zulip · gnprice · Apr 2, 2024 · Mar 18, 2024 · Mar 19, 2024 · Mar 22, 2024
diff --git a/android/app/src/main/AndroidManifest.xml b/android/app/src/main/AndroidManifest.xml
@@ -25,6 +25,13 @@
                 <action android:name="android.intent.action.MAIN"/>
                 <category android:name="android.intent.category.LAUNCHER"/>
             </intent-filter>
+            <meta-data android:name="flutter_deeplinking_enabled" android:value="true" />
+            <intent-filter>
+                <action android:name="android.intent.action.VIEW" />
+                <category android:name="android.intent.category.DEFAULT" />
+                <category android:name="android.intent.category.BROWSABLE" />
+                <data android:scheme="zulip" android:host="login" />
+            </intent-filter>
         </activity>
         <!-- Don't delete the meta-data below.
              This is used by the Flutter tool to generate GeneratedPluginRegistrant.java -->

diff --git a/assets/l10n/app_en.arb b/assets/l10n/app_en.arb
@@ -63,6 +63,14 @@
   "@actionSheetOptionUnstarMessage":  {
     "description": "Label for unstar button on action sheet."
   },
+  "errorWebAuthOperationalErrorTitle": "Something went wrong",
+  "@errorWebAuthOperationalErrorTitle": {
+    "description": "Error title when third-party authentication has an operational error (not necessarily caused by invalid credentials)."
+  },
+  "errorWebAuthOperationalError": "An unexpected error occurred.",
+  "@errorWebAuthOperationalError": {
+    "description": "Error message when third-party authentication has an operational error (not necessarily caused by invalid credentials)."
+  },
   "errorAccountLoggedInTitle": "Account already logged in",
   "@errorAccountLoggedInTitle": {
     "description": "Error title on attempting to log into an account that's already logged in."
@@ -281,6 +289,17 @@
   "@loginFormSubmitLabel": {
     "description": "Button text to submit login credentials."
   },
+  "loginMethodDivider": "OR",
+  "@loginMethodDivider": {
+    "description": "Text on the divider between the username/password form and the third-party login options. Uppercase (for languages with letter case)."
+  },
+  "signInWithFoo": "Sign in with {method}",
+  "@signInWithFoo": {
+    "description": "Button to use {method} to sign in to the app.",
+    "placeholders": {
+      "method": {"type": "String", "example": "Google"}
+    }
+  },
   "loginAddAnAccountPageTitle": "Add an account",
   "@loginAddAnAccountPageTitle": {
     "description": "Page title for screen to add a Zulip account."

diff --git a/ios/Runner/Info.plist b/ios/Runner/Info.plist
@@ -22,8 +22,21 @@
 	<string>$(FLUTTER_BUILD_NAME)</string>
 	<key>CFBundleSignature</key>
 	<string>????</string>
+	<key>CFBundleURLTypes</key>
+	<array>
+		<dict>
+			<key>CFBundleURLName</key>
+			<string>com.zulip.flutter</string>
+			<key>CFBundleURLSchemes</key>
+			<array>
+				<string>zulip</string>
+			</array>
+		</dict>
+	</array>
 	<key>CFBundleVersion</key>
 	<string>$(FLUTTER_BUILD_NUMBER)</string>
+	<key>FlutterDeepLinkingEnabled</key>
+	<true/>
 	<key>ITSAppUsesNonExemptEncryption</key>
 	<false/>
 	<key>LSRequiresIPhoneOS</key>

diff --git a/lib/api/model/web_auth.dart b/lib/api/model/web_auth.dart
@@ -0,0 +1,87 @@
+import 'dart:math';
+
+import 'package:convert/convert.dart';
+import 'package:flutter/foundation.dart';
+
+/// The authentication information contained in the zulip:// redirect URL.
+class WebAuthPayload {
+  final Uri realm;
+  final String email;
+  final int? userId; // TODO(server-5) new in FL 108
+  final String otpEncryptedApiKey;
+
+  WebAuthPayload._({
+    required this.realm,
+    required this.email,
+    required this.userId,
+    required this.otpEncryptedApiKey,
+  });
+
+  factory WebAuthPayload.parse(Uri url) {
+    if (
+      url case Uri(
+        scheme: 'zulip',
+        host: 'login',
+        queryParameters: {
+          'realm': String realmStr,
+          'email': String email,
+          // 'user_id' handled below
+          'otp_encrypted_api_key': String otpEncryptedApiKey,
+        },
+      )
+    ) {
+      final Uri? realm = Uri.tryParse(realmStr);
+      if (realm == null) throw const FormatException();
+
+      // TODO(server-5) require in queryParameters (new in FL 108)
+      final userIdStr = url.queryParameters['user_id'];
+      int? userId;
+      if (userIdStr != null) {
+        userId = int.tryParse(userIdStr, radix: 10);
+        if (userId == null) throw const FormatException();
+      }
+
+      if (!RegExp(r'^[0-9a-fA-F]{64}$').hasMatch(otpEncryptedApiKey)) {
+        throw const FormatException();
+      }
+
+      return WebAuthPayload._(
+        otpEncryptedApiKey: otpEncryptedApiKey,
+        email: email,
+        userId: userId,
+        realm: realm,
+      );
+    } else {
+      // TODO(dart): simplify after https://github.com/dart-lang/language/issues/2537
+      throw const FormatException();
+    }
+  }
+
+  String decodeApiKey(String otp) {
+    final otpBytes = hex.decode(otp);
+    final otpEncryptedApiKeyBytes = hex.decode(otpEncryptedApiKey);
+    if (otpBytes.length != otpEncryptedApiKeyBytes.length) {
+      throw const FormatException();
+    }
+    return String.fromCharCodes(Iterable.generate(otpBytes.length,
+      (i) => otpBytes[i] ^ otpEncryptedApiKeyBytes[i]));
+  }
+}
+
+String generateOtp() {
+  final rand = Random.secure();
+  final Uint8List bytes = Uint8List.fromList(
+    List.generate(32, (_) => rand.nextInt(256)));
+  return hex.encode(bytes);
+}
+
+/// For tests, create an OTP-encrypted API key.
+@visibleForTesting
+String debugEncodeApiKey(String apiKey, String otp) {
+  final apiKeyBytes = apiKey.codeUnits;
+  assert(apiKeyBytes.every((byte) => byte <= 0xff));
+  final otpBytes = hex.decode(otp);
+  assert(apiKeyBytes.length == otpBytes.length);
+  return hex.encode(List.generate(otpBytes.length,
+    (i) => apiKeyBytes[i] ^ otpBytes[i]));
+}
diff --git a/lib/model/binding.dart b/lib/model/binding.dart
@@ -75,6 +75,11 @@ abstract class ZulipBinding {
   /// to a [GlobalStore].
   Future<GlobalStore> loadGlobalStore();
 
+  /// Checks whether the platform can launch [url], via package:url_launcher.
+  ///
+  /// This wraps [url_launcher.canLaunchUrl].
+  Future<bool> canLaunchUrl(Uri url);
+
   /// Pass [url] to the underlying platform, via package:url_launcher.
   ///
   /// This wraps [url_launcher.launchUrl].
@@ -83,6 +88,16 @@ abstract class ZulipBinding {
     url_launcher.LaunchMode mode = url_launcher.LaunchMode.platformDefault,
   });
 
+  /// Checks whether [closeInAppWebView] is supported, via package:url_launcher.
+  ///
+  /// This wraps [url_launcher.supportsCloseForLaunchMode].
+  Future<bool> supportsCloseForLaunchMode(url_launcher.LaunchMode mode);
+
+  /// Closes the current in-app web view, via package:url_launcher.
+  ///
+  /// This wraps [url_launcher.closeInAppWebView].
+  Future<void> closeInAppWebView();
+
   /// Provides device and operating system information,
   /// via package:device_info_plus.
   ///
@@ -159,6 +174,9 @@ class LiveZulipBinding extends ZulipBinding {
     return LiveGlobalStore.load();
   }
 
+  @override
+  Future<bool> canLaunchUrl(Uri url) => url_launcher.canLaunchUrl(url);
+
   @override
   Future<bool> launchUrl(
     Uri url, {
@@ -167,6 +185,16 @@ class LiveZulipBinding extends ZulipBinding {
     return url_launcher.launchUrl(url, mode: mode);
   }
 
+  @override
+  Future<bool> supportsCloseForLaunchMode(url_launcher.LaunchMode mode) async {
+    return url_launcher.supportsCloseForLaunchMode(mode);
+  }
+
+  @override
+  Future<void> closeInAppWebView() async {
+    return url_launcher.closeInAppWebView();
+  }
+
   @override
   Future<BaseDeviceInfo> deviceInfo() async {
     final deviceInfo = await device_info_plus.DeviceInfoPlugin().deviceInfo;

diff --git a/lib/widgets/app.dart b/lib/widgets/app.dart
@@ -17,7 +17,7 @@ import 'store.dart';
 import 'subscription_list.dart';
 import 'text.dart';
 
-class ZulipApp extends StatelessWidget {
+class ZulipApp extends StatefulWidget {
   const ZulipApp({super.key, this.navigatorObservers});
 
   /// Whether the app's widget tree is ready.
@@ -79,6 +79,34 @@ class ZulipApp extends StatelessWidget {
     _ready.value = true;
   }
 
+  @override
+  State<ZulipApp> createState() => _ZulipAppState();
+}
+
+class _ZulipAppState extends State<ZulipApp> with WidgetsBindingObserver {
+  @override
+  Future<bool> didPushRouteInformation(routeInformation) async {
+    if (routeInformation case RouteInformation(
+      uri: Uri(scheme: 'zulip', host: 'login') && var url)
+    ) {
+      await LoginPage.handleWebAuthUrl(url);
+      return true;
+    }
+    return super.didPushRouteInformation(routeInformation);
+  }
+
+  @override
+  void initState() {
+    super.initState();
+    WidgetsBinding.instance.addObserver(this);
+  }
+
+  @override
+  void dispose() {
+    WidgetsBinding.instance.removeObserver(this);
+    super.dispose();
+  }
+
   @override
   Widget build(BuildContext context) {
     final theme = ThemeData(
@@ -123,12 +151,12 @@ class ZulipApp extends StatelessWidget {
           supportedLocales: ZulipLocalizations.supportedLocales,
           theme: theme,
 
-          navigatorKey: navigatorKey,
-          navigatorObservers: navigatorObservers ?? const [],
+          navigatorKey: ZulipApp.navigatorKey,
+          navigatorObservers: widget.navigatorObservers ?? const [],
           builder: (BuildContext context, Widget? child) {
-            if (!ready.value) {
+            if (!ZulipApp.ready.value) {
               SchedulerBinding.instance.addPostFrameCallback(
-                (_) => _declareReady());
+                (_) => widget._declareReady());
             }
             GlobalLocalizations.zulipLocalizations = ZulipLocalizations.of(context);
             return child!;