Merge pull request #5126 from element-hq/feature/bma/redirectToElementPro

Redirect FOSS user to Element Pro according to element .well-known file

Author: bmarty

appnav/build.gradle.kts

@@ -36,6 +36,7 @@ dependencies {
     implementation(projects.libraries.designsystem)
     implementation(projects.libraries.matrixui)
     implementation(projects.libraries.uiStrings)
+    implementation(projects.features.login.api)
 
     implementation(libs.coil)
 

appnav/src/main/kotlin/io/element/android/appnav/RootFlowNode.kt

@@ -33,8 +33,8 @@ import io.element.android.appnav.intent.ResolvedIntent
 import io.element.android.appnav.root.RootNavStateFlowFactory
 import io.element.android.appnav.root.RootPresenter
 import io.element.android.appnav.root.RootView
-import io.element.android.features.enterprise.api.EnterpriseService
 import io.element.android.features.login.api.LoginParams
+import io.element.android.features.login.api.accesscontrol.AccountProviderAccessControl
 import io.element.android.features.rageshake.api.bugreport.BugReportEntryPoint
 import io.element.android.features.rageshake.api.reporter.BugReporter
 import io.element.android.features.signedout.api.SignedOutEntryPoint
@@ -65,7 +65,7 @@ class RootFlowNode @AssistedInject constructor(
     @Assisted val buildContext: BuildContext,
     @Assisted plugins: List<Plugin>,
     private val authenticationService: MatrixAuthenticationService,
-    private val enterpriseService: EnterpriseService,
+    private val accountProviderAccessControl: AccountProviderAccessControl,
     private val navStateFlowFactory: RootNavStateFlowFactory,
     private val matrixSessionCache: MatrixSessionCache,
     private val presenter: RootPresenter,
@@ -296,7 +296,7 @@ class RootFlowNode @AssistedInject constructor(
         val latestSessionId = authenticationService.getLatestSessionId()
         if (latestSessionId == null) {
             // No session, open login
-            if (enterpriseService.isAllowedToConnectToHomeserver(params.accountProvider.ensureProtocol())) {
+            if (accountProviderAccessControl.isAllowedToConnectToAccountProvider(params.accountProvider.ensureProtocol())) {
                 switchToNotLoggedInFlow(params)
             } else {
                 Timber.w("Login link ignored, we are not allowed to connect to the homeserver")

features/login/api/src/main/kotlin/io/element/android/features/login/api/accesscontrol/AccountProviderAccessControl.kt

@@ -0,0 +1,12 @@
+/*
+ * Copyright 2025 New Vector Ltd.
+ *
+ * SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+ * Please see LICENSE files in the repository root for full details.
+ */
+
+package io.element.android.features.login.api.accesscontrol
+
+interface AccountProviderAccessControl {
+    suspend fun isAllowedToConnectToAccountProvider(accountProviderUrl: String): Boolean
+}

features/login/impl/src/main/kotlin/io/element/android/features/login/impl/accesscontrol/DefaultAccountProviderAccessControl.kt

@@ -0,0 +1,61 @@
+/*
+ * Copyright 2025 New Vector Ltd.
+ *
+ * SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+ * Please see LICENSE files in the repository root for full details.
+ */
+
+package io.element.android.features.login.impl.accesscontrol
+
+import com.squareup.anvil.annotations.ContributesBinding
+import io.element.android.features.enterprise.api.EnterpriseService
+import io.element.android.features.login.api.accesscontrol.AccountProviderAccessControl
+import io.element.android.features.login.impl.changeserver.AccountProviderAccessException
+import io.element.android.libraries.core.uri.ensureProtocol
+import io.element.android.libraries.di.AppScope
+import javax.inject.Inject
+
+@ContributesBinding(AppScope::class)
+class DefaultAccountProviderAccessControl @Inject constructor(
+    private val enterpriseService: EnterpriseService,
+    private val elementWellknownRetriever: ElementWellknownRetriever,
+) : AccountProviderAccessControl {
+    override suspend fun isAllowedToConnectToAccountProvider(accountProviderUrl: String) = try {
+        assertIsAllowedToConnectToAccountProvider(
+            title = accountProviderUrl,
+            accountProviderUrl = accountProviderUrl,
+        )
+        true
+    } catch (_: AccountProviderAccessException) {
+        false
+    }
+
+    @Throws(AccountProviderAccessException::class)
+    suspend fun assertIsAllowedToConnectToAccountProvider(
+        title: String,
+        accountProviderUrl: String,
+    ) {
+        if (enterpriseService.isEnterpriseBuild.not()) {
+            // Ensure that Element Pro is not required for this account provider
+            val wellKnown = elementWellknownRetriever.retrieve(
+                accountProviderUrl = accountProviderUrl.ensureProtocol(),
+            )
+            if (wellKnown?.enforceElementPro == true) {
+                throw AccountProviderAccessException.NeedElementProException(
+                    unauthorisedAccountProviderTitle = title,
+                    applicationId = ELEMENT_PRO_APPLICATION_ID,
+                )
+            }
+        }
+        if (enterpriseService.isAllowedToConnectToHomeserver(accountProviderUrl).not()) {
+            throw AccountProviderAccessException.UnauthorizedAccountProviderException(
+                unauthorisedAccountProviderTitle = title,
+                authorisedAccountProviderTitles = enterpriseService.defaultHomeserverList(),
+            )
+        }
+    }
+
+    companion object {
+        const val ELEMENT_PRO_APPLICATION_ID = "io.element.enterprise"
+    }
+}

features/login/impl/src/main/kotlin/io/element/android/features/login/impl/accesscontrol/ElementWellknownRetriever.kt

@@ -0,0 +1,42 @@
+/*
+ * Copyright 2025 New Vector Ltd.
+ *
+ * SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+ * Please see LICENSE files in the repository root for full details.
+ */
+
+package io.element.android.features.login.impl.accesscontrol
+
+import com.squareup.anvil.annotations.ContributesBinding
+import io.element.android.features.login.impl.resolver.network.ElementWellKnown
+import io.element.android.features.login.impl.resolver.network.WellknownAPI
+import io.element.android.libraries.di.AppScope
+import io.element.android.libraries.network.RetrofitFactory
+import timber.log.Timber
+import javax.inject.Inject
+
+interface ElementWellknownRetriever {
+    suspend fun retrieve(accountProviderUrl: String): ElementWellKnown?
+}
+
+@ContributesBinding(AppScope::class)
+class DefaultElementWellknownRetriever @Inject constructor(
+    private val retrofitFactory: RetrofitFactory,
+) : ElementWellknownRetriever {
+    override suspend fun retrieve(accountProviderUrl: String): ElementWellKnown? {
+        val wellknownApi = try {
+            retrofitFactory.create(accountProviderUrl)
+                .create(WellknownAPI::class.java)
+        } catch (e: Exception) {
+            // If the base URL is not valid, we cannot retrieve the well-known data
+            Timber.e(e, "Failed to create Retrofit instance for $accountProviderUrl")
+            return null
+        }
+        return try {
+            wellknownApi.getElementWellKnown()
+        } catch (e: Exception) {
+            Timber.e(e, "Failed to retrieve Element well-known data for $accountProviderUrl")
+            null
+        }
+    }
+}

features/login/impl/src/main/kotlin/io/element/android/features/login/impl/changeserver/AccountProviderAccessException.kt

@@ -0,0 +1,20 @@
+/*
+ * Copyright 2025 New Vector Ltd.
+ *
+ * SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+ * Please see LICENSE files in the repository root for full details.
+ */
+
+package io.element.android.features.login.impl.changeserver
+
+sealed class AccountProviderAccessException : Exception() {
+    data class NeedElementProException(
+        val unauthorisedAccountProviderTitle: String,
+        val applicationId: String,
+    ) : AccountProviderAccessException()
+
+    data class UnauthorizedAccountProviderException(
+        val unauthorisedAccountProviderTitle: String,
+        val authorisedAccountProviderTitles: List<String>,
+    ) : AccountProviderAccessException()
+}

features/login/impl/src/main/kotlin/io/element/android/features/login/impl/changeserver/ChangeServerPresenter.kt

@@ -12,7 +12,7 @@ import androidx.compose.runtime.MutableState
 import androidx.compose.runtime.mutableStateOf
 import androidx.compose.runtime.remember
 import androidx.compose.runtime.rememberCoroutineScope
-import io.element.android.features.enterprise.api.EnterpriseService
+import io.element.android.features.login.impl.accesscontrol.DefaultAccountProviderAccessControl
 import io.element.android.features.login.impl.accountprovider.AccountProvider
 import io.element.android.features.login.impl.accountprovider.AccountProviderDataSource
 import io.element.android.features.login.impl.error.ChangeServerError
@@ -27,7 +27,7 @@ import javax.inject.Inject
 class ChangeServerPresenter @Inject constructor(
     private val authenticationService: MatrixAuthenticationService,
     private val accountProviderDataSource: AccountProviderDataSource,
-    private val enterpriseService: EnterpriseService,
+    private val defaultAccountProviderAccessControl: DefaultAccountProviderAccessControl,
 ) : Presenter<ChangeServerState> {
     @Composable
     override fun present(): ChangeServerState {
@@ -55,12 +55,10 @@ class ChangeServerPresenter @Inject constructor(
         changeServerAction: MutableState<AsyncData<Unit>>,
     ) = launch {
         suspend {
-            if (enterpriseService.isAllowedToConnectToHomeserver(data.url).not()) {
-                throw UnauthorizedAccountProviderException(
-                    unauthorisedAccountProviderTitle = data.title,
-                    authorisedAccountProviderTitles = enterpriseService.defaultHomeserverList(),
-                )
-            }
+            defaultAccountProviderAccessControl.assertIsAllowedToConnectToAccountProvider(
+                title = data.title,
+                accountProviderUrl = data.url,
+            )
             authenticationService.setHomeserver(data.url).map {
                 authenticationService.getHomeserverDetails().value!!
                 // Valid, remember user choice

features/login/impl/src/main/kotlin/io/element/android/features/login/impl/changeserver/ChangeServerStateProvider.kt

@@ -26,6 +26,14 @@ open class ChangeServerStateProvider : PreviewParameterProvider<ChangeServerStat
                     )
                 )
             ),
+            aChangeServerState(
+                changeServerAction = AsyncData.Failure(
+                    ChangeServerError.NeedElementPro(
+                        unauthorisedAccountProviderTitle = "example.com",
+                        applicationId = "applicationId",
+                    ),
+                )
+            ),
         )
 }
 

features/login/impl/src/main/kotlin/io/element/android/features/login/impl/changeserver/ChangeServerView.kt

@@ -12,13 +12,16 @@ import androidx.compose.runtime.LaunchedEffect
 import androidx.compose.runtime.getValue
 import androidx.compose.runtime.rememberUpdatedState
 import androidx.compose.ui.Modifier
+import androidx.compose.ui.platform.LocalContext
 import androidx.compose.ui.res.stringResource
 import androidx.compose.ui.tooling.preview.PreviewParameter
 import io.element.android.features.login.impl.R
 import io.element.android.features.login.impl.dialogs.SlidingSyncNotSupportedDialog
 import io.element.android.features.login.impl.error.ChangeServerError
+import io.element.android.libraries.androidutils.system.openGooglePlay
 import io.element.android.libraries.architecture.AsyncData
 import io.element.android.libraries.designsystem.components.ProgressDialog
+import io.element.android.libraries.designsystem.components.dialogs.ConfirmationDialog
 import io.element.android.libraries.designsystem.components.dialogs.ErrorDialog
 import io.element.android.libraries.designsystem.preview.ElementPreview
 import io.element.android.libraries.designsystem.preview.PreviewsDayNight
@@ -31,6 +34,7 @@ fun ChangeServerView(
     onSuccess: () -> Unit,
     modifier: Modifier = Modifier,
 ) {
+    val context = LocalContext.current
     val eventSink = state.eventSink
     when (state.changeServerAction) {
         is AsyncData.Failure -> {
@@ -56,6 +60,24 @@ fun ChangeServerView(
                         }
                     )
                 }
+                is ChangeServerError.NeedElementPro -> {
+                    ConfirmationDialog(
+                        modifier = modifier,
+                        title = stringResource(R.string.screen_change_server_error_element_pro_required_title),
+                        content = stringResource(
+                            R.string.screen_change_server_error_element_pro_required_message,
+                            error.unauthorisedAccountProviderTitle,
+                        ),
+                        submitText = stringResource(R.string.screen_change_server_error_element_pro_required_action_android),
+                        onSubmitClick = {
+                            context.openGooglePlay(error.applicationId)
+                            eventSink.invoke(ChangeServerEvents.ClearError)
+                        },
+                        onDismiss = {
+                            eventSink.invoke(ChangeServerEvents.ClearError)
+                        },
+                    )
+                }
                 is ChangeServerError.UnauthorizedAccountProvider -> {
                     ErrorDialog(
                         modifier = modifier,