Merge pull request #151 from owncloud/prevent_access_to_accounts_of_other_apps

Prevent access to accounts of other apps with the same name as an OC …

AndroidManifest.xml

@@ -28,6 +28,11 @@
     android:versionCode="1"
     android:versionName="1.0" >
 
+    <!-- USE_CREDENTIALS, MANAGE_ACCOUNTS and AUTHENTICATE_ACCOUNTS are needed for API < 23.
+        In API >= 23 the do not exist anymore -->
+    <uses-permission android:name="android.permission.USE_CREDENTIALS" />
+    <uses-permission android:name="android.permission.AUTHENTICATE_ACCOUNTS" />
+
     <uses-sdk
         android:minSdkVersion="8"
         android:targetSdkVersion="24" />

src/com/owncloud/android/lib/common/SingleSessionManager.java

@@ -25,9 +25,7 @@
 package com.owncloud.android.lib.common;
 
 import java.io.IOException;
-import java.util.HashMap;
 import java.util.Iterator;
-import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ConcurrentMap;
 
@@ -46,7 +44,7 @@ import com.owncloud.android.lib.common.utils.Log_OC;
 
 /**
  * Implementation of {@link OwnCloudClientManager}
- * 
+ * <p>
  * TODO check multithreading safety
  *
  * @author David A. Velasco
@@ -79,11 +77,10 @@ public class SingleSessionManager implements OwnCloudClientManager {
         OwnCloudClient client = null;
         String accountName = account.getName();
         String sessionName = account.getCredentials() == null ? "" :
-            AccountUtils.buildAccountName (
+            AccountUtils.buildAccountName(
                 account.getBaseUri(),
                 account.getCredentials().getAuthToken()
-            )
-        ;
+            );
 
         if (accountName != null) {
             client = mClientsWithKnownUsername.get(accountName);
@@ -120,7 +117,7 @@ public class SingleSessionManager implements OwnCloudClientManager {
             client.getParams().setCookiePolicy(CookiePolicy.BROWSER_COMPATIBILITY);
             // enable cookie tracking
 
-    		AccountUtils.restoreCookies(accountName, client, context);
+            AccountUtils.restoreCookies(account.getSavedAccount(), client, context);
 
             account.loadCredentials(context);
             client.setCredentials(account.getCredentials());
@@ -162,7 +159,7 @@ public class SingleSessionManager implements OwnCloudClientManager {
             return null;
         }
 
-    	OwnCloudClient client = null;
+        OwnCloudClient client;
         String accountName = account.getName();
         if (accountName != null) {
             client = mClientsWithKnownUsername.remove(accountName);
@@ -198,8 +195,8 @@ public class SingleSessionManager implements OwnCloudClientManager {
         }
 
         Iterator<String> accountNames = mClientsWithKnownUsername.keySet().iterator();
-    	String accountName = null;
-    	Account account = null;
+        String accountName;
+        Account account;
         while (accountNames.hasNext()) {
             accountName = accountNames.next();
             account = new Account(accountName, accountType);

src/com/owncloud/android/lib/common/accounts/AccountUtils.java

@@ -282,14 +282,17 @@ public class AccountUtils {
 
 
     /**
-     * Restore the client cookies
+     * Restore the client cookies persisted in an account stored in the system AccountManager.
      *
-     * @param account
-     * @param client
-     * @param context
+     * @param account           Stored account.
+     * @param client            Client to restore cookies in.
+     * @param context           Android context used to access the system AccountManager.
      */
     public static void restoreCookies(Account account, OwnCloudClient client, Context context) {
+        if (account == null) {
+            Log_OC.d(TAG, "Cannot restore cookie for null account");
 
+        } else {
             Log_OC.d(TAG, "Restoring cookies for " + account.name);
 
             // Account Manager
@@ -314,34 +317,6 @@ public class AccountUtils {
                 }
             }
         }
-
-    /**
-     * Restore the client cookies from accountName
-     *
-     * @param accountName
-     * @param client
-     * @param context
-     */
-    public static void restoreCookies(String accountName, OwnCloudClient client, Context context) {
-        Log_OC.d(TAG, "Restoring cookies for " + accountName);
-
-        // Account Manager
-        AccountManager am = AccountManager.get(context.getApplicationContext());
-
-        // Get account
-        Account account = null;
-        Account accounts[] = am.getAccounts();
-        for (Account a : accounts) {
-            if (a.name.equals(accountName)) {
-                account = a;
-                break;
-            }
-        }
-
-        // Restoring cookies
-        if (account != null) {
-            restoreCookies(account, client, context);
-        }
     }
 
     public static class AccountNotFoundException extends AccountsException {
@@ -368,7 +343,7 @@ public class AccountUtils {
         /**
          * Value under this key should handle path to webdav php script. Will be
          * removed and usage should be replaced by combining
-         * {@link com.owncloud.android.authentication.AuthenticatorActivity.KEY_OC_BASE_URL} and
+         * {@link #KEY_OC_BASE_URL } and
          * {@link com.owncloud.android.lib.resources.status.OwnCloudVersion}
          *
          * @deprecated