Setting up skip auth in Android emission clients

[xubowenhaoren]

Hello,

We are trying to set up skip auth in Android emission clients. As this [authentication doc](authentication doc) suggested, I should use www/json/connectionConfig.physical_device2localhost.json.sample as a starter. I ended up with the following www/json/connectionConfig.json:

{
    "connectUrl": "http://ACTUAL_SERVER_LINK:2015",
    "android": {
        "auth": {
            "method": "prompted-auth",
            "clientID": "ignored"
        }
    },
    "ios": {
        "auth": {
            "method": "prompted-auth",
            "clientID": "ignored"
        }
    }
}

But I still got the dummy mode and a series of connection failures.

[shankari]

@xubowenhaoren responses to the two questions:

• the default prompt for prompted-auth is "Dummy dev mode". If you want to use a different prompt, you have to specify it as prompt - e.g.

    "android": {
        "auth": {
            "method": "prompted-auth",
            "prompt": "Enter a unique passphrase",
            "clientID": "ignored"
        }
    },
    "ios": {
        "auth": {
            "method": "prompted-auth",
            "prompt": "Enter a unique passphrase",
            "clientID": "ignored"
        }
    }

• the INVALID_SENDER error is because you haven't configured push notifications yet. I have a placeholder push notification config checked in so everything will compile, but you need to get the push notification config for your own app from your own firebase account. Alternatively, if you don't want/need push notifications, you can remove the push plugin and the error will go away. You may want to check with Anat before doing that though, because push is actually super helpful.

Also , can you send out a PR updating the documentation with these clarifications? Thanks!

[xubowenhaoren]

Thanks for the clarification, I was able to see the "Enter a unique passphrase" prompt. Now the only warning left is the INVALID_SENDER error. Let me check back with Anat. I will also work on a PR.

[xubowenhaoren]

Hello,

I am working on another project that uses a different plugin, but I encountered this connection issue:

I have searched the existing issues but didn't find a related case.

The current connectionConfig.json that I am using right now is:

{
    "connectUrl": "http://ACTUAL_SERVER_LINK_HIDDEN:2015",
    "android": {
        "auth": {
            "method": "prompted-auth",
            "prompt": "Enter a unique passphrase",
            "clientID": "ignored"
        }
    },
    "ios": {
        "auth": {
            "method": "prompted-auth",
            "prompt": "Enter a unique passphrase",
            "clientID": "ignored"
        }
    }
}

[shankari]

I think that the message is pretty self-explanatory. Cleartext (http) protocols are not supported on recent versions of android.
https://duckduckgo.com/?t=ffsb&q=cleartext+android+&ia=web

With the availability of Let's Encrypt, there is really no reason why you should not use https.

[xubowenhaoren]

I see. I will contact Anat for upgrading the server encryption.

[shankari]

I don't recommend it, but the same search also offers some workarounds if that is not possible 😄

[xubowenhaoren]

I used the workaround in this post. The working commit is here.

However, when I try to use npx cordova plugin add to add the plugin, Cordova gave me this warning:

Installing "edu.berkeley.eecs.emission.cordova.integritydetect" for android
Failed to install 'edu.berkeley.eecs.emission.cordova.integritydetect': Error: There was a conflict trying to modify attributes with <edit-config> in plugin edu.berkeley.eecs.emission.cordova.integritydetect. The conflicting plugin, undefined, already modified the same attributes. The conflict must be resolved before edu.berkeley.eecs.emission.cordova.integritydetect can be added. You may use --force to add the plugin and overwrite the conflicting attributes.
    at PlatformMunger.add_plugin_changes (/Users/bowenxu2/Documents/GitHub/NameN0tF0und/node_modules/cordova-common/src/ConfigChanges/ConfigChanges.js:141:23)
    at /Users/bowenxu2/Documents/GitHub/NameN0tF0und/node_modules/cordova-common/src/PluginManager.js:121:33
    at _fulfilled (/Users/bowenxu2/Documents/GitHub/NameN0tF0und/node_modules/q/q.js:854:54)
    at /Users/bowenxu2/Documents/GitHub/NameN0tF0und/node_modules/q/q.js:883:30
    at Promise.promise.promiseDispatch (/Users/bowenxu2/Documents/GitHub/NameN0tF0und/node_modules/q/q.js:816:13)
    at /Users/bowenxu2/Documents/GitHub/NameN0tF0und/node_modules/q/q.js:877:14
    at runSingle (/Users/bowenxu2/Documents/GitHub/NameN0tF0und/node_modules/q/q.js:137:13)
    at flush (/Users/bowenxu2/Documents/GitHub/NameN0tF0und/node_modules/q/q.js:125:13)
    at processTicksAndRejections (internal/process/task_queues.js:79:11)
There was a conflict trying to modify attributes with <edit-config> in plugin edu.berkeley.eecs.emission.cordova.integritydetect. The conflicting plugin, undefined, already modified the same attributes. The conflict must be resolved before edu.berkeley.eecs.emission.cordova.integritydetect can be added. You may use --force to add the plugin and overwrite the conflicting attributes.

Then I installed the plugin with the --force option. Then I was able to build and run the app without the cleartext warning.

(base) Bowens-MacBook-Pro-2:NameN0tF0und bowenxu2$ npx cordova plugin add file:../../StudioProjects/e-mission-integrity-detect --force
Installing "edu.berkeley.eecs.emission.cordova.integritydetect" for android
--force is used. edit-config will overwrite conflicts if any. Conflicting plugins may not work as expected.
Installing "edu.berkeley.eecs.emission.cordova.integritydetect" for ios
Adding edu.berkeley.eecs.emission.cordova.integritydetect to package.json

I was unable to identify the conflicting plugin that modifies android:usesCleartextTraffic. Did you use this attribute in e-mission? Can I ignore this warning?

[shankari]

Did you use this attribute in e-mission?

No.

$ grep -r usesCleartextTraffic plugins/
$

Can I ignore this warning?

I don't really know. You can check the generated AndroidManifest.xml to see whether there are multiple entries for the clearText entry. If not, sounds like you are G2G.

what plugin is this? I don't recall writing it....

edu.berkeley.eecs.emission.cordova.integritydetect

[xubowenhaoren]

(base) Bowens-MacBook-Pro-2:NameN0tF0und bowenxu2$ grep -r usesCleartextTraffic plugins/
plugins//edu.berkeley.eecs.emission.cordova.integritydetect/plugin.xml:      <application android:usesCleartextTraffic="true"/>

So it's just my plugin that's using this attribute. I've checked the generated AndroidManifest.xml and only found my entry as well. I understand it's insecure, but it also means I don't need to change the encryption on the VM for now.

edu.berkeley.eecs.emission.cordova.integritydetect is a plugin developed by one of Anat's previous student. I am using it per Anat's mentorship on an ongoing E-mission project. This new project aims to improve the E-mission UI accessibility in addition to incorporating the pre-defined trip data collection in your MobilityNet project.

[xubowenhaoren]

Update: a better workaround is to use npx cordova plugin add cordova-plugin-cleartext. No --force flags are required.