added consumer key/secret validity check

twidere/src/main/java/org/mariotaku/twidere/activity/support/SignInActivity.java

@@ -59,6 +59,7 @@ import android.widget.LinearLayout;
 import android.widget.Toast;
 
 import com.meizu.flyme.reflect.StatusBarProxy;
+import com.rengwuxian.materialedittext.MaterialEditText;
 
 import org.mariotaku.restfu.http.Authorization;
 import org.mariotaku.restfu.http.Endpoint;
@@ -94,6 +95,7 @@ import org.mariotaku.twidere.util.TwitterAPIFactory;
 import org.mariotaku.twidere.util.Utils;
 import org.mariotaku.twidere.util.support.ViewSupport;
 import org.mariotaku.twidere.util.support.view.ViewOutlineProviderCompat;
+import org.mariotaku.twidere.util.view.ConsumerKeySecretValidator;
 import org.mariotaku.twidere.view.TintedStatusNativeActionModeAwareLayout;
 import org.mariotaku.twidere.view.iface.TintedStatusLayout;
 
@@ -363,7 +365,7 @@ public class SignInActivity extends BaseAppCompatActivity implements OnClickList
         }
         saveEditedText();
         setDefaultAPI();
-        final OAuthToken consumerKey = new OAuthToken(mConsumerKey, mConsumerSecret);
+        final OAuthToken consumerKey = TwitterAPIFactory.getOAuthToken(mConsumerKey, mConsumerSecret);
         final String apiUrlFormat = TextUtils.isEmpty(mAPIUrlFormat) ? DEFAULT_TWITTER_API_URL_FORMAT : mAPIUrlFormat;
         mTask = new SignInTask(this, mUsername, mPassword, mAuthType, consumerKey, apiUrlFormat,
                 mSameOAuthSigningUrl, mNoVersionSuffix);
@@ -378,7 +380,7 @@ public class SignInActivity extends BaseAppCompatActivity implements OnClickList
         saveEditedText();
         setDefaultAPI();
         final String verifier = intent.getStringExtra(EXTRA_OAUTH_VERIFIER);
-        final OAuthToken consumerKey = new OAuthToken(mConsumerKey, mConsumerSecret);
+        final OAuthToken consumerKey = TwitterAPIFactory.getOAuthToken(mConsumerKey, mConsumerSecret);
         final OAuthToken requestToken = new OAuthToken(intent.getStringExtra(EXTRA_REQUEST_TOKEN),
                 intent.getStringExtra(EXTRA_REQUEST_TOKEN_SECRET));
         final String apiUrlFormat = TextUtils.isEmpty(mAPIUrlFormat) ? DEFAULT_TWITTER_API_URL_FORMAT : mAPIUrlFormat;
@@ -588,11 +590,13 @@ public class SignInActivity extends BaseAppCompatActivity implements OnClickList
                 Endpoint endpoint = TwitterAPIFactory.getOAuthEndpoint(apiUrlFormat, "api", null,
                         sameOauthSigningUrl);
                 final TwitterOAuth oauth = TwitterAPIFactory.getInstance(context, endpoint,
-                        new OAuthAuthorization(consumerKey.getOauthToken(), consumerKey.getOauthTokenSecret()), TwitterOAuth.class);
+                        new OAuthAuthorization(consumerKey.getOauthToken(),
+                                consumerKey.getOauthTokenSecret()), TwitterOAuth.class);
                 final OAuthToken accessToken = oauth.getAccessToken(requestToken, oauthVerifier);
                 final long userId = accessToken.getUserId();
                 if (userId <= 0) return new SignInResponse(false, false, null);
-                final OAuthAuthorization auth = new OAuthAuthorization(consumerKey.getOauthToken(), consumerKey.getOauthTokenSecret(), accessToken);
+                final OAuthAuthorization auth = new OAuthAuthorization(consumerKey.getOauthToken(),
+                        consumerKey.getOauthTokenSecret(), accessToken);
                 endpoint = TwitterAPIFactory.getOAuthEndpoint(apiUrlFormat, "api", versionSuffix,
                         sameOauthSigningUrl);
                 final Twitter twitter = TwitterAPIFactory.getInstance(context, endpoint,
@@ -836,8 +840,10 @@ public class SignInActivity extends BaseAppCompatActivity implements OnClickList
             dialog.setOnShowListener(new DialogInterface.OnShowListener() {
                 @Override
                 public void onShow(DialogInterface dialog) {
-                    final EditText editConsumerKey = (EditText) ((Dialog) dialog).findViewById(R.id.consumer_key);
-                    final EditText editConsumerSecret = (EditText) ((Dialog) dialog).findViewById(R.id.consumer_secret);
+                    final MaterialEditText editConsumerKey = (MaterialEditText) ((Dialog) dialog).findViewById(R.id.consumer_key);
+                    final MaterialEditText editConsumerSecret = (MaterialEditText) ((Dialog) dialog).findViewById(R.id.consumer_secret);
+                    editConsumerKey.addValidator(new ConsumerKeySecretValidator(getString(R.string.invalid_consumer_key)));
+                    editConsumerSecret.addValidator(new ConsumerKeySecretValidator(getString(R.string.invalid_consumer_secret)));
                     final SharedPreferences prefs = SharedPreferencesWrapper.getInstance(getActivity(), SHARED_PREFERENCES_NAME, MODE_PRIVATE);
                     editConsumerKey.setText(prefs.getString(KEY_CONSUMER_KEY, null));
                     editConsumerSecret.setText(prefs.getString(KEY_CONSUMER_SECRET, null));

twidere/src/main/java/org/mariotaku/twidere/util/TwitterAPIFactory.java

@@ -222,8 +222,11 @@ public class TwitterAPIFactory implements TwidereConstants {
                         TWITTER_CONSUMER_KEY_LEGACY : credentials.consumer_key;
                 final String consumerSecret = TextUtils.isEmpty(credentials.consumer_secret) ?
                         TWITTER_CONSUMER_SECRET_LEGACY : credentials.consumer_secret;
-                final OAuthToken accessToken = new OAuthToken(credentials.oauth_token, credentials.oauth_token_secret);
-                return new OAuthAuthorization(consumerKey, consumerSecret, accessToken);
+                final OAuthToken accessToken = new OAuthToken(credentials.oauth_token,
+                        credentials.oauth_token_secret);
+                if (isValidConsumerKeySecret(consumerKey) && isValidConsumerKeySecret(consumerSecret))
+                    return new OAuthAuthorization(consumerKey, consumerSecret, accessToken);
+                return new OAuthAuthorization(TWITTER_CONSUMER_KEY, TWITTER_CONSUMER_SECRET, accessToken);
             }
             case ParcelableCredentials.AUTH_TYPE_BASIC: {
                 final String screenName = credentials.screen_name;
@@ -339,6 +342,23 @@ public class TwitterAPIFactory implements TwidereConstants {
         return new OAuthEndpoint(endpointUrl, signEndpointUrl);
     }
 
+    public static OAuthToken getOAuthToken(String consumerKey, String consumerSecret) {
+        if (isValidConsumerKeySecret(consumerKey) && isValidConsumerKeySecret(consumerSecret))
+            return new OAuthToken(consumerKey, consumerSecret);
+        return new OAuthToken(TWITTER_CONSUMER_KEY, TWITTER_CONSUMER_SECRET);
+    }
+
+    public static boolean isValidConsumerKeySecret(@NonNull CharSequence text) {
+        for (int i = 0, j = text.length(); i < j; i++) {
+            if (!isAsciiLetterOrDigit(text.charAt(i))) return false;
+        }
+        return true;
+    }
+
+    private static boolean isAsciiLetterOrDigit(int codePoint) {
+        return ('A' <= codePoint && codePoint <= 'Z') || ('a' <= codePoint && codePoint <= 'z') || '0' <= codePoint && codePoint <= '9';
+    }
+
     public static class TwidereRequestInfoFactory implements RequestInfoFactory {
 
         private static HashMap<String, String> sExtraParams = new HashMap<>();

twidere/src/main/java/org/mariotaku/twidere/util/view/ConsumerKeySecretValidator.java

@@ -0,0 +1,41 @@
+/*
+ *                 Twidere - Twitter client for Android
+ *
+ *  Copyright (C) 2012-2015 Mariotaku Lee <mariotaku.lee@gmail.com>
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package org.mariotaku.twidere.util.view;
+
+import android.support.annotation.NonNull;
+
+import com.rengwuxian.materialedittext.validation.METValidator;
+
+import org.mariotaku.twidere.util.TwitterAPIFactory;
+
+/**
+ * Created by mariotaku on 15/9/3.
+ */
+public class ConsumerKeySecretValidator extends METValidator {
+    public ConsumerKeySecretValidator(String errorMessage) {
+        super(errorMessage);
+    }
+
+    @Override
+    public boolean isValid(@NonNull CharSequence text, boolean isEmpty) {
+        return TwitterAPIFactory.isValidConsumerKeySecret(text);
+    }
+
+}

twidere/src/main/res/values/strings.xml

@@ -779,4 +779,6 @@
     <string name="report_usage_statistics_now">Report usage statistics now</string>
     <string name="cache_size_limit">Cache size limit</string>
     <string name="bug_reports">Bug reports</string>
+    <string name="invalid_consumer_key">Invalid consumer key</string>
+    <string name="invalid_consumer_secret">Invalid consumer secret</string>
 </resources>