fix(#396): open SSO login links in root webview (#397)

Co-authored-by: Joshua Kuestersteffen <jkuester@kuester7.com>

Author: icrc-fdeniger

src/main/java/org/medicmobile/webapp/mobile/UrlHandler.java

@@ -20,16 +20,18 @@
 public class UrlHandler extends WebViewClient {
 	EmbeddedBrowserActivity parentActivity;
 	SettingsStore settings;
+	private final String oidcRedirectUriQueryParam;
 
 	public UrlHandler(EmbeddedBrowserActivity parentActivity, SettingsStore settings) {
 		this.parentActivity = parentActivity;
 		this.settings = settings;
+		this.oidcRedirectUriQueryParam = "redirect_uri=" + Uri.encode(this.settings.getAppUrl() + "/medic/login/oidc");
 	}
 
 	@Override
 	public boolean shouldOverrideUrlLoading(WebView view, WebResourceRequest request) {
 		Uri uri = request.getUrl();
-		if (isUrlRelated(this.settings.getAppUrl(), uri)) {
+		if (isUrlRelated(this.settings.getAppUrl(), uri) || isOidcProviderUrl(uri)) {
 			// Load all related URLs in the WebView
 			return false;
 		}
@@ -41,6 +43,18 @@ public boolean shouldOverrideUrlLoading(WebView view, WebResourceRequest request
 		return true;
 	}
 
+	/**
+	 * Support OIDC login flow by allowing any URL that contains the current app_url as the redirect_uri.
+	 */
+	private boolean isOidcProviderUrl(Uri uriToTest) {
+		if (uriToTest == null) {
+			return false;
+		}
+		return uriToTest
+			.toString()
+			.contains(oidcRedirectUriQueryParam);
+	}
+
 	/**
 	 * Support for SDK 21 and 22.
 	 */

src/test/java/org/medicmobile/webapp/mobile/UrlHandlerTest.java

@@ -0,0 +1,97 @@
+package org.medicmobile.webapp.mobile;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.doNothing;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+import android.content.Context;
+import android.net.Uri;
+import android.webkit.WebResourceRequest;
+import android.webkit.WebView;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.robolectric.RobolectricTestRunner;
+
+@RunWith(RobolectricTestRunner.class)
+public class UrlHandlerTest {
+	private static final String APP_URL = "https://project-abc.medic.org";
+	private SettingsStore settingsStore;
+	private WebView webView;
+	private WebResourceRequest webResourceRequest;
+	private Context context;
+	private UrlHandler handler;
+
+	@Before
+	public void setup() {
+		settingsStore = mock(SettingsStore.class);
+		when(settingsStore.getAppUrl()).thenReturn(APP_URL);
+		webView = mock(WebView.class);
+		context = mock(Context.class);
+		when(webView.getContext()).thenReturn(context);
+		doNothing().when(context).startActivity(any());
+		webResourceRequest = mock(WebResourceRequest.class);
+
+		handler = new UrlHandler(null, settingsStore);
+	}
+
+	@Test
+	public void shouldOverrideUrlLoading_withAppUrlSubPath() {
+		when(webResourceRequest.getUrl()).thenReturn(Uri.parse(APP_URL + "/some-sub-path"));
+
+		boolean result = handler.shouldOverrideUrlLoading(webView, webResourceRequest);
+
+		assertFalse(result);
+		verify(settingsStore, times(2)).getAppUrl();
+		verify(webResourceRequest).getUrl();
+		verify(webView, times(0)).getContext();
+		verify(context, times(0)).startActivity(any());
+	}
+
+	@Test
+	public void shouldOverrideUrlLoading_withExternalUrl() {
+		when(webResourceRequest.getUrl()).thenReturn(Uri.parse("some-external-url.com"));
+
+		boolean result = handler.shouldOverrideUrlLoading(webView, webResourceRequest);
+
+		assertTrue(result);
+		verify(settingsStore, times(2)).getAppUrl();
+		verify(webResourceRequest).getUrl();
+		verify(webView).getContext();
+		verify(context).startActivity(any());
+	}
+
+	@Test
+	public void shouldOverrideUrlLoading_withExternalOidcProviderUrl() {
+		when(webResourceRequest.getUrl()).thenReturn(
+			Uri.parse("some-external-url.com?redirect_uri=" + Uri.encode(APP_URL + "/medic/login/oidc"))
+		);
+
+		boolean result = handler.shouldOverrideUrlLoading(webView, webResourceRequest);
+
+		assertFalse(result);
+		verify(settingsStore, times(2)).getAppUrl();
+		verify(webResourceRequest).getUrl();
+		verify(webView, times(0)).getContext();
+		verify(context, times(0)).startActivity(any());
+	}
+
+	@Test
+	public void shouldOverrideUrlLoading_withNullUrl() {
+		when(webResourceRequest.getUrl()).thenReturn(null);
+
+		boolean result = handler.shouldOverrideUrlLoading(webView, webResourceRequest);
+
+		assertTrue(result);
+		verify(settingsStore, times(2)).getAppUrl();
+		verify(webResourceRequest).getUrl();
+		verify(webView).getContext();
+		verify(context).startActivity(any());
+	}
+}