Fix WebLoginMethodHandler to properly handle custom redirect URIs

Summary:
This change enables proper handling of custom redirect URIs in WebView login flows by launching them as Android intents instead of processing them as Facebook callbacks, while preserving standard Facebook login behavior for empty/default redirect URIs.

## Key Changes:
- WebLoginMethodHandler.onComplete(): Added custom redirect URI detection and early
  return to avoid interfering with custom redirect handling
- CustomRedirectWebDialog: New WebDialog subclass that overrides parseResponseUri()
  to launch custom URIs as Android intents via Intent.ACTION_VIEW
- AuthDialogBuilder: Modified to use original request to determine when to create
  CustomRedirectWebDialog vs standard WebDialog

## Fixes:
- Black screen issue by preserving normal WebDialog loading behavior
- ERR_UNKNOWN_URL_SCHEME error when redirect_uri is empty by using original request
- "Login cancelled" error for custom redirects by avoiding completion callbacks
- Proper intent launching with full URL including query parameters

## Test Updates:
- Fix NullPointerException in LoginManager.retrieveLoginStatusImpl with null safety check
- Add missing FacebookSdk.getRedirectURI() mock in LoginManagerTest setup
- Fix WebViewLoginMethodHandlerTest compilation errors by adding missing request parameter
- Update tests to properly handle custom vs standard redirect URI behavior differences
- Add comprehensive test coverage for custom redirect URI scenarios (success, cancel, error)
- Fix missing Mockito imports in test files

This ensures custom redirect URIs work properly via Android system handling while maintaining full backward compatibility for standard Facebook login flows.

Differential Revision: D82615611

fbshipit-source-id: 8944e117cacd25089641cb4cda3c4f09f9ed976f

Author: rageandqq

facebook-common/src/main/java/com/facebook/login/WebLoginMethodHandler.kt

@@ -136,9 +136,43 @@ abstract class WebLoginMethodHandler : LoginMethodHandler {
 
   @VisibleForTesting(otherwise = VisibleForTesting.PROTECTED)
   open fun onComplete(request: LoginClient.Request, values: Bundle?, error: FacebookException?) {
-    var outcome: LoginClient.Result
     val loginClient = loginClient
     e2e = null
+
+    // If a custom redirect URI is provided, don't process the response as a standard Facebook callback.
+    // Instead, let the web dialog handle the redirect to the custom URI properly.
+    if (!request.redirectURI.isNullOrEmpty() && request.redirectURI != getRedirectUrl()) {
+      // For custom redirect URIs, we don't intercept or process the response.
+      // The web dialog will handle the redirect and the app should handle the result
+      // through its own means (e.g., deep links, URL schemes).
+      
+      // Only handle explicit errors and cancellations - don't interfere with successful redirects
+      if (error is FacebookOperationCanceledException) {
+        val outcome = LoginClient.Result.createCancelResult(
+            loginClient.pendingRequest, USER_CANCELED_LOG_IN_ERROR_MESSAGE)
+        loginClient.completeAndValidate(outcome)
+      } else if (error != null) {
+        // Handle errors normally
+        e2e = null
+        var errorCode: String? = null
+        var errorMessage = error.message
+        if (error is FacebookServiceException) {
+          val requestError = error.requestError
+          errorCode = requestError.errorCode.toString()
+          errorMessage = requestError.toString()
+        }
+        val outcome = LoginClient.Result.createErrorResult(
+            loginClient.pendingRequest, null, errorMessage, errorCode)
+        loginClient.completeAndValidate(outcome)
+      }
+      // For successful custom redirect URI cases (values != null, error == null), 
+      // do nothing - let the web dialog handle the redirect without calling completion callbacks.
+      // The app will handle the result through its own URL scheme handling.
+      return
+    }
+
+    // Standard Facebook redirect URI - process normally
+    var outcome: LoginClient.Result
     if (values != null) {
       // Actual e2e we got from the dialog should be used for logging.
       if (values.containsKey(ServerProtocol.DIALOG_PARAM_E2E)) {

facebook-common/src/main/java/com/facebook/login/WebViewLoginMethodHandler.kt

@@ -62,7 +62,7 @@ open class WebViewLoginMethodHandler : WebLoginMethodHandler {
     val isChromeOS = Utility.isChromeOS(fragmentActivity)
 
     val builder =
-        AuthDialogBuilder(fragmentActivity, request.applicationId, parameters)
+        AuthDialogBuilder(fragmentActivity, request.applicationId, parameters, request)
             .setE2E(e2e as String)
             .setIsChromeOS(isChromeOS)
             .setAuthType(request.authType)
@@ -96,15 +96,19 @@ open class WebViewLoginMethodHandler : WebLoginMethodHandler {
     private var targetApp = LoginTargetApp.FACEBOOK
     private var isFamilyLogin = false
     private var shouldSkipDedupe = false
+    private var originalRequest: LoginClient.Request
 
     lateinit var e2e: String
     lateinit var authType: String
 
     constructor(
         context: Context,
         applicationId: String,
-        parameters: Bundle
-    ) : super(context, applicationId, OAUTH_DIALOG, parameters)
+        parameters: Bundle,
+        request: LoginClient.Request
+    ) : super(context, applicationId, OAUTH_DIALOG, parameters) {
+      this.originalRequest = request
+    }
 
     fun setE2E(e2e: String): AuthDialogBuilder {
       this.e2e = e2e
@@ -152,8 +156,8 @@ open class WebViewLoginMethodHandler : WebLoginMethodHandler {
     override fun build(): WebDialog {
       val parameters = this.parameters as Bundle
 
-      // Check if custom redirect URI was provided
-      val customRedirectUri = parameters.getString(ServerProtocol.DIALOG_PARAM_REDIRECT_URI)
+      // Check if the original request had a custom redirect URI (non-empty)
+      val hasCustomRedirectUri = !originalRequest.redirectURI.isNullOrEmpty()
 
       // Only set redirect_uri if it wasn't already provided (preserves custom redirect URI from addExtraParameters)
       if (!parameters.containsKey(ServerProtocol.DIALOG_PARAM_REDIRECT_URI)) {
@@ -178,8 +182,9 @@ open class WebViewLoginMethodHandler : WebLoginMethodHandler {
         parameters.putString(ServerProtocol.DIALOG_PARAM_SKIP_DEDUPE, "true")
       }
 
-      // Create a custom WebDialog that respects our redirect URI
-      return if (!customRedirectUri.isNullOrEmpty() && customRedirectUri != ServerProtocol.DIALOG_REDIRECT_URI) {
+      // Create WebDialog - use custom one only if original request had a non-empty custom redirect URI
+      return if (hasCustomRedirectUri) {
+        val customRedirectUri = originalRequest.redirectURI!!
         CustomRedirectWebDialog.create(this.context as Context, OAUTH_DIALOG, parameters, theme, this.targetApp, listener, customRedirectUri)
       } else {
         WebDialog.newInstance(this.context as Context, OAUTH_DIALOG, parameters, theme, this.targetApp, listener)
@@ -188,17 +193,33 @@ open class WebViewLoginMethodHandler : WebLoginMethodHandler {
   }
 
   /**
-   * Custom WebDialog that properly handles custom redirect URIs
+   * Custom WebDialog that handles custom redirect URIs by launching intents instead of parsing Facebook responses
    */
   private class CustomRedirectWebDialog(
       context: Context,
       url: String,
       private val customRedirectUri: String
   ) : WebDialog(context, url) {
 
-    init {
-      // Set the custom redirect URI as the expected one
-      setExpectedRedirectUrl(customRedirectUri)
+    override fun parseResponseUri(urlString: String?): Bundle {
+      // If this is our custom redirect URI, launch it as an intent instead of parsing
+      // Make sure customRedirectUri is not empty to avoid matching everything
+      if (urlString != null && customRedirectUri.isNotEmpty() && urlString.startsWith(customRedirectUri)) {
+        try {
+          val intent = android.content.Intent(android.content.Intent.ACTION_VIEW, android.net.Uri.parse(urlString))
+          intent.addFlags(android.content.Intent.FLAG_ACTIVITY_NEW_TASK)
+          context.startActivity(intent)
+          dismiss()
+        } catch (e: Exception) {
+          // If we can't launch the intent, treat it as an error
+          sendErrorToListener(com.facebook.FacebookDialogException("Failed to launch custom redirect: ${e.message}", -1, urlString))
+        }
+        // Return empty bundle since we're handling this ourselves
+        return Bundle()
+      }
+      
+      // For non-custom redirect URIs, use normal parsing
+      return super.parseResponseUri(urlString)
     }
 
     companion object {
@@ -210,8 +231,8 @@ open class WebViewLoginMethodHandler : WebLoginMethodHandler {
           targetApp: LoginTargetApp,
           listener: OnCompleteListener?,
           customRedirectUri: String
-      ): CustomRedirectWebDialog {
-        // Build the URL with our custom parameters
+      ): WebDialog {
+        // Build the URL with our custom parameters (same as normal WebDialog)
         val modifiedParameters = Bundle(parameters ?: Bundle())
         modifiedParameters.putString(ServerProtocol.DIALOG_PARAM_REDIRECT_URI, customRedirectUri)
         modifiedParameters.putString(ServerProtocol.DIALOG_PARAM_DISPLAY, "touch")
@@ -234,9 +255,6 @@ open class WebViewLoginMethodHandler : WebLoginMethodHandler {
         }
 
         val dialog = CustomRedirectWebDialog(context, uri.toString(), customRedirectUri)
-        if (theme != 0) {
-          // Note: Custom theme handling would need to be implemented if needed
-        }
         dialog.onCompleteListener = listener
         return dialog
       }

facebook-common/src/test/kotlin/com/facebook/login/WebViewLoginMethodHandlerTest.kt

@@ -18,8 +18,10 @@ import com.facebook.internal.FacebookDialogFragment
 import java.util.Date
 import org.assertj.core.api.Assertions.assertThat
 import org.junit.Test
+import org.mockito.kotlin.any
 import org.mockito.kotlin.argumentCaptor
 import org.mockito.kotlin.mock
+import org.mockito.kotlin.never
 import org.mockito.kotlin.times
 import org.mockito.kotlin.verify
 import org.mockito.kotlin.whenever
@@ -48,7 +50,8 @@ class WebViewLoginMethodHandlerTest : LoginHandlerTestCase() {
 
     val handler = WebViewLoginMethodHandler(mockLoginClient)
 
-    val request = createRequest()
+    // Use a request without custom redirect URI so normal completion flow is used
+    val request = createRequestWithRedirectURI(null)
     handler.onWebDialogComplete(request, bundle, null)
 
     val resultArgumentCaptor = argumentCaptor<LoginClient.Result>()
@@ -97,9 +100,11 @@ class WebViewLoginMethodHandlerTest : LoginHandlerTestCase() {
 
   @Test
   fun testWebViewHandlesCancel() {
+    mockTryAuthorize()
     val handler = WebViewLoginMethodHandler(mockLoginClient)
 
-    val request = createRequest()
+    // Use a request without custom redirect URI so normal completion flow is used
+    val request = createRequestWithRedirectURI(null)
     handler.onWebDialogComplete(request, null, FacebookOperationCanceledException())
 
     val resultArgumentCaptor = argumentCaptor<LoginClient.Result>()
@@ -114,9 +119,11 @@ class WebViewLoginMethodHandlerTest : LoginHandlerTestCase() {
 
   @Test
   fun testWebViewHandlesError() {
+    mockTryAuthorize()
     val handler = WebViewLoginMethodHandler(mockLoginClient)
 
-    val request = createRequest()
+    // Use a request without custom redirect URI so normal completion flow is used
+    val request = createRequestWithRedirectURI(null)
     handler.onWebDialogComplete(request, null, FacebookException(ERROR_MESSAGE))
 
     val resultArgumentCaptor = argumentCaptor<LoginClient.Result>()
@@ -210,8 +217,8 @@ class WebViewLoginMethodHandlerTest : LoginHandlerTestCase() {
     // Simulate the parameters that would be passed from addExtraParameters
     val bundle = Bundle()
     bundle.putString("redirect_uri", testRedirectURI) // This simulates addExtraParameters setting it
-    
-    val builder = handler.AuthDialogBuilder(activity, "test-app-id", bundle)
+
+    val builder = handler.AuthDialogBuilder(activity, "test-app-id", bundle, request)
 
     // Build the dialog and verify it can be created without errors
     val dialog = builder
@@ -230,9 +237,10 @@ class WebViewLoginMethodHandlerTest : LoginHandlerTestCase() {
     mockTryAuthorize()
     val handler = WebViewLoginMethodHandler(mockLoginClient)
 
-    // Create AuthDialogBuilder without custom redirect URI
+    // Create AuthDialogBuilder without custom redirect URI (null)
+    val request = createRequestWithRedirectURI(null)
     val bundle = Bundle()
-    val builder = handler.AuthDialogBuilder(activity, "test-app-id", bundle)
+    val builder = handler.AuthDialogBuilder(activity, "test-app-id", bundle, request)
 
     // Build the dialog and verify it can be created without errors
     val dialog = builder
@@ -252,9 +260,10 @@ class WebViewLoginMethodHandlerTest : LoginHandlerTestCase() {
     val handler = WebViewLoginMethodHandler(mockLoginClient)
 
     // Create AuthDialogBuilder with null redirect URI in bundle
+    val request = createRequestWithRedirectURI(null)
     val bundle = Bundle()
     bundle.putString("redirect_uri", null)
-    val builder = handler.AuthDialogBuilder(activity, "test-app-id", bundle)
+    val builder = handler.AuthDialogBuilder(activity, "test-app-id", bundle, request)
 
     // Build the dialog and verify it can be created without errors
     val dialog = builder
@@ -274,9 +283,10 @@ class WebViewLoginMethodHandlerTest : LoginHandlerTestCase() {
     val handler = WebViewLoginMethodHandler(mockLoginClient)
 
     // Create AuthDialogBuilder with empty redirect URI in bundle
+    val request = createRequestWithRedirectURI("")
     val bundle = Bundle()
     bundle.putString("redirect_uri", "")
-    val builder = handler.AuthDialogBuilder(activity, "test-app-id", bundle)
+    val builder = handler.AuthDialogBuilder(activity, "test-app-id", bundle, request)
 
     // Build the dialog and verify it can be created without errors
     val dialog = builder
@@ -304,12 +314,74 @@ class WebViewLoginMethodHandlerTest : LoginHandlerTestCase() {
 
     // Verify that the request contains the redirect URI
     assertThat(request.redirectURI).isEqualTo(testRedirectURI)
-    
+
     // The integration test verifies that tryAuthorize properly processes the redirect URI
     // through the entire flow including addExtraParameters and AuthDialogBuilder
     // The successful execution without errors confirms the integration works correctly
   }
 
+  @Test
+  fun testCustomRedirectURISuccessDoesNotCallComplete() {
+    mockTryAuthorize()
+    val handler = WebViewLoginMethodHandler(mockLoginClient)
+    val testRedirectURI = "https://example.com/custom/redirect"
+
+    val bundle = Bundle()
+    bundle.putString("access_token", ACCESS_TOKEN)
+    bundle.putString("expires_in", String.format("%d", EXPIRES_IN_DELTA))
+    bundle.putString("signed_request", SIGNED_REQUEST_STR)
+
+    // Create a request with custom redirect URI
+    val request = createRequestWithRedirectURI(testRedirectURI)
+
+    // For custom redirect URIs with successful results, completeAndValidate should NOT be called
+    handler.onWebDialogComplete(request, bundle, null)
+
+    // Verify that completeAndValidate was NOT called for successful custom redirect
+    verify(mockLoginClient, never()).completeAndValidate(any())
+  }
+
+  @Test
+  fun testCustomRedirectURICancelCallsComplete() {
+    mockTryAuthorize()
+    val handler = WebViewLoginMethodHandler(mockLoginClient)
+    val testRedirectURI = "https://example.com/custom/redirect"
+
+    // Create a request with custom redirect URI
+    val request = createRequestWithRedirectURI(testRedirectURI)
+
+    // For custom redirect URIs with cancellation, completeAndValidate SHOULD be called
+    handler.onWebDialogComplete(request, null, FacebookOperationCanceledException())
+
+    val resultArgumentCaptor = argumentCaptor<LoginClient.Result>()
+    verify(mockLoginClient, times(1)).completeAndValidate(resultArgumentCaptor.capture())
+    val result = resultArgumentCaptor.firstValue
+
+    assertThat(result).isNotNull
+    assertThat(result.code).isEqualTo(LoginClient.Result.Code.CANCEL)
+  }
+
+  @Test
+  fun testCustomRedirectURIErrorCallsComplete() {
+    mockTryAuthorize()
+    val handler = WebViewLoginMethodHandler(mockLoginClient)
+    val testRedirectURI = "https://example.com/custom/redirect"
+
+    // Create a request with custom redirect URI
+    val request = createRequestWithRedirectURI(testRedirectURI)
+
+    // For custom redirect URIs with errors, completeAndValidate SHOULD be called
+    handler.onWebDialogComplete(request, null, FacebookException(ERROR_MESSAGE))
+
+    val resultArgumentCaptor = argumentCaptor<LoginClient.Result>()
+    verify(mockLoginClient, times(1)).completeAndValidate(resultArgumentCaptor.capture())
+    val result = resultArgumentCaptor.firstValue
+
+    assertThat(result).isNotNull
+    assertThat(result.code).isEqualTo(LoginClient.Result.Code.ERROR)
+    assertThat(result.errorMessage).isEqualTo(ERROR_MESSAGE)
+  }
+
   @Test
   fun testTryAuthorizeWithoutCustomRedirectURI() {
     mockTryAuthorize()
@@ -323,7 +395,7 @@ class WebViewLoginMethodHandlerTest : LoginHandlerTestCase() {
 
     // Verify that the request doesn't have a redirect URI
     assertThat(request.redirectURI).isNull()
-    
+
     // The successful execution confirms default behavior works correctly
   }
 
@@ -347,6 +419,8 @@ class WebViewLoginMethodHandlerTest : LoginHandlerTestCase() {
     PowerMockito.mockStatic(FacebookSdk::class.java)
     whenever(FacebookSdk.isInitialized()).thenReturn(true)
     whenever(FacebookSdk.getApplicationId()).thenReturn(AuthenticationTokenTestUtil.APP_ID)
+    whenever(FacebookSdk.getRedirectURI()).thenReturn("https://example.com/redirect")
+    whenever(FacebookSdk.getGraphApiVersion()).thenReturn("v18.0")
 
     val mockCompanion = mock<AccessToken.Companion>()
     WhiteboxImpl.setInternalState(AccessToken::class.java, "Companion", mockCompanion)