Commit 6d1842ca authored by Eric Eastwood's avatar Eric Eastwood
Browse files

Remove secrets from git tracked settings.xml

Part of open-sourcing Android, https://gitlab.com/gitlab-org/gitter/gitter-android-app/issues/8

Secrets now stored in untracked `secrets.properties` which is read by `app/build.gradle`
parent 76641a01
.gradle
/local.properties
/secrets.properties
/.idea/workspace.xml
/.idea/libraries
.DS_Store
......
......@@ -7,8 +7,9 @@ Its Gitter, but on Android!
1. Clone the [`webapp`](https://gitlab.com/gitlab-org/gitter/webapp) project
1. In the [`webapp`](https://gitlab.com/gitlab-org/gitter/webapp) project, run `npm run build-android-assets`
1. Symlink the webapp embedded build asset output to the Android project
- macOS: `mkdir -p mkdir app/src/main/assets && ln -s /Users/<YOUR_USERNAME>/Documents/gitlab/gitter-webapp/output/embedded/www /Users/<YOUR_USERNAME>/Documents/gitlab/gitter-android-app/app/src/main/assets/www`
- Windows: `mkdir app\src\main\assets && mklink /D "C:\Users\MLM\Documents\GitLab\gitter-android-app\app\src\main\assets\www" "C:\Users\<YOUR_USERNAME>\Documents\GitLab\webapp\output\embedded\www"`
- macOS: `mkdir -p mkdir app/src/main/assets && ln -s /Users/<YOUR_USERNAME>/Documents/gitlab/gitter-webapp/output/android/www /Users/<YOUR_USERNAME>/Documents/gitlab/gitter-android-app/app/src/main/assets/www`
- Windows: `(mkdir app\src\main\assets || true) && mklink /D "C:\Users\<YOUR_USERNAME>\Documents\GitLab\gitter-android-app\app\src\main\assets\www" "C:\Users\<YOUR_USERNAME>\Documents\GitLab\webapp\output\android\www"`
1. Make a copy of `secrets.properties.sample` named `secrets.properties` and follow the comment instructions inside
1. Download the Android IDE: [Android Studio](http://developer.android.com/sdk/installing/studio.html) (you may need to install java by following the prompts)
1. Optionally: Install the Android SDK: `brew install android-sdk`, Select the SDK that `brew` logged out back in the previous command
1. Open this project with in Android Studio IDE
......
apply plugin: 'com.android.application'
def secretsPropertiesFile = rootProject.file("secrets.properties");
def secretProperties = new Properties()
secretProperties.load(new FileInputStream(secretsPropertiesFile))
android {
compileSdkVersion 24
buildToolsVersion '27.0.3'
......@@ -10,6 +14,11 @@ android {
targetSdkVersion 24
versionCode 80
versionName "3.1.2"
buildConfigField("String", "oauth_client_id", secretProperties['oauth_client_id'])
buildConfigField("String", "oauth_client_secret", secretProperties['oauth_client_secret'])
buildConfigField("String", "oauth_redirect_uri", secretProperties['oauth_redirect_uri'])
buildConfigField("String", "google_project_id", secretProperties['google_project_id'] ?: "null")
}
buildTypes {
release {
......
......@@ -34,6 +34,7 @@ import java.util.Map;
import im.gitter.gitter.R;
import im.gitter.gitter.network.Api;
import im.gitter.gitter.BuildConfig;
public class LoginActivity extends AppCompatActivity {
......@@ -48,7 +49,7 @@ public class LoginActivity extends AppCompatActivity {
super.onCreate(savedInstanceState);
setTitle("");
callbackUrl = getResources().getString(R.string.oauth_redirect_uri);
callbackUrl = BuildConfig.oauth_redirect_uri;
requestQueue = Volley.newRequestQueue(this);
authProvider = getIntent().getStringExtra("auth_provider");
......@@ -161,8 +162,8 @@ public class LoginActivity extends AppCompatActivity {
return Uri.parse(res.getString(R.string.host))
.buildUpon()
.path("/login/oauth/authorize")
.appendQueryParameter("client_id", res.getString(R.string.oauth_client_id))
.appendQueryParameter("redirect_uri", res.getString(R.string.oauth_redirect_uri))
.appendQueryParameter("client_id", BuildConfig.oauth_client_id)
.appendQueryParameter("redirect_uri", BuildConfig.oauth_redirect_uri)
.appendQueryParameter("response_type", "code")
.appendQueryParameter("source", "android_login-login")
.appendQueryParameter("auth_provider", authProvider)
......@@ -176,9 +177,9 @@ public class LoginActivity extends AppCompatActivity {
JSONObject body = new JSONObject();
try {
body.put("client_id", res.getString(R.string.oauth_client_id));
body.put("client_secret", res.getString(R.string.oauth_client_secret));
body.put("redirect_uri", res.getString(R.string.oauth_redirect_uri));
body.put("client_id", BuildConfig.oauth_client_id);
body.put("client_secret", BuildConfig.oauth_client_secret);
body.put("redirect_uri", BuildConfig.oauth_redirect_uri);
body.put("grant_type", "authorization_code");
body.put("code", code);
......
......@@ -19,8 +19,8 @@ import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import im.gitter.gitter.R;
import im.gitter.gitter.network.Api;
import im.gitter.gitter.BuildConfig;
public class RegistrationIntentService extends IntentService {
......@@ -39,7 +39,7 @@ public class RegistrationIntentService extends IntentService {
this.api = new Api(this);
this.registrationData = new RegistrationData(this);
this.projectId = getResources().getString(R.string.project_id);
this.projectId = BuildConfig.google_project_id;
}
@Override
......
<?xml version="1.0" encoding="utf-8"?>
<resources>
<string name="host" translatable="false">https://gitter.im</string>
<string name="api_host" translatable="false">https://api.gitter.im</string>
</resources>
# Visit https://developer.gitter.im/apps (sign in) and create a new app
# Name: my-gitter-android-app (can be anything)
# Redirect URL: https://gitter.im/login/oauth/callback
oauth_client_id="..."
oauth_client_secret="..."
oauth_redirect_uri="https://gitter.im/login/oauth/callback"
# (optional) Project id from Google Developer Console, https://console.developers.google.com/
google_project_id="null"
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment