Merge pull request #8321 from nextcloud/https

Prevent http redirection if https is used during login

src/main/java/com/owncloud/android/authentication/AuthenticatorActivity.java

@@ -242,6 +242,7 @@ public class AuthenticatorActivity extends AccountAuthenticatorActivity
     private boolean onlyAdd = false;
     @SuppressLint("ResourceAsColor") @ColorInt
     private int primaryColor = R.color.primary;
+    private boolean strictMode = false;
 
     @VisibleForTesting
     public AccountSetupBinding getAccountSetupBinding() {
@@ -382,6 +383,10 @@ private void initWebViewLogin(String baseURL, boolean useGenericUserAgent) {
             url = getResources().getString(R.string.webview_login_url);
         }
 
+        if (url.startsWith(HTTPS_PROTOCOL)) {
+            strictMode = true;
+        }
+
         accountSetupWebviewBinding.loginWebview.loadUrl(url, headers);
 
         setClient();
@@ -423,6 +428,10 @@ public boolean shouldOverrideUrlLoading(WebView view, String url) {
                     parseAndLoginFromWebView(url);
                     return true;
                 }
+                if (strictMode && url.startsWith(HTTP_PROTOCOL)) {
+                    Snackbar.make(view, R.string.strict_mode, Snackbar.LENGTH_LONG).show();
+                    return true;
+                }
                 return false;
             }
 

src/main/res/values/strings.xml

@@ -957,4 +957,5 @@
     <string name="create">Create</string>
     <string name="select_one_template">Please select one template</string>
     <string name="choose_template_helper_text">Please choose a template and enter a file name.</string>
+    <string name="strict_mode">Strict mode: no http connection allowed!</string>
 </resources>