funkwhale-app-android/app/src/main/java/audio/funkwhale/ffa/utils/OAuth.kt

package audio.funkwhale.ffa.utils

import android.app.Activity
import android.content.Context
import android.content.Intent
import android.net.Uri
import android.util.Log
import com.github.kittinunf.fuel.Fuel
import com.github.kittinunf.fuel.core.FuelError
import com.github.kittinunf.fuel.coroutines.awaitObjectResponseResult
import com.github.kittinunf.fuel.gson.gsonDeserializerOf
import com.github.kittinunf.fuel.gson.jsonBody
import com.github.kittinunf.result.Result
import com.preference.PowerPreference
import kotlinx.coroutines.runBlocking
import net.openid.appauth.AuthState
import net.openid.appauth.AuthorizationException
import net.openid.appauth.AuthorizationRequest
import net.openid.appauth.AuthorizationResponse
import net.openid.appauth.AuthorizationService
import net.openid.appauth.AuthorizationServiceConfiguration
import net.openid.appauth.ClientSecretPost
import net.openid.appauth.RegistrationRequest
import net.openid.appauth.RegistrationResponse
import net.openid.appauth.ResponseTypeValues

fun AuthState.save() {
  PowerPreference.getFileByName(AppContext.PREFS_CREDENTIALS).apply {
    setString("state", jsonSerializeString())
  }
}

class AuthorizationServiceFactory {

  fun create(context: Context): AuthorizationService {
    return AuthorizationService(context)
  }
}

class OAuth(private val authorizationServiceFactory: AuthorizationServiceFactory) {

  companion object {
    private val REDIRECT_URI =
      Uri.parse("urn:/audio.funkwhale.funkwhale-android/oauth/callback")
  }

  data class App(val client_id: String, val client_secret: String)

  fun tryState(): AuthState? {

    val savedState = PowerPreference
      .getFileByName(AppContext.PREFS_CREDENTIALS)
      .getString("state")

    return if (savedState != null && savedState.isNotEmpty()) {
      return AuthState.jsonDeserialize(savedState)
    } else {
      null
    }
  }

  fun state(): AuthState {
    return tryState() ?: throw IllegalStateException("Couldn't find saved state")
  }

  fun isAuthorized(context: Context): Boolean {
    val state = tryState()
    return (
      if (state != null) {
        state.validAuthorization() || refreshAccessToken(state, context)
      } else {
        false
      }
      )
      .also { it.logInfo("isAuthorized()") }
  }

  private fun AuthState.validAuthorization() = this.isAuthorized && !this.needsTokenRefresh

  fun tryRefreshAccessToken(context: Context): Boolean {
    tryState()?.let { state ->
      return if (state.needsTokenRefresh && state.refreshToken != null) {
        refreshAccessToken(state, context)
      } else {
        state.isAuthorized
      }
    }
    return false
  }

  fun refreshAccessToken(context: Context): Boolean {
    return tryState()?.let { refreshAccessToken(it, context) } ?: false
  }

  private fun refreshAccessToken(state: AuthState, context: Context): Boolean {
    Log.i("OAuth", "refreshAccessToken()")
    return if (state.refreshToken != null) {
      val refreshRequest = state.createTokenRefreshRequest()
      val auth = ClientSecretPost(state.clientSecret)
      val refreshService = service(context)
      runBlocking {
        refreshService.performTokenRequest(refreshRequest, auth) { response, e ->
          if (e != null) {
            Log.e("OAuth", "performTokenRequest failed: $e")
            Log.e("OAuth", Log.getStackTraceString(e))
            EventBus.send(Event.LogOut)
          } else {
            state.apply {
              Log.i("OAuth", "applying new authState")
              update(response, e)
              save()
            }
          }
        }
      }
      refreshService.dispose()
      true
    } else {
      false
    }
  }

  fun init(hostname: String): AuthState {
    return AuthState(
      AuthorizationServiceConfiguration(
        Uri.parse("$hostname/authorize"),
        Uri.parse("$hostname/api/v1/oauth/token/"),
        Uri.parse("$hostname/api/v1/oauth/apps/")
      )
    ).also {
      it.save()
    }
  }

  fun service(context: Context): AuthorizationService =
    authorizationServiceFactory.create(context)

  fun register(authState: AuthState? = null, callback: () -> Unit): FuelResult {
    (authState ?: state()).authorizationServiceConfiguration?.let { config ->

      val (_, _, result: Result<App, FuelError>) = runBlocking {
        Fuel.post(config.registrationEndpoint.toString())
          .header("Content-Type", "application/json")
          .jsonBody(registrationBody())
          .awaitObjectResponseResult(gsonDeserializerOf(App::class.java))
      }

      when (result) {
        is Result.Success -> {
          Log.i("OAuth", "OAuth client app created.")
          val app = result.get()

          val response = RegistrationResponse.Builder(registration()!!)
            .setClientId(app.client_id)
            .setClientSecret(app.client_secret)
            .setClientIdIssuedAt(0)
            .setClientSecretExpiresAt(null)
            .build()

          state().apply {
            update(response)
            save()
            callback()
            return FuelResult.ok()
          }
        }

        is Result.Failure -> {
          Log.i(
            "OAuth", "Couldn't register client application ${result.error.formatResponseMessage()}"
          )
          return FuelResult.from(result)
        }
      }
    }
    Log.i("OAuth", "Missing AuthorizationServiceConfiguration")
    return FuelResult.failure()
  }

  private fun registrationBody(): Map<String, String> {
    return mapOf(
      "name" to "Funkwhale for Android (${android.os.Build.MODEL})",
      "redirect_uris" to REDIRECT_URI.toString(),
      "scopes" to "read write"
    )
  }

  fun authorizeIntent(activity: Activity): Intent? {
    val authService = service(activity)
    return authorizationRequest()?.let { it ->
      authService.getAuthorizationRequestIntent(it)
    }
  }

  fun exchange(
    context: Context,
    authorization: Intent,
    success: () -> Unit
  ) {
    state().let { state ->
      state.apply {
        update(
          AuthorizationResponse.fromIntent(authorization),
          AuthorizationException.fromIntent(authorization)
        )
        save()
      }

      AuthorizationResponse.fromIntent(authorization)?.let {
        val auth = ClientSecretPost(state().clientSecret)
        val requestService = service(context)

        requestService.performTokenRequest(it.createTokenExchangeRequest(), auth) { response, e ->
          if (e != null) {
            Log.e("FFA", "performTokenRequest failed: $e")
            Log.e("FFA", Log.getStackTraceString(e))
          } else {
            state.apply {
              update(response, e)
              save()
            }
          }

          if (response != null) success()
          else Log.e("FFA", "performTokenRequest() not successful")
        }
        requestService.dispose()
      }
    }
  }

  private fun registration() =
    state().authorizationServiceConfiguration?.let { config ->
      RegistrationRequest.Builder(config, listOf(REDIRECT_URI)).build()
    }

  private fun authorizationRequest() = state().let { state ->
    state.authorizationServiceConfiguration?.let { config ->
      AuthorizationRequest.Builder(
        config,
        state.lastRegistrationResponse?.clientId ?: "",
        ResponseTypeValues.CODE,
        REDIRECT_URI
      )
        .setScopes("read", "write")
        .build()
    }
  }
}
#48: Implement OAuth2 authentication 2021-07-23 14:10:13 +02:00			`package audio.funkwhale.ffa.utils`

			`import android.app.Activity`
			`import android.content.Context`
			`import android.content.Intent`
			`import android.net.Uri`
#79: Add log statements in authentication code 2021-08-09 20:04:33 +02:00			`import android.util.Log`
#48: Implement OAuth2 authentication 2021-07-23 14:10:13 +02:00			`import com.github.kittinunf.fuel.Fuel`
#7: Unit tests for oauth authorization 2021-08-03 10:28:17 +02:00			`import com.github.kittinunf.fuel.core.FuelError`
#48: Implement OAuth2 authentication 2021-07-23 14:10:13 +02:00			`import com.github.kittinunf.fuel.coroutines.awaitObjectResponseResult`
			`import com.github.kittinunf.fuel.gson.gsonDeserializerOf`
			`import com.github.kittinunf.fuel.gson.jsonBody`
			`import com.github.kittinunf.result.Result`
			`import com.preference.PowerPreference`
			`import kotlinx.coroutines.runBlocking`
Fix existing linting problems 2021-09-09 09:56:15 +02:00			`import net.openid.appauth.AuthState`
			`import net.openid.appauth.AuthorizationException`
			`import net.openid.appauth.AuthorizationRequest`
			`import net.openid.appauth.AuthorizationResponse`
			`import net.openid.appauth.AuthorizationService`
			`import net.openid.appauth.AuthorizationServiceConfiguration`
			`import net.openid.appauth.ClientSecretPost`
			`import net.openid.appauth.RegistrationRequest`
			`import net.openid.appauth.RegistrationResponse`
			`import net.openid.appauth.ResponseTypeValues`
#48: Implement OAuth2 authentication 2021-07-23 14:10:13 +02:00
			`fun AuthState.save() {`
			`PowerPreference.getFileByName(AppContext.PREFS_CREDENTIALS).apply {`
#79: Add log statements in authentication code 2021-08-09 20:04:33 +02:00			`setString("state", jsonSerializeString())`
#48: Implement OAuth2 authentication 2021-07-23 14:10:13 +02:00			`}`
			`}`

#7: Add more tests to OAuth component 2021-08-02 13:24:12 +02:00			`class AuthorizationServiceFactory {`

			`fun create(context: Context): AuthorizationService {`
			`return AuthorizationService(context)`
			`}`
			`}`

Remove OAuth interface 2021-08-09 07:08:47 +02:00			`class OAuth(private val authorizationServiceFactory: AuthorizationServiceFactory) {`
#7: Add unit tests to OAuthDatasource 2021-07-30 10:57:49 +02:00
			`companion object {`
			`private val REDIRECT_URI =`
			`Uri.parse("urn:/audio.funkwhale.funkwhale-android/oauth/callback")`
			`}`

#48: Implement OAuth2 authentication 2021-07-23 14:10:13 +02:00			`data class App(val client_id: String, val client_secret: String)`

Remove OAuth interface 2021-08-09 07:08:47 +02:00			`fun tryState(): AuthState? {`
#7: Add unit tests to OAuthDatasource 2021-07-30 10:57:49 +02:00
			`val savedState = PowerPreference`
			`.getFileByName(AppContext.PREFS_CREDENTIALS)`
			`.getString("state")`

			`return if (savedState != null && savedState.isNotEmpty()) {`
			`return AuthState.jsonDeserialize(savedState)`
			`} else {`
			`null`
			`}`
			`}`

Refactor OAuth code 2021-08-23 09:17:06 +02:00			`fun state(): AuthState {`
			`return tryState() ?: throw IllegalStateException("Couldn't find saved state")`
			`}`
#48: Implement OAuth2 authentication 2021-07-23 14:10:13 +02:00
Remove OAuth interface 2021-08-09 07:08:47 +02:00			`fun isAuthorized(context: Context): Boolean {`
#48: Implement OAuth2 authentication 2021-07-23 14:10:13 +02:00			`val state = tryState()`
Fix existing linting problems 2021-09-09 09:56:15 +02:00			`return (`
			`if (state != null) {`
			`state.validAuthorization() \|\| refreshAccessToken(state, context)`
			`} else {`
			`false`
			`}`
Upgrade to Kotlin 1.7.0 2022-08-26 14:06:41 +02:00			`)`
			`.also { it.logInfo("isAuthorized()") }`
#48: Implement OAuth2 authentication 2021-07-23 14:10:13 +02:00			`}`

Improving OAuth implementation 2021-08-26 08:33:12 +02:00			`private fun AuthState.validAuthorization() = this.isAuthorized && !this.needsTokenRefresh`

Remove OAuth interface 2021-08-09 07:08:47 +02:00			`fun tryRefreshAccessToken(context: Context): Boolean {`
#48: Implement OAuth2 authentication 2021-07-23 14:10:13 +02:00			`tryState()?.let { state ->`
Refactor OAuth code 2021-08-23 09:17:06 +02:00			`return if (state.needsTokenRefresh && state.refreshToken != null) {`
Improving OAuth implementation 2021-08-26 08:33:12 +02:00			`refreshAccessToken(state, context)`
Refactor OAuth code 2021-08-23 09:17:06 +02:00			`} else {`
			`state.isAuthorized`
Suppress some authentication noise in the log. Most of this was added to debug issue !102. So these are vestigial. The exception here is the handling of AuthorizationException type 2. These are produced by racing authentication requests and are successfully managed. So we need not report these. Part-of: <https://dev.funkwhale.audio/funkwhale/funkwhale-android/-/merge_requests/342> 2023-12-16 02:45:47 +01:00			`}`
#7: Add more tests to OAuth component 2021-08-02 13:24:12 +02:00			`}`
			`return false`
			`}`

Further fix for refreshing access token 2021-08-22 09:12:57 +02:00			`fun refreshAccessToken(context: Context): Boolean {`
Improving OAuth implementation 2021-08-26 08:33:12 +02:00			`return tryState()?.let { refreshAccessToken(it, context) } ?: false`
			`}`

			`private fun refreshAccessToken(state: AuthState, context: Context): Boolean {`
Further fix for refreshing access token 2021-08-22 09:12:57 +02:00			`Log.i("OAuth", "refreshAccessToken()")`
Improving OAuth implementation 2021-08-26 08:33:12 +02:00			`return if (state.refreshToken != null) {`
Further fix for refreshing access token 2021-08-22 09:12:57 +02:00			`val refreshRequest = state.createTokenRefreshRequest()`
			`val auth = ClientSecretPost(state.clientSecret)`
fix authorization 2022-06-11 16:37:38 +02:00			`val refreshService = service(context)`
Further fix for refreshing access token 2021-08-22 09:12:57 +02:00			`runBlocking {`
fix authorization 2022-06-11 16:37:38 +02:00			`refreshService.performTokenRequest(refreshRequest, auth) { response, e ->`
			`if (e != null) {`
Upgrade to Kotlin 1.7.0 2022-08-26 14:06:41 +02:00			`Log.e("OAuth", "performTokenRequest failed: $e")`
fix authorization 2022-06-11 16:37:38 +02:00			`Log.e("OAuth", Log.getStackTraceString(e))`
Auto logout on unrecoverable authentication error. When an unrecoverable authentication error occurs, automatically log the user out. This seems better than leaving the user wondering why the UI is unresponsive or why each track they try to play fails with a quickly disappearing toast. Unrecoverable authentication errors typically mean the server has timed out the session out or the session token has been deleted on the server. Tokens expire after 14 days without use. Part-of: <https://dev.funkwhale.audio/funkwhale/funkwhale-android/-/merge_requests/342> 2023-12-16 02:55:07 +01:00			`EventBus.send(Event.LogOut)`
fix authorization 2022-06-11 16:37:38 +02:00			`} else {`
			`state.apply {`
			`Log.i("OAuth", "applying new authState")`
			`update(response, e)`
			`save()`
			`}`
Further fix for refreshing access token 2021-08-22 09:12:57 +02:00			`}`
			`}`
			`}`
fix authorization 2022-06-11 16:37:38 +02:00			`refreshService.dispose()`
Further fix for refreshing access token 2021-08-22 09:12:57 +02:00			`true`
			`} else {`
			`false`
			`}`
			`}`

Remove OAuth interface 2021-08-09 07:08:47 +02:00			`fun init(hostname: String): AuthState {`
#7: Add more tests to OAuth component 2021-08-02 13:24:12 +02:00			`return AuthState(`
			`AuthorizationServiceConfiguration(`
			`Uri.parse("$hostname/authorize"),`
			`Uri.parse("$hostname/api/v1/oauth/token/"),`
			`Uri.parse("$hostname/api/v1/oauth/apps/")`
			`)`
Remove OAuth interface 2021-08-09 07:08:47 +02:00			`).also {`
			`it.save()`
			`}`
#48: Implement OAuth2 authentication 2021-07-23 14:10:13 +02:00			`}`

Remove OAuth interface 2021-08-09 07:08:47 +02:00			`fun service(context: Context): AuthorizationService =`
#7: Add more tests to OAuth component 2021-08-02 13:24:12 +02:00			`authorizationServiceFactory.create(context)`
#48: Implement OAuth2 authentication 2021-07-23 14:10:13 +02:00
#80: Display error messages for user when login failes 2021-08-10 14:54:37 +02:00			`fun register(authState: AuthState? = null, callback: () -> Unit): FuelResult {`
#7: Add more tests to OAuth component 2021-08-02 13:24:12 +02:00			`(authState ?: state()).authorizationServiceConfiguration?.let { config ->`
#80: Display error messages for user when login failes 2021-08-10 14:54:37 +02:00
			`val (_, _, result: Result<App, FuelError>) = runBlocking {`
			`Fuel.post(config.registrationEndpoint.toString())`
#48: Implement OAuth2 authentication 2021-07-23 14:10:13 +02:00			`.header("Content-Type", "application/json")`
			`.jsonBody(registrationBody())`
			`.awaitObjectResponseResult(gsonDeserializerOf(App::class.java))`
#80: Display error messages for user when login failes 2021-08-10 14:54:37 +02:00			`}`
#48: Implement OAuth2 authentication 2021-07-23 14:10:13 +02:00
#80: Display error messages for user when login failes 2021-08-10 14:54:37 +02:00			`when (result) {`
			`is Result.Success -> {`
			`Log.i("OAuth", "OAuth client app created.")`
			`val app = result.get()`
#48: Implement OAuth2 authentication 2021-07-23 14:10:13 +02:00
#80: Display error messages for user when login failes 2021-08-10 14:54:37 +02:00			`val response = RegistrationResponse.Builder(registration()!!)`
			`.setClientId(app.client_id)`
			`.setClientSecret(app.client_secret)`
			`.setClientIdIssuedAt(0)`
			`.setClientSecretExpiresAt(null)`
			`.build()`
#48: Implement OAuth2 authentication 2021-07-23 14:10:13 +02:00
#80: Display error messages for user when login failes 2021-08-10 14:54:37 +02:00			`state().apply {`
			`update(response)`
			`save()`
			`callback()`
			`return FuelResult.ok()`
#48: Implement OAuth2 authentication 2021-07-23 14:10:13 +02:00			`}`
#80: Display error messages for user when login failes 2021-08-10 14:54:37 +02:00			`}`
#48: Implement OAuth2 authentication 2021-07-23 14:10:13 +02:00
#80: Display error messages for user when login failes 2021-08-10 14:54:37 +02:00			`is Result.Failure -> {`
			`Log.i(`
			`"OAuth", "Couldn't register client application ${result.error.formatResponseMessage()}"`
			`)`
			`return FuelResult.from(result)`
#48: Implement OAuth2 authentication 2021-07-23 14:10:13 +02:00			`}`
			`}`
			`}`
#80: Display error messages for user when login failes 2021-08-10 14:54:37 +02:00			`Log.i("OAuth", "Missing AuthorizationServiceConfiguration")`
			`return FuelResult.failure()`
#48: Implement OAuth2 authentication 2021-07-23 14:10:13 +02:00			`}`

			`private fun registrationBody(): Map<String, String> {`
			`return mapOf(`
			`"name" to "Funkwhale for Android (${android.os.Build.MODEL})",`
			`"redirect_uris" to REDIRECT_URI.toString(),`
			`"scopes" to "read write"`
			`)`
			`}`

LoginActivity: startActivityForResult deprecated. Migrate startActivityForResult/onActivityResult to StartActivityForResult/registerForActivityResult in LoginActivity/OAuth. This moves responsibility for scheduling the starting Intent from OAuth to LoginActivity. OAuth still generates the Intent. But instead of starting the intent directly in OAuth, the intent is returned to LoginActivity. This better associates processing the activity result with its invocation. OAuthTest module updated to accommodate internal API change. 2022-08-26 23:19:53 +02:00			`fun authorizeIntent(activity: Activity): Intent? {`
#7: Unit tests for oauth authorization 2021-08-03 10:28:17 +02:00			`val authService = service(activity)`
LoginActivity: startActivityForResult deprecated. Migrate startActivityForResult/onActivityResult to StartActivityForResult/registerForActivityResult in LoginActivity/OAuth. This moves responsibility for scheduling the starting Intent from OAuth to LoginActivity. OAuth still generates the Intent. But instead of starting the intent directly in OAuth, the intent is returned to LoginActivity. This better associates processing the activity result with its invocation. OAuthTest module updated to accommodate internal API change. 2022-08-26 23:19:53 +02:00			`return authorizationRequest()?.let { it ->`
			`authService.getAuthorizationRequestIntent(it)`
#48: Implement OAuth2 authentication 2021-07-23 14:10:13 +02:00			`}`
			`}`

Remove OAuth interface 2021-08-09 07:08:47 +02:00			`fun exchange(`
#7: Unit tests for oauth authorization 2021-08-03 10:28:17 +02:00			`context: Context,`
#7: Add unit tests to OAuthDatasource 2021-07-30 10:57:49 +02:00			`authorization: Intent,`
74: Update logging to gather more information 2021-08-13 10:55:26 +02:00			`success: () -> Unit`
#7: Add unit tests to OAuthDatasource 2021-07-30 10:57:49 +02:00			`) {`
#48: Implement OAuth2 authentication 2021-07-23 14:10:13 +02:00			`state().let { state ->`
			`state.apply {`
			`update(`
			`AuthorizationResponse.fromIntent(authorization),`
			`AuthorizationException.fromIntent(authorization)`
			`)`
			`save()`
			`}`

			`AuthorizationResponse.fromIntent(authorization)?.let {`
			`val auth = ClientSecretPost(state().clientSecret)`
fix authorization 2022-06-11 16:37:38 +02:00			`val requestService = service(context)`

			`requestService.performTokenRequest(it.createTokenExchangeRequest(), auth) { response, e ->`
			`if (e != null) {`
Upgrade to Kotlin 1.7.0 2022-08-26 14:06:41 +02:00			`Log.e("FFA", "performTokenRequest failed: $e")`
fix authorization 2022-06-11 16:37:38 +02:00			`Log.e("FFA", Log.getStackTraceString(e))`
			`} else {`
			`state.apply {`
Upgrade to Kotlin 1.7.0 2022-08-26 14:06:41 +02:00			`update(response, e)`
			`save()`
			`}`
fix authorization 2022-06-11 16:37:38 +02:00			`}`
#48: Implement OAuth2 authentication 2021-07-23 14:10:13 +02:00
			`if (response != null) success()`
74: Update logging to gather more information 2021-08-13 10:55:26 +02:00			`else Log.e("FFA", "performTokenRequest() not successful")`
#48: Implement OAuth2 authentication 2021-07-23 14:10:13 +02:00			`}`
fix authorization 2022-06-11 16:37:38 +02:00			`requestService.dispose()`
#48: Implement OAuth2 authentication 2021-07-23 14:10:13 +02:00			`}`
			`}`
			`}`

			`private fun registration() =`
			`state().authorizationServiceConfiguration?.let { config ->`
			`RegistrationRequest.Builder(config, listOf(REDIRECT_URI)).build()`
			`}`

			`private fun authorizationRequest() = state().let { state ->`
			`state.authorizationServiceConfiguration?.let { config ->`
			`AuthorizationRequest.Builder(`
			`config,`
			`state.lastRegistrationResponse?.clientId ?: "",`
			`ResponseTypeValues.CODE,`
			`REDIRECT_URI`
			`)`
			`.setScopes("read", "write")`
			`.build()`
			`}`
			`}`
			`}`