-
Notifications
You must be signed in to change notification settings - Fork 595
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Authentication Dialog Enhancement #633
Authentication Dialog Enhancement #633
Conversation
neopilou
commented
Jun 17, 2020
- Add "Remember" checkbox
- Add button for password visibility
- Add "Remember" checkbox - Add button for password visibility
val httpAuthList: Set<String> | ||
if (localStorage.getStringSet(PREF_HTTP_AUTH_LIST) != null) | ||
httpAuthList = localStorage.getStringSet(PREF_HTTP_AUTH_LIST)!! | ||
else | ||
httpAuthList = emptySet<String>() | ||
return httpAuthList |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
return localStorage.getStringSet(PREF_HTTP_AUTH_LIST) ?: emptySet()
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
HttpAuthList functions have been removed from shared preference since use of a full DB
@@ -1,20 +1,67 @@ | |||
<?xml version="1.0" encoding="utf-8"?> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should try to stick to the material guidelines for the dialog (https://material.io/components/dialogs).
- Left justify checkbox
- Use alert dialog title so its consistent
- Padding around user and password fields
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
.setView(dialogLayout) | ||
.setPositiveButton(android.R.string.ok) { _, _ -> | ||
if (username.text.toString() != "" && password.text.toString() != "") { | ||
val httpAuth = host + "|" + username.text.toString() + "|" + password.text.toString() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This feels like a gigantic hack for persisting this information. We should consider persisting this in a full DB rather than
a Shared Preference.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Persisting data is now save in SQLite database, and no longer in Shared Preference.
- Added a full DB rather than a Shared Preference - Modified dialog_authentication layout to try to stick to the material guidelines for the dialog
.setView(dialogLayout) | ||
.setPositiveButton(android.R.string.ok) { _, _ -> | ||
handler.proceed(username.text.toString(), password.text.toString()) | ||
val remember = dialogLayout.findViewById<CheckBox>(R.id.checkBox) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why is there a remember me checkbox? Isn't that the same as disabling auth completely?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I assume this is not the same thing, a user can access a site or a resource in different ways, this application for example or directly from a browser without going through HASS. So he will not necessarily want to disable authentication. On the other hand, if the application is already locked (by credential or biometric), he can use this "Remember" function so as not to have to re-authenticate himself on his different sites. It's a bit like a SSO.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That makes no sense to me. You either have biometric authentication turned on, and so you are prompted. If you don't want it, you disable it.
Let's remove this option.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am sorry for intervention, but as we have now confirmed that the authentication dialog is for Basic HTTP auth, shouldn't we keep remember me button? To me it really does make sense to have it. You wouldn't want to login to iFrame every time you open the app.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@balloob this is for saving external authentication a panel or iFrame that requires basic auth. This shouldn't have any bearing on the authentication to Home Assistant itself.
I'm actually completely confused here why we ever have username/password? What is going on… I understand fingerprint, maybe pin as fallback. We should not add a user/pass system ON TOP of Home Assistant which has its own. That is confusing. |
We not add a user/pass system on top of Home Assistant which has its own. It's for basic HTTP Authentication Request, for embedded sites in IFrame Card, like Blue Iris, Tautulli, Kodi and others |
Oh my bad. Ok, that is fine I guess. Can we make the dialog header mention that it is HTTP Auth ? We should also make it look like material design https://material.io/components/dialogs |
- Replaced title "Authentication Requested" by "Basic HTTP Authentication Requested" - Fix padding around user and password
Let's drop the And our primary color is blue, not purple. |
Let's also make it less wide. Preferably we make it look exactly like the Chrome on Android dialog. Test it out on Chrome on http://httpbin.org/basic-auth/user/passwd The "Connection not private" string is added if not over https. |
@balloob Do we want to be consistent with chrome or the OS? The Alert Dialog we are using is the standard for the OS and handles the title and action buttons. I don't know if we want to implement a completely custom dialog to try to mirror another app. |
Oh, yes, you're right. Let's use OS level dialog. |
- Added Dialog .setMessage() (like Chrome) with base URL and "Connection not private" string if not over https.
Nice! Can we reduce the width? This seems very wide. Maybe a max width of 300px? |
- Seted Dialog maximum width at 300dp
Can we drop the |
Look in String.xml, the |
app/src/main/java/io/homeassistant/companion/android/database/DataBaseHelper.kt
Outdated
Show resolved
Hide resolved
app/src/main/java/io/homeassistant/companion/android/webview/WebViewActivity.kt
Outdated
Show resolved
Hide resolved
.setView(dialogLayout) | ||
.setPositiveButton(android.R.string.ok) { _, _ -> | ||
handler.proceed(username.text.toString(), password.text.toString()) | ||
val remember = dialogLayout.findViewById<CheckBox>(R.id.checkBox) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@balloob this is for saving external authentication a panel or iFrame that requires basic auth. This shouldn't have any bearing on the authentication to Home Assistant itself.
- Replaced SQLite by Room