Signal/Android
1
0
Fork 0
mirror of https://github.com/signalapp/Signal-Android.git synced 2025-12-24 21:15:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Prevent password managers from overwriting backup key with Signal PIN.

Browse Source 
Adding a hidden username field provides additional context for the autofill service, so it knows the username associated with the confirmed PIN should be "Signal PIN" rather than "Signal backup key".
This commit is contained in:
jeffrey-signal
2025-08-14 12:22:19 -04:00
committed by Jeffrey Starke
parent d7714a2067
commit cd26929d39
5 changed files with 71 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
app/src/main/java/org/thoughtcrime/securesms/lock/v2/CreateSvrPinFragment.kt
View File

@@ -5,6 +5,7 @@ import android.view.animation.Animation
import android.view.animation.TranslateAnimation
import android.widget.EditText
import androidx.annotation.PluralsRes
import androidx.autofill.HintConstants
import androidx.core.content.ContextCompat
import androidx.core.view.ViewCompat
import androidx.lifecycle.ViewModelProvider
@@ -26,7 +27,9 @@ class CreateSvrPinFragment : BaseSvrPinFragment<CreateSvrPinViewModel?>() {
label.text = getPinLengthRestrictionText(R.plurals.CreateKbsPinFragment__pin_must_be_at_least_digits)
confirm.isEnabled = false
ViewCompat.setImportantForAutofill(input, View.IMPORTANT_FOR_AUTOFILL_NO)
ViewCompat.setImportantForAutofill(input, View.IMPORTANT_FOR_AUTOFILL_YES)
ViewCompat.setAutofillHints(input, HintConstants.AUTOFILL_HINT_PASSWORD)
}
private fun initializeViewStatesForPinChange() {

17
app/src/main/res/layout/base_kbs_pin_fragment.xml
View File

@@ -47,6 +47,23 @@
app:layout_constraintTop_toBottomOf="@id/edit_kbs_pin_title"
tools:text="@string/CreateKbsPinFragment__pins_can_help_you_restore_your_account" />
<!-- Hidden field to provide context for android autofill services. This helps the password manager associate the PIN field with the username
"Signal PIN" and avoid potentially overwriting the "Signal Backups" password with the PIN. -->
<EditText
android:id="@+id/autofill_username_context"
android:layout_width="wrap_content"
android:layout_height="wrap_content"
android:autofillHints="username"
android:enabled="false"
android:focusable="false"
android:focusableInTouchMode="false"
android:importantForAutofill="yes"
android:inputType="none"
android:text="@string/ConfirmKbsPinFragment__pin_password_manager_id"
android:visibility="gone"
app:layout_constraintStart_toStartOf="parent"
app:layout_constraintTop_toTopOf="parent" />
<com.google.android.material.textfield.TextInputLayout
android:id="@+id/edit_kbs_textinputlayout"
style="@style/Widget.Signal.TextInputLayout"

17
app/src/main/res/layout/fragment_registration_pin_restore_entry_v2.xml
View File

@@ -40,6 +40,23 @@
app:layout_constraintStart_toStartOf="parent"
app:layout_constraintTop_toBottomOf="@id/pin_restore_pin_title" />
<!-- Hidden field to provide context for android autofill services. This helps the password manager associate the PIN field with the username
"Signal PIN" and avoid potentially overwriting the "Signal Backups" password with the PIN. -->
<EditText
android:id="@+id/autofill_username_context"
android:layout_width="wrap_content"
android:layout_height="wrap_content"
android:autofillHints="username"
android:enabled="false"
android:focusable="false"
android:focusableInTouchMode="false"
android:importantForAutofill="yes"
android:inputType="none"
android:text="@string/ConfirmKbsPinFragment__pin_password_manager_id"
android:visibility="gone"
app:layout_constraintStart_toStartOf="parent"
app:layout_constraintTop_toTopOf="parent" />
<com.google.android.material.textfield.TextInputLayout
android:id="@+id/edit_kbs_textinputlayout"

16
app/src/main/res/layout/kbs_pin_reminder_view.xml
View File

@@ -21,6 +21,22 @@
app:layout_constraintStart_toStartOf="parent"
app:layout_constraintEnd_toEndOf="parent" />
<!-- Hidden field to provide context for android autofill services. This helps the password manager associate the PIN field with the username
"Signal PIN" and avoid potentially overwriting the "Signal Backups" password with the PIN. -->
<EditText
android:id="@+id/autofill_username_context"
android:layout_width="wrap_content"
android:layout_height="wrap_content"
android:autofillHints="username"
android:enabled="false"
android:focusable="false"
android:focusableInTouchMode="false"
android:importantForAutofill="yes"
android:inputType="none"
android:text="@string/ConfirmKbsPinFragment__pin_password_manager_id"
android:visibility="gone"
app:layout_constraintStart_toStartOf="parent"
app:layout_constraintTop_toTopOf="parent" />
<EditText
android:id="@+id/pin"

17
app/src/main/res/layout/pin_disable_reminders_dialog.xml
View File

@@ -34,6 +34,23 @@
app:layout_constraintStart_toStartOf="parent"
app:layout_constraintTop_toBottomOf="@id/reminder_disable_title" />
<!-- Hidden field to provide context for android autofill services. This helps the password manager associate the PIN field with the username
"Signal PIN" and avoid potentially overwriting the "Signal Backups" password with the PIN. -->
<EditText
android:id="@+id/autofill_username_context"
android:layout_width="wrap_content"
android:layout_height="wrap_content"
android:autofillHints="username"
android:enabled="false"
android:focusable="false"
android:focusableInTouchMode="false"
android:importantForAutofill="yes"
android:inputType="none"
android:text="@string/ConfirmKbsPinFragment__pin_password_manager_id"
android:visibility="gone"
app:layout_constraintStart_toStartOf="parent"
app:layout_constraintTop_toTopOf="parent" />
<EditText
android:id="@+id/reminder_disable_pin"
android:layout_width="wrap_content"