Merge pull request #833 from e-mission/switch_to_autogenerated_token

Switch to an autogenerated token with a manual backup
e-mission · May 29, 2022 · fe9ad73 · fe9ad73
2 parents e2f2143 + 07fab2b
commit fe9ad73
Show file tree

Hide file tree

Showing 2 changed files with 69 additions and 8 deletions.
diff --git a/www/js/intro.js b/www/js/intro.js
@@ -70,11 +70,25 @@ angular.module('emission.intro', ['emission.splash.startprefs',
 
   $scope.overallStatus = false;
 
+  // Adapted from https://stackoverflow.com/a/63363662/4040267
+  // made available under a CC BY-SA 4.0 license
+
+  $scope.generateRandomToken = function(length) {
+    var randomInts = window.crypto.getRandomValues(new Uint8Array(length * 2));
+    var randomChars = Array.from(randomInts).map((b) => String.fromCharCode(b));
+    var randomString = randomChars.join("");
+    var validRandomString = window.btoa(randomString).replace(/[+/]/g, "");
+    return validRandomString.substring(0, length);
+  }
+
   $scope.disagree = function() {
     $state.go('root.main.heatmap');
   };
 
   $scope.agree = function() {
+    $scope.randomToken = $scope.generateRandomToken(16);
+    window.Logger.log("Signing in with random token "+$scope.randomToken);
+
     StartPrefs.markConsented().then(function(response) {
       $ionicHistory.clearHistory();
       if ($state.is('root.intro')) {
@@ -105,8 +119,49 @@ angular.module('emission.intro', ['emission.splash.startprefs',
       });
   }
 
-  $scope.login = function() {
-    window.cordova.plugins.BEMJWTAuth.signIn().then(function(userEmail) {
+  $scope.loginNew = function() {
+    $scope.login($scope.randomToken);
+  };
+
+  $scope.loginExisting = function() {
+    $scope.data = {};
+    const tokenPopup = $ionicPopup.show({
+        template: '<input type="String" ng-model="data.existing_token">',
+        title: 'Enter the existing token that you have',
+        scope: $scope,
+        buttons: [
+          {
+            text: '<b>OK</b>',
+            type: 'button-positive',
+            onTap: function(e) {
+              if (!$scope.data.existing_token) {
+                //don't allow the user to close unless he enters a username
+
+                e.preventDefault();
+              } else {
+                return $scope.data.existing_token;
+              }
+            }
+          },{
+            text: '<b>Cancel</b>',
+            type: 'button-stable',
+            onTap: function(e) {
+              return null;
+            }
+          }
+        ]
+    });
+    tokenPopup.then(function(token) {
+        if (token != null) {
+            $scope.login(token);
+        }
+    }).catch(function(err) {
+        $scope.alertError(err);
+    });
+  };
+
+  $scope.login = function(token) {
+    window.cordova.plugins.BEMJWTAuth.setPromptedAuthToken(token).then(function(userEmail) {
       // ionicToast.show(message, position, stick, time);
       // $scope.next();
       ionicToast.show(userEmail, 'middle', false, 2500);

diff --git a/www/templates/intro/login.html b/www/templates/intro/login.html
@@ -1,14 +1,20 @@
 <ion-content>
 <div class="intro-title">
-<center><h3>Login via google</h3></center></div>
+<center><h3>Login via anonymous token</h3></center>
+<center>Token {{randomToken}}</center></div>
 
 <div class="intro-text">
-Currently, we only support logging in via google, since they support techniques
-such as two factor authentication for greater security. Participants at UC
-Berkeley can choose to login using either their CalNet ID or a personal gmail
-account.
+This unique randomly generated token is your identifier in the system.
+<p>&nbsp;</p>
+Nobody other than you knows that you are associated with this token. If you
+want to communicate with the research team about the data collected about you,
+please be prepared to provide this token.
 <div class="intro-space"></div>
-<button class="button button-block button-balanced" ng-click="login()">Login via Google</button>
+<button class="button button-block button-balanced" ng-click="loginNew()">Login as {{randomToken}}</button>
+
+If you already have a token from a previous install, you can use it instead to retain the same account. Note that there are no incorrect tokens. If you enter a token that does not match an existing one, we will create a new account.
+<div class="intro-space"></div>
+<button class="button button-block button-energized" ng-click="loginExisting()">Login with existing token</button>
 </div>