guardianproject / chatsecureandroid Goto Github PK

The Sign Out button on the accounts screen is inactive unless the user chooses to save their password on initial sign-in. The button appears to be contingent on both username & password being filled in.

Expected behavior: Obfuscated password should populate the password field of the accounts screen when a user is signed in, regardless of whether or not they've chosen to automatically sign in to the application.

Related to issue #49

Implement active chat UI ref: https://github.com/guardianproject/Gibberbot/blob/master/doc/comps/20110415/gibberbot_ui_chat.png

Changes include:

• Updated titlebar with straightforward indication of chat encryption status
• Encryption status notifications as elements within chat as opposed to current changing notification directly above text input area
• (experiment) Color-coding of messages based on encryption status

originally reported here: https://trac.torproject.org/projects/tor/ticket/2662

Reported by: cypherpunks Owned by: n8fr8
Priority: major Milestone:
Component: Orbot Version:
Keywords: Cc:
Parent ID: Points:
Actual Points:
Description

Gibberbot should have an option to stay signed in. I keep getting logged out after leaving the app in the background...

Contacts with '.' in their names are concatenated in contacts list. I.e. "[email protected]" will appear as "guardian".

Spun from issue #32: #32

'Cannot connect to server' error msg could use tweaking. Likely a good idea to at least autotest various (at-least-as-paranoid-as-current) configs before failing connect.

When you type your account ID into the setup wizard, it tries to autocomplete. This will get in the way most of the time, so I think we should disable the autocomplete.

What :
The button present in the Account Wizard (view) is not visible. Therefore, not possible to proceed with set up.

Probably an error with the layout (doesn't support Legend resolution?)

Set Up :
HTC Legend/CM7
Gibberbot 0.0.3

Steps to reproduce :
About Gibberbot -> Next -> Next->Next

Picture :
http://imgur.com/hJUBM

The user is left hanging while a single progress spinner titled 'Starting encrypted chat' is shown. Need to do some further logcat analysis to see what the hangup is (keygen?), but (a) it shouldn't take this long and (b) if it has to take this long, we need to show more detailed progress indication.

Did some tracking down of a newly introduced bug that's causing contact lists to load very slowly - or sometimes not at all. When the contact list does load, it does not correctly update presence, and user groups show that no contacts on online.

I tracked this bug down to the commit below, which seems to make sense as a point of introduction:

2137177

App force closes on friend invite accept dialog. logcat snippet at http://pastebin.com/jdKqszwH

Now that we have a generally well functioning two-tab activity, we need to ensure that contacts are not removed from the contacts list / group when a chat is active.

Basically, just jumping to the system prefs is a cop out and doesn't really work.

We also need to walk people through setup field by field, ala k9mail.

Two parts:

(a) For unencrypted chat sessions, the fields for 'Their Fingerprint' and 'Your Fingerprint' are empty. These should probably just say something like (no encrypted session) or the like

(b) The menu options 'Scan Fingerprint', 'Your Fingerprint', and 'Verify Fingerprint' are still actionable and result in FCs. These should just be intercepted with a toast message.

The Chat List tab still displays a chat as active after selecting 'End Chat' from the menu while in an active chat.

Selecting that chat from the list view then results in a FC

Steps to reproduce:

• Sign into Gibberbot and start a chat
• Select 'End Chat' from the menu of the active chat
• Note that the chat is still represented in the list view
• Select that chat - FC

A result of the two-tab split between contacts and ongoing chats.

Security Risk:
The password field makes use of the Android dictionary and tries to autocomplete the password. During this process the complete password is visibly highlighted in the suggestions above the softkeyboard and can be read in plaintext by any person nearby

Minor Issue:
The username / account field makes use of the dictionary and tries to autocomplete the username

Chat notifications use the stock Google Talk icon in the notifications bar - this is confusing to the user.

On 03/04/2011 05:20 PM, Jacob Appelbaum wrote:

If "Use Tor Network" is checked, I think Do SRV Lookup should be
disabled - enabling it should warn the user about the risks.

Gibberbot's interface only allows for the display of about six contacts or groups (on the N1). It may be desirable to display more contacts/groups without scrolling, especially with large contact lists. The user should have the option to reduce the size of the text, or of the tiles that represent contacts, so that more fit on the screen at once.

If you go thru the account creation wizard and get to the ContactsList screen once logged in, hitting the back button will take you to the beginning of the account creation wizard, with blank entries. I think there could be two ways of solving this:

• remove the account wizard steps from the back history
• have the account wizard appear with the fields filled in with current values.

Currently chats aren't appearing properly in the 'chats' tab - no way to get back to that chat you were having!

If optional password not set, should popup dialog on login

It is currently possible to use a Google account but it doesn't work in all logical combinations of settings. If Transport Encryption, TLS Verification, and Do SRV Lookup are on, it should work, but currently does not. Other logical combinations also do not work.

right now shows "foo bar</font" etc when a message comes in from HTML clients

When switching from Adium <--> Gibberbot to Gibberbot <--> Gibberbot using the same XMPP accounts (both Gmail), the client type and key was not updated properly (still stated 'Computer' for client and original Key was still stored and marked as verified).

The current account settings do not allow for the setting of priority. This prevents the user when logged into the same account from multiple locations, which machine receives the messages.

need to check if SOCKS port is actual on and available locally

use ORLib

With SQLCipher beta completed, Gibberbot should integrate it into its codebase!

Ref: https://github.com/guardianproject/android-database-sqlcipher

enter key should move wizard to next step

The Transport Encryption preference should expose the "required/enabled/disabled" options that are commonly used with TLS. Currently the checkbox sets "required" if on, and "enabled" if off. There might be some certain buggy server setups that have problems with the TLS negotiation, so having "disabled" as an option would support them. On the other hand, we might not want to support really insecure setups.

It would be nice if Gibberbot would allow checking certificates by unknown CAs.
Like presenting the certificate for acceptance and then checking that certificate on its own on later logins.

Especially when only a few contacts are online, or groups have only a small number of online members showing groups may not be ideal. The user should have the option to hide groups: that is, to display all contacts in a flat list, as if they were un-grouped.

If I change the Port in advanced account settings, it is recognized.
But if I leave and try to connect or just leave and open advanced account settings. The port is 5222 again.

(got latest: Gibberbot-0.0.4-RC1-20110505a.apk)

Now that we've switched to the 2-tab view, we should have a flexible tab icon that displays a bit more information. Either:

• the # of new / unread msgs.
  OR
• the # of ongoing chats

I prefer the latter option, as new / unread messages will also be indicated to the user via the notifications bar. But we're open to input!

I use a hosted gmail account with SRV records set up to use gTalk with my own domain. When using either talk.l.google.com as my host or telling Gibberbot to use SRV records and using my own domain (literati.org), I get "Unable to sign in to XMPP service" and "could not connect to server" when I try to sign in. I've tried with and without TLS.

This is on a Motorola Droid running Android 2.2.3.

I can't find any information about what license Gibberbot is released under. Many of the source files have comments specifying the Apache 2 license, but those seem to be mostly from AOSP and copyrighted several years ago.

There needs to be a clear statement somewhere about the license for the new code, and for the application as a whole. (And a copy of the complete license text included.)

After reinstall from first gibberbot, my contact list is not loading (empty) on first sign in. One or more Sign Out/Sign In is needed to load the Contact list successfuly. After restarting the application, the issue is repeated.

Simple change request to account screen form fields and options: should not be editable when user is in signed in state. Once signed out, user should be able to edit fields properly.

Gibberbot currently displays groups which have zero online members. With large, diverse, extensively-grouped contact lists, this makes for a cluttered display, especially when few contacts are online. It should be possible to choose to hide these groups, so that only groups with online members are displayed.

should show up on the verify screen or other screen within the chat

Spun from issue #32: #32

"starting encrypted chat session" should not be modal, it should change the red status bar so that you can do other stuff in the meantime. :P

Especially crucial for google apps accounts, the way that Pidgin provides configuration of this is pretty nice: https://www.google.com/support/a/bin/answer.py?answer=49147

Gibberbot should eventually support signing in with multiple XMPP accounts simultaneously.

Should exit to home screen and un-check 'automatically sign in' flag.

Gibberbot does not show offline contacts. However, it is standard practice for some to appear offline, while actually remaining online. Most XMPP clients support initiating conversations with apparently-offline contacts. Gibberbot should support the option to display offline contacts, and this should be editable on a per-contact basis.

For instance, Alice may always want to see all her contacts, so she sets the 'show offline contacts' option in the settings. Alice's interface shoes online contacts at the top, and offline contacts below them in the list.

Bob, however, only wants to see people with whom he may be able to converse. He knows that Alice rarely appears offline when she's actually online, but that Charlie is almost always available for urgent communication, even when he appears offline. Bob edits his settings for Charlie, checking the 'show in the contact list even when offline' box. Bob's contact list always shows Charlie, whatever his status, but when Alice is offline, she does not appear in Bob's contact list.

E.g. if I want to use [email protected] for gibberbot, instead of giving it my p/w etc, GB should just list the extant accounts, check if they support jabber, and offer to add them - using the android API to acquire credentials.

It happened that after login on jabber.ccc.de (with TLS, no verification) that Gibberbot told it was signed in, but all contacts in the roster were shown offline (although they weren't).
The user itself was not shown online at the peer's roster.
It looks as if the login was not successful although shown as such.

Later, one of two peer contacts were shown as online in Gibberbot's roster, although both were online.

Code base as of march 28th was used for testing.

G1 running CM 6.1.0

GB starts normally. Add my gmail account. It says yay, let's connect… and FCs. Opening it again FCs also. Happens regardless of whether orbot is connected.

FC crash report sent.

Device: Motorola Droid
Build: FRG83G
Release 2.2.2

DDMS Log output:
04-08 12:31:57.616: INFO/ActivityManager(1086): Starting activity: Intent { cmp=info.guardianproject.otr.app.im/.ui.AccountWizardActivity }
04-08 12:31:58.296: INFO/ActivityManager(1086): Displayed activity info.guardianproject.otr.app.im/.ui.AccountWizardActivity: 665 ms (total 665 ms)
04-08 12:32:13.725: INFO/global(15242): Default buffer size used in BufferedReader constructor. It would be better to be explicit if an 8k-char buffer is required.
04-08 12:32:13.967: DEBUG/dalvikvm(15242): GC_FOR_MALLOC freed 1370 objects / 238176 bytes in 75ms
04-08 12:32:14.132: DEBUG/dalvikvm(1086): GC_EXPLICIT freed 17289 objects / 805256 bytes in 126ms
04-08 12:32:14.616: DEBUG/dalvikvm(15242): GC_FOR_MALLOC freed 5698 objects / 322432 bytes in 46ms
04-08 12:32:23.053: INFO/ActivityManager(1086): Starting activity: Intent { cmp=info.guardianproject.otr.app.im/.ui.MainActivity (has extras) }
04-08 12:32:23.155: DEBUG/AndroidRuntime(15355): Shutting down VM
04-08 12:32:23.155: WARN/dalvikvm(15355): threadid=1: thread exiting with uncaught exception (group=0x4001d7e0)
04-08 12:32:23.210: ERROR/AndroidRuntime(15355): FATAL EXCEPTION: main
04-08 12:32:23.210: ERROR/AndroidRuntime(15355): java.lang.RuntimeException: Unable to resume activity {info.guardianproject.otr.app.im/info.guardianproject.otr.app.im.ui.MainActivity}: java.lang.NullPointerException
04-08 12:32:23.210: ERROR/AndroidRuntime(15355): at android.app.ActivityThread.performResumeActivity(ActivityThread.java:3128)
04-08 12:32:23.210: ERROR/AndroidRuntime(15355): at android.app.ActivityThread.handleResumeActivity(ActivityThread.java:3143)
04-08 12:32:23.210: ERROR/AndroidRuntime(15355): at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2684)
04-08 12:32:23.210: ERROR/AndroidRuntime(15355): at android.app.ActivityThread.access$2300(ActivityThread.java:125)
04-08 12:32:23.210: ERROR/AndroidRuntime(15355): at android.app.ActivityThread$H.handleMessage(ActivityThread.java:2033)
04-08 12:32:23.210: ERROR/AndroidRuntime(15355): at android.os.Handler.dispatchMessage(Handler.java:99)
04-08 12:32:23.210: ERROR/AndroidRuntime(15355): at android.os.Looper.loop(Looper.java:123)
04-08 12:32:23.210: ERROR/AndroidRuntime(15355): at android.app.ActivityThread.main(ActivityThread.java:4627)
04-08 12:32:23.210: ERROR/AndroidRuntime(15355): at java.lang.reflect.Method.invokeNative(Native Method)
04-08 12:32:23.210: ERROR/AndroidRuntime(15355): at java.lang.reflect.Method.invoke(Method.java:521)
04-08 12:32:23.210: ERROR/AndroidRuntime(15355): at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:858)
04-08 12:32:23.210: ERROR/AndroidRuntime(15355): at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:616)
04-08 12:32:23.210: ERROR/AndroidRuntime(15355): at dalvik.system.NativeStart.main(Native Method)
04-08 12:32:23.210: ERROR/AndroidRuntime(15355): Caused by: java.lang.NullPointerException
04-08 12:32:23.210: ERROR/AndroidRuntime(15355): at info.guardianproject.otr.app.im.ui.MainActivity.showUI(MainActivity.java:109)
04-08 12:32:23.210: ERROR/AndroidRuntime(15355): at info.guardianproject.otr.app.im.ui.MainActivity.onResume(MainActivity.java:177)
04-08 12:32:23.210: ERROR/AndroidRuntime(15355): at android.app.Instrumentation.callActivityOnResume(Instrumentation.java:1149)
04-08 12:32:23.210: ERROR/AndroidRuntime(15355): at android.app.Activity.performResume(Activity.java:3823)
04-08 12:32:23.210: ERROR/AndroidRuntime(15355): at android.app.ActivityThread.performResumeActivity(ActivityThread.java:3118)
04-08 12:32:23.210: ERROR/AndroidRuntime(15355): ... 12 more
04-08 12:32:23.225: WARN/ActivityManager(1086): Force finishing activity info.guardianproject.otr.app.im/.ui.MainActivity
04-08 12:32:23.233: WARN/ActivityManager(1086): Force finishing activity info.guardianproject.otr.app.im/.ui.AccountWizardActivity
04-08 12:32:23.733: WARN/ActivityManager(1086): Activity pause timeout for HistoryRecord{449b7e70 info.guardianproject.otr.app.im/.ui.MainActivity}
04-08 12:32:33.071: WARN/ActivityManager(1086): Launch timeout has expired, giving up wake lock!
04-08 12:32:33.405: ERROR/Tethering(1086): active iface (usb0) reported as added, ignoring
04-08 12:32:33.762: WARN/ActivityManager(1086): Activity idle timeout for HistoryRecord{44920028 info.guardianproject.otr.app.im/.ui.MainActivity}
04-08 12:32:38.920: WARN/ActivityManager(1086): Activity destroy timeout for HistoryRecord{44cd5ee0 info.guardianproject.otr.app.im/.ui.AccountWizardActivity}
04-08 12:32:38.920: WARN/ActivityManager(1086): Activity destroy timeout for HistoryRecord{449b7e70 info.guardianproject.otr.app.im/.ui.MainActivity}
04-08 12:32:45.725: DEBUG/AlarmManagerService(1086): Kernel timezone updated to 240 minutes west of GMT
04-08 12:32:45.733: DEBUG/SystemClock(1157): Setting time of day to sec=1302280364
04-08 12:32:44.224: DEBUG/dalvikvm(1086): GC_EXPLICIT freed 13017 objects / 584320 bytes in 153ms
04-08 12:32:44.278: DEBUG/MobileDataStateTracker(1086): replacing old mInterfaceName (ppp0) with ppp0 for hipri
04-08 12:32:44.278: DEBUG/MobileDataStateTracker(1086): replacing old mInterfaceName (ppp0) with ppp0 for mms
04-08 12:32:44.286: DEBUG/MobileDataStateTracker(1086): default Received state= CONNECTED, old= CONNECTED, reason= (unspecified), apnTypeList= default,mms,hipri
04-08 12:32:44.356: DEBUG/NetworkLocationProvider(1086): onDataConnectionStateChanged 2
04-08 12:32:44.747: INFO/ActivityManager(1086): Start proc com.android.alarmclock for broadcast com.android.alarmclock/com.android.deskclock.AlarmInitReceiver: pid=15448 uid=10008 gids={}
04-08 12:32:45.020: DEBUG/AlarmManagerService(1086): Kernel timezone updated to 240 minutes west of GMT
04-08 12:32:45.231: INFO/ActivityThread(15448): Publishing provider com.android.deskclock: com.android.deskclock.AlarmProvider
04-08 12:32:46.279: INFO/ActivityManager(1086): Process com.android.defcontainer (pid 15198) has died.
04-08 12:32:46.419: INFO/ActivityManager(1086): Process com.noshufou.android.su (pid 15178) has died.

When populated, the settings options for some fields (e.g. Username) should display their values instead of descriptive text for the field. Following should apply:

• Username
• Hostname
• Server Port