From: masensio Date: Fri, 6 Feb 2015 12:05:48 +0000 (+0100) Subject: Fix bug: When editing the account, it is possible to include any password. Remove... X-Git-Tag: oc-android-1.7.0_signed~7 X-Git-Url: http://git.linex4red.de/pub/Android/ownCloud.git/commitdiff_plain/3605bd70da54e8375387ce0c6be4654c768c7c45?hp=--cc Fix bug: When editing the account, it is possible to include any password. Remove cookies when change password --- 3605bd70da54e8375387ce0c6be4654c768c7c45 diff --git a/src/com/owncloud/android/authentication/AuthenticatorActivity.java b/src/com/owncloud/android/authentication/AuthenticatorActivity.java index 8d7182d7..3a640765 100644 --- a/src/com/owncloud/android/authentication/AuthenticatorActivity.java +++ b/src/com/owncloud/android/authentication/AuthenticatorActivity.java @@ -18,11 +18,14 @@ package com.owncloud.android.authentication; +import java.io.IOException; import java.security.cert.X509Certificate; import java.util.Map; import android.accounts.Account; import android.accounts.AccountManager; +import android.accounts.AuthenticatorException; +import android.accounts.OperationCanceledException; import android.app.Dialog; import android.content.ComponentName; import android.content.Context; @@ -64,6 +67,9 @@ import com.actionbarsherlock.app.SherlockDialogFragment; import com.owncloud.android.MainApp; import com.owncloud.android.R; import com.owncloud.android.authentication.SsoWebViewClient.SsoWebViewClientListener; +import com.owncloud.android.lib.common.OwnCloudAccount; +import com.owncloud.android.lib.common.OwnCloudClient; +import com.owncloud.android.lib.common.OwnCloudClientManagerFactory; import com.owncloud.android.lib.common.accounts.AccountTypeUtils; import com.owncloud.android.lib.common.accounts.AccountUtils.Constants; import com.owncloud.android.lib.common.network.CertificateCombinedException; @@ -222,6 +228,8 @@ SsoWebViewClientListener, OnSslUntrustedCertListener { mWaitingForOpId = savedInstanceState.getLong(KEY_WAITING_FOR_OP_ID); mIsFirstAuthAttempt = savedInstanceState.getBoolean(KEY_AUTH_IS_FIRST_ATTEMPT_TAG); } + + /// load user interface setContentView(R.layout.account_setup); @@ -549,7 +557,7 @@ SsoWebViewClientListener, OnSslUntrustedCertListener { * intended to defer the processing of the redirection caught in * {@link #onNewIntent(Intent)} until {@link #onResume()} * - * See {@link #loadSavedInstanceState(Bundle)} + * See {@link #onSaveInstanceState(Bundle)} */ @Override protected void onSaveInstanceState(Bundle outState) { @@ -878,6 +886,12 @@ SsoWebViewClientListener, OnSslUntrustedCertListener { } private void accessRootFolderRemoteOperation(String username, String password) { + // delete the account if the token has changed + if (mAction == ACTION_UPDATE_TOKEN || mAction == ACTION_UPDATE_EXPIRED_TOKEN) { + // Remove the cookies in AccountManager + mAccountMgr.setUserData(mAccount, Constants.KEY_COOKIES, null); + } + Intent existenceCheckIntent = new Intent(); existenceCheckIntent.setAction(OperationsService.ACTION_EXISTENCE_CHECK); existenceCheckIntent.putExtra(OperationsService.EXTRA_SERVER_URL, mServerInfo.mBaseUrl); @@ -1018,8 +1032,8 @@ SsoWebViewClientListener, OnSslUntrustedCertListener { private void onSamlBasedFederatedSingleSignOnAuthorizationStart(RemoteOperationResult result) { mWaitingForOpId = Long.MAX_VALUE; dismissDialog(WAIT_DIALOG_TAG); - - if (result.isIdPRedirection()) { + + if (result.isIdPRedirection()) { String targetUrl = mServerInfo.mBaseUrl + AccountUtils.getWebdavPath(mServerInfo.mVersion, mAuthTokenType); @@ -1042,8 +1056,7 @@ SsoWebViewClientListener, OnSslUntrustedCertListener { /** * Processes the result of the server check performed when the user finishes the enter of the * server URL. - * - * @param operation Server check performed. + * * @param result Result of the check. */ private void onGetServerInfoFinish(RemoteOperationResult result) { @@ -1353,8 +1366,7 @@ SsoWebViewClientListener, OnSslUntrustedCertListener { * Processes the result of the access check performed to try the user credentials. * * Creates a new account through the AccountManager. - * - * @param operation Access check performed. + * * @param result Result of the operation. */ private void onAuthorizationCheckFinish(RemoteOperationResult result) { @@ -1377,7 +1389,7 @@ SsoWebViewClientListener, OnSslUntrustedCertListener { finish(); } - } else if (result.isServerFail() || result.isException()) { + } else if (result.isServerFail() || result.isException()) { /// server errors or exceptions in authorization take to requiring a new check of /// the server mServerIsChecked = true; @@ -1507,14 +1519,14 @@ SsoWebViewClientListener, OnSslUntrustedCertListener { mAccountMgr.setAuthToken(mAccount, mAuthTokenType, mAuthToken); } /// add user data to the new account; TODO probably can be done in the last parameter - // addAccountExplicitly, or in KEY_USERDATA + // addAccountExplicitly, or in KEY_USERDATA mAccountMgr.setUserData( mAccount, Constants.KEY_OC_VERSION, mServerInfo.mVersion.getVersion() ); mAccountMgr.setUserData( mAccount, Constants.KEY_OC_BASE_URL, mServerInfo.mBaseUrl ); - + if (isSaml) { mAccountMgr.setUserData(mAccount, Constants.KEY_SUPPORTS_SAML_WEB_SSO, "TRUE"); } else if (isOAuth) { @@ -1546,9 +1558,6 @@ SsoWebViewClientListener, OnSslUntrustedCertListener { /** * Updates the content and visibility state of the icon and text associated * to the last check on the ownCloud server. - * - * @param serverStatusText Resource identifier of the text to show. - * @param serverStatusIcon Resource identifier of the icon to show. */ private void showServerStatus() { if (mServerStatusIcon == 0 && mServerStatusText == 0) { diff --git a/src/com/owncloud/android/services/OperationsService.java b/src/com/owncloud/android/services/OperationsService.java index 581a686d..ded5edc9 100644 --- a/src/com/owncloud/android/services/OperationsService.java +++ b/src/com/owncloud/android/services/OperationsService.java @@ -435,13 +435,12 @@ public class OperationsService extends Service { mCurrentOperation = next.second; RemoteOperationResult result = null; try { + OwnCloudAccount ocAccount; /// prepare client object to send the request to the ownCloud server if (mLastTarget == null || !mLastTarget.equals(next.first)) { mLastTarget = next.first; if (mLastTarget.mAccount != null) { - OwnCloudAccount ocAccount = new OwnCloudAccount(mLastTarget.mAccount, mService); - mOwnCloudClient = OwnCloudClientManagerFactory.getDefaultSingleton(). - getClientFor(ocAccount, mService); + ocAccount = new OwnCloudAccount(mLastTarget.mAccount, mService); mStorageManager = new FileDataStorageManager( mLastTarget.mAccount, mService.getContentResolver() @@ -464,12 +463,12 @@ public class OperationsService extends Service { credentials = OwnCloudCredentialsFactory.newSamlSsoCredentials( mLastTarget.mCookie); // SAML SSO } - OwnCloudAccount ocAccount = new OwnCloudAccount( + ocAccount = new OwnCloudAccount( mLastTarget.mServerUrl, credentials); - mOwnCloudClient = OwnCloudClientManagerFactory.getDefaultSingleton(). - getClientFor(ocAccount, mService); mStorageManager = null; } + mOwnCloudClient = OwnCloudClientManagerFactory.getDefaultSingleton(). + getClientFor(ocAccount, mService); } /// perform the operation