| author | Da Risk <da_risk@geekorum.com> |
| Wed, 03 Jan 2024 15:26:40 -0400 | |
| changeset 1174 | 731f6ee517b6 |
| parent 943 | 298742859784 |
| child 1370 | 13e39ef920a8 |
| permissions | -rw-r--r-- |
|
104
8b4047ebec59
Accounts: store a ServerInformation in the account manager
Da Risk <da_risk@geekorum.com>
parents:
80
diff
changeset
|
1 |
/* |
| 0 | 2 |
* Geekttrss is a RSS feed reader application on the Android Platform. |
3 |
* |
|
| 1174 | 4 |
* Copyright (C) 2017-2024 by Frederic-Charles Barthelery. |
| 0 | 5 |
* |
6 |
* This file is part of Geekttrss. |
|
7 |
* |
|
8 |
* Geekttrss is free software: you can redistribute it and/or modify |
|
9 |
* it under the terms of the GNU General Public License as published by |
|
10 |
* the Free Software Foundation, either version 3 of the License, or |
|
11 |
* (at your option) any later version. |
|
12 |
* |
|
13 |
* Geekttrss is distributed in the hope that it will be useful, |
|
14 |
* but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
15 |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
16 |
* GNU General Public License for more details. |
|
17 |
* |
|
18 |
* You should have received a copy of the GNU General Public License |
|
19 |
* along with Geekttrss. If not, see <http://www.gnu.org/licenses/>. |
|
20 |
*/ |
|
21 |
package com.geekorum.ttrss.accounts |
|
22 |
||
23 |
import android.accounts.AccountManager |
|
24 |
import android.content.ContentResolver |
|
25 |
import android.os.Bundle |
|
|
163
07a90afdb9db
StrictMode: TinyrssAcountManager: start allowing disk read for a few methods
Da Risk <da_risk@geekorum.com>
parents:
137
diff
changeset
|
26 |
import android.os.StrictMode |
| 0 | 27 |
import android.util.Base64 |
28 |
import com.geekorum.geekdroid.security.SecretCipher |
|
|
265
bc4d82c760f6
Move BackgroundJobManager into its own package
Da Risk <da_risk@geekorum.com>
parents:
163
diff
changeset
|
29 |
import com.geekorum.ttrss.background_job.BackgroundJobManager |
|
163
07a90afdb9db
StrictMode: TinyrssAcountManager: start allowing disk read for a few methods
Da Risk <da_risk@geekorum.com>
parents:
137
diff
changeset
|
30 |
import com.geekorum.ttrss.debugtools.withStrictMode |
| 0 | 31 |
import com.geekorum.ttrss.providers.ArticlesContract |
32 |
import com.geekorum.ttrss.sync.SyncContract |
|
|
104
8b4047ebec59
Accounts: store a ServerInformation in the account manager
Da Risk <da_risk@geekorum.com>
parents:
80
diff
changeset
|
33 |
import timber.log.Timber |
| 0 | 34 |
import java.security.GeneralSecurityException |
35 |
import javax.crypto.spec.GCMParameterSpec |
|
36 |
import javax.inject.Inject |
|
37 |
||
38 |
/** |
|
39 |
* Represents a Tinyrss account |
|
40 |
*/ |
|
41 |
data class Account(val username: String, val url: String) |
|
42 |
||
43 |
/** |
|
|
104
8b4047ebec59
Accounts: store a ServerInformation in the account manager
Da Risk <da_risk@geekorum.com>
parents:
80
diff
changeset
|
44 |
* Holds information about the TinyTinyRss server we are connecting to. |
|
8b4047ebec59
Accounts: store a ServerInformation in the account manager
Da Risk <da_risk@geekorum.com>
parents:
80
diff
changeset
|
45 |
*/ |
|
8b4047ebec59
Accounts: store a ServerInformation in the account manager
Da Risk <da_risk@geekorum.com>
parents:
80
diff
changeset
|
46 |
abstract class ServerInformation {
|
|
8b4047ebec59
Accounts: store a ServerInformation in the account manager
Da Risk <da_risk@geekorum.com>
parents:
80
diff
changeset
|
47 |
abstract val apiUrl: String |
|
8b4047ebec59
Accounts: store a ServerInformation in the account manager
Da Risk <da_risk@geekorum.com>
parents:
80
diff
changeset
|
48 |
abstract val basicHttpAuthUsername: String? |
|
8b4047ebec59
Accounts: store a ServerInformation in the account manager
Da Risk <da_risk@geekorum.com>
parents:
80
diff
changeset
|
49 |
abstract val basicHttpAuthPassword: String? |
|
8b4047ebec59
Accounts: store a ServerInformation in the account manager
Da Risk <da_risk@geekorum.com>
parents:
80
diff
changeset
|
50 |
} |
|
8b4047ebec59
Accounts: store a ServerInformation in the account manager
Da Risk <da_risk@geekorum.com>
parents:
80
diff
changeset
|
51 |
|
|
8b4047ebec59
Accounts: store a ServerInformation in the account manager
Da Risk <da_risk@geekorum.com>
parents:
80
diff
changeset
|
52 |
/** |
| 0 | 53 |
* API of the AccountManager for Tinyrss |
54 |
*/ |
|
55 |
interface TinyrssAccountManager {
|
|
56 |
||
57 |
/** |
|
58 |
* Add an account. |
|
59 |
* @return true on success |
|
60 |
*/ |
|
61 |
fun addAccount(account: Account, password: String): Boolean |
|
62 |
||
|
712
fc75653c8faf
app: Login, save ServerInformation when adding account
Da Risk <da_risk@geekorum.com>
parents:
611
diff
changeset
|
63 |
fun updateServerInformation(account: Account, serverInformation: ServerInformation) |
|
fc75653c8faf
app: Login, save ServerInformation when adding account
Da Risk <da_risk@geekorum.com>
parents:
611
diff
changeset
|
64 |
|
| 0 | 65 |
/** |
66 |
* Initialize synchronisation jobs for an account. |
|
67 |
*/ |
|
68 |
fun initializeAccountSync(account: Account) |
|
69 |
||
70 |
fun updatePassword(account: Account, password: String) |
|
71 |
} |
|
72 |
||
73 |
||
74 |
/** |
|
75 |
* Implementation of [TinyrssAccountManager] on Android platform |
|
76 |
*/ |
|
|
739
92eb14abed21
app: Few dependecy injection tweaks to prepare to convert test to hilt
Da Risk <da_risk@geekorum.com>
parents:
611
diff
changeset
|
77 |
class AndroidTinyrssAccountManager( |
| 0 | 78 |
private val accountManager: AccountManager, |
79 |
private val secretCipher: SecretCipher |
|
80 |
) : TinyrssAccountManager {
|
|
81 |
||
82 |
companion object {
|
|
83 |
const val ACCOUNT_TYPE = AccountAuthenticator.TTRSS_ACCOUNT_TYPE |
|
84 |
} |
|
85 |
||
86 |
override fun addAccount(account: Account, password: String): Boolean {
|
|
87 |
val androidAccount = android.accounts.Account(account.username, ACCOUNT_TYPE) |
|
88 |
val userdata = Bundle() |
|
89 |
userdata.putString(AccountAuthenticator.USERDATA_URL, account.url) |
|
90 |
val encryptedPassword = encrypt(password) |
|
91 |
return accountManager.addAccountExplicitly(androidAccount, encryptedPassword, userdata) |
|
92 |
} |
|
93 |
||
94 |
override fun updatePassword(account: Account, password: String) {
|
|
95 |
val androidAccount = android.accounts.Account(account.username, ACCOUNT_TYPE) |
|
96 |
val encryptedPassword = encrypt(password) |
|
97 |
accountManager.setPassword(androidAccount, encryptedPassword) |
|
98 |
} |
|
99 |
||
100 |
override fun initializeAccountSync(account: Account) {
|
|
101 |
val extras = Bundle() |
|
102 |
extras.putInt(SyncContract.EXTRA_NUMBER_OF_LATEST_ARTICLES_TO_REFRESH, -1) |
|
|
498
1bbc2d7d66fb
ArticleSynchronizer: only update feed icons on periodic syncs
Da Risk <da_risk@geekorum.com>
parents:
265
diff
changeset
|
103 |
extras.putBoolean(SyncContract.EXTRA_UPDATE_FEED_ICONS, true) |
| 0 | 104 |
android.accounts.Account(account.username, ACCOUNT_TYPE).also {
|
105 |
ContentResolver.setSyncAutomatically(it, ArticlesContract.AUTHORITY, true) |
|
106 |
ContentResolver.addPeriodicSync(it, ArticlesContract.AUTHORITY, Bundle(), |
|
107 |
BackgroundJobManager.PERIODIC_REFRESH_JOB_INTERVAL_S) |
|
108 |
ContentResolver.addPeriodicSync(it, ArticlesContract.AUTHORITY, extras, |
|
109 |
BackgroundJobManager.PERIODIC_FULL_REFRESH_JOB_INTERVAL_S) |
|
110 |
} |
|
111 |
} |
|
112 |
||
113 |
@Throws(GeneralSecurityException::class, IllegalArgumentException::class) |
|
|
163
07a90afdb9db
StrictMode: TinyrssAcountManager: start allowing disk read for a few methods
Da Risk <da_risk@geekorum.com>
parents:
137
diff
changeset
|
114 |
fun getPassword(account: Account): String? {
|
| 0 | 115 |
val encryptedPassword: String? = android.accounts.Account(account.username, ACCOUNT_TYPE).let {
|
116 |
accountManager.getPassword(it) |
|
117 |
} |
|
118 |
return encryptedPassword?.let { decrypt(it) }
|
|
119 |
} |
|
120 |
||
121 |
fun fromAndroidAccount(androidAccount: android.accounts.Account): Account {
|
|
|
163
07a90afdb9db
StrictMode: TinyrssAcountManager: start allowing disk read for a few methods
Da Risk <da_risk@geekorum.com>
parents:
137
diff
changeset
|
122 |
return withStrictMode(StrictMode.allowThreadDiskReads()) {
|
|
07a90afdb9db
StrictMode: TinyrssAcountManager: start allowing disk read for a few methods
Da Risk <da_risk@geekorum.com>
parents:
137
diff
changeset
|
123 |
check(ACCOUNT_TYPE == androidAccount.type) { "Invalid account type ${androidAccount.type}" }
|
|
07a90afdb9db
StrictMode: TinyrssAcountManager: start allowing disk read for a few methods
Da Risk <da_risk@geekorum.com>
parents:
137
diff
changeset
|
124 |
val url = accountManager.getUserData(androidAccount, AccountAuthenticator.USERDATA_URL) |
|
07a90afdb9db
StrictMode: TinyrssAcountManager: start allowing disk read for a few methods
Da Risk <da_risk@geekorum.com>
parents:
137
diff
changeset
|
125 |
Account(androidAccount.name, url) |
|
07a90afdb9db
StrictMode: TinyrssAcountManager: start allowing disk read for a few methods
Da Risk <da_risk@geekorum.com>
parents:
137
diff
changeset
|
126 |
} |
| 0 | 127 |
} |
128 |
||
|
712
fc75653c8faf
app: Login, save ServerInformation when adding account
Da Risk <da_risk@geekorum.com>
parents:
611
diff
changeset
|
129 |
override fun updateServerInformation(account: Account, serverInformation: ServerInformation) {
|
|
104
8b4047ebec59
Accounts: store a ServerInformation in the account manager
Da Risk <da_risk@geekorum.com>
parents:
80
diff
changeset
|
130 |
val androidAccount = android.accounts.Account(account.username, ACCOUNT_TYPE) |
|
8b4047ebec59
Accounts: store a ServerInformation in the account manager
Da Risk <da_risk@geekorum.com>
parents:
80
diff
changeset
|
131 |
val encryptedPassword = serverInformation.basicHttpAuthPassword?.let { encrypt(it) }
|
|
8b4047ebec59
Accounts: store a ServerInformation in the account manager
Da Risk <da_risk@geekorum.com>
parents:
80
diff
changeset
|
132 |
accountManager.run {
|
|
8b4047ebec59
Accounts: store a ServerInformation in the account manager
Da Risk <da_risk@geekorum.com>
parents:
80
diff
changeset
|
133 |
setUserData(androidAccount, AccountAuthenticator.USERDATA_URL, serverInformation.apiUrl) |
|
163
07a90afdb9db
StrictMode: TinyrssAcountManager: start allowing disk read for a few methods
Da Risk <da_risk@geekorum.com>
parents:
137
diff
changeset
|
134 |
setUserData(androidAccount, AccountAuthenticator.USERDATA_BASIC_HTTP_AUTH_USERNAME, |
|
07a90afdb9db
StrictMode: TinyrssAcountManager: start allowing disk read for a few methods
Da Risk <da_risk@geekorum.com>
parents:
137
diff
changeset
|
135 |
serverInformation.basicHttpAuthUsername) |
|
104
8b4047ebec59
Accounts: store a ServerInformation in the account manager
Da Risk <da_risk@geekorum.com>
parents:
80
diff
changeset
|
136 |
setUserData(androidAccount, AccountAuthenticator.USERDATA_BASIC_HTTP_AUTH_PASSWORD, encryptedPassword) |
|
8b4047ebec59
Accounts: store a ServerInformation in the account manager
Da Risk <da_risk@geekorum.com>
parents:
80
diff
changeset
|
137 |
} |
|
8b4047ebec59
Accounts: store a ServerInformation in the account manager
Da Risk <da_risk@geekorum.com>
parents:
80
diff
changeset
|
138 |
} |
|
8b4047ebec59
Accounts: store a ServerInformation in the account manager
Da Risk <da_risk@geekorum.com>
parents:
80
diff
changeset
|
139 |
|
|
163
07a90afdb9db
StrictMode: TinyrssAcountManager: start allowing disk read for a few methods
Da Risk <da_risk@geekorum.com>
parents:
137
diff
changeset
|
140 |
fun getServerInformation(account: Account): ServerInformation {
|
|
104
8b4047ebec59
Accounts: store a ServerInformation in the account manager
Da Risk <da_risk@geekorum.com>
parents:
80
diff
changeset
|
141 |
val androidAccount = android.accounts.Account(account.username, ACCOUNT_TYPE) |
|
8b4047ebec59
Accounts: store a ServerInformation in the account manager
Da Risk <da_risk@geekorum.com>
parents:
80
diff
changeset
|
142 |
return object : ServerInformation() {
|
|
8b4047ebec59
Accounts: store a ServerInformation in the account manager
Da Risk <da_risk@geekorum.com>
parents:
80
diff
changeset
|
143 |
override val apiUrl: String |
|
163
07a90afdb9db
StrictMode: TinyrssAcountManager: start allowing disk read for a few methods
Da Risk <da_risk@geekorum.com>
parents:
137
diff
changeset
|
144 |
get() = accountManager.getUserData(androidAccount, AccountAuthenticator.USERDATA_URL) |
|
104
8b4047ebec59
Accounts: store a ServerInformation in the account manager
Da Risk <da_risk@geekorum.com>
parents:
80
diff
changeset
|
145 |
|
|
8b4047ebec59
Accounts: store a ServerInformation in the account manager
Da Risk <da_risk@geekorum.com>
parents:
80
diff
changeset
|
146 |
override val basicHttpAuthUsername: String? |
|
163
07a90afdb9db
StrictMode: TinyrssAcountManager: start allowing disk read for a few methods
Da Risk <da_risk@geekorum.com>
parents:
137
diff
changeset
|
147 |
get() = accountManager.getUserData(androidAccount, |
|
07a90afdb9db
StrictMode: TinyrssAcountManager: start allowing disk read for a few methods
Da Risk <da_risk@geekorum.com>
parents:
137
diff
changeset
|
148 |
AccountAuthenticator.USERDATA_BASIC_HTTP_AUTH_USERNAME) |
|
104
8b4047ebec59
Accounts: store a ServerInformation in the account manager
Da Risk <da_risk@geekorum.com>
parents:
80
diff
changeset
|
149 |
|
|
8b4047ebec59
Accounts: store a ServerInformation in the account manager
Da Risk <da_risk@geekorum.com>
parents:
80
diff
changeset
|
150 |
override val basicHttpAuthPassword: String? |
|
8b4047ebec59
Accounts: store a ServerInformation in the account manager
Da Risk <da_risk@geekorum.com>
parents:
80
diff
changeset
|
151 |
get() {
|
|
8b4047ebec59
Accounts: store a ServerInformation in the account manager
Da Risk <da_risk@geekorum.com>
parents:
80
diff
changeset
|
152 |
val encryptedPassword = accountManager.getUserData(androidAccount, |
|
8b4047ebec59
Accounts: store a ServerInformation in the account manager
Da Risk <da_risk@geekorum.com>
parents:
80
diff
changeset
|
153 |
AccountAuthenticator.USERDATA_BASIC_HTTP_AUTH_PASSWORD) |
|
8b4047ebec59
Accounts: store a ServerInformation in the account manager
Da Risk <da_risk@geekorum.com>
parents:
80
diff
changeset
|
154 |
return try {
|
|
8b4047ebec59
Accounts: store a ServerInformation in the account manager
Da Risk <da_risk@geekorum.com>
parents:
80
diff
changeset
|
155 |
encryptedPassword?.let { decrypt(it) }
|
|
8b4047ebec59
Accounts: store a ServerInformation in the account manager
Da Risk <da_risk@geekorum.com>
parents:
80
diff
changeset
|
156 |
} catch (e: Exception) {
|
|
8b4047ebec59
Accounts: store a ServerInformation in the account manager
Da Risk <da_risk@geekorum.com>
parents:
80
diff
changeset
|
157 |
Timber.w(e, "unable to decrypt basic http auth password") |
|
8b4047ebec59
Accounts: store a ServerInformation in the account manager
Da Risk <da_risk@geekorum.com>
parents:
80
diff
changeset
|
158 |
null |
|
8b4047ebec59
Accounts: store a ServerInformation in the account manager
Da Risk <da_risk@geekorum.com>
parents:
80
diff
changeset
|
159 |
} |
|
8b4047ebec59
Accounts: store a ServerInformation in the account manager
Da Risk <da_risk@geekorum.com>
parents:
80
diff
changeset
|
160 |
} |
|
8b4047ebec59
Accounts: store a ServerInformation in the account manager
Da Risk <da_risk@geekorum.com>
parents:
80
diff
changeset
|
161 |
} |
|
8b4047ebec59
Accounts: store a ServerInformation in the account manager
Da Risk <da_risk@geekorum.com>
parents:
80
diff
changeset
|
162 |
} |
|
8b4047ebec59
Accounts: store a ServerInformation in the account manager
Da Risk <da_risk@geekorum.com>
parents:
80
diff
changeset
|
163 |
|
|
8b4047ebec59
Accounts: store a ServerInformation in the account manager
Da Risk <da_risk@geekorum.com>
parents:
80
diff
changeset
|
164 |
|
| 0 | 165 |
private fun decrypt(encryptedPassword: String): String {
|
166 |
val lines = encryptedPassword.lines() |
|
167 |
val encryptedPasswordPart = lines[0] |
|
| 80 | 168 |
val iv = Base64.decode(lines[1], Base64.NO_WRAP) |
| 0 | 169 |
val tlen = lines[2].toInt() |
| 80 | 170 |
val input = Base64.decode(encryptedPasswordPart, Base64.NO_WRAP) |
| 0 | 171 |
val gcmParameterSpec = GCMParameterSpec(tlen, iv) |
172 |
val output = secretCipher.decrypt(input, gcmParameterSpec) |
|
173 |
return output.toString(Charsets.UTF_8) |
|
174 |
} |
|
175 |
||
176 |
private fun encrypt(plaintextPassword: String): String {
|
|
177 |
val input = plaintextPassword.toByteArray(Charsets.UTF_8) |
|
178 |
val output = secretCipher.encrypt(input) |
|
| 80 | 179 |
val base64EncryptedPassword = Base64.encodeToString(output, Base64.NO_WRAP) |
| 0 | 180 |
val gcmParameterSpec = secretCipher.parametersSpec |
| 80 | 181 |
val base64IV = Base64.encodeToString(gcmParameterSpec.iv, Base64.NO_WRAP) |
|
163
07a90afdb9db
StrictMode: TinyrssAcountManager: start allowing disk read for a few methods
Da Risk <da_risk@geekorum.com>
parents:
137
diff
changeset
|
182 |
return "$base64EncryptedPassword\n$$base64IV\n${gcmParameterSpec.tLen}\n"
|
| 0 | 183 |
} |
184 |
} |
|
185 |