Exemple #1
0
        public override void OnReceive(Context context, Intent intent)
        {
            PluginDatabase pluginDb = new PluginDatabase(context);

            if (intent.Action == Strings.ActionRequestAccess)
            {
                string senderPackage = intent.GetStringExtra(Strings.ExtraSender);
                string requestToken  = intent.GetStringExtra(Strings.ExtraRequestToken);

                IList <string> requestedScopes = intent.GetStringArrayListExtra(Strings.ExtraScopes);

                if (!AreScopesValid(requestedScopes))
                {
                    Log.Debug(_tag, "requested scopes not valid");
                    return;
                }

                if (pluginDb.GetRequestToken(senderPackage) != requestToken)
                {
                    Log.Warn(_tag, "Invalid requestToken!");
                    return;
                }
                string currentAccessToken = pluginDb.GetAccessToken(senderPackage);
                if ((currentAccessToken != null) &&
                    (AccessManager.IsSubset(requestedScopes,
                                            pluginDb.GetPluginScopes(senderPackage))))
                {
                    //permission already there.
                    var i = new Intent(Strings.ActionReceiveAccess);
                    i.PutExtra(Strings.ExtraSender, context.PackageName);
                    i.PutExtra(Strings.ExtraAccessToken, currentAccessToken);
                    //TODO: Plugin should verify requestToken to make sure it doesn't receive accessTokens from malicious apps
                    i.PutExtra(Strings.ExtraRequestToken, requestToken);
                    i.SetPackage(senderPackage);
                    context.SendBroadcast(i);

                    Log.Debug(_tag, "Plugin " + senderPackage + " enabled.");
                }
                else
                {
                    //store that scope was requested but not yet approved (=> accessToken = null)
                    pluginDb.StorePlugin(senderPackage, null, requestedScopes);

                    Log.Debug(_tag, "Plugin " + senderPackage + " not enabled.");

                    //see if the plugin has an access token
                    string accessToken = intent.GetStringExtra(Strings.ExtraAccessToken);
                    if (accessToken != null)
                    {
                        //notify plugin that access token is no longer valid or sufficient
                        Intent i = new Intent(Strings.ActionRevokeAccess);
                        i.PutExtra(Strings.ExtraSender, context.PackageName);
                        i.PutExtra(Strings.ExtraAccessToken, accessToken);
                        i.SetPackage(senderPackage);
                        context.SendBroadcast(i);
                        Log.Warn(_tag, "Access token of plugin " + senderPackage + " not (or no more) valid.");
                    }
                }
                if (OnReceivedRequest != null)
                {
                    OnReceivedRequest(this, new PluginHostEventArgs()
                    {
                        Package = senderPackage
                    });
                }
            }
        }