feat: UUI-498 prevent obsufscation shared prefs #108
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Refactor Client to make it testable. * Fix Gradle test source directory. * Remove not implemented test class. * Add tests for Client.loginUrl. * Move Client class to correct package. * Unify ClientConfiguration class. * Reformat code.
Only have one generic storage abstraction, writing data to SharedPreferences.
* Remove (so far) unused HTTP calls. * Remove use of client authentication * Add UserTokenResponse class. * Add callback as parameter.
* Refactor util methods to separate object. * Create new activity handling deep link after final redirect_uri.
* Refactor util methods to separate object. * Create new activity handling deep link to final redirect_uri. * Fix UserTokenResponse.toString * Prepare for ID Token validation after tokens are fetched. * Rename WebFlowData->AuthState. * Implement ID Token validation according to spec. See https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation * Make JWKS fetching asynchronously. To avoid network call on main thread. * Read integer user id from correct claim in ID Token.
* Move Util object to util package. * Fix consistent naming. * Make Schibsted account retrofit service private. * More naming inconsistencies fixed. * Make everything that can be internal.
* Add data class for user token request parameters. * Make SchibstedAccountApi testable and add actual tests. * Replace stdlib Result with ResultOrError in all methods. * Rename for consistent casing.
Replace stdlib Result with ResultOrError in IdTokenValidator.
Also print all tests when running via Gradle.
It has been replaced by User.bind method.
* add login prompt layout * Bump sdk versions * Bump robolectric to version that supports android 33 * Apply review remarks
Co-authored-by: [email protected] <[email protected]> Co-authored-by: niculescu-bogdan-constantin <[email protected]> Co-authored-by: Samuel Gulliksson <[email protected]>
* Throw different error type if user cancels login * Check error before state - throw NotAuthed.CancelledByUser error * Fix typo
* feat: login prompt content provider implementation * refactor: content provider interaction logic moved to SessionInfoManager class * feat: fetching content provider authorities from the package manager; checking is session on the device exists * chore: refactored loginPrompt classes code style * refactor: move sessionInfoManager to sharedPreferencesStorage class * refactor: fix compatibility issues with PackageManager.MATCH_ALL * refactor: login prompt content provider refactor on xserxses comments * Add loginPromptManager (#73) * Add loginPromptManager * Add translations (#82) * call loginPrompt from Client (#84) * call loginPrompt from Client clean main activity Run requestLoginPrompt in background thread * Login promp tracking (#80) * Propose SchibstedAccountTracking public and internal API * Present tracking API in ExampleApp * Document API * More readable logging * Initial events for show/hide login prompt * Tracking events for clicks * Update events (#86) * Add final tracking events --------- Co-authored-by: filip-misztal <[email protected]> Co-authored-by: bogdan-niculescu-sch <[email protected]> * Fill in readme (#89) - apply outstanding review remark * Throw different error type if user cancels login (#83) * Throw different error type if user cancels login * Check error before state - throw NotAuthed.CancelledByUser error * Fix typo * Update webflows/src/main/java/com/schibsted/account/webflows/util/Util.kt Co-authored-by: Filip Misztal <[email protected]> * Review remarks before merge (#90) * initial cleanup * make tracking thread safe - small review remarks * cleanup layout * code cleanup * add localized logos * Update logos * fix dialog showing check * apply review remark * Fix query period on content provider getSessions * Change DB primary key to packageName for content provider (#91) * Change db primary key to packagename for content provider * On conclict - replace with new values * user writable database for writting --------- Co-authored-by: filip-misztal <[email protected]> * Use "use" to be more safe in case of failures + Nice syntax (#92) * Use use to be more safe * Even more idiomatic Kotlin --------- Co-authored-by: filip-misztal <[email protected]> * Send cancel event on eid user cancel (#93) * Send cancel event on eid user cancel * Small Readme update * Login prompt crash (#94) * Pass intent via argument instead of whole client * Prevent adding twice --------- Co-authored-by: filip-misztal <[email protected]> * add support for norsk bokmal and norsk nynorsk (#96) * add serverUrl to content provider query (#95) * check for local session before showing login prompt (#97) * check for local session before showing login prompt * apply review remark * Check also for presence - not only callback type (#98) Co-authored-by: filip-misztal <[email protected]> * Dismiss prompt when login is initiated (#99) Co-authored-by: filip-misztal <[email protected]> * Remove login promp on login click (#100) * Dismiss prompt when login is initiated * Better place * This is no longer needed --------- Co-authored-by: filip-misztal <[email protected]> * add extra properties for events (#101) * add extra properties for events * Update readme and minor cleanup --------- Co-authored-by: wbaklazec-sch <[email protected]> Co-authored-by: bogdan-niculescu-sch <[email protected]> Co-authored-by: filip-misztal <[email protected]>
Update README.md
Co-authored-by: filip-misztal <[email protected]>
pklawikowski-schibsted
changed the title
pklawikowski-schibsted
requested review from
MarcinGie,
PiotrDabrowskiSTP,
bogdan-niculescu-sch and
xserxses
MarcinGie
approved these changes
Apr 19, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
UUI-498
TODO: After accepting RC build, Log.d and println's will be removed before merging and final version release