Dropbox Datastore API: Reliably determining if the user is authenticated - java

The Problem
I am using the Dropbox Datastore API to store information in my app. I am trying to figure out a reliable way to check if the user is authenticated with Dropbox.
Currently I am using this helper function:
public boolean isLoggedIn(Context context){
LogHelper logHelper = new LogHelper();
DbxAccount dropboxAcount = getDropboxAccountManager(context).getLinkedAccount();
if(dropboxAcount == null){
return false;
} else{
if(dropboxAcount.isLinked() && dropboxAcount.getAccountInfo() != null){
return true;
} else{
return false;
}
}
}
The problem with this is if a user becomes unauthenticated after they have logged in, for example, if the user goes to their dropbox settings and unlinks the app. When this happens the above function will detect that the user is logged in, only when you try to perform an action that requires authentication(Like writing to a datastore) does the dropbox api realize that the user is not authenticated.
The Question
Is there a reliable way to figure out if the user is authenticated with the Dropbox Datastore API?

From https://www.dropbox.com/developers/datastore/docs/android#com.dropbox.sync.android.DbxAccountManager.addListener:
void addListener(AccountListener l)
Adds an DbxAccountManager.AccountListener which will be called
whenever a new account is linked or an existing account is unlinked.
The listener will be called regardless of whether the account was
unlinked using DbxAccount.unlink() or by the user on the Dropbox
website.
This notification will still presumably only fire after some communication with the server, since that's the only way for the client to know that something happened outside of the app.

Related

MSAL ANDROID : MultiAccountMode issue with Logout

I have an android native application using MSAL library to authenticate. We are facing issues to logout from application after login. While logout, it displays a screen where the already logged in email displays, tapping on that allows the user to login to the application with out a password. The application is configured as MultiAccount mode. Below is the code for logout.
removeAccountButton.setOnClickListener(new View.OnClickListener() {
public void onClick(View v) {
if (mMultipleAccountApp == null) {
return;
}
/**
* Removes the selected account and cached tokens from this app (or device, if the device is in shared mode).
*/
mMultipleAccountApp.removeAccount(accountList.get(accountListSpinner.getSelectedItemPosition()),
new IMultipleAccountPublicClientApplication.RemoveAccountCallback() {
#Override
public void onRemoved() {
Toast.makeText(getContext(), "Account removed.", Toast.LENGTH_SHORT)
.show();
/* Reload account asynchronously to get the up-to-date list. */
loadAccounts();
}
#Override
public void onError(#NonNull MsalException exception) {
displayError(exception);
}
});
}
});
It always display the toast "Account removed", but it is actually not. Any help is appreciated!
Edit 1 - 12/12/2022
#Tinjzz This Answer is almost your exact scenario.
Question Description
"accounts are removed successfully, but when signing in again and the microsoft sign in intent is opened, the accounts can just be clicked to sign in without password"
#Rutha answer "This is happening because MSAL automatically refreshes your token after expiration. When user opens your app it checks if that token is already present and valid."
"you need to remove the cache as well to remove the account from the cache, find the account that need to be removed and then call PublicClientApplication.removeAccount()"
In a later answer, #Rutha notes "On Android we basically don't have any control on the cookies" "If you want the user to enter the password again then you should do this: AcquireTokenInteractive(scopes).WithPrompt(Prompt.ForceLogin);
Old Response
From the code posted, it looks like you are using an approach similar to this site with a separate loadAccounts() method. "Step 5.2: Load accounts"
However, in the MS MSAL Single and Multi-Account page, it notes:
"If your app is configured to use a broker, and a broker is installed on the device, the account won't be removed from the broker when you call removeAccount. Only tokens associated with your client are removed."
MS specifically recommends using "Call getAccounts to get a list of accounts currently known to the app."
So, the current setup may be using loadAccounts() per the first link, yet MS actually recommends getAccounts that specifically addresses only the internal MSAL token system.

Always open android webview Login dialog when user logged out from my app

I've integrated Facebook in my app and the user can login, share and post things. I've implemented a logout also.
Here is my problem: when user wants to log in, the Facebook SDK checks whether the native app is present or not.
If the native Facebook app is not installed in the user's device then it will open a webview dialog like the image below (First image).
If the user has the Facebook app, then my app directly asks him/her for permissions without opening the loginUI (Second Image)
.
I want to show the Facebook loginUI always.
Each time the user wants to login.
Please help me.
Yeah i did it....
if anyone in future face this situation this solution may help them
For opening webdialog during login with facebook
If you are using facebook login button, we need to set the property called as "SessionLoginBehaviour" then write the below code.
loginButton.setLoginBehavior(SessionLoginBehavior.SUPPRESS_SSO);
refer this
You can check it if facebook installed using this method :
private boolean isFacebookExist(){
try{
ApplicationInfo info = getPackageManager().
getApplicationInfo("com.facebook.katana", 0 );
return true;
} catch( PackageManager.NameNotFoundException e ){
return false;
}
}

Facebook login problems

So for the past few days I've been trying to get my head around the Facebook SDK for android. I've managed to get the user to log in but only by using
loginBtn.setLoginBehavior(SessionLoginBehavior.SUPPRESS_SSO);
This means every time the user goes to the activity containing the login button they are forced to re-enter their details (username and password) every time. I've followed the tutorials provided on the facebook developers site however I still can't manage to get a simple one time login working. The whole point of this is that I'm trying to get a very simple straight forward image upload button. Press button - check if logged in, if not, login - once logged in post image. But I'm just having trouble with keeping a constant login state, I have managed to get the upload image working however like I said, once the user goes to a different activity they are forced to login again. Surely it should only force them to once on the button click.
Check if they are logged in already:
facebook.isSessionValid()
Better way to do this:
public boolean isLoggedIn() {
Session session = Session.getActiveSession();
if (session != null && session.isOpened()) {
return true;
} else {
return false;
}
}

GWT RequestFactory-based authentication

I am experimenting with GWT RequestFactory (RF) for the first time and am trying to implement a simple sign-in screen and authentication system (not using anything fancy, just fiddling around with the basics here). The basic user experience I'm looking to achieve is pretty par for the course:
The user will be presented with a sign-in screen (email and password and "Sign In" button). When they click the button, I want to use RF to send their credentials to the server (using ValueProxy since these are not entities) and authenticate them. If the credentials were correct, they are now "signed in" to the system, and the GWT app will download a whole new module and they'll be redirected to their account's main menu. If the credentials were incorrect, I want to send back a String explaining that the email or password was incorrect, and they are still "signed out" of the app.
Regarding this question that I posted yesterday, I have now figured out how to use RF to expose a SignInOutService which has a signIn(SignIn) method for attempting to sign the user in, and a signOut(SignOut) method for signing the user out of the system. But now I'm actuallly trying to implement that service, and here's what I have so far:
public class DefaultSignInOutService {
// Try to sign the user into the system.
public String signIn(SignIn signIn) {
// The SignIn object contains the email/hashed password the user tried
// signing-in with, as well as other metadata I'm looking to store for
// security purposes (IP address, user agent, etc.).
String email = signIn.getEmail();
String hashedPassword = signIn.getHashedPassword();
// This will be set to a non-null value if the sign-in attempt fails.
// Otherwise (on successful sign-in) it will stay NULL. The client-side
// handler will know what to do with the UI based on this value.
String failReason = null;
// For this simple example, the password is "12345" and below is it's MD5 hash.
// Hey! That's the combination on my luggage!
if(!"skroob#spaceballs.example.com".equals(email) || !"827ccb0eea8a706c4c34a16891f84e7b".equals(hashedPassword))
failReason = "Login failed; incorrect email or password.";
else {
// Log the user into the system...
// TODO: How?
}
return failReason;
}
// Sign the user out of the system.
public void signOut(SignOut signOut) {
// The SignOut object should reference the user attempting to sign out, as well as a reason
// for why the sign out is occurring: the user manually requested to be signed out, or they
// "expired" due to inactivity or navigating the browser away from the app, and so the system
// auto-signed them out, etc.
// TODO: How?
return;
}
}
So now, I've implemented my super-simple email/password check, and I'm ready to write the code that somehow signs the user into the app (so that they're not presented with a login screen over and over again). And I'm choking on what to do next.
Issues I'm trying to find solutions for:
Is GWT RF somehow session- or token-based? If so, under the commented line "Log the user into the system...", what code can I write that says "this user is now authenticated, set some cookie or session variable to make it so!"? I ask this because once they sign in and are routed to the new module and main menu, GWT will need a way to authenticate every subsequent RF request thereafter.
What does the signOut() method need to reset/clear/nullify in order to clear these cookies/session vars? In other words, how do I actually sign the user out, so if they try to go to the URL for their main menu (which again is only accessible if they're signed in), they'll be redirected to the sign-in screen?
How could I implement a 15-min inactivity timeout, where the user is automatically signed out of the app after a certain length of time? I think this answer will become more obvious once I see how questions #1 and #2 above work.
I was told that I may need to have two servlets and/or filters: one for handling unauthenticated RF requests (while a user is signed out or has not yet signed in), and one for handling authenticated RF requests (once the user is actively signed in). But I can't see how they fit into the overall picture here.
The easiest way is to store your authentication details in session.
public String signIn(SignIn signIn) {
...
if(!"skroob#spaceballs.example.com".equals(email) || !"827ccb0eea8a706c4c34a16891f84e7b".equals(hashedPassword))
failReason = "Login failed; incorrect email or password.";
else {
RequestFactoryServlet.getThreadLocalRequest().getSession().setAttribute("auth", signIn);
}
return failReason;
}
public void signOut(SignOut signOut) {
RequestFactoryServlet.getThreadLocalRequest().getSession().removeAttribute("auth");
return;
}
On every request you can check if SignIn object is still present in session:
SignIn signIn = null;
final Object userObject = RequestFactoryServlet.getThreadLocalRequest().getSession().getAttribute("auth");
if (userObject != null && userObject instanceof SignIn) {
signIn = (SignIn) userObject;
}
In case of absence of this object you should cancel the request and redirect user to login page.

Keeping user logged on, on Android an android app

Hey guys i am currently working on an android app that will allow me to login with a registered user and then post how much he heighs, his collesterol level and so on, trough web services using ksoap, and i don't know how to keep the user logged on trough a web service like ksoap for then to introduce the values. I don't have code yet i am just trying to figure out how am i going to do it, because in android i guess you could say i am still taking baby steps. The website where the info will be posted is already created but i need to know how i keep the user logged in so that then i can put his numbers and send trough the web services to the site db the right values to the right user.
Well , you can save boolean variable in Shared Preference when user logged in . So when ever you want to send data you need to check the value of that boolean variable . if its true then you can send data otherwise redirect to login page.
When user logged out then you need to set false to that variable in shared preference or clear shared preference.
Example
public class PreferenceData
{
static final String PREF_USER_ID = "user_logged_in";
public static SharedPreferences getSharedPreferences(Context ctx)
{
return PreferenceManager.getDefaultSharedPreferences(ctx);
}
public static void setUserLoggedIn(Context ctx, boolean userLoggedIn)
{
Editor editor = getSharedPreferences(ctx).edit();
editor.putBoolean(PREF_USER_ID, userLoggedIn);
editor.commit();
}
public static boolean getUserLoggedIn(Context ctx)
{
return getSharedPreferences(ctx).putBoolean(PREF_USER_ID, false);
}
}
well, you can save a token with a timestamp in the sqlite db or flash memory and send it as a parameter in your request. when you check if the login token exists, you can check towards timestamp if you want it to time out - create a logout function that clears this token

Categories