~singpolyma/cheogram-android

cae68000a324957bf5bbbea9ab34a4ea5e11aec7 — Stephen Paul Weber 8 days ago 08d5f35
Require device unlock rather than account password to change password

More secure for the magic create case, and more likely the user remembers it.
M src/main/java/eu/siacs/conversations/ui/ChangePasswordActivity.java => src/main/java/eu/siacs/conversations/ui/ChangePasswordActivity.java +4 -2
@@ 23,7 23,7 @@ public class ChangePasswordActivity extends XmppActivity implements XmppConnecti
			if (mAccount != null) {
				final String currentPassword = mCurrentPassword.getText().toString();
				final String newPassword = mNewPassword.getText().toString();
				if (!mAccount.isOptionSet(Account.OPTION_MAGIC_CREATE) && !currentPassword.equals(mAccount.getPassword())) {
				if (!(mAccount.isOptionSet(Account.OPTION_MAGIC_CREATE) || didUnlock) && !currentPassword.equals(mAccount.getPassword())) {
					mCurrentPassword.requestFocus();
					mCurrentPasswordLayout.setError(getString(R.string.account_status_unauthorized));
					removeErrorsOnAllBut(mCurrentPasswordLayout);


@@ 46,11 46,12 @@ public class ChangePasswordActivity extends XmppActivity implements XmppConnecti
	private TextInputLayout mNewPasswordLayout;
	private TextInputLayout mCurrentPasswordLayout;
	private Account mAccount;
	private boolean didUnlock = false;

	@Override
	void onBackendConnected() {
		this.mAccount = extractAccount(getIntent());
		if (this.mAccount != null && this.mAccount.isOptionSet(Account.OPTION_MAGIC_CREATE)) {
		if (this.mAccount != null && (this.mAccount.isOptionSet(Account.OPTION_MAGIC_CREATE) || didUnlock)) {
			this.mCurrentPasswordLayout.setVisibility(View.GONE);
		} else {
			this.mCurrentPassword.setVisibility(View.VISIBLE);


@@ 79,6 80,7 @@ public class ChangePasswordActivity extends XmppActivity implements XmppConnecti
	protected void onStart() {
		super.onStart();
		Intent intent = getIntent();
		this.didUnlock = intent.getBooleanExtra("did_unlock", false);
		String password = intent != null ? intent.getStringExtra("password") : null;
		if (password != null) {
			this.mNewPassword.getEditableText().clear();

M src/main/java/eu/siacs/conversations/ui/EditAccountActivity.java => src/main/java/eu/siacs/conversations/ui/EditAccountActivity.java +24 -0
@@ 1,8 1,10 @@
package eu.siacs.conversations.ui;

import android.app.Activity;
import android.app.KeyguardManager;
import android.app.PendingIntent;
import android.content.ActivityNotFoundException;
import android.content.Context;
import android.content.Intent;
import android.content.IntentSender;
import android.content.SharedPreferences;


@@ 94,6 96,7 @@ public class EditAccountActivity extends OmemoActivity implements OnAccountUpdat
    private static final int REQUEST_DATA_SAVER = 0xf244;
    private static final int REQUEST_CHANGE_STATUS = 0xee11;
    private static final int REQUEST_ORBOT = 0xff22;
    private static final int REQUEST_UNLOCK = 0xff23;
    private final PendingItem<PresenceTemplate> mPendingPresenceTemplate = new PendingItem<>();
    private AlertDialog mCaptchaDialog = null;
    private Jid jidToEdit;


@@ 141,6 144,7 @@ public class EditAccountActivity extends OmemoActivity implements OnAccountUpdat
    private XmppUri pendingUri = null;
    private boolean mUseTor;
    private ActivityEditAccountBinding binding;
    private String newPassword = null;
    private final OnClickListener mSaveButtonClickListener = new OnClickListener() {

        @Override


@@ 485,6 489,13 @@ public class EditAccountActivity extends OmemoActivity implements OnAccountUpdat
                Log.d(Config.LOGTAG, "pgp result not ok");
            }
        }
        if (requestCode == REQUEST_UNLOCK) {
            if (resultCode == RESULT_OK) {
                openChangePassword(true);
            } else {
                this.newPassword = null;
            }
        }
    }

    @Override


@@ 919,11 930,24 @@ public class EditAccountActivity extends OmemoActivity implements OnAccountUpdat
    }

    private void gotoChangePassword(String newPassword) {
        this.newPassword = newPassword;
        KeyguardManager keyguardManager = (KeyguardManager) this.getSystemService(Context.KEYGUARD_SERVICE);
        Intent credentialsIntent = keyguardManager.createConfirmDeviceCredentialIntent("Unlock required", "Please unlock in order to change your password");
        if (credentialsIntent == null) {
            openChangePassword(false);
        } else {
            startActivityForResult(credentialsIntent, REQUEST_UNLOCK);
        }
    }

    private void openChangePassword(boolean didUnlock) {
        final Intent changePasswordIntent = new Intent(this, ChangePasswordActivity.class);
        changePasswordIntent.putExtra(EXTRA_ACCOUNT, mAccount.getJid().toEscapedString());
        changePasswordIntent.putExtra("did_unlock", didUnlock);
        if (newPassword != null) {
            changePasswordIntent.putExtra("password", newPassword);
        }
        this.newPassword = null;
        startActivity(changePasswordIntent);
    }