Fix Login State Loss and OAuth Flow Interruption

This commit addresses a critical issue where the application would lose its authentication state and reset to the login screen when the user switched applications during the OAuth flow (e.g., to retrieve credentials from a password manager) or when the OS killed the background process.

Key Changes:

1.  **Manifest Configuration**:
    - Updated LoginActivity launchMode from singleTask to singleTop. This prevents the activity from being unnecessarily destroyed and recreated when receiving the OAuth redirect intent, preserving the activity stack.

2.  **ViewModel Updates (AuthenticationViewModel.kt)**:
    - Changed PKCE state properties (codeVerifier, codeChallenge, oidcState) from immutable �al to mutable �ar. This allows these values to be restored after process death, which is essential for completing the OAuth handshake.

3.  **State Persistence (LoginActivity.kt)**:
    - Implemented saveAuthState() and 
estoreAuthState() methods using SharedPreferences. This ensures that the PKCE parameters survive process death and activity recreation, which savedInstanceState alone was not reliably handling for this specific flow.
    - Added clearAuthState() to remove temporary authentication data upon successful login or error, ensuring security and cleanliness.
    - Integrated these methods into the lifecycle: saving state before launching the browser and restoring it in onCreate if needed.

4.  **OAuth Redirect Handling**:
    - Added 'trampoline' logic in onCreate to correctly handle OAuth redirect intents. If the activity is not the task root, it relaunches itself with CLEAR_TOP and SINGLE_TOP flags to bring the existing instance to the front without losing state.
    - Modified handleDeepLink to explicitly ignore OAuth redirect intents (checking for 'code' and 'error' parameters), preventing them from being misidentified as regular deep links.

This comprehensive fix ensures a robust login experience even on devices with aggressive background process killing or when users multitask during authentication.

Author: zerox80

opencloudApp/src/main/AndroidManifest.xml

@@ -236,7 +236,7 @@
             android:name=".presentation.authentication.LoginActivity"
             android:exported="true"
             android:label="@string/login_label"
-            android:launchMode="singleTask"
+            android:launchMode="singleTop"
             android:theme="@style/Theme.openCloud.Toolbar">
             <intent-filter>
                 <action android:name="android.intent.action.VIEW" />

opencloudApp/src/main/java/eu/opencloud/android/presentation/authentication/AuthenticationViewModel.kt

@@ -72,9 +72,9 @@ class AuthenticationViewModel(
     private val contextProvider: ContextProvider,
 ) : ViewModel() {
 
-    val codeVerifier: String = OAuthUtils().generateRandomCodeVerifier()
-    val codeChallenge: String = OAuthUtils().generateCodeChallenge(codeVerifier)
-    val oidcState: String = OAuthUtils().generateRandomState()
+    var codeVerifier: String = OAuthUtils().generateRandomCodeVerifier()
+    var codeChallenge: String = OAuthUtils().generateCodeChallenge(codeVerifier)
+    var oidcState: String = OAuthUtils().generateRandomState()
 
     private val _legacyWebfingerHost = MediatorLiveData<Event<UIResult<String>>>()
     val legacyWebfingerHost: LiveData<Event<UIResult<String>>> = _legacyWebfingerHost

opencloudApp/src/main/java/eu/opencloud/android/presentation/authentication/LoginActivity.kt

@@ -96,6 +96,9 @@ import java.io.File
 
     private const val KEY_SERVER_BASE_URL = "KEY_SERVER_BASE_URL"
     private const val KEY_OIDC_SUPPORTED = "KEY_OIDC_SUPPORTED"
+    private const val KEY_CODE_VERIFIER = "KEY_CODE_VERIFIER"
+    private const val KEY_CODE_CHALLENGE = "KEY_CODE_CHALLENGE"
+    private const val KEY_OIDC_STATE = "KEY_OIDC_STATE"
 
 class LoginActivity : AppCompatActivity(), SslUntrustedCertDialog.OnSslUntrustedCertListener, SecurityEnforced {
 
@@ -118,6 +121,16 @@ class LoginActivity : AppCompatActivity(), SslUntrustedCertDialog.OnSslUntrusted
     private var resultBundle: Bundle? = null
 
     override fun onCreate(savedInstanceState: Bundle?) {
+        if (intent.data != null && (intent.data?.getQueryParameter("code") != null || intent.data?.getQueryParameter("error") != null)) {
+            if (!isTaskRoot) {
+                val newIntent = Intent(this, LoginActivity::class.java)
+                newIntent.data = intent.data
+                newIntent.addFlags(Intent.FLAG_ACTIVITY_CLEAR_TOP or Intent.FLAG_ACTIVITY_SINGLE_TOP)
+                startActivity(newIntent)
+                finish()
+                return
+            }
+        }
         super.onCreate(savedInstanceState)
 
         checkPasscodeEnforced(this)
@@ -142,6 +155,9 @@ class LoginActivity : AppCompatActivity(), SslUntrustedCertDialog.OnSslUntrusted
             authTokenType = savedInstanceState.getString(KEY_AUTH_TOKEN_TYPE)
             savedInstanceState.getString(KEY_SERVER_BASE_URL)?.let { serverBaseUrl = it }
             oidcSupported = savedInstanceState.getBoolean(KEY_OIDC_SUPPORTED)
+            savedInstanceState.getString(KEY_CODE_VERIFIER)?.let { authenticationViewModel.codeVerifier = it }
+            savedInstanceState.getString(KEY_CODE_CHALLENGE)?.let { authenticationViewModel.codeChallenge = it }
+            savedInstanceState.getString(KEY_OIDC_STATE)?.let { authenticationViewModel.oidcState = it }
         }
 
         // UI initialization
@@ -211,10 +227,17 @@ class LoginActivity : AppCompatActivity(), SslUntrustedCertDialog.OnSslUntrusted
         accountAuthenticatorResponse?.onRequestContinued()
 
         initLiveDataObservers()
+
+        if (intent.data != null && (intent.data?.getQueryParameter("code") != null || intent.data?.getQueryParameter("error") != null)) {
+            if (savedInstanceState == null) {
+                restoreAuthState()
+            }
+            handleGetAuthorizationCodeResponse(intent)
+        }
     }
 
     private fun handleDeepLink() {
-        if (intent.data != null) {
+        if (intent.data != null && intent.data?.getQueryParameter("code") == null && intent.data?.getQueryParameter("error") == null) {
             authenticationViewModel.launchedFromDeepLink = true
             if (getAccounts(baseContext).isNotEmpty()) {
                 launchFileDisplayActivity()
@@ -486,6 +509,7 @@ class LoginActivity : AppCompatActivity(), SslUntrustedCertDialog.OnSslUntrusted
         setResult(Activity.RESULT_OK, intent)
 
         authenticationViewModel.discoverAccount(accountName = accountName, discoveryNeeded = loginAction == ACTION_CREATE)
+        clearAuthState()
     }
 
     private fun loginIsLoading() {
@@ -515,6 +539,7 @@ class LoginActivity : AppCompatActivity(), SslUntrustedCertDialog.OnSslUntrusted
                 }
             }
         }
+        clearAuthState()
     }
 
     /**
@@ -570,6 +595,7 @@ class LoginActivity : AppCompatActivity(), SslUntrustedCertDialog.OnSslUntrusted
         )
 
         try {
+            saveAuthState()
             customTabsIntent.launchUrl(
                 this,
                 authorizationEndpointUri
@@ -894,4 +920,26 @@ class LoginActivity : AppCompatActivity(), SslUntrustedCertDialog.OnSslUntrusted
     override fun optionLockSelected(type: LockType) {
         manageOptionLockSelected(type)
     }
+
+    private fun saveAuthState() {
+        val prefs = getSharedPreferences("auth_state", android.content.Context.MODE_PRIVATE)
+        prefs.edit().apply {
+            putString(KEY_CODE_VERIFIER, authenticationViewModel.codeVerifier)
+            putString(KEY_CODE_CHALLENGE, authenticationViewModel.codeChallenge)
+            putString(KEY_OIDC_STATE, authenticationViewModel.oidcState)
+            apply()
+        }
+    }
+
+    private fun restoreAuthState() {
+        val prefs = getSharedPreferences("auth_state", android.content.Context.MODE_PRIVATE)
+        prefs.getString(KEY_CODE_VERIFIER, null)?.let { authenticationViewModel.codeVerifier = it }
+        prefs.getString(KEY_CODE_CHALLENGE, null)?.let { authenticationViewModel.codeChallenge = it }
+        prefs.getString(KEY_OIDC_STATE, null)?.let { authenticationViewModel.oidcState = it }
+    }
+
+    private fun clearAuthState() {
+        val prefs = getSharedPreferences("auth_state", android.content.Context.MODE_PRIVATE)
+        prefs.edit().clear().apply()
+    }
 }