diff options
author | Chris Warrington <cmw@google.com> | 2016-10-18 12:29:21 +0100 |
---|---|---|
committer | Chris Warrington <cmw@google.com> | 2016-10-18 12:34:18 +0100 |
commit | e3780081075c01aa1dff6d1f373cb43192b33e68 (patch) | |
tree | fb734615933a39f3d009210dc0d1457160479b35 /WordPress/src/main/java/org/wordpress/android/util/WPWebViewClient.java | |
parent | 7e05eb7e57827eddc885570bc00aed8a50320dbf (diff) | |
parent | 025b8b226c8d8edba2b309ca878572f40512eca7 (diff) | |
download | gradle-perf-android-medium-mirror-goog-studio-master-dev.tar.gz |
Merge remote-tracking branch 'origin/upstream-master' into masterHEADstudio-3.4.0studio-3.2.1studio-3.1.2studio-3.0studio-2.3gradle_3.4.0gradle_3.1.2gradle_3.0.0gradle_2.3.0studio-master-devmirror-goog-studio-master-devmastermain
Change-Id: I63f5e16d09297c48432192761b840310935eb903
Diffstat (limited to 'WordPress/src/main/java/org/wordpress/android/util/WPWebViewClient.java')
-rw-r--r-- | WordPress/src/main/java/org/wordpress/android/util/WPWebViewClient.java | 121 |
1 files changed, 121 insertions, 0 deletions
diff --git a/WordPress/src/main/java/org/wordpress/android/util/WPWebViewClient.java b/WordPress/src/main/java/org/wordpress/android/util/WPWebViewClient.java new file mode 100644 index 000000000..e81c58041 --- /dev/null +++ b/WordPress/src/main/java/org/wordpress/android/util/WPWebViewClient.java @@ -0,0 +1,121 @@ +package org.wordpress.android.util; + +import android.graphics.Bitmap; +import android.net.http.SslError; +import android.text.TextUtils; +import android.webkit.HttpAuthHandler; +import android.webkit.SslErrorHandler; +import android.webkit.WebResourceResponse; +import android.webkit.WebView; + +import org.wordpress.android.models.AccountHelper; +import org.wordpress.android.models.Blog; +import org.wordpress.android.networking.SelfSignedSSLCertsManager; + +import java.io.IOException; +import java.net.HttpURLConnection; +import java.net.MalformedURLException; +import java.net.URL; +import java.security.GeneralSecurityException; +import java.util.List; + +/** + * WebViewClient that is capable of handling HTTP authentication requests using the HTTP + * username and password of the blog configured for this activity. + */ +public class WPWebViewClient extends URLFilteredWebViewClient { + private final Blog mBlog; + private String mToken; + + public WPWebViewClient(Blog blog) { + super(); + this.mBlog = blog; + mToken = AccountHelper.getDefaultAccount().getAccessToken(); + } + + public WPWebViewClient(Blog blog, List<String> urls) { + super(urls); + this.mBlog = blog; + mToken = AccountHelper.getDefaultAccount().getAccessToken(); + } + + @Override + public void onPageFinished(WebView view, String url) { + } + + @Override + public void onPageStarted(WebView view, String url, Bitmap favicon) { + super.onPageStarted(view, url, favicon); + } + + @Override + public void onReceivedHttpAuthRequest(WebView view, HttpAuthHandler handler, String host, String realm) { + if (mBlog != null && mBlog.hasValidHTTPAuthCredentials()) { + // Check that the HTTP AUth protected domain is the same of the blog. Do not send current blog's HTTP + // AUTH credentials to external site. + // NOTE: There is still a small security hole here, since the realm is not considered when getting + // the password. Unfortunately the real is not stored when setting up the blog, and we cannot compare it + // at this point. + String domainFromHttpAuthRequest = UrlUtils.getHost(UrlUtils.addUrlSchemeIfNeeded(host, false)); + String currentBlogDomain = UrlUtils.getHost(mBlog.getUrl()); + if (domainFromHttpAuthRequest.equals(currentBlogDomain)) { + handler.proceed(mBlog.getHttpuser(), mBlog.getHttppassword()); + return; + } + } + // TODO: If there is no match show the HTTP Auth dialog here. Like a normal browser usually does... + super.onReceivedHttpAuthRequest(view, handler, host, realm); + } + + @Override + public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) { + try { + if (SelfSignedSSLCertsManager.getInstance(view.getContext()).isCertificateTrusted(error.getCertificate())) { + handler.proceed(); + return; + } + } catch (GeneralSecurityException e) { + // Do nothing + } catch (IOException e) { + // Do nothing + } + + super.onReceivedSslError(view, handler, error); + } + + @Override + public WebResourceResponse shouldInterceptRequest(WebView view, String stringUrl) { + URL imageUrl = null; + if (mBlog != null && mBlog.isPrivate() && UrlUtils.isImageUrl(stringUrl)) { + try { + imageUrl = new URL(UrlUtils.makeHttps(stringUrl)); + } catch (MalformedURLException e) { + AppLog.e(AppLog.T.READER, e); + } + } + + // Intercept requests for private images and add the WP.com authorization header + if (imageUrl != null && + WPUrlUtils.safeToAddWordPressComAuthToken(imageUrl) && + !TextUtils.isEmpty(mToken)) { + try { + // Force use of HTTPS for the resource, otherwise the request will fail for private sites + HttpURLConnection urlConnection = (HttpURLConnection) imageUrl.openConnection(); + urlConnection.setRequestProperty("Authorization", "Bearer " + mToken); + urlConnection.setReadTimeout(WPRestClient.REST_TIMEOUT_MS); + urlConnection.setConnectTimeout(WPRestClient.REST_TIMEOUT_MS); + WebResourceResponse response = new WebResourceResponse(urlConnection.getContentType(), + urlConnection.getContentEncoding(), + urlConnection.getInputStream()); + return response; + } catch (ClassCastException e) { + AppLog.e(AppLog.T.POSTS, "Invalid connection type - URL: " + stringUrl); + } catch (MalformedURLException e) { + AppLog.e(AppLog.T.POSTS, "Malformed URL: " + stringUrl); + } catch (IOException e) { + AppLog.e(AppLog.T.POSTS, "Invalid post detail request: " + e.getMessage()); + } + } + return super.shouldInterceptRequest(view, stringUrl); + } +} |