From cf5f0eae3a5dbaf36b17425e4c8d5d8dc43e6866 Mon Sep 17 00:00:00 2001 From: Harsh Shandilya Date: Sun, 4 Apr 2021 01:21:34 +0530 Subject: [PATCH] Actively discourage use of git protocol (#1368) --- CHANGELOG.md | 1 + .../aps/ui/git/config/GitServerConfigActivity.kt | 9 +++++++++ app/src/main/res/values/strings.xml | 2 ++ 3 files changed, 12 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6c1ed385..245170e4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -24,6 +24,7 @@ All notable changes to this project will be documented in this file. - Accessibility autofill has been removed completely due to being buggy, insecure and lacking in features. Upgrade to Android 8 or preferably later to gain access to our advanced Autofill implementation. - The settings UI has been completely re-done to dramatically improve discoverability and navigation for users +- Using the `git://` protocol in the server URL now presents an explicit discouragement rather than a generic error ## [1.13.4] - 2021-03-20 diff --git a/app/src/main/java/dev/msfjarvis/aps/ui/git/config/GitServerConfigActivity.kt b/app/src/main/java/dev/msfjarvis/aps/ui/git/config/GitServerConfigActivity.kt index 56d9c043..372d5863 100644 --- a/app/src/main/java/dev/msfjarvis/aps/ui/git/config/GitServerConfigActivity.kt +++ b/app/src/main/java/dev/msfjarvis/aps/ui/git/config/GitServerConfigActivity.kt @@ -116,6 +116,15 @@ class GitServerConfigActivity : BaseGitActivity() { return@setOnClickListener } } + if (newUrl.startsWith("git://")) { + BasicBottomSheet.Builder(this) + .setTitleRes(R.string.git_scheme_disallowed_title) + .setMessageRes(R.string.git_scheme_disallowed_message) + .setPositiveButtonClickListener {} + .build() + .show(supportFragmentManager, "SSH_SCHEME_WARNING") + return@setOnClickListener + } when (val updateResult = GitSettings.updateConnectionSettingsIfValid( newAuthMode = newAuthMode, diff --git a/app/src/main/res/values/strings.xml b/app/src/main/res/values/strings.xml index b9a371d8..e077bf11 100644 --- a/app/src/main/res/values/strings.xml +++ b/app/src/main/res/values/strings.xml @@ -389,6 +389,8 @@ It appears that your URL contains a custom port, but does not specify the ssh:// scheme.\nThis can cause the port to be considered a part of your path. Press OK here to fix the URL. HTTPS URL with custom port It looks like you are using a HTTPS URL with a custom port. This is not supported, and will cause problems down the line. Press OK to remove the port from your URL. + Using the git:// protocol is discouraged + The git protocol provided by git-daemon performs no transport encryption and is unsuitable for secure operations. Proxy hostname