lol

auth/providers/tum.py

@@ -0,0 +1,79 @@
+import html,sys
+from auth.providers.base import SSOProvider
+from utils.helpers import extract_html_value
+
+
+class TUMProvider(SSOProvider):
+    """SSO provider for Karlsruhe Institute of Technology (KIT)."""
+
+    name = "TUM"
+    domain = "tum.de"
+
+    def authenticate(self) -> str:
+        # Implement SAML authentication flow
+        # Use self.session, self.redirect_response, self.username, self.password
+        # Return HTML containing SAMLResponse
+
+        # to get this done on tum we have to:
+        # 1. do one post to e1s1
+        # 2. do post to e1s2 with login data
+        # ->
+        self.session.headers.pop('x-requested-with', None)
+        self.session.headers.pop('x-inertia', None)
+        self.session.headers.pop('x-inertia-version', None)
+
+        csrf_token1 = extract_html_value(
+            self.redirect_response.text,
+            r'name="csrf_token" value="([^"]+)"'
+        )
+
+        response1 = self.session.post(
+            # 'https://idp.scc.kit.edu/idp/profile/SAML2/Redirect/SSO?execution=e1s1',
+            'https://login.tum.de/idp/profile/SAML2/Redirect/SSO?execution=e1s1',
+            data={
+                'csrf_token': csrf_token1,
+                'shib_idp_ls_exception.shib_idp_session_ss': '',
+                'shib_idp_ls_success.shib_idp_session_ss': 'true',
+                'shib_idp_ls_value.shib_idp_session_ss': '',
+                'shib_idp_ls_exception.shib_idp_persistent_ss': '',
+                'shib_idp_ls_success.shib_idp_persistent_ss': 'true',
+                'shib_idp_ls_value.shib_idp_persistent_ss': '',
+                'shib_idp_ls_supported': 'true',
+                '_eventId_proceed': '',
+            }
+        )
+
+        # print(response1.text)
+        csrf_token2 = extract_html_value(
+            response1.text,
+            r'name="csrf_token" value="([^"]+)"'
+        )
+
+        response2 = self.session.post(
+            'https://login.tum.de/idp/profile/SAML2/Redirect/SSO?execution=e1s2',
+            data={
+                'csrf_token': csrf_token2,
+                'j_username': self.username,
+                'j_password': self.password,
+                'donotcache': '1',
+                '_eventId_proceed': '',
+            }
+        )
+
+        # print(response2.text)
+        saml_response = extract_html_value(
+            response2.text,
+            r'name="SAMLResponse" value="([^"]+)"'
+        )
+
+        if len(saml_response)<3:
+            raise ValueError("TUM auth no work:(")
+        else:
+            print("nice we got saml response starting with: "+saml_response[0:49])
+        return response2.text
+        # print(saml_response)
+        # sys.exit()
+        # if "/consume" not in html.unescape(response.text):
+        #     raise ValueError("TUM authentication failed - invalid credentials or SSO error")
+
+        # return response.text