[feature/tokenauth-uidenforce] Enforce User ID when updating token-based bookmarks

[felix-schwarz]

Description

This PR requires the user ID to remain the same when updating token-based bookmarks. If the user logs in as a user other than the one with which the bookmark was originally created, an error will be presented.

Related Issue

Screenshots (if appropriate):

Error trying to log in as different user (edit bookmark)	Regular login error	Error trying to log in as different user (inline editing in "opened" account)

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
1 out of 2 committers have signed the CLA.

✅ hosy
❌ felix-schwarz
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[hosy]

@felix-schwarz For a while we talked about adding the username as parameter for the authentication web view, so that the username value is automatically set.
Does it make sense to implement it inside this PR?

[felix-schwarz]

@hosy Yeah, that could make sense as it is closely related. Last time we tried adding it for OC OAuth2, however, it crashed the web view (and curiously also Safari, when opening the URL there), hinting at a WebKit bug. So I'd skip that for OC OAuth2.

For OIDC, however, it's certainly worth looking into. I'll check the RFC if there is a parameter we can send along.

[felix-schwarz]

@hosy Ok, checked and for OIDC the SDK is already passing along the username as login_hint (spec). However, it is not used by the IDP of the ocis.owncloud.works test server.

Also got feedback that this is not supported by the Kopano IDP yet. But as soon as it is, this should work.

[felix-schwarz]

Re OAuth2: I just re-checked if Apple fixed the WebKit crash in iOS 14.3, but unfortunately, they didn't:

[mneuwert]

@felix-schwarz reduce nesting with guard let statements?

[felix-schwarz]

Sorry, but I didn't find any opportunity to simplify the logic there with guard let statements. Still could reduce nesting by unifying ifs that were nested unnecessarily.

[jesmrec]

QA checks

• Edit OAuth2 bookmark, logging in with different user -> correct error

• Revoke OAuth2 token, logging in with different user -> correct error

• Edit OIDC bookmark, logging in with different user -> correct error

• Edit OAuth2 bookmark, logging in with same user -> correct login

• Revoke OAuth2 token, logging in with same user -> correct login

• Edit OIDC bookmark, logging in with same user -> correct login

[jesmrec]

Approved on my side