warn when using authentication with insecure HTTP scheme

diff --git a/app/src/main/java/net/ktnx/mobileledger/ui/profiles/ProfileDetailFragment.java b/app/src/main/java/net/ktnx/mobileledger/ui/profiles/ProfileDetailFragment.java
index ebe97699176134361da2f7600034f5a8b0e89b92..c995ade117221c277d077016d98c1dff52804b30 100644 (file)
--- a/app/src/main/java/net/ktnx/mobileledger/ui/profiles/ProfileDetailFragment.java
+++ b/app/src/main/java/net/ktnx/mobileledger/ui/profiles/ProfileDetailFragment.java
@@ -88,6 +88,7 @@ public class ProfileDetailFragment extends Fragment implements HueRingDialog.Hue
     private TextView preferredAccountsFilter;
     private TextInputLayout preferredAccountsFilterLayout;
     private View huePickerView;
+    private View insecureWarningText;
 
     /**
      * Mandatory empty constructor for the fragment manager to instantiate the
@@ -243,11 +244,28 @@ public class ProfileDetailFragment extends Fragment implements HueRingDialog.Hue
         preferredAccountsFilter = rootView.findViewById(R.id.preferred_accounts_filter_filter);
         preferredAccountsFilterLayout =
                 rootView.findViewById(R.id.preferred_accounts_accounts_filter_layout);
+        insecureWarningText = rootView.findViewById(R.id.insecure_scheme_text);
+
+        url.addTextChangedListener(new TextWatcher() {
+            @Override
+            public void beforeTextChanged(CharSequence s, int start, int count, int after) {
+
+            }
+            @Override
+            public void onTextChanged(CharSequence s, int start, int before, int count) {
+
+            }
+            @Override
+            public void afterTextChanged(Editable s) {
+                checkInsecureSchemeWithAuth();
+            }
+        });
 
         useAuthentication.setOnCheckedChangeListener((buttonView, isChecked) -> {
             debug("profiles", isChecked ? "auth enabled " : "auth disabled");
             authParams.setVisibility(isChecked ? View.VISIBLE : View.GONE);
             if (isChecked) userName.requestFocus();
+            checkInsecureSchemeWithAuth();
         });
 
         postingPermitted.setOnCheckedChangeListener(
@@ -297,6 +315,17 @@ public class ProfileDetailFragment extends Fragment implements HueRingDialog.Hue
         });
         return rootView;
     }
+    private void checkInsecureSchemeWithAuth() {
+        boolean showWarning = false;
+
+        if (useAuthentication.isChecked()) {
+            String urlText = url.getText().toString();
+            if (urlText.startsWith("http") && !urlText.startsWith("https")) showWarning = true;
+        }
+
+        if (showWarning) insecureWarningText.setVisibility(View.VISIBLE);
+        else insecureWarningText.setVisibility(View.GONE);
+    }
     private void hookClearErrorOnFocusListener(TextView view, TextInputLayout layout) {
         view.setOnFocusChangeListener((v, hasFocus) -> {
             if (hasFocus) layout.setError(null);

diff --git a/app/src/main/res/layout/profile_detail.xml b/app/src/main/res/layout/profile_detail.xml
index b12d306a814352c140d5c868222f05460b5e052a..3479cf07430fa22f981517eb40b4701cb3e7082f 100644 (file)
--- a/app/src/main/res/layout/profile_detail.xml
+++ b/app/src/main/res/layout/profile_detail.xml
@@ -83,8 +83,24 @@
             android:layout_height="wrap_content"
             android:orientation="vertical"
             android:paddingStart="8dp"
+            android:animateLayoutChanges="true"
             tools:ignore="RtlSymmetry">
 
+            <LinearLayout
+                android:id="@+id/insecure_scheme_text"
+                android:layout_width="match_parent"
+                android:layout_height="wrap_content"
+                android:layout_marginBottom="@dimen/activity_vertical_margin"
+                android:background="@color/error_background"
+                android:padding="@dimen/activity_vertical_margin"
+                android:visibility="gone">
+
+                <TextView
+                    android:layout_width="match_parent"
+                    android:layout_height="wrap_content"
+                    android:text="@string/insecure_scheme_with_auth" />
+            </LinearLayout>
+
             <com.google.android.material.textfield.TextInputLayout
                 android:id="@+id/auth_user_name_layout"
                 android:layout_width="match_parent"

diff --git a/app/src/main/res/values-bg/strings.xml b/app/src/main/res/values-bg/strings.xml
index 03bc2f7f77b344f2bac6b69710340aa86a3d5994..f73bd94d27493b6315bda0da47835a16b95fc72d 100644 (file)
--- a/app/src/main/res/values-bg/strings.xml
+++ b/app/src/main/res/values-bg/strings.xml
@@ -111,5 +111,6 @@
     <string name="text_loading">Зареждане…</string>
     <string name="err_invalid_url">Грешен или непълен адрес</string>
     <string name="btn_color_picker_button">Бутон за избор на цвят</string>
+    <string name="insecure_scheme_with_auth">ВНИМАНИЕ: Използване на удостоверяване с несигурна схема на достъп</string>
 
 </resources>

diff --git a/app/src/main/res/values/colors.xml b/app/src/main/res/values/colors.xml
index 7807afa8a7807ebfac21f4306ffa339bb43802d9..89d9c379e2660e457820b7cc8d5d644ed649e561 100644 (file)
--- a/app/src/main/res/values/colors.xml
+++ b/app/src/main/res/values/colors.xml
@@ -24,4 +24,5 @@
     <color name="table_row_dark_bg">#286c33d4</color>
     <color name="table_row_light_bg">#28ddcbff</color>
     <color name="header_border">#804a148c</color>
+    <color name="error_background">#FFE1E2</color>
 </resources>

diff --git a/app/src/main/res/values/strings.xml b/app/src/main/res/values/strings.xml
index 77f652df5562fe7ed139ba46f344615c07e4eb4f..bdfbf3e73d9de5312e2bec3e6a3b152d449c9579 100644 (file)
--- a/app/src/main/res/values/strings.xml
+++ b/app/src/main/res/values/strings.xml
@@ -153,4 +153,5 @@
     <string name="text_loading">Loading…</string>
     <string name="err_invalid_url">Invalid URL</string>
     <string name="btn_color_picker_button">Color picker button</string>
+    <string name="insecure_scheme_with_auth">WARNING: Insecure http used with authentication</string>
 </resources>