Allow insecure requests on Android (@todo: refactor)

jevakallio · jevakallio · commit 255fad46b518 · 2018-02-20T16:42:32.000Z
diff --git a/android/src/main/java/com/reactlibrary/RNAppAuthModule.java b/android/src/main/java/com/reactlibrary/RNAppAuthModule.java
@@ -4,6 +4,7 @@
 import android.content.Context;
 import android.content.Intent;
 import android.net.Uri;
+import android.support.annotation.NonNull;
 import android.support.annotation.Nullable;
 
 import com.facebook.react.bridge.ActivityEventListener;
@@ -22,14 +23,23 @@
 import net.openid.appauth.AuthorizationResponse;
 import net.openid.appauth.AuthorizationService;
 import net.openid.appauth.AuthorizationServiceConfiguration;
+import net.openid.appauth.Preconditions;
 import net.openid.appauth.ResponseTypeValues;
 import net.openid.appauth.TokenResponse;
 import net.openid.appauth.TokenRequest;
-
+import net.openid.appauth.connectivity.ConnectionBuilder;
+import net.openid.appauth.connectivity.DefaultConnectionBuilder;
+
+import java.io.IOException;
+import java.net.HttpURLConnection;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.sql.Connection;
 import java.text.SimpleDateFormat;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.Iterator;
+import java.util.concurrent.TimeUnit;
 
 public class RNAppAuthModule extends ReactContextBaseJavaModule implements ActivityEventListener {
 
@@ -96,13 +106,30 @@ private HashMap<String, String> additionalParametersToMap(ReadableMap additional
         return additionalParametersHash;
     }
 
+    private ConnectionBuilder createConnectionBuilder(Boolean allowInsecureConnections) {
+
+        if (allowInsecureConnections.equals(true)) {
+            return new UnsafeConnectionBuilder();
+        }
+
+        return DefaultConnectionBuilder.INSTANCE;
+    }
+
+    static Uri buildConfigurationUriFromIssuer(Uri openIdConnectIssuerUri) {
+        return openIdConnectIssuerUri.buildUpon()
+                .appendPath(AuthorizationServiceConfiguration.WELL_KNOWN_PATH)
+                .appendPath(AuthorizationServiceConfiguration.OPENID_CONFIGURATION_RESOURCE)
+                .build();
+    }
+
     @ReactMethod
     public void authorize(
             String issuer,
             final String redirectUrl,
             final String clientId,
             final ReadableArray scopes,
             final ReadableMap additionalParameters,
+            final Boolean dangerouslyAllowInsecureHttpRequests,
             final Promise promise
     ) {
 
@@ -111,9 +138,11 @@ public void authorize(
         final Activity currentActivity = getCurrentActivity();
 
         final String scopesString = this.arrayToString(scopes);
+        final Uri issuerUri = Uri.parse(issuer);
+        final ConnectionBuilder builder = createConnectionBuilder(dangerouslyAllowInsecureHttpRequests);
 
-        AuthorizationServiceConfiguration.fetchFromIssuer(
-                Uri.parse(issuer),
+        AuthorizationServiceConfiguration.fetchFromUrl(
+                buildConfigurationUriFromIssuer(issuerUri),
                 new AuthorizationServiceConfiguration.RetrieveConfigurationCallback() {
                     public void onFetchConfigurationCompleted(
                             @Nullable AuthorizationServiceConfiguration serviceConfiguration,
@@ -143,7 +172,9 @@ public void onFetchConfigurationCompleted(
                         currentActivity.startActivityForResult(authIntent, 0);
 
                     }
-                });
+                },
+                builder
+        );
 
     }
 
@@ -155,14 +186,16 @@ public void refresh(
             final String refreshToken,
             final ReadableArray scopes,
             final ReadableMap additionalParameters,
+            final Boolean dangerouslyAllowInsecureHttpRequests,
             final Promise promise
     ) {
         final Context context = this.reactContext;
-
         final String scopesString = this.arrayToString(scopes);
+        final Uri issuerUri = Uri.parse(issuer);
+        final ConnectionBuilder builder = createConnectionBuilder(dangerouslyAllowInsecureHttpRequests);
 
-        AuthorizationServiceConfiguration.fetchFromIssuer(
-                Uri.parse(issuer),
+        AuthorizationServiceConfiguration.fetchFromUrl(
+                buildConfigurationUriFromIssuer(issuerUri),
                 new AuthorizationServiceConfiguration.RetrieveConfigurationCallback() {
                     public void onFetchConfigurationCompleted(
                             @Nullable AuthorizationServiceConfiguration serviceConfiguration,
@@ -203,7 +236,8 @@ public void onTokenRequestCompleted(@Nullable TokenResponse response, @Nullable
                         });
 
                     }
-                });
+                },
+        builder);
     }
 
     @Override
@@ -249,3 +283,22 @@ public String getName() {
         return "RNAppAuth";
     }
 }
+
+
+final class UnsafeConnectionBuilder implements ConnectionBuilder {
+
+    private static final int CONNECTION_TIMEOUT_MS = (int) TimeUnit.SECONDS.toMillis(15);
+    private static final int READ_TIMEOUT_MS = (int) TimeUnit.SECONDS.toMillis(10);
+
+
+    @NonNull
+    @Override
+    public HttpURLConnection openConnection(@NonNull Uri uri) throws IOException {
+        Preconditions.checkNotNull(uri, "url must not be null");
+        HttpURLConnection conn = (HttpURLConnection) new URL(uri.toString()).openConnection();
+        conn.setConnectTimeout(CONNECTION_TIMEOUT_MS);
+        conn.setReadTimeout(READ_TIMEOUT_MS);
+        conn.setInstanceFollowRedirects(false);
+        return conn;
+    }
+}
diff --git a/index.js b/index.js
@@ -12,18 +12,25 @@ const validateClientId = clientId =>
 const validateRedirectUrl = redirectUrl =>
   invariant(typeof redirectUrl === 'string', 'Config error: redirectUrl must be a string');
 
-export const authorize = ({ issuer, redirectUrl, clientId, scopes, additionalParameters }) => {
+export const authorize = ({ issuer, redirectUrl, clientId, scopes, additionalParameters, dangerouslyAllowInsecureHttpRequests = false }) => {
   validateScopes(scopes);
   validateIssuer(issuer);
   validateClientId(clientId);
   validateRedirectUrl(redirectUrl);
   // TODO: validateAdditionalParameters
 
-  return RNAppAuth.authorize(issuer, redirectUrl, clientId, scopes, additionalParameters);
+  return RNAppAuth.authorize(
+    issuer,
+    redirectUrl,
+    clientId,
+    scopes,
+    additionalParameters,
+    dangerouslyAllowInsecureHttpRequests
+  );
 };
 
 export const refresh = (
-  { issuer, redirectUrl, clientId, scopes, additionalParameters },
+  { issuer, redirectUrl, clientId, scopes, additionalParameters, dangerouslyAllowInsecureHttpRequests = false },
   { refreshToken }
 ) => {
   validateScopes(scopes);
@@ -39,7 +46,8 @@ export const refresh = (
     clientId,
     refreshToken,
     scopes,
-    additionalParameters
+    additionalParameters,
+    dangerouslyAllowInsecureHttpRequests
   );
 };
 
