From 7f9d1cb65fb06ffbac35df0476a4244f068fa406 Mon Sep 17 00:00:00 2001 From: Michael Shafrir <45020849+mshafrir-stripe@users.noreply.github.com> Date: Tue, 27 Aug 2019 15:33:09 -0400 Subject: [PATCH] Handle opaque URIs in PaymentAuthWebViewClient (#1428) `Uri#getQueryParameterNames()` throws an exception on opaque URIs (e.g. mailto:person@example.com). --- .../com/stripe/android/view/PaymentAuthWebView.java | 6 +++++- .../stripe/android/view/PaymentAuthWebViewTest.java | 10 ++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/stripe/src/main/java/com/stripe/android/view/PaymentAuthWebView.java b/stripe/src/main/java/com/stripe/android/view/PaymentAuthWebView.java index 4de6cc395a4..2aec9223afb 100644 --- a/stripe/src/main/java/com/stripe/android/view/PaymentAuthWebView.java +++ b/stripe/src/main/java/com/stripe/android/view/PaymentAuthWebView.java @@ -129,11 +129,15 @@ private boolean isReturnUrl(@NonNull Uri uri) { mReturnUrl.getHost() != null && mReturnUrl.getHost().equals(uri.getHost()); } else { + // Skip opaque (i.e. non-hierarchical) URIs + if (uri.isOpaque()) { + return false; + } + // If the `returnUrl` is unknown, look for URIs that contain a // `payment_intent_client_secret` or `setup_intent_client_secret` // query parameter, and check if its values matches the given `clientSecret` // as a query parameter. - final Set paramNames = uri.getQueryParameterNames(); final String clientSecret; if (paramNames.contains(PARAM_PAYMENT_CLIENT_SECRET)) { diff --git a/stripe/src/test/java/com/stripe/android/view/PaymentAuthWebViewTest.java b/stripe/src/test/java/com/stripe/android/view/PaymentAuthWebViewTest.java index ab3d0604e7c..705b9b9bc75 100644 --- a/stripe/src/test/java/com/stripe/android/view/PaymentAuthWebViewTest.java +++ b/stripe/src/test/java/com/stripe/android/view/PaymentAuthWebViewTest.java @@ -112,4 +112,14 @@ public void onPageFinished_witRedirectCompleteUrl_shouldFinish() { "https://hooks.stripe.com/redirect/complete/src_1ExLWoCRMbs6FrXfjPJRYtng"); verify(mActivity).finish(); } + + @Test + public void shouldOverrideUrlLoading_withOpaqueUri_shouldNotCrash() { + final String deepLink = "mailto:patrick@example.com?payment_intent=pi_123&" + + "payment_intent_client_secret=pi_123_secret_456&source_type=card"; + final PaymentAuthWebView.PaymentAuthWebViewClient paymentAuthWebViewClient = + new PaymentAuthWebView.PaymentAuthWebViewClient(mActivity, mProgressBar, + "pi_123_secret_456", null); + paymentAuthWebViewClient.shouldOverrideUrlLoading(mWebView, deepLink); + } }