From d2ee9062fad2591bcb91badbee1636812860a790 Mon Sep 17 00:00:00 2001 From: "David A. Velasco" Date: Tue, 30 Jul 2013 13:02:13 +0200 Subject: [PATCH] Configured embedded WebView to allow the single-sign-on process is completed and to catch the cookie setting the authorized session --- res/layout/account_setup.xml | 2 +- .../android/authentication/AccountUtils.java | 2 +- .../authentication/AuthenticatorActivity.java | 64 ++++++-- .../authentication/SsoWebViewClient.java | 142 ++++++++++++++++++ .../android/network/OwnCloudClientUtils.java | 10 +- .../operations/ExistenceCheckOperation.java | 2 +- .../android/operations/RemoteOperation.java | 1 + .../operations/RemoteOperationResult.java | 27 +++- src/eu/alefzero/webdav/WebdavClient.java | 21 ++- 9 files changed, 234 insertions(+), 37 deletions(-) create mode 100644 src/com/owncloud/android/authentication/SsoWebViewClient.java diff --git a/res/layout/account_setup.xml b/res/layout/account_setup.xml index 7cac19e2d4..9a325ee817 100644 --- a/res/layout/account_setup.xml +++ b/res/layout/account_setup.xml @@ -137,7 +137,7 @@ diff --git a/src/com/owncloud/android/authentication/AccountUtils.java b/src/com/owncloud/android/authentication/AccountUtils.java index 639a3b9d8b..a4bc77816d 100644 --- a/src/com/owncloud/android/authentication/AccountUtils.java +++ b/src/com/owncloud/android/authentication/AccountUtils.java @@ -32,7 +32,7 @@ public class AccountUtils { public static final String WEBDAV_PATH_2_0 = "/files/webdav.php"; public static final String WEBDAV_PATH_4_0 = "/remote.php/webdav"; private static final String ODAV_PATH = "/remote.php/odav"; - private static final String SAML_SSO_PATH = "/ocShibAuth"; + private static final String SAML_SSO_PATH = "/remote.php/webdav"; public static final String CARDDAV_PATH_2_0 = "/apps/contacts/carddav.php"; public static final String CARDDAV_PATH_4_0 = "/remote/carddav.php"; public static final String STATUS_PATH = "/status.php"; diff --git a/src/com/owncloud/android/authentication/AuthenticatorActivity.java b/src/com/owncloud/android/authentication/AuthenticatorActivity.java index 35496c3b76..e2ab037878 100644 --- a/src/com/owncloud/android/authentication/AuthenticatorActivity.java +++ b/src/com/owncloud/android/authentication/AuthenticatorActivity.java @@ -34,6 +34,7 @@ import com.owncloud.android.operations.RemoteOperationResult.ResultCode; import android.accounts.Account; import android.accounts.AccountAuthenticatorActivity; import android.accounts.AccountManager; +import android.annotation.SuppressLint; import android.app.AlertDialog; import android.app.Dialog; import android.app.ProgressDialog; @@ -57,6 +58,8 @@ import android.view.View.OnFocusChangeListener; import android.view.View.OnTouchListener; import android.view.Window; import android.view.inputmethod.EditorInfo; +import android.webkit.CookieManager; +import android.webkit.WebSettings; import android.webkit.WebView; import android.widget.CheckBox; import android.widget.EditText; @@ -149,7 +152,8 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList private TextView mOAuthTokenEndpointText; private TextView mAccountNameInput; - private WebView mWebSsoView; + private WebView mSsoWebView; + private SsoWebViewClient mWebViewClient; private View mOkButton; @@ -174,7 +178,7 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList mOAuthTokenEndpointText = (TextView)findViewById(R.id.oAuthEntryPoint_2); mOAuth2Check = (CheckBox) findViewById(R.id.oauth_onOff_check); mAccountNameInput = (EditText) findViewById(R.id.account_name); - mWebSsoView = (WebView) findViewById(R.id.web_sso_view); + mSsoWebView = (WebView) findViewById(R.id.web_sso_view); mOkButton = findViewById(R.id.buttonOK); mAuthStatusLayout = (TextView) findViewById(R.id.auth_status_text); @@ -231,7 +235,7 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList if (mAction == ACTION_UPDATE_TOKEN || !mHostUrlInputEnabled) { checkOcServer(); } - + } else { /// connection state and info mServerIsValid = savedInstanceState.getBoolean(KEY_SERVER_VALID); @@ -254,7 +258,10 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList // account data, if updating mAccount = savedInstanceState.getParcelable(KEY_ACCOUNT); - mCurrentAuthTokenType = savedInstanceState.getString(AccountAuthenticator.KEY_AUTH_TOKEN_TYPE, AccountAuthenticator.AUTH_TOKEN_TYPE_PASSWORD); + mCurrentAuthTokenType = savedInstanceState.getString(AccountAuthenticator.KEY_AUTH_TOKEN_TYPE); + if (mCurrentAuthTokenType == null) { + mCurrentAuthTokenType = AccountAuthenticator.AUTH_TOKEN_TYPE_PASSWORD; + } // check if server check was interrupted by a configuration change if (savedInstanceState.getBoolean(KEY_SERVER_CHECK_IN_PROGRESS, false)) { @@ -291,7 +298,7 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList mPasswordInput.setText(""); // clean password to avoid social hacking (disadvantage: password in removed if the device is turned aside) - /// bind view elements to listeners + /// bind view elements to listeners and other friends mHostUrlInput.setOnFocusChangeListener(this); mHostUrlInput.addTextChangedListener(new TextWatcher() { @@ -320,7 +327,24 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList } return true; } - }); + }); + + } + + @SuppressLint("SetJavaScriptEnabled") + private void initWebView() { + CookieManager cookieManager = CookieManager.getInstance(); + cookieManager.setAcceptCookie(true); + //cookieManager.removeSessionCookie(); + + mWebViewClient = new SsoWebViewClient(this); + mSsoWebView.setWebViewClient(mWebViewClient); + WebSettings webSettings = mSsoWebView.getSettings(); + webSettings.setJavaScriptEnabled(true); + webSettings.setBuiltInZoomControls(true); + webSettings.setLoadWithOverviewMode(false); + webSettings.setSavePassword(false); + webSettings.setUserAgentString(WebdavClient.USER_AGENT); } private void initAuthorizationMethod() { @@ -456,7 +480,7 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList getString(R.string.oauth2_grant_type), queryParameters); //WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(getString(R.string.oauth2_url_endpoint_access)), getApplicationContext()); - WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(mOAuthTokenEndpointText.getText().toString().trim()), getApplicationContext()); + WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(mOAuthTokenEndpointText.getText().toString().trim()), getApplicationContext(), true); operation.execute(client, this, mHandler); } @@ -520,7 +544,7 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList mServerStatusIcon = R.drawable.progress_small; showServerStatus(); mOcServerChkOperation = new OwnCloudServerCheckOperation(uri, this); - WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(uri), this); + WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(uri), this, true); mOperationThread = mOcServerChkOperation.execute(client, this, mHandler); } else { mServerStatusText = 0; @@ -647,7 +671,7 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList /// test credentials accessing the root folder mAuthCheckOperation = new ExistenceCheckOperation("", this, false); - WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(mHostBaseUrl + webdav_path), this); + WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(mHostBaseUrl + webdav_path), this, true); client.setBasicCredentials(username, password); mOperationThread = mAuthCheckOperation.execute(client, this, mHandler); } @@ -684,12 +708,17 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList * in the server. */ private void startSamlBasedFederatedSingleSignOnAuthorization() { + // be gentle with the user + mAuthStatusIcon = R.drawable.progress_small; + mAuthStatusText = R.string.oauth_login_connection; + showAuthStatus(); + /// get the path to the root folder through WebDAV from the version server String webdav_path = AccountUtils.getWebdavPath(mDiscoveredVersion, mCurrentAuthTokenType); /// test credentials accessing the root folder mAuthCheckOperation = new ExistenceCheckOperation("", this, false); - WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(mHostBaseUrl + webdav_path), this); + WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(mHostBaseUrl + webdav_path), this, false); mOperationThread = mAuthCheckOperation.execute(client, this, mHandler); } @@ -709,7 +738,11 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList } else if (operation instanceof ExistenceCheckOperation) { if (AccountAuthenticator.AUTH_TOKEN_TYPE_SAML_WEB_SSO_SESSION_COOKIE.equals(mCurrentAuthTokenType)) { - Toast.makeText(this, result.getLogMessage(), Toast.LENGTH_LONG).show(); + if (result.isTemporalRedirection()) { + String url = result.getRedirectedLocation(); + mWebViewClient.setTargetUrl(mHostBaseUrl + AccountUtils.getWebdavPath(mDiscoveredVersion, mCurrentAuthTokenType)); + mSsoWebView.loadUrl(url); + } } else { onAuthorizationCheckFinish((ExistenceCheckOperation)operation, result); @@ -974,7 +1007,7 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList mOAuthAccessToken = ((OAuth2GetAccessToken)operation).getResultTokenMap().get(OAuth2Constants.KEY_ACCESS_TOKEN); Log_OC.d(TAG, "Got ACCESS TOKEN: " + mOAuthAccessToken); mAuthCheckOperation = new ExistenceCheckOperation("", this, false); - WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(mHostBaseUrl + webdav_path), this); + WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(mHostBaseUrl + webdav_path), this, true); client.setBearerCredentials(mOAuthAccessToken); mAuthCheckOperation.execute(client, this, mHandler); @@ -1338,7 +1371,7 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList mUsernameInput.setVisibility(View.GONE); mPasswordInput.setVisibility(View.GONE); mAccountNameInput.setVisibility(View.GONE); - mWebSsoView.setVisibility(View.GONE); + mSsoWebView.setVisibility(View.GONE); } else if (AccountAuthenticator.AUTH_TOKEN_TYPE_SAML_WEB_SSO_SESSION_COOKIE.equals(mCurrentAuthTokenType)) { // SAML-based web Single Sign On @@ -1347,7 +1380,8 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList mUsernameInput.setVisibility(View.GONE); mPasswordInput.setVisibility(View.GONE); mAccountNameInput.setVisibility(View.VISIBLE); - mWebSsoView.setVisibility(View.VISIBLE); + mSsoWebView.setVisibility(View.VISIBLE); + initWebView(); } else { // basic HTTP authorization @@ -1356,7 +1390,7 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList mUsernameInput.setVisibility(View.VISIBLE); mPasswordInput.setVisibility(View.VISIBLE); mAccountNameInput.setVisibility(View.GONE); - mWebSsoView.setVisibility(View.GONE); + mSsoWebView.setVisibility(View.GONE); } } diff --git a/src/com/owncloud/android/authentication/SsoWebViewClient.java b/src/com/owncloud/android/authentication/SsoWebViewClient.java new file mode 100644 index 0000000000..9d78d6a84b --- /dev/null +++ b/src/com/owncloud/android/authentication/SsoWebViewClient.java @@ -0,0 +1,142 @@ +/* ownCloud Android client application + * Copyright (C) 2012-2013 ownCloud Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ + +package com.owncloud.android.authentication; + +import android.content.Context; +import android.graphics.Bitmap; +import android.view.View; +import android.webkit.CookieManager; +import android.webkit.WebView; +import android.webkit.WebViewClient; +import android.widget.Toast; + +import com.owncloud.android.Log_OC; + +/** + * Custom {@link WebViewClient} client aimed to catch the end of a single-sign-on process + * running in the {@link WebView} that is attached to. + * + * Assumes that the single-sign-on is kept thanks to a cookie set at the end of the + * authentication process. + * + * @author David A. Velasco + */ +public class SsoWebViewClient extends WebViewClient { + + private static final String TAG = SsoWebViewClient.class.getSimpleName(); + + private Context mContext; + private String mTargetUrl; + + public SsoWebViewClient (Context context) { + mContext = context; + mTargetUrl = "fake://url.to.be.set"; + } + + public String getTargetUrl() { + return mTargetUrl; + } + + public void setTargetUrl(String targetUrl) { + mTargetUrl = targetUrl; + } + + @Override + public void onPageStarted (WebView view, String url, Bitmap favicon) { + //Log_OC.e(TAG, "onPageStarted : " + url); + if (url.startsWith(mTargetUrl)) { + view.setVisibility(View.GONE); + CookieManager cookieManager = CookieManager.getInstance(); + String cookies = cookieManager.getCookie(url); + Toast.makeText(mContext, "got cookies: " + cookies, Toast.LENGTH_LONG).show(); + } + } + + @Override + public boolean shouldOverrideUrlLoading(WebView view, String url) { + //view.loadUrl(url); + return false; + } + + @Override + public void onReceivedError (WebView view, int errorCode, String description, String failingUrl) { + Log_OC.e(TAG, "onReceivedError : " + failingUrl); + } + + /* + + @Override + public void doUpdateVisitedHistory (WebView view, String url, boolean isReload) { + Log_OC.e(TAG, "doUpdateVisitedHistory : " + url); + } + + @Override + public void onPageFinished (WebView view, String url) { + Log_OC.e(TAG, "onPageFinished : " + url); + } + + @Override + public void onReceivedSslError (WebView view, SslErrorHandler handler, SslError error) { + Log_OC.e(TAG, "onReceivedSslError : " + error); + } + + @Override + public void onReceivedHttpAuthRequest (WebView view, HttpAuthHandler handler, String host, String realm) { + Log_OC.e(TAG, "onReceivedHttpAuthRequest : " + host); + } + + @Override + public WebResourceResponse shouldInterceptRequest (WebView view, String url) { + Log_OC.e(TAG, "shouldInterceptRequest : " + url); + return null; + } + + @Override + public void onLoadResource (WebView view, String url) { + Log_OC.e(TAG, "onLoadResource : " + url); + } + + @Override + public void onFormResubmission (WebView view, Message dontResend, Message resend) { + Log_OC.e(TAG, "onFormResubMission "); + super.onFormResubmission(view, dontResend, resend); + } + + @Override + public void onReceivedLoginRequest (WebView view, String realm, String account, String args) { + Log_OC.e(TAG, "onReceivedLoginRequest : " + realm + ", " + account + ", " + args); + } + + @Override + public void onScaleChanged (WebView view, float oldScale, float newScale) { + Log_OC.e(TAG, "onScaleChanged : " + oldScale + " -> " + newScale); + } + + @Override + public void onUnhandledKeyEvent (WebView view, KeyEvent event) { + Log_OC.e(TAG, "onUnhandledKeyEvent : " + event); + } + + @Override + public boolean shouldOverrideKeyEvent (WebView view, KeyEvent event) { + Log_OC.e(TAG, "shouldOverrideKeyEvent : " + event); + return false; + } + + */ +} diff --git a/src/com/owncloud/android/network/OwnCloudClientUtils.java b/src/com/owncloud/android/network/OwnCloudClientUtils.java index 04fb7ac6ae..500cf9a2f2 100644 --- a/src/com/owncloud/android/network/OwnCloudClientUtils.java +++ b/src/com/owncloud/android/network/OwnCloudClientUtils.java @@ -90,7 +90,7 @@ public class OwnCloudClientUtils { //Log_OC.d(TAG, "Creating WebdavClient associated to " + account.name); Uri uri = Uri.parse(AccountUtils.constructFullURLForAccount(appContext, account)); - WebdavClient client = createOwnCloudClient(uri, appContext); + WebdavClient client = createOwnCloudClient(uri, appContext, true); AccountManager am = AccountManager.get(appContext); if (am.getUserData(account, AccountAuthenticator.KEY_SUPPORTS_OAUTH2) != null) { // TODO avoid a call to getUserData here String accessToken = am.blockingGetAuthToken(account, AccountAuthenticator.AUTH_TOKEN_TYPE_ACCESS_TOKEN, false); @@ -109,7 +109,7 @@ public class OwnCloudClientUtils { public static WebdavClient createOwnCloudClient (Account account, Context appContext, Activity currentActivity) throws OperationCanceledException, AuthenticatorException, IOException, AccountNotFoundException { Uri uri = Uri.parse(AccountUtils.constructFullURLForAccount(appContext, account)); - WebdavClient client = createOwnCloudClient(uri, appContext); + WebdavClient client = createOwnCloudClient(uri, appContext, true); AccountManager am = AccountManager.get(appContext); if (am.getUserData(account, AccountAuthenticator.KEY_SUPPORTS_OAUTH2) != null) { // TODO avoid a call to getUserData here AccountManagerFuture future = am.getAuthToken(account, AccountAuthenticator.AUTH_TOKEN_TYPE_ACCESS_TOKEN, null, currentActivity, null, null); @@ -139,10 +139,7 @@ public class OwnCloudClientUtils { * @param context Android context where the WebdavClient is being created. * @return A WebdavClient object ready to be used */ - public static WebdavClient createOwnCloudClient(Uri uri, Context context) { - //Log_OC.d(TAG, "Creating WebdavClient for " + uri); - - //allowSelfsignedCertificates(true); + public static WebdavClient createOwnCloudClient(Uri uri, Context context, boolean followRedirects) { try { registerAdvancedSslContext(true, context); } catch (GeneralSecurityException e) { @@ -156,6 +153,7 @@ public class OwnCloudClientUtils { client.setDefaultTimeouts(DEFAULT_DATA_TIMEOUT, DEFAULT_CONNECTION_TIMEOUT); client.setBaseUri(uri); + client.setFollowRedirects(followRedirects); return client; } diff --git a/src/com/owncloud/android/operations/ExistenceCheckOperation.java b/src/com/owncloud/android/operations/ExistenceCheckOperation.java index 10939865fb..e404a6f8d9 100644 --- a/src/com/owncloud/android/operations/ExistenceCheckOperation.java +++ b/src/com/owncloud/android/operations/ExistenceCheckOperation.java @@ -69,7 +69,7 @@ public class ExistenceCheckOperation extends RemoteOperation { int status = client.executeMethod(head, TIMEOUT, TIMEOUT); client.exhaustResponse(head.getResponseBodyAsStream()); boolean success = (status == HttpStatus.SC_OK && !mSuccessIfAbsent) || (status == HttpStatus.SC_NOT_FOUND && mSuccessIfAbsent); - result = new RemoteOperationResult(success, status); + result = new RemoteOperationResult(success, status, head.getResponseHeaders()); Log_OC.d(TAG, "Existence check for " + client.getBaseUri() + mPath + " targeting for " + (mSuccessIfAbsent ? " absence " : " existence ") + "finished with HTTP status " + status + (!success?"(FAIL)":"")); } catch (Exception e) { diff --git a/src/com/owncloud/android/operations/RemoteOperation.java b/src/com/owncloud/android/operations/RemoteOperation.java index 711a72b087..9afb856fd0 100644 --- a/src/com/owncloud/android/operations/RemoteOperation.java +++ b/src/com/owncloud/android/operations/RemoteOperation.java @@ -278,4 +278,5 @@ public abstract class RemoteOperation implements Runnable { return mClient; } + } diff --git a/src/com/owncloud/android/operations/RemoteOperationResult.java b/src/com/owncloud/android/operations/RemoteOperationResult.java index 60cdcb2bfa..57d7b0adfd 100644 --- a/src/com/owncloud/android/operations/RemoteOperationResult.java +++ b/src/com/owncloud/android/operations/RemoteOperationResult.java @@ -24,10 +24,12 @@ import java.net.MalformedURLException; import java.net.SocketException; import java.net.SocketTimeoutException; import java.net.UnknownHostException; +import java.util.Map; import javax.net.ssl.SSLException; import org.apache.commons.httpclient.ConnectTimeoutException; +import org.apache.commons.httpclient.Header; import org.apache.commons.httpclient.HttpException; import org.apache.commons.httpclient.HttpStatus; import org.apache.jackrabbit.webdav.DavException; @@ -50,7 +52,7 @@ import com.owncloud.android.network.CertificateCombinedException; public class RemoteOperationResult implements Serializable { /** Generated - should be refreshed every time the class changes!! */ - private static final long serialVersionUID = 6106167714625712390L; + private static final long serialVersionUID = 3267227833178885664L; private static final String TAG = "RemoteOperationResult"; @@ -91,6 +93,7 @@ public class RemoteOperationResult implements Serializable { private int mHttpCode = -1; private Exception mException = null; private ResultCode mCode = ResultCode.UNKNOWN_ERROR; + private String mRedirectedLocation; public RemoteOperationResult(ResultCode code) { mCode = code; @@ -127,6 +130,20 @@ public class RemoteOperationResult implements Serializable { } } } + + public RemoteOperationResult(boolean success, int httpCode, Header[] headers) { + this(success, httpCode); + if (headers != null) { + Header current; + for (int i=0; i= 0) { getHttpConnectionManager().getParams().setConnectionTimeout(connectionTimeout); } + method.setFollowRedirects(mFollowRedirects); return executeMethod(method); } finally { getParams().setSoTimeout(oldSoTimeout); @@ -185,6 +178,10 @@ public class WebdavClient extends HttpClient { public final Credentials getCredentials() { return mCredentials; + } + + public void setFollowRedirects(boolean followRedirects) { + mFollowRedirects = followRedirects; } }