From 6806a43fe5fedfaa3d97913b6557f026e4c3aa0b Mon Sep 17 00:00:00 2001
From: Mario Danic <mario@lovelyhq.com>
Date: Sun, 29 Jul 2018 14:55:34 +0200
Subject: [PATCH] Fix security issue when importing accounts

Signed-off-by: Mario Danic <mario@lovelyhq.com>
---
 .../nextcloud/talk/utils/AccountUtils.java    | 40 ++++++++++++-------
 1 file changed, 25 insertions(+), 15 deletions(-)

diff --git a/app/src/main/java/com/nextcloud/talk/utils/AccountUtils.java b/app/src/main/java/com/nextcloud/talk/utils/AccountUtils.java
index f0ac350ff..d1885aa14 100644
--- a/app/src/main/java/com/nextcloud/talk/utils/AccountUtils.java
+++ b/app/src/main/java/com/nextcloud/talk/utils/AccountUtils.java
@@ -56,22 +56,27 @@ public class AccountUtils {
             for (int i = 0; i < userEntitiesList.size(); i++) {
                 internalUserEntity = userEntitiesList.get(i);
                 importAccount = getInformationFromAccount(account);
-                if (importAccount.getBaseUrl().startsWith("http://") ||
-                        importAccount.getBaseUrl().startsWith("https://")) {
-                    if (internalUserEntity.getUsername().equals(importAccount.getUsername()) &&
-                            internalUserEntity.getBaseUrl().equals(importAccount.getBaseUrl())) {
-                        accountFound = true;
-                        break;
+                if (importAccount.getToken() != null) {
+                    if (importAccount.getBaseUrl().startsWith("http://") ||
+                            importAccount.getBaseUrl().startsWith("https://")) {
+                        if (internalUserEntity.getUsername().equals(importAccount.getUsername()) &&
+                                internalUserEntity.getBaseUrl().equals(importAccount.getBaseUrl())) {
+                            accountFound = true;
+                            break;
+                        }
+                    } else {
+                        if (internalUserEntity.getUsername().equals(importAccount.getUsername()) &&
+                                (internalUserEntity.getBaseUrl().equals("http://" + importAccount.getBaseUrl()) ||
+                                        internalUserEntity.getBaseUrl().equals("https://" +
+                                                importAccount.getBaseUrl()))) {
+                            accountFound = true;
+                            break;
+                        }
+
                     }
                 } else {
-                    if (internalUserEntity.getUsername().equals(importAccount.getUsername()) &&
-                            (internalUserEntity.getBaseUrl().equals("http://" + importAccount.getBaseUrl()) ||
-                                    internalUserEntity.getBaseUrl().equals("https://" +
-                                            importAccount.getBaseUrl()))) {
-                        accountFound = true;
-                        break;
-                    }
-
+                    accountFound = true;
+                    break;
                 }
             }
 
@@ -105,7 +110,12 @@ public class AccountUtils {
         Context context = NextcloudTalkApplication.getSharedApplication().getApplicationContext();
         final AccountManager accMgr = AccountManager.get(context);
 
-        String password = accMgr.getPassword(account);
+        String password = null;
+        try {
+            password = accMgr.getPassword(account);
+        } catch (Exception exception) {
+            Log.e(TAG, "Failed to import account");
+        }
 
         if (urlString.endsWith("/")) {
             urlString = urlString.substring(0, urlString.length() - 1);