OAuth2 support #919
OAuth2 support #919
Conversation
| @property (nonatomic, copy) NSString *userName; | ||
| @property (nonatomic, copy) NSString *password; | ||
| @property (nonatomic, copy) NSString *password; //or accessToken in oauth |
There was a problem hiding this comment.
I would call it accessToken, seems more general; then explain in the comment that password goes there for basic auth.
| @@ -33,6 +34,8 @@ typedef enum { | |||
| @property (nonatomic, copy) NSString *url; | |||
| @property (nonatomic, copy) NSString *username; | |||
| @property (nonatomic, copy) NSString *password; | |||
There was a problem hiding this comment.
Since password will be contained in credDto, password property needs to disappear.
There was a problem hiding this comment.
👍 pending, check also remove username
There was a problem hiding this comment.
👍 Password already removed
| @@ -19,6 +19,9 @@ | |||
| @interface OCKeychain : NSObject | |||
|
|
|||
| +(BOOL)setCredentialsById:(NSString *)idUser withUsername:(NSString *)userName andPassword:(NSString *)password; | |||
There was a problem hiding this comment.
This is the chance to rename the first parameter in all the other methods to userId instead of idUser.
|
|
||
| BOOL output = NO; | ||
|
|
||
| NSMutableDictionary *keychainItem = [NSMutableDictionary dictionary]; | ||
|
|
||
| [keychainItem setObject:(__bridge id)(kSecClassGenericPassword) forKey:(__bridge id)kSecClass]; |
There was a problem hiding this comment.
I'm curious, why kSecClassInsternetPassword instead of kSecClassGenericPassword ?
There was a problem hiding this comment.
Doesn't matter, just I want to use some key that are by default in the kSecClass kSecClassInsternetPassword as kSecAttrAuthenticationType. This was first approach but after I store all as data. This keychain method maybe not be the final, it is not in use yet. At this moment we can keep using kSecClassGenericPassword because I no longer use the other attributes
There was a problem hiding this comment.
What it is recommended is for passcodes inside the app use GenericPassword and for pass used with connections in websites the kSecClassInsternetPassword that has more defaults attributes related connections
|
|
||
| // MARK: CheckAccessToServer delegate | ||
|
|
||
| func connection(toTheServer isConnection: Bool) { |
There was a problem hiding this comment.
Definitely, we need a better way to name delegate methods.
For this case, what do you think about something like connectionWasChecked
There was a problem hiding this comment.
👍 but very careful with the refactor.. it it's used in a lot of places in the app
|
|
||
| if (data != nil) { | ||
| //getfiles, if ok store new account | ||
| } |
There was a problem hiding this comment.
We should do something with the else case. At least, write an info log.
|
|
||
|
|
||
| // MARK: segue | ||
| override func prepare(for segue: UIStoryboardSegue, sender: Any?) { |
There was a problem hiding this comment.
Is this the valid form or is the one in commented below?
There was a problem hiding this comment.
This one, I will remove the commented one that is for previous swift 2.0 👍
| #define k_oauth2_redirect_uri @"oc://android.owncloud.com" | ||
| #define k_oauth2_client_id @"e4rAsNUSIUs0lF4nbv9FmCeUkTlV9GdgTLDH1b5uie7syb90SzEVrbN7HIpmWJeD" | ||
| #define k_oauth2_client_secret @"dInFYGV33xKzhbRmpqQltYNdfLdJIfJ9L5ISoKhNoT9qZftpdWSP71VrpGR9pmoD" | ||
| //#define k_oauth2_redirect_uri @"oc://ios.owncloud.com" |
There was a problem hiding this comment.
@nasli what will be the final values? I will adjust the oauth server app then thx
There was a problem hiding this comment.
We can use this ones commented, I got them from core commented code
BUG [FIXED]Problems when log-in is confirmed tapping on 'connect' button instead of on 'enter' in keyboard Steps to reproduce
Expected behaviourKeyboard is dismissed, account is created Current behaviourKeyboard is not dismissed, account is created twice |
BUG [FIXED]Crash on update of OAuth credentials Steps to reproduce
Expected behaviourLog-in view in edit mode is shown Current behaviourCrash |
BUG (1) [FIXED]Log-in view for OAuth 2 appears from nowhere Steps to reproduce
Expected behaviourThe log-in view disappears and the list of accounts or the list of files is shown Current behaviourA new log-in view appears, showing the OAuth account as expired, and a cancel button disabled, blocking the usage of the app, til the point that requires reinstalling it . |
BUG (2) [FIXED]Log-in with HTTP prefix shows wrong error Steps to reproduce
Expected behaviour:Check is successful Current behaviour:"Redirect to an unsecure route" is shown after the check |
BUG (3) [FIXED]Connect button disabled after parsing URL that includes username and password Steps to reproduce:
Expected behaviour:After the URL is successfully checked, username and password input fields are shown, filled with the user and password from the URL; focus is on the password field; 'connect' button is enabled Current behaviour:After the URL is successfully checked, username and password input fields are shown, filled with the user and password from the URL; focus is on the username field; 'connect' button is disabled |
BUG (4) [FIXED]Wrong password not detected in edit mode Steps to reproduce
Expected behaviour
Current behaviour
NOTE @jesmrec (01/09/2017): Wrong passwords are detected but the app crashes if the "wrong" tries persists. Twice "Edit credentials" make the app crash |
BUG (5) [FIXED]Wrong padding between top bar and OC icon in log-in view Steps to reproduce
Expected behaviourSpace between top bar and OC icon is the same as in subsequent displays of log-in view Current behaviourSpace between top bar and OC icon is smaller than in subsequent displays of log-in view |
BUG (6) [NOT REPRODUCIBLE]Disabled cancel button shown in navigation bar unexpectedly. Steps to reproduceNot clear. |
Update hide bottom bar if needed
… the login view class. \n Not need to call addAccountDelegate, now is handle by the login view class
Owncloud iOs Client/AppDelegate.m
Outdated
|
|
||
|
|
||
| - (void)showLoginView:(UniversalLoginViewController *)loginView { | ||
| //TODO: move to utils login, and window var |
There was a problem hiding this comment.
Here is a TODO pending i think
Owncloud iOs Client/AppDelegate.m
Outdated
| @@ -2836,17 +2769,87 @@ - (void) showSplashScreenFake { | |||
|
|
|||
| #pragma mark - CheckAccessToServerDelegate | |||
|
|
|||
| -(void)connectionToTheServer:(BOOL)isConnection { | |||
| -(void)connectionToTheServerWasChecked:(BOOL)isConnected withHttpStatusCode:(NSInteger)statusCode andError:(NSError *)error { | |||
There was a problem hiding this comment.
same code in 3 different functions(connectionToTheServerWasChecked, repeatTheCheckToTheServer, badCertificateNotAcceptedByUser), maybe we can extract this piece of code into a single one function and then call it inside every one of this functions.
There was a problem hiding this comment.
👍 CheckAccessToServer still need improvements..
Owncloud iOs Client/AppDelegate.m
Outdated
|
|
||
| #pragma mark - Active User | ||
|
|
||
| - (void) switchActiveUserTo:(UserDto *)user inHardMode:(BOOL)hardMode withCompletionHandler:(void (^)(void)) completionHandler { |
There was a problem hiding this comment.
This function is called only one time and with "inHardMode" set to NO, so why is this parameter useful?
There was a problem hiding this comment.
Checking it, it's called also in login view with hardMode true, https://github.com/owncloud/ios/blob/oauth_support/Owncloud%20iOs%20Client/Login/Login/UniversalLoginViewController.swift#L896
| @@ -122,7 +122,7 @@ - (void)actionSheet:(UIActionSheet*)actionSheet clickedButtonAtIndex:(NSInteger) | |||
| - (void)eraseDataSwitchChanged:(id)sender | |||
| { | |||
| if (_eraseDataSwitch.on) { | |||
| NSString* title = [NSString stringWithFormat:KKPasscodeLockLocalizedString(@"All data in this app will be erased after %d failed passcode attempts.", @""), [[KKPasscodeLock sharedLock] attemptsAllowed]]; | |||
| // NSString* title = [NSString stringWithFormat:KKPasscodeLockLocalizedString(@"All data in this app will be erased after %d failed passcode attempts.", @""), [[KKPasscodeLock sharedLock] attemptsAllowed]]; | |||
There was a problem hiding this comment.
Let's leave this one, it's a feature in this library not in use right now
| import Foundation | ||
|
|
||
|
|
||
| //class Log { |
There was a problem hiding this comment.
Intent to log of swift classes, let's review in release state.
| self.readFolderOfURL(url, credentials: credentials, success: { (_ listOfFiles: [Any]?) in | ||
| var listOfFileDtos: [FileDto]? = nil | ||
|
|
||
| if (listOfFiles != nil && !((listOfFiles?.isEmpty)!)) { |
There was a problem hiding this comment.
this set of "(" and "!" , ((listOfFiles?.isEmpty)!), could be avoided if previously you ensures that the "listOfFiles" exist and is not nil, maybe with an "if let ..." statement.
There was a problem hiding this comment.
👍 Improvement done to check files content
| @@ -554,7 +555,7 @@ - (void)showError:(NSString *) message { | |||
| [alert addAction:ok]; | |||
|
|
|||
| if ([self.navigationController isViewLoaded] && self.navigationController.view.window && self.resolveCredentialErrorViewController != nil) { | |||
| [self.resolveCredentialErrorViewController presentViewController:alert animated:YES completion:nil]; | |||
| //TODO:check bridging [self.resolveCredentialErrorViewController presentViewController:alert animated:YES completion:nil]; | |||
There was a problem hiding this comment.
Yet Another TODO statement
| @@ -31,7 +31,7 @@ | |||
| @property(nonatomic, weak) __weak id <AccountCellDelegate> delegate; | |||
|
|
|||
|
|
|||
| - (IBAction)activeAccount:(id)sender; | |||
| //- (IBAction)activeAccount:(id)sender; | |||
| @@ -24,6 +24,7 @@ | |||
|
|
|||
| @implementation AccountCell | |||
|
|
|||
| //TODO: use autolayout for cell | |||
| @@ -40,16 +41,13 @@ - (void)setSelected:(BOOL)selected animated:(BOOL)animated | |||
| // Configure the view for the selected state | |||
| } | |||
|
|
|||
| /* | |||
There was a problem hiding this comment.
👍 Removed, and also removed remaining references in xib file, account cell classes an setting class
…d remove references not longer needed
|
Related bug (36) some downloads are not downloaded after an expiration, this already happens if you lost connection or session expires, but if you select the folder as available offline all pending downloads will be retry. |
|
Related bug (34) a queue of uploads does not retry. Within the release branch new fix has been made to relaunch all pending uploads with credentials error when the user go to the uploads view. PR: #983 |
|
Related (33) and (40) improvements will be delayed |
Closes #716, closes #877
Description
Login will be done via OAuth2 protocol when server version supports it.
AC:
Extend detection of authentication method to consider servers accepting more than one method at the same time (more than one challenge header can be received in responses). (Create new swift class to detect all authentications methods available )
Embed oauth log-in process into WebView
Refactor check url in new viewConnect new class with previous check url methodUI/UX improvements
Text fieldsRecover / implement authentication workflow via "authorization code grant".
Redirect to log-in view when access token is not valid and cannot be refreshed, or when SAML session expires , or when password is not valid anymore.
Silently use refresh token to get an access token on expiration instead of redirecting to log-in view.MOVED to Silently refresh OAuth2 access token if expired #928NICE2HAVE: Allow user to select authentication method (OAuth2 or Basic Auth) [WON'T FIX]
clean logs–MOVED to Silently refresh OAuth2 access token if expired #928*Note: Tasks are not in priority order
How Has This Been Tested?
QA repository test plan OAuth2 QA#468 [WIP] @jesmrec
QA others suggestions [UX] Make login page more intuitive #877
QA Show network Activity Show network indicator while uploading (and more?) #872
BUG: Problems when log-in is confirmed tapping on 'connect' button instead of on 'enter' in keyboard
OAuth2 support #919 (comment) [FIXED]
BUG: Crash on update of OAuth credentials
OAuth2 support #919 (comment) [FIXED]
(1) BUG: Log-in view for OAuth 2 appears from nowhere
OAuth2 support #919 (comment) [FIXED]
(2) BUG: Log-in with HTTP prefix shows wrong error
OAuth2 support #919 (comment) [FIXED]
(3) BUG: Connect button disabled after parsing URL that includes username and password
OAuth2 support #919 (comment) [FIXED]
(4) BUG: Wrong password not detected in edit mode
OAuth2 support #919 (comment) [FIXED]
(5) BUG: Wrong padding between top bar and OC icon in log-in view
OAuth2 support #919 (comment) [FIXED]
(6) BUG: Disabled cancel button shown in navigation bar unexpectedly
OAuth2 support #919 (comment) [CANNOT_REPRODUCE]
(7) DISC Connect button
OAuth2 support #919 (comment) [WONT]
(8) IMPRV Not clearer error with bad protocol
OAuth2 support #919 (comment) [FIXED]
(9) BUG high https non-secured
OAuth2 support #919 (comment) [FIXED]
(10) IMPRV
OAuth2 support #919 (comment)
(11) BUG medium auth endpoint incorrect
OAuth2 support #919 (comment) [WONT_FIX]
(12) BUG low Hidden URL
OAuth2 support #919 (comment) [FIXED]
(13) BUG medium incorrect client id
OAuth2 support #919 (comment) [FIXED]
(14) BUG medium incorrect url redirect
OAuth2 support #919 (comment) [FIXED]
(15) IMPRV incorrect token endpoint
OAuth2 support #919 (comment) [FIXED]
(16) BUG medium multiaccount, files view instead of settings
OAuth2 support #919 (comment) [FIXED]
(17) BUG high instant uploads dependant
OAuth2 support #919 (comment) [FIXED]
(18) BUG medium Edit credentials
OAuth2 support #919 (comment) [FIXED]
(19) BUG medium Removed client
OAuth2 support #919 (comment) [FIXED]
(20) WORDING error with no internet connection
OAuth2 support #919 (comment) [FIXED]
(21) WORDING error with no server connection
OAuth2 support #919 (comment) [FIXED]
(22) BUG low Maintenance mode error
OAuth2 support #919 (comment) [FIXED]
(23) BUG medium SAML retries login view after cancelling
OAuth2 support #919 (comment) [FIXED]
(24) BUG medium SAML maintenance mode
OAuth2 support #919 (comment) [FIXED]
(25) IMPRV error message font
OAuth2 support #919 (comment) [DONE]
(26) BUG low Error message migrating from SAML to OAuth2
OAuth2 support #919 (comment) [FIXED]
(27) BUG medium Credentials requested twice after migrating basic to OAuth2
OAuth2 support #919 (comment) [FIXED]
(28) BUG medium First time edit credentials are not requested
OAuth2 support #919 (comment) [FIXED]
(29) BUG high Redirection 301 with subfolder
OAuth2 support #919 (comment) [FIXED]
(30) BUG high Redirection 302 with subfolder
OAuth2 support #919 (comment) [FIXED]
(31) BUG low SAML expiration in maintenance mode
OAuth2 support #919 (comment) [FIXED]
(32) Feature low Encoding of redirect URL OAuth2 support #919 (comment) [FIXED]
(33) IMPRV Spinner after auth OAuth2 support #919 (comment)
(34) BUG Uploads are cut after token renewal OAuth2 support #919 (comment) [Pending to check after fix for issue in core ] [Fixed within release_3.7.0] Relaunched uploads PR: Fix relaunch uploads after oauth exp #983
(35) BUG low Public links section is hidden while token is renewed OAuth2 support #919 (comment) [FIXED]
(36) BUG medium Download folder does not finish OAuth2 support #919 (comment) [Pending to check after fix for issue in core ]
(37) BUG Redirection to login if refresh token is revoked OAuth2 support #919 (comment) [FIXED WITH 39]
(38) BUG high Crash after editing password OAuth2 support #919 (comment) [FIXED]
(39) BUG high Crash after disabling OAuth2 OAuth2 support #919 (comment) [FIXED]
(40) BUG low App stucked after deleting some accounts OAuth2 support #919 (comment) [minor, changing other tab is also possible]
(41) BUG high Crash after SAML expiration and session renewal OAuth2 support #919 (comment) [FIXED with (38)]
(42) BUG medium LDAP users show the UUID OAuth2 support #919 (comment) [FIXED]
(43) BUG medium Login in SAML with different user after expiration OAuth2 support #919 (comment) [FIXED]
(44) BUG Display names in multiaccount OAuth2 support #919 (comment) [FIXED]