Merge pull request #406 from ForgeRock/SDKS-3079

SDKS-3079 Replace deprecated onActivityResult with ActivityResultContract

CHANGELOG.md

@@ -7,6 +7,7 @@
 
 #### Fixed
 - Addressed `nimbus-jose-jwt:9.25` library security vulnerability (CVE-2023-52428) [SDKS-2988]
+- NullPointerException for Centralize Login, Replace deprecated onActivityResult with ActivityResultContract [SDKS-3079]
 
 ## [4.3.1]
 #### Fixed

forgerock-auth/src/main/java/org/forgerock/android/auth/AppAuthConfigurer.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2020 ForgeRock. All rights reserved.
+ * Copyright (c) 2020-2024 ForgeRock. All rights reserved.
  *
  * This software may be modified and distributed under the terms
  * of the MIT license. See the LICENSE file for details.
@@ -20,8 +20,6 @@
 
 import java.net.MalformedURLException;
 
-import lombok.AccessLevel;
-import lombok.Getter;
 import lombok.RequiredArgsConstructor;
 
 /**
@@ -33,16 +31,12 @@ public class AppAuthConfigurer {
 
     private final FRUser.Browser parent;
 
-    @Getter(AccessLevel.PACKAGE)
     private Consumer<AuthorizationRequest.Builder> authorizationRequestBuilder = builder -> {
     };
-    @Getter(AccessLevel.PACKAGE)
     private androidx.core.util.Consumer<AppAuthConfiguration.Builder> appAuthConfigurationBuilder = builder -> {
     };
-    @Getter(AccessLevel.PACKAGE)
     private Consumer<CustomTabsIntent.Builder> customTabsIntentBuilder = builder -> {
     };
-    @Getter(AccessLevel.PACKAGE)
     private Supplier<AuthorizationServiceConfiguration> authorizationServiceConfigurationSupplier = () -> {
         OAuth2Client oAuth2Client = Config.getInstance().getOAuth2Client();
         try {
@@ -112,4 +106,19 @@ public FRUser.Browser done() {
         return parent;
     }
 
+    Consumer<AuthorizationRequest.Builder> getAuthorizationRequestBuilder() {
+        return this.authorizationRequestBuilder;
+    }
+
+    Consumer<AppAuthConfiguration.Builder> getAppAuthConfigurationBuilder() {
+        return this.appAuthConfigurationBuilder;
+    }
+
+    Consumer<CustomTabsIntent.Builder> getCustomTabsIntentBuilder() {
+        return this.customTabsIntentBuilder;
+    }
+
+    Supplier<AuthorizationServiceConfiguration> getAuthorizationServiceConfigurationSupplier() {
+        return this.authorizationServiceConfigurationSupplier;
+    }
 }

forgerock-auth/src/main/java/org/forgerock/android/auth/AppAuthFragment.java

@@ -32,6 +32,7 @@
 /**
  * Headless Fragment to receive callback result from AppAuth library
  */
+@Deprecated
 @RestrictTo(RestrictTo.Scope.LIBRARY)
 public class AppAuthFragment extends Fragment {
 

forgerock-auth/src/main/java/org/forgerock/android/auth/AppAuthFragment2.kt

@@ -0,0 +1,96 @@
+/*
+ * Copyright (c) 2024 ForgeRock. All rights reserved.
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license. See the LICENSE file for details.
+ */
+package org.forgerock.android.auth
+
+import android.content.Intent
+import android.os.Bundle
+import androidx.annotation.RestrictTo
+import androidx.fragment.app.Fragment
+import androidx.fragment.app.FragmentActivity
+import androidx.fragment.app.FragmentManager
+import kotlinx.coroutines.flow.MutableStateFlow
+import net.openid.appauth.AuthorizationResponse
+import org.forgerock.android.auth.centralize.BrowserLauncher
+import org.forgerock.android.auth.centralize.Launcher
+
+private const val PENDING = "pending"
+
+/**
+ * Headless Fragment to receive callback result from AppAuth library
+ */
+@RestrictTo(RestrictTo.Scope.LIBRARY)
+class AppAuthFragment2 : Fragment() {
+
+    override fun onCreate(savedInstanceState: Bundle?) {
+        super.onCreate(savedInstanceState)
+        val state: MutableStateFlow<Intent?> = MutableStateFlow(null)
+        val delegate =
+            registerForActivityResult(AuthorizeContract()) {
+                state.value = it
+            }
+
+        val pending = savedInstanceState?.getBoolean(PENDING, false) ?: false
+
+        BrowserLauncher.init(Launcher(delegate, state, pending))
+    }
+
+    override fun onSaveInstanceState(outState: Bundle) {
+        outState.putBoolean(PENDING, true)
+        super.onSaveInstanceState(outState)
+    }
+
+    override fun onDestroy() {
+        super.onDestroy()
+        BrowserLauncher.reset()
+    }
+
+    companion object {
+        val TAG: String = AppAuthFragment2::class.java.name
+
+        /**
+         * Initialize the Fragment to receive AppAuth callback event.
+         */
+        @Synchronized
+        @JvmStatic
+        fun launch(activity: FragmentActivity, browser: FRUser.Browser) {
+            val fragmentManager: FragmentManager = activity.supportFragmentManager
+            var current = fragmentManager.findFragmentByTag(TAG) as? AppAuthFragment2
+            if (current == null) {
+                current = AppAuthFragment2()
+                fragmentManager.beginTransaction().add(current, TAG).commitNow()
+            }
+
+            BrowserLauncher.authorize(browser, object : FRListener<AuthorizationResponse> {
+                override fun onSuccess(result: AuthorizationResponse) {
+                    reset(activity, current)
+                    browser.listener.onSuccess(result)
+                }
+
+                override fun onException(e: Exception) {
+                    reset(activity, current)
+                    browser.listener.onException(e)
+                }
+
+                /**
+                 * Once receive the result, reset state.
+                 */
+                private fun reset(activity: FragmentActivity, fragment: Fragment?) {
+                    activity.runOnUiThread {
+                        BrowserLauncher.reset()
+                    }
+                    fragment?.let {
+                        activity.runOnUiThread {
+                            fragmentManager.beginTransaction().remove(it).commitNow()
+                        }
+                    }
+                }
+            })
+
+
+        }
+    }
+}

forgerock-auth/src/main/java/org/forgerock/android/auth/AuthorizeContract.kt

@@ -0,0 +1,66 @@
+/*
+ * Copyright (c) 2024 ForgeRock. All rights reserved.
+ *
+ *  This software may be modified and distributed under the terms
+ *  of the MIT license. See the LICENSE file for details.
+ */
+
+package org.forgerock.android.auth
+
+import android.content.Context
+import android.content.Intent
+import android.net.Uri
+import androidx.activity.result.contract.ActivityResultContract
+import androidx.browser.customtabs.CustomTabsIntent
+import net.openid.appauth.AppAuthConfiguration
+import net.openid.appauth.AuthorizationRequest
+import net.openid.appauth.AuthorizationService
+import org.forgerock.android.auth.FRUser.Browser
+
+/**
+ * This class is an implementation of the ActivityResultContract.
+ * It is used to handle the OAuth2 authorization process.
+ */
+internal class AuthorizeContract : ActivityResultContract<Browser, Intent?>() {
+    override fun createIntent(
+        context: Context,
+        input: Browser,
+    ): Intent {
+        val configurer: AppAuthConfigurer = input.appAuthConfigurer
+        val oAuth2Client = Config.getInstance().oAuth2Client
+
+        val configuration = configurer.authorizationServiceConfigurationSupplier.get()
+        val authRequestBuilder =
+            AuthorizationRequest.Builder(
+                configuration,
+                oAuth2Client.clientId,
+                oAuth2Client.responseType,
+                Uri.parse(oAuth2Client.redirectUri),
+            ).setScope(oAuth2Client.scope)
+
+        //Allow caller to override Authorization Request setting
+        configurer.authorizationRequestBuilder.accept(authRequestBuilder)
+        val authorizationRequest = authRequestBuilder.build()
+
+        //Allow caller to override AppAuth default setting
+        val appAuthConfigurationBuilder = AppAuthConfiguration.Builder()
+        configurer.appAuthConfigurationBuilder.accept(appAuthConfigurationBuilder)
+        val authorizationService = AuthorizationService(context, appAuthConfigurationBuilder.build())
+
+        //Allow caller to override custom tabs default setting
+        val intentBuilder: CustomTabsIntent.Builder =
+            authorizationService.createCustomTabsIntentBuilder(authorizationRequest.toUri())
+        configurer.customTabsIntentBuilder.accept(intentBuilder)
+
+        val request = authRequestBuilder.build()
+        val service = AuthorizationService(context, AppAuthConfiguration.DEFAULT)
+        return service.getAuthorizationRequestIntent(request, intentBuilder.build())
+    }
+
+    override fun parseResult(
+        resultCode: Int,
+        intent: Intent?,
+    ): Intent? {
+        return intent
+    }
+}

forgerock-auth/src/main/java/org/forgerock/android/auth/FRUser.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2019 - 2023 ForgeRock. All rights reserved.
+ * Copyright (c) 2019 - 2024 ForgeRock. All rights reserved.
  *
  * This software may be modified and distributed under the terms
  * of the MIT license. See the LICENSE file for details.
@@ -14,15 +14,16 @@
 import android.content.pm.ResolveInfo;
 import android.net.Uri;
 
+import androidx.annotation.NonNull;
 import androidx.annotation.VisibleForTesting;
 import androidx.annotation.WorkerThread;
 import androidx.fragment.app.Fragment;
 import androidx.fragment.app.FragmentActivity;
-import androidx.fragment.app.FragmentManager;
 
 import net.openid.appauth.AuthorizationResponse;
 import net.openid.appauth.RedirectUriReceiverActivity;
 
+import org.forgerock.android.auth.centralize.BrowserLauncher;
 import org.forgerock.android.auth.exception.AlreadyAuthenticatedException;
 import org.forgerock.android.auth.exception.AuthenticationRequiredException;
 import org.forgerock.android.auth.exception.InvalidRedirectUriException;
@@ -31,8 +32,6 @@
 import java.util.List;
 import java.util.concurrent.atomic.AtomicReference;
 
-import lombok.AccessLevel;
-import lombok.Getter;
 import lombok.RequiredArgsConstructor;
 
 public class FRUser {
@@ -99,7 +98,7 @@ public void revokeAccessToken(FRListener<Void> listener) {
      * Refresh the {@link AccessToken} asynchronously, force token refresh, no matter the stored {@link AccessToken} is expired or not
      * refresh the token and persist it.
      *
-     * @param listener    Listener to listen for refresh event.
+     * @param listener Listener to listen for refresh event.
      */
     @WorkerThread
     public void refresh(FRListener<AccessToken> listener) {
@@ -256,10 +255,10 @@ public static Browser browser() {
         return new Browser();
     }
 
-    @Getter(AccessLevel.PACKAGE)
     public static class Browser {
 
-        public FRListener<AuthorizationResponse> listener;
+        private static final String TAG = Browser.class.getName();
+        private FRListener<AuthorizationResponse> listener;
         private AppAuthConfigurer appAuthConfigurer = new AppAuthConfigurer(this);
         private boolean failedOnNoBrowserFound = true;
 
@@ -281,7 +280,7 @@ public AppAuthConfigurer appAuthConfigurer() {
          *                 <b> throws {@link java.net.MalformedURLException} When failed to parse the URL for API request.
          */
         public void login(Fragment fragment, FRListener<FRUser> listener) {
-            login(fragment.getContext(), fragment.getFragmentManager(), listener);
+            login(fragment.getActivity(), listener);
         }
 
         /**
@@ -298,17 +297,6 @@ public void login(Fragment fragment, FRListener<FRUser> listener) {
          *                 <b> throws {@link java.net.MalformedURLException} When failed to parse the URL for API request.
          */
         public void login(FragmentActivity activity, FRListener<FRUser> listener) {
-            login(activity.getApplicationContext(), activity.getSupportFragmentManager(), listener);
-        }
-
-        @VisibleForTesting
-        Browser failedOnNoBrowserFound(boolean failedOnNoBrowserFound) {
-            this.failedOnNoBrowserFound = failedOnNoBrowserFound;
-            return this;
-        }
-
-        private void login(Context context, FragmentManager manager, FRListener<FRUser> listener) {
-
             SessionManager sessionManager = Config.getInstance().getSessionManager();
 
             if (sessionManager.hasSession()) {
@@ -317,35 +305,33 @@ private void login(Context context, FragmentManager manager, FRListener<FRUser>
             }
 
             try {
-                validateRedirectUri(context);
+                validateRedirectUri(activity);
             } catch (InvalidRedirectUriException e) {
                 Listener.onException(listener, e);
                 return;
             }
 
-            this.listener = new FRListener<AuthorizationResponse>() {
+            this.listener = new FRListener<>() {
                 @Override
                 public void onSuccess(AuthorizationResponse result) {
                     InterceptorHandler interceptorHandler = InterceptorHandler.builder()
-                            .context(context)
+                            .context(activity)
                             .listener(listener)
                             .interceptor(new ExchangeAccessTokenInterceptor(sessionManager.getTokenManager()))
                             .interceptor(new AccessTokenStoreInterceptor(sessionManager.getTokenManager()))
                             .interceptor(new UserInterceptor())
                             .build();
 
                     interceptorHandler.proceed(result);
-
                 }
 
                 @Override
-                public void onException(Exception e) {
+                public void onException(@NonNull Exception e) {
                     Listener.onException(listener, e);
                 }
             };
 
-            AppAuthFragment.launch(manager, this);
-
+            AppAuthFragment2.launch(activity, this);
         }
 
         private void validateRedirectUri(Context context) throws InvalidRedirectUriException {
@@ -359,7 +345,7 @@ private void validateRedirectUri(Context context) throws InvalidRedirectUriExcep
                 intent.setData(uri);
                 resolveInfos = pm.queryIntentActivities(intent, PackageManager.GET_RESOLVED_FILTER);
             }
-            if (resolveInfos != null && resolveInfos.size() > 0) {
+            if (resolveInfos != null && !resolveInfos.isEmpty()) {
                 for (ResolveInfo info : resolveInfos) {
                     ActivityInfo activityInfo = info.activityInfo;
                     if (!(activityInfo.name.equals(RedirectUriReceiverActivity.class.getCanonicalName()) &&
@@ -371,5 +357,23 @@ private void validateRedirectUri(Context context) throws InvalidRedirectUriExcep
             }
             throw new InvalidRedirectUriException("No App is registered to capture the authorization code");
         }
+
+        @VisibleForTesting
+        Browser failedOnNoBrowserFound(boolean failedOnNoBrowserFound) {
+            this.failedOnNoBrowserFound = failedOnNoBrowserFound;
+            return this;
+        }
+
+        FRListener<AuthorizationResponse> getListener() {
+            return this.listener;
+        }
+
+        AppAuthConfigurer getAppAuthConfigurer() {
+            return this.appAuthConfigurer;
+        }
+
+        boolean isFailedOnNoBrowserFound() {
+            return this.failedOnNoBrowserFound;
+        }
     }
 }