-
-
Notifications
You must be signed in to change notification settings - Fork 134
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hub support #560
Hub support #560
Conversation
WalkthroughThe recent changes encompass a comprehensive update across multiple files, primarily enhancing the functionality related to hub vault management and cryptographic operations. Key modifications include the introduction of new dependencies in the Gradle files, such as The Several dialog interfaces and layout files have been created to facilitate user interactions for hub device setup and related notifications. The Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 35
🧹 Outside diff range and nitpick comments (82)
domain/src/main/java/org/cryptomator/domain/UnverifiedVaultConfig.kt (1)
6-6
: LGTM! Consider adding documentation and validation.The open class design is appropriate for extensibility, particularly for the hub-specific vault configurations. However, a few improvements could enhance the robustness:
Consider adding:
- KDoc documentation explaining:
- Purpose of each property
- Valid format/values for
vaultFormat
- Expected JWT format
- Property validation:
open class UnverifiedVaultConfig( - open val jwt: String, - open val keyId: URI, - open val vaultFormat: Int + open val jwt: String, + open val keyId: URI, + open val vaultFormat: Int ) : Serializable { + init { + require(jwt.isNotBlank()) { "JWT token cannot be blank" } + require(vaultFormat > 0) { "Vault format must be positive" } + } }
- Consider using nullable types or sealed ranges if appropriate for your use case:
open val jwt: String?, // If JWT is optional open val vaultFormat: Int = 1 // If there's a default formatdomain/src/main/java/org/cryptomator/domain/exception/hub/HubVaultIsArchivedException.java (1)
5-10
: Consider enhancing the exception with documentation and additional constructors.The exception could be more useful with the following improvements:
- Add Javadoc explaining when this exception is thrown
- Add constructors with message and cause parameters for better error context
Consider applying this enhancement:
public class HubVaultIsArchivedException extends BackendException { + private static final long serialVersionUID = 1L; + + /** + * Thrown when attempting to perform operations on a Hub vault that has been archived. + */ public HubVaultIsArchivedException() { super(); } + + /** + * @param message the detail message + */ + public HubVaultIsArchivedException(String message) { + super(message); + } + + /** + * @param message the detail message + * @param cause the cause of this exception + */ + public HubVaultIsArchivedException(String message, Throwable cause) { + super(message, cause); + } }domain/src/main/java/org/cryptomator/domain/exception/hub/HubUserSetupRequiredException.java (1)
7-9
: Consider adding additional constructors for better error reporting.The current implementation only provides a default constructor. Consider adding constructors that accept a message and/or cause parameter for more detailed error reporting.
public class HubUserSetupRequiredException extends BackendException { public HubUserSetupRequiredException() { super(); } + + public HubUserSetupRequiredException(String message) { + super(message); + } + + public HubUserSetupRequiredException(String message, Throwable cause) { + super(message, cause); + } + + public HubUserSetupRequiredException(Throwable cause) { + super(cause); + } }domain/src/main/java/org/cryptomator/domain/exception/hub/HubDeviceSetupRequiredException.java (2)
5-11
: Add JavaDoc documentation to clarify exception usageWhile the basic implementation is correct, adding documentation would improve clarity for developers:
- When this exception is thrown
- What conditions trigger it
- How to handle it
Add documentation like this:
+/** + * Exception thrown when a hub device requires setup before it can be used. + * This typically occurs when attempting to perform hub operations with an + * unregistered or improperly configured device. + */ public class HubDeviceSetupRequiredException extends BackendException {
7-9
: Consider adding constructors with message and cause parametersThe current implementation only provides a no-arg constructor. Consider adding additional constructors for better error context:
public HubDeviceSetupRequiredException() { super(); } + +public HubDeviceSetupRequiredException(String message) { + super(message); +} + +public HubDeviceSetupRequiredException(String message, Throwable cause) { + super(message, cause); +}domain/src/main/java/org/cryptomator/domain/exception/hub/HubVaultAccessForbiddenException.java (2)
5-5
: Add class-level documentation.Consider adding Javadoc to describe when this exception is thrown and provide examples of scenarios that trigger it. This will help other developers understand its purpose and proper usage.
+/** + * Exception thrown when access to a Hub vault is denied due to insufficient permissions + * or invalid access rights. This typically occurs when a user attempts to access + * a vault they are not authorized to use. + */ public class HubVaultAccessForbiddenException extends BackendException {
7-9
: Consider adding additional constructors for better error handling.The current implementation only provides a no-args constructor. Consider adding constructors that accept a message and/or cause for more detailed error reporting.
public HubVaultAccessForbiddenException() { super(); } + +/** + * Constructs a new exception with the specified detail message. + * + * @param message the detail message + */ +public HubVaultAccessForbiddenException(String message) { + super(message); +} + +/** + * Constructs a new exception with the specified detail message and cause. + * + * @param message the detail message + * @param cause the cause of this exception + */ +public HubVaultAccessForbiddenException(String message, Throwable cause) { + super(message, cause); +}domain/src/main/java/org/cryptomator/domain/exception/hub/HubInvalidSetupCodeException.java (1)
5-5
: Consider adding serialVersionUIDFor better serialization support, consider adding a serialVersionUID field.
public class HubInvalidSetupCodeException extends BackendException { + private static final long serialVersionUID = 1L;
domain/src/main/java/org/cryptomator/domain/exception/hub/HubLicenseUpgradeRequiredException.java (1)
5-11
: Add serialVersionUID for serialization compatibility.Since this exception extends
BackendException
which likely implementsSerializable
, adding aserialVersionUID
would ensure consistent serialization across different versions of the application.public class HubLicenseUpgradeRequiredException extends BackendException { + private static final long serialVersionUID = 1L; public HubLicenseUpgradeRequiredException() { super(); } }
domain/src/main/java/org/cryptomator/domain/exception/hub/HubInvalidVersionException.java (1)
5-11
: Consider enhancing the exception with documentation and version details.To improve maintainability and developer experience, consider:
- Adding Javadoc explaining when this exception is thrown and how to handle it
- Including version information (required vs actual) in the exception
Here's a suggested implementation:
package org.cryptomator.domain.exception.hub; import org.cryptomator.domain.exception.BackendException; +/** + * Thrown when attempting to interact with a Hub instance that has an incompatible version. + */ public class HubInvalidVersionException extends BackendException { + private final String requiredVersion; + private final String actualVersion; + + /** + * Creates a new HubInvalidVersionException. + * + * @param message The error message + * @param requiredVersion The minimum required Hub version + * @param actualVersion The actual Hub version encountered + */ + public HubInvalidVersionException(String message, String requiredVersion, String actualVersion) { + super(message); + this.requiredVersion = requiredVersion; + this.actualVersion = actualVersion; + } + + public String getRequiredVersion() { + return requiredVersion; + } + + public String getActualVersion() { + return actualVersion; + } }domain/src/main/java/org/cryptomator/domain/exception/hub/HubVaultOperationNotSupportedException.java (1)
5-5
: Add class documentationPlease add Javadoc to describe when this exception is thrown and provide examples of unsupported operations. This will help other developers understand when to use this exception.
+/** + * Exception thrown when attempting an operation that is not supported for Hub vaults. + * For example, when trying to perform operations that are only available for local vaults + * or when attempting to use features not yet implemented for Hub vaults. + */ public class HubVaultOperationNotSupportedException extends BackendException {domain/src/main/java/org/cryptomator/domain/exception/hub/HubDeviceAlreadyRegisteredForOtherUserException.java (1)
7-9
: Consider enhancing the constructor to provide more context.The current implementation only provides a default constructor. Consider adding constructors that accept a message and/or cause to provide more detailed error information.
Consider adding these constructors:
public HubDeviceAlreadyRegisteredForOtherUserException() { super(); } + +public HubDeviceAlreadyRegisteredForOtherUserException(String message) { + super(message); +} + +public HubDeviceAlreadyRegisteredForOtherUserException(String message, Throwable cause) { + super(message, cause); +}domain/src/main/java/org/cryptomator/domain/exception/hub/HubAuthenticationFailedException.java (1)
5-15
: Consider enhancing the exception class with additional features.The exception class could benefit from the following improvements:
- Add JavaDoc documentation explaining when this exception is thrown
- Include a constructor that accepts a message string
- Add serialVersionUID for serialization support
Here's the suggested implementation:
package org.cryptomator.domain.exception.hub; import org.cryptomator.domain.exception.BackendException; +/** + * Thrown when authentication with Cryptomator Hub fails. + * This can occur during initial authentication or when refreshing credentials. + */ public class HubAuthenticationFailedException extends BackendException { + private static final long serialVersionUID = 1L; public HubAuthenticationFailedException() { super(); } public HubAuthenticationFailedException(Exception e) { super(e); } + public HubAuthenticationFailedException(String message) { + super(message); + } + + public HubAuthenticationFailedException(String message, Exception e) { + super(message, e); + } }domain/src/main/java/org/cryptomator/domain/UnverifiedHubVaultConfig.kt (1)
5-23
: Consider separating authentication configuration from vault configuration.The class currently handles both vault configuration and OAuth/authentication configuration. Consider splitting these responsibilities into separate classes to improve maintainability and follow the Single Responsibility Principle:
HubAuthConfig
for auth-related propertiesUnverifiedHubVaultConfig
focusing only on vault-specific propertiesExample structure:
data class HubAuthConfig( val clientId: String, val authEndpoint: String, val tokenEndpoint: String, val authSuccessUrl: String, val authErrorUrl: String, val apiBaseUrl: String?, val devicesResourceUrl: String, ) class UnverifiedHubVaultConfig( override val jwt: String, override val keyId: URI, override val vaultFormat: Int, val authConfig: HubAuthConfig, ) : UnverifiedVaultConfig(jwt, keyId, vaultFormat)presentation/src/main/java/org/cryptomator/presentation/ui/activity/view/UnlockVaultView.kt (1)
17-21
: Consider adding KDoc documentation for the new Hub methodsThe new Hub-related methods are well-named and follow the existing pattern, but would benefit from documentation explaining:
- The purpose of each dialog
- The expected user interactions
- The relationship between parameters (e.g., vaultModel and unverifiedVaultConfig)
Add KDoc comments like this:
+ /** + * Shows dialog for creating a new Hub device for vault access + * @param vaultModel The vault requiring device creation + * @param unverifiedVaultConfig The unverified Hub vault configuration + */ fun showCreateHubDeviceDialog(vaultModel: VaultModel, unverifiedVaultConfig: UnverifiedHubVaultConfig) + /** + * Shows dialog when user setup is required for Hub access + * @param unverifiedVaultConfig The unverified Hub vault configuration + */ fun showHubUserSetupRequiredDialog(unverifiedHubVaultConfig: UnverifiedHubVaultConfig) + /** + * Shows dialog when user needs to upgrade their Hub license + */ fun showHubLicenseUpgradeRequiredDialog() + /** + * Shows dialog when user lacks permission to access the Hub vault + */ fun showHubVaultAccessForbiddenDialog() + /** + * Shows dialog when attempting to access an archived Hub vault + */ fun showHubVaultIsArchivedDialog()domain/src/main/java/org/cryptomator/domain/repository/HubRepository.kt (2)
6-7
: Add KDoc documentation for the interface.Consider adding documentation to explain the interface's purpose, responsibilities, and its role in Hub support.
+/** + * Repository interface for interacting with Cryptomator Hub. + * Handles vault key management, user authentication, device registration, + * and configuration retrieval operations. + */ interface HubRepository {
6-29
: Consider architectural improvements for better separation of concerns.The current interface combines different responsibilities (user management, device management, vault management). Consider splitting this into more focused interfaces:
HubUserRepository
for user-related operationsHubDeviceRepository
for device managementHubVaultRepository
for vault-specific operationsAlso, consider adding version compatibility checks since the Hub API level is part of the configuration.
Would you like me to provide an example of how to split these interfaces?
data/src/main/java/org/cryptomator/data/repository/RepositoryModule.java (1)
35-39
: Fix typo in method nameThe method name
provideHubRepositoryRepository
contains a duplicate "Repository" word. This should be corrected to maintain consistency with other provider methods in this class.Apply this change:
- public HubRepository provideHubRepositoryRepository(HubRepositoryImpl hubRepository) { + public HubRepository provideHubRepository(HubRepositoryImpl hubRepository) {domain/src/main/java/org/cryptomator/domain/usecases/vault/CreateHubDevice.java (2)
10-11
: Add class-level documentation.Consider adding Javadoc to document:
- The purpose of this use case
- Why the class is package-private
- The relationship with HubRepository
- Potential exceptions that might be thrown
@UseCase +/** + * Use case for registering a new device with Cryptomator Hub. + * Package-private to ensure access only through the use case factory. + * + * @throws BackendException when device registration fails + * @throws HubAuthenticationFailedException when authentication fails + * @throws HubDeviceAlreadyRegisteredForOtherUserException when device is already registered + * @throws HubInvalidSetupCodeException when setup code is invalid + */ class CreateHubDevice {
1-32
: Consider architectural improvements.
- Consider implementing the Command pattern with an undo operation for rollback scenarios
- Add a result object to provide more detailed feedback about the device creation
- Consider using a builder pattern for complex object construction
Example Result object:
public class HubDeviceCreationResult { private final String deviceId; private final Instant createdAt; private final String status; // ... constructor and getters }data/src/main/java/org/cryptomator/data/cloud/crypto/CryptoCloudProvider.java (1)
22-22
: Add Javadoc for the new unlock method.The new unlock method introduces Hub-specific parameters using JWE format. Consider adding Javadoc to explain:
- The purpose and format of
vaultKeyJwe
anduserKeyJwe
- When this unlock method should be used vs. the password-based methods
- The expected format of the JWE tokens
Example documentation:
/** * Unlocks a vault using Hub-provided JWE format keys. * * @param vault The vault to unlock * @param unverifiedVaultConfig The vault configuration * @param vaultKeyJwe The vault key in JWE format * @param userKeyJwe The user key in JWE format * @param cancelledFlag Flag to cancel the operation * @return The unlocked vault * @throws BackendException If the unlock operation fails */presentation/src/main/java/org/cryptomator/presentation/ui/dialog/HubVaultAccessForbiddenDialog.kt (3)
13-16
: Consider adding KDoc documentationAdding KDoc documentation to the interface and method would improve API clarity for consumers.
+/** + * Callback interface for handling Hub vault access forbidden dialog events + */ interface Callback { + /** + * Called when the vault access forbidden dialog is finished, + * either by clicking the neutral button or pressing back + */ fun onVaultAccessForbiddenDialogFinished() }
33-34
: Document or implement the empty setupView methodThe empty
setupView()
method should either be documented if intentionally empty or implemented if functionality is missing.+ /** + * View setup is not required for this dialog as all configuration + * is handled in setupDialog + */ public override fun setupView() { }🧰 Tools
🪛 detekt (1.23.7)
[warning] 33-34: This empty block of code can be removed.
(detekt.empty-blocks.EmptyFunctionBlock)
1-42
: Consider enhancing error handling robustnessTo improve the dialog's reliability, consider:
- Adding null safety checks for the dialog reference
- Handling edge cases (e.g., multiple dismissal attempts)
- Adding logging for debugging purposes
🧰 Tools
🪛 detekt (1.23.7)
[warning] 33-34: This empty block of code can be removed.
(detekt.empty-blocks.EmptyFunctionBlock)
presentation/src/main/java/org/cryptomator/presentation/ui/dialog/HubLicenseUpgradeRequiredDialog.kt (2)
13-16
: Consider adding KDoc documentationAdding KDoc documentation to the interface and its method would improve maintainability and help other developers understand the expected behavior.
+/** + * Callback interface for handling Hub license upgrade dialog events. + */ interface Callback { + /** + * Called when the Hub license upgrade dialog is finished, either by user action or system events. + */ fun onHubLicenseUpgradeRequiredDialogFinished() }
37-42
: Consider adding KDoc documentation to the factory methodAdding documentation would help clarify the purpose and usage of this factory method.
companion object { + /** + * Creates a new instance of HubLicenseUpgradeRequiredDialog. + * @return A new dialog instance ready to be shown. + */ fun newInstance(): HubLicenseUpgradeRequiredDialog { return HubLicenseUpgradeRequiredDialog() } }presentation/src/main/java/org/cryptomator/presentation/ui/dialog/HubVaultArchivedDialog.kt (5)
13-16
: Add KDoc documentation for the interface and method.Consider adding documentation to explain when this callback is triggered and its purpose in the context of Hub vault archival.
+/** + * Callback interface to handle Hub vault archived dialog completion. + */ interface Callback { + /** + * Called when the Hub vault archived dialog is dismissed either by + * clicking the neutral button or pressing back. + */ fun onHubVaultArchivedDialogFinished() }
19-21
: Remove unnecessary line continuation comments.The builder chain can be more readable without the `//' comments.
- builder // - .setTitle(R.string.dialog_hub_vault_archived_title) // - .setNeutralButton(getString(R.string.dialog_hub_vault_archived_positive_button)) { _: DialogInterface, _: Int -> callback?.onHubVaultArchivedDialogFinished() } + builder + .setTitle(R.string.dialog_hub_vault_archived_title) + .setNeutralButton(getString(R.string.dialog_hub_vault_archived_positive_button)) { _: DialogInterface, _: Int -> + callback?.onHubVaultArchivedDialogFinished() + }
22-30
: Improve key event handling logic.The current implementation of
OnKeyListener
could be simplified and made more idiomatic.- .setOnKeyListener { _, keyCode, _ -> - if (keyCode == KeyEvent.KEYCODE_BACK) { - dialog?.dismiss() - callback?.onHubVaultArchivedDialogFinished() - true - } else { - false - } - } + .setOnKeyListener { _, keyCode, event -> + when { + keyCode == KeyEvent.KEYCODE_BACK && event.action == KeyEvent.ACTION_UP -> { + dialog?.dismiss() + callback?.onHubVaultArchivedDialogFinished() + true + } + else -> false + } + }
34-38
: Simplify view setup using Kotlin scope functions.The code can be more concise using Kotlin's
as?
andapply
functions.- public override fun setupView() { - super.onStart() - val dialog = dialog as AlertDialog? - dialog?.setCanceledOnTouchOutside(false) - } + public override fun setupView() { + super.onStart() + (dialog as? AlertDialog)?.apply { + setCanceledOnTouchOutside(false) + } + }
40-45
: Add KDoc for the factory method.Document the factory method to explain its purpose and usage.
companion object { + /** + * Creates a new instance of HubVaultArchivedDialog. + * @return A new dialog instance for displaying Hub vault archived message. + */ fun newInstance(): HubVaultArchivedDialog { return HubVaultArchivedDialog() } }presentation/src/main/java/org/cryptomator/presentation/di/component/ApplicationComponent.java (1)
40-40
: LGTM! Well-integrated Hub repository declaration.The
hubRepository()
method follows the established pattern for repository injection and is properly scoped at the application level. The integration with RepositoryModule ensures proper dependency provision.The placement of this repository at the application component level is appropriate as it will likely be needed across different features related to Hub functionality.
domain/src/main/java/org/cryptomator/domain/repository/CloudRepository.java (3)
44-45
: Consider maintaining consistency with Optional parameterThe
unverifiedVaultConfig
parameter is required here, while other unlock methods useOptional<UnverifiedVaultConfig>
. This inconsistency might force implementers to handle null checks differently.Consider this alternative signature:
-Cloud unlock(Vault vault, UnverifiedVaultConfig unverifiedVaultConfig, String vaultKeyJwe, String userKeyJwe, Flag cancelledFlag) throws BackendException; +Cloud unlock(Vault vault, Optional<UnverifiedVaultConfig> unverifiedVaultConfig, String vaultKeyJwe, String userKeyJwe, Flag cancelledFlag) throws BackendException;
44-45
: Add Javadoc for the new unlock methodThe new method introduces JWE parameters which would benefit from documentation explaining their format, content, and purpose, especially since this appears to be part of the Hub authentication flow.
Consider adding documentation:
+/** + * Unlocks a vault using Hub authentication. + * + * @param vault The vault to unlock + * @param unverifiedVaultConfig The vault configuration + * @param vaultKeyJwe The vault key in JWE format + * @param userKeyJwe The user key in JWE format + * @param cancelledFlag Flag to indicate cancellation + * @return The unlocked cloud + * @throws BackendException if the unlock operation fails + */ Cloud unlock(Vault vault, UnverifiedVaultConfig unverifiedVaultConfig, String vaultKeyJwe, String userKeyJwe, Flag cancelledFlag) throws BackendException;
44-45
: Consider refactoring unlock method variantsThe interface now has three unlock methods with similar signatures but different authentication mechanisms (password-based vs JWE-based). This might indicate a need for a more flexible design.
Consider these architectural improvements:
- Create an
UnlockCredentials
interface with implementations for different authentication methods:
PasswordCredentials
HubJweCredentials
- Consolidate the unlock methods into a single method accepting
UnlockCredentials
This would make the interface more maintainable and extensible for future authentication methods.
presentation/src/main/java/org/cryptomator/presentation/model/ProgressStateModel.kt (1)
50-50
: LGTM with a minor suggestion on constant ordering.The new constant follows the established patterns and integrates well with the existing progress states. Consider grouping it with other creation-related constants (like
CREATING_VAULT
,CREATING_FOLDER
) for better code organization.Apply this diff to improve constant grouping:
val CREATING_FOLDER = ProgressStateModel("FOLDER", text(R.string.dialog_progress_creating_folder)) val CREATING_TEXT_FILE = ProgressStateModel("FILE", text(R.string.dialog_progress_creating_text_file)) +val CREATING_HUB_DEVICE = ProgressStateModel("HUB_DEVICE", text(R.string.dialog_progress_creating_hub_device_setup)) val UNLOCKING_VAULT = ProgressStateModel("VAULT", text(R.string.dialog_progress_unlocking_vault)) val CHANGING_PASSWORD = ProgressStateModel("PASSWORD", text(R.string.dialog_progress_change_password)) val CREATING_VAULT = ProgressStateModel("VAULT", text(R.string.dialog_progress_creating_vault)) -val CREATING_HUB_DEVICE = ProgressStateModel("HUB_DEVICE", text(R.string.dialog_progress_creating_hub_device_setup)) val UNKNOWN = ProgressStateModel("UNKNOWN_MIMETYPE", text(R.string.dialog_progress_please_wait))util/build.gradle (1)
56-57
: Consider security configurations for OAuth flowsSince this module will be handling JWT tokens as part of Hub support (likely OAuth flows):
- Ensure ProGuard/R8 rules are properly configured to prevent JWT classes from being obfuscated
- Consider adding security-related Android manifest configurations (e.g., network security config, cleartext traffic policy)
presentation/src/main/java/org/cryptomator/presentation/ui/dialog/HubUserSetupRequiredDialog.kt (2)
18-23
: Add KDoc documentation for the Callback interface.Consider adding documentation to explain:
- When each callback is triggered
- The expected behavior when implementing these callbacks
- The significance of the UnverifiedHubVaultConfig parameter
Example documentation:
/** * Interface defining callback methods for Hub user setup actions */ interface Callback { /** * Called when the user chooses to proceed with Hub profile setup * @param unverifiedVaultConfig The configuration of the vault pending verification */ fun onGoToHubProfileClicked(unverifiedVaultConfig: UnverifiedHubVaultConfig) /** * Called when the user cancels the Hub setup process */ fun onCancelHubUserSetupClicked() }
57-57
: Make the constant name more descriptive.The constant
VAULT_CONFIG_ARG
could be more specific to indicate it's for unverified vault configuration.- private const val VAULT_CONFIG_ARG = "vaultConfig" + private const val UNVERIFIED_VAULT_CONFIG_ARG = "unverifiedVaultConfig"presentation/src/main/res/layout/dialog_create_hub_device.xml (1)
2-9
: Consider using ConstraintLayout instead of RelativeLayoutConstraintLayout is the recommended layout for complex views as it provides better performance and maintainability. It would be particularly beneficial here for handling the relationships between the input fields and included layouts.
<androidx.core.widget.NestedScrollView xmlns:android="http://schemas.android.com/apk/res/android" android:layout_width="match_parent" android:layout_height="match_parent"> - <RelativeLayout + <androidx.constraintlayout.widget.ConstraintLayout android:layout_width="match_parent" android:layout_height="match_parent" android:padding="@dimen/activity_vertical_margin">presentation/src/main/java/org/cryptomator/presentation/ui/dialog/CreateHubDeviceDialog.kt (4)
27-28
: Consider using Parcelable instead of Serializable for better type safety and performanceThe callback method uses Serializable parameters (
VaultModel
andUnverifiedHubVaultConfig
). Consider implementing Parcelable instead, as it's more type-safe and performs better on Android.
46-54
: Simplify back button handling using early returnThe back button handling can be simplified using an early return pattern for better readability.
- dialog.setOnKeyListener { _, keyCode, _ -> - if (keyCode == KeyEvent.KEYCODE_BACK) { - dialog.dismiss() - callback?.onCreateHubDeviceCanceled() - true - } else { - false - } - } + dialog.setOnKeyListener { _, keyCode, _ -> + if (keyCode != KeyEvent.KEYCODE_BACK) return@setOnKeyListener false + dialog.dismiss() + callback?.onCreateHubDeviceCanceled() + true + }
85-86
: Add documentation for empty overrideThe empty
setupView()
method is likely required by the parent class. Add a comment explaining why it's empty or remove it if not required.- override fun setupView() { - } + override fun setupView() { + // No additional view setup required as it's handled in onStart + }🧰 Tools
🪛 detekt (1.23.7)
[warning] 85-86: This empty block of code can be removed.
(detekt.empty-blocks.EmptyFunctionBlock)
108-115
: Consider using Fragment arguments delegationThe fragment arguments handling can be simplified using Kotlin's property delegation with the Fragment KTX library.
// At class level private val vaultModel: VaultModel by lazy { requireArguments().getSerializable(VAULT_ARG) as VaultModel } private val unverifiedVaultConfig: UnverifiedHubVaultConfig by lazy { requireArguments().getSerializable(VAULT_CONFIG_ARG) as UnverifiedHubVaultConfig }data/src/main/java/org/cryptomator/data/repository/CloudRepositoryImpl.java (2)
112-118
: Add documentation for the new unlock method.The new unlock method appears to be part of the Hub support feature. Please add Javadoc explaining:
- The purpose of this method
- The expected format/content of vaultKeyJwe and userKeyJwe parameters
- The specific exceptions that might be thrown
Example:
/** * Unlocks a vault using Hub authentication. * * @param vault The vault to unlock * @param unverifiedVaultConfig The vault configuration * @param vaultKeyJwe The vault key in JWE format * @param userKeyJwe The user key in JWE format * @param cancelledFlag Flag to cancel the operation * @return Decrypted view of the vault * @throws BackendException if unlock fails * @throws HubAuthenticationFailedException if Hub authentication fails * @throws HubVaultAccessForbiddenException if access is forbidden */
114-116
: Consider adding parameter validation and specific error handling.The method could benefit from:
- Validation of JWE parameters before delegation
- More specific exception handling for Hub-related failures
Consider this implementation:
public Cloud unlock(Vault vault, UnverifiedVaultConfig unverifiedVaultConfig, String vaultKeyJwe, String userKeyJwe, Flag cancelledFlag) throws BackendException { + if (vaultKeyJwe == null || vaultKeyJwe.isEmpty() || userKeyJwe == null || userKeyJwe.isEmpty()) { + throw new IllegalArgumentException("JWE parameters cannot be null or empty"); + } + try { Vault vaultWithVersion = cryptoCloudFactory.unlock(vault, unverifiedVaultConfig, vaultKeyJwe, userKeyJwe, cancelledFlag); return decryptedViewOf(vaultWithVersion); + } catch (BackendException e) { + // Rethrow specific Hub-related exceptions + throw e; + } }presentation/src/main/java/org/cryptomator/presentation/exception/ExceptionHandlers.kt (1)
82-86
: Consider implementing a Hub-specific error handling strategyAs Hub support grows, consider implementing a dedicated
HubExceptionHandler
class to encapsulate all Hub-related error handling logic. This would:
- Improve maintainability by centralizing Hub error handling
- Allow for Hub-specific error recovery strategies
- Make it easier to add new Hub-related error cases in the future
Example approach:
class HubExceptionHandler : ExceptionHandler { override fun handle(view: View, e: Throwable): Boolean { return when (e) { is HubAuthenticationFailedException -> handleAuthError(view, e) is HubInvalidVersionException -> handleVersionError(view, e) // ... other Hub-specific handlers else -> false } } private fun handleAuthError(view: View, e: HubAuthenticationFailedException): Boolean { // Hub-specific authentication error recovery logic } // ... other handling methods }data/build.gradle (1)
199-200
: Consider grouping OAuth/JWT related dependenciesFor better organization, consider grouping this dependency with other authentication-related dependencies (like
msgraphAuth
) under a comment section.implementation dependencies.jsonWebToken + // OAuth & JWT implementation dependencies.joseJwt + // cloud playstoreImplementation dependencies.dropboxCoredata/src/main/java/org/cryptomator/data/cloud/crypto/MasterkeyCryptoCloudProvider.kt (1)
129-131
: Consider enhancing the error message for better clarity.The implementation correctly enforces separation of concerns by throwing an
IllegalStateException
for hub-based unlock attempts on a password-based vault provider. However, the error message could be more descriptive.Consider this more descriptive error message:
- throw IllegalStateException("Password based vaults do not support hub unlock") + throw IllegalStateException("This vault is configured for password-based authentication and does not support Cryptomator Hub authentication")presentation/src/main/res/values/strings.xml (2)
533-541
: Consider renaming the setup code related string identifiers.While the user-facing strings consistently use "Account Key", the string identifiers still use "setup_code". Consider renaming these identifiers for better code maintainability:
- <string name="dialog_create_hub_device_setup_code_label">Account Key</string> - <string name="dialog_create_hub_device_setup_code_hint">Your Account Key is required...</string> - <string name="dialog_create_hub_device_setup_code_empty">Account Key can\'t be empty.</string> + <string name="dialog_create_hub_device_account_key_label">Account Key</string> + <string name="dialog_create_hub_device_account_key_hint">Your Account Key is required...</string> + <string name="dialog_create_hub_device_account_key_empty">Account Key can\'t be empty.</string>
544-544
: Remove extra quotation marks.There are unnecessary quotation marks at the end of these hint messages:
- <string name="dialog_hub_vault_access_forbidden_hint">Your user has not yet been authorized to access this vault. Ask the vault owner to authorize it."</string> + <string name="dialog_hub_vault_access_forbidden_hint">Your user has not yet been authorized to access this vault. Ask the vault owner to authorize it.</string> - <string name="dialog_hub_license_upgrade_required_hint">Your Cryptomator Hub instance has an invalid license. Please inform a Hub administrator to upgrade or renew the license."</string> + <string name="dialog_hub_license_upgrade_required_hint">Your Cryptomator Hub instance has an invalid license. Please inform a Hub administrator to upgrade or renew the license.</string>Also applies to: 548-548
domain/src/main/java/org/cryptomator/domain/usecases/vault/UnlockHubVault.java (2)
17-17
: MakeHUB_MINIMUM_VERSION
a static constantConstants should be declared as
static final
to prevent unnecessary instance copies.Apply this diff to update the declaration:
- private final int HUB_MINIMUM_VERSION = 1; + private static final int HUB_MINIMUM_VERSION = 1;
24-29
: SimplifycancelledFlag
initialization using a lambda expressionSince
Flag
is a functional interface, you can use a lambda expression to simplify the code.Apply this diff to simplify the code:
- private final Flag cancelledFlag = new Flag() { - @Override - public boolean get() { - return cancelled; - } - }; + private final Flag cancelledFlag = () -> cancelled;data/src/main/java/org/cryptomator/data/cloud/crypto/HubkeyCryptoCloudProvider.kt (4)
49-51
: Check cancellation flag earlier to avoid unnecessary processingCurrently, the cancellation flag is checked after parsing JWE objects and decrypting the master key. To improve efficiency and responsiveness, consider checking the
cancelledFlag
at the beginning of the method to avoid unnecessary operations if the unlock process has been canceled.Apply this change:
// ...
26-28
: UseUnsupportedOperationException
for unsupported methodsThe methods
create
,unlock
,createUnlockToken
,isVaultPasswordValid
, andchangePassword
currently throwIllegalStateException
to indicate that certain operations are not supported. Consider usingUnsupportedOperationException
, which is more appropriate for signaling that a method is not implemented or not supported.Apply this diff to replace
IllegalStateException
withUnsupportedOperationException
:Also applies to: 31-33, 36-38, 62-64, 72-74, 89-91
62-64
: Clarify exception messages to reflect the specific unsupported operationsThe exception messages in
createUnlockToken
,isVaultPasswordValid
, andchangePassword
methods currently state "Hub cannot unlock vaults using password", which may not accurately describe the unsupported operation. Updating the exception messages to clearly indicate the specific unsupported functionality enhances code readability and maintainability.Example changes:
// In createUnlockToken method // In isVaultPasswordValid method // In changePassword methodAlso applies to: 72-74, 89-91
66-69
: Restrict visibility ofcryptorFor
methodThe
cryptorFor
method is marked with a comment "// Visible for testing", suggesting it is intended for internal use or testing purposes. Consider reducing its visibility tointernal
orprivate
to encapsulate the implementation details and prevent unintended usage from outside the class.Apply this change to restrict the method's visibility:
data/src/main/java/org/cryptomator/data/cloud/crypto/CryptoCloudFactory.java (1)
96-98
: Rename parameter for clarity.The parameter name
unverifiedVaultConfigOptional
may be misleading since it is not anOptional
. Consider renaming it tounverifiedVaultConfig
to improve readability.Apply this diff to rename the parameter:
-private CryptoCloudProvider cryptoCloudProvider(UnverifiedVaultConfig unverifiedVaultConfigOptional) { - return cryptoCloudProvider(Optional.of(unverifiedVaultConfigOptional)); +private CryptoCloudProvider cryptoCloudProvider(UnverifiedVaultConfig unverifiedVaultConfig) { + return cryptoCloudProvider(Optional.of(unverifiedVaultConfig)); }presentation/src/main/java/org/cryptomator/presentation/ui/activity/UnlockVaultActivity.kt (4)
34-39
: Consider ordering implemented interfaces for better readabilityFor improved readability and maintainability, consider ordering the implemented interfaces alphabetically or grouping related callbacks together. This makes it easier for other developers to navigate the code.
121-140
: Refactor dialog methods to reduce code duplicationThe
show*Dialog
methods share a similar structure. Refactoring these methods by creating a generic function can reduce code duplication and enhance maintainability.You could introduce a generic method like this:
private fun showHubDialog(dialog: DialogFragment) { showDialog(dialog) }Then update the dialog methods:
override fun showCreateHubDeviceDialog(vaultModel: VaultModel, unverifiedVaultConfig: UnverifiedHubVaultConfig) { showHubDialog(CreateHubDeviceDialog.newInstance(vaultModel, unverifiedVaultConfig)) } override fun showHubUserSetupRequiredDialog(unverifiedHubVaultConfig: UnverifiedHubVaultConfig) { showHubDialog(HubUserSetupRequiredDialog.newInstance(unverifiedHubVaultConfig)) } // Apply the same pattern to other dialog methods
157-184
: Simplify hub callback methods to enhance maintainabilityThe callback methods related to hub dialogs have similar patterns. Consider consolidating these methods into a single handler or using a unified interface to reduce boilerplate code.
For example, you could define a generic callback interface:
interface HubDialogCallback { fun onPositiveAction(data: Any?) fun onNegativeAction() }Implement this interface in your activity:
class UnlockVaultActivity : BaseActivity<ActivityUnlockVaultBinding>(...), HubDialogCallback { // ... override fun onPositiveAction(data: Any?) { // Handle positive action with the provided data } override fun onNegativeAction() { finish() } }Update your dialogs to use this generic callback:
class CreateHubDeviceDialog : DialogFragment() { // ... private lateinit var callback: HubDialogCallback override fun onAttach(context: Context) { super.onAttach(context) callback = context as HubDialogCallback } // Call the callback methods where appropriate }
5-5
: Verify the necessity of the new importEnsure that
UnverifiedHubVaultConfig
is utilized in the code. If it's not being used, consider removing the import to keep the code clean.util/src/main/java/org/cryptomator/util/crypto/HubDeviceCryptor.java (3)
49-219
: Enhance documentation with Javadoc commentsAdding Javadoc comments to the
HubDeviceCryptor
class and its public methods will improve understandability and assist other developers in using the class correctly.Consider documenting:
- The purpose of each public method.
- The expected inputs and outputs.
- Any thrown exceptions and under what conditions they are thrown.
127-140
: Handle potential empty key field scenarioThe variable
keyBytes
is initialized as an empty array, which may lead to issues if thekeyField
is not present in the payload. Ensure that the absence of the key is properly handled.Consider adding a check for the presence of the key:
if (fields.get(keyField) instanceof String key) { keyBytes = Base64.getDecoder().decode(key); return rawKeyFactory.apply(keyBytes); } else { + throw new MasterkeyLoadingFailedException("JWE payload missing required key field: " + keyField); }
62-70
: Specify explicit key generation parametersWhen generating the key pair, ensure that all parameters are explicitly set to avoid unintended defaults, which may affect security.
Consider specifying the provider for the
KeyPairGenerator
:var keyPairGenerator = KeyPairGenerator.getInstance(KeyProperties.KEY_ALGORITHM_EC, DEFAULT_KEYSTORE_NAME); +keyPairGenerator.initialize(parameterSpec, new SecureRandom()); keyPairGenerator.generateKeyPair();
Also, ensure that a secure random number generator is used.
data/src/main/java/org/cryptomator/data/repository/HubRepositoryImpl.java (12)
103-103
: Handle specific HTTP errors such as Unauthorized (401)In the
getUser
method, responses with HTTP status code401 Unauthorized
are not specifically handled. This could lead to a genericFatalBackendException
without clear context for the caller. Consider handling401 Unauthorized
explicitly to provide more meaningful feedback.Apply this diff to handle the
401 Unauthorized
status code:if (response.isSuccessful() && response.body() != null) { JSONObject jsonObject = new JSONObject(response.body().string()); return new UserDto(jsonObject.getString("id"), jsonObject.getString("name"), jsonObject.getString("publicKey"), jsonObject.getString("privateKey"), jsonObject.getString("setupCode")); } + else if (response.code() == HttpURLConnection.HTTP_UNAUTHORIZED) { + throw new HubAuthenticationFailedException(); + } throw new FatalBackendException("Failed to load user, bad response code " + response.code());
129-130
: WrapIOException
withBackendException
Consistent exception handling is important for maintainability. Replace the thrown
FatalBackendException
with a more generalBackendException
or a specific exception to better represent the error context.Apply this diff:
} catch (IOException | JSONException e) { - throw new FatalBackendException("Failed to load device", e); + throw new BackendException("Failed to load device", e); }
154-155
: Correct exception message when building JSON objectThe exception message "Failed to parse user private key" is misleading in this context. The error occurs while building the JSON object for the device data, not parsing the user private key.
Apply this diff to correct the exception message:
} catch (JSONException e) { - throw new FatalBackendException("Failed to parse user private key", e); + throw new FatalBackendException("Failed to build device JSON object", e); }
171-172
: Adjust exception message for device creation failureIn the
createDevice
method, the exception message refers to loading the device, which is inaccurate. It should reflect that the failure occurred during device creation.Apply this diff to update the exception message:
default: - throw new FatalBackendException("Failed to load device with response code " + response.code()); + throw new FatalBackendException("Failed to create device with response code " + response.code());
189-190
: Correct exception messages ingetConfig
methodThe exception messages mention "device" instead of "config," which could be confusing. Update them to accurately reflect the context.
Apply this diff to correct the exception messages:
} else { - throw new FatalBackendException("Failed to load device, response code good but no body"); + throw new FatalBackendException("Failed to load config, response code good but no body"); } ... throw new FatalBackendException("Failed to load config with response code " + response.code());
93-107
: Avoid potential NullPointerException and improve JSON parsingWhen parsing the response in
getUser
, if required JSON fields are missing,getString
will throw aJSONException
. It might be better to check for the presence of keys and handle missing fields gracefully.Consider modifying the code to validate JSON fields:
JSONObject jsonObject = new JSONObject(response.body().string()); + if (!jsonObject.has("id") || !jsonObject.has("name") || !jsonObject.has("publicKey") || !jsonObject.has("privateKey") || !jsonObject.has("setupCode")) { + throw new FatalBackendException("Incomplete user data received"); + } return new UserDto( jsonObject.getString("id"), jsonObject.getString("name"), jsonObject.getString("publicKey"), jsonObject.getString("privateKey"), jsonObject.getString("setupCode") );
68-89
: Refactor repetitive error handling codeThe try-catch blocks and response code handling logic are similar across multiple methods. Consider refactoring this logic into a helper method to reduce code duplication and enhance maintainability.
As an example, you could create a method to handle responses:
private String handleResponse(Response response) throws BackendException { switch (response.code()) { case HttpURLConnection.HTTP_OK: if (response.body() != null) { return response.body().string(); } else { throw new FatalBackendException("Response code OK but body is null"); } // Handle other status codes... default: throw new FatalBackendException("Unexpected response code " + response.code()); } }Then use this helper in your methods.
115-128
: Handle additional HTTP status codesIn the
getDevice
method, onlyHTTP_OK
andHTTP_NOT_FOUND
are explicitly handled. Consider adding handling for other relevant status codes such asHTTP_UNAUTHORIZED
(401) andHTTP_FORBIDDEN
(403) to provide clearer error messages and improve error handling.Apply this diff to handle additional status codes:
switch (response.code()) { case HttpURLConnection.HTTP_OK: // Existing code... break; + case HttpURLConnection.HTTP_UNAUTHORIZED: + throw new HubAuthenticationFailedException(); + case HttpURLConnection.HTTP_FORBIDDEN: + throw new HubAccessForbiddenException(); case HttpURLConnection.HTTP_NOT_FOUND: throw new HubDeviceSetupRequiredException(); // Rest of the code... }
43-55
: Consider Dependency Injection forOkHttpClient
andHubDeviceCryptor
For better testability and adherence to the Dependency Injection principle, consider injecting
OkHttpClient
andHubDeviceCryptor
rather than instantiating them within the constructor.Modify the constructor to accept these dependencies:
@Inject -public HubRepositoryImpl(Context context) { - this.httpClient = new OkHttpClient.Builder() - // Existing builder code... - .build(); - this.hubDeviceCryptor = HubDeviceCryptor.getInstance(); +public HubRepositoryImpl(Context context, OkHttpClient httpClient, HubDeviceCryptor hubDeviceCryptor) { + this.httpClient = httpClient; + this.hubDeviceCryptor = hubDeviceCryptor; }This allows for easier testing and more flexible configuration.
57-60
: ReuseHttpLoggingInterceptor
instanceCurrently, a new
HttpLoggingInterceptor
is created each timehttpLoggingInterceptor
is called. Since the interceptor is stateless, you can create it once and reuse it, reducing overhead.Refactor by initializing the interceptor once:
+ private final Interceptor httpLoggingInterceptor; ... public HubRepositoryImpl(Context context) { this.httpClient = new OkHttpClient.Builder() - .addInterceptor(httpLoggingInterceptor(context)) + .addInterceptor(httpLoggingInterceptor) // Existing builder code... .build(); + this.httpLoggingInterceptor = createHttpLoggingInterceptor(); this.hubDeviceCryptor = HubDeviceCryptor.getInstance(); } -private Interceptor httpLoggingInterceptor(Context context) { +private Interceptor createHttpLoggingInterceptor() { HttpLoggingInterceptor.Logger logger = message -> Timber.tag("OkHttp").d(message); return new HttpLoggingInterceptor(logger); }
185-195
: Improve exception messages and error handling ingetConfig
The exception messages reference "device" instead of "config," which can be misleading. Also, consider handling specific HTTP error codes for better clarity.
Apply this diff:
if (response.isSuccessful()) { if (response.body() != null) { JSONObject jsonObject = new JSONObject(response.body().string()); return new ConfigDto(jsonObject.getInt("apiLevel")); } else { - throw new FatalBackendException("Failed to load device, response code good but no body"); + throw new FatalBackendException("Failed to load config, response code OK but body is null"); } } else { - throw new FatalBackendException("Failed to load device with response code " + response.code()); + throw new FatalBackendException("Failed to load config with response code " + response.code()); }Additionally, handle specific HTTP status codes if applicable.
148-154
: Ensure consistent date formattingWhen putting the "creationTime" into the JSON object, ensure that the date format aligns with the backend expectations, such as using ISO 8601 format with UTC timezone.
Verify that
Instant.now().toString()
provides the correct format, or consider using a formatter.dto.put("creationTime", Instant.now().toString()); + // Ensure the date is in the correct format, e.g., + dto.put("creationTime", ZonedDateTime.now(ZoneOffset.UTC).format(DateTimeFormatter.ISO_INSTANT));util/src/androidTest/java/org/cryptomator/util/crypto/HubDeviceCryptorTest.java (3)
67-69
: Ensure test assertions provide informative failure messagesThe
assertThat
method from Hamcrest provides more expressive assertion messages. However, combining it with JUnit 5 requires importingorg.hamcrest.MatcherAssert
. Ensure that the assertion imports are consistent with the testing framework.Update the import:
- import static org.junit.Assert.assertThat; + import static org.hamcrest.MatcherAssert.assertThat;Alternatively, if switching entirely to JUnit 5, consider using
assertEquals
for simplicity:- assertThat(deviceId, is("F82D0F002724A2916C5695016A17A7E8A3092FE99E0BF65B44998630330C54CA")); + assertEquals("F82D0F002724A2916C5695016A17A7E8A3092FE99E0BF65B44998630330C54CA", deviceId);
142-142
: Simplify exception assertions using static importsIn the test methods, you're using
Assertions.assertThrows
, but you've already statically importedassertThrows
. For consistency and readability, you can use the statically imported method directly.Update the assertions:
- Assertions.assertThrows(HubDeviceCryptor.InvalidJweKeyException.class, () -> HubDeviceCryptor.decryptUserKey(userKeyJwe, "WRONG_SETUP_CODE")); + assertThrows(HubDeviceCryptor.InvalidJweKeyException.class, () -> HubDeviceCryptor.decryptUserKey(userKeyJwe, "WRONG_SETUP_CODE"));Apply similar changes in other test methods where applicable.
Also applies to: 153-156, 176-176
99-108
: Handle potential exceptions in cryptographic operationsWhile the test assumes successful decryption and comparison of keys, it's good practice to handle potential exceptions that may arise during cryptographic operations, such as
ParseException
orInvalidKeySpecException
.Add appropriate exception declarations to the test method signature or handle them within the method.
- public void testDecryptMasterkeyUsingDeviceKey() throws ParseException { + public void testDecryptMasterkeyUsingDeviceKey() throws Exception {Or handle exceptions using try-catch blocks if specific handling is required.
presentation/src/main/java/org/cryptomator/presentation/presenter/UnlockVaultPresenter.kt (2)
241-264
: Reduce code duplication betweenhubAuthenticationUnlock
andhubAuthenticationCreateDevice
Both methods share similar logic for handling authentication responses and token exchanges.
Extract the shared logic into a separate method to improve maintainability:
private fun handleHubAuthenticationResponse( result: ActivityResult, onSuccess: (String) -> Unit, onError: (Throwable) -> Unit ) { if (result.isResultOk) { val resp = AuthorizationResponse.fromIntent(result.intent()) if (resp != null) { hubAuthService?.performTokenRequest(resp.createTokenExchangeRequest()) { token, ex -> token?.accessToken?.let { onSuccess(it) } ?: onError(HubAuthenticationFailedException(ex ?: Exception("Unknown error during token exchange"))) } } else { val ex = AuthorizationException.fromIntent(result.intent()) onError(HubAuthenticationFailedException(ex)) } } else { onError(HubAuthenticationFailedException()) } }Then update the original methods to use this helper:
fun hubAuthenticationUnlock(result: ActivityResult, vault: Vault, unverifiedHubVaultConfig: UnverifiedHubVaultConfig) { handleHubAuthenticationResponse(result, { accessToken -> // Existing success logic }, { error -> showErrorAndFinish(error) }) }
Line range hint
287-290
: Unutilized methodonWindowFocusChanged
withFIXME
commentThe method
onWindowFocusChanged
is marked with aFIXME
comment and isn't used anywhere in the class.Consider removing this method if it's obsolete or implement its functionality if needed. Would you like assistance in refactoring or determining its necessity?
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
📒 Files selected for processing (48)
buildsystem/dependencies.gradle
(5 hunks)data/build.gradle
(1 hunks)data/src/main/java/org/cryptomator/data/cloud/crypto/CryptoCloudFactory.java
(4 hunks)data/src/main/java/org/cryptomator/data/cloud/crypto/CryptoCloudProvider.java
(1 hunks)data/src/main/java/org/cryptomator/data/cloud/crypto/CryptoConstants.kt
(1 hunks)data/src/main/java/org/cryptomator/data/cloud/crypto/HubkeyCryptoCloudProvider.kt
(1 hunks)data/src/main/java/org/cryptomator/data/cloud/crypto/MasterkeyCryptoCloudProvider.kt
(1 hunks)data/src/main/java/org/cryptomator/data/cloud/crypto/VaultConfig.kt
(2 hunks)data/src/main/java/org/cryptomator/data/repository/CloudRepositoryImpl.java
(1 hunks)data/src/main/java/org/cryptomator/data/repository/HubRepositoryImpl.java
(1 hunks)data/src/main/java/org/cryptomator/data/repository/RepositoryModule.java
(2 hunks)domain/src/main/java/org/cryptomator/domain/UnverifiedHubVaultConfig.kt
(1 hunks)domain/src/main/java/org/cryptomator/domain/UnverifiedVaultConfig.kt
(1 hunks)domain/src/main/java/org/cryptomator/domain/exception/hub/HubAuthenticationFailedException.java
(1 hunks)domain/src/main/java/org/cryptomator/domain/exception/hub/HubDeviceAlreadyRegisteredForOtherUserException.java
(1 hunks)domain/src/main/java/org/cryptomator/domain/exception/hub/HubDeviceSetupRequiredException.java
(1 hunks)domain/src/main/java/org/cryptomator/domain/exception/hub/HubInvalidSetupCodeException.java
(1 hunks)domain/src/main/java/org/cryptomator/domain/exception/hub/HubInvalidVersionException.java
(1 hunks)domain/src/main/java/org/cryptomator/domain/exception/hub/HubLicenseUpgradeRequiredException.java
(1 hunks)domain/src/main/java/org/cryptomator/domain/exception/hub/HubUserSetupRequiredException.java
(1 hunks)domain/src/main/java/org/cryptomator/domain/exception/hub/HubVaultAccessForbiddenException.java
(1 hunks)domain/src/main/java/org/cryptomator/domain/exception/hub/HubVaultIsArchivedException.java
(1 hunks)domain/src/main/java/org/cryptomator/domain/exception/hub/HubVaultOperationNotSupportedException.java
(1 hunks)domain/src/main/java/org/cryptomator/domain/repository/CloudRepository.java
(1 hunks)domain/src/main/java/org/cryptomator/domain/repository/HubRepository.kt
(1 hunks)domain/src/main/java/org/cryptomator/domain/usecases/vault/CreateHubDevice.java
(1 hunks)domain/src/main/java/org/cryptomator/domain/usecases/vault/UnlockHubVault.java
(1 hunks)presentation/build.gradle
(2 hunks)presentation/src/main/java/org/cryptomator/presentation/di/component/ApplicationComponent.java
(2 hunks)presentation/src/main/java/org/cryptomator/presentation/exception/ExceptionHandlers.kt
(2 hunks)presentation/src/main/java/org/cryptomator/presentation/model/ProgressStateModel.kt
(1 hunks)presentation/src/main/java/org/cryptomator/presentation/presenter/UnlockVaultPresenter.kt
(10 hunks)presentation/src/main/java/org/cryptomator/presentation/ui/activity/UnlockVaultActivity.kt
(5 hunks)presentation/src/main/java/org/cryptomator/presentation/ui/activity/view/UnlockVaultView.kt
(2 hunks)presentation/src/main/java/org/cryptomator/presentation/ui/dialog/CreateHubDeviceDialog.kt
(1 hunks)presentation/src/main/java/org/cryptomator/presentation/ui/dialog/HubLicenseUpgradeRequiredDialog.kt
(1 hunks)presentation/src/main/java/org/cryptomator/presentation/ui/dialog/HubUserSetupRequiredDialog.kt
(1 hunks)presentation/src/main/java/org/cryptomator/presentation/ui/dialog/HubVaultAccessForbiddenDialog.kt
(1 hunks)presentation/src/main/java/org/cryptomator/presentation/ui/dialog/HubVaultArchivedDialog.kt
(1 hunks)presentation/src/main/res/layout/dialog_create_hub_device.xml
(1 hunks)presentation/src/main/res/layout/dialog_hub_license_upgrade_required.xml
(1 hunks)presentation/src/main/res/layout/dialog_hub_user_setup_required.xml
(1 hunks)presentation/src/main/res/layout/dialog_hub_vault_access_forbidden.xml
(1 hunks)presentation/src/main/res/layout/dialog_hub_vault_archived.xml
(1 hunks)presentation/src/main/res/values/strings.xml
(2 hunks)util/build.gradle
(2 hunks)util/src/androidTest/java/org/cryptomator/util/crypto/HubDeviceCryptorTest.java
(1 hunks)util/src/main/java/org/cryptomator/util/crypto/HubDeviceCryptor.java
(1 hunks)
✅ Files skipped from review due to trivial changes (4)
- presentation/src/main/res/layout/dialog_hub_license_upgrade_required.xml
- presentation/src/main/res/layout/dialog_hub_user_setup_required.xml
- presentation/src/main/res/layout/dialog_hub_vault_access_forbidden.xml
- presentation/src/main/res/layout/dialog_hub_vault_archived.xml
🧰 Additional context used
🪛 detekt (1.23.7)
presentation/src/main/java/org/cryptomator/presentation/ui/dialog/CreateHubDeviceDialog.kt
[warning] 85-86: This empty block of code can be removed.
(detekt.empty-blocks.EmptyFunctionBlock)
presentation/src/main/java/org/cryptomator/presentation/ui/dialog/HubLicenseUpgradeRequiredDialog.kt
[warning] 34-35: This empty block of code can be removed.
(detekt.empty-blocks.EmptyFunctionBlock)
presentation/src/main/java/org/cryptomator/presentation/ui/dialog/HubVaultAccessForbiddenDialog.kt
[warning] 33-34: This empty block of code can be removed.
(detekt.empty-blocks.EmptyFunctionBlock)
🪛 Gitleaks (8.21.2)
util/src/androidTest/java/org/cryptomator/util/crypto/HubDeviceCryptorTest.java
41-41: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
(generic-api-key)
🔇 Additional comments (44)
domain/src/main/java/org/cryptomator/domain/exception/hub/HubVaultIsArchivedException.java (1)
1-11
: LGTM! The basic exception implementation is correct.
The exception class is appropriately placed in the hub-specific package and extends the correct parent class.
domain/src/main/java/org/cryptomator/domain/exception/hub/HubUserSetupRequiredException.java (2)
1-11
: LGTM! The basic implementation looks good.
The exception class is well-placed in the hub-specific exception package and correctly extends BackendException.
1-11
: Verify exception handling in Hub-related components.
Let's verify how this exception is being caught and handled in the codebase.
✅ Verification successful
Let me try a different search strategy to understand how this exception is used in the codebase.
Exception handling is properly implemented across the codebase
The HubUserSetupRequiredException
is appropriately thrown and handled:
- Thrown in
HubRepositoryImpl
when server returns status code 449, indicating user setup is required - Caught and handled in
UnlockVaultPresenter
which shows a user setup dialog viaview?.showHubUserSetupRequiredDialog(unverifiedHubVaultConfig)
- Part of a comprehensive Hub-related exception handling hierarchy alongside other Hub exceptions
- Proper error messages are defined in the presentation layer's
ExceptionHandlers
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Description: Find usages of HubUserSetupRequiredException to ensure proper error handling
# Search for catch blocks handling this exception
echo "Searching for exception handling..."
rg -A 3 "catch.*HubUserSetupRequiredException"
# Search for throws declarations
echo "Searching for methods that throw this exception..."
rg "throws.*HubUserSetupRequiredException"
# Search for potential UI components that might need to handle this
echo "Searching for related UI components..."
fd -e java -e kt | rg -l "Hub.*Dialog|Hub.*Activity|Hub.*Fragment"
Length of output: 449
Script:
#!/bin/bash
# Search for any references to HubUserSetupRequiredException
echo "Searching for all references to HubUserSetupRequiredException..."
rg "HubUserSetupRequiredException"
# Search for classes that might throw this exception
echo "Searching for Hub-related service/repository classes..."
fd -e java -e kt | rg -l "Hub.*Service|Hub.*Repository"
# Search for any Hub-related error handling
echo "Searching for Hub-related error handling patterns..."
rg -A 5 "Hub.*Exception"
Length of output: 35230
domain/src/main/java/org/cryptomator/domain/exception/hub/HubDeviceSetupRequiredException.java (1)
1-11
: LGTM - Basic implementation is correct
The exception class:
- Correctly extends BackendException
- Is properly placed in the hub-specific exception package
- Follows Java exception handling patterns
domain/src/main/java/org/cryptomator/domain/exception/hub/HubVaultAccessForbiddenException.java (1)
5-9
: LGTM! The basic implementation is correct.
The exception class is appropriately placed in the domain layer and extends the correct parent class.
domain/src/main/java/org/cryptomator/domain/exception/hub/HubInvalidSetupCodeException.java (1)
1-11
: Verify exception handling implementation
Let's verify the exception handling patterns and usage in the codebase.
domain/src/main/java/org/cryptomator/domain/exception/hub/HubLicenseUpgradeRequiredException.java (1)
1-11
: Verify exception handling in Hub-related workflows.
This exception seems to be part of a larger Hub feature implementation. Ensure proper exception handling is implemented in the UI layer to show appropriate upgrade messages to users.
✅ Verification successful
Let me check the content of the HubLicenseUpgradeRequiredDialog to verify proper exception handling.
Let me check the string resources to verify the user-facing messages in the dialog.
Exception handling for Hub license upgrade is properly implemented
The verification shows a complete implementation of the exception handling flow:
- The exception is caught in
UnlockVaultPresenter
and mapped toshowHubLicenseUpgradeRequiredDialog()
- A dedicated dialog
HubLicenseUpgradeRequiredDialog
is implemented with proper user messaging - Clear user-facing messages are defined in string resources explaining the license upgrade requirement
- The exception is properly thrown from the data layer (
HubRepositoryImpl
) based on HTTP response codes
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Description: Check for proper exception handling implementation
# Expected results: Find UI components handling this exception and verify error messages
# Check for exception handling in activities/fragments
rg -t java -t kotlin "catch.*HubLicenseUpgradeRequiredException" -A 5
# Look for related dialog implementations
fd -e java -e kt . | rg -i "hub.*dialog|dialog.*hub"
Length of output: 605
Script:
#!/bin/bash
# Check the implementation of HubLicenseUpgradeRequiredDialog
cat "presentation/src/main/java/org/cryptomator/presentation/ui/dialog/HubLicenseUpgradeRequiredDialog.kt"
# Search for where this dialog is being used
rg "HubLicenseUpgradeRequiredDialog" -l
# Look for exception handling in view models or presenters
rg "HubLicenseUpgradeRequiredException" -A 5
Length of output: 6182
Script:
#!/bin/bash
# Check the dialog's string resources
rg "dialog_hub_license_upgrade_required" presentation/src/main/res/values/strings.xml
# Check UnlockVaultView implementation to verify the dialog showing method
cat "presentation/src/main/java/org/cryptomator/presentation/ui/activity/view/UnlockVaultView.kt"
Length of output: 1672
domain/src/main/java/org/cryptomator/domain/exception/hub/HubInvalidVersionException.java (1)
5-10
: LGTM! The implementation is clean and follows good practices.
The exception class is appropriately placed in the domain layer and follows proper inheritance hierarchy.
domain/src/main/java/org/cryptomator/domain/exception/hub/HubAuthenticationFailedException.java (1)
1-15
: LGTM! The basic implementation follows Java exception handling patterns.
The exception class is properly structured and placed in the appropriate package hierarchy.
data/src/main/java/org/cryptomator/data/cloud/crypto/CryptoConstants.kt (1)
9-9
: LGTM! Well-defined scheme constant.
The HUB_SCHEME
constant follows the established pattern and aligns well with the existing MASTERKEY_SCHEME
constant.
presentation/src/main/java/org/cryptomator/presentation/ui/activity/view/UnlockVaultView.kt (2)
3-3
: Verify the UnverifiedHubVaultConfig import usage
The new import UnverifiedHubVaultConfig
is correctly used in the new Hub-related methods.
Let's verify this is the only place using this class:
✅ Verification successful
Import of UnverifiedHubVaultConfig is correctly used and consistent across the codebase
The import is used consistently throughout the Hub-related components:
- Defined in
domain/src/main/java/org/cryptomator/domain/UnverifiedHubVaultConfig.kt
- Used in view interfaces, activities, dialogs, presenters, and repositories
- All usages are related to Hub vault configuration and authentication flows
- The import in UnlockVaultView.kt is necessary for the Hub-related method signatures
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Description: Check usage of UnverifiedHubVaultConfig across the codebase
rg "UnverifiedHubVaultConfig" --type kotlin
Length of output: 6111
17-21
: Verify error handling in implementing classes
The interface methods appear to handle various error scenarios for Hub vaults appropriately. However, we should ensure implementing classes handle these scenarios gracefully.
Let's check the implementing classes:
✅ Verification successful
Error handling for Hub vaults is properly implemented
The verification shows that UnlockVaultActivity
implements all Hub-related error scenarios appropriately:
- Each method properly delegates to a corresponding dialog using
showDialog
- All required dialog classes are properly imported
- The presenter (
UnlockVaultPresenter
) correctly maps specific Hub exceptions to the appropriate dialog methods - The implementation is consistent and follows a uniform pattern for error handling
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Description: Find implementations of UnlockVaultView
ast-grep --pattern 'class $_ : $$$UnlockVaultView$$$'
Length of output: 55
Script:
#!/bin/bash
# Let's try a different approach using ripgrep to find implementations
rg "class.*implements.*UnlockVaultView|class.*:.*UnlockVaultView" -l
Length of output: 70
Script:
#!/bin/bash
# Also search for Kotlin files that might contain UnlockVaultView implementations
fd -e kt | xargs rg "UnlockVaultView"
Length of output: 767
Script:
#!/bin/bash
# Let's also check where these Hub-related methods are called
rg "show(CreateHubDeviceDialog|HubUserSetupRequiredDialog|HubLicenseUpgradeRequiredDialog|HubVaultAccessForbiddenDialog|HubVaultIsArchivedDialog)"
Length of output: 2693
Script:
#!/bin/bash
# Let's check the implementation in UnlockVaultActivity to see how these dialogs are handled
rg -A 10 "fun show(CreateHubDeviceDialog|HubUserSetupRequiredDialog|HubLicenseUpgradeRequiredDialog|HubVaultAccessForbiddenDialog|HubVaultIsArchivedDialog)" "presentation/src/main/java/org/cryptomator/presentation/ui/activity/UnlockVaultActivity.kt"
Length of output: 1302
Script:
#!/bin/bash
# Let's also check for any dialog-related imports in the Activity
rg "^import.*Dialog" "presentation/src/main/java/org/cryptomator/presentation/ui/activity/UnlockVaultActivity.kt"
Length of output: 756
domain/src/main/java/org/cryptomator/domain/repository/HubRepository.kt (1)
1-5
: LGTM! Clean package structure and minimal imports.
The interface is correctly placed in the domain layer and follows clean architecture principles with minimal dependencies.
data/src/main/java/org/cryptomator/data/repository/RepositoryModule.java (1)
5-5
: LGTM!
The import statement is correctly placed and follows the existing import pattern.
data/src/main/java/org/cryptomator/data/cloud/crypto/CryptoCloudProvider.java (1)
22-22
: Verify the consistency of UnverifiedVaultConfig handling.
The new method takes UnverifiedVaultConfig
as a direct parameter while other methods use Optional<UnverifiedVaultConfig>
. This inconsistency might indicate that Hub vaults always require a config, but this should be verified.
presentation/src/main/java/org/cryptomator/presentation/ui/dialog/HubVaultAccessForbiddenDialog.kt (3)
1-11
: LGTM! Well-structured class declaration
The class is properly structured with appropriate use of data binding, inheritance, and generics.
36-41
: LGTM! Clean factory method implementation
The companion object provides a clear and concise factory method following Kotlin conventions.
18-31
:
Fix return value handling in setOnKeyListener
The lambda's return value handling is incorrect. The boolean return value should be the last expression in both branches.
.setOnKeyListener { _, keyCode, _ ->
if (keyCode == KeyEvent.KEYCODE_BACK) {
dialog?.dismiss()
callback?.onVaultAccessForbiddenDialogFinished()
- true
+ true
} else {
- false
+ false
}
-}
+}
Likely invalid or redundant comment.
presentation/src/main/java/org/cryptomator/presentation/ui/dialog/HubLicenseUpgradeRequiredDialog.kt (1)
1-11
: LGTM: Class structure and imports are well-organized
The class follows Kotlin best practices with proper use of generics and data binding.
presentation/src/main/java/org/cryptomator/presentation/ui/dialog/HubVaultArchivedDialog.kt (2)
1-11
: LGTM! Clean class structure and proper use of imports.
The class is well-organized with appropriate inheritance from BaseDialog
and proper use of data binding.
1-46
: Verify dialog resources and integration.
Let's ensure all required resources exist and the dialog is properly integrated with the Hub support feature.
✅ Verification successful
Dialog resources and integration are properly set up
The verification confirms:
- Required string resources exist in
strings.xml
:dialog_hub_vault_archived_title
is defined with text "Vault archived"dialog_hub_vault_archived_positive_button
references another string resource
- Dialog is properly integrated in
UnlockVaultActivity
which:- Implements the
HubVaultArchivedDialog.Callback
- Shows the dialog via
showDialog(HubVaultArchivedDialog.newInstance())
- Handles the callback
onHubVaultArchivedDialogFinished()
- Implements the
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Description: Verify string resources and dialog usage
# Check if required string resources exist
echo "Checking string resources..."
rg "dialog_hub_vault_archived_title|dialog_hub_vault_archived_positive_button" "presentation/src/main/res/values/strings.xml"
# Check dialog usage in the codebase
echo "Checking dialog usage..."
rg "HubVaultArchivedDialog" --type kotlin
Length of output: 2107
presentation/src/main/java/org/cryptomator/presentation/di/component/ApplicationComponent.java (1)
12-12
: LGTM!
The import is properly placed and maintains the existing import organization.
util/build.gradle (2)
Line range hint 59-68
: LGTM! Good test coverage setup
The addition of junitParams
and mockitoAndroid
for instrumentation tests complements the existing unit test setup, enabling comprehensive test coverage for both unit and integration tests.
56-57
: Verify security implications of the JWT library
The addition of joseJwt
aligns with the Hub support feature. However, JWT libraries require careful version management due to potential security implications.
Let's verify the JWT library version and check for known vulnerabilities:
✅ Verification successful
JWT library version 9.47 is secure and up-to-date
The JWT library version 9.47 is higher than all vulnerable versions found in security advisories:
- Latest HIGH severity issue affects versions < 9.37.2
- All other vulnerabilities affect much older versions
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Description: Check JWT library version and known vulnerabilities
# Check the version defined in dependencies.gradle
echo "Checking JWT version in dependencies.gradle:"
rg "joseJwtVersion" -A 1
# Check for security advisories
gh api graphql -f query='
{
securityVulnerabilities(first: 5, ecosystem: MAVEN, package: "com.nimbusds:nimbus-jose-jwt") {
nodes {
advisory {
summary
severity
publishedAt
}
vulnerableVersionRange
firstPatchedVersion {
identifier
}
}
}
}'
Length of output: 1911
presentation/src/main/java/org/cryptomator/presentation/ui/dialog/HubUserSetupRequiredDialog.kt (3)
1-14
: LGTM! Well-structured dialog class implementation.
The class follows Kotlin best practices with proper use of generics, view binding, and annotations.
1-66
: Verify integration with other Hub-related components.
Let's verify how this dialog integrates with other Hub-related components and ensure consistent error handling.
✅ Verification successful
Based on the examination of the Hub-related dialogs and their integration in the UnlockVaultPresenter, I can now provide a final response:
Integration with Hub components is properly implemented and consistent
The dialog follows the established patterns seen in other Hub-related dialogs:
- Consistent error handling through the Callback interface
- Proper integration with UnlockVaultPresenter for Hub authentication flow
- Follows the same dialog setup pattern as HubVaultAccessForbiddenDialog and HubLicenseUpgradeRequiredDialog
- Proper handling of back button and touch outside events
- Consistent implementation of the BaseDialog pattern
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Check for other Hub-related dialogs and their usage patterns
echo "Checking Hub-related dialog implementations..."
rg -l "HubUserSetupRequiredDialog|Hub.*Dialog" --type kotlin
echo "Checking Hub-related error handling patterns..."
ast-grep --pattern 'class $_ : BaseDialog<$_, $_> {
$$$
interface Callback {
$$$
}
$$$
}'
Length of output: 1126
Script:
#!/bin/bash
# Let's examine the implementation of other Hub-related dialogs to verify consistency
echo "Checking HubVaultAccessForbiddenDialog implementation..."
cat presentation/src/main/java/org/cryptomator/presentation/ui/dialog/HubVaultAccessForbiddenDialog.kt
echo -e "\nChecking HubLicenseUpgradeRequiredDialog implementation..."
cat presentation/src/main/java/org/cryptomator/presentation/ui/dialog/HubLicenseUpgradeRequiredDialog.kt
echo -e "\nChecking usage in UnlockVaultPresenter..."
cat presentation/src/main/java/org/cryptomator/presentation/presenter/UnlockVaultPresenter.kt
Length of output: 26607
25-40
: Review button configuration in dialog setup.
The positive button is configured with neutral button text and behavior, which might be confusing:
- The method
setPositiveButton
is used but the string resource suggests it's a neutral button - The positive button click handler is empty
Let's verify the string resource and button usage:
Consider using setNeutralButton
instead of setPositiveButton
for better semantic clarity:
- .setPositiveButton(getString(R.string.dialog_hub_user_setup_required_neutral_button)) { _: DialogInterface, _: Int -> }
+ .setNeutralButton(getString(R.string.dialog_hub_user_setup_required_neutral_button)) { _: DialogInterface, _: Int -> }
presentation/src/main/res/layout/dialog_create_hub_device.xml (1)
60-74
: Verify visibility handling for progress and error views
Both progress and error views are positioned in the same location. Ensure proper visibility handling in the corresponding dialog class to prevent overlapping.
✅ Verification successful
Visibility handling is properly managed through base class
The CreateHubDeviceDialog inherits from BaseProgressErrorDialog which properly manages the visibility of progress and error views. From the earlier search results, we can see that BaseProgressErrorDialog implements the following visibility logic:
- When showing error: progress view is set to GONE and error view to VISIBLE
- When showing progress: error view is set to GONE and progress view to VISIBLE
This ensures that the views will never be visible simultaneously, preventing any overlap issues.
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Search for the dialog class that manages these views
ast-grep --pattern 'class $_ {
$$$
@+id/ll_dialog_progress
$$$
@+id/ll_dialog_error
$$$
}'
Length of output: 102
Script:
#!/bin/bash
# Search for Kotlin/Java files that reference these view IDs
rg -l "R.id.ll_dialog_progress|ll_dialog_progress|R.id.ll_dialog_error|ll_dialog_error" --type kotlin --type java
# Search for visibility handling patterns in those files
rg "visibility|View.VISIBLE|View.GONE|View.INVISIBLE" --type kotlin --type java -A 2 -B 2
Length of output: 37256
Script:
#!/bin/bash
# Search for the dialog class that manages the create hub device dialog
rg -l "dialog_create_hub_device" --type kotlin --type java
# Then search for visibility handling in those files
rg "ll_dialog_progress|ll_dialog_error" -A 5 -B 5 --type kotlin --type java
Length of output: 227
Script:
#!/bin/bash
# Look at the content of CreateHubDeviceDialog.kt to see how it handles these views
cat presentation/src/main/java/org/cryptomator/presentation/ui/dialog/CreateHubDeviceDialog.kt
# Also check if it inherits from BaseProgressErrorDialog which we saw in earlier results
rg "class CreateHubDeviceDialog.*BaseProgressErrorDialog" --type kotlin
Length of output: 4576
data/src/main/java/org/cryptomator/data/repository/CloudRepositoryImpl.java (1)
114-117
: Verify integration with existing unlock methods.
The implementation follows the same pattern as other unlock methods, which is good. However, we should verify that this new unlock path properly integrates with the existing vault management flow.
✅ Verification successful
Let me gather more specific information about the unlock implementation and its integration.
Based on the gathered information, I can now provide the final response:
The new unlock implementation is properly integrated with the existing vault management flow
The implementation follows the established pattern consistently:
- It correctly delegates to
cryptoCloudFactory.unlock()
like other unlock methods - It uses the same
decryptedViewOf()
pattern for the return value - The method is properly declared in the
CloudRepository
interface - Error handling follows the same
BackendException
pattern
The code shows proper integration with both the interface contract and the underlying CryptoCloudFactory
implementation, maintaining consistency with existing unlock flows.
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Search for other components that might need updates for the new unlock flow
echo "Searching for related unlock implementations..."
rg "unlock.*vault.*config" --type java
echo "Checking for potential Hub-related error handling..."
rg "Hub.*Exception" --type java
echo "Verifying lock/unlock lifecycle handling..."
ast-grep --pattern 'class $_ implements CloudRepository {
$$$
unlock($$$) {
$$$
}
$$$
}'
Length of output: 7915
Script:
#!/bin/bash
# Check for all unlock method implementations and their usage
echo "Searching for unlock method implementations..."
ast-grep --pattern 'unlock($$$) {
$$$
}'
echo "Checking for unlock method calls..."
rg "unlock\(" --type java -A 2
echo "Checking for CryptoCloudFactory usage..."
rg "cryptoCloudFactory" --type java -A 2
Length of output: 15541
presentation/src/main/java/org/cryptomator/presentation/exception/ExceptionHandlers.kt (2)
15-19
: LGTM! Well-organized imports
The new Hub-related exception imports follow the established package structure and maintain good separation of concerns.
82-86
: Verify string resources and consider documentation
While the new Hub-related exception handlers follow the existing pattern, consider these improvements:
- Verify that all referenced string resources exist and contain appropriate error messages
- Consider adding documentation to explain specific scenarios these handlers address
- Review if the handler order affects exception handling precedence
Let's verify the string resources:
Consider adding KDoc comments to document these handlers:
// Example documentation:
/**
* Handles Hub-specific exceptions:
* - HubVaultOperationNotSupportedException: When an operation is not supported for Hub vaults
* - HubAuthenticationFailedException: When Hub authentication fails
* - HubDeviceAlreadyRegisteredForOtherUserException: When attempting to register a device already linked to another user
* - HubInvalidSetupCodeException: When the provided Hub setup code is invalid
* - HubInvalidVersionException: When there's a version mismatch between client and Hub
*/
private fun setupHandlers() {
// ... existing code ...
}
✅ Verification successful
String resources verified and documentation suggestion is valid
All referenced string resources exist in presentation/src/main/res/values/strings.xml
with appropriate error messages that match their corresponding exception handlers:
error_hub_vault_operation_not_supported
error_hub_authentication_failed
error_hub_device_already_register_for_other_user
error_hub_invalid_setup_code
error_hub_invalid_version
The suggestion to add KDoc comments would indeed improve code maintainability by documenting the specific scenarios these handlers address.
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Description: Check if the referenced string resources exist in the strings.xml files
# Search for the string resource definitions
echo "Searching for Hub-related string resources..."
rg -A 1 'name="error_hub_' 'presentation/src/main/res/values/strings.xml'
Length of output: 715
data/build.gradle (1)
199-200
: Verify security of nimbus-jose-jwt dependency
The addition of joseJwt
dependency is appropriate for Hub support implementation. However, let's verify the security of the specified version.
✅ Verification successful
The project uses nimbus-jose-jwt version 9.47, but there is a HIGH severity vulnerability (Denial of Service) affecting versions < 9.37.2 that was published on February 11, 2024. While the current version (9.47) is above the vulnerable range, it's important to note that this is a security-critical dependency used for JWT operations. The version appears to be up-to-date and not affected by any known vulnerabilities.
- ✅ Version 9.47 is above all vulnerable version ranges found in security advisories
- ✅ The dependency is consistently used across data and util modules
- ℹ️ The dependency is properly defined in the central dependencies.gradle file
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Description: Check for security advisories and latest versions of nimbus-jose-jwt
# Check Maven Central for latest versions
curl -s "https://search.maven.org/solrsearch/select?q=g:com.nimbusds+AND+a:nimbus-jose-jwt&rows=5&wt=json" | jq '.response.docs[].v'
# Check for security advisories
gh api graphql -f query='
{
securityVulnerabilities(first: 5, ecosystem: MAVEN, package: "com.nimbusds:nimbus-jose-jwt") {
nodes {
advisory {
summary
severity
publishedAt
}
vulnerableVersionRange
firstPatchedVersion {
identifier
}
}
}
}'
Length of output: 1597
Script:
#!/bin/bash
# Check the actual version specified in the build files
rg -A1 "joseJwt" --type gradle
Length of output: 514
presentation/build.gradle (2)
178-178
: LGTM! AppAuth is a secure choice for OAuth.
The AppAuth library is a well-maintained, security-focused choice for implementing OAuth 2.0 flows. It follows OAuth 2.0 best practices and provides PKCE support by default.
Let's verify the AppAuth version for known vulnerabilities:
✅ Verification successful
Let me verify the specific version being used to ensure completeness.
AppAuth 0.11.1 is secure with no known vulnerabilities
The verification confirms:
- AppAuth version 0.11.1 is being used
- No security vulnerabilities were found in the GitHub Security Advisory Database for this package
- This is a recent stable version of the library
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Description: Check AppAuth version for security advisories
# Check for security advisories in AppAuth
gh api graphql -f query='
{
securityVulnerabilities(first: 5, ecosystem: MAVEN, package: "net.openid:appauth") {
nodes {
advisory {
summary
severity
publishedAt
}
vulnerableVersionRange
firstPatchedVersion {
identifier
}
}
}
}'
Length of output: 353
Script:
#!/bin/bash
# Check the AppAuth version specified in the build files
rg -g "*.gradle*" "appauth" -A 3 -B 3
Length of output: 1679
51-53
: LGTM! Verify redirect URI configuration.
The manifest placeholder for OAuth redirect scheme is correctly configured. The scheme matches the application ID which follows security best practices.
Let's verify the redirect URI configuration is consistent across the app:
✅ Verification successful
LGTM! The OAuth redirect scheme configuration is properly implemented.
The verification confirms that:
- The manifest placeholder
appAuthRedirectScheme
with valueorg.cryptomator.android
matches the Hub redirect URL defined inCryptoConstants.HUB_REDIRECT_URL
- The redirect URL is properly used in the authorization flow in
UnlockVaultPresenter.kt
- No conflicting redirect URI schemes are found in the codebase
- The manifest contains appropriate intent filters for handling OAuth redirects
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Description: Check for any hardcoded redirect URIs that might conflict
# with the configured scheme
# Search for redirect URI strings
rg -i "redirect.*uri|redirect.*url" --type xml
rg -i "org\.cryptomator\.android://"
Length of output: 87
Script:
#!/bin/bash
# Let's try a broader search for OAuth/redirect related configurations
# Search in all file types including Kotlin/Java source files
rg -i "redirect.*uri|redirect.*url|oauth" -A 3
# Also search for any AppAuth configuration code
ast-grep --pattern 'AuthorizationServiceConfiguration($$$)'
# Search for any AndroidManifest.xml files that might contain intent filters
fd "AndroidManifest.xml" --exec grep -A 5 -i "intent-filter"
Length of output: 33258
buildsystem/dependencies.gradle (3)
114-114
: LGTM: Testing dependencies are up-to-date
The mockito-android version (5.14.2) is recent and aligns well with other testing dependencies in the project.
Also applies to: 182-182
148-148
: Verify dependency compatibility with existing libraries
Let's verify that the new JWT and OAuth dependencies don't conflict with existing authentication libraries (e.g., jsonWebToken
, msgraphAuth
).
Also applies to: 172-172
✅ Verification successful
No dependency conflicts detected with AppAuth integration
After analyzing the dependencies in the Gradle files, I can confirm that there are no conflicts between the AppAuth library and the existing authentication libraries. The codebase uses:
- AppAuth (
net.openid:appauth:0.11.1
) for OpenID Connect - MSAL (
com.microsoft.identity.client:msal:4.0.5
) for Microsoft authentication - Auth0 JWT (
com.auth0:java-jwt:4.4.0
) for JWT handling
These libraries serve different purposes and are commonly used together in Android applications:
- AppAuth handles OAuth/OpenID Connect flows
- MSAL is specific to Microsoft authentication
- Auth0 JWT is for JWT token handling
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Description: Check for potential dependency conflicts
# Search for other JWT/OAuth related dependencies
rg -l "jwt|oauth|auth" --type gradle
# Check build.gradle files for potential conflicts
fd -e gradle | xargs cat | grep -E "implementation.*('|\").*:(jwt|oauth|auth)"
Length of output: 208
Script:
#!/bin/bash
# Let's examine the content of the identified Gradle files to check for authentication-related dependencies
echo "=== Content of buildsystem/dependencies.gradle ==="
cat buildsystem/dependencies.gradle
echo -e "\n=== Content of presentation/build.gradle ==="
cat presentation/build.gradle
echo -e "\n=== Content of presentation/prebuild.gradle ==="
cat presentation/prebuild.gradle
Length of output: 21760
67-70
: Verify security implications of JWT and OAuth dependencies
The new dependencies are critical for Hub authentication. Let's verify their versions for known vulnerabilities and latest stable releases.
✅ Verification successful
Let me gather more information about the AppAuth dependency since the PyPI check wasn't successful (AppAuth is actually an Android library, not a Python package).
Dependencies are using latest stable versions and have no known vulnerabilities
The verification shows that both dependencies are using their latest stable versions:
- nimbus-jose-jwt 9.47 (latest on Maven Central)
- AppAuth-Android 0.11.1 (latest on Maven Central)
No security vulnerabilities were found in GitHub's security advisory database for either package.
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Description: Check for security advisories and latest versions
# Check PyPI for latest versions of appauth
curl -s https://pypi.org/pypi/appauth/json | jq '.info.version'
# Check Maven Central for latest versions of nimbus-jose-jwt
curl -s "https://search.maven.org/solrsearch/select?q=g:com.nimbusds+AND+a:nimbus-jose-jwt&rows=1&wt=json" | jq -r '.response.docs[0].latestVersion'
# Check for security advisories
gh api graphql -f query='
{
securityVulnerabilities(first: 5, ecosystem: MAVEN, package: "nimbus-jose-jwt") {
nodes {
advisory {
summary
severity
publishedAt
}
vulnerableVersionRange
firstPatchedVersion {
identifier
}
}
}
}'
Length of output: 575
Script:
#!/bin/bash
# Check Maven Central for latest versions of AppAuth-Android
curl -s "https://search.maven.org/solrsearch/select?q=g:net.openid+AND+a:appauth&rows=1&wt=json" | jq -r '.response.docs[0].latestVersion'
# Check for security advisories for AppAuth
gh api graphql -f query='
{
securityVulnerabilities(first: 5, ecosystem: MAVEN, package: "appauth") {
nodes {
advisory {
summary
severity
publishedAt
}
vulnerableVersionRange
firstPatchedVersion {
identifier
}
}
}
}'
Length of output: 490
presentation/src/main/res/values/strings.xml (1)
47-51
: LGTM! Error messages are clear and comprehensive.
The error messages provide good coverage for Hub-related error scenarios and maintain consistency with the existing error message style.
data/src/main/java/org/cryptomator/data/cloud/crypto/CryptoCloudFactory.java (4)
24-24
: Import of HUB_SCHEME
is appropriate for new hub functionality.
The addition of HUB_SCHEME
import is necessary to support the new hub schemes.
44-44
: Refactored method call improves clarity.
Using masterkeyCryptoCloudProvider().create(location, password);
enhances readability by explicitly indicating the use of the master key provider.
72-74
: Addition of new unlock
method aligns with hub support.
The new unlock
method provides the capability to unlock vaults using JWE keys, which is essential for the hub integration.
92-94
: Introduction of masterkeyCryptoCloudProvider
method enhances code reuse.
Creating a dedicated masterkeyCryptoCloudProvider()
method promotes code reuse and improves encapsulation.
util/src/main/java/org/cryptomator/util/crypto/HubDeviceCryptor.java (1)
196-201
: Verify consistent encoding for device IDs
The getDeviceId
method encodes the hashed key using uppercase hexadecimal. Ensure consistency with other components that may expect device IDs in a specific format (e.g., lowercase).
Please confirm that the device ID format aligns with the expected format in other system components.
util/src/androidTest/java/org/cryptomator/util/crypto/HubDeviceCryptorTest.java (1)
181-188
: Verify the correctness of key encryption and decryption
In the testEncryptAndDecryptUserKey
method, ensure that the encryption and decryption processes are accurately validating the key material.
Run the following script to check for any discrepancies in the key encoding:
✅ Verification successful
Let me check the implementation of the encryption and decryption methods to ensure they're properly handling the key material.
Let me try a different approach to find the implementation using ripgrep.
Key encryption and decryption implementation is correctly verified
The test correctly validates the key material by:
- Using
assertArrayEquals
to compare the encoded bytes of the original private key with the decrypted key - The implementation in
HubDeviceCryptor
shows proper encryption using ECDH-ES with A256GCM and secure key handling with zero-filling of sensitive data
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Description: Verify that the encoded keys before and after encryption/decryption are identical.
# Extract encoded keys from the test method
fd 'HubDeviceCryptorTest.java' -x grep -A 10 'testEncryptAndDecryptUserKey' {}
# Ensure that the byte arrays of the private keys match
# Expected result: The byte arrays are identical, confirming successful encryption and decryption.
Length of output: 487
Script:
#!/bin/bash
# Check the implementation of HubDeviceCryptor
ast-grep --pattern 'encryptUserKey($$$) {
$$$
}'
# Also check the decryption implementation
ast-grep --pattern 'decryptUserKey($$$) {
$$$
}'
Length of output: 105
Script:
#!/bin/bash
# Search for HubDeviceCryptor class implementation
rg -l "class HubDeviceCryptor" --type java
# Once found, show the content of the file
fd "HubDeviceCryptor.java" -x cat {}
Length of output: 8338
domain/src/main/java/org/cryptomator/domain/exception/hub/HubVaultAccessForbiddenException.java
Show resolved
Hide resolved
domain/src/main/java/org/cryptomator/domain/exception/hub/HubInvalidSetupCodeException.java
Show resolved
Hide resolved
...n/src/main/java/org/cryptomator/domain/exception/hub/HubLicenseUpgradeRequiredException.java
Show resolved
Hide resolved
...c/main/java/org/cryptomator/domain/exception/hub/HubVaultOperationNotSupportedException.java
Show resolved
Hide resolved
...va/org/cryptomator/domain/exception/hub/HubDeviceAlreadyRegisteredForOtherUserException.java
Show resolved
Hide resolved
util/src/androidTest/java/org/cryptomator/util/crypto/HubDeviceCryptorTest.java
Show resolved
Hide resolved
presentation/src/main/java/org/cryptomator/presentation/presenter/UnlockVaultPresenter.kt
Show resolved
Hide resolved
presentation/src/main/java/org/cryptomator/presentation/presenter/UnlockVaultPresenter.kt
Show resolved
Hide resolved
presentation/src/main/java/org/cryptomator/presentation/presenter/UnlockVaultPresenter.kt
Outdated
Show resolved
Hide resolved
presentation/src/main/java/org/cryptomator/presentation/presenter/UnlockVaultPresenter.kt
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Copilot reviewed 33 out of 48 changed files in this pull request and generated no suggestions.
Files not reviewed (15)
- buildsystem/dependencies.gradle: Language not supported
- data/build.gradle: Language not supported
- data/src/main/java/org/cryptomator/data/cloud/crypto/CryptoConstants.kt: Language not supported
- data/src/main/java/org/cryptomator/data/cloud/crypto/HubkeyCryptoCloudProvider.kt: Language not supported
- data/src/main/java/org/cryptomator/data/cloud/crypto/MasterkeyCryptoCloudProvider.kt: Language not supported
- data/src/main/java/org/cryptomator/data/cloud/crypto/VaultConfig.kt: Language not supported
- domain/src/main/java/org/cryptomator/domain/UnverifiedHubVaultConfig.kt: Language not supported
- domain/src/main/java/org/cryptomator/domain/UnverifiedVaultConfig.kt: Language not supported
- domain/src/main/java/org/cryptomator/domain/exception/hub/HubAuthenticationFailedException.java: Evaluated as low risk
- domain/src/main/java/org/cryptomator/domain/exception/hub/HubDeviceAlreadyRegisteredForOtherUserException.java: Evaluated as low risk
- domain/src/main/java/org/cryptomator/domain/exception/hub/HubDeviceSetupRequiredException.java: Evaluated as low risk
- domain/src/main/java/org/cryptomator/domain/exception/hub/HubInvalidSetupCodeException.java: Evaluated as low risk
- domain/src/main/java/org/cryptomator/domain/exception/hub/HubInvalidVersionException.java: Evaluated as low risk
- domain/src/main/java/org/cryptomator/domain/exception/hub/HubLicenseUpgradeRequiredException.java: Evaluated as low risk
- domain/src/main/java/org/cryptomator/domain/exception/hub/HubUserSetupRequiredException.java: Evaluated as low risk
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 3
🧹 Outside diff range and nitpick comments (7)
domain/src/main/java/org/cryptomator/domain/exception/vaultconfig/VaultConfigLoadException.java (1)
11-13
: Consider adding documentation about error handling strategy.Since this exception can now wrap any
Throwable
, it would be helpful to document the types of errors that are expected to be wrapped.Add Javadoc to clarify the usage:
+/** + * Thrown when loading a vault configuration fails. + * This can happen due to various reasons including: + * - JWT verification failures + * - Hub authentication issues + * - File system access problems + * @param message The error message + * @param e The underlying cause + */ public VaultConfigLoadException(String message, Throwable e) { super(message, e); }presentation/src/main/java/org/cryptomator/presentation/ui/dialog/CreateHubDeviceDialog.kt (3)
36-44
: Extract button click handler logic into a separate methodThe click listener contains multiple operations and could benefit from being extracted into a dedicated method for better readability and maintainability.
createDeviceButton?.setOnClickListener { + handleCreateDeviceClick() +} + +private fun handleCreateDeviceClick() { val vaultModel = requireArguments().getSerializable(VAULT_ARG) as VaultModel val unverifiedVaultConfig = requireArguments().getSerializable(VAULT_CONFIG_ARG) as UnverifiedHubVaultConfig if (valid(binding.etDeviceName.text.toString(), binding.etSetupCode.text.toString())) { showProgress(ProgressModel(ProgressStateModel.CREATING_HUB_DEVICE)) callback?.onCreateHubDeviceClicked(vaultModel, unverifiedVaultConfig, binding.etDeviceName.text.toString(), binding.etSetupCode.text.toString()) onWaitForResponse(binding.etDeviceName) } -}
64-76
: Consider adding more robust input validationThe current validation only checks for empty fields. Consider adding:
- Maximum length validation for device name
- Character validation (e.g., no special characters)
- Setup code format validation
private fun valid(name: String, setupCode: String): Boolean { return when { name.isEmpty() -> { showError(R.string.dialog_create_hub_device_name_empty) false } + name.length > MAX_DEVICE_NAME_LENGTH -> { + showError(R.string.dialog_create_hub_device_name_too_long) + false + } + !name.matches(DEVICE_NAME_PATTERN) -> { + showError(R.string.dialog_create_hub_device_name_invalid_chars) + false + } setupCode.isEmpty() -> { showError(R.string.dialog_create_hub_device_setup_code_empty) false } + !setupCode.matches(SETUP_CODE_PATTERN) -> { + showError(R.string.dialog_create_hub_device_setup_code_invalid) + false + } else -> true } }
85-86
: Add documentation for empty methodAdd a comment explaining why this method is intentionally empty, as it's required by the superclass but not needed in this implementation.
override fun setupView() { + // Intentionally empty - required by BaseDialog but not needed in this implementation }
🧰 Tools
🪛 detekt (1.23.7)
[warning] 85-86: This empty block of code can be removed.
(detekt.empty-blocks.EmptyFunctionBlock)
data/src/main/java/org/cryptomator/data/cloud/crypto/VaultConfig.kt (1)
103-109
: Consider adding URI scheme validation.While the method correctly validates URI syntax, it might be beneficial to add scheme validation for security purposes.
Consider this enhancement:
private fun parseUri(uriValue: Map<String, Any>, fieldName: String): URI { val uriString = uriValue[fieldName] as? String ?: throw VaultConfigLoadException("Missing or invalid '$fieldName' claim in JWT header") - return try { - URI.create(uriString) + val uri = try { + URI.create(uriString) + } catch (e: IllegalArgumentException) { + throw VaultConfigLoadException("Invalid '$fieldName' URI: ${e.message}", e) + } + + // Validate URI scheme + if (!uri.scheme.equals("https", ignoreCase = true)) { + throw VaultConfigLoadException("Invalid scheme for '$fieldName' URI: must be HTTPS") + } + return uri - } catch (e: IllegalArgumentException) { - throw VaultConfigLoadException("Invalid '$fieldName' URI: ${e.message}", e) - } }presentation/src/main/java/org/cryptomator/presentation/presenter/UnlockVaultPresenter.kt (2)
155-169
: Consider using more specific progress states for Hub authentication.While the implementation correctly handles different vault actions, using
ProgressModel.GENERIC
could be improved to provide more detailed feedback to users during the authentication process.Consider creating Hub-specific progress states:
-view?.showProgress(ProgressModel.GENERIC) +view?.showProgress(ProgressModel(ProgressStateModel.HUB_AUTHENTICATION))
234-266
: Reduce code duplication in Hub authentication flows.The Hub device creation flow shares significant code with the unlock flow, particularly in handling authentication responses and token exchange.
Consider extracting the common authentication logic into a shared method:
private fun handleHubAuthResponse( result: ActivityResult, onTokenReceived: (String) -> Unit, onError: (Throwable) -> Unit ) { if (result.isResultOk) { val resp = AuthorizationResponse.fromIntent(result.intent()) if (resp != null) { hubAuthService?.performTokenRequest(resp.createTokenExchangeRequest()) { token, ex -> token?.accessToken?.let(onTokenReceived) ?: onError(HubAuthenticationFailedException(ex)) } } else { onError(HubAuthenticationFailedException( AuthorizationException.fromIntent(result.intent()) )) } } else { onError(HubAuthenticationFailedException()) } }
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
📒 Files selected for processing (7)
data/src/main/java/org/cryptomator/data/cloud/crypto/VaultConfig.kt
(2 hunks)data/src/main/java/org/cryptomator/data/repository/HubRepositoryImpl.java
(1 hunks)domain/src/main/java/org/cryptomator/domain/UnverifiedHubVaultConfig.kt
(1 hunks)domain/src/main/java/org/cryptomator/domain/exception/vaultconfig/VaultConfigLoadException.java
(1 hunks)presentation/src/main/java/org/cryptomator/presentation/presenter/UnlockVaultPresenter.kt
(10 hunks)presentation/src/main/java/org/cryptomator/presentation/ui/dialog/CreateHubDeviceDialog.kt
(1 hunks)presentation/src/main/java/org/cryptomator/presentation/ui/dialog/HubUserSetupRequiredDialog.kt
(1 hunks)
🚧 Files skipped from review as they are similar to previous changes (3)
- data/src/main/java/org/cryptomator/data/repository/HubRepositoryImpl.java
- domain/src/main/java/org/cryptomator/domain/UnverifiedHubVaultConfig.kt
- presentation/src/main/java/org/cryptomator/presentation/ui/dialog/HubUserSetupRequiredDialog.kt
🧰 Additional context used
📓 Learnings (2)
presentation/src/main/java/org/cryptomator/presentation/presenter/UnlockVaultPresenter.kt (2)
Learnt from: SailReal
PR: cryptomator/android#560
File: presentation/src/main/java/org/cryptomator/presentation/presenter/UnlockVaultPresenter.kt:223-224
Timestamp: 2024-11-26T16:40:40.575Z
Learning: In `UnlockVaultPresenter.kt`, within the `hubAuthenticationUnlock` method, it's acceptable to pass `null` as the cause to `HubAuthenticationFailedException` when `ex` is `null`, as the exception class handles null causes appropriately.
Learnt from: SailReal
PR: cryptomator/android#560
File: presentation/src/main/java/org/cryptomator/presentation/presenter/UnlockVaultPresenter.kt:159-161
Timestamp: 2024-11-26T16:39:17.044Z
Learning: In `UnlockVaultPresenter`, avoid eagerly initializing `hubAuthService` to prevent unnecessary instantiation and disposal when it's not used.
presentation/src/main/java/org/cryptomator/presentation/ui/dialog/CreateHubDeviceDialog.kt (1)
Learnt from: SailReal
PR: cryptomator/android#560
File: presentation/src/main/java/org/cryptomator/presentation/ui/dialog/HubLicenseUpgradeRequiredDialog.kt:34-35
Timestamp: 2024-11-26T16:16:40.691Z
Learning: When subclassing `BaseDialog`, we must implement the abstract method `setupView()`, even if the implementation is empty.
🪛 detekt (1.23.7)
presentation/src/main/java/org/cryptomator/presentation/ui/dialog/CreateHubDeviceDialog.kt
[warning] 85-86: This empty block of code can be removed.
(detekt.empty-blocks.EmptyFunctionBlock)
🔇 Additional comments (6)
domain/src/main/java/org/cryptomator/domain/exception/vaultconfig/VaultConfigLoadException.java (1)
11-13
: LGTM! The generalization of the exception parameter makes sense.
The change from JWTVerificationException
to Throwable
provides more flexibility for Hub support while maintaining the exception handling pattern.
Let's verify the existing usage patterns to ensure this change doesn't break existing error handling:
✅ Verification successful
The change to use Throwable is appropriate and safe
Based on the code analysis:
- The
VaultConfigLoadException
is used primarily inVaultConfig.kt
to wrap various error conditions during vault config loading and verification - The exception is caught in
ExceptionHandlers.kt
with a generic error message (R.string.error_vault_config_loading) - The change from
JWTVerificationException
toThrowable
aligns with actual usage, as the code wraps different types of exceptions:- IllegalArgumentException (for URI parsing)
- JWTVerificationException (for JWT verification)
- Other potential errors from Hub integration
The generalization doesn't impact existing error handling patterns since the exception is handled uniformly at the presentation layer.
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Description: Check for existing catch blocks and throws of VaultConfigLoadException
# to ensure the change doesn't break existing error handling patterns
# Search for catch blocks handling VaultConfigLoadException
echo "Checking catch blocks:"
rg -A 2 "catch.*VaultConfigLoadException"
# Search for places throwing VaultConfigLoadException
echo "Checking throw statements:"
rg "throw new VaultConfigLoadException"
Length of output: 203
Script:
#!/bin/bash
# Let's try a broader search to understand the usage context
# First, let's find all files that reference VaultConfigLoadException
echo "Files referencing VaultConfigLoadException:"
rg -l "VaultConfigLoadException"
# Let's also look for any code that might be constructing this exception
# using a more lenient pattern
echo -e "\nException construction patterns:"
rg -B 2 -A 2 "new VaultConfigLoadException"
# Let's also check the class hierarchy to understand the exception structure
echo -e "\nChecking the exception class definition and hierarchy:"
rg -B 3 -A 3 "class VaultConfigLoadException"
Length of output: 1547
Script:
#!/bin/bash
# Let's check the actual usage in the files we found
echo "Checking VaultConfig.kt implementation:"
rg -B 5 -A 5 "VaultConfigLoadException" data/src/main/java/org/cryptomator/data/cloud/crypto/VaultConfig.kt
echo -e "\nChecking exception handling in ExceptionHandlers.kt:"
rg -B 5 -A 5 "VaultConfigLoadException" presentation/src/main/java/org/cryptomator/presentation/exception/ExceptionHandlers.kt
# Let's also check if there were any JWT related exceptions before
echo -e "\nChecking for any JWT related code:"
rg -l "JWT|jwt"
Length of output: 6393
presentation/src/main/java/org/cryptomator/presentation/ui/dialog/CreateHubDeviceDialog.kt (2)
104-116
: LGTM! Factory method follows best practices
The companion object implementation follows Android fragment creation best practices with proper argument bundling.
27-28
: Verify Serializable implementation of parameter types
The callback methods use serializable parameters (VaultModel
and UnverifiedHubVaultConfig
). Ensure these classes properly implement Serializable
to prevent runtime exceptions.
✅ Verification successful
Based on the results from our verification attempts, we can see that:
VaultModel
properly implementsSerializable
UnverifiedHubVaultConfig
appears to be a data class with no explicit serialization implementation
Let me try one final check to be thorough:
Serialization implementation is properly handled
Both parameters are properly handled for serialization:
VaultModel
directly implementsSerializable
UnverifiedHubVaultConfig
extendsUnverifiedVaultConfig
which implementsSerializable
The serialization concern is properly addressed in the codebase.
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Check if VaultModel and UnverifiedHubVaultConfig implement Serializable
ast-grep --pattern 'class $CLASS implements $$$Serializable$$$' \
&& echo "Checking class implementations..." \
&& rg "class (VaultModel|UnverifiedHubVaultConfig).*implements.*Serializable" -A 2
Length of output: 224
Script:
#!/bin/bash
# Let's try a different approach to check these classes and their inheritance
echo "Searching for VaultModel class definition..."
rg "class VaultModel" -A 5
echo -e "\nSearching for UnverifiedHubVaultConfig class definition..."
rg "class UnverifiedHubVaultConfig" -A 5
echo -e "\nSearching for Parcelable implementations (common in Android for serialization)..."
rg "class (VaultModel|UnverifiedHubVaultConfig).*:.*Parcelable" -A 5
echo -e "\nChecking imports for serialization-related classes..."
rg "^import.*\.(Serializable|Parcelable)" --type kotlin
Length of output: 3735
Script:
#!/bin/bash
# Let's check if UnverifiedHubVaultConfig implements Serializable through its parent class
echo "Checking UnverifiedHubVaultConfig parent class..."
rg "class UnverifiedHubVaultConfig.*extends|implements|:" -B 2
echo -e "\nChecking UnverifiedVaultConfig (potential parent) implementation..."
rg "interface UnverifiedVaultConfig|class UnverifiedVaultConfig" -A 2
Length of output: 145513
Script:
#!/bin/bash
# Let's check UnverifiedVaultConfig interface and its inheritance
echo "Checking UnverifiedVaultConfig interface..."
rg "interface UnverifiedVaultConfig" -A 5 --type kotlin
echo -e "\nChecking if UnverifiedHubVaultConfig implements UnverifiedVaultConfig..."
rg "class UnverifiedHubVaultConfig.*:.*UnverifiedVaultConfig" -A 5 --type kotlin
Length of output: 398
Script:
#!/bin/bash
# Check if UnverifiedHubVaultConfig extends any class or implements any interface
echo "Checking UnverifiedHubVaultConfig full definition..."
rg "class UnverifiedHubVaultConfig" -B 2 -A 10 --type kotlin
echo -e "\nChecking for any base UnverifiedVaultConfig class or interface..."
rg "UnverifiedVaultConfig" -B 2 -A 2 --type kotlin
Length of output: 38528
data/src/main/java/org/cryptomator/data/cloud/crypto/VaultConfig.kt (2)
10-10
: LGTM!
The import is correctly placed and necessary for the new hub support functionality.
86-90
: LGTM! Robust error handling for keyId parsing.
The added try-catch block with specific exception handling improves the robustness of the code.
presentation/src/main/java/org/cryptomator/presentation/presenter/UnlockVaultPresenter.kt (1)
67-69
: LGTM! Proper initialization and cleanup of Hub-related components.
The initialization of Hub-related components follows best practices:
- Lazy initialization of
hubAuthService
to prevent unnecessary instantiation - Proper cleanup in
destroyed()
method - Correct unsubscription of use cases
Also applies to: 80-80, 94-94, 605-607
data/src/main/java/org/cryptomator/data/cloud/crypto/VaultConfig.kt
Outdated
Show resolved
Hide resolved
presentation/src/main/java/org/cryptomator/presentation/presenter/UnlockVaultPresenter.kt
Outdated
Show resolved
Hide resolved
presentation/src/main/java/org/cryptomator/presentation/presenter/UnlockVaultPresenter.kt
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 1
🧹 Outside diff range and nitpick comments (2)
presentation/src/main/java/org/cryptomator/presentation/presenter/UnlockVaultPresenter.kt (2)
155-169
: Consider extracting the Hub scheme check into a constantThe scheme check could be made more maintainable by extracting it into a constant.
+ private companion object { + private const val HUB_SCHEME_PREFIX = "hub" + } - } else if (unverifiedVaultConfig.isPresent && unverifiedVaultConfig.get().keyId.scheme.startsWith(CryptoConstants.HUB_SCHEME)) { + } else if (unverifiedVaultConfig.isPresent && unverifiedVaultConfig.get().keyId.scheme.startsWith(HUB_SCHEME_PREFIX)) {
234-265
: Consider using specific progress states for Hub operationsThe generic progress state could be made more specific for better user feedback.
+ private companion object { + private const val PROGRESS_HUB_DEVICE_CREATION = "HUB_DEVICE_CREATION" + } - view?.showProgress(ProgressModel.GENERIC) + view?.showProgress(ProgressModel(PROGRESS_HUB_DEVICE_CREATION))
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
📒 Files selected for processing (2)
presentation/src/main/java/org/cryptomator/presentation/presenter/UnlockVaultPresenter.kt
(10 hunks)presentation/src/main/java/org/cryptomator/presentation/ui/dialog/HubUserSetupRequiredDialog.kt
(1 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
- presentation/src/main/java/org/cryptomator/presentation/ui/dialog/HubUserSetupRequiredDialog.kt
🧰 Additional context used
📓 Learnings (1)
presentation/src/main/java/org/cryptomator/presentation/presenter/UnlockVaultPresenter.kt (3)
Learnt from: SailReal
PR: cryptomator/android#560
File: presentation/src/main/java/org/cryptomator/presentation/presenter/UnlockVaultPresenter.kt:177-191
Timestamp: 2024-11-26T18:05:58.758Z
Learning: The default implementation of `AuthorizationRequest.Builder` in the AppAuth library already generates and sets the state, nonce, and code verifier using `AuthorizationManagementUtil` and `CodeVerifierUtil`, so it's unnecessary to manually set them.
Learnt from: SailReal
PR: cryptomator/android#560
File: presentation/src/main/java/org/cryptomator/presentation/presenter/UnlockVaultPresenter.kt:223-224
Timestamp: 2024-11-26T16:40:40.575Z
Learning: In `UnlockVaultPresenter.kt`, within the `hubAuthenticationUnlock` method, it's acceptable to pass `null` as the cause to `HubAuthenticationFailedException` when `ex` is `null`, as the exception class handles null causes appropriately.
Learnt from: SailReal
PR: cryptomator/android#560
File: presentation/src/main/java/org/cryptomator/presentation/presenter/UnlockVaultPresenter.kt:159-161
Timestamp: 2024-11-26T16:39:17.044Z
Learning: In `UnlockVaultPresenter`, avoid eagerly initializing `hubAuthService` to prevent unnecessary instantiation and disposal when it's not used.
🔇 Additional comments (4)
presentation/src/main/java/org/cryptomator/presentation/presenter/UnlockVaultPresenter.kt (4)
3-13
: LGTM: Clean integration of Hub-related dependencies
The new imports and constructor parameters are well-organized and properly integrated with the existing codebase.
Also applies to: 22-28, 68-69
80-80
: LGTM: Proper lifecycle management of hubAuthService
The implementation correctly follows the lazy initialization pattern for hubAuthService
and properly handles its disposal in the destroyed()
method.
Also applies to: 94-94
177-232
: LGTM: Robust Hub authentication implementation
The implementation correctly leverages AppAuth's built-in security features and handles various error scenarios appropriately.
605-607
: LGTM: Proper resource cleanup
The new use cases are correctly added to the unsubscription list in the initialization block.
presentation/src/main/java/org/cryptomator/presentation/presenter/UnlockVaultPresenter.kt
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM overall 😁
A few notes:
- I am missing the functionality to log out of hub.
- When trying to open a vault with a user account that hasn't been granted access and that hasn't finished the setup yet, I'd expect to be prompted about the setup, but instead the "No Permission" notification takes precedence.
- Finally I'd also suggest changing the text for
screen_file_browser_add_existing_vault_extra_text
("Select masterkey file").
data/src/main/java/org/cryptomator/data/cloud/crypto/CryptoCloudFactory.java
Outdated
Show resolved
Hide resolved
data/src/main/java/org/cryptomator/data/cloud/crypto/MasterkeyCryptoCloudProvider.kt
Outdated
Show resolved
Hide resolved
data/src/main/java/org/cryptomator/data/cloud/crypto/CryptoCloudFactory.java
Outdated
Show resolved
Hide resolved
data/src/main/java/org/cryptomator/data/cloud/crypto/HubkeyCryptoCloudProvider.kt
Show resolved
Hide resolved
data/src/main/java/org/cryptomator/data/cloud/crypto/HubkeyCryptoCloudProvider.kt
Outdated
Show resolved
Hide resolved
util/src/main/java/org/cryptomator/util/crypto/HubDeviceCryptor.java
Outdated
Show resolved
Hide resolved
util/src/main/java/org/cryptomator/util/crypto/HubDeviceCryptor.java
Outdated
Show resolved
Hide resolved
data/src/main/java/org/cryptomator/data/cloud/crypto/HubkeyCryptoCloudProvider.kt
Outdated
Show resolved
Hide resolved
This is currently only available from your browser and behaves the same as desktop and iOS. We may add it in the future, but as you can configure the time how long the session is valid, as well as logging out via the browser is possible, I'm fine with adding it later one.
This is the same behavior in desktop and iOS. Thought about it as well but I think having a similar experience is more important.
👍 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 2
🧹 Outside diff range and nitpick comments (18)
data/src/main/java/org/cryptomator/data/cloud/crypto/MasterkeyCryptoCloudProvider.kt (1)
293-302
: Consider adding parameter validation.While the implementation is secure using the injected SecureRandom, consider adding null checks for the constructor parameters to fail fast and provide clear error messages.
class UnlockTokenImpl(private val vault: Vault, private val secureRandom: SecureRandom, val keyFileData: ByteArray) : UnlockToken { + init { + requireNotNull(vault) { "Vault must not be null" } + requireNotNull(secureRandom) { "SecureRandom must not be null" } + require(keyFileData.isNotEmpty()) { "KeyFileData must not be empty" } + } override fun getVault(): Vault { return vault }data/src/test/java/org/cryptomator/data/cloud/crypto/MasterkeyCryptoCloudProviderTest.kt (1)
309-309
: Consider using explicit locale in String.formatWhile the current format string only contains
%s
placeholders which are not locale-sensitive, it's a good practice to use explicit locale for consistency and to prevent potential issues if the format string changes in the future.-String.format("%s:%s", CryptoConstants.MASTERKEY_SCHEME, CryptoConstants.MASTERKEY_FILE_NAME) +String.format(Locale.ROOT, "%s:%s", CryptoConstants.MASTERKEY_SCHEME, CryptoConstants.MASTERKEY_FILE_NAME)🧰 Tools
🪛 detekt (1.23.7)
[warning] 309-309: String.format("%s:%s", CryptoConstants.MASTERKEY_SCHEME, CryptoConstants.MASTERKEY_FILE_NAME) uses implicitly default locale for string formatting.
(detekt.potential-bugs.ImplicitDefaultLocale)
presentation/src/main/res/values/strings.xml (2)
533-541
: Consider enhancing the Account Key hint message.The strings are well-structured and provide good user guidance. However, the Account Key hint could be more specific about where in the profile the key can be found.
Consider updating the hint text to be more specific:
- <string name="dialog_create_hub_device_setup_code_hint">Your Account Key is required to login from new apps or browsers. It can be found in your profile.</string> + <string name="dialog_create_hub_device_setup_code_hint">Your Account Key is required to login from new apps or browsers. It can be found in the "Security" section of your Hub profile.</string>
543-559
: Remove extra quotation marks from hint messages.The dialog strings are well-structured, but there are unnecessary quotation marks in some hint messages.
Apply these changes:
- <string name="dialog_hub_vault_access_forbidden_hint">Your user has not yet been authorized to access this vault. Ask the vault owner to authorize it."</string> + <string name="dialog_hub_vault_access_forbidden_hint">Your user has not yet been authorized to access this vault. Ask the vault owner to authorize it.</string> - <string name="dialog_hub_license_upgrade_required_hint">Your Cryptomator Hub instance has an invalid license. Please inform a Hub administrator to upgrade or renew the license."</string> + <string name="dialog_hub_license_upgrade_required_hint">Your Cryptomator Hub instance has an invalid license. Please inform a Hub administrator to upgrade or renew the license.</string>presentation/src/main/java/org/cryptomator/presentation/ui/dialog/HubVaultAccessForbiddenDialog.kt (1)
18-32
: Consider refactoring the dialog setup for better maintainability.A few suggestions to improve the code:
- Extract the common dismiss+callback logic to avoid duplication
- Remove unnecessary line comments (
//
)- Use KeyEvent constants more idiomatically
Here's a suggested improvement:
public override fun setupDialog(builder: AlertDialog.Builder): android.app.Dialog { - builder // - .setTitle(R.string.dialog_hub_vault_access_forbidden_title) // - .setNeutralButton(getString(R.string.dialog_hub_vault_access_forbidden_neutral_button)) { _: DialogInterface, _: Int -> callback?.onVaultAccessForbiddenDialogFinished() } // - .setOnKeyListener { _, keyCode, _ -> - if (keyCode == KeyEvent.KEYCODE_BACK) { - dialog?.dismiss() - callback?.onVaultAccessForbiddenDialogFinished() - true - } else { - false - } - } + private fun dismissWithCallback() { + dialog?.dismiss() + callback?.onVaultAccessForbiddenDialogFinished() + } + + builder + .setTitle(R.string.dialog_hub_vault_access_forbidden_title) + .setNeutralButton(getString(R.string.dialog_hub_vault_access_forbidden_neutral_button)) { _, _ -> + dismissWithCallback() + } + .setOnKeyListener { _, keyCode, _ -> + when (keyCode) { + KeyEvent.KEYCODE_BACK -> { + dismissWithCallback() + true + } + else -> false + } + } return builder.create() }presentation/src/main/java/org/cryptomator/presentation/ui/dialog/CreateHubDeviceDialog.kt (5)
32-41
: Consider simplifying the button click handler.The createDeviceButton variable is only used once and could be inlined. Also, consider extracting the click handler logic into a separate method for better readability.
- val createDeviceButton = dialog.getButton(android.app.Dialog.BUTTON_POSITIVE) - createDeviceButton?.setOnClickListener { + dialog.getButton(android.app.Dialog.BUTTON_POSITIVE)?.setOnClickListener { + handleCreateDeviceClick() + } + private fun handleCreateDeviceClick() { val vaultModel = requireArguments().getSerializable(VAULT_ARG) as VaultModel val unverifiedVaultConfig = requireArguments().getSerializable(VAULT_CONFIG_ARG) as UnverifiedHubVaultConfig if (valid(binding.etDeviceName.text.toString(), binding.etSetupCode.text.toString())) { showProgress(ProgressModel(ProgressStateModel.CREATING_HUB_DEVICE)) callback?.onCreateHubDeviceClicked(vaultModel, unverifiedVaultConfig, binding.etDeviceName.text.toString(), binding.etSetupCode.text.toString()) onWaitForResponse(binding.etDeviceName) } + }
43-51
: Simplify back button handling.The back button handler could be simplified using Kotlin's when expression.
- dialog.setOnKeyListener { _, keyCode, _ -> - if (keyCode == KeyEvent.KEYCODE_BACK) { - dialog.dismiss() - callback?.onCreateHubDeviceCanceled() - true - } else { - false - } - } + dialog.setOnKeyListener { _, keyCode, _ -> + when (keyCode) { + KeyEvent.KEYCODE_BACK -> { + dialog.dismiss() + callback?.onCreateHubDeviceCanceled() + true + } + else -> false + } + }
61-73
: Consider adding more robust validation rules.The current validation only checks for empty fields. Consider adding:
- Maximum length validation
- Character set validation for device name (e.g., no special characters)
- Setup code format validation
82-83
: Add documentation for empty setupView method.Based on the architecture requirements, we must implement
setupView()
even when empty. Consider adding a comment explaining this.override fun setupView() { + // Implementation intentionally empty as per BaseDialog contract }
🧰 Tools
🪛 detekt (1.23.7)
[warning] 82-83: This empty block of code can be removed.
(detekt.empty-blocks.EmptyFunctionBlock)
101-113
: Consider using Parcelize for safer argument passing.Instead of using Serializable, consider using Kotlin's Parcelize for better type safety and performance.
This would require:
- Adding
@Parcelize
annotation toVaultModel
andUnverifiedHubVaultConfig
- Implementing
Parcelable
instead ofSerializable
- Using
putParcelable
instead ofputSerializable
presentation/src/main/java/org/cryptomator/presentation/presenter/UnlockVaultPresenter.kt (2)
Line range hint
145-171
: Consider extracting Hub-specific logic to improve readability.While the logic is correct, the nested conditions make the code harder to maintain. Consider extracting the Hub-specific logic into a separate method.
private fun onUnverifiedVaultConfigRetrieved(unverifiedVaultConfig: Optional<UnverifiedVaultConfig>, vault: Vault) { - if (!unverifiedVaultConfig.isPresent || unverifiedVaultConfig.get().keyLoadingStrategy() == KeyLoadingStrategy.MASTERKEY) { - when (intent.vaultAction()) { - // ... existing masterkey logic - } - } else if (unverifiedVaultConfig.isPresent && unverifiedVaultConfig.get().keyLoadingStrategy() == KeyLoadingStrategy.HUB) { - when (intent.vaultAction()) { - // ... hub logic - } - } + when { + !unverifiedVaultConfig.isPresent || unverifiedVaultConfig.get().keyLoadingStrategy() == KeyLoadingStrategy.MASTERKEY -> handleMasterkeyVault(unverifiedVaultConfig, vault) + unverifiedVaultConfig.get().keyLoadingStrategy() == KeyLoadingStrategy.HUB -> handleHubVault(unverifiedVaultConfig.get() as UnverifiedHubVaultConfig, vault) + } +} + +private fun handleMasterkeyVault(unverifiedVaultConfig: Optional<UnverifiedVaultConfig>, vault: Vault) { + when (intent.vaultAction()) { + // ... existing masterkey logic + } +} + +private fun handleHubVault(unverifiedHubVaultConfig: UnverifiedHubVaultConfig, vault: Vault) { + when (intent.vaultAction()) { + UnlockVaultIntent.VaultAction.UNLOCK -> { + if (hubAuthService == null) { + hubAuthService = AuthorizationService(context()) + } + view?.showProgress(ProgressModel.GENERIC) + unlockHubVault(unverifiedHubVaultConfig, vault) + } + else -> showErrorAndFinish(HubVaultOperationNotSupportedException()) + } }
239-271
: Consider extracting common OAuth2 handling logic.The OAuth2 handling code is duplicated between
hubAuthenticationUnlock
andhubAuthenticationCreateDevice
. Consider extracting the common logic into a reusable method.+private fun handleOAuth2Result( + result: ActivityResult, + onSuccess: (String) -> Unit, + onError: (Throwable) -> Unit +) { + if (result.isResultOk) { + val resp = AuthorizationResponse.fromIntent(result.intent()) + if (resp != null) { + hubAuthService?.performTokenRequest(resp.createTokenExchangeRequest()) { token, ex -> + token?.accessToken?.let(onSuccess) + ?: onError(HubAuthenticationFailedException(ex)) + } + } else { + val ex = AuthorizationException.fromIntent(result.intent()) + onError(HubAuthenticationFailedException(ex)) + } + } else { + onError(HubAuthenticationFailedException()) + } +}domain/src/main/java/org/cryptomator/domain/UnverifiedVaultConfig.kt (1)
10-21
: Consider adding documentation for the KeyLoadingStrategy enum.While the implementation is clean, adding KDoc comments explaining each strategy's purpose and usage would improve maintainability.
Consider adding documentation:
+/** + * Defines strategies for loading vault keys. + */ enum class KeyLoadingStrategy(private val prefix: String) { + /** + * Strategy for loading keys from masterkey files + */ MASTERKEY("masterkey+"), + /** + * Strategy for loading keys from Cryptomator Hub + */ HUB("hub+http");data/src/main/java/org/cryptomator/data/cloud/crypto/HubkeyCryptoCloudProvider.kt (3)
28-30
: Standardize Exception Messages for Unsupported OperationsThe exception message in the
create()
method could be standardized to align with other methods. Consider rephrasing to "Hub vaults do not support vault creation" for consistency.
33-35
: Consistency in Exception Messages Across MethodsMultiple methods throw
UnsupportedOperationException
with slightly different messages:
unlock()
methods (lines 33-35 and 38-40): "Hub vaults do not support password based unlock"createUnlockToken()
(lines 70-72): "Hub vaults do not support password based unlock"isVaultPasswordValid()
(lines 80-82): "Hub vaults do not support password based unlock"changePassword()
(lines 96-99): "Hub vaults do not support password based unlock"For clarity and maintainability, consider standardizing these exception messages. A uniform message like "Operation not supported for Hub vaults" would improve consistency.
Also applies to: 38-40, 70-72, 80-82, 96-99
74-77
: Specify Visibility Modifier for Testing MethodThe
cryptorFor()
method is marked with a comment// Visible for testing
, but it has default public visibility. In Kotlin, you can restrict visibility to module scope by using theinternal
modifier or make itprivate
if it doesn't need to be accessed outside this class.Consider specifying the appropriate visibility modifier to encapsulate the method properly:
// Visible for testing internal fun cryptorFor(masterkey: Masterkey, vaultCipherCombo: CryptorProvider.Scheme): Cryptor { return CryptorProvider.forScheme(vaultCipherCombo).provide(masterkey, secureRandom) }util/src/main/java/org/cryptomator/util/crypto/HubDeviceCryptor.java (2)
145-148
: Consider throwing a more specific exception when encoded key is nullIn the
encryptKey
method, ifkey.getEncoded()
returnsnull
, throwing aRuntimeException
may be too generic. Consider throwing a custom exception to provide more context about the error.Apply this diff to introduce a custom exception:
+ public static class KeyEncodingException extends CryptoException { + + public KeyEncodingException(String message) { + super(message); + } + } var encodedKey = key.getEncoded(); if (encodedKey == null) { - throw new RuntimeException("Encoded key is null"); + throw new KeyEncodingException("Encoded key is null"); }
200-206
: Consider throwing a more specific exception when public key encoding failsIn
getDevicePublicKeyEncoded
, ifgetEncoded()
returnsnull
, throwing aRuntimeException
might be too general. Using a custom exception can provide clearer context.Apply this diff to utilize a custom exception:
var devicePublicKey = getDevicePublicKey().getEncoded(); if (devicePublicKey == null) { - throw new RuntimeException("Encoded Hub device key is null"); + throw new KeyEncodingException("Encoded Hub device key is null"); } return devicePublicKey;Assuming
KeyEncodingException
is defined as suggested previously.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
📒 Files selected for processing (15)
data/src/main/java/org/cryptomator/data/cloud/crypto/CryptoCloudFactory.java
(4 hunks)data/src/main/java/org/cryptomator/data/cloud/crypto/CryptoConstants.kt
(2 hunks)data/src/main/java/org/cryptomator/data/cloud/crypto/HubkeyCryptoCloudProvider.kt
(1 hunks)data/src/main/java/org/cryptomator/data/cloud/crypto/MasterkeyCryptoCloudProvider.kt
(3 hunks)data/src/main/java/org/cryptomator/data/cloud/crypto/VaultConfig.kt
(2 hunks)data/src/main/java/org/cryptomator/data/repository/HubRepositoryImpl.java
(1 hunks)data/src/test/java/org/cryptomator/data/cloud/crypto/MasterkeyCryptoCloudProviderTest.kt
(4 hunks)domain/src/main/java/org/cryptomator/domain/UnverifiedVaultConfig.kt
(1 hunks)presentation/src/main/java/org/cryptomator/presentation/presenter/UnlockVaultPresenter.kt
(10 hunks)presentation/src/main/java/org/cryptomator/presentation/ui/dialog/CreateHubDeviceDialog.kt
(1 hunks)presentation/src/main/java/org/cryptomator/presentation/ui/dialog/HubUserSetupRequiredDialog.kt
(1 hunks)presentation/src/main/java/org/cryptomator/presentation/ui/dialog/HubVaultAccessForbiddenDialog.kt
(1 hunks)presentation/src/main/res/values/strings.xml
(3 hunks)util/src/androidTest/java/org/cryptomator/util/crypto/HubDeviceCryptorTest.java
(1 hunks)util/src/main/java/org/cryptomator/util/crypto/HubDeviceCryptor.java
(1 hunks)
🚧 Files skipped from review as they are similar to previous changes (2)
- presentation/src/main/java/org/cryptomator/presentation/ui/dialog/HubUserSetupRequiredDialog.kt
- data/src/main/java/org/cryptomator/data/repository/HubRepositoryImpl.java
🧰 Additional context used
📓 Learnings (6)
data/src/main/java/org/cryptomator/data/cloud/crypto/CryptoCloudFactory.java (1)
Learnt from: SailReal
PR: cryptomator/android#560
File: data/src/main/java/org/cryptomator/data/cloud/crypto/CryptoCloudFactory.java:104-105
Timestamp: 2024-11-26T16:25:01.574Z
Learning: In `CryptoCloudFactory.java`, within the `cryptoCloudProvider` method, the scheme comparison uses `startsWith(HUB_SCHEME)` instead of `equals`, because the scheme could be `hub+https` vs `hub+`, so exact match is not possible.
util/src/androidTest/java/org/cryptomator/util/crypto/HubDeviceCryptorTest.java (3)
Learnt from: SailReal
PR: cryptomator/android#560
File: util/src/androidTest/java/org/cryptomator/util/crypto/HubDeviceCryptorTest.java:35-38
Timestamp: 2024-11-26T16:41:37.393Z
Learning: In the test file `util/src/androidTest/java/org/cryptomator/util/crypto/HubDeviceCryptorTest.java`, it's acceptable to include hardcoded private keys for testing cryptographic operations.
Learnt from: SailReal
PR: cryptomator/android#560
File: util/src/androidTest/java/org/cryptomator/util/crypto/HubDeviceCryptorTest.java:8-9
Timestamp: 2024-11-26T16:42:11.315Z
Learning: Android integration tests in the `cryptomator/android` project do not support JUnit 5. Therefore, JUnit 4 must be used in integration test files like `util/src/androidTest/java/org/cryptomator/util/crypto/HubDeviceCryptorTest.java`.
Learnt from: SailReal
PR: cryptomator/android#560
File: util/src/androidTest/java/org/cryptomator/util/crypto/HubDeviceCryptorTest.java:41-41
Timestamp: 2024-11-26T16:40:59.806Z
Learning: In the Cryptomator Android project, it's acceptable to include hardcoded cryptographic keys in test files such as `HubDeviceCryptorTest.java` for testing purposes.
presentation/src/main/java/org/cryptomator/presentation/ui/dialog/HubVaultAccessForbiddenDialog.kt (1)
Learnt from: SailReal
PR: cryptomator/android#560
File: presentation/src/main/java/org/cryptomator/presentation/ui/dialog/HubLicenseUpgradeRequiredDialog.kt:34-35
Timestamp: 2024-11-26T16:16:40.691Z
Learning: When subclassing `BaseDialog`, we must implement the abstract method `setupView()`, even if the implementation is empty.
util/src/main/java/org/cryptomator/util/crypto/HubDeviceCryptor.java (6)
Learnt from: SailReal
PR: cryptomator/android#560
File: util/src/main/java/org/cryptomator/util/crypto/HubDeviceCryptor.java:136-137
Timestamp: 2024-11-26T16:21:42.070Z
Learning: In the `HubDeviceCryptor` class (`util/src/main/java/org/cryptomator/util/crypto/HubDeviceCryptor.java`), it's acceptable to log the JWE payload upon an exception because the data is encrypted (e2ee) and considered safe to log in this context.
Learnt from: SailReal
PR: cryptomator/android#560
File: util/src/main/java/org/cryptomator/util/crypto/HubDeviceCryptor.java:171-175
Timestamp: 2024-11-26T16:56:59.280Z
Learning: In Java, calling `destroy()` on `ECPrivateKey` can throw `DestroyFailedException`, making it impractical to securely clear the key material in this context.
Learnt from: SailReal
PR: cryptomator/android#560
File: util/src/androidTest/java/org/cryptomator/util/crypto/HubDeviceCryptorTest.java:35-38
Timestamp: 2024-11-26T16:41:37.393Z
Learning: In the test file `util/src/androidTest/java/org/cryptomator/util/crypto/HubDeviceCryptorTest.java`, it's acceptable to include hardcoded private keys for testing cryptographic operations.
Learnt from: SailReal
PR: cryptomator/android#560
File: util/src/androidTest/java/org/cryptomator/util/crypto/HubDeviceCryptorTest.java:41-41
Timestamp: 2024-11-26T16:40:59.806Z
Learning: In the Cryptomator Android project, it's acceptable to include hardcoded cryptographic keys in test files such as `HubDeviceCryptorTest.java` for testing purposes.
Learnt from: SailReal
PR: cryptomator/android#560
File: util/src/main/java/org/cryptomator/util/crypto/HubDeviceCryptor.java:158-160
Timestamp: 2024-11-26T16:20:51.937Z
Learning: In `HubDeviceCryptor.java`, having multiple methods named `encryptUserKey` with different parameters and purposes is acceptable and clear.
Learnt from: SailReal
PR: cryptomator/android#560
File: util/src/main/java/org/cryptomator/util/crypto/HubDeviceCryptor.java:124-125
Timestamp: 2024-11-26T16:21:54.856Z
Learning: In `HubDeviceCryptor.java`, it is acceptable to log the JWE payload in error messages, as the data is end-to-end encrypted (e2ee).
presentation/src/main/java/org/cryptomator/presentation/presenter/UnlockVaultPresenter.kt (4)
Learnt from: SailReal
PR: cryptomator/android#560
File: presentation/src/main/java/org/cryptomator/presentation/presenter/UnlockVaultPresenter.kt:547-556
Timestamp: 2024-11-26T18:13:01.733Z
Learning: In `UnlockVaultPresenter.kt`, when `unverifiedVaultConfig.apiBaseUrl` is a `URI`, using `resolve()` is acceptable for constructing relative paths.
Learnt from: SailReal
PR: cryptomator/android#560
File: presentation/src/main/java/org/cryptomator/presentation/presenter/UnlockVaultPresenter.kt:177-191
Timestamp: 2024-11-26T18:05:58.758Z
Learning: The default implementation of `AuthorizationRequest.Builder` in the AppAuth library already generates and sets the state, nonce, and code verifier using `AuthorizationManagementUtil` and `CodeVerifierUtil`, so it's unnecessary to manually set them.
Learnt from: SailReal
PR: cryptomator/android#560
File: presentation/src/main/java/org/cryptomator/presentation/presenter/UnlockVaultPresenter.kt:223-224
Timestamp: 2024-11-26T16:40:40.575Z
Learning: In `UnlockVaultPresenter.kt`, within the `hubAuthenticationUnlock` method, it's acceptable to pass `null` as the cause to `HubAuthenticationFailedException` when `ex` is `null`, as the exception class handles null causes appropriately.
Learnt from: SailReal
PR: cryptomator/android#560
File: presentation/src/main/java/org/cryptomator/presentation/presenter/UnlockVaultPresenter.kt:159-161
Timestamp: 2024-11-26T16:39:17.044Z
Learning: In `UnlockVaultPresenter`, avoid eagerly initializing `hubAuthService` to prevent unnecessary instantiation and disposal when it's not used.
presentation/src/main/java/org/cryptomator/presentation/ui/dialog/CreateHubDeviceDialog.kt (1)
Learnt from: SailReal
PR: cryptomator/android#560
File: presentation/src/main/java/org/cryptomator/presentation/ui/dialog/HubLicenseUpgradeRequiredDialog.kt:34-35
Timestamp: 2024-11-26T16:16:40.691Z
Learning: When subclassing `BaseDialog`, we must implement the abstract method `setupView()`, even if the implementation is empty.
🪛 detekt (1.23.7)
data/src/test/java/org/cryptomator/data/cloud/crypto/MasterkeyCryptoCloudProviderTest.kt
[warning] 309-309: String.format("%s:%s", CryptoConstants.MASTERKEY_SCHEME, CryptoConstants.MASTERKEY_FILE_NAME) uses implicitly default locale for string formatting.
(detekt.potential-bugs.ImplicitDefaultLocale)
presentation/src/main/java/org/cryptomator/presentation/ui/dialog/HubVaultAccessForbiddenDialog.kt
[warning] 34-35: This empty block of code can be removed.
(detekt.empty-blocks.EmptyFunctionBlock)
presentation/src/main/java/org/cryptomator/presentation/ui/dialog/CreateHubDeviceDialog.kt
[warning] 82-83: This empty block of code can be removed.
(detekt.empty-blocks.EmptyFunctionBlock)
🪛 Gitleaks (8.21.2)
util/src/androidTest/java/org/cryptomator/util/crypto/HubDeviceCryptorTest.java
41-41: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
(generic-api-key)
🔇 Additional comments (42)
data/src/main/java/org/cryptomator/data/cloud/crypto/MasterkeyCryptoCloudProvider.kt (2)
129-131
: LGTM! Clear separation of concerns for hub-based unlocking.
The implementation correctly throws an UnsupportedOperationException with a clear message, maintaining a clean separation between password-based and hub-based vault unlocking mechanisms.
160-160
: LGTM! Proper injection of SecureRandom dependency.
The constructor update correctly includes the SecureRandom parameter, which is essential for cryptographic operations.
data/src/test/java/org/cryptomator/data/cloud/crypto/MasterkeyCryptoCloudProviderTest.kt (4)
168-168
: LGTM: Constructor update properly includes SecureRandom parameter
The updated constructor call correctly includes the secureRandom
parameter while maintaining the existing test logic.
195-195
: LGTM: Constructor update maintains legacy vault compatibility
The updated constructor call correctly includes the secureRandom
parameter while preserving the legacy vault unlocking functionality.
209-209
: LGTM: Constructor update preserves error handling
The updated constructor call correctly includes the secureRandom
parameter while maintaining the expected error handling behavior.
305-305
: LGTM: Constructor updates maintain password validation for both formats
The updated constructor calls correctly include the secureRandom
parameter while preserving password validation functionality for both legacy and new vault formats.
Also applies to: 313-313
presentation/src/main/res/values/strings.xml (1)
47-51
: LGTM! Error messages are well-structured and clear.
The Hub-related error messages follow the existing pattern and provide clear feedback to users.
presentation/src/main/java/org/cryptomator/presentation/ui/dialog/HubVaultAccessForbiddenDialog.kt (4)
1-11
: LGTM! Class structure and imports are well organized.
The dialog implementation follows the established pattern with proper data binding and inheritance.
13-16
: LGTM! Well-defined callback interface.
The interface follows the single responsibility principle with a clear and descriptive method name.
34-35
: Empty setupView implementation is acceptable.
The empty implementation is intentional as per the BaseDialog contract. While static analysis flags this as an issue, we know from previous feedback that this is the expected pattern when no additional view setup is needed.
🧰 Tools
🪛 detekt (1.23.7)
[warning] 34-35: This empty block of code can be removed.
(detekt.empty-blocks.EmptyFunctionBlock)
37-42
: LGTM! Simple and effective factory method.
The companion object provides a clean factory method following the standard pattern.
data/src/main/java/org/cryptomator/data/cloud/crypto/CryptoConstants.kt (2)
9-9
: Deep link configuration needs additional security measures
The OAuth 2.0 redirect URL constant requires proper security configuration in the Android manifest.
Let's verify the manifest configuration and usage:
#!/bin/bash
# Description: Verify the hub redirect URL usage and security configuration
# Check for any direct usages of the redirect URL
rg "org\.cryptomator\.android:/hub/auth"
# Check OAuth configuration classes
ast-grep --pattern 'class $_ {
$$$
$HUB_REDIRECT_URL
$$$
}'
# Check for proper intent filter configuration
rg -A 10 "android.intent.action.VIEW.*hub/auth" --type xml
19-19
: Verify hub vault version compatibility
The minimum hub vault version is set to 8, which matches MAX_VAULT_VERSION
. This implies that hub vaults require the latest vault format. Please verify:
- That this is intentional and required for hub functionality
- The upgrade path for existing vaults
Let's check the version usage:
✅ Verification successful
Let me gather more information about vault versioning and upgrade paths:
Based on the gathered information, I can now provide a final response:
Hub vault version requirement is intentional and correct
The version requirement is intentionally set to match MAX_VAULT_VERSION = 8
as hub vaults only support the latest format. This is validated in HubkeyCryptoCloudProvider
:
- Vaults below version 8 are rejected with
UnsupportedVaultFormatException
- No upgrade path exists because hub vaults are expected to be created in the latest format
- Regular vaults have a lower minimum version (
MIN_VAULT_VERSION = 5
) and support upgrades through CBC migration
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Description: Verify hub vault version handling
# Check for version validation logic
rg -B 2 -A 2 "MIN_HUB_VAULT_VERSION"
# Check for version upgrade handling
ast-grep --pattern 'class $_ {
$$$
upgrade($_, $_) {
$$$
}
$$$
}'
Length of output: 1517
Script:
#!/bin/bash
# Check for MAX_VAULT_VERSION usage and value
rg -B 2 -A 2 "MAX_VAULT_VERSION"
# Look for vault version upgrade related code
rg -B 2 -A 2 "upgrade.*[Vv]ault"
# Check for any vault migration or version conversion logic
rg -B 2 -A 2 "(migrate|conversion).*[Vv]ault"
Length of output: 12245
presentation/src/main/java/org/cryptomator/presentation/ui/dialog/CreateHubDeviceDialog.kt (2)
19-26
: LGTM! Well-structured dialog class and interface definition.
The class is properly annotated and follows a clean architecture pattern with a clear callback interface.
1-115
: Overall implementation looks good!
The dialog implementation is well-structured and follows good practices. While there are some suggestions for improvements, the current implementation is solid and ready for production.
🧰 Tools
🪛 detekt (1.23.7)
[warning] 82-83: This empty block of code can be removed.
(detekt.empty-blocks.EmptyFunctionBlock)
presentation/src/main/java/org/cryptomator/presentation/presenter/UnlockVaultPresenter.kt (5)
69-70
: LGTM: Constructor and initialization changes are well-implemented.
The new dependencies are properly injected, and the hubAuthService
is correctly managed with lazy initialization and proper cleanup in the destroyed()
method.
Also applies to: 81-81, 95-95, 610-612
178-192
: LGTM: OAuth2 authentication implementation is secure.
The implementation correctly uses the AppAuth library for OAuth2 authentication. The library handles security parameters (state, nonce, PKCE) automatically.
194-211
: LGTM: OAuth2 callback handling is robust.
The implementation properly handles the authorization response and token exchange, with comprehensive error handling for all scenarios.
213-237
: LGTM: Hub vault unlocking with comprehensive error handling.
The implementation properly handles all Hub-specific exceptions with appropriate UI feedback for each case.
552-561
: LGTM: Hub profile navigation is correctly implemented.
The implementation properly uses URI.resolve for constructing the profile URL, which is acceptable for relative paths as per the learnings.
domain/src/main/java/org/cryptomator/domain/UnverifiedVaultConfig.kt (2)
6-6
: LGTM! Good use of inheritance.
The change to make the class and its properties open enables proper extension for Hub support while maintaining encapsulation.
7-8
: LGTM! Clean implementation of strategy determination.
The keyLoadingStrategy()
method provides a clean way to determine the loading strategy from the keyId.
data/src/main/java/org/cryptomator/data/cloud/crypto/CryptoCloudFactory.java (2)
77-79
: LGTM! Well-structured unlock method.
The new unlock method properly delegates to the appropriate CryptoCloudProvider based on the UnverifiedVaultConfig.
107-110
: LGTM! Clean switch implementation using KeyLoadingStrategy.
The switch statement properly handles different key loading strategies and creates appropriate providers.
data/src/main/java/org/cryptomator/data/cloud/crypto/VaultConfig.kt (3)
87-91
: LGTM! Robust error handling for keyId parsing.
The try-catch block properly handles and wraps IllegalArgumentException with a descriptive VaultConfigLoadException.
105-116
: LGTM! Well-implemented URI parsing helper.
The parseUri method properly handles:
- Null/invalid field values
- Optional trailing slash
- URI parsing errors
92-102
:
Add validation for hub claim existence and structure.
While the code handles individual field validation, it should first validate the existence and structure of the hub claim itself.
Apply this improvement:
return when (KeyLoadingStrategy.fromKeyId(keyId)) {
KeyLoadingStrategy.MASTERKEY -> UnverifiedVaultConfig(token, keyId, vaultFormat)
KeyLoadingStrategy.HUB -> {
- val hubClaim = unverifiedJwt.getHeaderClaim("hub").asMap()
+ val hubClaim = unverifiedJwt.getHeaderClaim("hub").asMap()
+ ?: throw VaultConfigLoadException("Missing 'hub' claim in JWT header")
+ if (hubClaim.isEmpty()) {
+ throw VaultConfigLoadException("Empty 'hub' claim in JWT header")
+ }
val clientId = hubClaim["clientId"] as? String ?: throw VaultConfigLoadException("Missing or invalid 'clientId' claim in JWT header")
Likely invalid or redundant comment.
data/src/main/java/org/cryptomator/data/cloud/crypto/HubkeyCryptoCloudProvider.kt (1)
22-101
: Refactor to Reduce Code Duplication with MasterkeyCryptoCloudProvider
The implementation of HubkeyCryptoCloudProvider
shares similarities with MasterkeyCryptoCloudProvider
, particularly in methods related to vault unlocking and exception handling. To enhance maintainability and reduce code duplication, consider refactoring common functionalities into a shared base class or utility methods.
util/src/main/java/org/cryptomator/util/crypto/HubDeviceCryptor.java (14)
57-75
: Initialization logic is correctly implemented
The constructor correctly initializes the KeyStore
and generates an EC key pair if it does not already exist. Exception handling covers all necessary exceptions during key store operations.
77-84
: Singleton pattern implementation is appropriate
The getInstance()
method properly implements the singleton pattern, ensuring a single instance of HubDeviceCryptor
is used throughout the application.
86-93
: User key decryption with setup code is robust
The method decryptUserKey(JWEObject jwe, String setupCode)
correctly decrypts the JWE object using the provided setup code and handles exceptions appropriately by throwing InvalidJweKeyException
.
95-102
: User key decryption with device key is correctly handled
The method decryptUserKey(JWEObject jwe, PrivateKey deviceKey)
effectively decrypts the JWE object using the device's private key and manages exceptions properly.
104-118
: Private key decoding is properly managed
The decodeECPrivateKey
method accurately decodes the encoded EC private key and provides clear exception handling for different failure scenarios.
120-141
: Robust handling of JWE payload in readKey
method
The method ensures that the JWE payload is a valid JSON object and gracefully handles cases where the payload is invalid or missing expected fields. Logging the payload upon an exception is acceptable in this context as per project guidelines.
162-164
: Method delegation enhances code readability
The encryptUserKey
method cleanly delegates to the encryptKey
method, promoting code reuse and maintaining clarity in the codebase.
166-173
: Vault key decryption is effectively implemented
The decryptVaultKey
method accurately decrypts the vault key using the provided private key, with proper exception handling through InvalidJweKeyException
.
175-179
: Re-encryption of user key is properly handled
The reEncryptUserKey
method correctly decrypts the user key using the setup code and re-encrypts it with the device's public key. The method ensures secure handling of cryptographic keys as per project standards.
181-189
: Device-based vault key decryption operates correctly
This method retrieves the device's private key from the KeyStore
and uses it to decrypt both the user key and the vault key, managing exceptions appropriately.
191-198
: Device public key retrieval is correctly implemented
The getDevicePublicKey
method successfully retrieves the device's public key from the KeyStore
, with proper handling of potential KeyStoreException
.
208-214
: Device ID generation follows best practices
The getDeviceId
method correctly generates a unique identifier by hashing the device's public key using SHA-256 and encoding it in hexadecimal format, ensuring consistency and uniqueness.
216-221
: KeyDecodeFailedException
is well-defined
The custom exception provides a clear message and encapsulates the cause, enhancing error handling related to key decoding failures.
223-229
: InvalidJweKeyException
effectively manages JWE errors
This custom exception appropriately handles scenarios where a JWE key is invalid, providing clarity in exception handling.
data/src/main/java/org/cryptomator/data/cloud/crypto/CryptoCloudFactory.java
Outdated
Show resolved
Hide resolved
util/src/androidTest/java/org/cryptomator/util/crypto/HubDeviceCryptorTest.java
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 2
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
📒 Files selected for processing (2)
data/src/main/java/org/cryptomator/data/cloud/crypto/CryptoCloudFactory.java
(4 hunks)util/src/androidTest/java/org/cryptomator/util/crypto/HubDeviceCryptorTest.java
(1 hunks)
🧰 Additional context used
📓 Learnings (2)
data/src/main/java/org/cryptomator/data/cloud/crypto/CryptoCloudFactory.java (1)
Learnt from: SailReal
PR: cryptomator/android#560
File: data/src/main/java/org/cryptomator/data/cloud/crypto/CryptoCloudFactory.java:104-105
Timestamp: 2024-11-26T16:25:01.574Z
Learning: In `CryptoCloudFactory.java`, within the `cryptoCloudProvider` method, the scheme comparison uses `startsWith(HUB_SCHEME)` instead of `equals`, because the scheme could be `hub+https` vs `hub+`, so exact match is not possible.
util/src/androidTest/java/org/cryptomator/util/crypto/HubDeviceCryptorTest.java (3)
Learnt from: SailReal
PR: cryptomator/android#560
File: util/src/androidTest/java/org/cryptomator/util/crypto/HubDeviceCryptorTest.java:35-38
Timestamp: 2024-11-26T16:41:37.393Z
Learning: In the test file `util/src/androidTest/java/org/cryptomator/util/crypto/HubDeviceCryptorTest.java`, it's acceptable to include hardcoded private keys for testing cryptographic operations.
Learnt from: SailReal
PR: cryptomator/android#560
File: util/src/androidTest/java/org/cryptomator/util/crypto/HubDeviceCryptorTest.java:8-9
Timestamp: 2024-11-26T16:42:11.315Z
Learning: Android integration tests in the `cryptomator/android` project do not support JUnit 5. Therefore, JUnit 4 must be used in integration test files like `util/src/androidTest/java/org/cryptomator/util/crypto/HubDeviceCryptorTest.java`.
Learnt from: SailReal
PR: cryptomator/android#560
File: util/src/androidTest/java/org/cryptomator/util/crypto/HubDeviceCryptorTest.java:41-41
Timestamp: 2024-11-26T16:40:59.806Z
Learning: In the Cryptomator Android project, it's acceptable to include hardcoded cryptographic keys in test files such as `HubDeviceCryptorTest.java` for testing purposes.
🪛 Gitleaks (8.21.2)
util/src/androidTest/java/org/cryptomator/util/crypto/HubDeviceCryptorTest.java
37-37: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
(generic-api-key)
🔇 Additional comments (12)
data/src/main/java/org/cryptomator/data/cloud/crypto/CryptoCloudFactory.java (4)
43-43
: LGTM! Improved method naming.
The change to use masterkeyCryptoCloudProvider()
enhances code readability while maintaining the same functionality.
101-104
: Consider using an enum for key loading strategy.
The switch statement is a good improvement. However, to make the code more maintainable and type-safe, consider:
- Moving the key loading strategy to an enum in
UnverifiedVaultConfig
- Using the enum for type-safe switching instead of string-based scheme comparison
This would centralize the strategy logic and prevent potential issues with scheme string comparisons.
110-115
: LGTM! Thread-safe SecureRandom initialization.
The new secureRandom()
method properly addresses thread-safety concerns by creating separate SecureRandom
instances. The use of getInstanceStrong()
ensures strong randomness suitable for cryptographic operations.
71-73
: Verify error handling for invalid JWE tokens.
The new unlock method for hub support looks good. However, let's verify the error handling for invalid JWE tokens.
✅ Verification successful
Based on the search results, I can generate the final response as I have found comprehensive evidence of JWE token error handling throughout the codebase:
Error handling for invalid JWE tokens is properly implemented.
The codebase has robust error handling for JWE tokens at multiple levels:
- Invalid JWE format/parsing errors are caught and wrapped in
FatalBackendException
- Invalid JWE keys throw
InvalidJweKeyException
- Invalid JWE payloads throw
MasterkeyLoadingFailedException
- Invalid setup codes throw
HubInvalidSetupCodeException
The error handling has also been thoroughly tested in HubDeviceCryptorTest
with test cases covering:
- Invalid JWE keys
- Non-JSON payloads
- Invalid payload field types
- Invalid Base64 data
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Description: Check error handling for JWE tokens in the codebase
# Search for JWE-related error handling patterns
rg -A 5 "JWE|JsonWebEncryption"
# Search for specific exception handling related to JWE processing
ast-grep --pattern 'try {
$$$
$JWE
$$$
} catch ($ERROR) {
$$$
}'
Length of output: 24385
util/src/androidTest/java/org/cryptomator/util/crypto/HubDeviceCryptorTest.java (8)
43-59
: LGTM! Well-structured test setup
The setup method properly mocks the KeyStore and initializes the test dependencies, following good testing practices.
175-184
:
Update assertion to use JUnit 4
Replace JUnit 5 assertion with JUnit 4 equivalent.
- Assertions.assertArrayEquals(userKey.getPrivate().getEncoded(), decrypted.getEncoded());
+ assertArrayEquals(userKey.getPrivate().getEncoded(), decrypted.getEncoded());
Likely invalid or redundant comment.
8-9
:
Use JUnit 4 assertions consistently
The test class is mixing JUnit 4 and JUnit 5 imports. Android integration tests require JUnit 4.
Apply this diff to update the imports and assertions:
- import org.junit.jupiter.api.Assertions;
+ import static org.junit.Assert.assertArrayEquals;
+ import static org.junit.Assert.assertEquals;
+ import static org.junit.Assert.assertThrows;
Likely invalid or redundant comment.
128-139
:
Update assertion to use JUnit 4
Replace JUnit 5 assertion with JUnit 4 equivalent.
- Assertions.assertThrows(HubDeviceCryptor.InvalidJweKeyException.class, () -> HubDeviceCryptor.decryptUserKey(userKeyJwe, "WRONG_SETUP_CODE"));
+ assertThrows(HubDeviceCryptor.InvalidJweKeyException.class, () -> HubDeviceCryptor.decryptUserKey(userKeyJwe, "WRONG_SETUP_CODE"));
Likely invalid or redundant comment.
106-126
:
Update assertions to use JUnit 4
Replace JUnit 5 assertions with JUnit 4 equivalents.
- Assertions.assertArrayEquals(expectedEncKey, masterkey.getEncKey().getEncoded());
- Assertions.assertArrayEquals(expectedMacKey, masterkey.getMacKey().getEncoded());
+ assertArrayEquals(expectedEncKey, masterkey.getEncKey().getEncoded());
+ assertArrayEquals(expectedMacKey, masterkey.getMacKey().getEncoded());
Likely invalid or redundant comment.
155-173
:
Update assertion to use JUnit 4
Replace JUnit 5 assertion with JUnit 4 equivalent.
- Assertions.assertThrows(HubDeviceCryptor.InvalidJweKeyException.class, () -> HubDeviceCryptor.decryptUserKey(jwe, incorrectDevicePrivateKey));
+ assertThrows(HubDeviceCryptor.InvalidJweKeyException.class, () -> HubDeviceCryptor.decryptUserKey(jwe, incorrectDevicePrivateKey));
Likely invalid or redundant comment.
76-104
:
Update assertions to use JUnit 4
Replace JUnit 5 assertions with JUnit 4 equivalents.
- Assertions.assertArrayEquals(expectedEncKey, masterkey.getEncKey().getEncoded());
- Assertions.assertArrayEquals(expectedMacKey, masterkey.getMacKey().getEncoded());
+ assertArrayEquals(expectedEncKey, masterkey.getEncKey().getEncoded());
+ assertArrayEquals(expectedMacKey, masterkey.getMacKey().getEncoded());
Likely invalid or redundant comment.
141-153
:
Update assertions to use JUnit 4
Replace JUnit 5 assertions with JUnit 4 equivalents.
- Assertions.assertThrows(HubDeviceCryptor.InvalidJweKeyException.class, () -> HubDeviceCryptor.decryptVaultKey(wrongKey, privateKey));
- Assertions.assertThrows(MasterkeyLoadingFailedException.class, () -> HubDeviceCryptor.decryptVaultKey(payloadIsNotJson, privateKey));
- Assertions.assertThrows(MasterkeyLoadingFailedException.class, () -> HubDeviceCryptor.decryptVaultKey(payloadFieldKeyNotAstring, privateKey));
- Assertions.assertThrows(MasterkeyLoadingFailedException.class, () -> HubDeviceCryptor.decryptVaultKey(payloadFieldKeyInValidBase64Data, privateKey));
+ assertThrows(HubDeviceCryptor.InvalidJweKeyException.class, () -> HubDeviceCryptor.decryptVaultKey(wrongKey, privateKey));
+ assertThrows(MasterkeyLoadingFailedException.class, () -> HubDeviceCryptor.decryptVaultKey(payloadIsNotJson, privateKey));
+ assertThrows(MasterkeyLoadingFailedException.class, () -> HubDeviceCryptor.decryptVaultKey(payloadFieldKeyNotAstring, privateKey));
+ assertThrows(MasterkeyLoadingFailedException.class, () -> HubDeviceCryptor.decryptVaultKey(payloadFieldKeyInValidBase64Data, privateKey));
Likely invalid or redundant comment.
util/src/androidTest/java/org/cryptomator/util/crypto/HubDeviceCryptorTest.java
Show resolved
Hide resolved
util/src/androidTest/java/org/cryptomator/util/crypto/HubDeviceCryptorTest.java
Show resolved
Hide resolved
data/src/main/java/org/cryptomator/data/cloud/crypto/CryptoCloudFactory.java
Show resolved
Hide resolved
domain/src/main/java/org/cryptomator/domain/UnverifiedVaultConfig.kt
Outdated
Show resolved
Hide resolved
data/src/main/java/org/cryptomator/data/cloud/crypto/MasterkeyCryptoCloudProvider.kt
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 1
🧹 Outside diff range and nitpick comments (2)
data/src/main/java/org/cryptomator/data/cloud/crypto/VaultConfig.kt (2)
105-117
: Add input validation to parseUri methodThe
parseUri
method should validate the input parameters before processing.Apply this diff:
private fun parseUri(uriValue: Map<String, Any>, fieldName: String, ensureTrailingSlash: Boolean = false): URI { + require(fieldName.isNotBlank()) { "fieldName must not be blank" } + require(uriValue.isNotEmpty()) { "uriValue must not be empty" } + val uriString = uriValue[fieldName] as? String ?: throw VaultConfigLoadException("Missing or invalid '$fieldName' claim in JWT header") val adjustedUriString = if (ensureTrailingSlash && !uriString.endsWith("/")) { "$uriString/" } else { uriString } return try { URI.create(adjustedUriString) } catch (e: IllegalArgumentException) { throw VaultConfigLoadException("Invalid '$fieldName' URI: ${e.message}", e) } }
119-125
: Add KDoc documentation for getApiBaseUrl methodThe method's fallback logic should be documented for better maintainability.
Add documentation above the method:
/** * Retrieves the API base URL from the hub claim. * * @param hubClaim The map containing hub configuration claims * @return The API base URL as a URI, with a trailing slash * @throws VaultConfigLoadException if the URL is invalid or missing * * If 'apiBaseUrl' is present, it's used directly. * Otherwise, falls back to using the parent of 'devicesResourceUrl'. */ private fun getApiBaseUrl(hubClaim: Map<String, Any>): URI {
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
📒 Files selected for processing (1)
data/src/main/java/org/cryptomator/data/cloud/crypto/VaultConfig.kt
(2 hunks)
🔇 Additional comments (1)
data/src/main/java/org/cryptomator/data/cloud/crypto/VaultConfig.kt (1)
95-96
: 🛠️ Refactor suggestion
Enhance hub claim validation
The hub claim extraction needs additional validation to ensure the claim exists and is properly structured.
Apply this diff:
- val hubClaim = unverifiedJwt.getHeaderClaim("hub").asMap()
- val clientId = hubClaim["clientId"] as? String ?: throw VaultConfigLoadException("Missing or invalid 'clientId' claim in JWT header")
+ val hubClaim = unverifiedJwt.getHeaderClaim("hub").asMap()
+ ?: throw VaultConfigLoadException("Missing 'hub' claim in JWT header")
+ if (hubClaim.isEmpty()) {
+ throw VaultConfigLoadException("Empty 'hub' claim in JWT header")
+ }
+ val clientId = hubClaim["clientId"] as? String
+ ?: throw VaultConfigLoadException("Missing or invalid 'clientId' claim in JWT header")
Likely invalid or redundant comment.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
return if (hubClaim.containsKey(apiBaseUrlKey)) { | ||
parseUri(hubClaim, apiBaseUrlKey, ensureTrailingSlash = true) | ||
} else { | ||
parseUri(hubClaim, "devicesResourceUrl", ensureTrailingSlash = true).resolve("..") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For future reference: ensureTrailingSlash = true
is vital here.
If the devicesResourceUrl
doesn't end with a slash, the returned URI
will be https://example.org/hub/
instead of https://example.org/hub/api/
.
See: RFC2396 5.2 (6) a)
This adds support for Cryptomator Hub 🎉