Prevent access to accounts of other apps with the same name as an OC account

2025-11-04 12:28:25 +00:00 · 2017-02-02 13:32:42 +01:00 · 2017-02-02 13:32:42 +01:00 · 1535be3876
commit 1535be3876
parent 5d17bbb88d
3 changed files with 140 additions and 163 deletions
--- a/AndroidManifest.xml
+++ b/AndroidManifest.xml
@ -28,6 +28,11 @@
    android:versionCode="1"
    android:versionName="1.0" >

+    <!-- USE_CREDENTIALS, MANAGE_ACCOUNTS and AUTHENTICATE_ACCOUNTS are needed for API < 23.
+        In API >= 23 the do not exist anymore -->
+    <uses-permission android:name="android.permission.USE_CREDENTIALS" />
+    <uses-permission android:name="android.permission.AUTHENTICATE_ACCOUNTS" />
+
    <uses-sdk
        android:minSdkVersion="8"
        android:targetSdkVersion="24" />
--- a/src/com/owncloud/android/lib/common/SingleSessionManager.java
+++ b/src/com/owncloud/android/lib/common/SingleSessionManager.java
@ -25,9 +25,7 @@
 package com.owncloud.android.lib.common;

 import java.io.IOException;
-import java.util.HashMap;
 import java.util.Iterator;
-import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ConcurrentMap;

@ -46,7 +44,7 @@ import com.owncloud.android.lib.common.utils.Log_OC;

 /**
 * Implementation of {@link OwnCloudClientManager}
- * 
+ * <p>
 * TODO check multithreading safety
 *
 * @author David A. Velasco
@ -82,8 +80,7 @@ public class SingleSessionManager implements OwnCloudClientManager {
            AccountUtils.buildAccountName(
                account.getBaseUri(),
                account.getCredentials().getAuthToken()
-            )
-        ;
+            );

        if (accountName != null) {
            client = mClientsWithKnownUsername.get(accountName);
@ -120,7 +117,7 @@ public class SingleSessionManager implements OwnCloudClientManager {
            client.getParams().setCookiePolicy(CookiePolicy.BROWSER_COMPATIBILITY);
            // enable cookie tracking

-    		AccountUtils.restoreCookies(accountName, client, context);
+            AccountUtils.restoreCookies(account.getSavedAccount(), client, context);

            account.loadCredentials(context);
            client.setCredentials(account.getCredentials());
@ -162,7 +159,7 @@ public class SingleSessionManager implements OwnCloudClientManager {
            return null;
        }

-    	OwnCloudClient client = null;
+        OwnCloudClient client;
        String accountName = account.getName();
        if (accountName != null) {
            client = mClientsWithKnownUsername.remove(accountName);
@ -198,8 +195,8 @@ public class SingleSessionManager implements OwnCloudClientManager {
        }

        Iterator<String> accountNames = mClientsWithKnownUsername.keySet().iterator();
-    	String accountName = null;
-    	Account account = null;
+        String accountName;
+        Account account;
        while (accountNames.hasNext()) {
            accountName = accountNames.next();
            account = new Account(accountName, accountType);
--- a/src/com/owncloud/android/lib/common/accounts/AccountUtils.java
+++ b/src/com/owncloud/android/lib/common/accounts/AccountUtils.java
@ -282,14 +282,17 @@ public class AccountUtils {


    /**
-     * Restore the client cookies
+     * Restore the client cookies persisted in an account stored in the system AccountManager.
     *
-     * @param account
-     * @param client
-     * @param context
+     * @param account           Stored account.
+     * @param client            Client to restore cookies in.
+     * @param context           Android context used to access the system AccountManager.
     */
    public static void restoreCookies(Account account, OwnCloudClient client, Context context) {
+        if (account == null) {
+            Log_OC.d(TAG, "Cannot restore cookie for null account");

+        } else {
            Log_OC.d(TAG, "Restoring cookies for " + account.name);

            // Account Manager
@ -314,34 +317,6 @@ public class AccountUtils {
                }
            }
        }
-
-    /**
-     * Restore the client cookies from accountName
-     *
-     * @param accountName
-     * @param client
-     * @param context
-     */
-    public static void restoreCookies(String accountName, OwnCloudClient client, Context context) {
-        Log_OC.d(TAG, "Restoring cookies for " + accountName);
-
-        // Account Manager
-        AccountManager am = AccountManager.get(context.getApplicationContext());
-
-        // Get account
-        Account account = null;
-        Account accounts[] = am.getAccounts();
-        for (Account a : accounts) {
-            if (a.name.equals(accountName)) {
-                account = a;
-                break;
-            }
-        }
-
-        // Restoring cookies
-        if (account != null) {
-            restoreCookies(account, client, context);
-        }
    }

    public static class AccountNotFoundException extends AccountsException {
@ -368,7 +343,7 @@ public class AccountUtils {
        /**
         * Value under this key should handle path to webdav php script. Will be
         * removed and usage should be replaced by combining
-         * {@link com.owncloud.android.authentication.AuthenticatorActivity.KEY_OC_BASE_URL} and
+         * {@link #KEY_OC_BASE_URL } and
         * {@link com.owncloud.android.lib.resources.status.OwnCloudVersion}
         *
         * @deprecated