Tighten handling of URLs in TokenScript - now only allow URL which is whitelisted in the dapp list.

Respond to map location request by opening maps to avoid requiring location permission.
pull/1372/head
James Brown 5 years ago
parent 82d8122a2f
commit 4fa57114b1
  1. 1
      app/src/main/java/com/alphawallet/app/C.java
  2. 88
      app/src/main/java/com/alphawallet/app/ui/FunctionActivity.java
  3. 49
      app/src/main/java/com/alphawallet/app/ui/HomeActivity.java
  4. 8
      app/src/main/java/com/alphawallet/app/viewmodel/BaseNavigationActivity.java
  5. 2
      app/src/main/res/values-es/strings.xml
  6. 2
      app/src/main/res/values-zh/strings.xml
  7. 2
      app/src/main/res/values/strings.xml

@ -165,6 +165,7 @@ public abstract class C {
public static final String DAPP_PREFIX_MAILTO = "mailto";
public static final String DAPP_PREFIX_ALPHAWALLET = "alphawallet";
public static final String DAPP_SUFFIX_RECEIVE = "receive";
public static final String DAPP_PREFIX_MAPS = "maps.google.com/maps?daddr=";
public static final String ENS_SCAN_BLOCK = "ens_check_block";
public static final String ENS_HISTORY = "ensHistory";

@ -2,25 +2,30 @@ package com.alphawallet.app.ui;
import android.arch.lifecycle.ViewModelProviders;
import android.content.Intent;
import android.net.Uri;
import android.os.Bundle;
import android.os.Handler;
import android.support.annotation.Nullable;
import android.text.TextUtils;
import android.util.Base64;
import android.view.Menu;
import android.view.MenuItem;
import android.view.View;
import android.webkit.WebView;
import android.webkit.WebViewClient;
import android.widget.LinearLayout;
import android.widget.ProgressBar;
import com.alphawallet.app.C;
import com.alphawallet.app.R;
import com.alphawallet.app.entity.DApp;
import com.alphawallet.app.entity.DAppFunction;
import com.alphawallet.app.entity.SignAuthenticationCallback;
import com.alphawallet.app.entity.StandardFunctionInterface;
import com.alphawallet.app.entity.tokens.Token;
import com.alphawallet.app.entity.tokenscript.TokenScriptRenderCallback;
import com.alphawallet.app.entity.tokenscript.WebCompletionCallback;
import com.alphawallet.app.util.DappBrowserUtils;
import com.alphawallet.app.util.KeyboardUtils;
import com.alphawallet.app.viewmodel.TokenFunctionViewModel;
import com.alphawallet.app.viewmodel.TokenFunctionViewModelFactory;
@ -86,7 +91,6 @@ public class FunctionActivity extends BaseActivity implements FunctionCallback,
private Web3TokenView tokenView;
private ProgressBar waitSpinner;
private SignMessageDialog dialog;
private String functionEffect;
private Map<String, String> args = new HashMap<>();
private Map<String, Boolean> resolvedUserArgs = new HashMap<>();
private StringBuilder attrs;
@ -95,7 +99,6 @@ public class FunctionActivity extends BaseActivity implements FunctionCallback,
private FunctionButtonBar functionBar;
private Handler handler;
private boolean reloaded;
private boolean isClosing;
private int userInputCheckCount;
private void initViews() {
@ -123,6 +126,15 @@ public class FunctionActivity extends BaseActivity implements FunctionCallback,
reloaded = false;
getAttrs();
tokenView.setWebViewClient(new WebViewClient() {
@Override
public boolean shouldOverrideUrlLoading(WebView view, String url)
{
if (handleMapClick(url)) return true; //handle specific map click
else return handleURLClick(url); //otherwise handle an attempt to visit a URL from TokenScript. If URL isn't in the approved DAPP list then fail
}
});
}
private void displayFunction(String tokenAttrs)
@ -232,7 +244,6 @@ public class FunctionActivity extends BaseActivity implements FunctionCallback,
viewModel.invalidAddress().observe(this, this::errorInvalidAddress);
viewModel.insufficientFunds().observe(this, this::errorInsufficientFunds);
progressView.hide();
isClosing = false;
//expose the webview and remove the token 'card' background
findViewById(R.id.layout_webwrapper).setBackgroundResource(R.drawable.background_card);
@ -472,7 +483,6 @@ public class FunctionActivity extends BaseActivity implements FunctionCallback,
@Override
public void functionSuccess()
{
isClosing = true;
if (handler == null) handler = new Handler();
LinearLayout successOverlay = findViewById(R.id.layout_success_overlay);
if (successOverlay != null) successOverlay.setVisibility(View.VISIBLE);
@ -615,6 +625,75 @@ public class FunctionActivity extends BaseActivity implements FunctionCallback,
else handler.post(progressOff);
}
private void urlNotWhiteListed(String url)
{
hideDialog();
alertDialog = new AWalletAlertDialog(this);
alertDialog.setIcon(AWalletAlertDialog.ERROR);
alertDialog.setTitle(R.string.error_not_whitelisted);
alertDialog.setMessage(getString(R.string.explain_not_whitelisted, url));
alertDialog.setButtonText(R.string.button_ok);
alertDialog.setButtonListener(v ->alertDialog.dismiss());
alertDialog.show();
}
private void openInDappBrowser(String url)
{
Intent intent = new Intent(FunctionActivity.this, HomeActivity.class);
intent.setFlags(Intent.FLAG_ACTIVITY_SINGLE_TOP);
intent.putExtra("url", url);
startActivity(intent);
}
private boolean handleURLClick(String url)
{
if (!TextUtils.isEmpty(url))
{
//try one of the whitelisted URL's and open in dapp browser
List<DApp> myDapps = DappBrowserUtils.getDappsList(getApplicationContext());
for (DApp thisDapp : myDapps)
{
if (url.contains(thisDapp.getUrl()))
{
openInDappBrowser(url);
return true;
}
}
//not whitelisted
urlNotWhiteListed(url);
}
return true;
}
private boolean handleMapClick(String url)
{
if (!TextUtils.isEmpty(url))
{
int index = url.indexOf(C.DAPP_PREFIX_MAPS);
if (index > 0)
{
index += C.DAPP_PREFIX_MAPS.length();
if (index < url.length())
{
String geoCoords = url.substring(index);
Uri gmmIntentUri = Uri.parse("geo:My+Location?q=" + geoCoords);
//pass the location to the intent
Intent intent = new Intent(android.content.Intent.ACTION_VIEW,
gmmIntentUri);
startActivity(intent);
//finish this activity
functionSuccess();
return true;
}
}
}
return false;
}
@Override
public void GotAuthorisation(boolean gotAuth)
{
@ -655,7 +734,6 @@ public class FunctionActivity extends BaseActivity implements FunctionCallback,
@Override
public void handleTokenScriptFunction(String function, List<BigInteger> selection)
{
isClosing = false;
args.clear();
//run the onConfirm JS and await callback
tokenView.TScallToJS(function, "onConfirm" + "('sig')", this);

@ -3,8 +3,16 @@ package com.alphawallet.app.ui;
import android.Manifest;
import android.annotation.SuppressLint;
import android.app.Dialog;
import android.arch.lifecycle.*;
import android.content.*;
import android.arch.lifecycle.Lifecycle;
import android.arch.lifecycle.LifecycleObserver;
import android.arch.lifecycle.OnLifecycleEvent;
import android.arch.lifecycle.ProcessLifecycleOwner;
import android.arch.lifecycle.ViewModelProviders;
import android.content.ClipData;
import android.content.ClipboardManager;
import android.content.Context;
import android.content.Intent;
import android.content.SharedPreferences;
import android.content.pm.PackageManager;
import android.graphics.Color;
import android.net.Uri;
@ -22,21 +30,17 @@ import android.support.v4.content.ContextCompat;
import android.support.v4.content.FileProvider;
import android.support.v4.view.PagerAdapter;
import android.support.v4.view.ViewPager;
import android.support.v4.widget.SwipeRefreshLayout;
import android.support.v7.widget.RecyclerView;
import android.util.DisplayMetrics;
import android.util.Log;
import android.view.Menu;
import android.view.MenuItem;
import android.view.View;
import android.widget.ImageView;
import android.widget.LinearLayout;
import android.widget.Toast;
import com.alphawallet.app.entity.VisibilityFilter;
import com.alphawallet.app.repository.EthereumNetworkRepository;
import com.alphawallet.app.service.NotificationService;
import com.github.florent37.tutoshowcase.TutoShowcase;
import com.alphawallet.app.BuildConfig;
import com.alphawallet.app.C;
import com.alphawallet.app.R;
import com.alphawallet.app.entity.CryptoFunctions;
import com.alphawallet.app.entity.ErrorEnvelope;
import com.alphawallet.app.entity.FragmentMessenger;
@ -45,16 +49,12 @@ import com.alphawallet.app.entity.HomeReceiver;
import com.alphawallet.app.entity.Operation;
import com.alphawallet.app.entity.PinAuthenticationCallbackInterface;
import com.alphawallet.app.entity.SignAuthenticationCallback;
import com.alphawallet.app.entity.VisibilityFilter;
import com.alphawallet.app.entity.Wallet;
import com.alphawallet.app.repository.EthereumNetworkRepository;
import com.alphawallet.app.service.NotificationService;
import com.alphawallet.app.ui.widget.entity.ScrollControlViewPager;
import com.alphawallet.app.util.RootUtil;
import dagger.android.AndroidInjection;
import com.alphawallet.token.tools.ParseMagicLink;
import com.alphawallet.app.BuildConfig;
import com.alphawallet.app.C;
import com.alphawallet.app.R;
import com.alphawallet.app.viewmodel.BaseNavigationActivity;
import com.alphawallet.app.viewmodel.HomeViewModel;
import com.alphawallet.app.viewmodel.HomeViewModelFactory;
@ -62,16 +62,23 @@ import com.alphawallet.app.widget.AWalletAlertDialog;
import com.alphawallet.app.widget.AWalletConfirmationDialog;
import com.alphawallet.app.widget.DepositView;
import com.alphawallet.app.widget.SignTransactionDialog;
import com.alphawallet.app.widget.SystemView;
import com.alphawallet.token.tools.ParseMagicLink;
import com.github.florent37.tutoshowcase.TutoShowcase;
import org.web3j.crypto.WalletUtils;
import javax.inject.Inject;
import java.io.File;
import java.lang.reflect.Method;
import javax.inject.Inject;
import dagger.android.AndroidInjection;
import static com.alphawallet.app.C.CHANGED_LOCALE;
import static com.alphawallet.app.widget.AWalletBottomNavigationView.*;
import static com.alphawallet.app.widget.AWalletBottomNavigationView.DAPP_BROWSER;
import static com.alphawallet.app.widget.AWalletBottomNavigationView.SETTINGS;
import static com.alphawallet.app.widget.AWalletBottomNavigationView.TRANSACTIONS;
import static com.alphawallet.app.widget.AWalletBottomNavigationView.WALLET;
public class HomeActivity extends BaseNavigationActivity implements View.OnClickListener, HomeCommsInterface, FragmentMessenger, Runnable, SignAuthenticationCallback
{
@ -223,6 +230,8 @@ public class HomeActivity extends BaseNavigationActivity implements View.OnClick
bundle.putString("url", url);
dappBrowserFragment.setArguments(bundle);
showPage(DAPP_BROWSER);
//remove navbar if running as pure browser. clicking back will send you back to the Action/click that took you there
hideNavBar();
}
viewModel.cleanDatabases(this);
@ -922,7 +931,7 @@ public class HomeActivity extends BaseNavigationActivity implements View.OnClick
@Override
public void onBackPressed() {
//Check if current page is WALLET or not
if(viewPager.getCurrentItem() != WALLET)
if(viewPager.getCurrentItem() != WALLET && isNavBarVisible())
{
showPage(WALLET);
}

@ -1,9 +1,9 @@
package com.alphawallet.app.viewmodel;
import com.alphawallet.app.ui.BaseActivity;
import android.view.View;
import com.alphawallet.app.R;
import com.alphawallet.app.ui.BaseActivity;
import com.alphawallet.app.widget.AWalletBottomNavigationView;
public class BaseNavigationActivity extends BaseActivity implements AWalletBottomNavigationView.OnBottomNavigationItemSelectedListener {
@ -44,4 +44,8 @@ public class BaseNavigationActivity extends BaseActivity implements AWalletBotto
{
nav.hideBrowserTab();
}
public void hideNavBar() { nav.setVisibility(View.GONE); }
public boolean isNavBarVisible() { return nav.getVisibility() == View.VISIBLE; }
}

@ -595,4 +595,6 @@
<string name="created_aw_directory_detail">AlphaWallet directory created. Drop scripts into this directory to use your scripts. See tokenscript.org for more details on how to easily create a secure and useful interface to your tokens.</string>
<string name="title_no_need_to_watch">Already Watching</string>
<string name="error_while_signing_transaction">Error occurred while signing transaction. Please re-import the key for this wallet.</string>
<string name="error_not_whitelisted">Page Not Whitelisted</string>
<string name="explain_not_whitelisted">TokenScript attempting to redirect to non-whitelisted page %1$s. If you are the owner of this site please submit PR to AlphaWallet repo to add page for whitelisting.</string>
</resources>

@ -584,4 +584,6 @@
<string name="created_aw_directory_detail">AlphaWallet directory created. Drop scripts into this directory to use your scripts. See tokenscript.org for more details on how to easily create a secure and useful interface to your tokens.</string>
<string name="title_no_need_to_watch">Already Watching</string>
<string name="error_while_signing_transaction">Error occurred while signing transaction. Please re-import the key for this wallet.</string>
<string name="error_not_whitelisted">Page Not Whitelisted</string>
<string name="explain_not_whitelisted">TokenScript attempting to redirect to non-whitelisted page %1$s. If you are the owner of this site please submit PR to AlphaWallet repo to add page for whitelisting.</string>
</resources>

@ -595,4 +595,6 @@
<string name="created_aw_directory_detail">AlphaWallet directory created. Drop scripts into this directory to use your scripts. See tokenscript.org for more details on how to easily create a secure and useful interface to your tokens.</string>
<string name="title_no_need_to_watch">Already Watching</string>
<string name="error_while_signing_transaction">Error occurred while signing transaction. Please re-import the key for this wallet.</string>
<string name="error_not_whitelisted">Page Not Whitelisted</string>
<string name="explain_not_whitelisted">TokenScript attempting to redirect to non-whitelisted page %1$s. If you are the owner of this site please submit PR to AlphaWallet repo to add page for whitelisting.</string>
</resources>

Loading…
Cancel
Save