warn when using authentication with insecure HTTP scheme

[mobile-ledger.git] / app / src / main / java / net / ktnx / mobileledger / ui / profiles / ProfileDetailFragment.java
diff --git a/app/src/main/java/net/ktnx/mobileledger/ui/profiles/ProfileDetailFragment.java b/app/src/main/java/net/ktnx/mobileledger/ui/profiles/ProfileDetailFragment.java

index 4f9573b0c55895056149822f773d3cac9d5f27c9..c995ade117221c277d077016d98c1dff52804b30 100644 (file)
--- a/app/src/main/java/net/ktnx/mobileledger/ui/profiles/ProfileDetailFragment.java
+++ b/app/src/main/java/net/ktnx/mobileledger/ui/profiles/ProfileDetailFragment.java
@@ -32,6 +32,11 @@ import android.widget.LinearLayout;
  import android.widget.Switch;
  import android.widget.TextView;
  
+import androidx.annotation.NonNull;
+import androidx.annotation.Nullable;
+import androidx.fragment.app.Fragment;
+import androidx.fragment.app.FragmentActivity;
+
  import com.google.android.material.appbar.CollapsingToolbarLayout;
  import com.google.android.material.floatingactionbutton.FloatingActionButton;
  import com.google.android.material.textfield.TextInputLayout;
@@ -46,14 +51,11 @@ import net.ktnx.mobileledger.utils.Colors;
  
  import org.jetbrains.annotations.NotNull;
  
+import java.net.MalformedURLException;
+import java.net.URL;
  import java.util.ArrayList;
  import java.util.Objects;
  
-import androidx.annotation.NonNull;
-import androidx.annotation.Nullable;
-import androidx.fragment.app.Fragment;
-import androidx.fragment.app.FragmentActivity;
-
  import static net.ktnx.mobileledger.utils.Logger.debug;
  
  /**
@@ -86,6 +88,7 @@ public class ProfileDetailFragment extends Fragment implements HueRingDialog.Hue
      private TextView preferredAccountsFilter;
      private TextInputLayout preferredAccountsFilterLayout;
      private View huePickerView;
+    private View insecureWarningText;
  
      /**
       * Mandatory empty constructor for the fragment manager to instantiate the
@@ -108,7 +111,7 @@ public class ProfileDetailFragment extends Fragment implements HueRingDialog.Hue
                          String.format("[fragment] removing profile %s", mProfile.getUuid()));
                  mProfile.removeFromDB();
                  ArrayList<MobileLedgerProfile> oldList = Data.profiles.getValue();
-                assert oldList != null;
+                if (oldList == null) throw new AssertionError();
                  ArrayList<MobileLedgerProfile> newList =
                          (ArrayList<MobileLedgerProfile>) oldList.clone();
                  newList.remove(mProfile);
@@ -116,9 +119,10 @@ public class ProfileDetailFragment extends Fragment implements HueRingDialog.Hue
                  if (mProfile.equals(Data.profile.getValue())) {
                      debug("profiles", "[fragment] setting current profile to 0");
                      Data.setCurrentProfile(newList.get(0));
-                    final FragmentActivity activity = getActivity();
-                    if (activity != null) activity.finish();
                  }
+
+                final FragmentActivity activity = getActivity();
+                if (activity != null) activity.finish();
              });
              builder.show();
              return false;
@@ -143,8 +147,12 @@ public class ProfileDetailFragment extends Fragment implements HueRingDialog.Hue
          int index = Data.getProfileIndex(mProfile);
          MobileLedgerProfile newProfile = new MobileLedgerProfile(mProfile);
          final ArrayList<MobileLedgerProfile> profiles = Data.profiles.getValue();
-        assert profiles != null;
+        if (profiles == null) throw new AssertionError();
          profiles.set(index, newProfile);
+
+        ProfilesRecyclerViewAdapter prva = ProfilesRecyclerViewAdapter.getInstance();
+        if (prva != null) prva.notifyItemChanged(index);
+
          if (mProfile.equals(Data.profile.getValue())) Data.profile.setValue(newProfile);
      }
      @Override
@@ -192,7 +200,7 @@ public class ProfileDetailFragment extends Fragment implements HueRingDialog.Hue
              updateProfileFromUI();
              mProfile.storeInDB();
              final ArrayList<MobileLedgerProfile> profiles = Data.profiles.getValue();
-            assert profiles != null;
+            if (profiles == null) throw new AssertionError();
              ArrayList<MobileLedgerProfile> newList =
                      (ArrayList<MobileLedgerProfile>) profiles.clone();
              newList.add(mProfile);
@@ -236,11 +244,28 @@ public class ProfileDetailFragment extends Fragment implements HueRingDialog.Hue
          preferredAccountsFilter = rootView.findViewById(R.id.preferred_accounts_filter_filter);
          preferredAccountsFilterLayout =
                  rootView.findViewById(R.id.preferred_accounts_accounts_filter_layout);
+        insecureWarningText = rootView.findViewById(R.id.insecure_scheme_text);
+
+        url.addTextChangedListener(new TextWatcher() {
+            @Override
+            public void beforeTextChanged(CharSequence s, int start, int count, int after) {
+
+            }
+            @Override
+            public void onTextChanged(CharSequence s, int start, int before, int count) {
+
+            }
+            @Override
+            public void afterTextChanged(Editable s) {
+                checkInsecureSchemeWithAuth();
+            }
+        });
  
          useAuthentication.setOnCheckedChangeListener((buttonView, isChecked) -> {
              debug("profiles", isChecked ? "auth enabled " : "auth disabled");
              authParams.setVisibility(isChecked ? View.VISIBLE : View.GONE);
              if (isChecked) userName.requestFocus();
+            checkInsecureSchemeWithAuth();
          });
  
          postingPermitted.setOnCheckedChangeListener(
@@ -290,6 +315,17 @@ public class ProfileDetailFragment extends Fragment implements HueRingDialog.Hue
          });
          return rootView;
      }
+    private void checkInsecureSchemeWithAuth() {
+        boolean showWarning = false;
+
+        if (useAuthentication.isChecked()) {
+            String urlText = url.getText().toString();
+            if (urlText.startsWith("http") && !urlText.startsWith("https")) showWarning = true;
+        }
+
+        if (showWarning) insecureWarningText.setVisibility(View.VISIBLE);
+        else insecureWarningText.setVisibility(View.GONE);
+    }
      private void hookClearErrorOnFocusListener(TextView view, TextInputLayout layout) {
          view.setOnFocusChangeListener((v, hasFocus) -> {
              if (hasFocus) layout.setError(null);
@@ -316,11 +352,20 @@ public class ProfileDetailFragment extends Fragment implements HueRingDialog.Hue
              profileNameLayout.setError(getResources().getText(R.string.err_profile_name_empty));
          }
  
-        val = String.valueOf(url.getText());
-        if (val.trim().isEmpty()) {
+        val = String.valueOf(url.getText()).trim();
+        if (val.isEmpty()) {
              valid = false;
              urlLayout.setError(getResources().getText(R.string.err_profile_url_empty));
          }
+        try {
+            URL url = new URL(val);
+            String host = url.getHost();
+            if (host == null || host.isEmpty()) throw new MalformedURLException("Missing host");
+        }
+        catch (MalformedURLException e) {
+            valid = false;
+            urlLayout.setError(getResources().getText(R.string.err_invalid_url));
+        }
          if (useAuthentication.isChecked()) {
              val = String.valueOf(userName.getText());
              if (val.trim().isEmpty()) {