Feature/bma/OIDC session end

changelog.d/8616.misc

@@ -0,0 +1 @@
+If an external account manager is configured on the server, use it to delete other sessions and hide the multi session deletion.

matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/auth/DefaultAuthenticationService.kt

@@ -298,7 +298,7 @@ internal class DefaultAuthenticationService @Inject constructor(
         }
 
         // If an m.login.sso flow is present that is flagged as being for MSC3824 OIDC compatibility then we only return that flow
-        val oidcCompatibilityFlow = loginFlowResponse.flows.orEmpty().firstOrNull { it.type == "m.login.sso" && it.delegatedOidcCompatibilty == true }
+        val oidcCompatibilityFlow = loginFlowResponse.flows.orEmpty().firstOrNull { it.type == "m.login.sso" && it.delegatedOidcCompatibility == true }
         val flows = if (oidcCompatibilityFlow != null) listOf(oidcCompatibilityFlow) else loginFlowResponse.flows
 
         val supportsGetLoginTokenFlow = loginFlowResponse.flows.orEmpty().firstOrNull { it.type == "m.login.token" && it.getLoginToken == true } != null

matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/auth/data/LoginFlowResponse.kt

@@ -51,7 +51,7 @@ internal data class LoginFlow(
          * See [MSC3824](https://github.com/matrix-org/matrix-spec-proposals/pull/3824)
          */
         @Json(name = "org.matrix.msc3824.delegated_oidc_compatibility")
-        val delegatedOidcCompatibilty: Boolean? = null,
+        val delegatedOidcCompatibility: Boolean? = null,
 
         /**
          * Whether a login flow of type m.login.token could accept a token issued using /login/get_token.

vector/src/main/java/im/vector/app/features/settings/devices/DevicesViewEvents.kt

@@ -50,4 +50,6 @@ sealed class DevicesViewEvents : VectorViewEvents {
     data class ShowManuallyVerify(val cryptoDeviceInfo: CryptoDeviceInfo) : DevicesViewEvents()
 
     object PromptResetSecrets : DevicesViewEvents()
+
+    data class OpenBrowser(val url: String) : DevicesViewEvents()
 }

vector/src/main/java/im/vector/app/features/settings/devices/DevicesViewModel.kt

@@ -346,6 +346,20 @@ class DevicesViewModel @AssistedInject constructor(
     private fun handleDelete(action: DevicesAction.Delete) {
         val deviceId = action.deviceId
 
+        val accountManagementUrl = session.homeServerCapabilitiesService().getHomeServerCapabilities().externalAccountManagementUrl
+        if (accountManagementUrl != null) {
+            // Open external browser to delete this session
+            _viewEvents.post(
+                    DevicesViewEvents.OpenBrowser(
+                            url = accountManagementUrl.removeSuffix("/") + "?action=session_end&device_id=$deviceId"
+                    )
+            )
+        } else {
+            doDelete(deviceId)
+        }
+    }
+
+    private fun doDelete(deviceId: String) {
         setState {
             copy(
                     request = Loading()

vector/src/main/java/im/vector/app/features/settings/devices/VectorSettingsDevicesFragment.kt

@@ -35,6 +35,7 @@ import im.vector.app.core.extensions.cleanup
 import im.vector.app.core.extensions.configureWith
 import im.vector.app.core.extensions.registerStartForActivityResult
 import im.vector.app.core.platform.VectorBaseFragment
+import im.vector.app.core.utils.openUrlInChromeCustomTab
 import im.vector.app.databinding.DialogBaseEditTextBinding
 import im.vector.app.databinding.FragmentGenericRecyclerBinding
 import im.vector.app.features.auth.ReAuthActivity
@@ -95,6 +96,9 @@ class VectorSettingsDevicesFragment :
                 is DevicesViewEvents.PromptResetSecrets -> {
                     navigator.open4SSetup(requireActivity(), SetupMode.PASSPHRASE_AND_NEEDED_SECRETS_RESET)
                 }
+                is DevicesViewEvents.OpenBrowser -> {
+                    openUrlInChromeCustomTab(requireContext(), null, it.url)
+                }
             }
         }
     }

vector/src/main/java/im/vector/app/features/settings/devices/v2/DevicesViewModel.kt

@@ -40,7 +40,7 @@ import timber.log.Timber
 
 class DevicesViewModel @AssistedInject constructor(
         @Assisted initialState: DevicesViewState,
-        activeSessionHolder: ActiveSessionHolder,
+        private val activeSessionHolder: ActiveSessionHolder,
         private val getCurrentSessionCrossSigningInfoUseCase: GetCurrentSessionCrossSigningInfoUseCase,
         private val getDeviceFullInfoListUseCase: GetDeviceFullInfoListUseCase,
         private val refreshDevicesOnCryptoDevicesChangeUseCase: RefreshDevicesOnCryptoDevicesChangeUseCase,
@@ -69,6 +69,18 @@ class DevicesViewModel @AssistedInject constructor(
         refreshDeviceList()
         refreshIpAddressVisibility()
         observePreferences()
+        initExternalAccountManagementUrl()
+    }
+
+    private fun initExternalAccountManagementUrl() {
+        setState {
+            copy(
+                    externalAccountManagementUrl = activeSessionHolder.getSafeActiveSession()
+                            ?.homeServerCapabilitiesService()
+                            ?.getHomeServerCapabilities()
+                            ?.externalAccountManagementUrl
+            )
+        }
     }
 
     override fun onSharedPreferenceChanged(sharedPreferences: SharedPreferences?, key: String?) {

vector/src/main/java/im/vector/app/features/settings/devices/v2/DevicesViewState.kt

@@ -26,6 +26,7 @@ data class DevicesViewState(
         val devices: Async<DeviceFullInfoList> = Uninitialized,
         val isLoading: Boolean = false,
         val isShowingIpAddress: Boolean = false,
+        val externalAccountManagementUrl: String? = null,
 ) : MavericksState
 
 data class DeviceFullInfoList(

vector/src/main/java/im/vector/app/features/settings/devices/v2/VectorSettingsDevicesFragment.kt

@@ -290,8 +290,8 @@ class VectorSettingsDevicesFragment :
             val unverifiedSessionsCount = deviceFullInfoList?.unverifiedSessionsCount ?: 0
 
             renderSecurityRecommendations(inactiveSessionsCount, unverifiedSessionsCount)
-            renderCurrentSessionView(currentDeviceInfo, hasOtherDevices = otherDevices?.isNotEmpty().orFalse())
-            renderOtherSessionsView(otherDevices, state.isShowingIpAddress)
+            renderCurrentSessionView(currentDeviceInfo, hasOtherDevices = otherDevices?.isNotEmpty().orFalse(), state)
+            renderOtherSessionsView(otherDevices, state)
         } else {
             hideSecurityRecommendations()
             hideCurrentSessionView()
@@ -347,13 +347,16 @@ class VectorSettingsDevicesFragment :
         hideInactiveSessionsRecommendation()
     }
 
-    private fun renderOtherSessionsView(otherDevices: List<DeviceFullInfo>?, isShowingIpAddress: Boolean) {
+    private fun renderOtherSessionsView(otherDevices: List<DeviceFullInfo>?, state: DevicesViewState) {
+        val isShowingIpAddress = state.isShowingIpAddress
         if (otherDevices.isNullOrEmpty()) {
             hideOtherSessionsView()
         } else {
             views.deviceListHeaderOtherSessions.isVisible = true
             val colorDestructive = colorProvider.getColorFromAttribute(R.attr.colorError)
             val multiSignoutItem = views.deviceListHeaderOtherSessions.menu.findItem(R.id.otherSessionsHeaderMultiSignout)
+            // Hide multi signout if we have an external account manager
+            multiSignoutItem.isVisible = state.externalAccountManagementUrl == null
             val nbDevices = otherDevices.size
             multiSignoutItem.title = stringProvider.getQuantityString(R.plurals.device_manager_other_sessions_multi_signout_all, nbDevices, nbDevices)
             multiSignoutItem.setTextColor(colorDestructive)
@@ -377,23 +380,24 @@ class VectorSettingsDevicesFragment :
         views.deviceListOtherSessions.isVisible = false
     }
 
-    private fun renderCurrentSessionView(currentDeviceInfo: DeviceFullInfo?, hasOtherDevices: Boolean) {
+    private fun renderCurrentSessionView(currentDeviceInfo: DeviceFullInfo?, hasOtherDevices: Boolean, state: DevicesViewState) {
         currentDeviceInfo?.let {
-            renderCurrentSessionHeaderView(hasOtherDevices)
+            renderCurrentSessionHeaderView(hasOtherDevices, state)
             renderCurrentSessionListView(it)
         } ?: run {
             hideCurrentSessionView()
         }
     }
 
-    private fun renderCurrentSessionHeaderView(hasOtherDevices: Boolean) {
+    private fun renderCurrentSessionHeaderView(hasOtherDevices: Boolean, state: DevicesViewState) {
         views.deviceListHeaderCurrentSession.isVisible = true
         val colorDestructive = colorProvider.getColorFromAttribute(R.attr.colorError)
         val signoutSessionItem = views.deviceListHeaderCurrentSession.menu.findItem(R.id.currentSessionHeaderSignout)
         signoutSessionItem.setTextColor(colorDestructive)
         val signoutOtherSessionsItem = views.deviceListHeaderCurrentSession.menu.findItem(R.id.currentSessionHeaderSignoutOtherSessions)
         signoutOtherSessionsItem.setTextColor(colorDestructive)
-        signoutOtherSessionsItem.isVisible = hasOtherDevices
+        // Hide signout other sessions if we have an external account manager
+        signoutOtherSessionsItem.isVisible = hasOtherDevices && state.externalAccountManagementUrl == null
     }
 
     private fun renderCurrentSessionListView(currentDeviceInfo: DeviceFullInfo) {

vector/src/main/java/im/vector/app/features/settings/devices/v2/othersessions/OtherSessionsFragment.kt

@@ -103,10 +103,15 @@ class OtherSessionsFragment :
             val nbDevices = viewState.devices()?.size ?: 0
             stringProvider.getQuantityString(R.plurals.device_manager_other_sessions_multi_signout_all, nbDevices, nbDevices)
         }
-        multiSignoutItem.isVisible = if (viewState.isSelectModeEnabled) {
-            viewState.devices.invoke()?.any { it.isSelected }.orFalse()
+        multiSignoutItem.isVisible = if (viewState.externalAccountManagementUrl != null) {
+            // Hide multi signout if we have an external account manager
+            false
         } else {
-            viewState.devices.invoke()?.isNotEmpty().orFalse()
+            if (viewState.isSelectModeEnabled) {
+                viewState.devices.invoke()?.any { it.isSelected }.orFalse()
+            } else {
+                viewState.devices.invoke()?.isNotEmpty().orFalse()
+            }
         }
         val showAsActionFlag = if (viewState.isSelectModeEnabled) MenuItem.SHOW_AS_ACTION_IF_ROOM else MenuItem.SHOW_AS_ACTION_NEVER
         multiSignoutItem.setShowAsAction(showAsActionFlag or MenuItem.SHOW_AS_ACTION_WITH_TEXT)
@@ -308,7 +313,10 @@ class OtherSessionsFragment :
                         )
                 )
                 views.otherSessionsNotFoundTextView.text = getString(R.string.device_manager_other_sessions_no_inactive_sessions_found)
-                updateSecurityLearnMoreButton(R.string.device_manager_learn_more_sessions_inactive_title, R.string.device_manager_learn_more_sessions_inactive)
+                updateSecurityLearnMoreButton(
+                        R.string.device_manager_learn_more_sessions_inactive_title,
+                        R.string.device_manager_learn_more_sessions_inactive
+                )
             }
             DeviceManagerFilterType.ALL_SESSIONS -> { /* NOOP. View is not visible */
             }

vector/src/main/java/im/vector/app/features/settings/devices/v2/othersessions/OtherSessionsViewModel.kt

@@ -41,7 +41,7 @@ import timber.log.Timber
 
 class OtherSessionsViewModel @AssistedInject constructor(
         @Assisted private val initialState: OtherSessionsViewState,
-        activeSessionHolder: ActiveSessionHolder,
+        private val activeSessionHolder: ActiveSessionHolder,
         private val getDeviceFullInfoListUseCase: GetDeviceFullInfoListUseCase,
         private val signoutSessionsUseCase: SignoutSessionsUseCase,
         private val pendingAuthHandler: PendingAuthHandler,
@@ -65,6 +65,18 @@ class OtherSessionsViewModel @AssistedInject constructor(
         observeDevices(initialState.currentFilter)
         refreshIpAddressVisibility()
         observePreferences()
+        initExternalAccountManagementUrl()
+    }
+
+    private fun initExternalAccountManagementUrl() {
+        setState {
+            copy(
+                    externalAccountManagementUrl = activeSessionHolder.getSafeActiveSession()
+                            ?.homeServerCapabilitiesService()
+                            ?.getHomeServerCapabilities()
+                            ?.externalAccountManagementUrl
+            )
+        }
     }
 
     override fun onSharedPreferenceChanged(sharedPreferences: SharedPreferences?, key: String?) {

vector/src/main/java/im/vector/app/features/settings/devices/v2/othersessions/OtherSessionsViewState.kt

@@ -29,6 +29,7 @@ data class OtherSessionsViewState(
         val isSelectModeEnabled: Boolean = false,
         val isLoading: Boolean = false,
         val isShowingIpAddress: Boolean = false,
+        val externalAccountManagementUrl: String? = null,
 ) : MavericksState {
 
     constructor(args: OtherSessionsArgs) : this(excludeCurrentDevice = args.excludeCurrentDevice)

vector/src/main/java/im/vector/app/features/settings/devices/v2/overview/SessionOverviewFragment.kt

@@ -39,6 +39,7 @@ import im.vector.app.core.platform.VectorMenuProvider
 import im.vector.app.core.resources.ColorProvider
 import im.vector.app.core.resources.DrawableProvider
 import im.vector.app.core.resources.StringProvider
+import im.vector.app.core.utils.openUrlInChromeCustomTab
 import im.vector.app.databinding.FragmentSessionOverviewBinding
 import im.vector.app.features.auth.ReAuthActivity
 import im.vector.app.features.crypto.recover.SetupMode
@@ -135,10 +136,19 @@ class SessionOverviewFragment :
         activity?.let { SignOutUiWorker(it).perform() }
     }
 
-    private fun confirmSignoutOtherSession() {
-        activity?.let {
-            buildConfirmSignoutDialogUseCase.execute(it, this::signoutSession)
-                    .show()
+    private fun confirmSignoutOtherSession() = withState(viewModel) { state ->
+        if (state.externalAccountManagementUrl != null) {
+            // Manage in external account manager
+            openUrlInChromeCustomTab(
+                    requireContext(),
+                    null,
+                    state.externalAccountManagementUrl.removeSuffix("/") + "?action=session_end&device_id=${state.deviceId}"
+            )
+        } else {
+            activity?.let {
+                buildConfirmSignoutDialogUseCase.execute(it, this::signoutSession)
+                        .show()
+            }
         }
     }
 

vector/src/main/java/im/vector/app/features/settings/devices/v2/overview/SessionOverviewViewModel.kt

@@ -75,6 +75,18 @@ class SessionOverviewViewModel @AssistedInject constructor(
         observeNotificationsStatus(initialState.deviceId)
         refreshIpAddressVisibility()
         observePreferences()
+        initExternalAccountManagementUrl()
+    }
+
+    private fun initExternalAccountManagementUrl() {
+        setState {
+            copy(
+                    externalAccountManagementUrl = activeSessionHolder.getSafeActiveSession()
+                            ?.homeServerCapabilitiesService()
+                            ?.getHomeServerCapabilities()
+                            ?.externalAccountManagementUrl
+            )
+        }
     }
 
     override fun onSharedPreferenceChanged(sharedPreferences: SharedPreferences?, key: String?) {

vector/src/main/java/im/vector/app/features/settings/devices/v2/overview/SessionOverviewViewState.kt

@@ -29,6 +29,7 @@ data class SessionOverviewViewState(
         val isLoading: Boolean = false,
         val notificationsStatus: NotificationsStatus = NotificationsStatus.NOT_SUPPORTED,
         val isShowingIpAddress: Boolean = false,
+        val externalAccountManagementUrl: String? = null,
 ) : MavericksState {
     constructor(args: SessionOverviewArgs) : this(
             deviceId = args.deviceId