msb-public
/
FairEmail
mirror of https://github.com/M66B/FairEmail.git
1
0
Code Issues Projects Releases Wiki Activity

Replaced MSAL by OAuth

Browse Source
pull/170/head
M66B 6 years ago
parent f496a0fa6c
commit 1dc56ae41c
6 changed files with 275 additions and 278 deletions
Show Stats Download Patch File Download Diff File

3
app/build.gradle
Unescape View File

@ -334,9 +334,6 @@ dependencies {
// // https://github.com/QuadFlask/colorpicker // // https://github.com/QuadFlask/colorpicker
implementation "com.github.QuadFlask:colorpicker:$colorpicker_version" implementation "com.github.QuadFlask:colorpicker:$colorpicker_version"
// https://github.com/AzureAD/microsoft-authentication-library-for-android
implementation "com.microsoft.identity.client:msal:$msal_version"
// https://mvnrepository.com/artifact/org.bouncycastle/bcpkix-jdk15on // https://mvnrepository.com/artifact/org.bouncycastle/bcpkix-jdk15on
implementation "org.bouncycastle:bcpkix-jdk15to18:$bouncycastle_version" implementation "org.bouncycastle:bcpkix-jdk15to18:$bouncycastle_version"
//implementation "org.bouncycastle:bcmail-jdk15to18:$bouncycastle_version" //implementation "org.bouncycastle:bcmail-jdk15to18:$bouncycastle_version"

162
app/src/main/java/eu/faircode/email/ActivitySetup.java
Unescape View File

@ -66,14 +66,9 @@ import androidx.recyclerview.widget.LinearLayoutManager;
import androidx.recyclerview.widget.RecyclerView; import androidx.recyclerview.widget.RecyclerView;
import com.google.android.material.textfield.TextInputLayout; import com.google.android.material.textfield.TextInputLayout;
import com.microsoft.identity.client.AuthenticationCallback;
import com.microsoft.identity.client.IAuthenticationResult;
import com.microsoft.identity.client.IMultipleAccountPublicClientApplication;
import com.microsoft.identity.client.IPublicClientApplication;
import com.microsoft.identity.client.PublicClientApplication;
import com.microsoft.identity.client.exception.MsalException;
import net.openid.appauth.AppAuthConfiguration; import net.openid.appauth.AppAuthConfiguration;
import net.openid.appauth.AuthState;
import net.openid.appauth.AuthorizationException; import net.openid.appauth.AuthorizationException;
import net.openid.appauth.AuthorizationRequest; import net.openid.appauth.AuthorizationRequest;
import net.openid.appauth.AuthorizationResponse; import net.openid.appauth.AuthorizationResponse;
@ -81,6 +76,7 @@ import net.openid.appauth.AuthorizationService;
import net.openid.appauth.AuthorizationServiceConfiguration; import net.openid.appauth.AuthorizationServiceConfiguration;
import net.openid.appauth.ClientAuthentication; import net.openid.appauth.ClientAuthentication;
import net.openid.appauth.ClientSecretPost; import net.openid.appauth.ClientSecretPost;
import net.openid.appauth.NoClientAuthentication;
import net.openid.appauth.ResponseTypeValues; import net.openid.appauth.ResponseTypeValues;
import net.openid.appauth.TokenResponse; import net.openid.appauth.TokenResponse;
import net.openid.appauth.browser.BrowserBlacklist; import net.openid.appauth.browser.BrowserBlacklist;
@ -328,7 +324,6 @@ public class ActivitySetup extends ActivityBase implements FragmentManager.OnBac
IntentFilter iff = new IntentFilter(); IntentFilter iff = new IntentFilter();
iff.addAction(ACTION_QUICK_GMAIL); iff.addAction(ACTION_QUICK_GMAIL);
iff.addAction(ACTION_QUICK_OAUTH); iff.addAction(ACTION_QUICK_OAUTH);
iff.addAction(ACTION_QUICK_OUTLOOK);
iff.addAction(ACTION_QUICK_SETUP); iff.addAction(ACTION_QUICK_SETUP);
iff.addAction(ACTION_VIEW_ACCOUNTS); iff.addAction(ACTION_VIEW_ACCOUNTS);
iff.addAction(ACTION_VIEW_IDENTITIES); iff.addAction(ACTION_VIEW_IDENTITIES);
@ -1160,10 +1155,7 @@ public class ActivitySetup extends ActivityBase implements FragmentManager.OnBac
fragmentTransaction.commit(); fragmentTransaction.commit();
} }
private void onOAuth(Intent intent) { private AuthorizationService getAuthorizationService() {
String name = intent.getStringExtra("name");
for (EmailProvider provider : EmailProvider.loadProfiles(this))
if (provider.name.equals(name) && provider.oauth != null) {
AppAuthConfiguration appAuthConfig = new AppAuthConfiguration.Builder() AppAuthConfiguration appAuthConfig = new AppAuthConfiguration.Builder()
.setBrowserMatcher(new BrowserBlacklist( .setBrowserMatcher(new BrowserBlacklist(
new VersionedBrowserMatcher( new VersionedBrowserMatcher(
@ -1174,94 +1166,112 @@ public class ActivitySetup extends ActivityBase implements FragmentManager.OnBac
))) )))
.build(); .build();
AuthorizationService authService = new AuthorizationService(this, appAuthConfig); return new AuthorizationService(this, appAuthConfig);
}
private void onOAuth(Intent intent) {
try {
String name = intent.getStringExtra("name");
for (EmailProvider provider : EmailProvider.loadProfiles(this))
if (provider.name.equals(name) && provider.oauth != null) {
AuthorizationServiceConfiguration serviceConfig = new AuthorizationServiceConfiguration(
Uri.parse(provider.oauth.authorizationEndpoint),
Uri.parse(provider.oauth.tokenEndpoint));
AuthState authState = new AuthState(serviceConfig);
SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
prefs.edit().putString("oauth." + provider.name, authState.jsonSerializeString()).apply();
AuthorizationRequest authRequest = AuthorizationRequest authRequest =
new AuthorizationRequest.Builder( new AuthorizationRequest.Builder(
new AuthorizationServiceConfiguration( serviceConfig,
Uri.parse(provider.oauth.authorizationEndpoint),
Uri.parse(provider.oauth.tokenEndpoint)),
provider.oauth.clientId, provider.oauth.clientId,
ResponseTypeValues.CODE, ResponseTypeValues.CODE,
Uri.parse(provider.oauth.redirectUri)) Uri.parse(provider.oauth.redirectUri))
.setScopes(provider.oauth.scopes) .setScopes(provider.oauth.scopes)
.setState(name) .setState(provider.name)
.build(); .build();
Intent authIntent = authService.getAuthorizationRequestIntent(authRequest); Intent authIntent = getAuthorizationService().getAuthorizationRequestIntent(authRequest);
startActivityForResult(authIntent, REQUEST_OAUTH); startActivityForResult(authIntent, REQUEST_OAUTH);
return; return;
} }
Log.unexpectedError(getSupportFragmentManager(), throw new IllegalArgumentException("Unknown provider=" + name);
new IllegalArgumentException("Unknown provider=" + name)); } catch (Throwable ex) {
Log.unexpectedError(getSupportFragmentManager(), ex);
}
} }
private void onHandleOAuth(Intent data) { private void onHandleOAuth(@NonNull Intent data) {
try {
AuthorizationResponse auth = AuthorizationResponse.fromIntent(data); AuthorizationResponse auth = AuthorizationResponse.fromIntent(data);
if (auth == null) { if (auth == null)
AuthorizationException ex = AuthorizationException.fromIntent(data); throw AuthorizationException.fromIntent(data);
Log.unexpectedError(getSupportFragmentManager(), ex);
return;
}
for (EmailProvider provider : EmailProvider.loadProfiles(this)) for (EmailProvider provider : EmailProvider.loadProfiles(this))
if (provider.name.equals(auth.state)) { if (provider.name.equals(auth.state)) {
AuthorizationService authService = new AuthorizationService(this);
ClientAuthentication clientAuth = new ClientSecretPost(provider.oauth.clientSecret); SharedPreferences prefs = PreferenceManager.getDefaultSharedPreferences(this);
authService.performTokenRequest( final AuthState authState = AuthState.jsonDeserialize(prefs.getString("oauth." + provider.name, null));
authState.update(auth, null);
prefs.edit().remove("oauth." + provider.name).apply();
ClientAuthentication clientAuth;
if (provider.oauth.clientSecret == null)
clientAuth = NoClientAuthentication.INSTANCE;
else
clientAuth = new ClientSecretPost(provider.oauth.clientSecret);
getAuthorizationService().performTokenRequest(
auth.createTokenExchangeRequest(), auth.createTokenExchangeRequest(),
clientAuth, clientAuth,
new AuthorizationService.TokenResponseCallback() { new AuthorizationService.TokenResponseCallback() {
@Override @Override
public void onTokenRequestCompleted(TokenResponse access, AuthorizationException ex) { public void onTokenRequestCompleted(TokenResponse access, AuthorizationException error) {
if (access == null) { try {
if (access == null)
throw error;
authState.update(access, null);
Log.i("OAuth token provider=" + provider.name);
if ("Outlook/Office365".equals(provider.name)) {
authState.performActionWithFreshTokens(getAuthorizationService(), new AuthState.AuthStateAction() {
@Override
public void execute(String accessToken, String idToken, AuthorizationException error) {
try {
if (error != null)
throw error;
onOutlook(accessToken, idToken);
} catch (Throwable ex) {
Log.unexpectedError(getSupportFragmentManager(), ex); Log.unexpectedError(getSupportFragmentManager(), ex);
return;
} }
}
});
} else
throw new IllegalArgumentException("Unknown action provider=" + provider.name);
// access.accessToken } catch (Throwable ex) {
Log.unexpectedError(getSupportFragmentManager(), ex);
}
} }
}); });
return; return;
} }
Log.unexpectedError(getSupportFragmentManager(), throw new IllegalArgumentException("Unknown state=" + auth.state);
new IllegalArgumentException("Unknown state=" + auth.state)); } catch (Throwable ex) {
Log.unexpectedError(getSupportFragmentManager(), ex);
}
} }
private void onOutlook(Intent intent) { private void onOutlook(String accessToken, String idToken) {
PublicClientApplication.createMultipleAccountPublicClientApplication(
this,
R.raw.msal_config,
new IPublicClientApplication.IMultipleAccountApplicationCreatedListener() {
@Override
public void onCreated(IMultipleAccountPublicClientApplication msal) {
Log.i("MSAL app created");
msal.acquireToken(
ActivitySetup.this,
// "openid", "offline_access", "profile", "email"
// https://docs.microsoft.com/en-us/graph/permissions-reference
new String[]{
"openid", "offline_access", "profile", "email",
"User.Read", "Mail.ReadWrite", "Mail.Send", "MailboxSettings.ReadWrite"},
new AuthenticationCallback() {
@Override
public void onSuccess(IAuthenticationResult result) {
Log.i("MSAL got token");
Bundle args = new Bundle(); Bundle args = new Bundle();
args.putString("token", result.getAccessToken()); args.putString("token", accessToken);
args.putString("id", result.getAccount().getId());
args.putString("tenant", result.getAccount().getTenantId());
Log.logBundle(args);
Map<String, ?> claims = result.getAccount().getClaims();
if (claims != null)
for (String key : claims.keySet())
Log.i(key + "=" + claims.get(key));
new SimpleTask<JSONObject>() { new SimpleTask<JSONObject>() {
@Override @Override
@ -1271,7 +1281,7 @@ public class ActivitySetup extends ActivityBase implements FragmentManager.OnBac
// https://docs.microsoft.com/en-us/graph/api/user-get?view=graph-rest-1.0&tabs=http#http-request // https://docs.microsoft.com/en-us/graph/api/user-get?view=graph-rest-1.0&tabs=http#http-request
URL url = new URL("https://graph.microsoft.com/v1.0/me" + URL url = new URL("https://graph.microsoft.com/v1.0/me" +
"?$select=displayName,otherMails"); "?$select=displayName,otherMails");
Log.i("MSAL fetching " + url); Log.i("MSGraph fetching " + url);
HttpURLConnection request = (HttpURLConnection) url.openConnection(); HttpURLConnection request = (HttpURLConnection) url.openConnection();
request.setReadTimeout(15 * 1000); request.setReadTimeout(15 * 1000);
@ -1283,7 +1293,7 @@ public class ActivitySetup extends ActivityBase implements FragmentManager.OnBac
request.connect(); request.connect();
try { try {
Log.i("MSAL getting response"); Log.i("MSGraph getting response");
String json = Helper.readStream(request.getInputStream(), StandardCharsets.UTF_8.name()); String json = Helper.readStream(request.getInputStream(), StandardCharsets.UTF_8.name());
return new JSONObject(json); return new JSONObject(json);
} finally { } finally {
@ -1293,7 +1303,7 @@ public class ActivitySetup extends ActivityBase implements FragmentManager.OnBac
@Override @Override
protected void onExecuted(Bundle args, JSONObject data) { protected void onExecuted(Bundle args, JSONObject data) {
Log.i("MSAL " + data); Log.i("MSGraph " + data);
try { try {
JSONArray otherMails = data.getJSONArray("otherMails"); JSONArray otherMails = data.getJSONArray("otherMails");
@ -1408,25 +1418,7 @@ public class ActivitySetup extends ActivityBase implements FragmentManager.OnBac
Log.unexpectedError(getSupportFragmentManager(), ex); Log.unexpectedError(getSupportFragmentManager(), ex);
} }
}.execute(ActivitySetup.this, args, "graph:profile"); }.execute(ActivitySetup.this, args, "graph:profile");
}
@Override
public void onError(MsalException ex) {
Log.e(ex);
}
@Override
public void onCancel() {
Log.w("MSAL cancelled");
}
});
}
@Override
public void onError(MsalException ex) {
Log.e("MSAL", ex);
}
});
} }
private void onViewQuickSetup(Intent intent) { private void onViewQuickSetup(Intent intent) {
@ -1580,8 +1572,6 @@ public class ActivitySetup extends ActivityBase implements FragmentManager.OnBac
onGmail(intent); onGmail(intent);
else if (ACTION_QUICK_OAUTH.equals(action)) else if (ACTION_QUICK_OAUTH.equals(action))
onOAuth(intent); onOAuth(intent);
else if (ACTION_QUICK_OUTLOOK.equals(action))
onOutlook(intent);
else if (ACTION_QUICK_SETUP.equals(action)) else if (ACTION_QUICK_SETUP.equals(action))
onViewQuickSetup(intent); onViewQuickSetup(intent);
else if (ACTION_VIEW_ACCOUNTS.equals(action)) else if (ACTION_VIEW_ACCOUNTS.equals(action))

2
app/src/main/java/eu/faircode/email/EmailProvider.java
Unescape View File

@ -132,6 +132,7 @@ public class EmailProvider {
provider.smtp.starttls = xml.getAttributeBooleanValue(null, "starttls", false); provider.smtp.starttls = xml.getAttributeBooleanValue(null, "starttls", false);
} else if ("oauth".equals(name)) { } else if ("oauth".equals(name)) {
provider.oauth = new OAuth(); provider.oauth = new OAuth();
provider.oauth.enabled = xml.getAttributeBooleanValue(null, "enabled", false);
provider.oauth.clientId = xml.getAttributeValue(null, "clientId"); provider.oauth.clientId = xml.getAttributeValue(null, "clientId");
provider.oauth.clientSecret = xml.getAttributeValue(null, "clientSecret"); provider.oauth.clientSecret = xml.getAttributeValue(null, "clientSecret");
provider.oauth.scopes = xml.getAttributeValue(null, "scopes").split(","); provider.oauth.scopes = xml.getAttributeValue(null, "scopes").split(",");
@ -661,6 +662,7 @@ public class EmailProvider {
} }
public static class OAuth { public static class OAuth {
boolean enabled;
String clientId; String clientId;
String clientSecret; String clientSecret;
String[] scopes; String[] scopes;

29
app/src/main/java/eu/faircode/email/FragmentSetup.java
Unescape View File

@ -166,22 +166,29 @@ public class FragmentSetup extends FragmentBase {
public void onClick(View v) { public void onClick(View v) {
PopupMenuLifecycle popupMenu = new PopupMenuLifecycle(getContext(), getViewLifecycleOwner(), btnQuick); PopupMenuLifecycle popupMenu = new PopupMenuLifecycle(getContext(), getViewLifecycleOwner(), btnQuick);
popupMenu.getMenu().add(Menu.NONE, R.string.title_setup_gmail, 1, R.string.title_setup_gmail); int order = 1;
popupMenu.getMenu().add(Menu.NONE, R.string.title_setup_gmail, order++, R.string.title_setup_gmail);
// Android 5 Lollipop does not support app links // Android 5 Lollipop does not support app links
if (BuildConfig.DEBUG && Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M)
popupMenu.getMenu().add(Menu.NONE, R.string.title_setup_gmail_oauth, 2, R.string.title_setup_gmail_oauth); for (EmailProvider provider : EmailProvider.loadProfiles(getContext()))
if (provider.oauth != null && (provider.oauth.enabled || BuildConfig.DEBUG))
popupMenu.getMenu()
.add(Menu.NONE, -1, order++, getString(R.string.title_setup_oauth, provider.name))
.setIntent(new Intent(ActivitySetup.ACTION_QUICK_OAUTH).putExtra("name", provider.name));
if (BuildConfig.DEBUG) popupMenu.getMenu().add(Menu.NONE, R.string.title_setup_activesync, order++, R.string.title_setup_activesync);
popupMenu.getMenu().add(Menu.NONE, R.string.title_setup_outlook, 3, R.string.title_setup_outlook); popupMenu.getMenu().add(Menu.NONE, R.string.title_setup_other, order++, R.string.title_setup_other);
popupMenu.getMenu().add(Menu.NONE, R.string.title_setup_activesync, 4, R.string.title_setup_activesync);
popupMenu.getMenu().add(Menu.NONE, R.string.title_setup_other, 5, R.string.title_setup_other);
popupMenu.setOnMenuItemClickListener(new PopupMenu.OnMenuItemClickListener() { popupMenu.setOnMenuItemClickListener(new PopupMenu.OnMenuItemClickListener() {
@Override @Override
public boolean onMenuItemClick(MenuItem item) { public boolean onMenuItemClick(MenuItem item) {
LocalBroadcastManager lbm = LocalBroadcastManager.getInstance(getContext()); LocalBroadcastManager lbm = LocalBroadcastManager.getInstance(getContext());
if (item.getIntent() != null) {
lbm.sendBroadcast(item.getIntent());
return true;
}
switch (item.getItemId()) { switch (item.getItemId()) {
case R.string.title_setup_gmail: case R.string.title_setup_gmail:
if (Helper.hasValidFingerprint(getContext())) if (Helper.hasValidFingerprint(getContext()))
@ -189,12 +196,6 @@ public class FragmentSetup extends FragmentBase {
else else
ToastEx.makeText(getContext(), R.string.title_setup_gmail_support, Toast.LENGTH_LONG).show(); ToastEx.makeText(getContext(), R.string.title_setup_gmail_support, Toast.LENGTH_LONG).show();
return true; return true;
case R.string.title_setup_gmail_oauth:
lbm.sendBroadcast(new Intent(ActivitySetup.ACTION_QUICK_OAUTH).putExtra("name", "Gmail"));
return true;
case R.string.title_setup_outlook:
lbm.sendBroadcast(new Intent(ActivitySetup.ACTION_QUICK_OUTLOOK));
return true;
case R.string.title_setup_activesync: case R.string.title_setup_activesync:
Helper.viewFAQ(getContext(), 133); Helper.viewFAQ(getContext(), 133);
return true; return true;

3
app/src/main/res/values/strings.xml
Unescape View File

@ -140,8 +140,7 @@
<string name="title_setup_wizard">Wizard</string> <string name="title_setup_wizard">Wizard</string>
<string name="title_setup_wizard_remark">Go \'back\' to go to the inbox</string> <string name="title_setup_wizard_remark">Go \'back\' to go to the inbox</string>
<string name="title_setup_gmail" translatable="false">Gmail</string> <string name="title_setup_gmail" translatable="false">Gmail</string>
<string name="title_setup_gmail_oauth" translatable="false">Gmail OAuth</string> <string name="title_setup_oauth" translatable="false">%1$s (OAuth)</string>
<string name="title_setup_outlook" translatable="false">Outlook</string>
<string name="title_setup_activesync" translatable="false">Exchange ActiveSync</string> <string name="title_setup_activesync" translatable="false">Exchange ActiveSync</string>
<string name="title_setup_other">Other provider</string> <string name="title_setup_other">Other provider</string>
<string name="title_setup_gmail_support">Authorizing Google accounts will work in official versions only because Android checks the app signature</string> <string name="title_setup_gmail_support">Authorizing Google accounts will work in official versions only because Android checks the app signature</string>

8
app/src/main/res/xml/providers.xml
Unescape View File

@ -18,6 +18,7 @@
authorizationEndpoint="https://accounts.google.com/o/oauth2/v2/auth" authorizationEndpoint="https://accounts.google.com/o/oauth2/v2/auth"
clientId="803253368361-574lor1js3csqif9nogkhk5m7688af3c.apps.googleusercontent.com" clientId="803253368361-574lor1js3csqif9nogkhk5m7688af3c.apps.googleusercontent.com"
clientSecret="9iyiDx1LEfpg3fpH6DqzoIcG" clientSecret="9iyiDx1LEfpg3fpH6DqzoIcG"
enabled="false"
redirectUri="https://email.faircode.eu/oauth/" redirectUri="https://email.faircode.eu/oauth/"
scopes="https://mail.google.com/" scopes="https://mail.google.com/"
tokenEndpoint="https://oauth2.googleapis.com/token" /> tokenEndpoint="https://oauth2.googleapis.com/token" />
@ -38,6 +39,13 @@
host="smtp.office365.com" host="smtp.office365.com"
port="587" port="587"
starttls="true" /> starttls="true" />
<oauth
authorizationEndpoint="https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize"
clientId="3514cf2c-e7a3-45a2-80d4-6a3c3498eca0"
enabled="false"
redirectUri="https://email.faircode.eu/oauth/"
scopes="openid,offline_access,profile,email,User.Read,Mail.ReadWrite,Mail.Send,MailboxSettings.ReadWrite"
tokenEndpoint="https://login.microsoftonline.com/organizations/oauth2/v2.0/token" />
</provider> </provider>
<!-- needs subscription --> <!-- needs subscription -->
<provider <provider

Write Preview
Loading…
Cancel
Save