Merge pull request #57 from PAException/security/substitute-settings

Fixed substitute security bug
PAException · Apr 23, 2024 · 50edbb3 · 50edbb3
2 parents 2decea3 + f4abca5
commit 50edbb3
Show file tree

Hide file tree

Showing 8 changed files with 19 additions and 7 deletions.
diff --git a/lib/src/backend/database/nosql/model/settings/notification_settings.dart b/lib/src/backend/database/nosql/model/settings/notification_settings.dart
@@ -170,8 +170,8 @@ extension NotificationHelper on NotificationSettings {
     _substitute = value;
     if (!value) return updatePriorityTopics(_priorityTopics);
 
-    var settings = await SubstituteSettings.ref().offline.load();
-    var substituteTopics = await settings.priorityTopics();
+    var substituteSettings = await SubstituteSettings.ref().offline.load();
+    var substituteTopics = await substituteSettings.priorityTopics();
 
     updatePriorityTopics({..._priorityTopics, ...substituteTopics});
   }

diff --git a/lib/src/backend/database/nosql/model/settings/substitute_settings.dart b/lib/src/backend/database/nosql/model/settings/substitute_settings.dart
@@ -72,6 +72,8 @@ class SubstituteSettings {
 
   /// Get priority topics to send notification settings to API if enabled.
   Future<List<String>> priorityTopics() async {
+    if (password == null) return [];
+
     var priorityTopics = [
       if (byClasses)
         ...classes.map((className) => "substitute.class.$className"),

diff --git a/lib/src/services/firebase/analytics.dart b/lib/src/services/firebase/analytics.dart
@@ -9,6 +9,7 @@ import 'package:engelsburg_planer/src/backend/database/state/app_state.dart';
 import 'package:engelsburg_planer/src/utils/util.dart';
 import 'package:firebase_analytics/firebase_analytics.dart';
 import 'package:flutter/foundation.dart';
+import 'package:go_router/go_router.dart';
 
 class Analytics {
   static final FirebaseAnalytics _analytics = FirebaseAnalytics.instance;
@@ -73,7 +74,13 @@ class InteractionAnalytics {
 
   /// Called everytime a new screen/page is shown
   /// --> most important are the base pages (navBar & drawer)
-  void screen(String path) => _analytics.setCurrentScreen(screenName: path);
+  void screen(GoRouterState state) {
+    _analytics.logScreenView(
+        screenClass: state.fullPath,
+        screenName: state.uri.toString(),
+        parameters: state.uri.queryParameters,
+    );
+  }
 }
 
 class ArticleAnalysis {

diff --git a/lib/src/view/pages/settings/settings_substitute_page.dart b/lib/src/view/pages/settings/settings_substitute_page.dart
@@ -6,6 +6,7 @@ import 'package:engelsburg_planer/src/backend/database/nosql/model/settings/noti
 import 'package:engelsburg_planer/src/backend/database/nosql/model/settings/substitute_settings.dart';
 import 'package:engelsburg_planer/src/backend/database/state/user_state.dart';
 import 'package:engelsburg_planer/src/utils/extensions.dart';
+import 'package:engelsburg_planer/src/view/pages/substitute/content/substitute_key_page.dart';
 import 'package:engelsburg_planer/src/view/routing/templates/page_base.dart';
 import 'package:engelsburg_planer/src/view/widgets/special/storage/storage_consumer.dart';
 import 'package:engelsburg_planer/src/view/widgets/util/switch_expandable.dart';
@@ -24,6 +25,10 @@ class SubstituteSettingsPage extends PageBase {
     return DocumentConsumer<SubstituteSettings>(
       doc: SubstituteSettings.ref().defaultStorage(context),
       itemBuilder: (context, doc, settings) {
+        if (settings.password == null) {
+          return const SubstituteKeyPage();
+        }
+
         return Scaffold(
           body: StatefulBuilder(builder: (context, setState) {
             return SingleChildScrollView(

diff --git a/lib/src/view/pages/substitute/card/substitute_message_card.dart b/lib/src/view/pages/substitute/card/substitute_message_card.dart
@@ -5,7 +5,6 @@
 import 'package:engelsburg_planer/src/backend/api/model/substitutes.dart';
 import 'package:engelsburg_planer/src/utils/extensions.dart';
 import 'package:flutter/material.dart';
-import 'package:flutter/widgets.dart';
 
 class SubstituteMessageCard extends StatelessWidget {
   const SubstituteMessageCard({super.key, required this.substituteMessage});

diff --git a/lib/src/view/pages/timetable/timetable_page.dart b/lib/src/view/pages/timetable/timetable_page.dart
@@ -8,7 +8,6 @@ import 'package:engelsburg_planer/src/backend/database/nosql/base/document.dart'
 import 'package:engelsburg_planer/src/utils/extensions.dart';
 import 'package:engelsburg_planer/src/utils/logger.dart';
 import 'package:engelsburg_planer/src/view/routing/templates/page_base.dart';
-import 'package:flutter/cupertino.dart';
 import 'package:flutter/material.dart';
 import 'package:engelsburg_planer/src/backend/api/model/substitutes.dart';
 import 'package:engelsburg_planer/src/backend/database/state/user_state.dart';

diff --git a/lib/src/view/routing/route_generator.dart b/lib/src/view/routing/route_generator.dart
@@ -61,7 +61,7 @@ class AppRouter {
       initialLocation: appearance.navBarPages().first.route,
       redirect: (context, state) {
         //Set current screen for analytics
-        Analytics.interaction.screen(state.uri.toString());
+        Analytics.interaction.screen(state);
 
         if (!context.read<AppConfigState>().isConfigured) return "/introduction";
 

diff --git a/lib/src/view/routing/templates/actions.dart b/lib/src/view/routing/templates/actions.dart
@@ -21,7 +21,7 @@ class SettingsAction extends StatelessWidget {
   });
 
   /// The [onSettings] callback is called when the [IconButton] is pressed.
-  final VoidCallback onSettings;
+  final VoidCallback? onSettings;
 
   @override
   Widget build(BuildContext context) {