flywithu/android-library
1
0
Fork 0
mirror of https://github.com/owncloud/android-library.git synced 2025-06-08 16:36:13 +00:00
Code Issues Releases Wiki Activity

Merge pull request #151 from owncloud/prevent_access_to_accounts_of_other_apps

Browse Source 
Prevent access to accounts of other apps with the same name as an OC …
This commit is contained in:
David González 2017-02-21 10:41:10 +01:00 committed by GitHub
commit f0b8cf1b66
3 changed files with 140 additions and 163 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
AndroidManifest.xml
View File

@ -28,6 +28,11 @@
android:versionCode="1" android:versionCode="1"
android:versionName="1.0" > android:versionName="1.0" >
<!-- USE_CREDENTIALS, MANAGE_ACCOUNTS and AUTHENTICATE_ACCOUNTS are needed for API < 23.
In API >= 23 the do not exist anymore -->
<uses-permission android:name="android.permission.USE_CREDENTIALS" />
<uses-permission android:name="android.permission.AUTHENTICATE_ACCOUNTS" />
<uses-sdk <uses-sdk
android:minSdkVersion="8" android:minSdkVersion="8"
android:targetSdkVersion="24" /> android:targetSdkVersion="24" />

15
src/com/owncloud/android/lib/common/SingleSessionManager.java
View File

@ -25,9 +25,7 @@
package com.owncloud.android.lib.common; package com.owncloud.android.lib.common;
import java.io.IOException; import java.io.IOException;
import java.util.HashMap;
import java.util.Iterator; import java.util.Iterator;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap; import java.util.concurrent.ConcurrentMap;
@ -46,7 +44,7 @@ import com.owncloud.android.lib.common.utils.Log_OC;
/** /**
* Implementation of {@link OwnCloudClientManager} * Implementation of {@link OwnCloudClientManager}
* * <p>
* TODO check multithreading safety * TODO check multithreading safety
* *
* @author David A. Velasco * @author David A. Velasco
@ -82,8 +80,7 @@ public class SingleSessionManager implements OwnCloudClientManager {
AccountUtils.buildAccountName( AccountUtils.buildAccountName(
account.getBaseUri(), account.getBaseUri(),
account.getCredentials().getAuthToken() account.getCredentials().getAuthToken()
) );
;
if (accountName != null) { if (accountName != null) {
client = mClientsWithKnownUsername.get(accountName); client = mClientsWithKnownUsername.get(accountName);
@ -120,7 +117,7 @@ public class SingleSessionManager implements OwnCloudClientManager {
client.getParams().setCookiePolicy(CookiePolicy.BROWSER_COMPATIBILITY); client.getParams().setCookiePolicy(CookiePolicy.BROWSER_COMPATIBILITY);
// enable cookie tracking // enable cookie tracking
AccountUtils.restoreCookies(accountName, client, context); AccountUtils.restoreCookies(account.getSavedAccount(), client, context);
account.loadCredentials(context); account.loadCredentials(context);
client.setCredentials(account.getCredentials()); client.setCredentials(account.getCredentials());
@ -162,7 +159,7 @@ public class SingleSessionManager implements OwnCloudClientManager {
return null; return null;
} }
OwnCloudClient client = null; OwnCloudClient client;
String accountName = account.getName(); String accountName = account.getName();
if (accountName != null) { if (accountName != null) {
client = mClientsWithKnownUsername.remove(accountName); client = mClientsWithKnownUsername.remove(accountName);
@ -198,8 +195,8 @@ public class SingleSessionManager implements OwnCloudClientManager {
} }
Iterator<String> accountNames = mClientsWithKnownUsername.keySet().iterator(); Iterator<String> accountNames = mClientsWithKnownUsername.keySet().iterator();
String accountName = null; String accountName;
Account account = null; Account account;
while (accountNames.hasNext()) { while (accountNames.hasNext()) {
accountName = accountNames.next(); accountName = accountNames.next();
account = new Account(accountName, accountType); account = new Account(accountName, accountType);

41
src/com/owncloud/android/lib/common/accounts/AccountUtils.java
View File

@ -282,14 +282,17 @@ public class AccountUtils {
/** /**
* Restore the client cookies * Restore the client cookies persisted in an account stored in the system AccountManager.
* *
* @param account * @param account Stored account.
* @param client * @param client Client to restore cookies in.
* @param context * @param context Android context used to access the system AccountManager.
*/ */
public static void restoreCookies(Account account, OwnCloudClient client, Context context) { public static void restoreCookies(Account account, OwnCloudClient client, Context context) {
if (account == null) {
Log_OC.d(TAG, "Cannot restore cookie for null account");
} else {
Log_OC.d(TAG, "Restoring cookies for " + account.name); Log_OC.d(TAG, "Restoring cookies for " + account.name);
// Account Manager // Account Manager
@ -314,34 +317,6 @@ public class AccountUtils {
} }
} }
} }
/**
* Restore the client cookies from accountName
*
* @param accountName
* @param client
* @param context
*/
public static void restoreCookies(String accountName, OwnCloudClient client, Context context) {
Log_OC.d(TAG, "Restoring cookies for " + accountName);
// Account Manager
AccountManager am = AccountManager.get(context.getApplicationContext());
// Get account
Account account = null;
Account accounts[] = am.getAccounts();
for (Account a : accounts) {
if (a.name.equals(accountName)) {
account = a;
break;
}
}
// Restoring cookies
if (account != null) {
restoreCookies(account, client, context);
}
} }
public static class AccountNotFoundException extends AccountsException { public static class AccountNotFoundException extends AccountsException {
@ -368,7 +343,7 @@ public class AccountUtils {
/** /**
* Value under this key should handle path to webdav php script. Will be * Value under this key should handle path to webdav php script. Will be
* removed and usage should be replaced by combining * removed and usage should be replaced by combining
* {@link com.owncloud.android.authentication.AuthenticatorActivity.KEY_OC_BASE_URL} and * {@link #KEY_OC_BASE_URL } and
* {@link com.owncloud.android.lib.resources.status.OwnCloudVersion} * {@link com.owncloud.android.lib.resources.status.OwnCloudVersion}
* *
* @deprecated * @deprecated