Commit 6fe48bc9 authored by Sebastian Kaspari's avatar Sebastian Kaspari
Browse files

Validate deep links.

parent 8dbe93c3
......@@ -41,6 +41,7 @@ import mozilla.components.browser.session.SessionManager
import mozilla.components.browser.state.state.SessionState
import mozilla.components.browser.state.state.WebExtensionState
import mozilla.components.browser.state.store.BrowserStore
import mozilla.components.concept.engine.EngineSession
import mozilla.components.concept.engine.EngineView
import mozilla.components.feature.contextmenu.DefaultSelectionActionDelegate
import mozilla.components.feature.search.BrowserStoreSearchAdapter
......@@ -135,7 +136,7 @@ open class HomeActivity : LocaleAwareAppCompatActivity(), NavHostActivity {
listOf(
SpeechProcessingIntentProcessor(this, components.analytics.metrics),
StartSearchIntentProcessor(components.analytics.metrics),
DeepLinkIntentProcessor(this),
DeepLinkIntentProcessor(this, components.analytics.leanplumMetricsService),
OpenBrowserIntentProcessor(this, ::getIntentSessionId),
OpenSpecificTabIntentProcessor(this)
)
......@@ -524,6 +525,12 @@ open class HomeActivity : LocaleAwareAppCompatActivity(), NavHostActivity {
protected open fun getIntentSessionId(intent: SafeIntent): String? = null
/**
* Navigates to the browser fragment and loads a URL or performs a search (depending on the
* value of [searchTermOrURL]).
*
* @param flags Flags that will be used when loading the URL (not applied to searches).
*/
@Suppress("LongParameterList")
fun openToBrowserAndLoad(
searchTermOrURL: String,
......@@ -531,10 +538,11 @@ open class HomeActivity : LocaleAwareAppCompatActivity(), NavHostActivity {
from: BrowserDirection,
customTabSessionId: String? = null,
engine: SearchEngine? = null,
forceSearch: Boolean = false
forceSearch: Boolean = false,
flags: EngineSession.LoadUrlFlags = EngineSession.LoadUrlFlags.none()
) {
openToBrowser(from, customTabSessionId)
load(searchTermOrURL, newTab, engine, forceSearch)
load(searchTermOrURL, newTab, engine, forceSearch, flags)
}
fun openToBrowser(from: BrowserDirection, customTabSessionId: String? = null) {
......@@ -586,11 +594,17 @@ open class HomeActivity : LocaleAwareAppCompatActivity(), NavHostActivity {
LoginDetailFragmentDirections.actionGlobalBrowser(customTabSessionId)
}
/**
* Loads a URL or performs a search (depending on the value of [searchTermOrURL]).
*
* @param flags Flags that will be used when loading the URL (not applied to searches).
*/
private fun load(
searchTermOrURL: String,
newTab: Boolean,
engine: SearchEngine?,
forceSearch: Boolean
forceSearch: Boolean,
flags: EngineSession.LoadUrlFlags = EngineSession.LoadUrlFlags.none()
) {
val startTime = components.core.engine.profiler?.getProfilerTime()
val mode = browsingModeManager.mode
......@@ -616,7 +630,7 @@ open class HomeActivity : LocaleAwareAppCompatActivity(), NavHostActivity {
}
if (!forceSearch && searchTermOrURL.isUrl()) {
loadUrlUseCase.invoke(searchTermOrURL.toNormalizedUrl())
loadUrlUseCase.invoke(searchTermOrURL.toNormalizedUrl(), flags)
} else {
searchUseCase.invoke(searchTermOrURL)
}
......
......@@ -84,12 +84,14 @@ class Analytics(
)
}
val leanplumMetricsService by lazy { LeanplumMetricsService(context as Application) }
val metrics: MetricController by lazy {
MetricController.create(
listOf(
GleanMetricsService(context),
LeanplumMetricsService(context as Application),
AdjustMetricsService(context)
leanplumMetricsService,
AdjustMetricsService(context as Application)
),
isDataTelemetryEnabled = { context.settings().isTelemetryEnabled },
isMarketingDataTelemetryEnabled = { context.settings().isMarketingTelemetryEnabled }
......
......@@ -6,6 +6,7 @@ package org.mozilla.fenix.components.metrics
import android.app.Application
import android.content.Context.MODE_PRIVATE
import android.net.Uri
import android.util.Log
import androidx.annotation.VisibleForTesting
import com.leanplum.Leanplum
......@@ -22,6 +23,7 @@ import mozilla.components.support.locale.LocaleManager
import org.mozilla.fenix.BuildConfig
import org.mozilla.fenix.components.metrics.MozillaProductDetector.MozillaProducts
import org.mozilla.fenix.ext.settings
import org.mozilla.fenix.home.intent.DeepLinkIntentProcessor
import java.util.Locale
import java.util.MissingResourceException
import java.util.UUID.randomUUID
......@@ -55,7 +57,7 @@ private val Event.name: String?
class LeanplumMetricsService(
private val application: Application,
private val deviceIdGenerator: () -> String = { randomUUID().toString() }
) : MetricsService {
) : MetricsService, DeepLinkIntentProcessor.DeepLinkVerifier {
val scope = CoroutineScope(Dispatchers.IO)
var leanplumJob: Job? = null
......@@ -167,6 +169,19 @@ class LeanplumMetricsService(
}
}
/**
* Verifies a deep link and returns `true` for deep links that should be handled and `false` if
* a deep link should be rejected.
*
* @See DeepLinkIntentProcessor.verifier
*/
override fun verifyDeepLink(deepLink: Uri): Boolean {
// We compare the local Leanplum device ID against the "uid" query parameter and only
// accept deep links where both values match.
val uid = deepLink.getQueryParameter("uid")
return uid == deviceId
}
override fun stop() {
if (application.settings().isMarketingTelemetryEnabled) return
// As written in LeanPlum SDK documentation, "This prevents Leanplum from communicating with the server."
......
......@@ -11,6 +11,8 @@ import android.os.Build
import android.os.Build.VERSION.SDK_INT
import android.provider.Settings
import androidx.navigation.NavController
import mozilla.components.concept.engine.EngineSession
import mozilla.components.support.base.log.logger.Logger
import org.mozilla.fenix.BrowserDirection
import org.mozilla.fenix.BuildConfig
import org.mozilla.fenix.GlobalDirections
......@@ -21,10 +23,14 @@ import org.mozilla.fenix.ext.alreadyOnDestination
/**
* Deep links in the form of `fenix://host` open different parts of the app.
*
* @param verifier [DeepLinkVerifier] that will be used to verify deep links before handling them.
*/
class DeepLinkIntentProcessor(
private val activity: HomeActivity
private val activity: HomeActivity,
private val verifier: DeepLinkVerifier
) : HomeIntentProcessor {
private val logger = Logger("DeepLinkIntentProcessor")
override fun process(intent: Intent, navController: NavController, out: Intent): Boolean {
val scheme = intent.scheme?.equals(BuildConfig.DEEP_LINK_SCHEME, ignoreCase = true) ?: return false
......@@ -38,6 +44,11 @@ class DeepLinkIntentProcessor(
@Suppress("ComplexMethod")
private fun handleDeepLink(deepLink: Uri, navController: NavController) {
if (!verifier.verifyDeepLink(deepLink)) {
logger.warn("Invalid deep link: $deepLink")
return
}
handleDeepLinkSideEffects(deepLink)
val globalDirections = when (deepLink.host) {
......@@ -81,13 +92,18 @@ class DeepLinkIntentProcessor(
}
}
"open" -> {
deepLink.getQueryParameter("url")?.let { searchTermOrUrl ->
activity.openToBrowserAndLoad(
searchTermOrUrl,
newTab = true,
from = BrowserDirection.FromGlobal
)
val url = deepLink.getQueryParameter("url")
if (url == null || !url.startsWith("https://")) {
logger.info("Not opening deep link: $url")
return
}
activity.openToBrowserAndLoad(
url,
newTab = true,
from = BrowserDirection.FromGlobal,
flags = EngineSession.LoadUrlFlags.external()
)
}
"settings_notifications" -> {
val intent = notificationSettings(activity)
......@@ -123,4 +139,15 @@ class DeepLinkIntentProcessor(
}
}
}
/**
* Interface for a class that verifies deep links before they get handled.
*/
interface DeepLinkVerifier {
/**
* Verifies the given deep link and returns `true` for verified deep links or `false` for
* rejected deep links.
*/
fun verifyDeepLink(deepLink: Uri): Boolean
}
}
......@@ -5,6 +5,7 @@
package org.mozilla.fenix.home.intent
import android.content.Intent
import android.net.Uri
import androidx.core.net.toUri
import androidx.navigation.NavController
import io.mockk.Called
......@@ -13,6 +14,7 @@ import io.mockk.mockk
import io.mockk.mockkObject
import io.mockk.verify
import mozilla.appservices.places.BookmarkRoot
import mozilla.components.concept.engine.EngineSession
import org.junit.Assert.assertFalse
import org.junit.Assert.assertTrue
import org.junit.Before
......@@ -39,7 +41,11 @@ class DeepLinkIntentProcessorTest {
activity = mockk(relaxed = true)
navController = mockk(relaxed = true)
out = mockk()
processor = DeepLinkIntentProcessor(activity)
processor = DeepLinkIntentProcessor(activity, object : DeepLinkIntentProcessor.DeepLinkVerifier {
override fun verifyDeepLink(deepLink: Uri): Boolean {
return true
}
})
}
@Test
......@@ -198,17 +204,45 @@ class DeepLinkIntentProcessorTest {
assertTrue(processor.process(testIntent("open?url=test"), navController, out))
verify { activity wasNot Called }
verify { navController wasNot Called }
verify { out wasNot Called }
assertTrue(processor.process(testIntent("open?url=https%3A%2F%2Fwww.example.org%2F"), navController, out))
verify {
activity.openToBrowserAndLoad(
"test",
"https://www.example.org/",
newTab = true,
from = BrowserDirection.FromGlobal
from = BrowserDirection.FromGlobal,
flags = EngineSession.LoadUrlFlags.external()
)
}
verify { navController wasNot Called }
verify { out wasNot Called }
}
@Test
fun `process invalid open deep link`() {
val invalidProcessor = DeepLinkIntentProcessor(activity, object : DeepLinkIntentProcessor.DeepLinkVerifier {
override fun verifyDeepLink(deepLink: Uri): Boolean {
return false
}
})
assertTrue(invalidProcessor.process(testIntent("open"), navController, out))
verify { activity wasNot Called }
verify { navController wasNot Called }
verify { out wasNot Called }
assertTrue(invalidProcessor.process(testIntent("open?url=open?url=https%3A%2F%2Fwww.example.org%2F"), navController, out))
verify { activity wasNot Called }
verify { navController wasNot Called }
verify { out wasNot Called }
}
@Test
fun `process make_default_browser deep link`() {
assertTrue(processor.process(testIntent("make_default_browser"), navController, out))
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment