Fixed #1303 - API to remove stored session cookies & auth tokens

- Ported iOS implementation: couchbase/couchbase-lite-ios#1330

Author: hideki

src/main/java/com/couchbase/lite/auth/Authenticator.java

@@ -14,6 +14,4 @@
 package com.couchbase.lite.auth;
 
 public interface Authenticator {
-    // @optional
-    String getUsername();
 }

src/main/java/com/couchbase/lite/auth/Authorizer.java

@@ -26,4 +26,9 @@ public interface Authorizer extends Authenticator {
     URL getRemoteURL();
 
     void setRemoteURL(URL remoteURL);
+
+    boolean removeStoredCredentials();
+
+    // @optional
+    String getUsername();
 }

src/main/java/com/couchbase/lite/auth/BaseAuthorizer.java

@@ -25,16 +25,7 @@ public abstract class BaseAuthorizer implements Authorizer {
     protected URL remoteURL;
 
     ////////////////////////////////////////////////////////////
-    // Implementation of Authenticator
-    ////////////////////////////////////////////////////////////
-    @Override
-    public String getUsername() {
-        // @optional
-        return null;
-    }
-
-    ////////////////////////////////////////////////////////////
-    // Implementations of IAuthorizer
+    // Implementations of Authorizer
     ////////////////////////////////////////////////////////////
 
     @Override
@@ -46,4 +37,15 @@ public URL getRemoteURL() {
     public void setRemoteURL(URL remoteURL) {
         this.remoteURL = remoteURL;
     }
+
+    @Override
+    public boolean removeStoredCredentials() {
+        return true;
+    }
+
+    @Override
+    public String getUsername() {
+        // @optional
+        return null;
+    }
 }

src/main/java/com/couchbase/lite/auth/OpenIDConnectAuthorizer.java

@@ -88,7 +88,7 @@ public boolean authorizeURLRequest(Request.Builder builder) {
     }
 
     ////////////////////////////////////////////////////////////
-    // Implementations of ISessionCookieAuthorizer(ILoginAuthorizer)
+    // Implementations of SessionCookieAuthorizer(LoginAuthorizer)
     ////////////////////////////////////////////////////////////
 
     // #pragma mark - LOGIN:
@@ -184,19 +184,30 @@ public void loginResponse(Object jsonResponse,
         block.call(false, error);
     }
 
+    @Override
+    public boolean implementedLoginResponse() {
+        return true;
+    }
 
     ////////////////////////////////////////////////////////////
-    // Implementation of Authenticator
+    // Implementation of Authorizer
     ////////////////////////////////////////////////////////////
+
     @Override
-    public String getUsername() {
-        // @optional
-        return username;
+    public boolean removeStoredCredentials() {
+        if(!deleteTokens())
+            return false;
+        IDToken = null;
+        refreshToken = null;
+        haveSessionCookie = false;
+        authURL = null;
+        return true;
     }
 
     @Override
-    public boolean implementedLoginResponse() {
-        return true;
+    public String getUsername() {
+        // @optional
+        return username;
     }
 
     ////////////////////////////////////////////////////////////

src/main/java/com/couchbase/lite/auth/PasswordAuthorizer.java

@@ -69,4 +69,20 @@ public String authUserInfo() {
         }
         return null;
     }
+    ////////////////////////////////////////////////////////////
+    // Implementation of Authorizer
+    ////////////////////////////////////////////////////////////
+
+    @Override
+    public boolean removeStoredCredentials() {
+        this.username = null;
+        this.password = null;
+        return true;
+    }
+
+    @Override
+    public String getUsername() {
+        // @optional
+        return username;
+    }
 }

src/main/java/com/couchbase/lite/replicator/Replication.java

@@ -21,11 +21,13 @@
 import com.couchbase.lite.ReplicationFilter;
 import com.couchbase.lite.RevisionList;
 import com.couchbase.lite.auth.Authenticator;
+import com.couchbase.lite.auth.Authorizer;
 import com.couchbase.lite.internal.InterfaceAudience;
 import com.couchbase.lite.support.CouchbaseLiteHttpClientFactory;
 import com.couchbase.lite.support.HttpClientFactory;
 import com.couchbase.lite.support.PersistentCookieJar;
 import com.couchbase.lite.util.Log;
+import com.couchbase.lite.util.URLUtils;
 
 import java.net.URL;
 import java.util.Date;
@@ -694,6 +696,12 @@ public void setFilterParams(Map<String, Object> filterParams) {
         replicationInternal.setFilterParams(filterParams);
     }
 
+    /** The server user name that the authenticator has logged in as, if known. Observable. */
+    @InterfaceAudience.Public
+    public String getUsername(){
+        return replicationInternal.getUsername();
+    }
+
     /**
      * Sets an HTTP cookie for the Replication.
      *
@@ -738,6 +746,23 @@ public void deleteCookie(String name) {
         replicationInternal.deleteCookie(name);
     }
 
+    /**
+     * Deletes any persistent credentials (passwords, auth tokens...) associated with this
+     * replication's CBLAuthenticator. Also removes session cookies from the cookie store.
+     */
+    @InterfaceAudience.Public
+    public boolean removeStoredCredentials(){
+        if (getAuthenticator() != null) {
+            if (!(getAuthenticator() instanceof Authorizer) ||
+                    !((Authorizer) getAuthenticator()).removeStoredCredentials())
+                return false;
+        }else {
+            // CBL Java does not use credential. No thing to do
+        }
+        replicationInternal.resetCookieStore();
+        return true;
+    }
+
     /**
      * Get the remote UUID representing the remote server.
      */

src/main/java/com/couchbase/lite/replicator/ReplicationInternal.java

@@ -39,6 +39,7 @@
 import com.couchbase.lite.util.Log;
 import com.couchbase.lite.util.TextUtils;
 import com.couchbase.lite.util.URIUtils;
+import com.couchbase.lite.util.URLUtils;
 import com.couchbase.lite.util.Utils;
 import com.github.oxo42.stateless4j.StateMachine;
 import com.github.oxo42.stateless4j.delegates.Action1;
@@ -104,6 +105,7 @@ protected enum ChangeListenerNotifyStyle {
     protected String lastSequence;
     protected Authenticator authenticator;
     protected boolean authenticating = false;
+    protected String username;
     protected String filterName;
     protected Map<String, Object> filterParams;
     protected List<String> documentIDs;
@@ -158,6 +160,7 @@ protected enum ChangeListenerNotifyStyle {
         this.lifecycle = lifecycle;
         this.requestHeaders = new HashMap<String, Object>();
         this.authenticating = false;
+        this.username = URLUtils.getUser(remote);
 
         // The reason that notifications are ASYNC is to make the public API call
         // Replication.getStatus() work as expected.  Because if this is set to SYNC,
@@ -547,6 +550,8 @@ private void loginFinishedWithError(Throwable error) {
             setError(error);
         } else {
             Log.v(TAG, "%s: Successfully logged in!", this);
+            if (authenticator != null && authenticator instanceof OpenIDConnectAuthorizer)
+                this.username = ((OpenIDConnectAuthorizer) authenticator).getUsername();
             fetchRemoteCheckpointDoc();
         }
     }
@@ -1794,6 +1799,10 @@ public void deleteCookie(String name) {
         this.clientFactory.deleteCookie(name);
     }
 
+    /* package */ void resetCookieStore(){
+        this.clientFactory.resetCookieStore();
+    }
+
     protected HttpClientFactory getClientFactory() {
         return clientFactory;
     }
@@ -1955,4 +1964,8 @@ protected void waitPendingFuturesCompleted() {
             Log.e(TAG, "Exception waiting for pending futures: %s", e);
         }
     }
+
+    /*package*/ String getUsername() {
+        return username;
+    }
 }

src/main/java/com/couchbase/lite/support/CouchbaseLiteHttpClientFactory.java

@@ -66,6 +66,10 @@ public void setSSLSocketFactory(SSLSocketFactory sslSocketFactory) {
         this.sslSocketFactory = sslSocketFactory;
     }
 
+    ////////////////////////////////////////////////////////////
+    // Implementations of HttpClientFactory
+    ////////////////////////////////////////////////////////////
+
     @Override
     @InterfaceAudience.Private
     synchronized public OkHttpClient getOkHttpClient() {
@@ -92,6 +96,7 @@ synchronized public OkHttpClient getOkHttpClient() {
         return client;
     }
 
+    @Override
     @InterfaceAudience.Private
     synchronized public void addCookies(List<Cookie> cookies) {
         if (cookieJar != null) {
@@ -100,6 +105,8 @@ synchronized public void addCookies(List<Cookie> cookies) {
         }
     }
 
+    @Override
+    @InterfaceAudience.Private
     synchronized public void deleteCookie(String name) {
         // since CookieStore does not have a way to delete an individual cookie, do workaround:
         // 1. get all cookies
@@ -121,6 +128,15 @@ synchronized public void deleteCookie(String name) {
         cookieJar.saveFromResponse(null, retainedCookies);
     }
 
+    @Override
+    @InterfaceAudience.Private
+    synchronized public void resetCookieStore(){
+        if (cookieJar == null)
+            return;
+        cookieJar.clear();
+    }
+
+    @Override
     @InterfaceAudience.Private
     public CookieJar getCookieStore() {
         return cookieJar;

src/main/java/com/couchbase/lite/support/HttpClientFactory.java

@@ -26,5 +26,7 @@ public interface HttpClientFactory {
 
     void deleteCookie(String name);
 
+    void resetCookieStore();
+
     CookieJar getCookieStore();
 }

src/main/java/com/couchbase/lite/util/URLUtils.java

@@ -39,4 +39,13 @@ public static Map<String, List<String>> splitQuery(URL url) throws UnsupportedEn
         }
         return query_pairs;
     }
+
+    public static String getUser(URL url) {
+        if (url == null || url.getUserInfo() == null)
+            return null;
+        String[] tokens = url.getUserInfo().split(":");
+        if (tokens == null || tokens.length == 0)
+            return null;
+        return tokens[0];
+    }
 }