From: David A. Velasco Date: Sat, 17 Aug 2013 08:52:03 +0000 (+0200) Subject: Merge branch 'develop' into sso_bug_changing_orientation X-Git-Tag: oc-android-1.4.6~18^2~8^2~4 X-Git-Url: http://git.linex4red.de/pub/Android/ownCloud.git/commitdiff_plain/54679a521d5126d586969c234e6f1536f27dae81?hp=782a38646d29af0f9e66410f62a6428b950fd75a Merge branch 'develop' into sso_bug_changing_orientation --- diff --git a/res/layout-land/account_setup.xml b/res/layout-land/account_setup.xml index 150893a2..5b3ec5d2 100644 --- a/res/layout-land/account_setup.xml +++ b/res/layout-land/account_setup.xml @@ -116,7 +116,6 @@ android:onClick="onCheckClick" android:text="@string/oauth_check_onoff" android:textAppearance="?android:attr/textAppearanceSmall" - android:visibility="gone" /> - + + + + + /> @@ -119,9 +120,25 @@ android:layout_width="match_parent" android:layout_height="wrap_content" android:ems="10" - android:inputType="textUri" - android:singleLine="true" + android:enabled="false" android:text="@string/oauth2_url_endpoint_access" + android:singleLine="true" + android:inputType="textUri" + android:visibility="gone" /> + + + + + android:inputType="textNoSuggestions" + /> + android:inputType="textPassword" + /> - - - true - diff --git a/res/values/oauth2_configuration.xml b/res/values/oauth2_configuration.xml index 5fbef7c3..f8e0f51c 100644 --- a/res/values/oauth2_configuration.xml +++ b/res/values/oauth2_configuration.xml @@ -1,10 +1,5 @@ - - off - owncloud owncloud://callback diff --git a/res/values/setup.xml b/res/values/setup.xml new file mode 100644 index 00000000..2c46d415 --- /dev/null +++ b/res/values/setup.xml @@ -0,0 +1,10 @@ + + + + true + + + off + on + + diff --git a/res/values/strings.xml b/res/values/strings.xml index 8c273bd3..f0719826 100644 --- a/res/values/strings.xml +++ b/res/values/strings.xml @@ -49,6 +49,7 @@ Delete History Check Server + Account name Server address Username Password @@ -210,6 +211,9 @@ Unexpected state; please, enter the server URL again Your authorization expired.\nPlease, authorize again Please, enter the current password + Connecting to authentication server… + Follow instructions above to get authenticated + The server does not support this authentication method Application terminated unexpectedly. Would you like to submit a crash report? Send report diff --git a/src/com/owncloud/android/authentication/AccountAuthenticator.java b/src/com/owncloud/android/authentication/AccountAuthenticator.java index 30eda593..85e9a235 100644 --- a/src/com/owncloud/android/authentication/AccountAuthenticator.java +++ b/src/com/owncloud/android/authentication/AccountAuthenticator.java @@ -46,6 +46,7 @@ public class AccountAuthenticator extends AbstractAccountAuthenticator { public static final String AUTH_TOKEN_TYPE_PASSWORD = "owncloud.password"; public static final String AUTH_TOKEN_TYPE_ACCESS_TOKEN = "owncloud.oauth2.access_token"; public static final String AUTH_TOKEN_TYPE_REFRESH_TOKEN = "owncloud.oauth2.refresh_token"; + public static final String AUTH_TOKEN_TYPE_SAML_WEB_SSO_SESSION_COOKIE = "owncloud.saml.web_sso.session_cookie"; public static final String KEY_AUTH_TOKEN_TYPE = "authTokenType"; public static final String KEY_REQUIRED_FEATURES = "requiredFeatures"; @@ -75,6 +76,10 @@ public class AccountAuthenticator extends AbstractAccountAuthenticator { * Flag signaling if the ownCloud server can be accessed with OAuth2 access tokens. */ public static final String KEY_SUPPORTS_OAUTH2 = "oc_supports_oauth2"; + /** + * Flag signaling if the ownCloud server can be accessed with session cookies from SAML-based web single-sign-on. + */ + public static final String KEY_SUPPORTS_SAML_WEB_SSO = "oc_supports_saml_web_sso"; private static final String TAG = AccountAuthenticator.class.getSimpleName(); @@ -254,7 +259,8 @@ public class AccountAuthenticator extends AbstractAccountAuthenticator { if (!authTokenType.equals(AUTH_TOKEN_TYPE) && !authTokenType.equals(AUTH_TOKEN_TYPE_PASSWORD) && !authTokenType.equals(AUTH_TOKEN_TYPE_ACCESS_TOKEN) && - !authTokenType.equals(AUTH_TOKEN_TYPE_REFRESH_TOKEN) ) { + !authTokenType.equals(AUTH_TOKEN_TYPE_REFRESH_TOKEN) && + !authTokenType.equals(AUTH_TOKEN_TYPE_SAML_WEB_SSO_SESSION_COOKIE)) { throw new UnsupportedAuthTokenTypeException(); } } diff --git a/src/com/owncloud/android/authentication/AccountAuthenticatorActivity.java b/src/com/owncloud/android/authentication/AccountAuthenticatorActivity.java new file mode 100644 index 00000000..62c8825f --- /dev/null +++ b/src/com/owncloud/android/authentication/AccountAuthenticatorActivity.java @@ -0,0 +1,85 @@ +/* + * Copyright (C) 2009 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.owncloud.android.authentication; + +import android.accounts.AccountAuthenticatorResponse; +import android.accounts.AccountManager; +import android.os.Bundle; + +import com.actionbarsherlock.app.SherlockFragmentActivity; + + +/* + * Base class for implementing an Activity that is used to help implement an AbstractAccountAuthenticator. + * If the AbstractAccountAuthenticator needs to use an activity to handle the request then it can have the activity extend + * AccountAuthenticatorActivity. The AbstractAccountAuthenticator passes in the response to the intent using the following: + * intent.putExtra(AccountManager.KEY_ACCOUNT_AUTHENTICATOR_RESPONSE, response); + * + * The activity then sets the result that is to be handed to the response via setAccountAuthenticatorResult(android.os.Bundle). + * This result will be sent as the result of the request when the activity finishes. If this is never set or if it is set to null + * then error AccountManager.ERROR_CODE_CANCELED will be called on the response. + */ + +public class AccountAuthenticatorActivity extends SherlockFragmentActivity { + + private AccountAuthenticatorResponse mAccountAuthenticatorResponse = null; + private Bundle mResultBundle = null; + + + /** + * Set the result that is to be sent as the result of the request that caused this Activity to be launched. + * If result is null or this method is never called then the request will be canceled. + * + * @param result this is returned as the result of the AbstractAccountAuthenticator request + */ + public final void setAccountAuthenticatorResult(Bundle result) { + mResultBundle = result; + } + + /** + * Retreives the AccountAuthenticatorResponse from either the intent of the icicle, if the + * icicle is non-zero. + * @param icicle the save instance data of this Activity, may be null + */ + protected void onCreate(Bundle icicle) { + super.onCreate(icicle); + + mAccountAuthenticatorResponse = + getIntent().getParcelableExtra(AccountManager.KEY_ACCOUNT_AUTHENTICATOR_RESPONSE); + + if (mAccountAuthenticatorResponse != null) { + mAccountAuthenticatorResponse.onRequestContinued(); + } + } + + /** + * Sends the result or a Constants.ERROR_CODE_CANCELED error if a result isn't present. + */ + public void finish() { + if (mAccountAuthenticatorResponse != null) { + // send the result bundle back if set, otherwise send an error. + if (mResultBundle != null) { + mAccountAuthenticatorResponse.onResult(mResultBundle); + } else { + mAccountAuthenticatorResponse.onError(AccountManager.ERROR_CODE_CANCELED, + "canceled"); + } + mAccountAuthenticatorResponse = null; + } + super.finish(); + } +} diff --git a/src/com/owncloud/android/authentication/AccountUtils.java b/src/com/owncloud/android/authentication/AccountUtils.java index 591da010..a4bc7781 100644 --- a/src/com/owncloud/android/authentication/AccountUtils.java +++ b/src/com/owncloud/android/authentication/AccountUtils.java @@ -32,6 +32,7 @@ public class AccountUtils { public static final String WEBDAV_PATH_2_0 = "/files/webdav.php"; public static final String WEBDAV_PATH_4_0 = "/remote.php/webdav"; private static final String ODAV_PATH = "/remote.php/odav"; + private static final String SAML_SSO_PATH = "/remote.php/webdav"; public static final String CARDDAV_PATH_2_0 = "/apps/contacts/carddav.php"; public static final String CARDDAV_PATH_4_0 = "/remote/carddav.php"; public static final String STATUS_PATH = "/status.php"; @@ -115,11 +116,41 @@ public class AccountUtils { * @param version version of owncloud * @return webdav path for given OC version, null if OC version unknown */ - public static String getWebdavPath(OwnCloudVersion version, boolean supportsOAuth) { + public static String getWebdavPath(OwnCloudVersion version, boolean supportsOAuth, boolean supportsSamlSso) { if (version != null) { if (supportsOAuth) { return ODAV_PATH; } + if (supportsSamlSso) { + return SAML_SSO_PATH; + } + if (version.compareTo(OwnCloudVersion.owncloud_v4) >= 0) + return WEBDAV_PATH_4_0; + if (version.compareTo(OwnCloudVersion.owncloud_v3) >= 0 + || version.compareTo(OwnCloudVersion.owncloud_v2) >= 0) + return WEBDAV_PATH_2_0; + if (version.compareTo(OwnCloudVersion.owncloud_v1) >= 0) + return WEBDAV_PATH_1_2; + } + return null; + } + + /** + * Returns the proper URL path to access the WebDAV interface of an ownCloud server, + * according to its version and the authorization method used. + * + * @param version Version of ownCloud server. + * @param authTokenType Authorization token type, matching some of the AUTH_TOKEN_TYPE_* constants in {@link AccountAuthenticator}. + * @return WebDAV path for given OC version and authorization method, null if OC version is unknown. + */ + public static String getWebdavPath(OwnCloudVersion version, String authTokenType) { + if (version != null) { + if (AccountAuthenticator.AUTH_TOKEN_TYPE_ACCESS_TOKEN.equals(authTokenType)) { + return ODAV_PATH; + } + if (AccountAuthenticator.AUTH_TOKEN_TYPE_SAML_WEB_SSO_SESSION_COOKIE.equals(authTokenType)) { + return SAML_SSO_PATH; + } if (version.compareTo(OwnCloudVersion.owncloud_v4) >= 0) return WEBDAV_PATH_4_0; if (version.compareTo(OwnCloudVersion.owncloud_v3) >= 0 @@ -143,8 +174,9 @@ public class AccountUtils { String baseurl = ama.getUserData(account, AccountAuthenticator.KEY_OC_BASE_URL); String strver = ama.getUserData(account, AccountAuthenticator.KEY_OC_VERSION); boolean supportsOAuth = (ama.getUserData(account, AccountAuthenticator.KEY_SUPPORTS_OAUTH2) != null); + boolean supportsSamlSso = (ama.getUserData(account, AccountAuthenticator.KEY_SUPPORTS_SAML_WEB_SSO) != null); OwnCloudVersion ver = new OwnCloudVersion(strver); - String webdavpath = getWebdavPath(ver, supportsOAuth); + String webdavpath = getWebdavPath(ver, supportsOAuth, supportsSamlSso); if (baseurl == null || webdavpath == null) throw new AccountNotFoundException(account, "Account not found", null); diff --git a/src/com/owncloud/android/authentication/AuthenticatorActivity.java b/src/com/owncloud/android/authentication/AuthenticatorActivity.java index 76041c18..d844011e 100644 --- a/src/com/owncloud/android/authentication/AuthenticatorActivity.java +++ b/src/com/owncloud/android/authentication/AuthenticatorActivity.java @@ -18,21 +18,7 @@ package com.owncloud.android.authentication; -import com.owncloud.android.Log_OC; -import com.owncloud.android.ui.dialog.SslValidatorDialog; -import com.owncloud.android.ui.dialog.SslValidatorDialog.OnSslValidatorListener; -import com.owncloud.android.utils.OwnCloudVersion; -import com.owncloud.android.network.OwnCloudClientUtils; -import com.owncloud.android.operations.OwnCloudServerCheckOperation; -import com.owncloud.android.operations.ExistenceCheckOperation; -import com.owncloud.android.operations.OAuth2GetAccessToken; -import com.owncloud.android.operations.OnRemoteOperationListener; -import com.owncloud.android.operations.RemoteOperation; -import com.owncloud.android.operations.RemoteOperationResult; -import com.owncloud.android.operations.RemoteOperationResult.ResultCode; - import android.accounts.Account; -import android.accounts.AccountAuthenticatorActivity; import android.accounts.AccountManager; import android.app.AlertDialog; import android.app.Dialog; @@ -57,14 +43,28 @@ import android.view.View.OnFocusChangeListener; import android.view.View.OnTouchListener; import android.view.Window; import android.view.inputmethod.EditorInfo; +import android.widget.Button; import android.widget.CheckBox; import android.widget.EditText; -import android.widget.Button; import android.widget.TextView; -import android.widget.Toast; import android.widget.TextView.OnEditorActionListener; +import android.widget.Toast; +import com.owncloud.android.Log_OC; import com.owncloud.android.R; +import com.owncloud.android.authentication.SsoWebViewClient.SsoWebViewClientListener; +import com.owncloud.android.network.OwnCloudClientUtils; +import com.owncloud.android.operations.ExistenceCheckOperation; +import com.owncloud.android.operations.OAuth2GetAccessToken; +import com.owncloud.android.operations.OnRemoteOperationListener; +import com.owncloud.android.operations.OwnCloudServerCheckOperation; +import com.owncloud.android.operations.RemoteOperation; +import com.owncloud.android.operations.RemoteOperationResult; +import com.owncloud.android.operations.RemoteOperationResult.ResultCode; +import com.owncloud.android.ui.dialog.SamlWebViewDialog; +import com.owncloud.android.ui.dialog.SslValidatorDialog; +import com.owncloud.android.ui.dialog.SslValidatorDialog.OnSslValidatorListener; +import com.owncloud.android.utils.OwnCloudVersion; import eu.alefzero.webdav.WebdavClient; @@ -75,7 +75,7 @@ import eu.alefzero.webdav.WebdavClient; * @author David A. Velasco */ public class AuthenticatorActivity extends AccountAuthenticatorActivity -implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeListener, OnEditorActionListener { +implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeListener, OnEditorActionListener, SsoWebViewClientListener{ private static final String TAG = AuthenticatorActivity.class.getSimpleName(); @@ -99,10 +99,10 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList private static final String KEY_AUTH_STATUS_ICON = "AUTH_STATUS_ICON"; private static final String KEY_REFRESH_BUTTON_ENABLED = "KEY_REFRESH_BUTTON_ENABLED"; - private static final String OAUTH_MODE_ON = "on"; - private static final String OAUTH_MODE_OFF = "off"; - private static final String OAUTH_MODE_OPTIONAL = "optional"; - + private static final String AUTH_ON = "on"; + private static final String AUTH_OFF = "off"; + private static final String AUTH_OPTIONAL = "optional"; + private static final int DIALOG_LOGIN_PROGRESS = 0; private static final int DIALOG_SSL_VALIDATOR = 1; private static final int DIALOG_CERT_NOT_SAVED = 2; @@ -111,12 +111,15 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList public static final byte ACTION_CREATE = 0; public static final byte ACTION_UPDATE_TOKEN = 1; + private static final String TAG_SAML_DIALOG = "samlWebViewDialog"; + private String mHostBaseUrl; private OwnCloudVersion mDiscoveredVersion; private int mServerStatusText, mServerStatusIcon; private boolean mServerIsChecked, mServerIsValid, mIsSslConn; private int mAuthStatusText, mAuthStatusIcon; + private TextView mAuthStatusLayout; private final Handler mHandler = new Handler(); private Thread mOperationThread; @@ -132,20 +135,25 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList private Account mAccount; private EditText mHostUrlInput; + private boolean mHostUrlInputEnabled; private View mRefreshButton; + + private String mCurrentAuthTokenType; + private EditText mUsernameInput; private EditText mPasswordInput; + private CheckBox mOAuth2Check; - private String mOAuthAccessToken; - private View mOkButton; - private TextView mAuthStatusLayout; - + private TextView mOAuthAuthEndpointText; private TextView mOAuthTokenEndpointText; - private boolean mRefreshButtonEnabled; + private TextView mAccountNameInput; + private SamlWebViewDialog mSamlDialog; - private boolean mHostUrlInputEnabled; + private View mOkButton; + + private String mAuthToken; /** @@ -167,6 +175,7 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList mOAuthAuthEndpointText = (TextView)findViewById(R.id.oAuthEntryPoint_1); mOAuthTokenEndpointText = (TextView)findViewById(R.id.oAuthEntryPoint_2); mOAuth2Check = (CheckBox) findViewById(R.id.oauth_onOff_check); + mAccountNameInput = (EditText) findViewById(R.id.account_name); mOkButton = findViewById(R.id.buttonOK); mAuthStatusLayout = (TextView) findViewById(R.id.auth_status_text); @@ -207,9 +216,6 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList mAuthStatusText = mAuthStatusIcon = 0; /// retrieve extras from intent - String tokenType = getIntent().getExtras().getString(AccountAuthenticator.KEY_AUTH_TOKEN_TYPE); - boolean oAuthRequired = AccountAuthenticator.AUTH_TOKEN_TYPE_ACCESS_TOKEN.equals(tokenType) || OAUTH_MODE_ON.equals(getString(R.string.oauth2_mode)); - mAccount = getIntent().getExtras().getParcelable(EXTRA_ACCOUNT); if (mAccount != null) { String ocVersion = mAccountMgr.getUserData(mAccount, AccountAuthenticator.KEY_OC_VERSION); @@ -218,18 +224,14 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList } mHostBaseUrl = normalizeUrl(mAccountMgr.getUserData(mAccount, AccountAuthenticator.KEY_OC_BASE_URL)); mHostUrlInput.setText(mHostBaseUrl); - String userName = mAccount.name.substring(0, mAccount.name.lastIndexOf('@')); - mUsernameInput.setText(userName); - oAuthRequired = (mAccountMgr.getUserData(mAccount, AccountAuthenticator.KEY_SUPPORTS_OAUTH2) != null); } - mOAuth2Check.setChecked(oAuthRequired); - changeViewByOAuth2Check(oAuthRequired); + initAuthorizationMethod(); // checks intent and setup.xml to determine mCurrentAuthorizationMethod mJustCreated = true; if (mAction == ACTION_UPDATE_TOKEN || !mHostUrlInputEnabled) { checkOcServer(); } - + } else { /// connection state and info mServerIsValid = savedInstanceState.getBoolean(KEY_SERVER_VALID); @@ -252,6 +254,11 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList // account data, if updating mAccount = savedInstanceState.getParcelable(KEY_ACCOUNT); + mCurrentAuthTokenType = savedInstanceState.getString(AccountAuthenticator.KEY_AUTH_TOKEN_TYPE); + if (mCurrentAuthTokenType == null) { + mCurrentAuthTokenType = AccountAuthenticator.AUTH_TOKEN_TYPE_PASSWORD; + + } // check if server check was interrupted by a configuration change if (savedInstanceState.getBoolean(KEY_SERVER_CHECK_IN_PROGRESS, false)) { @@ -264,9 +271,10 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList } + adaptViewAccordingToAuthenticationMethod(); showServerStatus(); showAuthStatus(); - + if (mAction == ACTION_UPDATE_TOKEN) { /// lock things that should not change mHostUrlInput.setEnabled(false); @@ -280,13 +288,14 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList if (mServerIsChecked && !mServerIsValid && refreshButtonEnabled) showRefreshButton(); mOkButton.setEnabled(mServerIsValid); // state not automatically recovered in configuration changes - if (!OAUTH_MODE_OPTIONAL.equals(getString(R.string.oauth2_mode))) { + if (AccountAuthenticator.AUTH_TOKEN_TYPE_SAML_WEB_SSO_SESSION_COOKIE.equals(mCurrentAuthTokenType) || + !AUTH_OPTIONAL.equals(getString(R.string.auth_method_oauth2))) { mOAuth2Check.setVisibility(View.GONE); } mPasswordInput.setText(""); // clean password to avoid social hacking (disadvantage: password in removed if the device is turned aside) - /// bind view elements to listeners + /// bind view elements to listeners and other friends mHostUrlInput.setOnFocusChangeListener(this); mHostUrlInput.addTextChangedListener(new TextWatcher() { @@ -315,7 +324,48 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList } return true; } - }); + }); + + } + + + + private void initAuthorizationMethod() { + boolean oAuthRequired = false; + boolean samlWebSsoRequired = false; + + mCurrentAuthTokenType = getIntent().getExtras().getString(AccountAuthenticator.KEY_AUTH_TOKEN_TYPE); + mAccount = getIntent().getExtras().getParcelable(EXTRA_ACCOUNT); + + // TODO could be a good moment to validate the received token type, if not null + + if (mCurrentAuthTokenType == null) { + if (mAccount != null) { + /// same authentication method than the one used to create the account to update + oAuthRequired = (mAccountMgr.getUserData(mAccount, AccountAuthenticator.KEY_SUPPORTS_OAUTH2) != null); + samlWebSsoRequired = (mAccountMgr.getUserData(mAccount, AccountAuthenticator.KEY_SUPPORTS_SAML_WEB_SSO) != null); + + } else { + /// use the one set in setup.xml + oAuthRequired = AUTH_ON.equals(getString(R.string.auth_method_oauth2)); + samlWebSsoRequired = AUTH_ON.equals(getString(R.string.auth_method_saml_web_sso)); + } + if (oAuthRequired) { + mCurrentAuthTokenType = AccountAuthenticator.AUTH_TOKEN_TYPE_ACCESS_TOKEN; + } else if (samlWebSsoRequired) { + mCurrentAuthTokenType = AccountAuthenticator.AUTH_TOKEN_TYPE_SAML_WEB_SSO_SESSION_COOKIE; + } else { + mCurrentAuthTokenType = AccountAuthenticator.AUTH_TOKEN_TYPE_PASSWORD; + } + } + + if (mAccount != null) { + String userName = mAccount.name.substring(0, mAccount.name.lastIndexOf('@')); + mUsernameInput.setText(userName); + } + + mOAuth2Check.setChecked(AccountAuthenticator.AUTH_TOKEN_TYPE_ACCESS_TOKEN.equals(mCurrentAuthTokenType)); + } /** @@ -351,10 +401,11 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList if (mAccount != null) { outState.putParcelable(KEY_ACCOUNT, mAccount); } + outState.putString(AccountAuthenticator.KEY_AUTH_TOKEN_TYPE, mCurrentAuthTokenType); // refresh button enabled - //outState.putBoolean(KEY_REFRESH_BUTTON_ENABLED, mRefreshButtonEnabled); outState.putBoolean(KEY_REFRESH_BUTTON_ENABLED, (mRefreshButton.getVisibility() == View.VISIBLE)); + } @@ -383,8 +434,6 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList @Override protected void onResume() { super.onResume(); - // the state of mOAuth2Check is automatically recovered between configuration changes, but not before onCreate() finishes; so keep the next lines here - changeViewByOAuth2Check(mOAuth2Check.isChecked()); if (mAction == ACTION_UPDATE_TOKEN && mJustCreated && getIntent().getBooleanExtra(EXTRA_ENFORCED_UPDATE, false)) { if (mOAuth2Check.isChecked()) Toast.makeText(this, R.string.auth_expired_oauth_token_toast, Toast.LENGTH_LONG).show(); @@ -397,6 +446,7 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList } mJustCreated = false; + } @@ -418,7 +468,7 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList getString(R.string.oauth2_grant_type), queryParameters); //WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(getString(R.string.oauth2_url_endpoint_access)), getApplicationContext()); - WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(mOAuthTokenEndpointText.getText().toString().trim()), getApplicationContext()); + WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(mOAuthTokenEndpointText.getText().toString().trim()), getApplicationContext(), true); operation.execute(client, this, mHandler); } @@ -482,7 +532,7 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList mServerStatusIcon = R.drawable.progress_small; showServerStatus(); mOcServerChkOperation = new OwnCloudServerCheckOperation(uri, this); - WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(uri), this); + WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(uri), this, true); mOperationThread = mOcServerChkOperation.execute(client, this, mHandler); } else { mServerStatusText = 0; @@ -582,9 +632,10 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList return; } - if (mOAuth2Check.isChecked()) { + if (AccountAuthenticator.AUTH_TOKEN_TYPE_ACCESS_TOKEN.equals(mCurrentAuthTokenType)) { startOauthorization(); - + } else if (AccountAuthenticator.AUTH_TOKEN_TYPE_SAML_WEB_SSO_SESSION_COOKIE.equals(mCurrentAuthTokenType)) { + startSamlBasedFederatedSingleSignOnAuthorization(); } else { checkBasicAuthorization(); } @@ -597,7 +648,7 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList */ private void checkBasicAuthorization() { /// get the path to the root folder through WebDAV from the version server - String webdav_path = AccountUtils.getWebdavPath(mDiscoveredVersion, false); + String webdav_path = AccountUtils.getWebdavPath(mDiscoveredVersion, mCurrentAuthTokenType); /// get basic credentials entered by user String username = mUsernameInput.getText().toString(); @@ -608,7 +659,7 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList /// test credentials accessing the root folder mAuthCheckOperation = new ExistenceCheckOperation("", this, false); - WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(mHostBaseUrl + webdav_path), this); + WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(mHostBaseUrl + webdav_path), this, true); client.setBasicCredentials(username, password); mOperationThread = mAuthCheckOperation.execute(client, this, mHandler); } @@ -623,6 +674,7 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList mAuthStatusIcon = R.drawable.progress_small; mAuthStatusText = R.string.oauth_login_connection; showAuthStatus(); + // GET AUTHORIZATION request //Uri uri = Uri.parse(getString(R.string.oauth2_url_endpoint_auth)); @@ -641,6 +693,26 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList /** + * Starts the Web Single Sign On flow to get access to the root folder + * in the server. + */ + private void startSamlBasedFederatedSingleSignOnAuthorization() { + // be gentle with the user + mAuthStatusIcon = R.drawable.progress_small; + mAuthStatusText = R.string.auth_connecting_auth_server; + showAuthStatus(); + showDialog(DIALOG_LOGIN_PROGRESS); + + /// get the path to the root folder through WebDAV from the version server + String webdav_path = AccountUtils.getWebdavPath(mDiscoveredVersion, mCurrentAuthTokenType); + + /// test credentials accessing the root folder + mAuthCheckOperation = new ExistenceCheckOperation("", this, false); + WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(mHostBaseUrl + webdav_path), this, false); + mOperationThread = mAuthCheckOperation.execute(client, this, mHandler); + } + + /** * Callback method invoked when a RemoteOperation executed by this Activity finishes. * * Dispatches the operation flow to the right method. @@ -655,9 +727,40 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList onGetOAuthAccessTokenFinish((OAuth2GetAccessToken)operation, result); } else if (operation instanceof ExistenceCheckOperation) { - onAuthorizationCheckFinish((ExistenceCheckOperation)operation, result); - + if (AccountAuthenticator.AUTH_TOKEN_TYPE_SAML_WEB_SSO_SESSION_COOKIE.equals(mCurrentAuthTokenType)) { + onSamlBasedFederatedSingleSignOnAuthorizationStart(operation, result); + + } else { + onAuthorizationCheckFinish((ExistenceCheckOperation)operation, result); + } + } + } + + + private void onSamlBasedFederatedSingleSignOnAuthorizationStart(RemoteOperation operation, RemoteOperationResult result) { + try { + dismissDialog(DIALOG_LOGIN_PROGRESS); + } catch (IllegalArgumentException e) { + // NOTHING TO DO ; can't find out what situation that leads to the exception in this code, but user logs signal that it happens } + + if (result.isTemporalRedirection()) { + String url = result.getRedirectedLocation(); + String targetUrl = mHostBaseUrl + AccountUtils.getWebdavPath(mDiscoveredVersion, mCurrentAuthTokenType); + + // Show dialog + mSamlDialog = SamlWebViewDialog.newInstance(url, targetUrl); + mSamlDialog.show(getSupportFragmentManager(), TAG_SAML_DIALOG); + + mAuthStatusIcon = android.R.drawable.ic_secure; + mAuthStatusText = R.string.auth_follow_auth_server; + + } else { + mAuthStatusIcon = R.drawable.common_error; + mAuthStatusText = R.string.auth_unsupported_auth_method; + + } + showAuthStatus(); } @@ -908,17 +1011,17 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList // NOTHING TO DO ; can't find out what situation that leads to the exception in this code, but user logs signal that it happens } - String webdav_path = AccountUtils.getWebdavPath(mDiscoveredVersion, true); + String webdav_path = AccountUtils.getWebdavPath(mDiscoveredVersion, mCurrentAuthTokenType); if (result.isSuccess() && webdav_path != null) { /// be gentle with the user showDialog(DIALOG_LOGIN_PROGRESS); /// time to test the retrieved access token on the ownCloud server - mOAuthAccessToken = ((OAuth2GetAccessToken)operation).getResultTokenMap().get(OAuth2Constants.KEY_ACCESS_TOKEN); - Log_OC.d(TAG, "Got ACCESS TOKEN: " + mOAuthAccessToken); + mAuthToken = ((OAuth2GetAccessToken)operation).getResultTokenMap().get(OAuth2Constants.KEY_ACCESS_TOKEN); + Log_OC.d(TAG, "Got ACCESS TOKEN: " + mAuthToken); mAuthCheckOperation = new ExistenceCheckOperation("", this, false); - WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(mHostBaseUrl + webdav_path), this); - client.setBearerCredentials(mOAuthAccessToken); + WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(mHostBaseUrl + webdav_path), this, true); + client.setBearerCredentials(mAuthToken); mAuthCheckOperation.execute(client, this, mHandler); } else { @@ -998,11 +1101,17 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList Bundle response = new Bundle(); response.putString(AccountManager.KEY_ACCOUNT_NAME, mAccount.name); response.putString(AccountManager.KEY_ACCOUNT_TYPE, mAccount.type); - boolean isOAuth = mOAuth2Check.isChecked(); - if (isOAuth) { - response.putString(AccountManager.KEY_AUTHTOKEN, mOAuthAccessToken); + + if (AccountAuthenticator.AUTH_TOKEN_TYPE_ACCESS_TOKEN.equals(mCurrentAuthTokenType)) { + response.putString(AccountManager.KEY_AUTHTOKEN, mAuthToken); + // the next line is necessary; by now, notifications are calling directly to the AuthenticatorActivity to update, without AccountManager intervention + mAccountMgr.setAuthToken(mAccount, mCurrentAuthTokenType, mAuthToken); + + } else if (AccountAuthenticator.AUTH_TOKEN_TYPE_SAML_WEB_SSO_SESSION_COOKIE.equals(mCurrentAuthTokenType)) { + response.putString(AccountManager.KEY_AUTHTOKEN, mAuthToken); // the next line is necessary; by now, notifications are calling directly to the AuthenticatorActivity to update, without AccountManager intervention - mAccountMgr.setAuthToken(mAccount, AccountAuthenticator.AUTH_TOKEN_TYPE_ACCESS_TOKEN, mOAuthAccessToken); + mAccountMgr.setAuthToken(mAccount, mCurrentAuthTokenType, mAuthToken); + } else { response.putString(AccountManager.KEY_AUTHTOKEN, mPasswordInput.getText().toString()); mAccountMgr.setPassword(mAccount, mPasswordInput.getText().toString()); @@ -1020,11 +1129,15 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList */ private void createAccount() { /// create and save new ownCloud account - boolean isOAuth = mOAuth2Check.isChecked(); + boolean isOAuth = AccountAuthenticator.AUTH_TOKEN_TYPE_ACCESS_TOKEN.equals(mCurrentAuthTokenType); + boolean isSaml = AccountAuthenticator.AUTH_TOKEN_TYPE_SAML_WEB_SSO_SESSION_COOKIE.equals(mCurrentAuthTokenType); Uri uri = Uri.parse(mHostBaseUrl); String username = mUsernameInput.getText().toString().trim(); - if (isOAuth) { + if (isSaml) { + username = mAccountNameInput.getText().toString().trim(); + + } else if (isOAuth) { username = "OAuth_user" + (new java.util.Random(System.currentTimeMillis())).nextLong(); } String accountName = username + "@" + uri.getHost(); @@ -1032,8 +1145,8 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList accountName += ":" + uri.getPort(); } mAccount = new Account(accountName, AccountAuthenticator.ACCOUNT_TYPE); - if (isOAuth) { - mAccountMgr.addAccountExplicitly(mAccount, "", null); // with our implementation, the password is never input in the app + if (isOAuth || isSaml) { + mAccountMgr.addAccountExplicitly(mAccount, "", null); // with external authorizations, the password is never input in the app } else { mAccountMgr.addAccountExplicitly(mAccount, mPasswordInput.getText().toString(), null); } @@ -1052,17 +1165,20 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList final Intent intent = new Intent(); intent.putExtra(AccountManager.KEY_ACCOUNT_TYPE, AccountAuthenticator.ACCOUNT_TYPE); intent.putExtra(AccountManager.KEY_ACCOUNT_NAME, mAccount.name); - if (!isOAuth) - intent.putExtra(AccountManager.KEY_AUTHTOKEN, AccountAuthenticator.ACCOUNT_TYPE); // TODO check this; not sure it's right; maybe + /*if (!isOAuth) + intent.putExtra(AccountManager.KEY_AUTHTOKEN, AccountAuthenticator.ACCOUNT_TYPE); */ intent.putExtra(AccountManager.KEY_USERDATA, username); - if (isOAuth) { - mAccountMgr.setAuthToken(mAccount, AccountAuthenticator.AUTH_TOKEN_TYPE_ACCESS_TOKEN, mOAuthAccessToken); + if (isOAuth || isSaml) { + mAccountMgr.setAuthToken(mAccount, mCurrentAuthTokenType, mAuthToken); } /// add user data to the new account; TODO probably can be done in the last parameter addAccountExplicitly, or in KEY_USERDATA mAccountMgr.setUserData(mAccount, AccountAuthenticator.KEY_OC_VERSION, mDiscoveredVersion.toString()); mAccountMgr.setUserData(mAccount, AccountAuthenticator.KEY_OC_BASE_URL, mHostBaseUrl); - if (isOAuth) - mAccountMgr.setUserData(mAccount, AccountAuthenticator.KEY_SUPPORTS_OAUTH2, "TRUE"); // TODO this flag should be unnecessary + if (isSaml) { + mAccountMgr.setUserData(mAccount, AccountAuthenticator.KEY_SUPPORTS_SAML_WEB_SSO, "TRUE"); + } else if (isOAuth) { + mAccountMgr.setUserData(mAccount, AccountAuthenticator.KEY_SUPPORTS_OAUTH2, "TRUE"); + } setAccountAuthenticatorResult(intent.getExtras()); setResult(RESULT_OK, intent); @@ -1259,33 +1375,46 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList * @param view 'View password' 'button' */ public void onCheckClick(View view) { - CheckBox oAuth2Check = (CheckBox)view; - changeViewByOAuth2Check(oAuth2Check.isChecked()); - + CheckBox oAuth2Check = (CheckBox)view; + if (oAuth2Check.isChecked()) { + mCurrentAuthTokenType = AccountAuthenticator.AUTH_TOKEN_TYPE_ACCESS_TOKEN; + } else { + mCurrentAuthTokenType = AccountAuthenticator.AUTH_TOKEN_TYPE_PASSWORD; + } + adaptViewAccordingToAuthenticationMethod(); } + /** - * Changes the visibility of input elements depending upon the kind of authorization - * chosen by the user: basic or OAuth - * - * @param checked 'True' when OAuth is selected. + * Changes the visibility of input elements depending on + * the current authorization method. */ - public void changeViewByOAuth2Check(Boolean checked) { - - if (checked) { + private void adaptViewAccordingToAuthenticationMethod () { + if (AccountAuthenticator.AUTH_TOKEN_TYPE_ACCESS_TOKEN.equals(mCurrentAuthTokenType)) { + // OAuth 2 authorization mOAuthAuthEndpointText.setVisibility(View.VISIBLE); mOAuthTokenEndpointText.setVisibility(View.VISIBLE); mUsernameInput.setVisibility(View.GONE); mPasswordInput.setVisibility(View.GONE); + mAccountNameInput.setVisibility(View.GONE); + + } else if (AccountAuthenticator.AUTH_TOKEN_TYPE_SAML_WEB_SSO_SESSION_COOKIE.equals(mCurrentAuthTokenType)) { + // SAML-based web Single Sign On + mOAuthAuthEndpointText.setVisibility(View.GONE); + mOAuthTokenEndpointText.setVisibility(View.GONE); + mUsernameInput.setVisibility(View.GONE); + mPasswordInput.setVisibility(View.GONE); + mAccountNameInput.setVisibility(View.VISIBLE); } else { + // basic HTTP authorization mOAuthAuthEndpointText.setVisibility(View.GONE); mOAuthTokenEndpointText.setVisibility(View.GONE); mUsernameInput.setVisibility(View.VISIBLE); mPasswordInput.setVisibility(View.VISIBLE); - } - - } - + mAccountNameInput.setVisibility(View.GONE); + } + } + /** * Called from SslValidatorDialog when a new server certificate was correctly saved. */ @@ -1352,4 +1481,42 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList public abstract boolean onDrawableTouch(final MotionEvent event); } + + public void onSamlDialogSuccess(String sessionCookie){ + mAuthToken = sessionCookie; + + if (sessionCookie != null && sessionCookie.length() > 0) { + Log_OC.d(TAG, "Successful SSO - time to save the account"); + mAuthToken = sessionCookie; + if (mAction == ACTION_CREATE) { + createAccount(); + + } else { + updateToken(); + } + + finish(); + + } + } + + + + @Override + public void onSsoFinished(String sessionCookie) { + //Toast.makeText(this, "got cookies: " + sessionCookie, Toast.LENGTH_LONG).show(); + + if (sessionCookie != null && sessionCookie.length() > 0) { + Log_OC.d(TAG, "Successful SSO - time to save the account"); + onSamlDialogSuccess(sessionCookie); + finish(); + + } else { + // TODO - show fail + Log_OC.d(TAG, "SSO failed"); + } + } + + + } diff --git a/src/com/owncloud/android/authentication/SsoWebViewClient.java b/src/com/owncloud/android/authentication/SsoWebViewClient.java new file mode 100644 index 00000000..475b88db --- /dev/null +++ b/src/com/owncloud/android/authentication/SsoWebViewClient.java @@ -0,0 +1,160 @@ +/* ownCloud Android client application + * Copyright (C) 2012-2013 ownCloud Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ + +package com.owncloud.android.authentication; + +import java.lang.ref.WeakReference; + +import android.graphics.Bitmap; +import android.os.Handler; +import android.view.View; +import android.webkit.CookieManager; +import android.webkit.WebView; +import android.webkit.WebViewClient; + +import com.owncloud.android.Log_OC; + +/** + * Custom {@link WebViewClient} client aimed to catch the end of a single-sign-on process + * running in the {@link WebView} that is attached to. + * + * Assumes that the single-sign-on is kept thanks to a cookie set at the end of the + * authentication process. + * + * @author David A. Velasco + */ +public class SsoWebViewClient extends WebViewClient { + + private static final String TAG = SsoWebViewClient.class.getSimpleName(); + + public interface SsoWebViewClientListener { + public void onSsoFinished(String sessionCookie); + } + + private Handler mListenerHandler; + private WeakReference mListenerRef; + private String mTargetUrl; + + public SsoWebViewClient (Handler listenerHandler, SsoWebViewClientListener listener) { + mListenerHandler = listenerHandler; + mListenerRef = new WeakReference(listener); + mTargetUrl = "fake://url.to.be.set"; + } + + public String getTargetUrl() { + return mTargetUrl; + } + + public void setTargetUrl(String targetUrl) { + mTargetUrl = targetUrl; + } + + @Override + public void onPageStarted (WebView view, String url, Bitmap favicon) { + //Log_OC.e(TAG, "onPageStarted : " + url); + if (url.startsWith(mTargetUrl)) { + view.setVisibility(View.GONE); + CookieManager cookieManager = CookieManager.getInstance(); + final String cookies = cookieManager.getCookie(url); + if (mListenerHandler != null && mListenerRef != null) { + // this is good idea because onPageStarted is not running in the UI thread + mListenerHandler.post(new Runnable() { + @Override + public void run() { + SsoWebViewClientListener listener = mListenerRef.get(); + if (listener != null) { + listener.onSsoFinished(cookies); + } + } + }); + } + } + } + + @Override + public boolean shouldOverrideUrlLoading(WebView view, String url) { + //view.loadUrl(url); + return false; + } + + @Override + public void onReceivedError (WebView view, int errorCode, String description, String failingUrl) { + Log_OC.e(TAG, "onReceivedError : " + failingUrl); + } + + /* + + @Override + public void doUpdateVisitedHistory (WebView view, String url, boolean isReload) { + Log_OC.e(TAG, "doUpdateVisitedHistory : " + url); + } + + @Override + public void onReceivedSslError (WebView view, SslErrorHandler handler, SslError error) { + Log_OC.e(TAG, "onReceivedSslError : " + error); + } + + @Override + public void onReceivedHttpAuthRequest (WebView view, HttpAuthHandler handler, String host, String realm) { + Log_OC.e(TAG, "onReceivedHttpAuthRequest : " + host); + } + + @Override + public void onPageFinished (WebView view, String url) { + Log_OC.e(TAG, "onPageFinished : " + url); + } + + @Override + public WebResourceResponse shouldInterceptRequest (WebView view, String url) { + Log_OC.e(TAG, "shouldInterceptRequest : " + url); + return null; + } + + @Override + public void onLoadResource (WebView view, String url) { + Log_OC.e(TAG, "onLoadResource : " + url); + } + + @Override + public void onFormResubmission (WebView view, Message dontResend, Message resend) { + Log_OC.e(TAG, "onFormResubMission "); + super.onFormResubmission(view, dontResend, resend); + } + + @Override + public void onReceivedLoginRequest (WebView view, String realm, String account, String args) { + Log_OC.e(TAG, "onReceivedLoginRequest : " + realm + ", " + account + ", " + args); + } + + @Override + public void onScaleChanged (WebView view, float oldScale, float newScale) { + Log_OC.e(TAG, "onScaleChanged : " + oldScale + " -> " + newScale); + } + + @Override + public void onUnhandledKeyEvent (WebView view, KeyEvent event) { + Log_OC.e(TAG, "onUnhandledKeyEvent : " + event); + } + + @Override + public boolean shouldOverrideKeyEvent (WebView view, KeyEvent event) { + Log_OC.e(TAG, "shouldOverrideKeyEvent : " + event); + return false; + } + + */ +} diff --git a/src/com/owncloud/android/network/OwnCloudClientUtils.java b/src/com/owncloud/android/network/OwnCloudClientUtils.java index 04fb7ac6..17abf6f8 100644 --- a/src/com/owncloud/android/network/OwnCloudClientUtils.java +++ b/src/com/owncloud/android/network/OwnCloudClientUtils.java @@ -90,12 +90,16 @@ public class OwnCloudClientUtils { //Log_OC.d(TAG, "Creating WebdavClient associated to " + account.name); Uri uri = Uri.parse(AccountUtils.constructFullURLForAccount(appContext, account)); - WebdavClient client = createOwnCloudClient(uri, appContext); + WebdavClient client = createOwnCloudClient(uri, appContext, true); AccountManager am = AccountManager.get(appContext); if (am.getUserData(account, AccountAuthenticator.KEY_SUPPORTS_OAUTH2) != null) { // TODO avoid a call to getUserData here String accessToken = am.blockingGetAuthToken(account, AccountAuthenticator.AUTH_TOKEN_TYPE_ACCESS_TOKEN, false); client.setBearerCredentials(accessToken); // TODO not assume that the access token is a bearer token + } else if (am.getUserData(account, AccountAuthenticator.KEY_SUPPORTS_SAML_WEB_SSO) != null) { // TODO avoid a call to getUserData here + String accessToken = am.blockingGetAuthToken(account, AccountAuthenticator.AUTH_TOKEN_TYPE_SAML_WEB_SSO_SESSION_COOKIE, false); + client.setSsoSessionCookie(accessToken); + } else { String username = account.name.substring(0, account.name.lastIndexOf('@')); //String password = am.getPassword(account); @@ -109,16 +113,22 @@ public class OwnCloudClientUtils { public static WebdavClient createOwnCloudClient (Account account, Context appContext, Activity currentActivity) throws OperationCanceledException, AuthenticatorException, IOException, AccountNotFoundException { Uri uri = Uri.parse(AccountUtils.constructFullURLForAccount(appContext, account)); - WebdavClient client = createOwnCloudClient(uri, appContext); + WebdavClient client = createOwnCloudClient(uri, appContext, true); AccountManager am = AccountManager.get(appContext); if (am.getUserData(account, AccountAuthenticator.KEY_SUPPORTS_OAUTH2) != null) { // TODO avoid a call to getUserData here AccountManagerFuture future = am.getAuthToken(account, AccountAuthenticator.AUTH_TOKEN_TYPE_ACCESS_TOKEN, null, currentActivity, null, null); Bundle result = future.getResult(); String accessToken = result.getString(AccountManager.KEY_AUTHTOKEN); - //String accessToken = am.blockingGetAuthToken(account, AccountAuthenticator.AUTH_TOKEN_TYPE_ACCESS_TOKEN, false); if (accessToken == null) throw new AuthenticatorException("WTF!"); client.setBearerCredentials(accessToken); // TODO not assume that the access token is a bearer token - + + } else if (am.getUserData(account, AccountAuthenticator.KEY_SUPPORTS_SAML_WEB_SSO) != null) { // TODO avoid a call to getUserData here + AccountManagerFuture future = am.getAuthToken(account, AccountAuthenticator.AUTH_TOKEN_TYPE_SAML_WEB_SSO_SESSION_COOKIE, null, currentActivity, null, null); + Bundle result = future.getResult(); + String accessToken = result.getString(AccountManager.KEY_AUTHTOKEN); + if (accessToken == null) throw new AuthenticatorException("WTF!"); + client.setSsoSessionCookie(accessToken); + } else { String username = account.name.substring(0, account.name.lastIndexOf('@')); //String password = am.getPassword(account); @@ -139,10 +149,7 @@ public class OwnCloudClientUtils { * @param context Android context where the WebdavClient is being created. * @return A WebdavClient object ready to be used */ - public static WebdavClient createOwnCloudClient(Uri uri, Context context) { - //Log_OC.d(TAG, "Creating WebdavClient for " + uri); - - //allowSelfsignedCertificates(true); + public static WebdavClient createOwnCloudClient(Uri uri, Context context, boolean followRedirects) { try { registerAdvancedSslContext(true, context); } catch (GeneralSecurityException e) { @@ -156,6 +163,7 @@ public class OwnCloudClientUtils { client.setDefaultTimeouts(DEFAULT_DATA_TIMEOUT, DEFAULT_CONNECTION_TIMEOUT); client.setBaseUri(uri); + client.setFollowRedirects(followRedirects); return client; } diff --git a/src/com/owncloud/android/operations/ExistenceCheckOperation.java b/src/com/owncloud/android/operations/ExistenceCheckOperation.java index 10939865..e404a6f8 100644 --- a/src/com/owncloud/android/operations/ExistenceCheckOperation.java +++ b/src/com/owncloud/android/operations/ExistenceCheckOperation.java @@ -69,7 +69,7 @@ public class ExistenceCheckOperation extends RemoteOperation { int status = client.executeMethod(head, TIMEOUT, TIMEOUT); client.exhaustResponse(head.getResponseBodyAsStream()); boolean success = (status == HttpStatus.SC_OK && !mSuccessIfAbsent) || (status == HttpStatus.SC_NOT_FOUND && mSuccessIfAbsent); - result = new RemoteOperationResult(success, status); + result = new RemoteOperationResult(success, status, head.getResponseHeaders()); Log_OC.d(TAG, "Existence check for " + client.getBaseUri() + mPath + " targeting for " + (mSuccessIfAbsent ? " absence " : " existence ") + "finished with HTTP status " + status + (!success?"(FAIL)":"")); } catch (Exception e) { diff --git a/src/com/owncloud/android/operations/RemoteOperation.java b/src/com/owncloud/android/operations/RemoteOperation.java index 711a72b0..9afb856f 100644 --- a/src/com/owncloud/android/operations/RemoteOperation.java +++ b/src/com/owncloud/android/operations/RemoteOperation.java @@ -278,4 +278,5 @@ public abstract class RemoteOperation implements Runnable { return mClient; } + } diff --git a/src/com/owncloud/android/operations/RemoteOperationResult.java b/src/com/owncloud/android/operations/RemoteOperationResult.java index 60cdcb2b..cc2ee67f 100644 --- a/src/com/owncloud/android/operations/RemoteOperationResult.java +++ b/src/com/owncloud/android/operations/RemoteOperationResult.java @@ -24,10 +24,12 @@ import java.net.MalformedURLException; import java.net.SocketException; import java.net.SocketTimeoutException; import java.net.UnknownHostException; +import java.util.Map; import javax.net.ssl.SSLException; import org.apache.commons.httpclient.ConnectTimeoutException; +import org.apache.commons.httpclient.Header; import org.apache.commons.httpclient.HttpException; import org.apache.commons.httpclient.HttpStatus; import org.apache.jackrabbit.webdav.DavException; @@ -50,7 +52,7 @@ import com.owncloud.android.network.CertificateCombinedException; public class RemoteOperationResult implements Serializable { /** Generated - should be refreshed every time the class changes!! */ - private static final long serialVersionUID = 6106167714625712390L; + private static final long serialVersionUID = 3267227833178885664L; private static final String TAG = "RemoteOperationResult"; @@ -91,6 +93,7 @@ public class RemoteOperationResult implements Serializable { private int mHttpCode = -1; private Exception mException = null; private ResultCode mCode = ResultCode.UNKNOWN_ERROR; + private String mRedirectedLocation; public RemoteOperationResult(ResultCode code) { mCode = code; @@ -123,10 +126,24 @@ public class RemoteOperationResult implements Serializable { break; default: mCode = ResultCode.UNHANDLED_HTTP_CODE; - Log_OC.d(TAG, "RemoteOperationResult has prcessed UNHANDLED_HTTP_CODE: " + httpCode); + Log_OC.d(TAG, "RemoteOperationResult has processed UNHANDLED_HTTP_CODE: " + httpCode); } } } + + public RemoteOperationResult(boolean success, int httpCode, Header[] headers) { + this(success, httpCode); + if (headers != null) { + Header current; + for (int i=0; i 0) { + method.setRequestHeader("Cookie", mSsoSessionCookie); + } + return super.executeMethod(method); + } + /** * Exhausts a not interesting HTTP response. Encouraged by HttpClient documentation. @@ -185,6 +205,10 @@ public class WebdavClient extends HttpClient { public final Credentials getCredentials() { return mCredentials; - } - + } + + public void setFollowRedirects(boolean followRedirects) { + mFollowRedirects = followRedirects; + } + }