prevent asymmetric facebook session management with flag

build.gradle

@@ -4,7 +4,7 @@ buildscript {
         jcenter()
     }
     dependencies {
-        classpath 'com.android.tools.build:gradle:2.3.2'
+        classpath 'com.android.tools.build:gradle:3.0.0'
     }
 }
 

library/build.gradle

@@ -23,12 +23,12 @@ buildscript {
 }
 
 android {
-    compileSdkVersion 25
-    buildToolsVersion "25.0.2"
+    compileSdkVersion 26
+    buildToolsVersion '26.0.2'
 
     defaultConfig {
         minSdkVersion 15
-        targetSdkVersion 25
+        targetSdkVersion 26
         versionCode 1
         versionName project.version
     }

library/src/main/java/com/parse/FacebookController.java

@@ -139,10 +139,12 @@ public Map<String, String> getAuthData(AccessToken accessToken) {
     return authData;
   }
 
-  public void setAuthData(Map<String, String> authData)
+  public void setAuthData(Map<String, String> authData, boolean isFacebookLoginScopeExternallyManaged)
       throws java.text.ParseException {
     if (authData == null) {
-      facebookSdkDelegate.getLoginManager().logOut();
+      if (!isFacebookLoginScopeExternallyManaged) {
+        facebookSdkDelegate.getLoginManager().logOut();
+      }
       return;
     }
 

library/src/main/java/com/parse/ParseFacebookUtils.java

@@ -71,6 +71,7 @@ public final class ParseFacebookUtils {
 
   private static final Object lock = new Object();
   /* package for tests */ static boolean isInitialized;
+  /* package for tests */ static boolean isFacebookLoginScopeExternallyManaged = false;
   /* package for tests */ static FacebookController controller;
   /* package for tests */ static ParseUserDelegate userDelegate = new ParseUserDelegateImpl();
 
@@ -111,7 +112,7 @@ public static void initialize(Context context, int callbackRequestCodeOffset) {
         @Override
         public boolean onRestore(Map<String, String> authData) {
           try {
-            getController().setAuthData(authData);
+            getController().setAuthData(authData, isFacebookLoginScopeExternallyManaged);
             return true;
           } catch (Exception e) {
             return false;
@@ -167,6 +168,7 @@ public static boolean onActivityResult(int requestCode, int resultCode, Intent d
    * @return A task that will be resolved when logging in is complete.
    */
   public static Task<ParseUser> logInInBackground(AccessToken accessToken) {
+    isFacebookLoginScopeExternallyManaged = true;
     checkInitialization();
     return userDelegate.logInWithInBackground(AUTH_TYPE, getController().getAuthData(accessToken));
   }
@@ -180,6 +182,7 @@ public static Task<ParseUser> logInInBackground(AccessToken accessToken) {
    * @return A task that will be resolved when logging in is complete.
    */
   public static Task<ParseUser> logInInBackground(AccessToken accessToken, LogInCallback callback) {
+    isFacebookLoginScopeExternallyManaged = true;
     return callbackOnMainThreadAsync(logInInBackground(accessToken), callback, true);
   }
 

library/src/test/java/com/parse/FacebookControllerTest.java

@@ -102,20 +102,30 @@ public void testGetAuthData() {
   //region testSetAuthData
 
   @Test
-  public void testSetAuthDataWithNull() throws java.text.ParseException {
+  public void testSetAuthDataWithNullNotExternallyManaged() throws java.text.ParseException {
     FacebookController.FacebookSdkDelegate facebookSdk =
-        mock(FacebookController.FacebookSdkDelegate.class);
+            mock(FacebookController.FacebookSdkDelegate.class);
     LoginManager loginManager = mock(LoginManager.class);
     when(facebookSdk.getLoginManager()).thenReturn(loginManager);
     FacebookController controller = new FacebookController(facebookSdk);
 
-    controller.setAuthData(null);
+    controller.setAuthData(null, false);
     verify(facebookSdk).getLoginManager();
     verifyNoMoreInteractions(facebookSdk);
     verify(loginManager).logOut();
     verifyNoMoreInteractions(loginManager);
   }
 
+  @Test
+  public void testSetAuthDataWithNullExternallyManaged() throws java.text.ParseException {
+    FacebookController.FacebookSdkDelegate facebookSdk =
+            mock(FacebookController.FacebookSdkDelegate.class);
+    FacebookController controller = new FacebookController(facebookSdk);
+
+    controller.setAuthData(null, true);
+    verifyNoMoreInteractions(facebookSdk);
+  }
+
   @Test
   public void testSetAuthData() throws ParseException {
     Locale.setDefault(new Locale("ar")); // Mimic the device's locale
@@ -130,7 +140,7 @@ public void testSetAuthData() throws ParseException {
     authData.put("id", "test_id");
     authData.put("access_token", "test_token");
     authData.put("expiration_date", "2015-07-03T07:00:00.000Z");
-    controller.setAuthData(authData);
+    controller.setAuthData(authData, true);
     ArgumentCaptor<AccessToken> accessTokenCapture = ArgumentCaptor.forClass(AccessToken.class);
     verify(facebookSdk).setCurrentAccessToken(accessTokenCapture.capture());
     AccessToken accessToken = accessTokenCapture.getValue();
@@ -153,13 +163,13 @@ public void testSetAuthDataWithDifferentAccessToken() throws ParseException {
     authData.put("id", "new_id");
     authData.put("access_token", "test_token");
     authData.put("expiration_date", "2015-07-03T07:00:00.000Z");
-    controller.setAuthData(authData);
+    controller.setAuthData(authData, true);
     verify(facebookSdk, times(1)).setCurrentAccessToken(any(AccessToken.class));
 
     authData.put("id", "new_id");
     authData.put("access_token", "new_token");
     authData.put("expiration_date", "2015-07-03T07:00:00.000Z");
-    controller.setAuthData(authData);
+    controller.setAuthData(authData, true);
     verify(facebookSdk, times(2)).setCurrentAccessToken(any(AccessToken.class));
   }
 
@@ -175,7 +185,7 @@ public void testSetAuthDataWithSameAccessToken() throws ParseException {
     authData.put("id", "test_id");
     authData.put("access_token", "test_token");
     authData.put("expiration_date", "2015-07-03T07:00:00.000Z");
-    controller.setAuthData(authData);
+    controller.setAuthData(authData, true);
     verify(facebookSdk, never()).setCurrentAccessToken(any(AccessToken.class));
   }
 

library/src/test/java/com/parse/ParseFacebookUtilsTest.java

@@ -34,6 +34,7 @@
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
 import static org.mockito.Matchers.any;
+import static org.mockito.Matchers.anyBoolean;
 import static org.mockito.Matchers.anyInt;
 import static org.mockito.Matchers.anyListOf;
 import static org.mockito.Matchers.anyMapOf;
@@ -102,7 +103,7 @@ public void testRestoreAuthentication() throws java.text.ParseException {
     Map<String, String> authData = new HashMap<>();
 
     assertTrue(callback.onRestore(authData));
-    verify(controller).setAuthData(authData);
+    verify(controller).setAuthData(authData, true);
   }
 
   @Test
@@ -115,10 +116,10 @@ public void testRestoreAuthenticationFailure() throws java.text.ParseException {
     Map<String, String> authData = new HashMap<>();
     doThrow(new RuntimeException())
         .when(controller)
-        .setAuthData(anyMapOf(String.class, String.class));
+        .setAuthData(anyMapOf(String.class, String.class), anyBoolean());
 
     assertFalse(callback.onRestore(authData));
-    verify(controller).setAuthData(authData);
+    verify(controller).setAuthData(authData, false);
   }
 
   //endregion