gronod/talk-android
1
0
Fork 1
mirror of https://github.com/nextcloud/talk-android synced 2025-06-20 12:09:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix security issue when importing accounts

Browse Source 
Signed-off-by: Mario Danic <mario@lovelyhq.com>
This commit is contained in:
Mario Danic 2018-07-29 14:55:34 +02:00
parent 7941ce1ec5
commit 6806a43fe5
1 changed files with 25 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
app/src/main/java/com/nextcloud/talk/utils/AccountUtils.java
View File

@ -56,6 +56,7 @@ public class AccountUtils {
for (int i = 0; i < userEntitiesList.size(); i++) { for (int i = 0; i < userEntitiesList.size(); i++) {
internalUserEntity = userEntitiesList.get(i); internalUserEntity = userEntitiesList.get(i);
importAccount = getInformationFromAccount(account); importAccount = getInformationFromAccount(account);
if (importAccount.getToken() != null) {
if (importAccount.getBaseUrl().startsWith("http://") || if (importAccount.getBaseUrl().startsWith("http://") ||
importAccount.getBaseUrl().startsWith("https://")) { importAccount.getBaseUrl().startsWith("https://")) {
if (internalUserEntity.getUsername().equals(importAccount.getUsername()) && if (internalUserEntity.getUsername().equals(importAccount.getUsername()) &&
@ -73,6 +74,10 @@ public class AccountUtils {
} }
} }
} else {
accountFound = true;
break;
}
} }
if (!accountFound) { if (!accountFound) {
@ -105,7 +110,12 @@ public class AccountUtils {
Context context = NextcloudTalkApplication.getSharedApplication().getApplicationContext(); Context context = NextcloudTalkApplication.getSharedApplication().getApplicationContext();
final AccountManager accMgr = AccountManager.get(context); final AccountManager accMgr = AccountManager.get(context);
String password = accMgr.getPassword(account); String password = null;
try {
password = accMgr.getPassword(account);
} catch (Exception exception) {
Log.e(TAG, "Failed to import account");
}
if (urlString.endsWith("/")) { if (urlString.endsWith("/")) {
urlString = urlString.substring(0, urlString.length() - 1); urlString = urlString.substring(0, urlString.length() - 1);