Merge pull request #415 from Iterable/MOB-3850-Patch-for-allowedProtocols

Mob 3850 patch for allowed protocols

Author: Ayyanchira

iterableapi/src/main/java/com/iterable/iterableapi/IterableActionRunner.java

@@ -14,41 +14,33 @@
 import java.util.List;
 
 class IterableActionRunner {
+
     @VisibleForTesting
     static IterableActionRunnerImpl instance = new IterableActionRunnerImpl();
 
     static boolean executeAction(@NonNull Context context, @Nullable IterableAction action, @NonNull IterableActionSource source) {
-        return instance.executeAction(context, action, source, new String[0]);
-    }
-
-    static boolean executeAction(@NonNull Context context, @Nullable IterableAction action, @NonNull IterableActionSource source, @NonNull String[] allowedProtocols) {
-        return instance.executeAction(context, action, source, allowedProtocols);
+        return instance.executeAction(context, action, source);
     }
 
     static class IterableActionRunnerImpl {
         private static final String TAG = "IterableActionRunner";
 
-        boolean executeAction(@NonNull Context context, @Nullable IterableAction action, @NonNull IterableActionSource source) {
-            return executeAction(context, action, source, new String[0]);
-        }
-
         /**
          * Execute an {@link IterableAction} as a response to push action
          *
          * @param context Context
          * @param action  The original action object
-         * @param allowedProtocols protocols that the SDK is allowed to open in addition to `https`
          * @return `true` if the action was handled, `false` if it was not
          */
-        boolean executeAction(@NonNull Context context, @Nullable IterableAction action, @NonNull IterableActionSource source, @NonNull String[] allowedProtocols) {
+        boolean executeAction(@NonNull Context context, @Nullable IterableAction action, @NonNull IterableActionSource source) {
             if (action == null) {
                 return false;
             }
 
             IterableActionContext actionContext = new IterableActionContext(action, source);
 
             if (action.isOfType(IterableAction.ACTION_TYPE_OPEN_URL)) {
-                return openUri(context, Uri.parse(action.getData()), actionContext, allowedProtocols);
+                return openUri(context, Uri.parse(action.getData()), actionContext);
             } else {
                 return callCustomActionIfSpecified(action, actionContext);
             }
@@ -65,19 +57,19 @@ boolean executeAction(@NonNull Context context, @Nullable IterableAction action,
          * @return `true` if the action was handled, or an activity was found for this URL
          * `false` if the handler did not handle this URL and no activity was found to open it with
          */
-        private boolean openUri(@NonNull Context context, @NonNull Uri uri, @NonNull IterableActionContext actionContext, String[] allowedProtocols) {
+        private boolean openUri(@NonNull Context context, @NonNull Uri uri, @NonNull IterableActionContext actionContext) {
+            // Handle URL: check for deep links within the app
+            if (!IterableUtil.isUrlOpenAllowed(uri.toString())) {
+                return false;
+            }
+
             if (IterableApi.sharedInstance.config.urlHandler != null) {
                 if (IterableApi.sharedInstance.config.urlHandler.handleIterableURL(uri, actionContext)) {
                     return true;
                 }
             }
 
             // Handle URL: check for deep links within the app
-            if (!isUrlOpenAllowed(uri.toString(), allowedProtocols)) {
-                IterableLogger.e(TAG, "URL was not in the allowed protocols list");
-                return false;
-            }
-
             Intent intent = new Intent(Intent.ACTION_VIEW);
             intent.setData(uri);
 
@@ -119,19 +111,5 @@ private boolean callCustomActionIfSpecified(@NonNull IterableAction action, @Non
             }
             return false;
         }
-
-        private static boolean isUrlOpenAllowed(@NonNull String url, @NonNull String[] allowedProtocols) {
-            if (url.startsWith("https")) {
-                return true;
-            }
-
-            for (String protocol : allowedProtocols) {
-                if (url.startsWith(protocol)) {
-                    return true;
-                }
-            }
-
-            return false;
-        }
     }
 }

iterableapi/src/main/java/com/iterable/iterableapi/IterableApi.java

@@ -299,7 +299,7 @@ public static void initialize(@NonNull Context context, @NonNull String apiKey,
 
         if (sharedInstance.inAppManager == null) {
             sharedInstance.inAppManager = new IterableInAppManager(sharedInstance, sharedInstance.config.inAppHandler,
-                    sharedInstance.config.inAppDisplayInterval, sharedInstance.config.allowedProtocols);
+                    sharedInstance.config.inAppDisplayInterval);
         }
 
         loadLastSavedConfiguration(context);
@@ -402,7 +402,7 @@ public void setUserId(@Nullable String userId) {
      *                   or the original url if it is not an Iterable link.
      */
     public void getAndTrackDeepLink(@NonNull String uri, @NonNull IterableHelper.IterableActionHandler onCallback) {
-        IterableDeeplinkManager.getAndTrackDeeplink(uri, onCallback, config.allowedProtocols);
+        IterableDeeplinkManager.getAndTrackDeeplink(uri, onCallback);
     }
 
     /**
@@ -427,7 +427,7 @@ public void execute(String originalUrl) {
                     IterableAction action = IterableAction.actionOpenUrl(originalUrl);
                     IterableActionRunner.executeAction(getInstance().getMainActivityContext(), action, IterableActionSource.APP_LINK);
                 }
-            }, config.allowedProtocols);
+            });
             return true;
         } else {
             IterableAction action = IterableAction.actionOpenUrl(uri);

iterableapi/src/main/java/com/iterable/iterableapi/IterableDeeplinkManager.java

@@ -13,7 +13,7 @@
 import java.util.regex.Pattern;
 
 class IterableDeeplinkManager {
-    private static final String TAG = "IterableDeeplinkManager";
+
     private static Pattern deeplinkPattern = Pattern.compile(IterableConstants.ITBL_DEEPLINK_IDENTIFIER);
 
     /**
@@ -22,22 +22,10 @@ class IterableDeeplinkManager {
      * @param callback The callback to execute the original URL is retrieved
      */
     static void getAndTrackDeeplink(@Nullable String url, @NonNull IterableHelper.IterableActionHandler callback) {
-        IterableDeeplinkManager.getAndTrackDeeplink(url, callback, new String[0]);
-    }
-
-    /**
-     * Tracks a link click and passes the redirected URL to the callback
-     * @param url The URL that was clicked
-     * @param callback The callback to execute the original URL is retrieved
-     * @param allowedProtocols a list of protocols (on top of `https`) to allow opening
-     */
-    static void getAndTrackDeeplink(@Nullable String url, @NonNull IterableHelper.IterableActionHandler callback, @NonNull String[] allowedProtocols) {
         if (url != null) {
-            if (!isUrlOpenAllowed(url, allowedProtocols)) {
-                IterableLogger.e(TAG, "URL was not in the allowed protocols list");
+            if (!IterableUtil.isUrlOpenAllowed(url)) {
                 return;
             }
-
             if (isIterableDeeplink(url)) {
                 new RedirectTask(callback).execute(url);
             } else {
@@ -63,20 +51,6 @@ static boolean isIterableDeeplink(@Nullable String url) {
         return false;
     }
 
-    private static boolean isUrlOpenAllowed(@NonNull String url, @NonNull String[] allowedProtocols) {
-        if (url.startsWith("https")) {
-            return true;
-        }
-
-        for (String protocol : allowedProtocols) {
-            if (url.startsWith(protocol)) {
-                return true;
-            }
-        }
-
-        return false;
-    }
-
     private static class RedirectTask extends AsyncTask<String, Void, String> {
         static final String TAG = "RedirectTask";
         static final int DEFAULT_TIMEOUT_MS = 3000;   //3 seconds

iterableapi/src/main/java/com/iterable/iterableapi/IterableInAppFragmentHTMLNotification.java

@@ -35,6 +35,7 @@
 import androidx.fragment.app.DialogFragment;
 
 public class IterableInAppFragmentHTMLNotification extends DialogFragment implements IterableWebViewClient.HTMLNotificationCallbacks {
+
     private static final String BACK_BUTTON = "itbl://backButton";
     private static final String JAVASCRIPT_INTERFACE = "ITBL";
     private static final String TAG = "IterableInAppFragmentHTMLNotification";

iterableapi/src/main/java/com/iterable/iterableapi/IterableInAppManager.java

@@ -43,22 +43,20 @@ public interface Listener {
     private final IterableInAppStorage storage;
     private final IterableInAppHandler handler;
     private final IterableInAppDisplayer displayer;
-    private final String[] allowedProtocols;
     private final IterableActivityMonitor activityMonitor;
     private final double inAppDisplayInterval;
     private final List<Listener> listeners = new ArrayList<>();
     private long lastSyncTime = 0;
     private long lastInAppShown = 0;
     private boolean autoDisplayPaused = false;
 
-    IterableInAppManager(IterableApi iterableApi, IterableInAppHandler handler, double inAppDisplayInterval, String[] allowedProtocols) {
+    IterableInAppManager(IterableApi iterableApi, IterableInAppHandler handler, double inAppDisplayInterval) {
         this(iterableApi,
                 handler,
                 inAppDisplayInterval,
                 new IterableInAppFileStorage(iterableApi.getMainActivityContext()),
                 IterableActivityMonitor.getInstance(),
-                new IterableInAppDisplayer(IterableActivityMonitor.getInstance()),
-                allowedProtocols);
+                new IterableInAppDisplayer(IterableActivityMonitor.getInstance()));
     }
 
     @VisibleForTesting
@@ -67,8 +65,7 @@ public interface Listener {
                          double inAppDisplayInterval,
                          IterableInAppStorage storage,
                          IterableActivityMonitor activityMonitor,
-                         IterableInAppDisplayer displayer,
-                         String[] allowedProtocols) {
+                         IterableInAppDisplayer displayer) {
         this.api = iterableApi;
         this.context = iterableApi.getMainActivityContext();
         this.handler = handler;
@@ -77,7 +74,6 @@ public interface Listener {
         this.displayer = displayer;
         this.activityMonitor = activityMonitor;
         this.activityMonitor.addCallback(this);
-        this.allowedProtocols = allowedProtocols;
 
         syncInApp();
     }
@@ -275,17 +271,17 @@ public void handleInAppClick(@NonNull IterableInAppMessage message, @Nullable Ur
             if (urlString.startsWith(IterableConstants.URL_SCHEME_ACTION)) {
                 // This is an action:// URL, pass that to the custom action handler
                 String actionName = urlString.replace(IterableConstants.URL_SCHEME_ACTION, "");
-                IterableActionRunner.executeAction(context, IterableAction.actionCustomAction(actionName), IterableActionSource.IN_APP, allowedProtocols);
+                IterableActionRunner.executeAction(context, IterableAction.actionCustomAction(actionName), IterableActionSource.IN_APP);
             } else if (urlString.startsWith(IterableConstants.URL_SCHEME_ITBL)) {
                 // Handle itbl:// URLs, pass that to the custom action handler for compatibility
                 String actionName = urlString.replace(IterableConstants.URL_SCHEME_ITBL, "");
-                IterableActionRunner.executeAction(context, IterableAction.actionCustomAction(actionName), IterableActionSource.IN_APP, allowedProtocols);
+                IterableActionRunner.executeAction(context, IterableAction.actionCustomAction(actionName), IterableActionSource.IN_APP);
             } else if (urlString.startsWith(IterableConstants.URL_SCHEME_ITERABLE)) {
                 // Handle iterable:// URLs - reserved for actions defined by the SDK only
                 String actionName = urlString.replace(IterableConstants.URL_SCHEME_ITERABLE, "");
                 handleIterableCustomAction(actionName, message);
             } else {
-                IterableActionRunner.executeAction(context, IterableAction.actionOpenUrl(urlString), IterableActionSource.IN_APP, allowedProtocols);
+                IterableActionRunner.executeAction(context, IterableAction.actionOpenUrl(urlString), IterableActionSource.IN_APP);
             }
         }
     }

iterableapi/src/main/java/com/iterable/iterableapi/IterableUtil.java

@@ -5,6 +5,7 @@
 import android.content.pm.PackageInfo;
 import android.content.pm.PackageManager;
 
+import androidx.annotation.NonNull;
 import androidx.annotation.Nullable;
 import androidx.annotation.VisibleForTesting;
 
@@ -277,4 +278,20 @@ boolean writeFile(File file, String content) {
             return false;
         }
     }
+
+    static boolean isUrlOpenAllowed(@NonNull String url) {
+        String urlProtocol = url.split("://")[0];
+        if (urlProtocol.equals("https")) {
+            return true;
+        }
+
+        for (String allowedProtocol : IterableApi.getInstance().config.allowedProtocols) {
+            if (urlProtocol.equals(allowedProtocol)) {
+                return true;
+            }
+        }
+
+        IterableLogger.d(TAG, urlProtocol + " is not in the allowed protocols");
+        return false;
+    }
 }

iterableapi/src/test/java/com/iterable/iterableapi/IterableInAppManagerSyncTest.java

@@ -38,7 +38,7 @@ public class IterableInAppManagerSyncTest extends BaseTest {
     @Before
     public void setUp() throws Exception {
         MockitoAnnotations.initMocks(this);
-        inAppManager = spy(new IterableInAppManager(iterableApiMock, handlerMock, 30.0, storageMock, activityMonitorMock, inAppDisplayerMock, new String[0]));
+        inAppManager = spy(new IterableInAppManager(iterableApiMock, handlerMock, 30.0, storageMock, activityMonitorMock, inAppDisplayerMock));
         doAnswer(new Answer() {
             @Override
             public Object answer(InvocationOnMock invocation) throws Throwable {

iterableapi/src/test/java/com/iterable/iterableapi/IterableInAppManagerTest.java

@@ -264,7 +264,7 @@ public void testHandleActionLink() throws Exception {
         IterableActivityMonitor.instance = new IterableActivityMonitor();
 
         IterableInAppDisplayer inAppDisplayerMock = mock(IterableInAppDisplayer.class);
-        IterableInAppManager inAppManager = spy(new IterableInAppManager(IterableApi.sharedInstance, new IterableDefaultInAppHandler(), 30.0, new IterableInAppMemoryStorage(), IterableActivityMonitor.getInstance(), inAppDisplayerMock, new String[0]));
+        IterableInAppManager inAppManager = spy(new IterableInAppManager(IterableApi.sharedInstance, new IterableDefaultInAppHandler(), 30.0, new IterableInAppMemoryStorage(), IterableActivityMonitor.getInstance(), inAppDisplayerMock));
         IterableApi.sharedInstance = new IterableApi(inAppManager);
         IterableTestUtils.createIterableApiNew(new IterableTestUtils.ConfigBuilderExtender() {
             @Override
@@ -328,7 +328,7 @@ public void testHandleCustomActionDelete() throws Exception {
         IterableActivityMonitor.instance = new IterableActivityMonitor();
 
         IterableInAppDisplayer inAppDisplayerMock = mock(IterableInAppDisplayer.class);
-        IterableInAppManager inAppManager = spy(new IterableInAppManager(IterableApi.sharedInstance, new IterableSkipInAppHandler(), 30.0, new IterableInAppMemoryStorage(), IterableActivityMonitor.getInstance(), inAppDisplayerMock, new String[0]));
+        IterableInAppManager inAppManager = spy(new IterableInAppManager(IterableApi.sharedInstance, new IterableSkipInAppHandler(), 30.0, new IterableInAppMemoryStorage(), IterableActivityMonitor.getInstance(), inAppDisplayerMock));
         IterableApi.sharedInstance = new IterableApi(inAppManager);
         IterableTestUtils.createIterableApiNew(new IterableTestUtils.ConfigBuilderExtender() {
             @Override

iterableapi/src/test/java/com/iterable/iterableapi/IterableInboxTest.java

@@ -119,7 +119,7 @@ public void testShowInboxMessageImmediate() throws Exception {
 
         IterableInAppDisplayer inAppDisplayerMock = mock(IterableInAppDisplayer.class);
         when(inAppDisplayerMock.showMessage(any(IterableInAppMessage.class), eq(IterableInAppLocation.IN_APP), any(IterableHelper.IterableUrlCallback.class))).thenReturn(true);
-        IterableInAppManager inAppManager = spy(new IterableInAppManager(IterableApi.sharedInstance, new IterableDefaultInAppHandler(), 30.0, new IterableInAppMemoryStorage(), IterableActivityMonitor.getInstance(), inAppDisplayerMock, new String[0]));
+        IterableInAppManager inAppManager = spy(new IterableInAppManager(IterableApi.sharedInstance, new IterableDefaultInAppHandler(), 30.0, new IterableInAppMemoryStorage(), IterableActivityMonitor.getInstance(), inAppDisplayerMock));
         IterableApi.sharedInstance = new IterableApi(inAppManager);
         IterableTestUtils.createIterableApiNew(new IterableTestUtils.ConfigBuilderExtender() {
             @Override

iterableapi/src/test/java/com/iterable/iterableapi/IterablePushActionReceiverTest.java

@@ -80,7 +80,7 @@ public void testTrackPushOpenWithCustomAction() throws Exception {
 
         // Verify that IterableActionRunner was called with the proper action
         ArgumentCaptor<IterableAction> capturedAction = ArgumentCaptor.forClass(IterableAction.class);
-        verify(actionRunnerMock).executeAction(any(Context.class), capturedAction.capture(), eq(IterableActionSource.PUSH), eq(new String[0]));
+        verify(actionRunnerMock).executeAction(any(Context.class), capturedAction.capture(), eq(IterableActionSource.PUSH));
         assertEquals("customAction", capturedAction.getValue().getType());
 
         // Verify that the main app activity was launched
@@ -133,7 +133,7 @@ public void testPushActionWithTextInput() throws Exception {
 
         // Verify that IterableActionRunner was called with the proper action
         ArgumentCaptor<IterableAction> actionCaptor = ArgumentCaptor.forClass(IterableAction.class);
-        verify(actionRunnerMock).executeAction(any(Context.class), actionCaptor.capture(), eq(IterableActionSource.PUSH), eq(new String[0]));
+        verify(actionRunnerMock).executeAction(any(Context.class), actionCaptor.capture(), eq(IterableActionSource.PUSH));
         IterableAction capturedAction = actionCaptor.getValue();
         assertEquals("handleTextInput", capturedAction.getType());
         assertEquals("input text", capturedAction.userInput);
@@ -151,7 +151,7 @@ public void testLegacyDeepLinkPayload() throws Exception {
 
         // Verify that IterableActionRunner was called with openUrl action
         ArgumentCaptor<IterableAction> capturedAction = ArgumentCaptor.forClass(IterableAction.class);
-        verify(actionRunnerMock).executeAction(any(Context.class), capturedAction.capture(), eq(IterableActionSource.PUSH), eq(new String[0]));
+        verify(actionRunnerMock).executeAction(any(Context.class), capturedAction.capture(), eq(IterableActionSource.PUSH));
         assertEquals("openUrl", capturedAction.getValue().getType());
         assertEquals("https://example.com", capturedAction.getValue().getData());
     }