use token for verification, with SharedProvider as ArbitraryContentProvider does not work on service context

Signed-off-by: tobiasKaminsky <tobias@kaminsky.me>

src/main/java/com/owncloud/android/authentication/AccountAuthenticator.java

@@ -1,4 +1,4 @@
-/**
+/*
  *   ownCloud Android client application
  *
  *   @author David A. Velasco
@@ -28,17 +28,21 @@ import android.accounts.AccountManager;
 import android.accounts.NetworkErrorException;
 import android.content.Context;
 import android.content.Intent;
+import android.content.SharedPreferences;
 import android.os.Bundle;
 import android.os.Handler;
 import android.widget.Toast;
 
 import com.owncloud.android.MainApp;
 import com.owncloud.android.R;
+import com.owncloud.android.db.PreferenceManager;
 import com.owncloud.android.lib.common.OwnCloudAccount;
 import com.owncloud.android.lib.common.accounts.AccountTypeUtils;
 import com.owncloud.android.lib.common.accounts.AccountUtils;
 import com.owncloud.android.lib.common.utils.Log_OC;
 
+import java.util.UUID;
+
 
 /**
  *  Authenticator for ownCloud accounts.
@@ -163,6 +167,25 @@ public class AccountAuthenticator extends AbstractAccountAuthenticator {
             AccountManager accountManager = AccountManager.get(mContext);
             final Bundle result = new Bundle();
 
+            String packageName = options.getString("androidPackageName");
+
+            if (packageName == null) {
+                Log_OC.e(TAG, "No calling package, exit.");
+                return result;
+            }
+
+            // get or create token
+            SharedPreferences sharedPreferences = PreferenceManager.getDefaultSharedPreferences(mContext);
+            String token = sharedPreferences.getString(packageName, "");
+
+            if (token.isEmpty()) {
+                token = UUID.randomUUID().toString().replaceAll("-", "");
+
+                SharedPreferences.Editor editor = sharedPreferences.edit();
+                editor.putString(packageName, token);
+                editor.apply();
+            }
+                        
             String serverUrl;
             String userId;
             try {
@@ -179,13 +202,8 @@ public class AccountAuthenticator extends AbstractAccountAuthenticator {
             result.putString(AccountManager.KEY_ACCOUNT_TYPE, MainApp.getAccountType(mContext));
             result.putString(AccountManager.KEY_AUTHTOKEN,     NEXTCLOUD_SSO);
             result.putString("username", userId);
-
-            // TODO consider returning here some kind of "token" instead of the "real" password
-            // those tokens have to stored in this (nextcloud) app to verify if a client is allowed to
-            // make a request (see AccountManagerService.java#L117 -> request.token)
-            result.putString("password", accountManager.getPassword(account));
+            result.putString("token", token);
             result.putString("server_url", serverUrl);
-            result.putBoolean("disable_hostname_verification", false);
 
             return result;
         }

src/main/java/de/luhmer/owncloud/accountimporter/helper/InputStreamBinder.java

@@ -2,10 +2,12 @@ package de.luhmer.owncloud.accountimporter.helper;
 
 import android.accounts.Account;
 import android.content.Context;
+import android.content.SharedPreferences;
 import android.os.ParcelFileDescriptor;
 import android.util.Log;
 
 import com.owncloud.android.authentication.AccountUtils;
+import com.owncloud.android.db.PreferenceManager;
 import com.owncloud.android.lib.common.OwnCloudAccount;
 import com.owncloud.android.lib.common.OwnCloudClient;
 import com.owncloud.android.lib.common.OwnCloudClientManagerFactory;
@@ -25,6 +27,8 @@ import java.io.InputStream;
 import java.io.ObjectInputStream;
 import java.io.ObjectOutputStream;
 import java.io.Serializable;
+import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Map;
 
 /**
@@ -36,6 +40,8 @@ import java.util.Map;
 public class InputStreamBinder extends IInputStreamService.Stub {
     private final static String TAG = "InputStreamBinder";
 
+    private ArrayList<String> validPackages = new ArrayList<>(Arrays.asList("de.luhmer.owncloudnewsreader"));
+    
     private Context context;
     public InputStreamBinder(Context ctxt) {
         this.context = ctxt;
@@ -111,9 +117,8 @@ public class InputStreamBinder extends IInputStreamService.Stub {
         OwnCloudAccount ocAccount = new OwnCloudAccount(account, context);
         OwnCloudClient client = OwnCloudClientManagerFactory.getDefaultSingleton().getClientFor(ocAccount, context);
 
-
-        // Validate Auth-Token
-        if(!client.getCredentials().getAuthToken().equals(request.token)) {
+        // Validate token & package name
+        if (!isValid(request)) {
             throw new IllegalStateException("Provided authentication token does not match!");
         }
 
@@ -172,4 +177,10 @@ public class InputStreamBinder extends IInputStreamService.Stub {
         }
     }
 
+    private boolean isValid(NextcloudRequest request) {
+        SharedPreferences sharedPreferences = PreferenceManager.getDefaultSharedPreferences(context);
+        String storedToken = sharedPreferences.getString(request.packageName, "");
+
+        return validPackages.contains(request.packageName) && request.token.equals(storedToken);
+    }
 }

src/main/java/de/luhmer/owncloud/accountimporter/helper/NextcloudRequest.java

@@ -19,6 +19,7 @@ public class NextcloudRequest implements Serializable {
     public String requestBody;
     public String url;
     public String token;
+    public String packageName;
     public String accountName;
 
     private NextcloudRequest() {
@@ -66,12 +67,14 @@ public class NextcloudRequest implements Serializable {
             return this;
         }
 
+        public Builder setPackageName(String packageName) {
+            ncr.packageName = packageName;
+            return this;
+        }
+
         public Builder setAccountName(String accountName) {
             ncr.accountName = accountName;
             return this;
         }
     }
-
-
-
-}
+}