Properly sign out

microg · Sep 19, 2023 · 4f35fd1 · 4f35fd1
1 parent 36c82d6
commit 4f35fd1
Show file tree

Hide file tree

Showing 2 changed files with 57 additions and 16 deletions.
diff --git a/play-services-core/src/main/kotlin/org/microg/gms/auth/signin/AuthSignInService.kt b/play-services-core/src/main/kotlin/org/microg/gms/auth/signin/AuthSignInService.kt
@@ -103,6 +103,8 @@ class AuthSignInServiceImpl(
         Log.d(TAG, "$packageName:signOut($options)")
         lifecycleScope.launchWhenStarted {
             try {
+                val account = account ?: options?.account ?: SignInConfigurationService.getDefaultAccount(context, packageName)
+                if (account != null) performSignOut(context, packageName, options, account)
                 SignInConfigurationService.setDefaultAccount(context, packageName, null)
                 runCatching { callbacks.onSignOut(Status.SUCCESS) }
             } catch (e: Exception) {

diff --git a/play-services-core/src/main/kotlin/org/microg/gms/auth/signin/extensions.kt b/play-services-core/src/main/kotlin/org/microg/gms/auth/signin/extensions.kt
@@ -23,11 +23,43 @@ import kotlin.math.min
 
 private fun Long?.orMaxIfNegative() = this?.takeIf { it >= 0L } ?: Long.MAX_VALUE
 
+val GoogleSignInOptions.scopeUris
+    get() = scopes.orEmpty().sortedBy { it.scopeUri }
+
+val GoogleSignInOptions.includeId
+    get() = scopeUris.any { it.scopeUri == Scopes.OPENID } || scopeUris.any { it.scopeUri == Scopes.GAMES_LITE }
+
+val GoogleSignInOptions.includeEmail
+    get() = scopeUris.any { it.scopeUri == Scopes.EMAIL } || scopeUris.any { it.scopeUri == Scopes.GAMES_LITE }
+
+val GoogleSignInOptions.includeProfile
+    get() = scopeUris.any { it.scopeUri == Scopes.PROFILE }
+
 fun getOAuthManager(context: Context, packageName: String, options: GoogleSignInOptions?, account: Account): AuthManager {
     val scopes = options?.scopes.orEmpty().sortedBy { it.scopeUri }
     return AuthManager(context, account.name, packageName, "oauth2:${scopes.joinToString(" ")}")
 }
 
+fun getIdTokenManager(context: Context, packageName: String, options: GoogleSignInOptions?, account: Account): AuthManager? {
+    if (options?.isIdTokenRequested != true || options.serverClientId == null) return null
+
+    val idTokenManager = AuthManager(context, account.name, packageName, "audience:server:client_id:${options.serverClientId}")
+    idTokenManager.includeEmail = if (options.includeEmail) "1" else "0"
+    idTokenManager.includeProfile = if (options.includeProfile) "1" else "0"
+    return idTokenManager
+}
+
+fun getServerAuthTokenManager(context: Context, packageName: String, options: GoogleSignInOptions?, account: Account): AuthManager? {
+    if (options?.isServerAuthCodeRequested != true || options.serverClientId == null) return null
+
+    val serverAuthTokenManager = AuthManager(context, account.name, packageName, "oauth2:server:client_id:${options.serverClientId}:api_scope:${options.scopeUris.joinToString(" ")}")
+    serverAuthTokenManager.includeEmail = if (options.includeEmail) "1" else "0"
+    serverAuthTokenManager.includeProfile = if (options.includeProfile) "1" else "0"
+    serverAuthTokenManager.setOauth2Prompt(if (options.isForceCodeForRefreshToken) "consent" else "auto")
+    serverAuthTokenManager.setItCaveatTypes("2")
+    return serverAuthTokenManager
+}
+
 suspend fun performSignIn(context: Context, packageName: String, options: GoogleSignInOptions?, account: Account, permitted: Boolean = false): GoogleSignInAccount? {
     val authManager = getOAuthManager(context, packageName, options, account)
     if (permitted) authManager.isPermitted = true
@@ -41,22 +73,14 @@ suspend fun performSignIn(context: Context, packageName: String, options: Google
     val includeEmail = scopes.any { it.scopeUri == Scopes.EMAIL } || scopes.any { it.scopeUri == Scopes.GAMES_LITE }
     val includeProfile = scopes.any { it.scopeUri == Scopes.PROFILE }
     Log.d("AuthSignIn", "id token requested: ${options?.isIdTokenRequested == true}, serverClientId = ${options?.serverClientId}")
-    val idTokenResponse = if (options?.isIdTokenRequested == true && options.serverClientId != null) withContext(Dispatchers.IO) {
-        val idTokenManager = AuthManager(context, account.name, packageName, "audience:server:client_id:${options.serverClientId}")
-        idTokenManager.includeEmail = if (includeEmail) "1" else "0"
-        idTokenManager.includeProfile = if (includeProfile) "1" else "0"
-        idTokenManager.isPermitted = authManager.isPermitted
-        idTokenManager.requestAuth(true)
-    } else null
-    val serverAuthTokenResponse = if (options?.isServerAuthCodeRequested == true && options.serverClientId != null) withContext(Dispatchers.IO) {
-        val serverAuthTokenManager = AuthManager(context, account.name, packageName, "oauth2:server:client_id:${options.serverClientId}:api_scope:${scopes.joinToString(" ")}")
-        serverAuthTokenManager.includeEmail = if (includeEmail) "1" else "0"
-        serverAuthTokenManager.includeProfile = if (includeProfile) "1" else "0"
-        serverAuthTokenManager.setOauth2Prompt(if (options.isForceCodeForRefreshToken) "consent" else "auto")
-        serverAuthTokenManager.setItCaveatTypes("2")
-        serverAuthTokenManager.isPermitted = authManager.isPermitted
-        serverAuthTokenManager.requestAuth(true)
-    } else null
+    val idTokenResponse = getIdTokenManager(context, packageName, options, account)?.let {
+        it.isPermitted = authManager.isPermitted
+        withContext(Dispatchers.IO) { it.requestAuth(true) }
+    }
+    val serverAuthTokenResponse = getServerAuthTokenManager(context, packageName, options, account)?.let {
+        it.isPermitted = authManager.isPermitted
+        withContext(Dispatchers.IO) { it.requestAuth(true) }
+    }
     val googleUserId = authManager.getUserData("GoogleUserId")
     val id = if (includeId) googleUserId else null
     val tokenId = if (options?.isIdTokenRequested == true) idTokenResponse?.auth else null
@@ -93,4 +117,19 @@ suspend fun performSignIn(context: Context, packageName: String, options: Google
         givenName,
         familyName
     )
+}
+
+fun performSignOut(context: Context, packageName: String, options: GoogleSignInOptions?, account: Account) {
+    val authManager = getOAuthManager(context, packageName, options, account)
+    authManager.isPermitted = false
+    authManager.invalidateAuthToken()
+
+    getIdTokenManager(context, packageName, options, account)?.let {
+        it.isPermitted = false
+        it.invalidateAuthToken()
+    }
+    getServerAuthTokenManager(context, packageName, options, account)?.let {
+        it.isPermitted = false
+        it.invalidateAuthToken()
+    }
 }