feat(workspace): persist backend identity and metadata with Android account

import at.bitfire.davdroid.util.UserIdFetcher

import at.bitfire.davdroid.util.AuthStatePrefUtils

import at.bitfire.davdroid.util.setAndVerifyUserData

import at.bitfire.davdroid.workspace.MurenaWorkspaceDescriptor

import at.bitfire.ical4android.TaskProvider

import at.bitfire.vcard4android.GroupMethod

import dagger.hilt.EntryPoint

        const val AUTH_EXCEPTION_DETECTED = "auth_exception_detected"

        /** Workspace domain for Murena Workspace backend identity (bare domain, e.g. `"murena.io"`).

         * Stored at account creation; null for non-workspace or legacy accounts. */

        const val KEY_WORKSPACE_DOMAIN = "workspace_domain"

        /** OIDC issuer URL for Murena Workspace (e.g. `"https://accounts.murena.io/auth/realms/murena"`).

         * Populated after [at.bitfire.davdroid.workspace.MurenaOidcDiscovery.discover] succeeds;

         * null until discovery runs or if OIDC is not configured on the server. */

        const val KEY_WORKSPACE_OIDC_ISSUER = "workspace_oidc_issuer"

        /** Static property to indicate whether AccountSettings migration is currently running.

         * **Access must be `synchronized` with `AccountSettings::class.java`.** */

        @Volatile

        var currentlyUpdating = false

        fun initialUserData(credentials: Credentials?, url: String? = null, cookies: String? = null, email: String? = null): Bundle {

        fun initialUserData(

            credentials: Credentials?,

            url: String? = null,

            cookies: String? = null,

            email: String? = null,

            descriptor: MurenaWorkspaceDescriptor? = null

        ): Bundle {

            val bundle = Bundle()

            bundle.putString(KEY_SETTINGS_VERSION, CURRENT_VERSION.toString())

            bundle.putString(KEY_EVENT_COLORS, ENABLED_EVENT_COLORS)

            descriptor?.let {

                bundle.putString(KEY_WORKSPACE_DOMAIN, it.workspaceDomain)

                // oidcIssuer is null at creation time; stored later via persistWorkspaceDescriptor

            }

            addUserIdToBundle(

                bundle = bundle,

                url = url,

    }

    // workspace backend identity

    /** Returns the workspace domain stored with this account, or null for non-workspace or legacy accounts. */

    fun workspaceDomain(): String? =

        accountManager.getUserData(account, KEY_WORKSPACE_DOMAIN)

    /** Returns the OIDC issuer stored with this account, or null if discovery has not run yet. */

    fun oidcIssuer(): String? =

        accountManager.getUserData(account, KEY_WORKSPACE_OIDC_ISSUER)

    /**

     * Reconstructs a [MurenaWorkspaceDescriptor] from persisted account metadata.

     * Returns null if no workspace domain is stored (non-workspace or legacy account).

     */

    fun workspaceDescriptor(): MurenaWorkspaceDescriptor? {

        val domain = workspaceDomain() ?: return null

        return MurenaWorkspaceDescriptor(

            workspaceDomain = domain,

            oidcIssuer = oidcIssuer()

        )

    }

    /**

     * Persists the backend identity and resolved metadata from [descriptor] into this account's

     * user data. Call at account creation (to store [MurenaWorkspaceDescriptor.workspaceDomain])

     * and again after [at.bitfire.davdroid.workspace.MurenaOidcDiscovery.discover] succeeds

     * (to store [MurenaWorkspaceDescriptor.oidcIssuer]).

     */

    fun persistWorkspaceDescriptor(descriptor: MurenaWorkspaceDescriptor) {

        accountManager.setAndVerifyUserData(account, KEY_WORKSPACE_DOMAIN, descriptor.workspaceDomain)

        accountManager.setAndVerifyUserData(account, KEY_WORKSPACE_OIDC_ISSUER, descriptor.oidcIssuer)

    }

    // sync. settings

    /**

    fun isMurenaAccount(context: Context, account: Account): Boolean {

        val accountManager = AccountManager.get(context)

        // Explicit backend identity: workspace domain stored for accounts created after descriptor

        // persistence was introduced. Its presence is sufficient to identify a Murena Workspace account.

        val workspaceDomain = accountManager.getUserData(account, AccountSettings.KEY_WORKSPACE_DOMAIN)

        if (workspaceDomain != null) return true

        // Legacy path: derive identity from URL and account type for accounts that predate

        // workspace descriptor persistence.

        val urlData =

            accountManager.getUserData(account, Constants.KEY_OC_BASE_URL) ?: return false

import at.bitfire.davdroid.syncadapter.SyncAllAccountWorker

import at.bitfire.davdroid.syncadapter.SyncWorker

import at.bitfire.davdroid.util.AuthStatePrefUtils

import at.bitfire.davdroid.util.MurenaServerConfig

import at.bitfire.vcard4android.GroupMethod

import com.google.android.material.snackbar.Snackbar

import com.nextcloud.android.utils.AccountManagerUtils

                // During Murena SSO migration, `basicAuthMurenaAccount` will be non-null. Otherwise, always null.

                val account = basicAuthMurenaAccount ?: getOrCreateAccount(name, accountType)

                val userData = AccountSettings.initialUserData(credentials, baseURL, config.cookies, config.calDAV?.emails?.firstOrNull())

                val workspaceDescriptor = if (accountType == context.getString(R.string.eelo_account_type)) {

                    MurenaServerConfig.getDescriptor(context)

                } else null

                val userData = AccountSettings.initialUserData(credentials, baseURL, config.cookies, config.calDAV?.emails?.firstOrNull(), workspaceDescriptor)

                AuthStatePrefUtils.saveAuthState(context, account, credentials?.authState?.jsonSerializeString())