Skip to content
This repository has been archived by the owner on Feb 20, 2023. It is now read-only.

Improve handling of EXTRA_AUTH_CUSTOM_TAB in IntentReceiverActivity #5225

Closed
grigoryk opened this issue Sep 11, 2019 · 0 comments
Closed

Improve handling of EXTRA_AUTH_CUSTOM_TAB in IntentReceiverActivity #5225

grigoryk opened this issue Sep 11, 2019 · 0 comments
Labels
🐞 bug Crashes, Something isn't working, .. eng:security Feature:Accounts Feature:CustomTabs

Comments

@grigoryk
Copy link
Contributor

grigoryk commented Sep 11, 2019
edited by data-sync-user
Loading

As part of setIntentActivity in IntentReceiverActivity, we look for an EXTRA_AUTH_CUSTOM_TAB and EXTRA_SESSION extras as an indicator that we should launch AuthCustomTabActivity (as opposed to CustomTabActivity if just EXTRA_SESSION is present).

EXTRA_AUTH_CUSTOM_TAB extra isn't anything special, and can be set by any other external application, allowing a third-party app to get Fenix to display AuthCustomTabActivity. While we don't do anything particularly interesting in that activity (and there are OAuth safe-guards in place to ensure any authentication attempts are fully internal), it seems like a bad idea to expose that activity to the world like this.

┆Issue is synchronized with this Jira Task
@grigoryk grigoryk mentioned this issue Sep 11, 2019
Merged
@grigoryk grigoryk changed the title Suspect handling of EXTRA_AUTH_CUSTOM_TAB in IntentReceiverActivity Improve handling of EXTRA_AUTH_CUSTOM_TAB in IntentReceiverActivity Sep 11, 2019
@grigoryk grigoryk mentioned this issue Sep 11, 2019
Closed
NotWoods added a commit to NotWoods/fenix that referenced this issue Sep 26, 2019
@NotWoods
Fixes mozilla-mobile#5225 - Hide AuthCustomTabActivity
1c05783
bors bot pushed a commit that referenced this issue Oct 18, 2019
@MozLando @NotWoods
Merge #5613
3aa0600 
5613: Fixes #5225 - Intent receiver cleanup r=rocketsroger a=NotWoods


### Pull Request checklist
<!-- Before submitting the PR, please address each item -->
- [x] **Quality**: This PR builds and passes detekt/ktlint checks (A pre-push hook is recommended)
- [ ] **Tests**: This PR includes thorough tests or an explanation of why it does not
- [ ] **Screenshots**: This PR includes screenshots or GIFs of the changes made or an explanation of why it does not
- [x] **Accessibility**: The code in this PR follows [accessibility best practices](https://github.com/mozilla-mobile/shared-docs/blob/master/android/accessibility_guide.md) or does not include any user facing features

### After merge
- [ ] **Milestone**: Make sure issues finished by this pull request are added to the [milestone](https://github.com/mozilla-mobile/fenix/milestones) of the version currently in development.

### To download an APK when reviewing a PR:
1. click on Show All Checks,
2. click Details next to "Taskcluster (pull_request)" after it appears and then finishes with a green checkmark,
3. click on the "Fenix - assemble" task, then click "Run Artifacts".
4. the APK links should be on the left side of the screen, named for each CPU architecture

Co-authored-by: Tiger Oakes <toakes@mozilla.com>
@bors bors bot closed this as completed in a598148 Oct 18, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
🐞 bug Crashes, Something isn't working, .. eng:security Feature:Accounts Feature:CustomTabs
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@grigoryk