Make 2FA login work with commons

[maskaravivek]

Addresses #328 and #352.

[misaochan]

Thanks for the PR @maskaravivek ! Is there anyone here with 2FA enabled on their account who can test if this works? I will try and apply for 2FA next week but not sure how long it will take.

[misaochan]

Got 2FA enabled for my production account and tested with real device running Android 7.0. This crashes for me on prodDebug build after I enter the 2FA code and tap Submit.

Logs:

01-09 20:40:45.092: E/AndroidRuntime(23466): FATAL EXCEPTION: main
01-09 20:40:45.092: E/AndroidRuntime(23466): Process: fr.free.nrw.commons.debug, PID: 23466
01-09 20:40:45.092: E/AndroidRuntime(23466): io.reactivex.exceptions.OnErrorNotImplementedException: length=1; index=1
01-09 20:40:45.092: E/AndroidRuntime(23466): 	at io.reactivex.internal.functions.Functions$OnErrorMissingConsumer.accept(Functions.java:704)
01-09 20:40:45.092: E/AndroidRuntime(23466): 	at io.reactivex.internal.functions.Functions$OnErrorMissingConsumer.accept(Functions.java:701)
01-09 20:40:45.092: E/AndroidRuntime(23466): 	at io.reactivex.internal.observers.LambdaObserver.onError(LambdaObserver.java:74)
01-09 20:40:45.092: E/AndroidRuntime(23466): 	at io.reactivex.internal.operators.observable.ObservableObserveOn$ObserveOnObserver.checkTerminated(ObservableObserveOn.java:276)
01-09 20:40:45.092: E/AndroidRuntime(23466): 	at io.reactivex.internal.operators.observable.ObservableObserveOn$ObserveOnObserver.drainNormal(ObservableObserveOn.java:172)
01-09 20:40:45.092: E/AndroidRuntime(23466): 	at io.reactivex.internal.operators.observable.ObservableObserveOn$ObserveOnObserver.run(ObservableObserveOn.java:252)
01-09 20:40:45.092: E/AndroidRuntime(23466): 	at io.reactivex.android.schedulers.HandlerScheduler$ScheduledRunnable.run(HandlerScheduler.java:109)
01-09 20:40:45.092: E/AndroidRuntime(23466): 	at android.os.Handler.handleCallback(Handler.java:751)
01-09 20:40:45.092: E/AndroidRuntime(23466): 	at android.os.Handler.dispatchMessage(Handler.java:95)
01-09 20:40:45.092: E/AndroidRuntime(23466): 	at android.os.Looper.loop(Looper.java:154)
01-09 20:40:45.092: E/AndroidRuntime(23466): 	at android.app.ActivityThread.main(ActivityThread.java:6692)
01-09 20:40:45.092: E/AndroidRuntime(23466): 	at java.lang.reflect.Method.invoke(Native Method)
01-09 20:40:45.092: E/AndroidRuntime(23466): 	at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:1468)
01-09 20:40:45.092: E/AndroidRuntime(23466): 	at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1358)
01-09 20:40:45.092: E/AndroidRuntime(23466): Caused by: java.lang.ArrayIndexOutOfBoundsException: length=1; index=1
01-09 20:40:45.092: E/AndroidRuntime(23466): 	at org.mediawiki.api.MWApi.setAuthCookie(MWApi.java:98)
01-09 20:40:45.092: E/AndroidRuntime(23466): 	at fr.free.nrw.commons.mwapi.ApacheHttpClientMediaWikiApi.setAuthCookie(ApacheHttpClientMediaWikiApi.java:157)
01-09 20:40:45.092: E/AndroidRuntime(23466): 	at fr.free.nrw.commons.auth.SessionManager.lambda$getAndSetAuthCookie$1$SessionManager(SessionManager.java:67)
01-09 20:40:45.092: E/AndroidRuntime(23466): 	at fr.free.nrw.commons.auth.SessionManager$$Lambda$1.call(Unknown Source)
01-09 20:40:45.092: E/AndroidRuntime(23466): 	at io.reactivex.internal.operators.observable.ObservableFromCallable.subscribeActual(ObservableFromCallable.java:42)
01-09 20:40:45.092: E/AndroidRuntime(23466): 	at io.reactivex.Observable.subscribe(Observable.java:10901)
01-09 20:40:45.092: E/AndroidRuntime(23466): 	at io.reactivex.internal.operators.observable.ObservableSubscribeOn$SubscribeTask.run(ObservableSubscribeOn.java:96)
01-09 20:40:45.092: E/AndroidRuntime(23466): 	at io.reactivex.Scheduler$DisposeTask.run(Scheduler.java:452)
01-09 20:40:45.092: E/AndroidRuntime(23466): 	at io.reactivex.internal.schedulers.ScheduledRunnable.run(ScheduledRunnable.java:61)
01-09 20:40:45.092: E/AndroidRuntime(23466): 	at io.reactivex.internal.schedulers.ScheduledRunnable.call(ScheduledRunnable.java:52)
01-09 20:40:45.092: E/AndroidRuntime(23466): 	at java.util.concurrent.FutureTask.run(FutureTask.java:237)
01-09 20:40:45.092: E/AndroidRuntime(23466): 	at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:272)
01-09 20:40:45.092: E/AndroidRuntime(23466): 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1133)
01-09 20:40:45.092: E/AndroidRuntime(23466): 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:607)
01-09 20:40:45.092: E/AndroidRuntime(23466): 	at java.lang.Thread.run(Thread.java:762)

[misaochan]

Crashes - see comment

[misaochan]

@maskaravivek If it would help for you to get 2FA enabled on your production account, I think you can ask them at the link I mentioned in the issue and point them to this PR, stating that the beta servers aren't really sufficient for our testing/debugging needs as the results are not the same. They might help. :)

[maskaravivek]

@misaochan Updated the PR. 2FA now works across sessions and no longer crashes.

Also theres no need to create a cookie manually. :)

[codecov-io]

Codecov Report

Merging #1048 into master will increase coverage by 0.02%.
The diff coverage is 6%.

@@            Coverage Diff            @@
##           master   #1048      +/-   ##
=========================================
+ Coverage    3.96%   3.98%   +0.02%     
=========================================
  Files         123     123              
  Lines        5523    5566      +43     
  Branches      521     534      +13     
=========================================
+ Hits          219     222       +3     
- Misses       5289    5329      +40     
  Partials       15      15

Impacted Files	Coverage Δ
...ain/java/fr/free/nrw/commons/auth/AccountUtil.java	0% <ø> (ø)	⬆️
...ree/nrw/commons/auth/WikiAccountAuthenticator.java	0% <0%> (ø)	⬆️
...n/java/fr/free/nrw/commons/auth/LoginActivity.java	0% <0%> (ø)	⬆️
.../commons/auth/WikiAccountAuthenticatorService.java	0% <0%> (ø)	⬆️
...r/free/nrw/commons/auth/AuthenticatedActivity.java	0% <0%> (ø)	⬆️
...ommons/modifications/ModificationsSyncAdapter.java	0% <0%> (ø)	⬆️
.../free/nrw/commons/di/CommonsApplicationModule.java	52.63% <100%> (ø)	⬆️
.../java/fr/free/nrw/commons/auth/SessionManager.java	17.14% <14.28%> (-1.38%)	⬇️
...rw/commons/mwapi/ApacheHttpClientMediaWikiApi.java	5.81% <20.83%> (+0.41%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update f99dd34...a17f2c8. Read the comment docs.

[misaochan]

@maskaravivek Great job! 👍 I tested this on an API 25 emulator and it works well for me, managed to login fine with my 2FA acc. Tested uploading and logging out as well - will test logging in on a non-2FA account shortly.

There is a minor bug when logging in - the loading dialog persists even when 2fa code is asked for (see screenshot), and I had to use the back button to stop it.

[maskaravivek]

Ah! That wasnt happening for me while i was testing. I will check once again.

Thanks for testing it. :)

[misaochan]

It would also be really good if we could get a code review for this PR from a security/auth standpoint. @dbrant , do you think you could help us with this? :)

[maskaravivek]

Have rebased with master to resolve conflicts.

[misaochan]

Happy to merge this once the loading dialog bug has been fixed. :)

[maskaravivek]

@misaochan have fixed the loader issue.

[dbrant]

👍 Looks perfectly fine from a security/auth standpoint!

[misaochan]

Great job @maskaravivek ! I tested logging in and out with both my 2FA and non-2FA account, both work well for me. :) And thanks for the review, @dbrant !