From 03ba63e63ea156537987c009cbdef586fe9fb71e Mon Sep 17 00:00:00 2001 From: Damyan Ivanov Date: Sat, 20 Jul 2019 21:36:37 +0300 Subject: [PATCH] warn when using authentication with insecure HTTP scheme --- .../ui/profiles/ProfileDetailFragment.java | 29 +++++++++++++++++++ app/src/main/res/layout/profile_detail.xml | 16 ++++++++++ app/src/main/res/values-bg/strings.xml | 1 + app/src/main/res/values/colors.xml | 1 + app/src/main/res/values/strings.xml | 1 + 5 files changed, 48 insertions(+) diff --git a/app/src/main/java/net/ktnx/mobileledger/ui/profiles/ProfileDetailFragment.java b/app/src/main/java/net/ktnx/mobileledger/ui/profiles/ProfileDetailFragment.java index ebe97699..c995ade1 100644 --- a/app/src/main/java/net/ktnx/mobileledger/ui/profiles/ProfileDetailFragment.java +++ b/app/src/main/java/net/ktnx/mobileledger/ui/profiles/ProfileDetailFragment.java @@ -88,6 +88,7 @@ public class ProfileDetailFragment extends Fragment implements HueRingDialog.Hue private TextView preferredAccountsFilter; private TextInputLayout preferredAccountsFilterLayout; private View huePickerView; + private View insecureWarningText; /** * Mandatory empty constructor for the fragment manager to instantiate the @@ -243,11 +244,28 @@ public class ProfileDetailFragment extends Fragment implements HueRingDialog.Hue preferredAccountsFilter = rootView.findViewById(R.id.preferred_accounts_filter_filter); preferredAccountsFilterLayout = rootView.findViewById(R.id.preferred_accounts_accounts_filter_layout); + insecureWarningText = rootView.findViewById(R.id.insecure_scheme_text); + + url.addTextChangedListener(new TextWatcher() { + @Override + public void beforeTextChanged(CharSequence s, int start, int count, int after) { + + } + @Override + public void onTextChanged(CharSequence s, int start, int before, int count) { + + } + @Override + public void afterTextChanged(Editable s) { + checkInsecureSchemeWithAuth(); + } + }); useAuthentication.setOnCheckedChangeListener((buttonView, isChecked) -> { debug("profiles", isChecked ? "auth enabled " : "auth disabled"); authParams.setVisibility(isChecked ? View.VISIBLE : View.GONE); if (isChecked) userName.requestFocus(); + checkInsecureSchemeWithAuth(); }); postingPermitted.setOnCheckedChangeListener( @@ -297,6 +315,17 @@ public class ProfileDetailFragment extends Fragment implements HueRingDialog.Hue }); return rootView; } + private void checkInsecureSchemeWithAuth() { + boolean showWarning = false; + + if (useAuthentication.isChecked()) { + String urlText = url.getText().toString(); + if (urlText.startsWith("http") && !urlText.startsWith("https")) showWarning = true; + } + + if (showWarning) insecureWarningText.setVisibility(View.VISIBLE); + else insecureWarningText.setVisibility(View.GONE); + } private void hookClearErrorOnFocusListener(TextView view, TextInputLayout layout) { view.setOnFocusChangeListener((v, hasFocus) -> { if (hasFocus) layout.setError(null); diff --git a/app/src/main/res/layout/profile_detail.xml b/app/src/main/res/layout/profile_detail.xml index b12d306a..3479cf07 100644 --- a/app/src/main/res/layout/profile_detail.xml +++ b/app/src/main/res/layout/profile_detail.xml @@ -83,8 +83,24 @@ android:layout_height="wrap_content" android:orientation="vertical" android:paddingStart="8dp" + android:animateLayoutChanges="true" tools:ignore="RtlSymmetry"> + + + + + Зареждане… Грешен или непълен адрес Бутон за избор на цвят + ВНИМАНИЕ: Използване на удостоверяване с несигурна схема на достъп diff --git a/app/src/main/res/values/colors.xml b/app/src/main/res/values/colors.xml index 7807afa8..89d9c379 100644 --- a/app/src/main/res/values/colors.xml +++ b/app/src/main/res/values/colors.xml @@ -24,4 +24,5 @@ #286c33d4 #28ddcbff #804a148c + #FFE1E2 diff --git a/app/src/main/res/values/strings.xml b/app/src/main/res/values/strings.xml index 77f652df..bdfbf3e7 100644 --- a/app/src/main/res/values/strings.xml +++ b/app/src/main/res/values/strings.xml @@ -153,4 +153,5 @@ Loading… Invalid URL Color picker button + WARNING: Insecure http used with authentication -- 2.39.2