diff options
author | Oluwatobi Bashir-Bello <nbashirbello@google.com> | 2014-10-07 10:19:05 -0400 |
---|---|---|
committer | Oluwatobi Bashir-Bello <nbashirbello@google.com> | 2014-10-07 10:19:05 -0400 |
commit | 4f93372cf58e72512a8a5651e974df9eb7bdf362 (patch) | |
tree | 9eda0e6dd1fc8cad548bf459d32c8f1c3500fb4d | |
parent | b85c8f075b3b429b6660a34db585453d4cc33808 (diff) | |
download | login-4f93372cf58e72512a8a5651e974df9eb7bdf362.tar.gz |
Log user out when OAuth scopes for user does not match current scopes. (2)
Moved to login repo.
https://b2.corp.google.com/u/0/issues/17542895
Change-Id: I5c648e4292be888762f21203d8781668de48118f
-rw-r--r-- | src/com/google/gct/login/GoogleLogin.java | 35 |
1 files changed, 32 insertions, 3 deletions
diff --git a/src/com/google/gct/login/GoogleLogin.java b/src/com/google/gct/login/GoogleLogin.java index 8c08ff1..7ddf670 100644 --- a/src/com/google/gct/login/GoogleLogin.java +++ b/src/com/google/gct/login/GoogleLogin.java @@ -308,7 +308,7 @@ public class GoogleLogin { users.removeActiveUser(); uiFacade.notifyStatusIndicator(); - final GoogleLoginState state = createGoogleLoginState(); + final GoogleLoginState state = createGoogleLoginState(false); // We pass in the current project, which causes intelliJ to properly figure out the parent window. // This keeps the cancel dialog on top and visible. @@ -491,7 +491,8 @@ public class GoogleLogin { * Creates a new instance of {@link GoogleLoginState} * @return a new instance of {@link GoogleLoginState} */ - private GoogleLoginState createGoogleLoginState() { + @Nullable + private GoogleLoginState createGoogleLoginState(boolean initializingUsers) { GoogleLoginState state = new GoogleLoginState( clientInfo.getId(), @@ -500,6 +501,13 @@ public class GoogleLogin { new AndroidPreferencesOAuthDataStore(), uiFacade, new AndroidLoggerFacade()); + + if(initializingUsers && !state.isLoggedIn()) { + // Logs user out if oauth scope for active user's credentials + // does not match the current scope + return null; + } + return state; } @@ -675,6 +683,8 @@ public class GoogleLogin { public void initializeUsers() { String activeUserString = GoogleLoginPrefs.getActiveUser(); List<String> allUsers = GoogleLoginPrefs.getStoredUsers(); + String removedUsers = ""; + for(String aUser : allUsers) { // Add a new user, so that loadOAuth called from the GoogleLoginState constructor // will be able to create a customized key to get that user's OAuth data @@ -682,7 +692,19 @@ public class GoogleLogin { users.addUser(new CredentialedUser(aUser)); // CredentialedUser's credentials will be updated from the persistent storage in GoogleLoginState constructor - GoogleLoginState delegate = createGoogleLoginState(); + GoogleLoginState delegate = createGoogleLoginState(true); + + // delegate will be null if current scopes differ from scopes with users saved auth credentials + if(delegate == null) { + removedUsers += aUser + ", "; + if(aUser.equals(activeUserString)) { + activeUserString = null; + } + + users.removeUser(aUser); + continue; + } + IGoogleLoginCompletedCallback callback = new IGoogleLoginCompletedCallback() { @Override public void onLoginCompleted() { @@ -704,6 +726,13 @@ public class GoogleLogin { users.removeActiveUser(); } } + + // Log removed users + if(!removedUsers.isEmpty()) { + String message = "The following user(s) had expired authentication scopes: " + removedUsers + + "and have been logged out."; + GoogleLoginUtils.showErrorDialog(message, "Google Login"); + } } } |