Multiple Accounts Implementation - Support for Application OAuth

[mhdatie]

The following tasks are required for this ticket:

• Moving the account list in the drawer to a sub-component to be used within other components.
• Adding the logic to:
  • Account switch
  • Account removal
  • Account addition
• Implementing support for multiple accounts by making sure the above work.
• Implementing Application OAuth for when no account is selected.
• Adding a constraint on API calls that require authentication.

[mhdatie]

Update

It is now possible to add multiple accounts but with some apparent issues:

• On the addition of a new account and restart of activity, the usernames are not fetched in the navigation drawer. I had to close and open the app for them to show.
• Account switching works, but the token stored in the database manager is of the previous user. Therefore, the API calls are performed using the previous user's token, but the session was updated with the selected user (expected behavior).
• Right now, there is no option to remove a user.
• Logging out will cause the session to be deleted, and open the AuthActivity as well as clear activity stack. The user has to login again. If the login is of that of an existing user, it won't allow it since it's considered already there. Revisiting the app would cause it to crash at this point.

Commits coming in shortly

[mhdatie]

For point #two:

Account switching works, but the token stored in the database manager is of the previous user. Therefore, the API calls are performed using the previous user's token, but the session was updated with the selected user (expected behavior).

A possible default behavior is to load the token from the User RealmObject since every User holds a Token RealmObject. However, this is is up for debate since the Application OAuth behavior is unknown yet. I personally don't like how the token is currently being stored in the DatabaseManager as an attribute.

[mhdatie]

Update on issues:

• On the addition of a new account and restart of activity, the usernames are not fetched in the navigation drawer. I had to close and open the app for them to show.
• Right now, there is no option to remove a user.

For the crash part, there were missing null checks since the authenticator in the service catches unauthorized access to the Reddit API but by the time the call is made, the session object is null and causes a NPE. Adding a null check caused the authenticator to fire up the AuthActivity

[mhdatie]

Latest commit implements app-only grant:

https://github.com/reddit/reddit/wiki/OAuth2#application-only-oauth

However, there is still an unknown behavior when a new user is added:

• On the addition of a new account and restart of activity, the usernames are not fetched in the navigation drawer. I had to close and open the app for them to show.

Updates:

• When the app is newly installed, it launches the AuthActivity to create the Guest User with the Application-Only Grant
• Logout button only shows if the type of the user in session is non-guest (USER_AUTH)
• Clicking on logout now switches to the Guest user. It should also revoke the access token (todo)
• Clicking the username in the nav header won't launch the profile activity unless the user type is USER_AUTH
• Subreddits loaded for the guest user are the default ones obtained from /subreddits/default endpoint
  • NOTE: clicking refresh in the SubscriptionActivity doesn't use /subreddits/default and still expects a valid Reddit User (todo). The refresh button forces a network call and updates the database accordingly.

All in all, the Guest User is a regular user in the local storage and is distinguished with the USER_GUEST via the User's getUserType() method.

Todo also:

• Hide the remove button for USER_GUEST
  • Since the user list is a sub-component, this option should be available via the adapter to strictly set whether (hide remove button and hide user of type USER_GUEST) or (hide remove button from USER_GUEST and show all users)
• Implement the ability to remove a user
  • This includes revoking the access token AND deleting the user from local storage AND finally switching to USER_GUEST user
  • https://github.com/reddit/reddit/wiki/OAuth2#manually-revoking-a-token

[mhdatie]

Latest commit implements revoking the access token in case the user logs out (which switches to the Guest user after) or when selecting another user. Deleting a user is yet to be implemented.

Access tokens expire in an hour, so when the Guest's user token expires, a new one should be requested as there is no refresh token for Application-OAuth. This commit updates the Auth presenter to check whether the current user is the USER_GUEST and only updates the token info. Otherwise, it creates a new Guest user.

Todo:

• Hide the remove button for USER_GUEST
  • Since the user list is a sub-component, this option should be available via the adapter to strictly set whether (hide remove button and hide user of type USER_GUEST) or (hide remove button from USER_GUEST and show all users)
• Implement the ability to remove a user
  • This includes revoking the access token AND deleting the user from local storage AND finally switching to USER_GUEST user
  • https://github.com/reddit/reddit/wiki/OAuth2#manually-revoking-a-token
• Adding a new account and recreating the MainActivity from OnActivityResult() does not load the user list in the Navigation Drawer.

[mhdatie]

Fixes in the latest commit (needs testing):

• Hides the remove button on type USER_GUEST
• Ability to remove a user. If the user is currently selected, switch to Guest, otherwise, simply remove from list on success.
  • Note: This has to be done asynchronously. I couldn't operate on the RealmObject after removing it so I had to do the call synchronously on the main thread.
• Adding a new account now loads the user list after being returned from onActivityResult. The issue was with the CompositeSubscription being unsubscribed in onPause instead of onDestroy so the call was discontinuing.

Todo:

• Subscription Activity usually loads the cached subreddits but the refresh button forces use of network, and if the user is of type USER_GUEST the call doesn't return anything. This has to change to match the logic in the HomePresenter which loads the initial HomeView (including the subscriptions).
• Find a way to detect whether an action that requires an API call to an User-OAuth endpoint is prevented by a user of type USER_GUEST. Notify the user to log in to perform that action. Make this change in one place which affect all actions across view listeners.
• Fix the initial Settings load (low priority on this branch, high on dev branch)

[mhdatie]

The only thing remaining from what I know is the following:

Todo:

Find a way to detect whether an action that requires an API call to an User-OAuth endpoint is prevented by a user of type USER_GUEST. Notify the user to log in to perform that action. Make this change in one place which affect all actions across view listeners.

[mhdatie]

The latest commit is interesting.

RedditModule provides a proxy interface of class RedditClientInterface instead of RedditClient

RedditClient extends and uses some of the methods from RedditService, and since the module interacts with an interface, I had to create an interface (RedditServiceInterface) and let RedditClientInterface extend it so that it utilize it's methods as a proxy.

The proxy has a handler that we pass the original RedditClient object to. If checks on whether this service call is valid, it invokes the method on the original. If not, then it must make use of a NullInterface under the 'Null Object Pattern' for better null handling.

The service call is valid if and only if the annotation on the service call matches the token holder (AUTH_USER vs GUEST_USER vs BOTH).

The reason behind this change is to control access to the application service call before performing any provider calls which require a connection. This leaves the provider interceptor to deal with unauthorized or invalid access token only and not access at the application level.

Next todo:

• Implement the Null Object Pattern and pass it to the handler.
• Implement a common Rx Subscriber that deals with the null (might not be needed)
• When Guest access token becomes invalid, refresh it in the request interceptor instead of calling the AuthActvity again. This allows the user to continue their original request(s).
• Test and close this ticket

[mhdatie]

@Redgram/redributors I will merge into dev. Testing the changes would be really appreciated.

[mhdatie]

closing this