Merge branch 'dev' of github.com:wmathurin/SalesforceMobileSDK-Android into feature/migrate-doc-generation-to-dokka

Author: wmathurin

.claude/skills/update-sqlcipher/SKILL.md

@@ -178,7 +178,9 @@ When creating the PR:
 
 Recent SQLCipher updates in the project:
 
-- **4.10.0** - Current version (PR #2744)
+- **4.16.0** - SQLite 3.53.1, LibTomCrypt 1.18.2 (2026-05-12)
+- **4.15.0** - Previous version
+- **4.10.0** - Previous version (PR #2744)
 - **4.9.0** - Previous version (PR #2717)
 - **4.7.2** - Introduced `onCorruption()` API change (PR #2698)
 - **4.6.1** - Stable version (PR #2605)

external/cordova/cordova.js

@@ -19,7 +19,7 @@
  under the License.
 */
 ;(function() {
-var PLATFORM_VERSION_BUILD_LABEL = '14.0.1';
+var PLATFORM_VERSION_BUILD_LABEL = '15.0.0';
 // file: src/scripts/require.js
 var require;
 var define;
@@ -986,7 +986,7 @@ function androidExec (success, fail, service, action, args) {
     var callbackId = service + cordova.callbackId++;
     var argsJson = JSON.stringify(args);
     if (success || fail) {
-        cordova.callbacks[callbackId] = { success: success, fail: fail };
+        cordova.callbacks[callbackId] = { success, fail };
     }
 
     var msgs = nativeApiProvider.get().exec(bridgeSecret, service, action, callbackId, argsJson);
@@ -1026,6 +1026,8 @@ function pollOnce (opt_fromOnlineEvent) {
     }
 }
 
+androidExec.pollOnce = pollOnce;
+
 function pollingTimerFunc () {
     if (pollEnabled) {
         pollOnce();
@@ -1429,6 +1431,10 @@ module.exports = {
         // Core Splash Screen
         modulemapper.clobbers('cordova/plugin/android/splashscreen', 'navigator.splashscreen');
 
+        // Attach the internal statusBar utility to window.statusbar
+        // see the file under plugin/android/statusbar.js
+        modulemapper.clobbers('cordova/plugin/android/statusbar', 'window.statusbar');
+
         var APP_PLUGIN_NAME = Number(cordova.platformVersion.split('.')[0]) >= 4 ? 'CoreAndroid' : 'App';
 
         // Inject a listener for the backbutton on the document.
@@ -1627,6 +1633,85 @@ module.exports = splashscreen;
 
 });
 
+// file: ../../cordova-js-src/plugin/android/statusbar.js
+define("cordova/plugin/android/statusbar", function(require, exports, module) {
+
+var exec = require('cordova/exec');
+
+var statusBarVisible = true;
+var statusBar = {};
+
+// This <script> element is explicitly used by Cordova's statusbar for computing color. (Do not use this element)
+const statusBarScript = document.createElement('script');
+document.head.appendChild(statusBarScript);
+
+Object.defineProperty(statusBar, 'visible', {
+    configurable: false,
+    enumerable: true,
+    get: function () {
+        if (window.StatusBar) {
+            // try to let the StatusBar plugin handle it
+            return window.StatusBar.isVisible;
+        }
+
+        return statusBarVisible;
+    },
+    set: function (value) {
+        if (window.StatusBar) {
+            // try to let the StatusBar plugin handle it
+            if (value) {
+                window.StatusBar.show();
+            } else {
+                window.StatusBar.hide();
+            }
+        } else {
+            statusBarVisible = value;
+            exec(null, null, 'SystemBarPlugin', 'setStatusBarVisible', [!!value]);
+        }
+    }
+});
+
+Object.defineProperty(statusBar, 'setBackgroundColor', {
+    configurable: false,
+    enumerable: false,
+    writable: false,
+    value: function (value) {
+        statusBarScript.style.color = value;
+        var rgbStr = window.getComputedStyle(statusBarScript).getPropertyValue('color');
+
+        if (!rgbStr.match(/^rgb/)) { return; }
+
+        var rgbVals = rgbStr.match(/\d+/g).map(function (v) { return parseInt(v, 10); });
+
+        if (rgbVals.length < 3) {
+            return;
+        } else if (rgbVals.length === 3) {
+            rgbVals = [255].concat(rgbVals);
+        }
+
+        // TODO: Use `padStart(2, '0')` once SDK 24 is dropped.
+        const padRgb = (val) => {
+            const hex = val.toString(16);
+            return hex.length === 1 ? '0' + hex : hex;
+        };
+        const a = padRgb(rgbVals[0]);
+        const r = padRgb(rgbVals[1]);
+        const g = padRgb(rgbVals[2]);
+        const b = padRgb(rgbVals[3]);
+        const hexStr = '#' + a + r + g + b;
+
+        if (window.StatusBar) {
+            window.StatusBar.backgroundColorByHexString(hexStr);
+        } else {
+            exec(null, null, 'SystemBarPlugin', 'setStatusBarBackgroundColor', rgbVals);
+        }
+    }
+});
+
+module.exports = statusBar;
+
+});
+
 // file: src/common/pluginloader.js
 define("cordova/pluginloader", function(require, exports, module) {
 

libs/MobileSync/src/com/salesforce/androidsdk/mobilesync/app/MobileSyncSDKManager.java

@@ -52,6 +52,22 @@ public class MobileSyncSDKManager extends SmartStoreSDKManager {
 
     private static final String TAG = "MobileSyncSDKManager";
 
+    /**
+     * Protected constructor.
+     *
+     * @param context              Application context.
+     * @param mainActivity         Activity that should be launched after the login flow.
+     * @param loginActivity        Login activity.
+     * @param nativeLoginActivity  Native login activity.
+     * @param googleCloudProjectId Google Cloud project ID for app attestation (nullable).
+     */
+    protected MobileSyncSDKManager(Context context, Class<? extends Activity> mainActivity,
+                                   Class<? extends Activity> loginActivity,
+                                   Class<? extends Activity> nativeLoginActivity,
+                                   Long googleCloudProjectId) {
+        super(context, mainActivity, loginActivity, nativeLoginActivity, googleCloudProjectId);
+    }
+
     /**
      * Protected constructor.
      *
@@ -63,7 +79,7 @@ public class MobileSyncSDKManager extends SmartStoreSDKManager {
     protected MobileSyncSDKManager(Context context, Class<? extends Activity> mainActivity,
                                    Class<? extends Activity> loginActivity,
                                    Class<? extends Activity> nativeLoginActivity) {
-        super(context, mainActivity, loginActivity, nativeLoginActivity);
+        this(context, mainActivity, loginActivity, nativeLoginActivity, null);
     }
 
     private static void init(Context context, Class<? extends Activity> mainActivity,

libs/SalesforceHybrid/build.gradle.kts

@@ -14,10 +14,10 @@ plugins {
 
 dependencies {
     api(project(":libs:MobileSync"))
-    api("org.apache.cordova:framework:14.0.1") // TODO: This update should happen in a dedicated work effort. ECJ20260423
+    api("org.apache.cordova:framework:15.0.0")
     api("androidx.appcompat:appcompat:1.7.1")
     api("androidx.appcompat:appcompat-resources:1.7.1")
-    api("androidx.webkit:webkit:1.15.0")
+    api("androidx.webkit:webkit:1.16.0")
     api("androidx.core:core-splashscreen:1.2.0")
     implementation("androidx.core:core-ktx:1.18.0")
     androidTestImplementation("androidx.test:runner:1.7.0")

libs/SalesforceSDK/src/com/salesforce/androidsdk/accounts/UserAccount.java

@@ -26,6 +26,8 @@
  */
 package com.salesforce.androidsdk.accounts;
 
+import android.accounts.Account;
+import android.accounts.AccountManager;
 import android.app.DownloadManager;
 import android.content.Context;
 import android.content.pm.PackageManager;
@@ -372,6 +374,46 @@ public String getAuthToken() {
 	 * @return Refresh token.
 	 */
 	public String getRefreshToken() {
+		if (accountName != null) {
+			try {
+				final AccountManager accMrg = AccountManager.get(SalesforceSDKManager.getInstance().getAppContext());
+				final String accountType = SalesforceSDKManager.getInstance().getAccountType();
+				for (Account account : accMrg.getAccountsByType(accountType)) {
+					if (accountName.equals(account.name)) {
+						final String encryptedPassword = accMrg.getPassword(account);
+						if (encryptedPassword != null) {
+							final String newestRefreshToken = SalesforceSDKManager.decrypt(
+									encryptedPassword, SalesforceSDKManager.getEncryptionKey());
+							if (newestRefreshToken != null) {
+								return newestRefreshToken;
+							}
+						}
+						break;
+					}
+				}
+			} catch (Exception e) {
+				SalesforceSDKLogger.w(TAG,
+						"Failed to read latest refresh token from AccountManager; using in-memory value",
+						e);
+			}
+		}
+		return refreshToken;
+	}
+
+	/**
+	 * Returns the in-memory refresh token snapshot, without consulting
+	 * {@link AccountManager}.
+	 *
+	 * Intended for persistence call sites that are about to write a refresh
+	 * token to storage (account creation, update, token migration, duplicate
+	 * user reconciliation).  Using {@link #getRefreshToken()} at those sites
+	 * would read back the value currently persisted in {@link AccountManager}
+	 * — i.e. the value we are about to overwrite — instead of the value the
+	 * caller built this {@code UserAccount} with.
+	 *
+	 * @return The refresh token field as set at construction time.
+	 */
+	public String getRefreshTokenForPersistence() {
 		return refreshToken;
 	}
 
@@ -948,7 +990,7 @@ JSONObject toJson(List<String> additionalOauthKeys) {
 		JSONObject object = new JSONObject();
 		try {
 			object.put(AUTH_TOKEN, authToken);
-			object.put(REFRESH_TOKEN, refreshToken);
+			object.put(REFRESH_TOKEN, getRefreshToken());
 			object.put(LOGIN_SERVER, loginServer);
 			object.put(ID_URL, idUrl);
 			object.put(INSTANCE_SERVER, instanceServer);
@@ -1007,7 +1049,7 @@ public JSONObject toJson() {
 	Bundle toBundle(List<String> additionalOauthKeys) {
 		Bundle object = new Bundle();
 		object.putString(AUTH_TOKEN, authToken);
-		object.putString(REFRESH_TOKEN, refreshToken);
+		object.putString(REFRESH_TOKEN, getRefreshToken());
 		object.putString(LOGIN_SERVER, loginServer);
 		object.putString(ID_URL, idUrl);
 		object.putString(INSTANCE_SERVER, instanceServer);

libs/SalesforceSDK/src/com/salesforce/androidsdk/accounts/UserAccountManager.java

@@ -442,7 +442,7 @@ public Bundle createAccount(UserAccount userAccount) {
 		final Bundle extras = buildAuthBundle(userAccount);
 
 		Account acc = new Account(userAccount.getAccountName(), accountType);
-		String password = SalesforceSDKManager.encrypt(userAccount.getRefreshToken(), encryptionKey);
+		String password = SalesforceSDKManager.encrypt(userAccount.getRefreshTokenForPersistence(), encryptionKey);
 		boolean success = accountManager.addAccountExplicitly(acc, password, new Bundle());
 
 		// Add account will fail if the account already exists, so update refresh token.
@@ -488,6 +488,16 @@ public Bundle updateAccount(Account account, UserAccount userAccount) {
 			accountManager.setUserData(account, key, extras.getString(key));
 		}
 
+		// The refresh token is stored as the Account's password (see createAccount), not as user data,
+		// so buildAuthBundle does not include it.  Persist it explicitly here so that server-side
+		// Use the in-memory snapshot rather than getRefreshToken(), which now performs a live lookup
+		// against AccountManager and would return the updated value we may be about to write.
+		final String refreshToken = userAccount.getRefreshTokenForPersistence();
+		if (refreshToken != null) {
+			final String encryptionKey = SalesforceSDKManager.getEncryptionKey();
+			accountManager.setPassword(account, SalesforceSDKManager.encrypt(refreshToken, encryptionKey));
+		}
+
 		return extras;
 	}