element-hq
diff --git a/‎appnav/build.gradle.kts‎
Lines changed: 1 addition & 0 deletions b/‎appnav/build.gradle.kts‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎appnav/src/main/kotlin/io/element/android/appnav/RootFlowNode.kt‎
Lines changed: 3 additions & 3 deletions b/‎appnav/src/main/kotlin/io/element/android/appnav/RootFlowNode.kt‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎features/login/api/src/main/kotlin/io/element/android/features/login/api/accesscontrol/AccountProviderAccessControl.kt‎
Lines changed: 12 additions & 0 deletions b/‎features/login/api/src/main/kotlin/io/element/android/features/login/api/accesscontrol/AccountProviderAccessControl.kt‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎features/login/impl/src/main/kotlin/io/element/android/features/login/impl/accesscontrol/DefaultAccountProviderAccessControl.kt‎
Lines changed: 61 additions & 0 deletions b/‎features/login/impl/src/main/kotlin/io/element/android/features/login/impl/accesscontrol/DefaultAccountProviderAccessControl.kt‎
Lines changed: 61 additions & 0 deletions
diff --git a/‎features/login/impl/src/main/kotlin/io/element/android/features/login/impl/accesscontrol/ElementWellknownRetriever.kt‎
Lines changed: 42 additions & 0 deletions b/‎features/login/impl/src/main/kotlin/io/element/android/features/login/impl/accesscontrol/ElementWellknownRetriever.kt‎
Lines changed: 42 additions & 0 deletions
diff --git a/‎features/login/impl/src/main/kotlin/io/element/android/features/login/impl/changeserver/ChangeServerPresenter.kt‎
Lines changed: 6 additions & 8 deletions b/‎features/login/impl/src/main/kotlin/io/element/android/features/login/impl/changeserver/ChangeServerPresenter.kt‎
Lines changed: 6 additions & 8 deletions
diff --git a/‎features/login/impl/src/main/kotlin/io/element/android/features/login/impl/changeserver/ChangeServerStateProvider.kt‎
Lines changed: 8 additions & 0 deletions b/‎features/login/impl/src/main/kotlin/io/element/android/features/login/impl/changeserver/ChangeServerStateProvider.kt‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎features/login/impl/src/main/kotlin/io/element/android/features/login/impl/changeserver/ChangeServerView.kt‎
Lines changed: 22 additions & 0 deletions b/‎features/login/impl/src/main/kotlin/io/element/android/features/login/impl/changeserver/ChangeServerView.kt‎
Lines changed: 22 additions & 0 deletions
diff --git a/‎features/login/impl/src/main/kotlin/io/element/android/features/login/impl/changeserver/UnauthorizedAccountProviderException.kt‎
Lines changed: 11 additions & 4 deletions b/‎features/login/impl/src/main/kotlin/io/element/android/features/login/impl/changeserver/UnauthorizedAccountProviderException.kt‎
Lines changed: 11 additions & 4 deletions
diff --git a/‎features/login/impl/src/main/kotlin/io/element/android/features/login/impl/error/ChangeServerError.kt‎
Lines changed: 12 additions & 3 deletions b/‎features/login/impl/src/main/kotlin/io/element/android/features/login/impl/error/ChangeServerError.kt‎
Lines changed: 12 additions & 3 deletions
@@ -36,6 +36,7 @@ dependencies {
     implementation(projects.libraries.designsystem)
     implementation(projects.libraries.matrixui)
     implementation(projects.libraries.uiStrings)
+    implementation(projects.features.login.api)
 
     implementation(libs.coil)
 
 
@@ -33,8 +33,8 @@ import io.element.android.appnav.intent.ResolvedIntent
 import io.element.android.appnav.root.RootNavStateFlowFactory
 import io.element.android.appnav.root.RootPresenter
 import io.element.android.appnav.root.RootView
-import io.element.android.features.enterprise.api.EnterpriseService
 import io.element.android.features.login.api.LoginParams
+import io.element.android.features.login.api.accesscontrol.AccountProviderAccessControl
 import io.element.android.features.rageshake.api.bugreport.BugReportEntryPoint
 import io.element.android.features.signedout.api.SignedOutEntryPoint
 import io.element.android.features.viewfolder.api.ViewFolderEntryPoint
@@ -64,7 +64,7 @@ class RootFlowNode @AssistedInject constructor(
     @Assisted val buildContext: BuildContext,
     @Assisted plugins: List<Plugin>,
     private val authenticationService: MatrixAuthenticationService,
-    private val enterpriseService: EnterpriseService,
+    private val accountProviderAccessControl: AccountProviderAccessControl,
     private val navStateFlowFactory: RootNavStateFlowFactory,
     private val matrixSessionCache: MatrixSessionCache,
     private val presenter: RootPresenter,
@@ -293,7 +293,7 @@ class RootFlowNode @AssistedInject constructor(
         val latestSessionId = authenticationService.getLatestSessionId()
         if (latestSessionId == null) {
             // No session, open login
-            if (enterpriseService.isAllowedToConnectToHomeserver(params.accountProvider.ensureProtocol())) {
+            if (accountProviderAccessControl.isAllowedToConnectToAccountProvider(params.accountProvider.ensureProtocol())) {
                 switchToNotLoggedInFlow(params)
             } else {
                 Timber.w("Login link ignored, we are not allowed to connect to the homeserver")
 
@@ -0,0 +1,12 @@
+/*
+ * Copyright 2025 New Vector Ltd.
+ *
+ * SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+ * Please see LICENSE files in the repository root for full details.
+ */
+
+package io.element.android.features.login.api.accesscontrol
+
+interface AccountProviderAccessControl {
+    suspend fun isAllowedToConnectToAccountProvider(accountProviderUrl: String): Boolean
+}
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2025 New Vector Ltd.
+ *
+ * SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+ * Please see LICENSE files in the repository root for full details.
+ */
+
+package io.element.android.features.login.impl.accesscontrol
+
+import com.squareup.anvil.annotations.ContributesBinding
+import io.element.android.features.enterprise.api.EnterpriseService
+import io.element.android.features.login.api.accesscontrol.AccountProviderAccessControl
+import io.element.android.features.login.impl.changeserver.AccountProviderAccessException
+import io.element.android.libraries.core.uri.ensureProtocol
+import io.element.android.libraries.di.AppScope
+import javax.inject.Inject
+
+@ContributesBinding(AppScope::class)
+class DefaultAccountProviderAccessControl @Inject constructor(
+    private val enterpriseService: EnterpriseService,
+    private val elementWellknownRetriever: ElementWellknownRetriever,
+) : AccountProviderAccessControl {
+    override suspend fun isAllowedToConnectToAccountProvider(accountProviderUrl: String) = try {
+        assertIsAllowedToConnectToAccountProvider(
+            title = accountProviderUrl,
+            accountProviderUrl = accountProviderUrl,
+        )
+        true
+    } catch (_: AccountProviderAccessException) {
+        false
+    }
+
+    @Throws(AccountProviderAccessException::class)
+    suspend fun assertIsAllowedToConnectToAccountProvider(
+        title: String,
+        accountProviderUrl: String,
+    ) {
+        if (enterpriseService.isEnterpriseBuild.not()) {
+            // Ensure that Element Pro is not required for this account provider
+            val wellKnown = elementWellknownRetriever.retrieve(
+                accountProviderUrl = accountProviderUrl.ensureProtocol(),
+            )
+            if (wellKnown?.enforceElementPro == true) {
+                throw AccountProviderAccessException.NeedElementProException(
+                    unauthorisedAccountProviderTitle = title,
+                    applicationId = ELEMENT_PRO_APPLICATION_ID,
+                )
+            }
+        }
+        if (enterpriseService.isAllowedToConnectToHomeserver(accountProviderUrl).not()) {
+            throw AccountProviderAccessException.UnauthorizedAccountProviderException(
+                unauthorisedAccountProviderTitle = title,
+                authorisedAccountProviderTitles = enterpriseService.defaultHomeserverList(),
+            )
+        }
+    }
+
+    companion object {
+        const val ELEMENT_PRO_APPLICATION_ID = "io.element.enterprise"
+    }
+}
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2025 New Vector Ltd.
+ *
+ * SPDX-License-Identifier: AGPL-3.0-only OR LicenseRef-Element-Commercial
+ * Please see LICENSE files in the repository root for full details.
+ */
+
+package io.element.android.features.login.impl.accesscontrol
+
+import com.squareup.anvil.annotations.ContributesBinding
+import io.element.android.features.login.impl.resolver.network.ElementWellKnown
+import io.element.android.features.login.impl.resolver.network.WellknownAPI
+import io.element.android.libraries.di.AppScope
+import io.element.android.libraries.network.RetrofitFactory
+import timber.log.Timber
+import javax.inject.Inject
+
+interface ElementWellknownRetriever {
+    suspend fun retrieve(accountProviderUrl: String): ElementWellKnown?
+}
+
+@ContributesBinding(AppScope::class)
+class DefaultElementWellknownRetriever @Inject constructor(
+    private val retrofitFactory: RetrofitFactory,
+) : ElementWellknownRetriever {
+    override suspend fun retrieve(accountProviderUrl: String): ElementWellKnown? {
+        val wellknownApi = try {
+            retrofitFactory.create(accountProviderUrl)
+                .create(WellknownAPI::class.java)
+        } catch (e: Exception) {
+            // If the base URL is not valid, we cannot retrieve the well-known data
+            Timber.e(e, "Failed to create Retrofit instance for $accountProviderUrl")
+            return null
+        }
+        return try {
+            wellknownApi.getElementWellKnown()
+        } catch (e: Exception) {
+            Timber.e(e, "Failed to retrieve Element well-known data for $accountProviderUrl")
+            null
+        }
+    }
+}
@@ -12,7 +12,7 @@ import androidx.compose.runtime.MutableState
 import androidx.compose.runtime.mutableStateOf
 import androidx.compose.runtime.remember
 import androidx.compose.runtime.rememberCoroutineScope
-import io.element.android.features.enterprise.api.EnterpriseService
+import io.element.android.features.login.impl.accesscontrol.DefaultAccountProviderAccessControl
 import io.element.android.features.login.impl.accountprovider.AccountProvider
 import io.element.android.features.login.impl.accountprovider.AccountProviderDataSource
 import io.element.android.features.login.impl.error.ChangeServerError
@@ -27,7 +27,7 @@ import javax.inject.Inject
 class ChangeServerPresenter @Inject constructor(
     private val authenticationService: MatrixAuthenticationService,
     private val accountProviderDataSource: AccountProviderDataSource,
-    private val enterpriseService: EnterpriseService,
+    private val defaultAccountProviderAccessControl: DefaultAccountProviderAccessControl,
 ) : Presenter<ChangeServerState> {
     @Composable
     override fun present(): ChangeServerState {
@@ -55,12 +55,10 @@ class ChangeServerPresenter @Inject constructor(
         changeServerAction: MutableState<AsyncData<Unit>>,
     ) = launch {
         suspend {
-            if (enterpriseService.isAllowedToConnectToHomeserver(data.url).not()) {
-                throw UnauthorizedAccountProviderException(
-                    unauthorisedAccountProviderTitle = data.title,
-                    authorisedAccountProviderTitles = enterpriseService.defaultHomeserverList(),
-                )
-            }
+            defaultAccountProviderAccessControl.assertIsAllowedToConnectToAccountProvider(
+                title = data.title,
+                accountProviderUrl = data.url,
+            )
             authenticationService.setHomeserver(data.url).map {
                 authenticationService.getHomeserverDetails().value!!
                 // Valid, remember user choice
 
@@ -26,6 +26,14 @@ open class ChangeServerStateProvider : PreviewParameterProvider<ChangeServerStat
                     )
                 )
             ),
+            aChangeServerState(
+                changeServerAction = AsyncData.Failure(
+                    ChangeServerError.NeedElementPro(
+                        unauthorisedAccountProviderTitle = "example.com",
+                        applicationId = "applicationId",
+                    ),
+                )
+            ),
         )
 }
 
 
@@ -12,13 +12,16 @@ import androidx.compose.runtime.LaunchedEffect
 import androidx.compose.runtime.getValue
 import androidx.compose.runtime.rememberUpdatedState
 import androidx.compose.ui.Modifier
+import androidx.compose.ui.platform.LocalContext
 import androidx.compose.ui.res.stringResource
 import androidx.compose.ui.tooling.preview.PreviewParameter
 import io.element.android.features.login.impl.R
 import io.element.android.features.login.impl.dialogs.SlidingSyncNotSupportedDialog
 import io.element.android.features.login.impl.error.ChangeServerError
+import io.element.android.libraries.androidutils.system.openGooglePlay
 import io.element.android.libraries.architecture.AsyncData
 import io.element.android.libraries.designsystem.components.ProgressDialog
+import io.element.android.libraries.designsystem.components.dialogs.ConfirmationDialog
 import io.element.android.libraries.designsystem.components.dialogs.ErrorDialog
 import io.element.android.libraries.designsystem.preview.ElementPreview
 import io.element.android.libraries.designsystem.preview.PreviewsDayNight
@@ -31,6 +34,7 @@ fun ChangeServerView(
     onSuccess: () -> Unit,
     modifier: Modifier = Modifier,
 ) {
+    val context = LocalContext.current
     val eventSink = state.eventSink
     when (state.changeServerAction) {
         is AsyncData.Failure -> {
@@ -56,6 +60,24 @@ fun ChangeServerView(
                         }
                     )
                 }
+                is ChangeServerError.NeedElementPro -> {
+                    ConfirmationDialog(
+                        modifier = modifier,
+                        title = stringResource(R.string.screen_change_server_error_element_pro_required_title),
+                        content = stringResource(
+                            R.string.screen_change_server_error_element_pro_required_message,
+                            error.unauthorisedAccountProviderTitle,
+                        ),
+                        submitText = stringResource(R.string.screen_change_server_error_element_pro_required_action_android),
+                        onSubmitClick = {
+                            context.openGooglePlay(error.applicationId)
+                            eventSink.invoke(ChangeServerEvents.ClearError)
+                        },
+                        onDismiss = {
+                            eventSink.invoke(ChangeServerEvents.ClearError)
+                        },
+                    )
+                }
                 is ChangeServerError.UnauthorizedAccountProvider -> {
                     ErrorDialog(
                         modifier = modifier,
 
@@ -7,7 +7,14 @@
 
 package io.element.android.features.login.impl.changeserver
 
-class UnauthorizedAccountProviderException(
-    val unauthorisedAccountProviderTitle: String,
-    val authorisedAccountProviderTitles: List<String>,
-) : Exception()
+sealed class AccountProviderAccessException : Exception() {
+    data class NeedElementProException(
+        val unauthorisedAccountProviderTitle: String,
+        val applicationId: String,
+    ) : AccountProviderAccessException()
+
+    data class UnauthorizedAccountProviderException(
+        val unauthorisedAccountProviderTitle: String,
+        val authorisedAccountProviderTitles: List<String>,
+    ) : AccountProviderAccessException()
+}
@@ -12,11 +12,11 @@ import androidx.compose.runtime.Composable
 import androidx.compose.runtime.ReadOnlyComposable
 import androidx.compose.ui.res.stringResource
 import io.element.android.features.login.impl.R
-import io.element.android.features.login.impl.changeserver.UnauthorizedAccountProviderException
+import io.element.android.features.login.impl.changeserver.AccountProviderAccessException
 import io.element.android.libraries.matrix.api.auth.AuthenticationException
 import io.element.android.libraries.ui.strings.CommonStrings
 
-sealed class ChangeServerError : Throwable() {
+sealed class ChangeServerError : Exception() {
     data class Error(
         @StringRes val messageId: Int? = null,
         val messageStr: String? = null,
@@ -26,6 +26,11 @@ sealed class ChangeServerError : Throwable() {
         fun message(): String = messageStr ?: stringResource(messageId ?: CommonStrings.error_unknown)
     }
 
+    data class NeedElementPro(
+        val unauthorisedAccountProviderTitle: String,
+        val applicationId: String,
+    ) : ChangeServerError()
+
     data class UnauthorizedAccountProvider(
         val unauthorisedAccountProviderTitle: String,
         val authorisedAccountProviderTitles: List<String>,
@@ -37,7 +42,11 @@ sealed class ChangeServerError : Throwable() {
         fun from(error: Throwable): ChangeServerError = when (error) {
             is AuthenticationException.SlidingSyncVersion -> SlidingSyncAlert
             is AuthenticationException.Oidc -> Error(messageStr = error.message)
-            is UnauthorizedAccountProviderException -> UnauthorizedAccountProvider(
+            is AccountProviderAccessException.NeedElementProException -> NeedElementPro(
+                unauthorisedAccountProviderTitle = error.unauthorisedAccountProviderTitle,
+                applicationId = error.applicationId,
+            )
+            is AccountProviderAccessException.UnauthorizedAccountProviderException -> UnauthorizedAccountProvider(
                 unauthorisedAccountProviderTitle = error.unauthorisedAccountProviderTitle,
                 authorisedAccountProviderTitles = error.authorisedAccountProviderTitles,
             )
Original file line number	Diff line number	Diff line change
`@@ -26,6 +26,14 @@ open class ChangeServerStateProvider : PreviewParameterProvider<ChangeServerStat`
`26`	`26`	`)`
`27`	`27`	`)`
`28`	`28`	`),`
	`29`	`+ aChangeServerState(`
	`30`	`+ changeServerAction = AsyncData.Failure(`
	`31`	`+ ChangeServerError.NeedElementPro(`
	`32`	`+ unauthorisedAccountProviderTitle = "example.com",`
	`33`	`+ applicationId = "applicationId",`
	`34`	`+ ),`
	`35`	`+ )`
	`36`	`+ ),`
`29`	`37`	`)`
`30`	`38`	`}`
`31`	`39`