From 9c3e910dc4c5605e0edad5ca876fff085f2150cb Mon Sep 17 00:00:00 2001 From: Daniel Gultsch Date: Tue, 26 Apr 2016 23:23:48 +0200 Subject: prevent user from accidentally changing password after using magic create --- .../eu/siacs/conversations/entities/Account.java | 1 + .../services/XmppConnectionService.java | 1 + .../conversations/ui/ChangePasswordActivity.java | 22 ++++++++- .../conversations/ui/EditAccountActivity.java | 57 +++++++++++++++++----- .../conversations/ui/MagicCreateActivity.java | 3 ++ src/main/res/layout/activity_change_password.xml | 22 +++++---- src/main/res/values/strings.xml | 1 + 7 files changed, 84 insertions(+), 23 deletions(-) diff --git a/src/main/java/eu/siacs/conversations/entities/Account.java b/src/main/java/eu/siacs/conversations/entities/Account.java index c172f0e7..2c0ec7ff 100644 --- a/src/main/java/eu/siacs/conversations/entities/Account.java +++ b/src/main/java/eu/siacs/conversations/entities/Account.java @@ -52,6 +52,7 @@ public class Account extends AbstractEntity { public static final int OPTION_DISABLED = 1; public static final int OPTION_REGISTER = 2; public static final int OPTION_USECOMPRESSION = 3; + public static final int OPTION_MAGIC_CREATE = 4; public final HashSet> inProgressDiscoFetches = new HashSet<>(); public boolean httpUploadAvailable(long filesize) { diff --git a/src/main/java/eu/siacs/conversations/services/XmppConnectionService.java b/src/main/java/eu/siacs/conversations/services/XmppConnectionService.java index 236877a5..f3326991 100644 --- a/src/main/java/eu/siacs/conversations/services/XmppConnectionService.java +++ b/src/main/java/eu/siacs/conversations/services/XmppConnectionService.java @@ -1513,6 +1513,7 @@ public class XmppConnectionService extends Service implements OnPhoneContactsLoa public void onIqPacketReceived(final Account account, final IqPacket packet) { if (packet.getType() == IqPacket.TYPE.RESULT) { account.setPassword(newPassword); + account.setOption(Account.OPTION_MAGIC_CREATE, false); databaseBackend.updateAccount(account); callback.onPasswordChangeSucceeded(); } else { diff --git a/src/main/java/eu/siacs/conversations/ui/ChangePasswordActivity.java b/src/main/java/eu/siacs/conversations/ui/ChangePasswordActivity.java index ccb3a22e..d4ef4090 100644 --- a/src/main/java/eu/siacs/conversations/ui/ChangePasswordActivity.java +++ b/src/main/java/eu/siacs/conversations/ui/ChangePasswordActivity.java @@ -1,9 +1,11 @@ package eu.siacs.conversations.ui; +import android.content.Intent; import android.os.Bundle; import android.view.View; import android.widget.Button; import android.widget.EditText; +import android.widget.TextView; import android.widget.Toast; import eu.siacs.conversations.R; @@ -22,7 +24,7 @@ public class ChangePasswordActivity extends XmppActivity implements XmppConnecti final String currentPassword = mCurrentPassword.getText().toString(); final String newPassword = mNewPassword.getText().toString(); final String newPasswordConfirm = mNewPasswordConfirm.getText().toString(); - if (!currentPassword.equals(mAccount.getPassword())) { + if (!mAccount.isOptionSet(Account.OPTION_MAGIC_CREATE) && !currentPassword.equals(mAccount.getPassword())) { mCurrentPassword.requestFocus(); mCurrentPassword.setError(getString(R.string.account_status_unauthorized)); } else if (!newPassword.equals(newPasswordConfirm)) { @@ -43,6 +45,7 @@ public class ChangePasswordActivity extends XmppActivity implements XmppConnecti } } }; + private TextView mCurrentPasswordLabel; private EditText mCurrentPassword; private EditText mNewPassword; private EditText mNewPasswordConfirm; @@ -51,7 +54,13 @@ public class ChangePasswordActivity extends XmppActivity implements XmppConnecti @Override void onBackendConnected() { this.mAccount = extractAccount(getIntent()); - + if (this.mAccount != null && this.mAccount.isOptionSet(Account.OPTION_MAGIC_CREATE)) { + this.mCurrentPasswordLabel.setVisibility(View.GONE); + this.mCurrentPassword.setVisibility(View.GONE); + } else { + this.mCurrentPasswordLabel.setVisibility(View.VISIBLE); + this.mCurrentPassword.setVisibility(View.VISIBLE); + } } @Override @@ -67,11 +76,20 @@ public class ChangePasswordActivity extends XmppActivity implements XmppConnecti }); this.mChangePasswordButton = (Button) findViewById(R.id.right_button); this.mChangePasswordButton.setOnClickListener(this.mOnChangePasswordButtonClicked); + this.mCurrentPasswordLabel = (TextView) findViewById(R.id.current_password_label); this.mCurrentPassword = (EditText) findViewById(R.id.current_password); this.mNewPassword = (EditText) findViewById(R.id.new_password); this.mNewPasswordConfirm = (EditText) findViewById(R.id.new_password_confirm); } + @Override + protected void onStart() { + super.onStart(); + Intent intent = getIntent(); + String password = intent != null ? intent.getStringExtra("password") : ""; + this.mNewPassword.getEditableText().append(password); + } + @Override public void onPasswordChangeSucceeded() { runOnUiThread(new Runnable() { diff --git a/src/main/java/eu/siacs/conversations/ui/EditAccountActivity.java b/src/main/java/eu/siacs/conversations/ui/EditAccountActivity.java index d4b0172d..d6ea50fb 100644 --- a/src/main/java/eu/siacs/conversations/ui/EditAccountActivity.java +++ b/src/main/java/eu/siacs/conversations/ui/EditAccountActivity.java @@ -33,6 +33,8 @@ import android.widget.TableRow; import android.widget.TextView; import android.widget.Toast; +import android.util.Log; + import java.util.Arrays; import java.util.List; import java.util.Set; @@ -109,6 +111,13 @@ public class EditAccountActivity extends XmppActivity implements OnAccountUpdate @Override public void onClick(final View v) { + final String password = mPassword.getText().toString(); + final String passwordConfirm = mPasswordConfirm.getText().toString(); + + if (!mInitMode && passwordChangedInMagicCreateMode()) { + gotoChangePassword(password); + return; + } if (mInitMode && mAccount != null) { mAccount.setOption(Account.OPTION_DISABLED, false); } @@ -173,8 +182,6 @@ public class EditAccountActivity extends XmppActivity implements OnAccountUpdate mAccountJid.requestFocus(); return; } - final String password = mPassword.getText().toString(); - final String passwordConfirm = mPasswordConfirm.getText().toString(); if (registerNewAccount) { if (!password.equals(passwordConfirm)) { mPasswordConfirm.setError(getString(R.string.passwords_do_not_match)); @@ -183,6 +190,9 @@ public class EditAccountActivity extends XmppActivity implements OnAccountUpdate } } if (mAccount != null) { + if (mInitMode && mAccount.isOptionSet(Account.OPTION_MAGIC_CREATE)) { + mAccount.setOption(Account.OPTION_MAGIC_CREATE, mAccount.getPassword().contains(password)); + } mAccount.setJid(jid); mAccount.setPort(numericPort); mAccount.setHostname(hostname); @@ -330,7 +340,13 @@ public class EditAccountActivity extends XmppActivity implements OnAccountUpdate } protected void updateSaveButton() { - if (accountInfoEdited() && !mInitMode) { + boolean accountInfoEdited = accountInfoEdited(); + + if (!mInitMode && passwordChangedInMagicCreateMode()) { + this.mSaveButton.setText(R.string.change_password); + this.mSaveButton.setEnabled(true); + this.mSaveButton.setTextColor(getPrimaryTextColor()); + } else if (accountInfoEdited && !mInitMode) { this.mSaveButton.setText(R.string.save); this.mSaveButton.setEnabled(true); this.mSaveButton.setTextColor(getPrimaryTextColor()); @@ -349,7 +365,7 @@ public class EditAccountActivity extends XmppActivity implements OnAccountUpdate if (!mInitMode) { if (mAccount != null && mAccount.isOnlineAndConnected()) { this.mSaveButton.setText(R.string.save); - if (!accountInfoEdited()) { + if (!accountInfoEdited) { this.mSaveButton.setEnabled(false); this.mSaveButton.setTextColor(getSecondaryTextColor()); } @@ -366,16 +382,28 @@ public class EditAccountActivity extends XmppActivity implements OnAccountUpdate if (this.mAccount == null) { return false; } + return jidEdited() || + !this.mAccount.getPassword().equals(this.mPassword.getText().toString()) || + !this.mAccount.getHostname().equals(this.mHostname.getText().toString()) || + !String.valueOf(this.mAccount.getPort()).equals(this.mPort.getText().toString()); + } + + protected boolean jidEdited() { final String unmodified; if (Config.DOMAIN_LOCK != null) { unmodified = this.mAccount.getJid().getLocalpart(); } else { unmodified = this.mAccount.getJid().toBareJid().toString(); } - return !unmodified.equals(this.mAccountJid.getText().toString()) || - !this.mAccount.getPassword().equals(this.mPassword.getText().toString()) || - !this.mAccount.getHostname().equals(this.mHostname.getText().toString()) || - !String.valueOf(this.mAccount.getPort()).equals(this.mPort.getText().toString()); + return !unmodified.equals(this.mAccountJid.getText().toString()); + } + + protected boolean passwordChangedInMagicCreateMode() { + return mAccount != null + && mAccount.isOptionSet(Account.OPTION_MAGIC_CREATE) + && !this.mAccount.getPassword().equals(this.mPassword.getText().toString()) + && !this.jidEdited() + && mAccount.isOnlineAndConnected(); } @Override @@ -582,9 +610,7 @@ public class EditAccountActivity extends XmppActivity implements OnAccountUpdate item.setChecked(!item.isChecked()); break; case R.id.action_change_password_on_server: - final Intent changePasswordIntent = new Intent(this, ChangePasswordActivity.class); - changePasswordIntent.putExtra(EXTRA_ACCOUNT, mAccount.getJid().toString()); - startActivity(changePasswordIntent); + gotoChangePassword(null); break; case R.id.action_mam_prefs: editMamPrefs(); @@ -602,6 +628,15 @@ public class EditAccountActivity extends XmppActivity implements OnAccountUpdate return super.onOptionsItemSelected(item); } + private void gotoChangePassword(String newPassword) { + final Intent changePasswordIntent = new Intent(this, ChangePasswordActivity.class); + changePasswordIntent.putExtra(EXTRA_ACCOUNT, mAccount.getJid().toString()); + if (newPassword != null) { + changePasswordIntent.putExtra("password", newPassword); + } + startActivity(changePasswordIntent); + } + private void renewCertificate() { KeyChain.choosePrivateKeyAlias(this, this, null, null, null, -1, null); } diff --git a/src/main/java/eu/siacs/conversations/ui/MagicCreateActivity.java b/src/main/java/eu/siacs/conversations/ui/MagicCreateActivity.java index 6b32bdc2..1b16e565 100644 --- a/src/main/java/eu/siacs/conversations/ui/MagicCreateActivity.java +++ b/src/main/java/eu/siacs/conversations/ui/MagicCreateActivity.java @@ -8,6 +8,7 @@ import android.view.View; import android.widget.Button; import android.widget.EditText; import android.widget.TextView; +import android.widget.Toast; import java.security.SecureRandom; @@ -60,12 +61,14 @@ public class MagicCreateActivity extends XmppActivity implements TextWatcher { account = new Account(jid, createPassword()); account.setOption(Account.OPTION_REGISTER, true); account.setOption(Account.OPTION_DISABLED, true); + account.setOption(Account.OPTION_MAGIC_CREATE, true); xmppConnectionService.createAccount(account); } Intent intent = new Intent(MagicCreateActivity.this, EditAccountActivity.class); intent.putExtra("jid", account.getJid().toBareJid().toString()); intent.putExtra("init", true); intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK | Intent.FLAG_ACTIVITY_CLEAR_TASK); + Toast.makeText(MagicCreateActivity.this, R.string.secure_password_generated, Toast.LENGTH_SHORT).show(); startActivity(intent); } catch (InvalidJidException e) { mUsername.setError(getString(R.string.invalid_username)); diff --git a/src/main/res/layout/activity_change_password.xml b/src/main/res/layout/activity_change_password.xml index 1a4d00d8..6fb1d013 100644 --- a/src/main/res/layout/activity_change_password.xml +++ b/src/main/res/layout/activity_change_password.xml @@ -2,23 +2,25 @@ + android:background="@color/grey200"> - - + Away Not Available Busy + A secure password has been generated -- cgit v1.2.3