Keep HTTP auth credentials when site is fireproof(ed) (#1066)

* Keep HTTP auth credentials when site is fireproof(ed)

* Remove trailing comma

* Address code review comments from cmonforte

* Removed androidx.security:security-crypto unused dependency

* Supressed warnings in WebViewHttpAuthStoreTest

* Removed default param value from WebViewHttpAuthStore and use the dispatcherProvider

* Removed GlobalScope from WebDataManager

* Supressed warnings in clearFormDataCompat

* Get dispatcherProvider from DI graph

* Removed unnecessary VisibleForTesting

* Fixed the issue with `whenAddLoginDetectionThenJSInterfaceAdded`

* Removed the migration of httpauth db as it is not necessary and it ensures db compatibility

* Also provided WebViewDatabase instance thru DI

* Provided solution for all Android APIs

* Merged runBlocking + withContext

Author: aitorvs

app/schemas/com.duckduckgo.app.browser.httpauth.db.HttpAuthDatabase/1.json

@@ -0,0 +1,58 @@
+{
+  "formatVersion": 1,
+  "database": {
+    "version": 1,
+    "identityHash": "90a13fae33bb9bd0053f91a508fbf5a8",
+    "entities": [
+      {
+        "tableName": "httpauth",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`_id` INTEGER PRIMARY KEY AUTOINCREMENT, `host` TEXT, `realm` TEXT, `username` TEXT, `password` TEXT)",
+        "fields": [
+          {
+            "fieldPath": "_id",
+            "columnName": "_id",
+            "affinity": "INTEGER",
+            "notNull": false
+          },
+          {
+            "fieldPath": "host",
+            "columnName": "host",
+            "affinity": "TEXT",
+            "notNull": false
+          },
+          {
+            "fieldPath": "realm",
+            "columnName": "realm",
+            "affinity": "TEXT",
+            "notNull": false
+          },
+          {
+            "fieldPath": "username",
+            "columnName": "username",
+            "affinity": "TEXT",
+            "notNull": false
+          },
+          {
+            "fieldPath": "password",
+            "columnName": "password",
+            "affinity": "TEXT",
+            "notNull": false
+          }
+        ],
+        "primaryKey": {
+          "columnNames": [
+            "_id"
+          ],
+          "autoGenerate": true
+        },
+        "indices": [],
+        "foreignKeys": []
+      }
+    ],
+    "views": [],
+    "setupQueries": [
+      "CREATE TABLE IF NOT EXISTS room_master_table (id INTEGER PRIMARY KEY,identity_hash TEXT)",
+      "INSERT OR REPLACE INTO room_master_table (id,identity_hash) VALUES(42, '90a13fae33bb9bd0053f91a508fbf5a8')"
+    ]
+  }
+}

app/src/androidTest/java/com/duckduckgo/app/browser/BrowserWebViewClientTest.kt

@@ -24,6 +24,7 @@ import androidx.test.filters.SdkSuppress
 import androidx.test.platform.app.InstrumentationRegistry
 import com.duckduckgo.app.CoroutineTestRule
 import com.duckduckgo.app.browser.certificates.rootstore.TrustedCertificateStore
+import com.duckduckgo.app.browser.httpauth.WebViewHttpAuthStore
 import com.duckduckgo.app.browser.logindetection.DOMLoginDetector
 import com.duckduckgo.app.browser.logindetection.WebNavigationEvent
 import com.duckduckgo.app.browser.model.BasicAuthenticationRequest
@@ -57,12 +58,14 @@ class BrowserWebViewClientTest {
     private val dosDetector: DosDetector = DosDetector()
     private val globalPrivacyControl: GlobalPrivacyControl = mock()
     private val trustedCertificateStore: TrustedCertificateStore = mock()
+    private val webViewHttpAuthStore: WebViewHttpAuthStore = mock()
 
     @UiThreadTest
     @Before
     fun setup() {
         webView = TestWebView(InstrumentationRegistry.getInstrumentation().targetContext)
         testee = BrowserWebViewClient(
+            webViewHttpAuthStore,
             trustedCertificateStore,
             requestRewriter,
             specialUrlDetector,

app/src/androidTest/java/com/duckduckgo/app/browser/WebViewDataManagerTest.kt

@@ -21,6 +21,7 @@ import android.webkit.WebStorage
 import android.webkit.WebView
 import android.webkit.WebViewDatabase
 import androidx.test.platform.app.InstrumentationRegistry
+import com.duckduckgo.app.browser.httpauth.WebViewHttpAuthStore
 import com.duckduckgo.app.browser.session.WebViewSessionInMemoryStorage
 import com.duckduckgo.app.fire.DuckDuckGoCookieManager
 import com.duckduckgo.app.global.file.FileDeleter
@@ -40,13 +41,14 @@ class WebViewDataManagerTest {
     private val context = InstrumentationRegistry.getInstrumentation().targetContext
     private val mockFileDeleter: FileDeleter = mock()
     private val mockWebViewDatabase: WebViewDatabase = mock()
-    private val testee = WebViewDataManager(context, WebViewSessionInMemoryStorage(), mockCookieManager, mockFileDeleter)
+    private val mockWebViewHttpAuthStore: WebViewHttpAuthStore = mock()
+    private val testee = WebViewDataManager(context, WebViewSessionInMemoryStorage(), mockCookieManager, mockFileDeleter, mockWebViewHttpAuthStore)
 
     @Test
     fun whenDataClearedThenWebViewHistoryCleared() = runBlocking<Unit> {
         withContext(Dispatchers.Main) {
             val webView = TestWebView(context)
-            testee.clearData(webView, mockStorage, mockWebViewDatabase)
+            testee.clearData(webView, mockStorage)
             assertTrue(webView.historyCleared)
         }
     }
@@ -55,7 +57,7 @@ class WebViewDataManagerTest {
     fun whenDataClearedThenWebViewCacheCleared() = runBlocking<Unit> {
         withContext(Dispatchers.Main) {
             val webView = TestWebView(context)
-            testee.clearData(webView, mockStorage, mockWebViewDatabase)
+            testee.clearData(webView, mockStorage)
             assertTrue(webView.cacheCleared)
         }
     }
@@ -64,7 +66,7 @@ class WebViewDataManagerTest {
     fun whenDataClearedThenWebViewFormDataCleared() = runBlocking<Unit> {
         withContext(Dispatchers.Main) {
             val webView = TestWebView(context)
-            testee.clearData(webView, mockStorage, mockWebViewDatabase)
+            testee.clearData(webView, mockStorage)
             assertTrue(webView.clearedFormData)
         }
     }
@@ -73,7 +75,7 @@ class WebViewDataManagerTest {
     fun whenDataClearedThenWebViewWebStorageCleared() = runBlocking<Unit> {
         withContext(Dispatchers.Main) {
             val webView = TestWebView(context)
-            testee.clearData(webView, mockStorage, mockWebViewDatabase)
+            testee.clearData(webView, mockStorage)
             verify(mockStorage).deleteAllData()
         }
     }
@@ -82,16 +84,16 @@ class WebViewDataManagerTest {
     fun whenDataClearedThenWebViewAuthCredentialsCleared() = runBlocking<Unit> {
         withContext(Dispatchers.Main) {
             val webView = TestWebView(context)
-            testee.clearData(webView, mockStorage, mockWebViewDatabase)
-            verify(mockWebViewDatabase).clearHttpAuthUsernamePassword()
+            testee.clearData(webView, mockStorage)
+            verify(mockWebViewHttpAuthStore).clearHttpAuthUsernamePassword(webView)
         }
     }
 
     @Test
     fun whenDataClearedThenWebViewCookiesRemoved() = runBlocking<Unit> {
         withContext(Dispatchers.Main) {
             val webView = TestWebView(context)
-            testee.clearData(webView, mockStorage, mockWebViewDatabase)
+            testee.clearData(webView, mockStorage)
             verify(mockCookieManager).removeExternalCookies()
         }
     }

app/src/androidTest/java/com/duckduckgo/app/browser/httpauth/WebViewHttpAuthStoreTest.kt

@@ -0,0 +1,84 @@
+/*
+ * Copyright (c) 2021 DuckDuckGo
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.duckduckgo.app.browser.httpauth
+
+import android.webkit.WebView
+import com.duckduckgo.app.CoroutineTestRule
+import com.duckduckgo.app.browser.httpauth.db.HttpAuthDao
+import com.duckduckgo.app.browser.httpauth.db.HttpAuthEntity
+import com.duckduckgo.app.fire.fireproofwebsite.data.FireproofWebsiteDao
+import com.duckduckgo.app.fire.fireproofwebsite.data.FireproofWebsiteEntity
+import com.nhaarman.mockitokotlin2.mock
+import com.nhaarman.mockitokotlin2.verify
+import com.nhaarman.mockitokotlin2.whenever
+import kotlinx.coroutines.ExperimentalCoroutinesApi
+import org.junit.Assert.assertEquals
+import org.junit.Rule
+import org.junit.Test
+
+@ExperimentalCoroutinesApi
+class WebViewHttpAuthStoreTest {
+
+    @get:Rule
+    @Suppress("unused")
+    val coroutineRule = CoroutineTestRule()
+
+    private val fireproofWebsiteDao: FireproofWebsiteDao = mock()
+    private val httpAuthDao: HttpAuthDao = mock()
+    private val webView: WebView = mock()
+
+    private val webViewHttpAuthStore = RealWebViewHttpAuthStore(coroutineRule.testDispatcherProvider, fireproofWebsiteDao, httpAuthDao)
+
+    @Test
+    fun whenSetHttpAuthUsernamePasswordThenInsertHttpAuthEntity() {
+        webViewHttpAuthStore.setHttpAuthUsernamePassword(
+            webView = webView,
+            host = "host",
+            realm = "realm",
+            username = "name",
+            password = "pass",
+        )
+
+        verify(httpAuthDao).insert(
+            HttpAuthEntity(
+                host = "host",
+                realm = "realm",
+                username = "name",
+                password = "pass"
+            )
+        )
+    }
+
+    @Test
+    fun whenGetHttpAuthUsernamePasswordThenReturnWebViewHttpAuthCredentials() {
+        whenever(httpAuthDao.getAuthCredentials("host", "realm"))
+            .thenReturn(HttpAuthEntity(1, "host", "realm", "name", "pass"))
+        val credentials = webViewHttpAuthStore.getHttpAuthUsernamePassword(webView, "host", "realm")
+
+        assertEquals(WebViewHttpAuthCredentials("name", "pass"), credentials)
+    }
+
+    @Test
+    fun whenClearHttpAuthUsernamePasswordThenDeleteAllCredentialsExceptExclusions() {
+        whenever(fireproofWebsiteDao.fireproofWebsitesSync())
+            .thenReturn(listOf(FireproofWebsiteEntity("http://fireproofed.me")))
+
+        webViewHttpAuthStore.clearHttpAuthUsernamePassword(webView)
+
+        verify(httpAuthDao).deleteAll(listOf("http://fireproofed.me"))
+    }
+}

app/src/androidTest/java/com/duckduckgo/app/di/StubDatabaseModule.kt

@@ -18,6 +18,11 @@ package com.duckduckgo.app.di
 
 import android.content.Context
 import androidx.room.Room
+import com.duckduckgo.app.browser.httpauth.RealWebViewHttpAuthStore
+import com.duckduckgo.app.browser.httpauth.WebViewHttpAuthStore
+import com.duckduckgo.app.browser.httpauth.db.HttpAuthDatabase
+import com.duckduckgo.app.fire.fireproofwebsite.data.FireproofWebsiteDao
+import com.duckduckgo.app.global.DefaultDispatcherProvider
 import com.duckduckgo.app.global.db.AppDatabase
 import dagger.Module
 import dagger.Provides
@@ -33,4 +38,17 @@ class StubDatabaseModule {
             .allowMainThreadQueries()
             .build()
     }
+
+    @Provides
+    @Singleton
+    fun provideWebViewHttpAuthStore(
+        context: Context,
+        fireproofWebsiteDao: FireproofWebsiteDao
+    ): WebViewHttpAuthStore {
+        val db = Room.inMemoryDatabaseBuilder(context, HttpAuthDatabase::class.java)
+            .allowMainThreadQueries()
+            .build()
+
+        return RealWebViewHttpAuthStore(DefaultDispatcherProvider(), fireproofWebsiteDao, db.httpAuthDao())
+    }
 }

app/src/androidTest/java/com/duckduckgo/app/global/view/ClearPersonalDataActionTest.kt

@@ -80,7 +80,7 @@ class ClearPersonalDataActionTest {
     @Test
     fun whenClearCalledThenDataManagerClearsData() = runBlocking<Unit> {
         testee.clearTabsAndAllDataAsync(appInForeground = false, shouldFireDataClearPixel = false)
-        verify(mockDataManager).clearData(any(), any(), any())
+        verify(mockDataManager).clearData(any(), any())
     }
 
     @Test