mnalis/apps-android-commons
1
0
Fork 0
mirror of https://github.com/commons-app/apps-android-commons.git synced 2025-10-28 21:33:53 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Refactor CSRF token API to move it into the main commons code base (#5472)

Browse source 
* Remove redundent constructor parameter

* Converted the CsrfTokenClient and test to kotlin

* Moved getCsrfTokenCall() out of the data client
This commit is contained in:
Paul Hawke 2024-01-24 07:15:51 -06:00 committed by GitHub
parent e8e87b1d1c
commit 97a208dcfa
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
14 changed files with 263 additions and 348 deletions
Download patch file Download diff file Expand all files Collapse all files

247
app/src/main/java/fr/free/nrw/commons/auth/csrf/CsrfTokenClient.java
View file

@ -1,247 +0,0 @@
package fr.free.nrw.commons.auth.csrf;
import android.text.TextUtils;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import androidx.annotation.VisibleForTesting;
import java.util.concurrent.Callable;
import java.util.concurrent.Executors;
import org.wikipedia.AppAdapter;
import org.wikipedia.dataclient.Service;
import org.wikipedia.dataclient.ServiceFactory;
import org.wikipedia.dataclient.SharedPreferenceCookieManager;
import org.wikipedia.dataclient.WikiSite;
import org.wikipedia.dataclient.mwapi.MwQueryResponse;
import org.wikipedia.login.LoginClient;
import org.wikipedia.login.LoginResult;
import org.wikipedia.util.log.L;
import java.io.IOException;
import retrofit2.Call;
import retrofit2.Response;
public class CsrfTokenClient {
private static final String ANON_TOKEN = "+\\";
private static final int MAX_RETRIES = 1;
private static final int MAX_RETRIES_OF_LOGIN_BLOCKING = 2;
@NonNull private final WikiSite csrfWikiSite;
@NonNull private final WikiSite loginWikiSite;
private int retries = 0;
@Nullable private Call<MwQueryResponse> csrfTokenCall;
@NonNull private LoginClient loginClient = new LoginClient();
public CsrfTokenClient(@NonNull WikiSite csrfWikiSite, @NonNull WikiSite loginWikiSite) {
this.csrfWikiSite = csrfWikiSite;
this.loginWikiSite = loginWikiSite;
}
public void request(@NonNull final Callback callback) {
request(false, callback);
}
public void request(boolean forceLogin, @NonNull final Callback callback) {
cancel();
if (forceLogin) {
retryWithLogin(new RuntimeException("Forcing login..."), callback);
return;
}
csrfTokenCall = request(ServiceFactory.get(csrfWikiSite), callback);
}
public void cancel() {
loginClient.cancel();
if (csrfTokenCall != null) {
csrfTokenCall.cancel();
csrfTokenCall = null;
}
}
@VisibleForTesting
@NonNull
Call<MwQueryResponse> request(@NonNull Service service, @NonNull final Callback cb) {
return requestToken(service, new CsrfTokenClient.Callback() {
@Override public void success(@NonNull String token) {
if (AppAdapter.get().isLoggedIn() && token.equals(ANON_TOKEN)) {
retryWithLogin(new RuntimeException("App believes we're logged in, but got anonymous token."), cb);
} else {
cb.success(token);
}
}
@Override public void failure(@NonNull Throwable caught) {
retryWithLogin(caught, cb);
}
@Override
public void twoFactorPrompt() {
cb.twoFactorPrompt();
}
});
}
private void retryWithLogin(@NonNull Throwable caught, @NonNull final Callback callback) {
if (retries < MAX_RETRIES
&& !TextUtils.isEmpty(AppAdapter.get().getUserName())
&& !TextUtils.isEmpty(AppAdapter.get().getPassword())) {
retries++;
SharedPreferenceCookieManager.getInstance().clearAllCookies();
login(AppAdapter.get().getUserName(), AppAdapter.get().getPassword(), () -> {
L.i("retrying...");
request(callback);
}, callback);
} else {
callback.failure(caught);
}
}
private void login(@NonNull final String username, @NonNull final String password,
@NonNull final RetryCallback retryCallback,
@NonNull final Callback callback) {
new LoginClient().request(loginWikiSite, username, password,
new LoginClient.LoginCallback() {
@Override
public void success(@NonNull LoginResult loginResult) {
if (loginResult.pass()) {
AppAdapter.get().updateAccount(loginResult);
retryCallback.retry();
} else {
callback.failure(new LoginClient.LoginFailedException(loginResult.getMessage()));
}
}
@Override
public void twoFactorPrompt(@NonNull Throwable caught, @Nullable String token) {
callback.twoFactorPrompt();
}
@Override public void passwordResetPrompt(@Nullable String token) {
// Should not happen here, but call the callback just in case.
callback.failure(new LoginClient.LoginFailedException("Logged in with temporary password."));
}
@Override
public void error(@NonNull Throwable caught) {
callback.failure(caught);
}
});
}
@NonNull public String getTokenBlocking() throws Throwable {
String token = "";
Service service = ServiceFactory.get(csrfWikiSite);
for (int retry = 0; retry < MAX_RETRIES_OF_LOGIN_BLOCKING; retry++) {
try {
if (retry > 0) {
// Log in explicitly
new LoginClient().loginBlocking(loginWikiSite, AppAdapter.get().getUserName(),
AppAdapter.get().getPassword(), "");
}
// Get CSRFToken response off the main thread.
Response<MwQueryResponse> response = Executors.newSingleThreadExecutor().submit(new CsrfTokenCallExecutor(service)).get();
if (response.body() == null || response.body().query() == null
|| TextUtils.isEmpty(response.body().query().csrfToken())) {
continue;
}
token = response.body().query().csrfToken();
if (AppAdapter.get().isLoggedIn() && token.equals(ANON_TOKEN)) {
throw new RuntimeException("App believes we're logged in, but got anonymous token.");
}
break;
} catch (Throwable t) {
L.w(t);
}
}
if (TextUtils.isEmpty(token) || token.equals(ANON_TOKEN)) {
throw new IOException("Invalid token, or login failure.");
}
return token;
}
@VisibleForTesting @NonNull Call<MwQueryResponse> requestToken(@NonNull Service service,
@NonNull final Callback cb) {
Call<MwQueryResponse> call = service.getCsrfTokenCall();
call.enqueue(new retrofit2.Callback<MwQueryResponse>() {
@Override
public void onResponse(@NonNull Call<MwQueryResponse> call, @NonNull Response<MwQueryResponse> response) {
if (call.isCanceled()) {
return;
}
cb.success(response.body().query().csrfToken());
}
@Override
public void onFailure(@NonNull Call<MwQueryResponse> call, @NonNull Throwable t) {
if (call.isCanceled()) {
return;
}
cb.failure(t);
}
});
return call;
}
public interface Callback {
void success(@NonNull String token);
void failure(@NonNull Throwable caught);
void twoFactorPrompt();
}
public static class DefaultCallback implements Callback {
@Override
public void success(@NonNull String token) {
}
@Override
public void failure(@NonNull Throwable caught) {
L.e(caught);
}
@Override
public void twoFactorPrompt() {
// TODO:
}
}
private interface RetryCallback {
void retry();
}
/**
* Class CsrfTokenCallExecutor which implement callable interface to get CsrfTokenCall.
*/
class CsrfTokenCallExecutor implements Callable<Response<MwQueryResponse>> {
/**
* Service for token call.
*/
private Service service;
/**
* Default Constructor.
* @param service
*/
public CsrfTokenCallExecutor(Service service){
this.service = service;
}
/**
* Computes a result, or throws an exception if unable to do so.
*
* @return computed result
* @throws Exception if unable to compute a result
*/
@Override
public Response<MwQueryResponse> call() throws Exception {
return service.getCsrfTokenCall().execute();
}
}
}

163
app/src/main/java/fr/free/nrw/commons/auth/csrf/CsrfTokenClient.kt Normal file
View file

@ -0,0 +1,163 @@
package fr.free.nrw.commons.auth.csrf
import androidx.annotation.VisibleForTesting
import org.wikipedia.AppAdapter
import org.wikipedia.dataclient.ServiceFactory
import org.wikipedia.dataclient.SharedPreferenceCookieManager
import org.wikipedia.dataclient.WikiSite
import org.wikipedia.dataclient.mwapi.MwQueryResponse
import org.wikipedia.login.LoginClient
import org.wikipedia.login.LoginClient.LoginCallback
import org.wikipedia.login.LoginClient.LoginFailedException
import org.wikipedia.login.LoginResult
import retrofit2.Call
import retrofit2.Response
import timber.log.Timber
import java.io.IOException
import java.util.concurrent.Callable
import java.util.concurrent.Executors.newSingleThreadExecutor
class CsrfTokenClient(private val csrfWikiSite: WikiSite) {
private var retries = 0
private var csrfTokenCall: Call<MwQueryResponse?>? = null
private val loginClient = LoginClient()
@Throws(Throwable::class)
fun getTokenBlocking(): String {
var token = ""
val service = ServiceFactory.get(csrfWikiSite, CsrfTokenInterface::class.java)
val userName = AppAdapter.get().getUserName()
val password = AppAdapter.get().getPassword()
for (retry in 0 until MAX_RETRIES_OF_LOGIN_BLOCKING) {
try {
if (retry > 0) {
// Log in explicitly
LoginClient().loginBlocking(csrfWikiSite, userName, password, "")
}
// Get CSRFToken response off the main thread.
val response = newSingleThreadExecutor().submit(Callable {
service.getCsrfTokenCall().execute()
}).get()
if (response.body()?.query()?.csrfToken().isNullOrEmpty()) {
continue
}
token = response.body()!!.query()!!.csrfToken()!!
if (AppAdapter.get().isLoggedIn() && token == ANON_TOKEN) {
throw RuntimeException("App believes we're logged in, but got anonymous token.")
}
break
} catch (t: Throwable) {
Timber.w(t)
}
}
if (token.isEmpty() || token == ANON_TOKEN) {
throw IOException("Invalid token, or login failure.")
}
return token
}
@VisibleForTesting
fun request(service: CsrfTokenInterface, cb: Callback): Call<MwQueryResponse?> =
requestToken(service, object : Callback {
override fun success(token: String?) {
if (AppAdapter.get().isLoggedIn() && token == ANON_TOKEN) {
retryWithLogin(cb) {
RuntimeException("App believes we're logged in, but got anonymous token.")
}
} else {
cb.success(token)
}
}
override fun failure(caught: Throwable?) = retryWithLogin(cb) { caught }
override fun twoFactorPrompt() = cb.twoFactorPrompt()
})
@VisibleForTesting
fun requestToken(service: CsrfTokenInterface, cb: Callback): Call<MwQueryResponse?> {
val call = service.getCsrfTokenCall()
call.enqueue(object : retrofit2.Callback<MwQueryResponse?> {
override fun onResponse(call: Call<MwQueryResponse?>, response: Response<MwQueryResponse?>) {
if (call.isCanceled) {
return
}
cb.success(response.body()!!.query()!!.csrfToken())
}
override fun onFailure(call: Call<MwQueryResponse?>, t: Throwable) {
if (call.isCanceled) {
return
}
cb.failure(t)
}
})
return call
}
private fun retryWithLogin(callback: Callback, caught: () -> Throwable?) {
val userName = AppAdapter.get().getUserName()
val password = AppAdapter.get().getPassword()
if (retries < MAX_RETRIES && !userName.isNullOrEmpty() && !password.isNullOrEmpty()) {
retries++
SharedPreferenceCookieManager.getInstance().clearAllCookies()
login(userName, password, callback) {
Timber.i("retrying...")
cancel()
csrfTokenCall = request(ServiceFactory.get(csrfWikiSite, CsrfTokenInterface::class.java), callback)
}
} else {
callback.failure(caught())
}
}
private fun login(
username: String,
password: String,
callback: Callback,
retryCallback: () -> Unit
) = LoginClient().request(csrfWikiSite, username, password, object : LoginCallback {
override fun success(loginResult: LoginResult) {
if (loginResult.pass()) {
AppAdapter.get().updateAccount(loginResult)
retryCallback()
} else {
callback.failure(LoginFailedException(loginResult.message))
}
}
override fun twoFactorPrompt(caught: Throwable, token: String?) =
callback.twoFactorPrompt()
// Should not happen here, but call the callback just in case.
override fun passwordResetPrompt(token: String?) =
callback.failure(LoginFailedException("Logged in with temporary password."))
override fun error(caught: Throwable) = callback.failure(caught)
})
private fun cancel() {
loginClient.cancel()
if (csrfTokenCall != null) {
csrfTokenCall!!.cancel()
csrfTokenCall = null
}
}
interface Callback {
fun success(token: String?)
fun failure(caught: Throwable?)
fun twoFactorPrompt()
}
companion object {
private const val ANON_TOKEN = "+\\"
private const val MAX_RETRIES = 1
private const val MAX_RETRIES_OF_LOGIN_BLOCKING = 2
}
}

13
app/src/main/java/fr/free/nrw/commons/auth/csrf/CsrfTokenInterface.kt Normal file
View file

@ -0,0 +1,13 @@
package fr.free.nrw.commons.auth.csrf
import org.wikipedia.dataclient.Service
import org.wikipedia.dataclient.mwapi.MwQueryResponse
import retrofit2.Call
import retrofit2.http.GET
import retrofit2.http.Headers
interface CsrfTokenInterface {
@Headers("Cache-Control: no-cache")
@GET(Service.MW_API_PREFIX + "action=query&meta=tokens&type=csrf")
fun getCsrfTokenCall(): Call<MwQueryResponse?>
}