorActivity extends AccountAuthenticatorActivity if (operation instanceof OwnCloudServerCheckOperation) { onOcServerCheckFinish((OwnCloudServerCheckOperation) operation, result); - + } else if (operation instanceof OAuth2GetAccessToken) { onGetOAuthAccessTokenFinish((OAuth2GetAccessToken)operation, result); - + } else if (operation instanceof ExistenceCheckOperation) { - onAuthorizationCheckFinish((ExistenceCheckOperation)operation, result); + if (AccountAuthenticator.AUTH_TOKEN_TYPE_SAML_WEB_SSO_SESSION_COOKIE.equals(mCurrentAuthTokenType)) { + onSamlBasedFederatedSingleSignOnAuthorizationStart(operation, result); + } else { + onAuthorizationCheckFinish((ExistenceCheckOperation)operation, result); + } } } + + private void onSamlBasedFederatedSingleSignOnAuthorizationStart(RemoteOperation operation, RemoteOperationResult result) { + try { + dismissDialog(DIALOG_LOGIN_PROGRESS); + } catch (IllegalArgumentException e) { + // NOTHING TO DO ; can't find out what situation that leads to the exception in this code, but user logs signal that it happens + } + + if (result.isTemporalRedirection() || result.isIdPRedirection()) { + String url = result.getRedirectedLocation(); + String targetUrl = mHostBaseUrl + AccountUtils.getWebdavPath(mDiscoveredVersion, mCurrentAuthTokenType); + + // Show dialog + mSamlDialog = SamlWebViewDialog.newInstance(url, targetUrl); + mSamlDialog.show(getSupportFragmentManager(), TAG_SAML_DIALOG); + + mAuthStatusIcon = android.R.drawable.ic_secure; + mAuthStatusText = R.string.auth_follow_auth_server; + + } else { + mAuthStatusIcon = R.drawable.common_error; + mAuthStatusText = R.string.auth_unsupported_auth_method; + + } + showAuthStatus(); + } + /** * Processes the result of the server check performed when the user finishes the enter of the @@ -567,135 +772,227 @@ public class AuthenticatorActivity extends AccountAuthenticatorActivity * @param result Result of the check. */ private void onOcServerCheckFinish(OwnCloudServerCheckOperation operation, RemoteOperationResult result) { - /// update status icon and text - updateStatusIconAndText(result); - updateConnStatus(); + if (operation.equals(mOcServerChkOperation)) { + /// save result state + mServerIsChecked = true; + mServerIsValid = result.isSuccess(); + mIsSslConn = (result.getCode() == ResultCode.OK_SSL); + mOcServerChkOperation = null; - /// save result state - mStatusCorrect = result.isSuccess(); - mIsSslConn = (result.getCode() == ResultCode.OK_SSL); - - /// very special case (TODO: move to a common place for all the remote operations) - if (result.getCode() == ResultCode.SSL_RECOVERABLE_PEER_UNVERIFIED) { - mLastSslUntrustedServerResult = result; - showDialog(DIALOG_SSL_VALIDATOR); - } - - /// update the visibility of the 'retry connection' button - if (!mStatusCorrect) - mRefreshButton.setVisibility(View.VISIBLE); - else - mRefreshButton.setVisibility(View.INVISIBLE); - - /// retrieve discovered version and normalize server URL - mDiscoveredVersion = operation.getDiscoveredVersion(); - mHostBaseUrl = mHostUrlInput.getText().toString().trim(); - if (!mHostBaseUrl.toLowerCase().startsWith("http://") && - !mHostBaseUrl.toLowerCase().startsWith("https://")) { - - if (mIsSslConn) { - mHostBaseUrl = "https://" + mHostBaseUrl; + /// update status icon and text + if (mServerIsValid) { + hideRefreshButton(); } else { - mHostBaseUrl = "http://" + mHostBaseUrl; + showRefreshButton(); } - + updateServerStatusIconAndText(result); + showServerStatus(); + + /// very special case (TODO: move to a common place for all the remote operations) + if (result.getCode() == ResultCode.SSL_RECOVERABLE_PEER_UNVERIFIED) { + mLastSslUntrustedServerResult = result; + showDialog(DIALOG_SSL_VALIDATOR); + } + + /// retrieve discovered version and normalize server URL + mDiscoveredVersion = operation.getDiscoveredVersion(); + mHostBaseUrl = normalizeUrl(mHostUrlInput.getText().toString()); + + /// allow or not the user try to access the server + mOkButton.setEnabled(mServerIsValid); + + } // else nothing ; only the last check operation is considered; + // multiple can be triggered if the user amends a URL before a previous check can be triggered + } + + + private String normalizeUrl(String url) { + if (url != null && url.length() > 0) { + url = url.trim(); + if (!url.toLowerCase().startsWith("http://") && + !url.toLowerCase().startsWith("https://")) { + if (mIsSslConn) { + url = "https://" + url; + } else { + url = "http://" + url; + } + } + + // OC-208: Add suffix remote.php/webdav to normalize (OC-34) + url = trimUrlWebdav(url); + + if (url.endsWith("/")) { + url = url.substring(0, url.length() - 1); + } + } - if (mHostBaseUrl.endsWith("/")) - mHostBaseUrl = mHostBaseUrl.substring(0, mHostBaseUrl.length() - 1); - - /// allow or not the user try to access the server - mOkButton.setEnabled(mStatusCorrect); + Log_OC.d(TAG, "URL Normalize " + url); + return (url != null ? url : ""); } + private String trimUrlWebdav(String url){ + if(url.toLowerCase().endsWith(AccountUtils.WEBDAV_PATH_4_0)){ + url = url.substring(0, url.length() - AccountUtils.WEBDAV_PATH_4_0.length()); + } else if(url.toLowerCase().endsWith(AccountUtils.WEBDAV_PATH_2_0)){ + url = url.substring(0, url.length() - AccountUtils.WEBDAV_PATH_2_0.length()); + } else if (url.toLowerCase().endsWith(AccountUtils.WEBDAV_PATH_1_2)){ + url = url.substring(0, url.length() - AccountUtils.WEBDAV_PATH_1_2.length()); + } + return (url != null ? url : ""); + } + + /** * Chooses the right icon and text to show to the user for the received operation result. * * @param result Result of a remote operation performed in this activity */ - private void updateStatusIconAndText(RemoteOperationResult result) { - mStatusText = mStatusIcon = 0; + private void updateServerStatusIconAndText(RemoteOperationResult result) { + mServerStatusIcon = R.drawable.common_error; // the most common case in the switch below switch (result.getCode()) { case OK_SSL: - mStatusIcon = android.R.drawable.ic_secure; - mStatusText = R.string.auth_secure_connection; + mServerStatusIcon = android.R.drawable.ic_secure; + mServerStatusText = R.string.auth_secure_connection; break; - + case OK_NO_SSL: case OK: if (mHostUrlInput.getText().toString().trim().toLowerCase().startsWith("http://") ) { - mStatusText = R.string.auth_connection_established; - mStatusIcon = R.drawable.ic_ok; + mServerStatusText = R.string.auth_connection_established; + mServerStatusIcon = R.drawable.ic_ok; } else { - mStatusText = R.string.auth_nossl_plain_ok_title; - mStatusIcon = android.R.drawable.ic_partial_secure; + mServerStatusText = R.string.auth_nossl_plain_ok_title; + mServerStatusIcon = android.R.drawable.ic_partial_secure; } break; - + + case NO_NETWORK_CONNECTION: + mServerStatusIcon = R.drawable.no_network; + mServerStatusText = R.string.auth_no_net_conn_title; + break; + case SSL_RECOVERABLE_PEER_UNVERIFIED: - mStatusIcon = R.drawable.common_error; - mStatusText = R.string.auth_ssl_unverified_server_title; + mServerStatusText = R.string.auth_ssl_unverified_server_title; break; - case BAD_OC_VERSION: - mStatusIcon = R.drawable.common_error; - mStatusText = R.string.auth_bad_oc_version_title; + mServerStatusText = R.string.auth_bad_oc_version_title; break; case WRONG_CONNECTION: - mStatusIcon = R.drawable.common_error; - mStatusText = R.string.auth_wrong_connection_title; + mServerStatusText = R.string.auth_wrong_connection_title; break; case TIMEOUT: - mStatusIcon = R.drawable.common_error; - mStatusText = R.string.auth_timeout_title; + mServerStatusText = R.string.auth_timeout_title; break; case INCORRECT_ADDRESS: - mStatusIcon = R.drawable.common_error; - mStatusText = R.string.auth_incorrect_address_title; + mServerStatusText = R.string.auth_incorrect_address_title; break; - case SSL_ERROR: - mStatusIcon = R.drawable.common_error; - mStatusText = R.string.auth_ssl_general_error_title; + mServerStatusText = R.string.auth_ssl_general_error_title; break; - case UNAUTHORIZED: - mStatusIcon = R.drawable.common_error; - mStatusText = R.string.auth_unauthorized; + mServerStatusText = R.string.auth_unauthorized; break; case HOST_NOT_AVAILABLE: - mStatusIcon = R.drawable.common_error; - mStatusText = R.string.auth_unknown_host_title; + mServerStatusText = R.string.auth_unknown_host_title; + break; + case INSTANCE_NOT_CONFIGURED: + mServerStatusText = R.string.auth_not_configured_title; + break; + case FILE_NOT_FOUND: + mServerStatusText = R.string.auth_incorrect_path_title; break; + case OAUTH2_ERROR: + mServerStatusText = R.string.auth_oauth_error; + break; + case OAUTH2_ERROR_ACCESS_DENIED: + mServerStatusText = R.string.auth_oauth_error_access_denied; + break; + case UNHANDLED_HTTP_CODE: + case UNKNOWN_ERROR: + mServerStatusText = R.string.auth_unknown_error_title; + break; + default: + mServerStatusText = 0; + mServerStatusIcon = 0; + } + } + + + /** + * Chooses the right icon and text to show to the user for the received operation result. + * + * @param result Result of a remote operation performed in this activity + */ + private void updateAuthStatusIconAndText(RemoteOperationResult result) { + mAuthStatusIcon = R.drawable.common_error; // the most common case in the switch below + + switch (result.getCode()) { + case OK_SSL: + mAuthStatusIcon = android.R.drawable.ic_secure; + mAuthStatusText = R.string.auth_secure_connection; + break; + + case OK_NO_SSL: + case OK: + if (mHostUrlInput.getText().toString().trim().toLowerCase().startsWith("http://") ) { + mAuthStatusText = R.string.auth_connection_established; + mAuthStatusIcon = R.drawable.ic_ok; + } else { + mAuthStatusText = R.string.auth_nossl_plain_ok_title; + mAuthStatusIcon = android.R.drawable.ic_partial_secure; + } + break; + case NO_NETWORK_CONNECTION: - mStatusIcon = R.drawable.no_network; - mStatusText = R.string.auth_no_net_conn_title; + mAuthStatusIcon = R.drawable.no_network; + mAuthStatusText = R.string.auth_no_net_conn_title; + break; + + case SSL_RECOVERABLE_PEER_UNVERIFIED: + mAuthStatusText = R.string.auth_ssl_unverified_server_title; + break; + case BAD_OC_VERSION: + mAuthStatusText = R.string.auth_bad_oc_version_title; + break; + case WRONG_CONNECTION: + mAuthStatusText = R.string.auth_wrong_connection_title; + break; + case TIMEOUT: + mAuthStatusText = R.string.auth_timeout_title; + break; + case INCORRECT_ADDRESS: + mAuthStatusText = R.string.auth_incorrect_address_title; + break; + case SSL_ERROR: + mAuthStatusText = R.string.auth_ssl_general_error_title; + break; + case UNAUTHORIZED: + mAuthStatusText = R.string.auth_unauthorized; + break; + case HOST_NOT_AVAILABLE: + mAuthStatusText = R.string.auth_unknown_host_title; break; case INSTANCE_NOT_CONFIGURED: - mStatusIcon = R.drawable.common_error; - mStatusText = R.string.auth_not_configured_title; + mAuthStatusText = R.string.auth_not_configured_title; break; case FILE_NOT_FOUND: - mStatusIcon = R.drawable.common_error; - mStatusText = R.string.auth_incorrect_path_title; + mAuthStatusText = R.string.auth_incorrect_path_title; break; case OAUTH2_ERROR: - mStatusIcon = R.drawable.common_error; - mStatusText = R.string.auth_oauth_error; + mAuthStatusText = R.string.auth_oauth_error; break; case OAUTH2_ERROR_ACCESS_DENIED: - mStatusIcon = R.drawable.common_error; - mStatusText = R.string.auth_oauth_error_access_denied; + mAuthStatusText = R.string.auth_oauth_error_access_denied; break; case UNHANDLED_HTTP_CODE: case UNKNOWN_ERROR: - mStatusIcon = R.drawable.common_error; - mStatusText = R.string.auth_unknown_error_title; + mAuthStatusText = R.string.auth_unknown_error_title; break; - default: - break; + mAuthStatusText = 0; + mAuthStatusIcon = 0; } } @@ -714,27 +1011,27 @@ public class AuthenticatorActivity extends AccountAuthenticatorActivity // NOTHING TO DO ; can't find out what situation that leads to the exception in this code, but user logs signal that it happens } - String webdav_path = AccountUtils.getWebdavPath(mDiscoveredVersion, true); + String webdav_path = AccountUtils.getWebdavPath(mDiscoveredVersion, mCurrentAuthTokenType); if (result.isSuccess() && webdav_path != null) { /// be gentle with the user showDialog(DIALOG_LOGIN_PROGRESS); - + /// time to test the retrieved access token on the ownCloud server - mOAuthAccessToken = ((OAuth2GetAccessToken)operation).getResultTokenMap().get(OAuth2Constants.KEY_ACCESS_TOKEN); - Log_OC.d(TAG, "Got ACCESS TOKEN: " + mOAuthAccessToken); + mAuthToken = ((OAuth2GetAccessToken)operation).getResultTokenMap().get(OAuth2Constants.KEY_ACCESS_TOKEN); + Log_OC.d(TAG, "Got ACCESS TOKEN: " + mAuthToken); mAuthCheckOperation = new ExistenceCheckOperation("", this, false); - WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(mHostBaseUrl + webdav_path), this); - client.setBearerCredentials(mOAuthAccessToken); + WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(mHostBaseUrl + webdav_path), this, true); + client.setBearerCredentials(mAuthToken); mAuthCheckOperation.execute(client, this, mHandler); - + } else { - updateStatusIconAndText(result); - updateAuthStatus(); + updateAuthStatusIconAndText(result); + showAuthStatus(); Log_OC.d(TAG, "Access failed: " + result.getLogMessage()); } } - + /** * Processes the result of the access check performed to try the user credentials. * @@ -749,27 +1046,53 @@ public class AuthenticatorActivity extends AccountAuthenticatorActivity } catch (IllegalArgumentException e) { // NOTHING TO DO ; can't find out what situation that leads to the exception in this code, but user logs signal that it happens } - + if (result.isSuccess()) { Log_OC.d(TAG, "Successful access - time to save the account"); if (mAction == ACTION_CREATE) { createAccount(); - + } else { updateToken(); } - + finish(); + + } else if (result.isServerFail() || result.isException()) { + /// if server fail or exception in authorization, the UI is updated as when a server check failed + mServerIsChecked = true; + mServerIsValid = false; + mIsSslConn = false; + mOcServerChkOperation = null; + mDiscoveredVersion = null; + mHostBaseUrl = normalizeUrl(mHostUrlInput.getText().toString()); + + // update status icon and text + updateServerStatusIconAndText(result); + showServerStatus(); + mAuthStatusIcon = 0; + mAuthStatusText = 0; + showAuthStatus(); - } else { - updateStatusIconAndText(result); - updateAuthStatus(); + // update input controls state + showRefreshButton(); + mOkButton.setEnabled(false); + + // very special case (TODO: move to a common place for all the remote operations) (dangerous here?) + if (result.getCode() == ResultCode.SSL_RECOVERABLE_PEER_UNVERIFIED) { + mLastSslUntrustedServerResult = result; + showDialog(DIALOG_SSL_VALIDATOR); + } + + } else { // authorization fail due to client side - probably wrong credentials + updateAuthStatusIconAndText(result); + showAuthStatus(); Log_OC.d(TAG, "Access failed: " + result.getLogMessage()); } } - + /** * Sets the proper response to get that the Account Authenticator that started this activity saves * a new authorization token for mAccount. @@ -778,11 +1101,17 @@ public class AuthenticatorActivity extends AccountAuthenticatorActivity Bundle response = new Bundle(); response.putString(AccountManager.KEY_ACCOUNT_NAME, mAccount.name); response.putString(AccountManager.KEY_ACCOUNT_TYPE, mAccount.type); - boolean isOAuth = mOAuth2Check.isChecked(); - if (isOAuth) { - response.putString(AccountManager.KEY_AUTHTOKEN, mOAuthAccessToken); + + if (AccountAuthenticator.AUTH_TOKEN_TYPE_ACCESS_TOKEN.equals(mCurrentAuthTokenType)) { + response.putString(AccountManager.KEY_AUTHTOKEN, mAuthToken); + // the next line is necessary; by now, notifications are calling directly to the AuthenticatorActivity to update, without AccountManager intervention + mAccountMgr.setAuthToken(mAccount, mCurrentAuthTokenType, mAuthToken); + + } else if (AccountAuthenticator.AUTH_TOKEN_TYPE_SAML_WEB_SSO_SESSION_COOKIE.equals(mCurrentAuthTokenType)) { + response.putString(AccountManager.KEY_AUTHTOKEN, mAuthToken); // the next line is necessary; by now, notifications are calling directly to the AuthenticatorActivity to update, without AccountManager intervention - mAccountMgr.setAuthToken(mAccount, AccountAuthenticator.AUTH_TOKEN_TYPE_ACCESS_TOKEN, mOAuthAccessToken); + mAccountMgr.setAuthToken(mAccount, mCurrentAuthTokenType, mAuthToken); + } else { response.putString(AccountManager.KEY_AUTHTOKEN, mPasswordInput.getText().toString()); mAccountMgr.setPassword(mAccount, mPasswordInput.getText().toString()); @@ -800,11 +1129,15 @@ public class AuthenticatorActivity extends AccountAuthenticatorActivity */ private void createAccount() { /// create and save new ownCloud account - boolean isOAuth = mOAuth2Check.isChecked(); - + boolean isOAuth = AccountAuthenticator.AUTH_TOKEN_TYPE_ACCESS_TOKEN.equals(mCurrentAuthTokenType); + boolean isSaml = AccountAuthenticator.AUTH_TOKEN_TYPE_SAML_WEB_SSO_SESSION_COOKIE.equals(mCurrentAuthTokenType); + Uri uri = Uri.parse(mHostBaseUrl); String username = mUsernameInput.getText().toString().trim(); - if (isOAuth) { + if (isSaml) { + username = mAccountNameInput.getText().toString().trim(); + + } else if (isOAuth) { username = "OAuth_user" + (new java.util.Random(System.currentTimeMillis())).nextLong(); } String accountName = username + "@" + uri.getHost(); @@ -812,8 +1145,8 @@ public class AuthenticatorActivity extends AccountAuthenticatorActivity accountName += ":" + uri.getPort(); } mAccount = new Account(accountName, AccountAuthenticator.ACCOUNT_TYPE); - if (isOAuth) { - mAccountMgr.addAccountExplicitly(mAccount, "", null); // with our implementation, the password is never input in the app + if (isOAuth || isSaml) { + mAccountMgr.addAccountExplicitly(mAccount, "", null); // with external authorizations, the password is never input in the app } else { mAccountMgr.addAccountExplicitly(mAccount, mPasswordInput.getText().toString(), null); } @@ -832,21 +1165,24 @@ public class AuthenticatorActivity extends AccountAuthenticatorActivity final Intent intent = new Intent(); intent.putExtra(AccountManager.KEY_ACCOUNT_TYPE, AccountAuthenticator.ACCOUNT_TYPE); intent.putExtra(AccountManager.KEY_ACCOUNT_NAME, mAccount.name); - if (!isOAuth) - intent.putExtra(AccountManager.KEY_AUTHTOKEN, AccountAuthenticator.ACCOUNT_TYPE); // TODO check this; not sure it's right; maybe + /*if (!isOAuth) + intent.putExtra(AccountManager.KEY_AUTHTOKEN, AccountAuthenticator.ACCOUNT_TYPE); */ intent.putExtra(AccountManager.KEY_USERDATA, username); - if (isOAuth) { - mAccountMgr.setAuthToken(mAccount, AccountAuthenticator.AUTH_TOKEN_TYPE_ACCESS_TOKEN, mOAuthAccessToken); + if (isOAuth || isSaml) { + mAccountMgr.setAuthToken(mAccount, mCurrentAuthTokenType, mAuthToken); } /// add user data to the new account; TODO probably can be done in the last parameter addAccountExplicitly, or in KEY_USERDATA mAccountMgr.setUserData(mAccount, AccountAuthenticator.KEY_OC_VERSION, mDiscoveredVersion.toString()); mAccountMgr.setUserData(mAccount, AccountAuthenticator.KEY_OC_BASE_URL, mHostBaseUrl); - if (isOAuth) - mAccountMgr.setUserData(mAccount, AccountAuthenticator.KEY_SUPPORTS_OAUTH2, "TRUE"); // TODO this flag should be unnecessary - + if (isSaml) { + mAccountMgr.setUserData(mAccount, AccountAuthenticator.KEY_SUPPORTS_SAML_WEB_SSO, "TRUE"); + } else if (isOAuth) { + mAccountMgr.setUserData(mAccount, AccountAuthenticator.KEY_SUPPORTS_OAUTH2, "TRUE"); + } + setAccountAuthenticatorResult(intent.getExtras()); setResult(RESULT_OK, intent); - + /// immediately request for the synchronization of the new account Bundle bundle = new Bundle(); bundle.putBoolean(ContentResolver.SYNC_EXTRAS_MANUAL, true); @@ -877,7 +1213,7 @@ public class AuthenticatorActivity extends AccountAuthenticatorActivity } } - + /** * {@inheritDoc} */ @@ -892,17 +1228,17 @@ public class AuthenticatorActivity extends AccountAuthenticatorActivity working_dialog.setIndeterminate(true); working_dialog.setCancelable(true); working_dialog - .setOnCancelListener(new DialogInterface.OnCancelListener() { - @Override - public void onCancel(DialogInterface dialog) { - /// TODO study if this is enough - Log_OC.i(TAG, "Login canceled"); - if (mOperationThread != null) { - mOperationThread.interrupt(); - finish(); - } - } - }); + .setOnCancelListener(new DialogInterface.OnCancelListener() { + @Override + public void onCancel(DialogInterface dialog) { + /// TODO study if this is enough + Log_OC.i(TAG, "Login canceled"); + if (mOperationThread != null) { + mOperationThread.interrupt(); + finish(); + } + } + }); dialog = working_dialog; break; } @@ -932,11 +1268,11 @@ public class AuthenticatorActivity extends AccountAuthenticatorActivity builder.setMessage(getResources().getString(R.string.ssl_validator_not_saved)); builder.setCancelable(false); builder.setPositiveButton(R.string.common_ok, new DialogInterface.OnClickListener() { - @Override - public void onClick(DialogInterface dialog, int which) { - dialog.dismiss(); - }; - }); + @Override + public void onClick(DialogInterface dialog, int which) { + dialog.dismiss(); + }; + }); dialog = builder.create(); break; } @@ -946,7 +1282,7 @@ public class AuthenticatorActivity extends AccountAuthenticatorActivity return dialog; } - + /** * Starts and activity to open the 'new account' page in the ownCloud web site * @@ -958,42 +1294,50 @@ public class AuthenticatorActivity extends AccountAuthenticatorActivity startActivity(register); } - + /** * Updates the content and visibility state of the icon and text associated * to the last check on the ownCloud server. */ - private void updateConnStatus() { - ImageView iv = (ImageView) findViewById(R.id.action_indicator); - TextView tv = (TextView) findViewById(R.id.status_text); + private void showServerStatus() { + TextView tv = (TextView) findViewById(R.id.server_status_text); - if (mStatusIcon == 0 && mStatusText == 0) { - iv.setVisibility(View.INVISIBLE); + if (mServerStatusIcon == 0 && mServerStatusText == 0) { tv.setVisibility(View.INVISIBLE); + } else { - iv.setImageResource(mStatusIcon); - tv.setText(mStatusText); - iv.setVisibility(View.VISIBLE); + tv.setText(mServerStatusText); + tv.setCompoundDrawablesWithIntrinsicBounds(mServerStatusIcon, 0, 0, 0); tv.setVisibility(View.VISIBLE); } + } - - + + /** * Updates the content and visibility state of the icon and text associated * to the interactions with the OAuth authorization server. */ - private void updateAuthStatus() { - if (mStatusIcon == 0 && mStatusText == 0) { + private void showAuthStatus() { + if (mAuthStatusIcon == 0 && mAuthStatusText == 0) { mAuthStatusLayout.setVisibility(View.INVISIBLE); + } else { - mAuthStatusLayout.setText(mStatusText); - mAuthStatusLayout.setCompoundDrawablesWithIntrinsicBounds(mStatusIcon, 0, 0, 0); + mAuthStatusLayout.setText(mAuthStatusText); + mAuthStatusLayout.setCompoundDrawablesWithIntrinsicBounds(mAuthStatusIcon, 0, 0, 0); mAuthStatusLayout.setVisibility(View.VISIBLE); } } - + + private void showRefreshButton() { + mRefreshButton.setVisibility(View.VISIBLE); + } + + private void hideRefreshButton() { + mRefreshButton.setVisibility(View.GONE); + } + /** * Called when the refresh button in the input field for ownCloud host is clicked. * @@ -1002,7 +1346,7 @@ public class AuthenticatorActivity extends AccountAuthenticatorActivity * @param view Refresh 'button' */ public void onRefreshClick(View view) { - onFocusChange(mRefreshButton, false); + checkOcServer(); } @@ -1010,25 +1354,19 @@ public class AuthenticatorActivity extends AccountAuthenticatorActivity * Called when the eye icon in the password field is clicked. * * Toggles the visibility of the password in the field. - * - * @param view 'View password' 'button' */ - public void onViewPasswordClick(View view) { + public void onViewPasswordClick() { int selectionStart = mPasswordInput.getSelectionStart(); int selectionEnd = mPasswordInput.getSelectionEnd(); - int input_type = mPasswordInput.getInputType(); - if ((input_type & InputType.TYPE_TEXT_VARIATION_VISIBLE_PASSWORD) == InputType.TYPE_TEXT_VARIATION_VISIBLE_PASSWORD) { - input_type = InputType.TYPE_CLASS_TEXT - | InputType.TYPE_TEXT_VARIATION_PASSWORD; + if (isPasswordVisible()) { + hidePassword(); } else { - input_type = InputType.TYPE_CLASS_TEXT - | InputType.TYPE_TEXT_VARIATION_VISIBLE_PASSWORD; + showPassword(); } - mPasswordInput.setInputType(input_type); mPasswordInput.setSelection(selectionStart, selectionEnd); } - - + + /** * Called when the checkbox for OAuth authorization is clicked. * @@ -1037,40 +1375,51 @@ public class AuthenticatorActivity extends AccountAuthenticatorActivity * @param view 'View password' 'button' */ public void onCheckClick(View view) { - CheckBox oAuth2Check = (CheckBox)view; - changeViewByOAuth2Check(oAuth2Check.isChecked()); - + CheckBox oAuth2Check = (CheckBox)view; + if (oAuth2Check.isChecked()) { + mCurrentAuthTokenType = AccountAuthenticator.AUTH_TOKEN_TYPE_ACCESS_TOKEN; + } else { + mCurrentAuthTokenType = AccountAuthenticator.AUTH_TOKEN_TYPE_PASSWORD; + } + adaptViewAccordingToAuthenticationMethod(); } + /** - * Changes the visibility of input elements depending upon the kind of authorization - * chosen by the user: basic or OAuth - * - * @param checked 'True' when OAuth is selected. + * Changes the visibility of input elements depending on + * the current authorization method. */ - public void changeViewByOAuth2Check(Boolean checked) { - - if (checked) { + private void adaptViewAccordingToAuthenticationMethod () { + if (AccountAuthenticator.AUTH_TOKEN_TYPE_ACCESS_TOKEN.equals(mCurrentAuthTokenType)) { + // OAuth 2 authorization mOAuthAuthEndpointText.setVisibility(View.VISIBLE); mOAuthTokenEndpointText.setVisibility(View.VISIBLE); mUsernameInput.setVisibility(View.GONE); mPasswordInput.setVisibility(View.GONE); - mViewPasswordButton.setVisibility(View.GONE); + mAccountNameInput.setVisibility(View.GONE); + + } else if (AccountAuthenticator.AUTH_TOKEN_TYPE_SAML_WEB_SSO_SESSION_COOKIE.equals(mCurrentAuthTokenType)) { + // SAML-based web Single Sign On + mOAuthAuthEndpointText.setVisibility(View.GONE); + mOAuthTokenEndpointText.setVisibility(View.GONE); + mUsernameInput.setVisibility(View.GONE); + mPasswordInput.setVisibility(View.GONE); + mAccountNameInput.setVisibility(View.VISIBLE); } else { + // basic HTTP authorization mOAuthAuthEndpointText.setVisibility(View.GONE); mOAuthTokenEndpointText.setVisibility(View.GONE); mUsernameInput.setVisibility(View.VISIBLE); mPasswordInput.setVisibility(View.VISIBLE); - mViewPasswordButton.setVisibility(View.INVISIBLE); - } - - } + mAccountNameInput.setVisibility(View.GONE); + } + } /** * Called from SslValidatorDialog when a new server certificate was correctly saved. */ public void onSavedCertificate() { - mOperationThread = mOcServerChkOperation.retry(this, mHandler); + checkOcServer(); } /** @@ -1082,4 +1431,92 @@ public class AuthenticatorActivity extends AccountAuthenticatorActivity showDialog(DIALOG_CERT_NOT_SAVED); } + + /** + * Called when the 'action' button in an IME is pressed ('enter' in software keyboard). + * + * Used to trigger the authorization check when the user presses 'enter' after writing the password. + */ + @Override + public boolean onEditorAction(TextView inputField, int actionId, KeyEvent event) { + if (inputField != null && inputField.equals(mPasswordInput) && + actionId == EditorInfo.IME_ACTION_DONE) { + if (mOkButton.isEnabled()) { + mOkButton.performClick(); + } + } + return false; // always return false to grant that the software keyboard is hidden anyway + } + + + private abstract static class RightDrawableOnTouchListener implements OnTouchListener { + + private int fuzz = 75; + + /** + * {@inheritDoc} + */ + @Override + public boolean onTouch(View view, MotionEvent event) { + Drawable rightDrawable = null; + if (view instanceof TextView) { + Drawable[] drawables = ((TextView)view).getCompoundDrawables(); + if (drawables.length > 2) { + rightDrawable = drawables[2]; + } + } + if (rightDrawable != null) { + final int x = (int) event.getX(); + final int y = (int) event.getY(); + final Rect bounds = rightDrawable.getBounds(); + if (x >= (view.getRight() - bounds.width() - fuzz) && x <= (view.getRight() - view.getPaddingRight() + fuzz) + && y >= (view.getPaddingTop() - fuzz) && y <= (view.getHeight() - view.getPaddingBottom()) + fuzz) { + + return onDrawableTouch(event); + } + } + return false; + } + + public abstract boolean onDrawableTouch(final MotionEvent event); + } + + + public void onSamlDialogSuccess(String sessionCookie){ + mAuthToken = sessionCookie; + + if (sessionCookie != null && sessionCookie.length() > 0) { + Log_OC.d(TAG, "Successful SSO - time to save the account"); + mAuthToken = sessionCookie; + if (mAction == ACTION_CREATE) { + createAccount(); + + } else { + updateToken(); + } + + finish(); + + } + } + + + + @Override + public void onSsoFinished(String sessionCookie) { + //Toast.makeText(this, "got cookies: " + sessionCookie, Toast.LENGTH_LONG).show(); + + if (sessionCookie != null && sessionCookie.length() > 0) { + Log_OC.d(TAG, "Successful SSO - time to save the account"); + onSamlDialogSuccess(sessionCookie); + finish(); + + } else { + // TODO - show fail + Log_OC.d(TAG, "SSO failed"); + } + } + + + }