Add some safeguard when changing passwords and encryption
We still need some more to prevent any mistakes
This commit is contained in:
Jakob Nixdorf
parent
c46167bfe7
commit
f2e6f57725
2 changed files with 61 additions and 33 deletions
|
|
@ -39,7 +39,9 @@ import org.openintents.openpgp.util.OpenPgpAppPreference;
|
|||
import org.openintents.openpgp.util.OpenPgpKeyPreference;
|
||||
import org.shadowice.flocke.andotp.Preferences.PBKDF2PasswordPreference;
|
||||
import org.shadowice.flocke.andotp.R;
|
||||
import org.shadowice.flocke.andotp.Utilities.Constants;
|
||||
import org.shadowice.flocke.andotp.Utilities.KeyStoreHelper;
|
||||
import org.shadowice.flocke.andotp.Utilities.Settings;
|
||||
|
||||
public class SettingsActivity extends BaseActivity
|
||||
implements SharedPreferences.OnSharedPreferenceChangeListener{
|
||||
|
|
@ -110,7 +112,7 @@ public class SettingsActivity extends BaseActivity
|
|||
OpenPgpAppPreference pgpProvider;
|
||||
OpenPgpKeyPreference pgpKey;
|
||||
|
||||
public void updateAuthPassword(String newAuth) {
|
||||
public void updateAuthPassword(Settings.AuthMethod newAuth) {
|
||||
PBKDF2PasswordPreference pwPref = (PBKDF2PasswordPreference) catSecurity.findPreference(getString(R.string.settings_key_auth_password_pbkdf2));
|
||||
PBKDF2PasswordPreference pinPref = (PBKDF2PasswordPreference) catSecurity.findPreference(getString(R.string.settings_key_auth_pin_pbkdf2));
|
||||
|
||||
|
|
@ -119,8 +121,7 @@ public class SettingsActivity extends BaseActivity
|
|||
if (pinPref != null)
|
||||
catSecurity.removePreference(pinPref);
|
||||
|
||||
switch (newAuth) {
|
||||
case "password":
|
||||
if (newAuth == Settings.AuthMethod.PASSWORD) {
|
||||
PBKDF2PasswordPreference authPassword = new PBKDF2PasswordPreference(getActivity(), null);
|
||||
authPassword.setTitle(R.string.settings_title_auth_password);
|
||||
authPassword.setOrder(4);
|
||||
|
|
@ -128,11 +129,7 @@ public class SettingsActivity extends BaseActivity
|
|||
authPassword.setMode(PBKDF2PasswordPreference.Mode.PASSWORD);
|
||||
|
||||
catSecurity.addPreference(authPassword);
|
||||
encryption.setEnabled(true);
|
||||
|
||||
break;
|
||||
|
||||
case "pin":
|
||||
} else if (newAuth == Settings.AuthMethod.PIN) {
|
||||
PBKDF2PasswordPreference authPIN = new PBKDF2PasswordPreference(getActivity(), null);
|
||||
authPIN.setTitle(R.string.settings_title_auth_pin);
|
||||
authPIN.setOrder(4);
|
||||
|
|
@ -140,13 +137,6 @@ public class SettingsActivity extends BaseActivity
|
|||
authPIN.setMode(PBKDF2PasswordPreference.Mode.PIN);
|
||||
|
||||
catSecurity.addPreference(authPIN);
|
||||
encryption.setEnabled(true);
|
||||
|
||||
break;
|
||||
|
||||
default:
|
||||
encryption.setEnabled(false);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -163,14 +153,25 @@ public class SettingsActivity extends BaseActivity
|
|||
ListPreference authPref = (ListPreference) findPreference(getString(R.string.settings_key_auth));
|
||||
encryption = (ListPreference) findPreference(getString(R.string.settings_key_encryption));
|
||||
|
||||
updateAuthPassword(authPref.getValue());
|
||||
updateAuthPassword(Settings.AuthMethod.valueOf(authPref.getValue().toUpperCase()));
|
||||
|
||||
authPref.setOnPreferenceChangeListener(new Preference.OnPreferenceChangeListener() {
|
||||
@Override
|
||||
public boolean onPreferenceChange(Preference preference, Object o) {
|
||||
String newAuth = (String) o;
|
||||
String encryption = sharedPref.getString(getString(R.string.settings_key_encryption), getString(R.string.settings_default_encryption));
|
||||
|
||||
if (newAuth.equals("device")) {
|
||||
Constants.EncryptionType encryptionType = Constants.EncryptionType.valueOf(encryption.toUpperCase());
|
||||
Settings.AuthMethod authMethod = Settings.AuthMethod.valueOf(newAuth.toUpperCase());
|
||||
|
||||
if (encryptionType == Constants.EncryptionType.PASSWORD) {
|
||||
if (authMethod == Settings.AuthMethod.NONE || authMethod == Settings.AuthMethod.DEVICE) {
|
||||
Toast.makeText(getActivity(), R.string.settings_toast_auth_invalid_with_encryption, Toast.LENGTH_LONG).show();
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
if (authMethod == Settings.AuthMethod.DEVICE) {
|
||||
KeyguardManager km = (KeyguardManager) getActivity().getSystemService(KEYGUARD_SERVICE);
|
||||
|
||||
if (android.os.Build.VERSION.SDK_INT < android.os.Build.VERSION_CODES.LOLLIPOP) {
|
||||
|
|
@ -182,7 +183,7 @@ public class SettingsActivity extends BaseActivity
|
|||
}
|
||||
}
|
||||
|
||||
updateAuthPassword(newAuth);
|
||||
updateAuthPassword(authMethod);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
|
@ -191,10 +192,30 @@ public class SettingsActivity extends BaseActivity
|
|||
encryption.setOnPreferenceChangeListener(new Preference.OnPreferenceChangeListener() {
|
||||
@Override
|
||||
public boolean onPreferenceChange(final Preference preference, Object o) {
|
||||
final String newEncryption = (String) o;
|
||||
String newEncryption = (String) o;
|
||||
String auth = sharedPref.getString(getString(R.string.settings_key_auth), getString(R.string.settings_default_auth));
|
||||
Constants.EncryptionType encryptionType = Constants.EncryptionType.valueOf(newEncryption.toUpperCase());
|
||||
Settings.AuthMethod authMethod = Settings.AuthMethod.valueOf(auth.toUpperCase());
|
||||
|
||||
if (newEncryption.equals("password"))
|
||||
if (encryptionType == Constants.EncryptionType.PASSWORD) {
|
||||
if (authMethod != Settings.AuthMethod.PASSWORD && authMethod != Settings.AuthMethod.PIN) {
|
||||
Toast.makeText(getActivity(), R.string.settings_toast_encryption_invalid_with_auth, Toast.LENGTH_LONG).show();
|
||||
return false;
|
||||
} else {
|
||||
String credentials = "";
|
||||
if (authMethod == Settings.AuthMethod.PASSWORD)
|
||||
credentials = sharedPref.getString(getString(R.string.settings_key_auth_password_pbkdf2), "");
|
||||
else if (authMethod == Settings.AuthMethod.PIN)
|
||||
credentials = sharedPref.getString(getString(R.string.settings_key_auth_pin_pbkdf2), "");
|
||||
|
||||
if (credentials.isEmpty()) {
|
||||
Toast.makeText(getActivity(), R.string.settings_toast_encryption_invalid_without_credentials, Toast.LENGTH_LONG).show();
|
||||
return false;
|
||||
} else {
|
||||
KeyStoreHelper.wipeKeys(preference.getContext());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
encryption.setValue(newEncryption);
|
||||
|
||||
|
|
|
|||
|
|
@ -65,6 +65,13 @@
|
|||
<string name="settings_toast_auth_device_not_secure">This feature requires a secure lock screen
|
||||
to be set up (Settings -> Security -> Screenlock)</string>
|
||||
|
||||
<string name="settings_toast_auth_invalid_with_encryption">You can only use Password or PIN as
|
||||
long as the database encryption is set to \"Password / PIN\"!</string>
|
||||
<string name="settings_toast_encryption_invalid_with_auth">You first need to set the
|
||||
Authentication to \"Password\" or \"PIN\"!</string>
|
||||
<string name="settings_toast_encryption_invalid_without_credentials">You first need to set a
|
||||
Password or PIN before changing the encryption!</string>
|
||||
|
||||
<string name="settings_toast_auth_upgrade_failed">Failed to silently upgrade your password / PIN
|
||||
to the new encryption, please manually reset it in the settings!</string>
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue