Email link Phase 2 - Cross device flows (#1522)

Author: lsirac

auth/README.md

@@ -390,8 +390,10 @@ if (AuthUI.canHandleIntent(getIntent())) {
 }
 ```
 
-Note that email link sign in is currently only supported for the same device. Finishing the flow on a different device will result
-in the user being shown an error.
+#### Cross device support
+
+We support cross device email link sign in for the normal flows. It is not supported with anonymous user upgrade. By default,
+cross device support is enabled. You can disable it by calling `setForceSameDevice` on the `EmailBuilder` instance.
 
 ##### Adding a ToS and privacy policy
 

auth/src/main/AndroidManifest.xml

@@ -78,6 +78,12 @@
             android:theme="@style/FirebaseUI.Transparent"
             android:windowSoftInputMode="adjustResize" />
 
+        <activity
+            android:name=".ui.email.EmailLinkErrorRecoveryActivity"
+            android:label="@string/fui_sign_in_default"
+            android:exported="false"
+            android:windowSoftInputMode="adjustResize" />
+
         <activity
             android:name=".ui.idp.AuthMethodPickerActivity"
             android:label="@string/fui_default_toolbar_title"

auth/src/main/java/com/firebase/ui/auth/AuthUI.java

@@ -612,29 +612,61 @@ public EmailBuilder setRequireName(boolean requireName) {
                 return this;
             }
 
+            /**
+             * Enables email link sign in instead of password based sign in. Once enabled, you must
+             * pass a valid {@link ActionCodeSettings} object using
+             * {@link #setActionCodeSettings(ActionCodeSettings)}
+             * <p>
+             * You must enable Firebase Dynamic Links in the Firebase Console to use email link
+             * sign in.
+             *
+             * @throws IllegalStateException if {@link ActionCodeSettings} is null or not
+             *                               provided with email link enabled.
+             */
             @NonNull
             public EmailBuilder enableEmailLinkSignIn() {
                 setProviderId(EMAIL_LINK_PROVIDER);
                 return this;
             }
 
+            /**
+             * Sets the {@link ActionCodeSettings} object to be used for email link sign in.
+             * <p>
+             * {@link ActionCodeSettings#canHandleCodeInApp()} must be set to true, and a valid
+             * continueUrl must be passed via {@link ActionCodeSettings.Builder#setUrl(String)}.
+             * This URL must be whitelisted in the Firebase Console.
+             *
+             * @throws IllegalStateException if canHandleCodeInApp is set to false
+             * @throws NullPointerException if ActionCodeSettings is null
+             */
             @NonNull
             public EmailBuilder setActionCodeSettings(ActionCodeSettings actionCodeSettings) {
                 getParams().putParcelable(ExtraConstants.ACTION_CODE_SETTINGS, actionCodeSettings);
                 return this;
             }
 
+            /**
+             * Disables allowing email link sign in to occur across different devices.
+             * <p>
+             * This cannot be disabled with anonymous upgrade.
+             */
+            @NonNull
+            public EmailBuilder setForceSameDevice() {
+                getParams().putBoolean(ExtraConstants.FORCE_SAME_DEVICE, true);
+                return this;
+            }
+
             @Override
             public IdpConfig build() {
                 if (super.mProviderId.equals(EMAIL_LINK_PROVIDER)) {
-                    ActionCodeSettings actionCodeSettings = getParams().getParcelable
-                            (ExtraConstants.ACTION_CODE_SETTINGS);
+                    ActionCodeSettings actionCodeSettings =
+                            getParams().getParcelable(ExtraConstants.ACTION_CODE_SETTINGS);
                     Preconditions.checkNotNull(actionCodeSettings, "ActionCodeSettings cannot be " +
                             "null when using email link sign in.");
-                    if (actionCodeSettings != null && !actionCodeSettings.canHandleCodeInApp()) {
+                   if (!actionCodeSettings.canHandleCodeInApp()) {
                         // Pre-emptively fail if actionCodeSettings are misconfigured. This would
                         // have happened when calling sendSignInLinkToEmail
-                        throw new IllegalArgumentException(
+                        throw new IllegalStateException(
                                 "You must set canHandleCodeInApp in your ActionCodeSettings to " +
                                         "true for Email-Link Sign-in.");
                     }
@@ -1247,6 +1279,7 @@ public T setAuthMethodPickerLayout(@NonNull AuthMethodPickerLayout authMethodPic
          * a single provider configured.
          * <p>
          * <p>This is false by default.
+         *
          * @param alwaysShow if true, force the sign-in choice screen to show.
          */
         @NonNull
@@ -1293,13 +1326,31 @@ public SignInIntentBuilder setEmailLink(@NonNull final String emailLink) {
         /**
          * Enables upgrading anonymous accounts to full accounts during the sign-in flow.
          * This is disabled by default.
+         *
+         * @throws IllegalStateException when you attempt to enable anonymous user upgrade
+         * without forcing the same device flow for email link sign in.
          */
         @NonNull
         public SignInIntentBuilder enableAnonymousUsersAutoUpgrade() {
             mEnableAnonymousUpgrade = true;
+            validateEmailBuilderConfig();
             return this;
         }
 
+        private void validateEmailBuilderConfig() {
+            for (int i = 0; i < mProviders.size(); i++) {
+                IdpConfig config = mProviders.get(i);
+                if (config.getProviderId().equals(EMAIL_LINK_PROVIDER)) {
+                    boolean emailLinkForceSameDevice =
+                            config.getParams().getBoolean(ExtraConstants.FORCE_SAME_DEVICE, true);
+                    if (!emailLinkForceSameDevice) {
+                        throw new IllegalStateException("You must force the same device flow " +
+                                "when using email link sign in with anonymous user upgrade");
+                    }
+                }
+            }
+        }
+
         @Override
         protected FlowParameters getFlowParams() {
             return new FlowParameters(

auth/src/main/java/com/firebase/ui/auth/ErrorCodes.java

@@ -36,7 +36,7 @@ public final class ErrorCodes {
      */
     public static final int ANONYMOUS_UPGRADE_MERGE_CONFLICT = 5;
     /**
-     * Signing in with a different email in the WelcomeBackIdp flow.
+     * Signing in with a different email in the WelcomeBackIdp flow or email link flow.
      */
     public static final int EMAIL_MISMATCH_ERROR = 6;
     /**
@@ -49,7 +49,16 @@ public final class ErrorCodes {
      */
     public static final int EMAIL_LINK_WRONG_DEVICE_ERROR = 8;
 
+    /**
+     * We need to prompt the user for their email.
+     * */
+    public static final int EMAIL_LINK_PROMPT_FOR_EMAIL_ERROR = 9;
 
+    /**
+     * Cross device linking flow - we need to ask the user if they want to continue linking or
+     * just sign in.
+     * */
+    public static final int EMAIL_LINK_CROSS_DEVICE_LINKING_ERROR = 10;
 
     private ErrorCodes() {
         throw new AssertionError("No instance for you!");
@@ -76,8 +85,12 @@ public static String toFriendlyMessage(@Code int code) {
                         "provided";
             case INVALID_EMAIL_LINK_ERROR:
                 return "You are are attempting to sign in with an invalid email link";
+            case EMAIL_LINK_PROMPT_FOR_EMAIL_ERROR:
+                return "Please enter your email to continue signing in";
             case EMAIL_LINK_WRONG_DEVICE_ERROR:
                 return "You must open the email link on the same device.";
+            case EMAIL_LINK_CROSS_DEVICE_LINKING_ERROR:
+                return "You must determine if you want to continue linking or complete the sign in";
             default:
                 throw new IllegalArgumentException("Unknown code: " + code);
         }
@@ -95,7 +108,9 @@ public static String toFriendlyMessage(@Code int code) {
             ANONYMOUS_UPGRADE_MERGE_CONFLICT,
             EMAIL_MISMATCH_ERROR,
             INVALID_EMAIL_LINK_ERROR,
-            EMAIL_LINK_WRONG_DEVICE_ERROR
+            EMAIL_LINK_WRONG_DEVICE_ERROR,
+            EMAIL_LINK_PROMPT_FOR_EMAIL_ERROR,
+            EMAIL_LINK_CROSS_DEVICE_LINKING_ERROR
     })
     @Retention(RetentionPolicy.SOURCE)
     public @interface Code {

auth/src/main/java/com/firebase/ui/auth/ui/AppCompatBase.java

@@ -15,8 +15,11 @@
 package com.firebase.ui.auth.ui;
 
 import android.os.Bundle;
+import android.support.annotation.NonNull;
 import android.support.annotation.Nullable;
 import android.support.annotation.RestrictTo;
+import android.support.v4.app.Fragment;
+import android.support.v4.app.FragmentTransaction;
 
 import com.firebase.ui.auth.R;
 
@@ -28,4 +31,25 @@ protected void onCreate(@Nullable Bundle savedInstanceState) {
         setTheme(R.style.FirebaseUI); // Provides default values
         setTheme(getFlowParams().themeId);
     }
+
+    protected void switchFragment(@NonNull Fragment fragment,
+                                  int fragmentId,
+                                  @NonNull String tag,
+                                  boolean withTransition,
+                                  boolean addToBackStack) {
+        FragmentTransaction ft = getSupportFragmentManager().beginTransaction();
+        if (withTransition) {
+            ft.setCustomAnimations(R.anim.fui_slide_in_right, R.anim.fui_slide_out_left);
+        }
+        ft.replace(fragmentId, fragment, tag);
+        if (addToBackStack) {
+            ft.addToBackStack(null).commit();
+        } else {
+            ft.disallowAddToBackStack().commit();
+        }
+    }
+
+    protected void switchFragment(@NonNull Fragment fragment, int fragmentId, @NonNull String tag) {
+        switchFragment(fragment, fragmentId, tag, false, false);
+    }
 }

auth/src/main/java/com/firebase/ui/auth/ui/email/CheckEmailFragment.java

@@ -79,6 +79,12 @@ public void onViewCreated(@NonNull View view, @Nullable Bundle savedInstanceStat
         mEmailLayout.setOnClickListener(this);
         mEmailEditText.setOnClickListener(this);
 
+        // Hide header
+        TextView headerText = view.findViewById(R.id.header_text);
+        if (headerText != null) {
+            headerText.setVisibility(View.GONE);
+        }
+
         ImeHelper.setImeOnDoneListener(mEmailEditText, this);
 
         if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O && getFlowParams().enableHints) {

auth/src/main/java/com/firebase/ui/auth/ui/email/EmailActivity.java

@@ -21,7 +21,6 @@
 import android.support.annotation.RestrictTo;
 import android.support.annotation.StringRes;
 import android.support.design.widget.TextInputLayout;
-import android.support.v4.app.Fragment;
 import android.support.v4.app.FragmentTransaction;
 import android.support.v4.view.ViewCompat;
 
@@ -92,12 +91,15 @@ protected void onCreate(@Nullable Bundle savedInstanceState) {
             EmailLinkPersistenceManager.getInstance().saveIdpResponseForLinking(getApplication(),
                     responseForLinking);
 
-            EmailLinkFragment fragment = EmailLinkFragment.newInstance(email, actionCodeSettings);
-            switchFragment(fragment, EmailLinkFragment.TAG);
+            boolean forceSameDevice =
+                    emailConfig.getParams().getBoolean(ExtraConstants.FORCE_SAME_DEVICE);
+            EmailLinkFragment fragment = EmailLinkFragment.newInstance(email, actionCodeSettings,
+                    responseForLinking, forceSameDevice);
+            switchFragment(fragment, R.id.fragment_register_email, EmailLinkFragment.TAG);
         } else {
             // Start with check email
             CheckEmailFragment fragment = CheckEmailFragment.newInstance(email);
-            switchFragment(fragment, CheckEmailFragment.TAG);
+            switchFragment(fragment, R.id.fragment_register_email, CheckEmailFragment.TAG);
         }
     }
 
@@ -128,7 +130,6 @@ this, getFlowParams(), new IdpResponse.Builder(user).build()),
 
     @Override
     public void onExistingIdpUser(User user) {
-
         // Existing social user, direct them to sign in using their chosen provider.
         startActivityForResult(
                 WelcomeBackIdpPrompt.createIntent(this, getFlowParams(), user),
@@ -173,7 +174,8 @@ public void onNewUser(User user) {
     public void onTroubleSigningIn(String email) {
         TroubleSigningInFragment troubleSigningInFragment = TroubleSigningInFragment.newInstance
                 (email);
-        switchFragment(troubleSigningInFragment, TroubleSigningInFragment.TAG, true, true);
+        switchFragment(troubleSigningInFragment, R.id.fragment_register_email,
+                TroubleSigningInFragment.TAG, true, true);
     }
 
     @Override
@@ -218,28 +220,7 @@ private void showRegisterEmailLinkFragment(AuthUI.IdpConfig emailConfig,
                 (ExtraConstants.ACTION_CODE_SETTINGS);
         EmailLinkFragment fragment = EmailLinkFragment.newInstance(email,
                 actionCodeSettings);
-        switchFragment(fragment, EmailLinkFragment.TAG);
-    }
-
-
-    private void switchFragment(Fragment fragment,
-                                String tag,
-                                boolean withTransition,
-                                boolean addToBackStack) {
-        FragmentTransaction ft = getSupportFragmentManager().beginTransaction();
-        if (withTransition) {
-            ft.setCustomAnimations(R.anim.fui_slide_in_right, R.anim.fui_slide_out_left);
-        }
-        ft.replace(R.id.fragment_register_email, fragment, tag);
-        if (addToBackStack) {
-            ft.addToBackStack(null).commit();
-        } else {
-            ft.disallowAddToBackStack().commit();
-        }
-    }
-
-    private void switchFragment(Fragment fragment, String tag) {
-        switchFragment(fragment, tag, false, false);
+        switchFragment(fragment, R.id.fragment_register_email, EmailLinkFragment.TAG);
     }
 
     @Override

auth/src/main/java/com/firebase/ui/auth/ui/email/EmailLinkCatcherActivity.java

@@ -22,6 +22,7 @@
 import com.firebase.ui.auth.viewmodel.RequestCodes;
 import com.firebase.ui.auth.viewmodel.ResourceObserver;
 import com.firebase.ui.auth.viewmodel.email.EmailLinkSignInHandler;
+import com.google.firebase.auth.FirebaseAuthInvalidCredentialsException;
 
 @RestrictTo(RestrictTo.Scope.LIBRARY_GROUP)
 public class EmailLinkCatcherActivity extends InvisibleActivityBase {
@@ -35,6 +36,7 @@ public static Intent createIntent(Context context, FlowParameters flowParams) {
     @Override
     protected void onCreate(@Nullable Bundle savedInstanceState) {
         super.onCreate(savedInstanceState);
+
         initHandler();
 
         if (getFlowParams().emailLink != null) {
@@ -59,23 +61,42 @@ protected void onFailure(@NonNull final Exception e) {
                     IdpResponse res = ((FirebaseAuthAnonymousUpgradeException) e).getResponse();
                     finish(RESULT_CANCELED, new Intent().putExtra(ExtraConstants
                             .IDP_RESPONSE, res));
-                } else {
-                    if (e instanceof FirebaseUiException) {
-                        if (((FirebaseUiException) e).getErrorCode() == ErrorCodes
-                                .EMAIL_LINK_WRONG_DEVICE_ERROR) {
-                            buildAlertDialog(ErrorCodes.EMAIL_LINK_WRONG_DEVICE_ERROR).show();
-                        } else if (((FirebaseUiException) e).getErrorCode() == ErrorCodes
-                                .INVALID_EMAIL_LINK_ERROR) {
-                            buildAlertDialog(ErrorCodes.INVALID_EMAIL_LINK_ERROR).show();
-                        }
-                    } else {
-                        finish(RESULT_CANCELED, IdpResponse.getErrorIntent(e));
+                } else if (e instanceof FirebaseUiException) {
+                    int errorCode = ((FirebaseUiException) e).getErrorCode();
+                    if (errorCode == ErrorCodes.EMAIL_LINK_WRONG_DEVICE_ERROR
+                            || errorCode == ErrorCodes.INVALID_EMAIL_LINK_ERROR) {
+                        buildAlertDialog(errorCode).show();
+                    } else if (errorCode == ErrorCodes.EMAIL_LINK_PROMPT_FOR_EMAIL_ERROR
+                            || errorCode == ErrorCodes.EMAIL_MISMATCH_ERROR) {
+                        startErrorRecoveryFlow(RequestCodes.EMAIL_LINK_PROMPT_FOR_EMAIL_FLOW);
+                    } else if (errorCode == ErrorCodes.EMAIL_LINK_CROSS_DEVICE_LINKING_ERROR) {
+                        startErrorRecoveryFlow(RequestCodes.EMAIL_LINK_CROSS_DEVICE_LINKING_FLOW);
                     }
+                } else if (e instanceof FirebaseAuthInvalidCredentialsException) {
+                    startErrorRecoveryFlow(RequestCodes.EMAIL_LINK_PROMPT_FOR_EMAIL_FLOW);
+                } else {
+                    finish(RESULT_CANCELED, IdpResponse.getErrorIntent(e));
                 }
             }
         });
     }
 
+    /**
+     * @param flow must be one of RequestCodes.EMAIL_LINK_PROMPT_FOR_EMAIL_FLOW or
+     *             RequestCodes.EMAIL_LINK_CROSS_DEVICE_LINKING_FLOW
+     */
+    private void startErrorRecoveryFlow(int flow) {
+        if (flow != RequestCodes.EMAIL_LINK_CROSS_DEVICE_LINKING_FLOW
+                && flow != RequestCodes.EMAIL_LINK_PROMPT_FOR_EMAIL_FLOW) {
+            throw new IllegalStateException("Invalid flow param. It must be either " +
+                    "RequestCodes.EMAIL_LINK_CROSS_DEVICE_LINKING_FLOW or " +
+                    "RequestCodes.EMAIL_LINK_PROMPT_FOR_EMAIL_FLOW");
+        }
+        Intent intent = EmailLinkErrorRecoveryActivity.createIntent(getApplicationContext(),
+                getFlowParams(), flow);
+        startActivityForResult(intent, flow);
+    }
+
     private AlertDialog buildAlertDialog(int errorCode) {
         AlertDialog.Builder alertDialog = new AlertDialog.Builder(this);
         if (errorCode == ErrorCodes.EMAIL_LINK_WRONG_DEVICE_ERROR) {
@@ -99,4 +120,19 @@ public void onClick(DialogInterface dialog, int id) {
         }
         return alertDialog.create();
     }
+
+    @Override
+    public void onActivityResult(int requestCode, int resultCode, @Nullable Intent data) {
+        if (requestCode == RequestCodes.EMAIL_LINK_PROMPT_FOR_EMAIL_FLOW
+                || requestCode == RequestCodes.EMAIL_LINK_CROSS_DEVICE_LINKING_FLOW) {
+            IdpResponse response = IdpResponse.fromResultIntent(data);
+            // CheckActionCode is called before starting this flow, so we only get here
+            // if the sign in link is valid - it can only fail by being cancelled.
+            if (resultCode == RESULT_OK) {
+                finish(RESULT_OK, response.toIntent());
+            } else {
+                finish(RESULT_CANCELED, null);
+            }
+        }
+    }
 }