mauron85 / background-geolocation-android Goto Github PK

Hi,
I'm using cordova-plugin-background-geolocation and getting a warning after location post:

Is the message and return following this comparison right?

If the status code is 200 and, as stated, it's correct. Should'nt it return true, then the location would be deleted? Also, shouldn't the log message be positive?

The location is being saved as pending location even though the post worked (200/):

need to change package to io.github.nishkarsh from com.intentfilter because jcenter is shutting down and mavenCentral has new group id io.github.nishkarsh

Cant compile, getting this error:

BUILD FAILED in 49s
26 actionable tasks: 22 executed, 4 up-to-date
platforms/android/gradlew: Command failed with exit code 1 Error output:
platforms/android/app/src/main/java/com/marianhello/bgloc/data/BackgroundActivity.java:20: error: cannot access zzbfm
confidence = activity.getConfidence();
^
class file for com.google.android.gms.internal.zzbfm not found
Note: Some input files use or override a deprecated API.
Note: Recompile with -Xlint:deprecation for details.
Note: Some input files use unchecked or unsafe operations.
Note: Recompile with -Xlint:unchecked for details.

First, I'm not sure it's an issue or intended behavior.

I noticed that the "post" method of PostLocationTask will only try to sync the stored locations if:

• it has no connectivity (in this case we can assume that it will probably fail to sync)
• if the post fails (probably sync will fail too)
• if there is no "url" param in config

I'm not sure if there is something I don't see here. But it seems like this return statement shouldn't be there:

Thanks for any help :)

In this issue there is a security report that states

OBJECT DESERIALIZATION FOUND [M7] [CWE-502] [SAST]
Description:
WARNING
Object deserialization performed on an untrusted resource (e.g. user-supplied input or external storage), can be dangerous if the data for deserialization is tampered by an attacker.

There is 'implements Serializable' found in file com/marianhello/bgloc/data/ArrayListLocationTemplate.java:

line 9:
line 10: public class ArrayListLocationTemplate extends AbstractLocationTemplate implements Serializable {
line 11: private static final long serialVersionUID = 1234;

The line is line 15

I wonder if the serialization is required here? If not perhaps it could be removed.

If it is required, perhaps you could add a comment explaining why this is necessary and any safeguards that are in place to ensure it is secure, or any pitfalls developers need to know about to be safe?

This project pulls in com.intentfilter:android-permissions:0.1.6 which has a minSdkVersion of 16. However, the minSdkVersion of this project is 15 causing this compilation error;

* What went wrong:
Execution failed for task ':react-native-mauron85-background-geolocation-common:processDebugAndroidTestManifest'.
> Manifest merger failed : uses-sdk:minSdkVersion 15 cannot be smaller than version 16 declared in library [com.intentfilter:android-permissions:0.1.6] /Users/davidb/.gradle/caches/transforms-1/files-1.1/android-permissions-0.1.6.aar/21d8aae82bf96cbf2bd50d472a4ce034/AndroidManifest.xml as the library might be using APIs not available in 15
        Suggestion: use a compatible library with a minSdk of at most 15,
                or increase this project's minSdk version to at least 16,
                or use tools:overrideLibrary="com.intentfilter.androidpermissions" to force usage (may lead to runtime failures)

Notice that this happens when compiling under the androidTest scope and specifically I've replicated when compiling the library under a React Native project. This problem doesn't appear to manifest in other compile scopes. I suspect androidTest is unique owing to the Espresso and instrumentation resources that are pulled in. Whilst attempting to use wix/detox together with this library another issue was found;

* What went wrong:
Execution failed for task ':react-native-mauron85-background-geolocation-common:processDebugAndroidTestManifest'.
> Manifest merger failed : Attribute meta-data#android.support.VERSION@value value=(26.0.1) from [com.android.support:appcompat-v7:26.0.1] AndroidManifest.xml:28:13-35
        is also present at [com.android.support:support-v4:26.1.0] AndroidManifest.xml:28:13-35 value=(26.1.0).
        Suggestion: add 'tools:replace="android:value"' to <meta-data> element at manifestMerger1108134589647091783.xml:26:9-28:38 to override.

This issue can be overcome by adding a meta-data block as described to the androidTest AndroidManifest.xml. I am able to submit both of these changes via a PR which I'll create shortly after this.

Would a contribution such as this be appropriate?

In the Manifest file, I noticed the color orange is referenced but never created.

android:resource="@color/orange"

Current code is using ContentProviderLocationDAO instead of SQLiteLocationDAO, therefore deleteAllLocations() will delete all records, instead of updating status to BackgroundLocation.DELETED, as in SQLiteLocationDAO.

Current documentation at https://github.com/mauron85/react-native-background-geolocation shows that deleteAllLocations() WILL NOT delete any records, instead it will update the status to BackgroundLocation.DELETED. Considering the documentation is valid, deleteAllLocations() is now broken as it will delete all records, since it's using ContentProviderLocationDAO, not SQLiteLocationDAO.

Is it possible you are missing

    [configuration: "implementation", dependency: testLibs.junit],

in build.gradle?

Because I suddenly cannot compile without it. The actual code (not tests) actually references JUnit for Assert, so it makes sense. It shouldn't have worked before :-)

My project has dependency on commons-io wich conflicts with your placed classes in ->
src/main/java/org/apache/commons/io/

You probably should use dependency commons-io:commons-io:2.6.
Add to VERSIONS.gradle after line 132

        commonsio: [group: 'commons-io', name:'commons-io', version: '2.6'],

To build.gradle in array oreoDependencies

    [configuration: "implementation", dependency: libs.commonsio],

And to array preoreoDependencies

    [configuration: "compile", dependency: libs.commonsio],

According to this line the name of the channel is set to App name. But it should be configurable by developer to show like "Tracking Location" or something else he needed.

Although it is coming from strings xml sheet, but this value effect the Account name and lable, so i think we need to use different string value like @strings\service_channel_name so that developer can customize. If needed we can also keep another varibale for description as well. @strings\service_channel_description.

But the name and description for Sync channel is enough as you coded.

Basically what's written here:
mauron85/cordova-plugin-background-geolocation#688
Need to add permission to:
<uses-permission android:name="android.permission.ACCESS_BACKGROUND_LOCATION" />
I'll send a pull request shortly.

Hi again @mauron85,

Would you consider accepting a PR for renaming the SyncService account to something else? I understand the adapter is only a dummy but perhaps something less techy would sit better with users like "Location Synchronisation". I am referring to this line and this.

This is how it looks to the user;

Thank you for your time and let me know.