mirror of
https://github.com/nextcloud/talk-android
synced 2025-06-20 12:09:45 +01:00
Fix security issue when importing accounts
Signed-off-by: Mario Danic <mario@lovelyhq.com>
This commit is contained in:
parent
7941ce1ec5
commit
6806a43fe5
@ -56,22 +56,27 @@ public class AccountUtils {
|
|||||||
for (int i = 0; i < userEntitiesList.size(); i++) {
|
for (int i = 0; i < userEntitiesList.size(); i++) {
|
||||||
internalUserEntity = userEntitiesList.get(i);
|
internalUserEntity = userEntitiesList.get(i);
|
||||||
importAccount = getInformationFromAccount(account);
|
importAccount = getInformationFromAccount(account);
|
||||||
if (importAccount.getBaseUrl().startsWith("http://") ||
|
if (importAccount.getToken() != null) {
|
||||||
importAccount.getBaseUrl().startsWith("https://")) {
|
if (importAccount.getBaseUrl().startsWith("http://") ||
|
||||||
if (internalUserEntity.getUsername().equals(importAccount.getUsername()) &&
|
importAccount.getBaseUrl().startsWith("https://")) {
|
||||||
internalUserEntity.getBaseUrl().equals(importAccount.getBaseUrl())) {
|
if (internalUserEntity.getUsername().equals(importAccount.getUsername()) &&
|
||||||
accountFound = true;
|
internalUserEntity.getBaseUrl().equals(importAccount.getBaseUrl())) {
|
||||||
break;
|
accountFound = true;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if (internalUserEntity.getUsername().equals(importAccount.getUsername()) &&
|
||||||
|
(internalUserEntity.getBaseUrl().equals("http://" + importAccount.getBaseUrl()) ||
|
||||||
|
internalUserEntity.getBaseUrl().equals("https://" +
|
||||||
|
importAccount.getBaseUrl()))) {
|
||||||
|
accountFound = true;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
if (internalUserEntity.getUsername().equals(importAccount.getUsername()) &&
|
accountFound = true;
|
||||||
(internalUserEntity.getBaseUrl().equals("http://" + importAccount.getBaseUrl()) ||
|
break;
|
||||||
internalUserEntity.getBaseUrl().equals("https://" +
|
|
||||||
importAccount.getBaseUrl()))) {
|
|
||||||
accountFound = true;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -105,7 +110,12 @@ public class AccountUtils {
|
|||||||
Context context = NextcloudTalkApplication.getSharedApplication().getApplicationContext();
|
Context context = NextcloudTalkApplication.getSharedApplication().getApplicationContext();
|
||||||
final AccountManager accMgr = AccountManager.get(context);
|
final AccountManager accMgr = AccountManager.get(context);
|
||||||
|
|
||||||
String password = accMgr.getPassword(account);
|
String password = null;
|
||||||
|
try {
|
||||||
|
password = accMgr.getPassword(account);
|
||||||
|
} catch (Exception exception) {
|
||||||
|
Log.e(TAG, "Failed to import account");
|
||||||
|
}
|
||||||
|
|
||||||
if (urlString.endsWith("/")) {
|
if (urlString.endsWith("/")) {
|
||||||
urlString = urlString.substring(0, urlString.length() - 1);
|
urlString = urlString.substring(0, urlString.length() - 1);
|
||||||
|
Loading…
Reference in New Issue
Block a user