Add BlockInsecureScreen

Author: TimoPtr

app/src/main/kotlin/io/homeassistant/companion/android/webview/WebViewActivity.kt

@@ -104,6 +104,7 @@ import io.homeassistant.companion.android.common.util.toJsonObject
 import io.homeassistant.companion.android.common.util.toJsonObjectOrNull
 import io.homeassistant.companion.android.database.authentication.Authentication
 import io.homeassistant.companion.android.database.authentication.AuthenticationDao
+import io.homeassistant.companion.android.database.server.SecurityStatus
 import io.homeassistant.companion.android.databinding.DialogAuthenticationBinding
 import io.homeassistant.companion.android.improv.ui.ImprovPermissionDialog
 import io.homeassistant.companion.android.improv.ui.ImprovSetupDialog
@@ -131,6 +132,7 @@ import io.homeassistant.companion.android.webview.externalbus.ExternalConfigResp
 import io.homeassistant.companion.android.webview.externalbus.ExternalEntityAddToAction
 import io.homeassistant.companion.android.webview.externalbus.NavigateTo
 import io.homeassistant.companion.android.webview.externalbus.ShowSidebar
+import io.homeassistant.companion.android.webview.insecure.BlockInsecureFragment
 import javax.inject.Inject
 import kotlinx.coroutines.CoroutineScope
 import kotlinx.coroutines.Dispatchers
@@ -272,6 +274,11 @@ class WebViewActivity :
 
     private val snackbarHostState = SnackbarHostState()
 
+    /**
+     * Indicates if the current state is insecure. If so we should not load the URL.
+     */
+    private var isInsecureState: Boolean = false
+
     @SuppressLint("SetJavaScriptEnabled")
     override fun onCreate(savedInstanceState: Bundle?) {
         if (
@@ -1392,8 +1399,7 @@ class WebViewActivity :
             clearHistory = !keepHistory
             lifecycleScope.launch {
                 if (!presenter.shouldSetSecurityLevel()) {
-                    webView.loadUrl(url)
-                    waitForConnection()
+                    secureLoadUrl(url)
                 } else {
                     val serverId = presenter.getActiveServer()
                     Timber.d("Security level not set for server $serverId, showing ConnectionSecurityLevelFragment")
@@ -1410,6 +1416,46 @@ class WebViewActivity :
         }
     }
 
+    /**
+     * Make sure we only load the url if the securityLevel and current states allow it.
+     */
+    private suspend fun secureLoadUrl(url: String) {
+        fun loadAndWait() {
+            webView.loadUrl(url)
+            isInsecureState = false
+            waitForConnection()
+        }
+
+        if (url.startsWith("https")) {
+            loadAndWait()
+            return
+        }
+
+        val allowInsecureConnection = serverManager.integrationRepository(
+            presenter.getActiveServer(),
+        ).getAllowInsecureConnection()
+
+        when (allowInsecureConnection) {
+            null, true -> loadAndWait()
+            false -> {
+                val status = serverManager.getServer(
+                    presenter.getActiveServer(),
+                )?.connection?.currentSecurityStatusForUrl(this, url)
+                when (status) {
+                    is SecurityStatus.Insecure, null -> {
+                        isInsecureState = true
+                        showBlockInsecureFragment(
+                            serverId = presenter.getActiveServer(),
+                            missingHomeSetup = status?.missingHomeSetup ?: false,
+                            missingLocation = status?.missingLocation ?: false,
+                        )
+                    }
+                    SecurityStatus.Secure -> loadAndWait()
+                }
+            }
+        }
+    }
+
     private fun showConnectionSecurityLevelFragment(serverId: Int) {
         supportFragmentManager.setFragmentResultListener(
             ConnectionSecurityLevelFragment.RESULT_KEY,
@@ -1419,8 +1465,9 @@ class WebViewActivity :
             supportFragmentManager.clearFragmentResultListener(ConnectionSecurityLevelFragment.RESULT_KEY)
 
             if (::loadedUrl.isInitialized) {
-                webView.loadUrl(loadedUrl)
-                waitForConnection()
+                lifecycleScope.launch {
+                    secureLoadUrl(loadedUrl)
+                }
             }
         }
 
@@ -1430,6 +1477,33 @@ class WebViewActivity :
             .commit()
     }
 
+    private fun showBlockInsecureFragment(serverId: Int, missingHomeSetup: Boolean, missingLocation: Boolean) {
+        supportFragmentManager.setFragmentResultListener(
+            BlockInsecureFragment.RESULT_KEY,
+            this,
+        ) { _, _ ->
+            Timber.d("Block insecure screen exited by user, retrying URL loading")
+            supportFragmentManager.clearFragmentResultListener(BlockInsecureFragment.RESULT_KEY)
+
+            if (::loadedUrl.isInitialized) {
+                lifecycleScope.launch {
+                    secureLoadUrl(loadedUrl)
+                }
+            }
+        }
+        supportFragmentManager.beginTransaction()
+            .replace(
+                android.R.id.content,
+                BlockInsecureFragment.newInstance(
+                    serverId = serverId,
+                    missingHomeSetup = missingHomeSetup,
+                    missingLocation = missingLocation,
+                ),
+            )
+            .addToBackStack(null)
+            .commit()
+    }
+
     override fun setStatusBarAndBackgroundColor(statusBarColor: Int, backgroundColor: Int) {
         // Set background colors
         if (statusBarColor != 0) {
@@ -1705,18 +1779,22 @@ class WebViewActivity :
     }
 
     private fun waitForConnection() {
-        Handler(Looper.getMainLooper()).postDelayed(
-            {
-                if (
-                    !isConnected &&
-                    !loadedUrl.toHttpUrl().pathSegments.first().contains("api") &&
-                    !loadedUrl.toHttpUrl().pathSegments.first().contains("local")
-                ) {
-                    showError(errorType = ErrorType.TIMEOUT_EXTERNAL_BUS)
-                }
-            },
-            CONNECTION_DELAY,
-        )
+        if (!isInsecureState) {
+            Handler(Looper.getMainLooper()).postDelayed(
+                {
+                    if (
+                        !isConnected &&
+                        !loadedUrl.toHttpUrl().pathSegments.first().contains("api") &&
+                        !loadedUrl.toHttpUrl().pathSegments.first().contains("local")
+                    ) {
+                        showError(errorType = ErrorType.TIMEOUT_EXTERNAL_BUS)
+                    }
+                },
+                CONNECTION_DELAY,
+            )
+        } else {
+            Timber.i("Not waiting for connection since currently being block because insecure")
+        }
     }
 
     override fun sendExternalBusMessage(message: ExternalBusMessage) {

app/src/main/kotlin/io/homeassistant/companion/android/webview/insecure/BlockInsecureFragment.kt

@@ -0,0 +1,112 @@
+package io.homeassistant.companion.android.webview.insecure
+
+import android.content.Intent
+import android.os.Bundle
+import android.provider.Settings
+import android.view.LayoutInflater
+import android.view.View
+import android.view.ViewGroup
+import androidx.compose.ui.platform.ComposeView
+import androidx.compose.ui.platform.LocalUriHandler
+import androidx.fragment.app.Fragment
+import androidx.fragment.app.setFragmentResult
+import dagger.hilt.android.AndroidEntryPoint
+import io.homeassistant.companion.android.common.compose.theme.HATheme
+import io.homeassistant.companion.android.common.util.DisabledLocationHandler
+import io.homeassistant.companion.android.settings.ConnectionSecurityLevelFragment
+import io.homeassistant.companion.android.settings.SettingsActivity
+
+/**
+ * Fragment explaining why the current connection is blocked.
+ */
+@AndroidEntryPoint
+class BlockInsecureFragment private constructor() : Fragment() {
+
+    companion object {
+        const val RESULT_KEY = "block_insecure_result"
+        private const val EXTRA_SERVER = "server_id"
+        private const val EXTRA_MISSING_HOME_SETUP = "missing_home_setup"
+        private const val EXTRA_MISSING_LOCATION = "missing_location"
+
+        fun newInstance(serverId: Int, missingHomeSetup: Boolean, missingLocation: Boolean): BlockInsecureFragment {
+            return BlockInsecureFragment().apply {
+                arguments = Bundle().apply {
+                    putInt(EXTRA_SERVER, serverId)
+                    putBoolean(EXTRA_MISSING_HOME_SETUP, missingHomeSetup)
+                    putBoolean(EXTRA_MISSING_LOCATION, missingLocation)
+                }
+            }
+        }
+    }
+
+    override fun onCreateView(inflater: LayoutInflater, container: ViewGroup?, savedInstanceState: Bundle?): View {
+        val serverId = arguments?.getInt(EXTRA_SERVER, -1) ?: -1
+        val missingHomeSetup = arguments?.getBoolean(EXTRA_MISSING_HOME_SETUP, false) ?: false
+        val missingLocation = arguments?.getBoolean(EXTRA_MISSING_LOCATION, false) ?: false
+
+        return ComposeView(requireContext()).apply {
+            setContent {
+                val uriHandler = LocalUriHandler.current
+                HATheme {
+                    BlockInsecureScreen(
+                        missingHomeSetup = missingHomeSetup,
+                        missingLocation = missingLocation,
+                        onRetry = ::retryAndClose,
+                        onHelpClick = {
+                            uriHandler.openUri(
+                                "https://companion.home-assistant.io/docs/getting_started/connection-security-level/",
+                            )
+                        },
+                        onOpenSettings = {
+                            startActivity(SettingsActivity.newInstance(requireContext()))
+                        },
+                        onChangeSecurityLevel = {
+                            showConnectionSecurityLevelFragment(serverId)
+                        },
+                        onOpenLocationSettings = ::openLocationSettings,
+                        onConfigureHomeNetwork = {
+                            startActivity(
+                                SettingsActivity.newInstance(
+                                    context = requireContext(),
+                                    screen = SettingsActivity.Deeplink.HomeNetwork(serverId),
+                                ),
+                            )
+                        },
+                    )
+                }
+            }
+        }
+    }
+
+    private fun openLocationSettings() {
+        if (DisabledLocationHandler.isLocationEnabled(requireContext())) {
+            retryAndClose()
+            return
+        }
+        val intent = Intent(Settings.ACTION_LOCATION_SOURCE_SETTINGS).apply {
+            flags = Intent.FLAG_ACTIVITY_NEW_TASK
+            addFlags(Intent.FLAG_ACTIVITY_NO_HISTORY)
+            addFlags(Intent.FLAG_ACTIVITY_EXCLUDE_FROM_RECENTS)
+        }
+        if (intent.resolveActivity(requireContext().packageManager) == null) {
+            intent.action = Settings.ACTION_SETTINGS
+        }
+        startActivity(intent)
+    }
+
+    private fun retryAndClose() {
+        setFragmentResult(RESULT_KEY, Bundle())
+        parentFragmentManager.popBackStack()
+    }
+
+    private fun showConnectionSecurityLevelFragment(serverId: Int) {
+        val fragment = ConnectionSecurityLevelFragment.newInstance(
+            serverId = serverId,
+            handleAllInsets = true,
+        )
+        parentFragmentManager.beginTransaction()
+            .replace(android.R.id.content, fragment)
+            .addToBackStack(null)
+            .commit()
+    }
+}