fix(auth): use two-step Murena OIDC flow (e43d3e5e) · Commits · e / os / AccountManager

app/src/main/kotlin/at/bitfire/davdroid/authorization/IdentityProvider.kt

+1 −1

Original line number	Diff line number	Diff line
		@@ -46,7 +46,7 @@ enum class IdentityProvider(
		clientSecret = null,
		redirectUri = BuildConfig.MURENA_REDIRECT_URI + ":/redirect",
		logoutRedirectUri = BuildConfig.MURENA_LOGOUT_REDIRECT_URI + ":/redirect",
		scope = "openid profile email offline_access",
		scope = "openid profile email",
		userInfoEndpoint = null,
		baseUrl = BuildConfig.MURENA_BASE_URL_PRODUCTION,
		),

+1 −0

Original line number	Diff line number	Diff line
		@@ -241,6 +241,7 @@ class EeloAuthenticatorFragment : Fragment() {

		putExtra(LoginActivity.USERNAME_HINT, userNameHint)
		putExtra(SettingsActivity.EXTRA_IS_RE_AUTHENTICATING, isReAuthenticating)
		putExtra(LoginActivity.MURENA_OFFLINE_ACCESS_REQUESTED, false)
		}
		navigate(MurenaOpenIdAuthFragment())
		} else if (userId.isNotBlank() && password.isNotBlank() && validate()) {

+1 −0

Original line number	Diff line number	Diff line
		@@ -42,6 +42,7 @@ class LoginActivity : AppCompatActivity() {
		const val AUTH_STATE = "authState"
		const val ACCOUNT_TYPE = "account_type"
		const val OPENID_AUTH_FLOW_COMPLETE = "openId_authFlow_complete"
		const val MURENA_OFFLINE_ACCESS_REQUESTED = "murena_offline_access_requested"

		const val OPEN_APP_PACKAGE_AFTER_AUTH = "open_app_package_after_auth"
		const val OPEN_APP_ACTIVITY_AFTER_AUTH = "open_app_activity_after_auth"

+22 −0

Original line number	Diff line number	Diff line
		@@ -51,6 +51,11 @@ class MurenaOpenIdAuthFragment : OpenIdAuthenticationBaseFragment(IdentityProvid
		}

		override fun onAuthenticationComplete(userData: JSONObject) {
		if (!isOfflineAccessRequested()) {
		requestOfflineAccess()
		return
		}

		val userNameKey = "username"

		if (!userData.has(userNameKey)) {
		@@ -70,4 +75,21 @@ class MurenaOpenIdAuthFragment : OpenIdAuthenticationBaseFragment(IdentityProvid
		}
		proceedNext(userName, "$baseUrl$userName")
		}

		private fun isOfflineAccessRequested(): Boolean {
		return requireActivity().intent.getBooleanExtra(
		LoginActivity.MURENA_OFFLINE_ACCESS_REQUESTED,
		false
		)
		}

		private fun requestOfflineAccess() {
		requireActivity().intent.apply {
		putExtra(LoginActivity.MURENA_OFFLINE_ACCESS_REQUESTED, true)
		putExtra(LoginActivity.OPENID_AUTH_FLOW_COMPLETE, false)
		removeExtra(LoginActivity.AUTH_STATE)
		}

		startAuthFLow()
		}
		}

+17 −1

Original line number	Diff line number	Diff line
		@@ -97,6 +97,14 @@ class OpenIdAuthenticationViewModel @Inject constructor(
		authState = AuthState(serviceConfiguration)

		val loginHint = intent.getStringExtra(LoginActivity.USERNAME_HINT)
		val scope = if (
		identityProvider == IdentityProvider.MURENA &&
		intent.getBooleanExtra(LoginActivity.MURENA_OFFLINE_ACCESS_REQUESTED, false)
		) {
		"${identityProvider!!.scope} offline_access"
		} else {
		identityProvider!!.scope
		}

		val authRequest = AuthorizationRequest.Builder(
		serviceConfiguration,
		@@ -104,7 +112,7 @@ class OpenIdAuthenticationViewModel @Inject constructor(
		ResponseTypeValues.CODE,
		identityProvider!!.redirectUri
		)
		.setScope(identityProvider!!.scope)
		.setScope(scope)
		.setLoginHint(sanitizeHint(loginHint))
		.build()

		@@ -131,7 +139,15 @@ class OpenIdAuthenticationViewModel @Inject constructor(
		LoginActivity.ACCOUNT_TYPE,
		providedIntent.getStringExtra(LoginActivity.ACCOUNT_TYPE)
		)
		intent.putExtra(
		LoginActivity.USERNAME_HINT,
		providedIntent.getStringExtra(LoginActivity.USERNAME_HINT)
		)
		intent.putExtra(LoginActivity.OPENID_AUTH_FLOW_COMPLETE, true)
		intent.putExtra(
		LoginActivity.MURENA_OFFLINE_ACCESS_REQUESTED,
		providedIntent.getBooleanExtra(LoginActivity.MURENA_OFFLINE_ACCESS_REQUESTED, false)
		)
		intent.putExtra(
		LoginActivity.OPEN_APP_PACKAGE_AFTER_AUTH,
		providedIntent.getStringExtra(LoginActivity.OPEN_APP_PACKAGE_AFTER_AUTH)