mirrors/nextcloud-android
1
0
Fork 0
mirror of https://github.com/nextcloud/android.git synced 2024-11-23 13:45:35 +03:00
Code Issues Projects Releases Packages Wiki Activity

Configured embedded WebView to allow the single-sign-on process is completed and to catch the cookie setting the authorized session

Browse source
This commit is contained in:
David A. Velasco 2013-07-30 13:02:13 +02:00
parent 5a65ff53c2
commit d2ee9062fa
9 changed files with 234 additions and 37 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
res/layout/account_setup.xml
View file

@ -137,7 +137,7 @@
<WebView
android:id="@+id/web_sso_view"
android:layout_width="match_parent"
android:layout_width="wrap_content"
android:layout_height="wrap_content"
android:visibility="gone" />

2
src/com/owncloud/android/authentication/AccountUtils.java
View file

@ -32,7 +32,7 @@ public class AccountUtils {
public static final String WEBDAV_PATH_2_0 = "/files/webdav.php";
public static final String WEBDAV_PATH_4_0 = "/remote.php/webdav";
private static final String ODAV_PATH = "/remote.php/odav";
private static final String SAML_SSO_PATH = "/ocShibAuth";
private static final String SAML_SSO_PATH = "/remote.php/webdav";
public static final String CARDDAV_PATH_2_0 = "/apps/contacts/carddav.php";
public static final String CARDDAV_PATH_4_0 = "/remote/carddav.php";
public static final String STATUS_PATH = "/status.php";

60
src/com/owncloud/android/authentication/AuthenticatorActivity.java
View file

@ -34,6 +34,7 @@ import com.owncloud.android.operations.RemoteOperationResult.ResultCode;
import android.accounts.Account;
import android.accounts.AccountAuthenticatorActivity;
import android.accounts.AccountManager;
import android.annotation.SuppressLint;
import android.app.AlertDialog;
import android.app.Dialog;
import android.app.ProgressDialog;
@ -57,6 +58,8 @@ import android.view.View.OnFocusChangeListener;
import android.view.View.OnTouchListener;
import android.view.Window;
import android.view.inputmethod.EditorInfo;
import android.webkit.CookieManager;
import android.webkit.WebSettings;
import android.webkit.WebView;
import android.widget.CheckBox;
import android.widget.EditText;
@ -149,7 +152,8 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList
private TextView mOAuthTokenEndpointText;
private TextView mAccountNameInput;
private WebView mWebSsoView;
private WebView mSsoWebView;
private SsoWebViewClient mWebViewClient;
private View mOkButton;
@ -174,7 +178,7 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList
mOAuthTokenEndpointText = (TextView)findViewById(R.id.oAuthEntryPoint_2);
mOAuth2Check = (CheckBox) findViewById(R.id.oauth_onOff_check);
mAccountNameInput = (EditText) findViewById(R.id.account_name);
mWebSsoView = (WebView) findViewById(R.id.web_sso_view);
mSsoWebView = (WebView) findViewById(R.id.web_sso_view);
mOkButton = findViewById(R.id.buttonOK);
mAuthStatusLayout = (TextView) findViewById(R.id.auth_status_text);
@ -254,7 +258,10 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList
// account data, if updating
mAccount = savedInstanceState.getParcelable(KEY_ACCOUNT);
mCurrentAuthTokenType = savedInstanceState.getString(AccountAuthenticator.KEY_AUTH_TOKEN_TYPE, AccountAuthenticator.AUTH_TOKEN_TYPE_PASSWORD);
mCurrentAuthTokenType = savedInstanceState.getString(AccountAuthenticator.KEY_AUTH_TOKEN_TYPE);
if (mCurrentAuthTokenType == null) {
mCurrentAuthTokenType = AccountAuthenticator.AUTH_TOKEN_TYPE_PASSWORD;
}
// check if server check was interrupted by a configuration change
if (savedInstanceState.getBoolean(KEY_SERVER_CHECK_IN_PROGRESS, false)) {
@ -291,7 +298,7 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList
mPasswordInput.setText(""); // clean password to avoid social hacking (disadvantage: password in removed if the device is turned aside)
/// bind view elements to listeners
/// bind view elements to listeners and other friends
mHostUrlInput.setOnFocusChangeListener(this);
mHostUrlInput.addTextChangedListener(new TextWatcher() {
@ -321,6 +328,23 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList
return true;
}
});
}
@SuppressLint("SetJavaScriptEnabled")
private void initWebView() {
CookieManager cookieManager = CookieManager.getInstance();
cookieManager.setAcceptCookie(true);
//cookieManager.removeSessionCookie();
mWebViewClient = new SsoWebViewClient(this);
mSsoWebView.setWebViewClient(mWebViewClient);
WebSettings webSettings = mSsoWebView.getSettings();
webSettings.setJavaScriptEnabled(true);
webSettings.setBuiltInZoomControls(true);
webSettings.setLoadWithOverviewMode(false);
webSettings.setSavePassword(false);
webSettings.setUserAgentString(WebdavClient.USER_AGENT);
}
private void initAuthorizationMethod() {
@ -456,7 +480,7 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList
getString(R.string.oauth2_grant_type),
queryParameters);
//WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(getString(R.string.oauth2_url_endpoint_access)), getApplicationContext());
WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(mOAuthTokenEndpointText.getText().toString().trim()), getApplicationContext());
WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(mOAuthTokenEndpointText.getText().toString().trim()), getApplicationContext(), true);
operation.execute(client, this, mHandler);
}
@ -520,7 +544,7 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList
mServerStatusIcon = R.drawable.progress_small;
showServerStatus();
mOcServerChkOperation = new OwnCloudServerCheckOperation(uri, this);
WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(uri), this);
WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(uri), this, true);
mOperationThread = mOcServerChkOperation.execute(client, this, mHandler);
} else {
mServerStatusText = 0;
@ -647,7 +671,7 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList
/// test credentials accessing the root folder
mAuthCheckOperation = new ExistenceCheckOperation("", this, false);
WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(mHostBaseUrl + webdav_path), this);
WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(mHostBaseUrl + webdav_path), this, true);
client.setBasicCredentials(username, password);
mOperationThread = mAuthCheckOperation.execute(client, this, mHandler);
}
@ -684,12 +708,17 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList
* in the server.
*/
private void startSamlBasedFederatedSingleSignOnAuthorization() {
// be gentle with the user
mAuthStatusIcon = R.drawable.progress_small;
mAuthStatusText = R.string.oauth_login_connection;
showAuthStatus();
/// get the path to the root folder through WebDAV from the version server
String webdav_path = AccountUtils.getWebdavPath(mDiscoveredVersion, mCurrentAuthTokenType);
/// test credentials accessing the root folder
mAuthCheckOperation = new ExistenceCheckOperation("", this, false);
WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(mHostBaseUrl + webdav_path), this);
WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(mHostBaseUrl + webdav_path), this, false);
mOperationThread = mAuthCheckOperation.execute(client, this, mHandler);
}
@ -709,7 +738,11 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList
} else if (operation instanceof ExistenceCheckOperation) {
if (AccountAuthenticator.AUTH_TOKEN_TYPE_SAML_WEB_SSO_SESSION_COOKIE.equals(mCurrentAuthTokenType)) {
Toast.makeText(this, result.getLogMessage(), Toast.LENGTH_LONG).show();
if (result.isTemporalRedirection()) {
String url = result.getRedirectedLocation();
mWebViewClient.setTargetUrl(mHostBaseUrl + AccountUtils.getWebdavPath(mDiscoveredVersion, mCurrentAuthTokenType));
mSsoWebView.loadUrl(url);
}
} else {
onAuthorizationCheckFinish((ExistenceCheckOperation)operation, result);
@ -974,7 +1007,7 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList
mOAuthAccessToken = ((OAuth2GetAccessToken)operation).getResultTokenMap().get(OAuth2Constants.KEY_ACCESS_TOKEN);
Log_OC.d(TAG, "Got ACCESS TOKEN: " + mOAuthAccessToken);
mAuthCheckOperation = new ExistenceCheckOperation("", this, false);
WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(mHostBaseUrl + webdav_path), this);
WebdavClient client = OwnCloudClientUtils.createOwnCloudClient(Uri.parse(mHostBaseUrl + webdav_path), this, true);
client.setBearerCredentials(mOAuthAccessToken);
mAuthCheckOperation.execute(client, this, mHandler);
@ -1338,7 +1371,7 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList
mUsernameInput.setVisibility(View.GONE);
mPasswordInput.setVisibility(View.GONE);
mAccountNameInput.setVisibility(View.GONE);
mWebSsoView.setVisibility(View.GONE);
mSsoWebView.setVisibility(View.GONE);
} else if (AccountAuthenticator.AUTH_TOKEN_TYPE_SAML_WEB_SSO_SESSION_COOKIE.equals(mCurrentAuthTokenType)) {
// SAML-based web Single Sign On
@ -1347,7 +1380,8 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList
mUsernameInput.setVisibility(View.GONE);
mPasswordInput.setVisibility(View.GONE);
mAccountNameInput.setVisibility(View.VISIBLE);
mWebSsoView.setVisibility(View.VISIBLE);
mSsoWebView.setVisibility(View.VISIBLE);
initWebView();
} else {
// basic HTTP authorization
@ -1356,7 +1390,7 @@ implements OnRemoteOperationListener, OnSslValidatorListener, OnFocusChangeList
mUsernameInput.setVisibility(View.VISIBLE);
mPasswordInput.setVisibility(View.VISIBLE);
mAccountNameInput.setVisibility(View.GONE);
mWebSsoView.setVisibility(View.GONE);
mSsoWebView.setVisibility(View.GONE);
}
}

142
src/com/owncloud/android/authentication/SsoWebViewClient.java Normal file
View file

@ -0,0 +1,142 @@
/* ownCloud Android client application
* Copyright (C) 2012-2013 ownCloud Inc.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2,
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
package com.owncloud.android.authentication;
import android.content.Context;
import android.graphics.Bitmap;
import android.view.View;
import android.webkit.CookieManager;
import android.webkit.WebView;
import android.webkit.WebViewClient;
import android.widget.Toast;
import com.owncloud.android.Log_OC;
/**
* Custom {@link WebViewClient} client aimed to catch the end of a single-sign-on process
* running in the {@link WebView} that is attached to.
*
* Assumes that the single-sign-on is kept thanks to a cookie set at the end of the
* authentication process.
*
* @author David A. Velasco
*/
public class SsoWebViewClient extends WebViewClient {
private static final String TAG = SsoWebViewClient.class.getSimpleName();
private Context mContext;
private String mTargetUrl;
public SsoWebViewClient (Context context) {
mContext = context;
mTargetUrl = "fake://url.to.be.set";
}
public String getTargetUrl() {
return mTargetUrl;
}
public void setTargetUrl(String targetUrl) {
mTargetUrl = targetUrl;
}
@Override
public void onPageStarted (WebView view, String url, Bitmap favicon) {
//Log_OC.e(TAG, "onPageStarted : " + url);
if (url.startsWith(mTargetUrl)) {
view.setVisibility(View.GONE);
CookieManager cookieManager = CookieManager.getInstance();
String cookies = cookieManager.getCookie(url);
Toast.makeText(mContext, "got cookies: " + cookies, Toast.LENGTH_LONG).show();
}
}
@Override
public boolean shouldOverrideUrlLoading(WebView view, String url) {
//view.loadUrl(url);
return false;
}
@Override
public void onReceivedError (WebView view, int errorCode, String description, String failingUrl) {
Log_OC.e(TAG, "onReceivedError : " + failingUrl);
}
/*
@Override
public void doUpdateVisitedHistory (WebView view, String url, boolean isReload) {
Log_OC.e(TAG, "doUpdateVisitedHistory : " + url);
}
@Override
public void onPageFinished (WebView view, String url) {
Log_OC.e(TAG, "onPageFinished : " + url);
}
@Override
public void onReceivedSslError (WebView view, SslErrorHandler handler, SslError error) {
Log_OC.e(TAG, "onReceivedSslError : " + error);
}
@Override
public void onReceivedHttpAuthRequest (WebView view, HttpAuthHandler handler, String host, String realm) {
Log_OC.e(TAG, "onReceivedHttpAuthRequest : " + host);
}
@Override
public WebResourceResponse shouldInterceptRequest (WebView view, String url) {
Log_OC.e(TAG, "shouldInterceptRequest : " + url);
return null;
}
@Override
public void onLoadResource (WebView view, String url) {
Log_OC.e(TAG, "onLoadResource : " + url);
}
@Override
public void onFormResubmission (WebView view, Message dontResend, Message resend) {
Log_OC.e(TAG, "onFormResubMission ");
super.onFormResubmission(view, dontResend, resend);
}
@Override
public void onReceivedLoginRequest (WebView view, String realm, String account, String args) {
Log_OC.e(TAG, "onReceivedLoginRequest : " + realm + ", " + account + ", " + args);
}
@Override
public void onScaleChanged (WebView view, float oldScale, float newScale) {
Log_OC.e(TAG, "onScaleChanged : " + oldScale + " -> " + newScale);
}
@Override
public void onUnhandledKeyEvent (WebView view, KeyEvent event) {
Log_OC.e(TAG, "onUnhandledKeyEvent : " + event);
}
@Override
public boolean shouldOverrideKeyEvent (WebView view, KeyEvent event) {
Log_OC.e(TAG, "shouldOverrideKeyEvent : " + event);
return false;
}
*/
}

10
src/com/owncloud/android/network/OwnCloudClientUtils.java
View file

@ -90,7 +90,7 @@ public class OwnCloudClientUtils {
//Log_OC.d(TAG, "Creating WebdavClient associated to " + account.name);
Uri uri = Uri.parse(AccountUtils.constructFullURLForAccount(appContext, account));
WebdavClient client = createOwnCloudClient(uri, appContext);
WebdavClient client = createOwnCloudClient(uri, appContext, true);
AccountManager am = AccountManager.get(appContext);
if (am.getUserData(account, AccountAuthenticator.KEY_SUPPORTS_OAUTH2) != null) { // TODO avoid a call to getUserData here
String accessToken = am.blockingGetAuthToken(account, AccountAuthenticator.AUTH_TOKEN_TYPE_ACCESS_TOKEN, false);
@ -109,7 +109,7 @@ public class OwnCloudClientUtils {
public static WebdavClient createOwnCloudClient (Account account, Context appContext, Activity currentActivity) throws OperationCanceledException, AuthenticatorException, IOException, AccountNotFoundException {
Uri uri = Uri.parse(AccountUtils.constructFullURLForAccount(appContext, account));
WebdavClient client = createOwnCloudClient(uri, appContext);
WebdavClient client = createOwnCloudClient(uri, appContext, true);
AccountManager am = AccountManager.get(appContext);
if (am.getUserData(account, AccountAuthenticator.KEY_SUPPORTS_OAUTH2) != null) { // TODO avoid a call to getUserData here
AccountManagerFuture<Bundle> future = am.getAuthToken(account, AccountAuthenticator.AUTH_TOKEN_TYPE_ACCESS_TOKEN, null, currentActivity, null, null);
@ -139,10 +139,7 @@ public class OwnCloudClientUtils {
* @param context Android context where the WebdavClient is being created.
* @return A WebdavClient object ready to be used
*/
public static WebdavClient createOwnCloudClient(Uri uri, Context context) {
//Log_OC.d(TAG, "Creating WebdavClient for " + uri);
//allowSelfsignedCertificates(true);
public static WebdavClient createOwnCloudClient(Uri uri, Context context, boolean followRedirects) {
try {
registerAdvancedSslContext(true, context);
} catch (GeneralSecurityException e) {
@ -156,6 +153,7 @@ public class OwnCloudClientUtils {
client.setDefaultTimeouts(DEFAULT_DATA_TIMEOUT, DEFAULT_CONNECTION_TIMEOUT);
client.setBaseUri(uri);
client.setFollowRedirects(followRedirects);
return client;
}

2
src/com/owncloud/android/operations/ExistenceCheckOperation.java
View file

@ -69,7 +69,7 @@ public class ExistenceCheckOperation extends RemoteOperation {
int status = client.executeMethod(head, TIMEOUT, TIMEOUT);
client.exhaustResponse(head.getResponseBodyAsStream());
boolean success = (status == HttpStatus.SC_OK && !mSuccessIfAbsent) || (status == HttpStatus.SC_NOT_FOUND && mSuccessIfAbsent);
result = new RemoteOperationResult(success, status);
result = new RemoteOperationResult(success, status, head.getResponseHeaders());
Log_OC.d(TAG, "Existence check for " + client.getBaseUri() + mPath + " targeting for " + (mSuccessIfAbsent ? " absence " : " existence ") + "finished with HTTP status " + status + (!success?"(FAIL)":""));
} catch (Exception e) {

1
src/com/owncloud/android/operations/RemoteOperation.java
View file

@ -278,4 +278,5 @@ public abstract class RemoteOperation implements Runnable {
return mClient;
}
}

27
src/com/owncloud/android/operations/RemoteOperationResult.java
View file

@ -24,10 +24,12 @@ import java.net.MalformedURLException;
import java.net.SocketException;
import java.net.SocketTimeoutException;
import java.net.UnknownHostException;
import java.util.Map;
import javax.net.ssl.SSLException;
import org.apache.commons.httpclient.ConnectTimeoutException;
import org.apache.commons.httpclient.Header;
import org.apache.commons.httpclient.HttpException;
import org.apache.commons.httpclient.HttpStatus;
import org.apache.jackrabbit.webdav.DavException;
@ -50,7 +52,7 @@ import com.owncloud.android.network.CertificateCombinedException;
public class RemoteOperationResult implements Serializable {
/** Generated - should be refreshed every time the class changes!! */
private static final long serialVersionUID = 6106167714625712390L;
private static final long serialVersionUID = 3267227833178885664L;
private static final String TAG = "RemoteOperationResult";
@ -91,6 +93,7 @@ public class RemoteOperationResult implements Serializable {
private int mHttpCode = -1;
private Exception mException = null;
private ResultCode mCode = ResultCode.UNKNOWN_ERROR;
private String mRedirectedLocation;
public RemoteOperationResult(ResultCode code) {
mCode = code;
@ -128,6 +131,20 @@ public class RemoteOperationResult implements Serializable {
}
}
public RemoteOperationResult(boolean success, int httpCode, Header[] headers) {
this(success, httpCode);
if (headers != null) {
Header current;
for (int i=0; i<headers.length; i++) {
current = headers[i];
if ("Location".equals(current.getName())) {
mRedirectedLocation = current.getValue();
break;
}
}
}
}
public RemoteOperationResult(Exception e) {
mException = e;
@ -295,4 +312,12 @@ public class RemoteOperationResult implements Serializable {
return (mException != null);
}
public boolean isTemporalRedirection() {
return (mHttpCode == 302 || mHttpCode == 307);
}
public String getRedirectedLocation() {
return mRedirectedLocation;
}
}

21
src/eu/alefzero/webdav/WebdavClient.java
View file

@ -18,34 +18,24 @@
package eu.alefzero.webdav;
import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.List;
import org.apache.commons.httpclient.Credentials;
import org.apache.commons.httpclient.HostConfiguration;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.HttpConnectionManager;
import org.apache.commons.httpclient.HttpException;
import org.apache.commons.httpclient.HttpMethod;
import org.apache.commons.httpclient.HttpMethodBase;
import org.apache.commons.httpclient.HttpState;
import org.apache.commons.httpclient.HttpVersion;
import org.apache.commons.httpclient.UsernamePasswordCredentials;
import org.apache.commons.httpclient.auth.AuthPolicy;
import org.apache.commons.httpclient.auth.AuthScope;
import org.apache.commons.httpclient.methods.GetMethod;
import org.apache.commons.httpclient.methods.HeadMethod;
import org.apache.commons.httpclient.methods.PutMethod;
import org.apache.commons.httpclient.params.HttpMethodParams;
import org.apache.http.HttpStatus;
import org.apache.http.params.CoreProtocolPNames;
import org.apache.jackrabbit.webdav.client.methods.DavMethod;
import org.apache.jackrabbit.webdav.client.methods.DeleteMethod;
import com.owncloud.android.Log_OC;
@ -57,10 +47,10 @@ import android.net.Uri;
public class WebdavClient extends HttpClient {
private Uri mUri;
private Credentials mCredentials;
private boolean mFollowRedirects;
final private static String TAG = "WebdavClient";
private static final String USER_AGENT = "Android-ownCloud";
public static final String USER_AGENT = "Android-ownCloud";
private OnDatatransferProgressListener mDataTransferListener;
static private byte[] sExhaustBuffer = new byte[1024];
/**
@ -71,6 +61,7 @@ public class WebdavClient extends HttpClient {
Log_OC.d(TAG, "Creating WebdavClient");
getParams().setParameter(HttpMethodParams.USER_AGENT, USER_AGENT);
getParams().setParameter(CoreProtocolPNames.PROTOCOL_VERSION, HttpVersion.HTTP_1_1);
mFollowRedirects = true;
}
public void setBearerCredentials(String accessToken) {
@ -105,6 +96,7 @@ public class WebdavClient extends HttpClient {
public boolean existsFile(String path) throws IOException, HttpException {
HeadMethod head = new HeadMethod(mUri.toString() + WebdavUtils.encodePath(path));
try {
head.setFollowRedirects(mFollowRedirects);
int status = executeMethod(head);
Log_OC.d(TAG, "HEAD to " + path + " finished with HTTP status " + status + ((status != HttpStatus.SC_OK)?"(FAIL)":""));
exhaustResponse(head.getResponseBodyAsStream());
@ -139,6 +131,7 @@ public class WebdavClient extends HttpClient {
if (connectionTimeout >= 0) {
getHttpConnectionManager().getParams().setConnectionTimeout(connectionTimeout);
}
method.setFollowRedirects(mFollowRedirects);
return executeMethod(method);
} finally {
getParams().setSoTimeout(oldSoTimeout);
@ -187,4 +180,8 @@ public class WebdavClient extends HttpClient {
return mCredentials;
}
public void setFollowRedirects(boolean followRedirects) {
mFollowRedirects = followRedirects;
}
}