Merge pull request #95 from Tiqr/bugfix/edured-104_change_email_flow2

Bugfix/edured 104 change email flow2
Tiqr · May 26, 2023 · 1dbcdac · 1dbcdac
2 parents 3e786a2 + 3a42121
commit 1dbcdac
Show file tree

Hide file tree

Showing 12 changed files with 406 additions and 232 deletions.
diff --git a/app/src/main/AndroidManifest.xml b/app/src/main/AndroidManifest.xml
@@ -121,6 +121,34 @@
                 <data android:path="/${tiqr_config_enroll_path_param}/" />
             </intent-filter>
             <!--
+            Change email confirmation link: The link in the validation email is https://login.{environment}.eduid.nl/client/mobile/update-email?h=={{hash}}with an unique 'h' query param which must be used in 'mobile/api/sp/confirm-email' to confirm the update.
+            If the URL is not properly intercepted by the eduID app, then the browser app redirects to eduid://client/mobile/confirm-email?h={{hash}}-->
+            <intent-filter android:autoVerify="true">
+                <action android:name="android.intent.action.VIEW" />
+
+                <category android:name="android.intent.category.DEFAULT" />
+                <category android:name="android.intent.category.BROWSABLE" />
+
+                <data
+                    android:host="*.eduid.nl"
+                    android:pathPrefix="/client/mobile/update-email"
+                    android:scheme="https" />
+
+            </intent-filter>
+            <!--            In case we need to support the custom scheme while on mobile?-->
+            <intent-filter>
+                <action android:name="android.intent.action.VIEW" />
+
+                <category android:name="android.intent.category.DEFAULT" />
+                <category android:name="android.intent.category.BROWSABLE" />
+
+                <data
+                    android:host="*"
+                    android:path="/client/mobile/update-email"
+                    android:scheme="eduid" />
+
+            </intent-filter>
+            <!--
             Sent the user a mail with a link for the user to change their password.
              Reset password: Link in the validation email is https://login.{environment}.eduid.nl/client/mobile/reset-password?h={{hash}} if the user already had a password.
              Add password: https://login.{environment}.eduid.nl/client/mobile/add-password?h={{hash}}

diff --git a/app/src/main/kotlin/nl/eduid/di/api/EduIdApi.kt b/app/src/main/kotlin/nl/eduid/di/api/EduIdApi.kt
@@ -45,6 +45,9 @@ interface EduIdApi {
     @GET("/mobile/api/sp/institution/names")
     suspend fun getInstitutionName(@Query("schac_home") schac_home: String): Response<InstitutionNameResponse>
 
+    @GET("/mobile/api/sp/confirm-email")
+    suspend fun confirmEmail(@Query("h") hash: String): Response<UserDetails>
+
     @PUT("/mobile/api/sp/email")
     suspend fun requestEmailChange(@Body email: EmailChangeRequest): Response<UserDetails>
 

diff --git a/app/src/main/kotlin/nl/eduid/di/assist/DataAssistant.kt b/app/src/main/kotlin/nl/eduid/di/assist/DataAssistant.kt
@@ -10,7 +10,7 @@ import javax.inject.Inject
 
 class DataAssistant @Inject constructor(
     private val infoRepository: PersonalInfoRepository,
-    private val storageRepository: StorageRepository
+    private val storageRepository: StorageRepository,
 ) {
     suspend fun getErringUserDetails(): UserDetails? = try {
         infoRepository.getErringUserDetails()
@@ -19,6 +19,21 @@ class DataAssistant @Inject constructor(
         throw e
     }
 
+    suspend fun changeEmail(newEmail: String): Int? = try {
+        infoRepository.changeEmail(newEmail)
+    } catch (e: UnauthorizedException) {
+        storageRepository.clearInvalidAuth()
+        throw e
+    }
+
+
+    suspend fun confirmEmail(confirmEmailHash: String): UserDetails? = try {
+        infoRepository.confirmEmailUpdate(confirmEmailHash)
+    } catch (e: UnauthorizedException) {
+        storageRepository.clearInvalidAuth()
+        throw e
+    }
+
     suspend fun removeService(serviceId: String): UserDetails? = try {
         infoRepository.removeService(serviceId)
     } catch (e: UnauthorizedException) {

diff --git a/app/src/main/kotlin/nl/eduid/graphs/MainGraph.kt b/app/src/main/kotlin/nl/eduid/graphs/MainGraph.kt
@@ -71,7 +71,7 @@ fun MainGraph(
             onScanForAuthorization = { navController.navigate(Account.ScanQR.routeForAuth) },
             onActivityClicked = { navController.navigate(Graph.DATA_AND_ACTIVITY) },
             onPersonalInfoClicked = { navController.navigate(Graph.PERSONAL_INFO) },
-            onSecurityClicked = { navController.navigate(Graph.SECURITY) },
+            onSecurityClicked = { navController.navigate(Security.Settings.route) },
             onEnrollWithQR = { navController.navigate(Account.ScanQR.routeForEnrol) },
             launchOAuth = { navController.navigate(Graph.OAUTH) },
             goToRegistrationPinSetup = { challenge ->
@@ -84,8 +84,7 @@ fun MainGraph(
                 navController.navigate(
                     PhoneNumberRecovery.ConfirmCode.routeWithPhoneNumber(phoneNumber, true)
                 )
-            }
-        ) {
+            }) {
             navController.navigate(
                 Graph.REQUEST_EDU_ID_ACCOUNT
             )
@@ -415,7 +414,13 @@ fun MainGraph(
         ) { navController.popBackStack() }
     }//endregion
 
-    composable(Graph.SECURITY) {//region Home - Security
+    composable(Security.Settings.route, deepLinks = listOf(navDeepLink {
+        uriPattern = Security.ConfirmEmail.confirmEmail
+        action = Intent.ACTION_VIEW
+    }, navDeepLink {
+        uriPattern = Security.ConfirmEmail.customSchemeConfirmEmail
+        action = Intent.ACTION_VIEW
+    })) {//region Home - Security
         val viewModel = hiltViewModel<SecurityViewModel>(it)
         SecurityScreen(
             viewModel = viewModel,

diff --git a/app/src/main/kotlin/nl/eduid/graphs/Routes.kt b/app/src/main/kotlin/nl/eduid/graphs/Routes.kt
@@ -15,7 +15,6 @@ object Graph {
     const val FIRST_TIME_DIALOG = "first_time_dialog"
     const val PERSONAL_INFO = "personal_info"
     const val DATA_AND_ACTIVITY = "data_and_activity"
-    const val SECURITY = "security"
     const val OAUTH = "oauth_mobile_eduid"
     const val CONFIGURE_PASSWORD = "configure_password_subgraph"
     const val EDIT_EMAIL = "edit_email"
@@ -217,8 +216,7 @@ object ManageAccountRoute {
         defaultValue = ""
     })
 
-    fun routeWithArgs(dateString: String) =
-        "$route/${Uri.encode(dateString)}"
+    fun routeWithArgs(dateString: String) = "$route/${Uri.encode(dateString)}"
 
 
     fun decodeDateFromBundle(bundleArg: String): String {
@@ -240,11 +238,29 @@ object DeleteTwoFaRoute {
         defaultValue = ""
     })
 
-    fun routeWithArgs(idString: String) =
-        "$route/${Uri.encode(idString)}"
+    fun routeWithArgs(idString: String) = "$route/${Uri.encode(idString)}"
 
     fun decodeIdFromEntry(entry: NavBackStackEntry): String {
         val date = entry.arguments?.getString(idArg) ?: ""
         return Uri.decode(date)
     }
+}
+
+sealed class Security(val route: String) {
+    object Settings : Security("security")
+
+    object ConfirmEmail : Security("confirm_email") {
+        const val confirmEmailHash = "h"
+        val routeWithArgs = "$route?$confirmEmailHash={$confirmEmailHash}"
+        val arguments = listOf(navArgument(confirmEmailHash) {
+            type = NavType.StringType
+            nullable = false
+            defaultValue = ""
+        })
+        const val confirmEmail =
+            "https://login.test2.eduid.nl/client/mobile/update-email?$confirmEmailHash={$confirmEmailHash}"
+        const val customSchemeConfirmEmail =
+            "eduid://client/mobile/update-email?$confirmEmailHash={$confirmEmailHash}"
+
+    }
 }