Use SensitiveString for passwords (#1692) (fa09a056) · Commits · e / os / AccountManager

app/src/androidTest/kotlin/at/bitfire/davdroid/servicedetection/DavResourceFinderTest.kt

+2 −1

Original line number	Diff line number	Diff line
		@@ -11,6 +11,7 @@ import at.bitfire.dav4jvm.property.webdav.ResourceType
		import at.bitfire.davdroid.network.HttpClient
		import at.bitfire.davdroid.servicedetection.DavResourceFinder.Configuration.ServiceInfo
		import at.bitfire.davdroid.settings.Credentials
		import at.bitfire.davdroid.util.SensitiveString.Companion.toSensitiveString
		import dagger.hilt.android.testing.HiltAndroidRule
		import dagger.hilt.android.testing.HiltAndroidTest
		import okhttp3.mockwebserver.Dispatcher
		@@ -70,7 +71,7 @@ class DavResourceFinderTest {
		start()
		}

		val credentials = Credentials(username = "mock", password = "12345".toCharArray())
		val credentials = Credentials(username = "mock", password = "12345".toSensitiveString())
		client = httpClientBuilder
		.authenticate(host = null, getCredentials = { credentials })
		.build()

app/src/androidTest/kotlin/at/bitfire/davdroid/ui/setup/LoginActivityTest.kt

+5 −5

Original line number	Diff line number	Diff line
		@@ -21,7 +21,7 @@ class LoginActivityTest {
		val loginInfo = LoginActivity.loginInfoFromIntent(intent)
		assertEquals("https://example.com/nextcloud", loginInfo.baseUri.toString())
		assertEquals("user", loginInfo.credentials!!.username)
		assertEquals("password", loginInfo.credentials.password?.concatToString())
		assertEquals("password", loginInfo.credentials.password?.asString())
		}

		@Test
		@@ -34,7 +34,7 @@ class LoginActivityTest {
		val loginInfo = LoginActivity.loginInfoFromIntent(intent)
		assertEquals("https://example.com:444/nextcloud", loginInfo.baseUri.toString())
		assertEquals("user", loginInfo.credentials!!.username)
		assertEquals("password", loginInfo.credentials.password?.concatToString())
		assertEquals("password", loginInfo.credentials.password?.asString())
		}

		@Test
		@@ -43,7 +43,7 @@ class LoginActivityTest {
		val loginInfo = LoginActivity.loginInfoFromIntent(intent)
		assertEquals("https://example.com/path", loginInfo.baseUri.toString())
		assertEquals("user", loginInfo.credentials!!.username)
		assertEquals("password", loginInfo.credentials.password?.concatToString())
		assertEquals("password", loginInfo.credentials.password?.asString())
		}

		@Test
		@@ -52,7 +52,7 @@ class LoginActivityTest {
		val loginInfo = LoginActivity.loginInfoFromIntent(intent)
		assertEquals("https://example.com:0/path", loginInfo.baseUri.toString())
		assertEquals("user", loginInfo.credentials!!.username)
		assertEquals("password", loginInfo.credentials.password?.concatToString())
		assertEquals("password", loginInfo.credentials.password?.asString())
		}

		@Test
		@@ -61,7 +61,7 @@ class LoginActivityTest {
		val loginInfo = LoginActivity.loginInfoFromIntent(intent)
		assertEquals(null, loginInfo.baseUri)
		assertEquals("user@example.com", loginInfo.credentials!!.username)
		assertEquals(null, loginInfo.credentials.password?.concatToString())
		assertEquals(null, loginInfo.credentials.password?.asString())
		}

		}
		No newline at end of file

app/src/androidTest/kotlin/at/bitfire/davdroid/webdav/CredentialsStoreTest.kt

+3 −2

Original line number	Diff line number	Diff line
		@@ -5,6 +5,7 @@
		package at.bitfire.davdroid.webdav

		import at.bitfire.davdroid.settings.Credentials
		import at.bitfire.davdroid.util.SensitiveString.Companion.toSensitiveString
		import dagger.hilt.android.testing.HiltAndroidRule
		import dagger.hilt.android.testing.HiltAndroidTest
		import org.junit.Assert.assertEquals
		@@ -30,8 +31,8 @@ class CredentialsStoreTest {

		@Test
		fun testSetGetDelete() {
		store.setCredentials(0, Credentials(username = "myname", password = "12345".toCharArray()))
		assertEquals(Credentials(username = "myname", password = "12345".toCharArray()), store.getCredentials(0))
		store.setCredentials(0, Credentials(username = "myname", password = "12345".toSensitiveString()))
		assertEquals(Credentials(username = "myname", password = "12345".toSensitiveString()), store.getCredentials(0))

		store.setCredentials(0, null)
		assertNull(store.getCredentials(0))

app/src/main/kotlin/at/bitfire/davdroid/network/HttpClient.kt

+1 −1

Original line number	Diff line number	Diff line
		@@ -116,7 +116,7 @@ class HttpClient(
		val authHandler = BasicDigestAuthHandler(
		domain = UrlUtils.hostToDomain(host),
		username = credentials.username,
		password = credentials.password,
		password = credentials.password.asCharArray(),
		insecurePreemptive = true
		)
		authenticationInterceptor = authHandler

app/src/main/kotlin/at/bitfire/davdroid/network/NextcloudLoginFlow.kt

+2 −1

Original line number	Diff line number	Diff line
		@@ -8,6 +8,7 @@ import at.bitfire.dav4jvm.exception.DavException
		import at.bitfire.dav4jvm.exception.HttpException
		import at.bitfire.davdroid.settings.Credentials
		import at.bitfire.davdroid.ui.setup.LoginInfo
		import at.bitfire.davdroid.util.SensitiveString.Companion.toSensitiveString
		import at.bitfire.davdroid.util.withTrailingSlash
		import at.bitfire.vcard4android.GroupMethod
		import kotlinx.coroutines.Dispatchers
		@@ -106,7 +107,7 @@ class NextcloudLoginFlow @Inject constructor(
		baseUri = URI(serverUrl).resolve(DAV_PATH),
		credentials = Credentials(
		username = json.getString("loginName"),
		password = json.getString("appPassword").toCharArray()
		password = json.getString("appPassword").toSensitiveString()
		),
		suggestedGroupMethod = GroupMethod.CATEGORIES
		)