182 lines
5.9 KiB
Python
182 lines
5.9 KiB
Python
import requests
|
|
import urllib.parse
|
|
import re
|
|
import html
|
|
|
|
AUTH_BASE_URL = "https://auth.anny.eu"
|
|
DEFAULT_HEADERS = {
|
|
"user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:140.0) Gecko/20100101 Firefox/140.0",
|
|
"accept": "application/vnd.api+json",
|
|
"accept-encoding": "plain",
|
|
}
|
|
|
|
|
|
def extract_html_value(text, pattern):
|
|
match = re.search(pattern, text)
|
|
return match.group(1) if match else None
|
|
|
|
|
|
def debug_sso():
|
|
session = requests.Session()
|
|
# 1. Init Headers like AnnySession
|
|
session.headers.update(
|
|
{
|
|
**DEFAULT_HEADERS,
|
|
"accept": "text/html, application/xhtml+xml",
|
|
"referer": AUTH_BASE_URL + "/",
|
|
"origin": AUTH_BASE_URL,
|
|
}
|
|
)
|
|
|
|
print("--- 1. Initial Access ---")
|
|
r1 = session.get(f"{AUTH_BASE_URL}/login/sso")
|
|
|
|
session.headers["X-XSRF-TOKEN"] = urllib.parse.unquote(r1.cookies["XSRF-TOKEN"])
|
|
|
|
page_data_match = re.search(r'data-page="(.*?)"', r1.text)
|
|
if not page_data_match:
|
|
print("Could not find data-page")
|
|
return
|
|
|
|
page_data = page_data_match.group(1).replace(""", '"')
|
|
version = re.search(r'"version"\s*:\s*"([a-f0-9]{32})"', page_data)
|
|
x_inertia_version = (
|
|
version.group(1) if version else "66b32acea13402d3aef4488ccd239c93"
|
|
)
|
|
|
|
session.headers.update(
|
|
{
|
|
"x-requested-with": "XMLHttpRequest",
|
|
"x-inertia": "true",
|
|
"x-inertia-version": x_inertia_version,
|
|
}
|
|
)
|
|
|
|
print("\n--- 2. SSO Request (TUM) ---")
|
|
r2 = session.post(f"{AUTH_BASE_URL}/login/sso", json={"domain": "tum.de"})
|
|
|
|
if "x-inertia-location" not in r2.headers:
|
|
print("No x-inertia-location header found")
|
|
print(r2.text[:500])
|
|
return
|
|
|
|
redirect_url = r2.headers["x-inertia-location"]
|
|
print(f"Redirect URL: {redirect_url}")
|
|
|
|
print("\n--- 3. Following Redirect (Simulating Provider Handoff) ---")
|
|
headers_to_remove = ["x-requested-with", "x-inertia", "x-inertia-version"]
|
|
for h in headers_to_remove:
|
|
session.headers.pop(h, None)
|
|
print("Cleaned Anny-specific headers.")
|
|
|
|
current_url = redirect_url
|
|
|
|
# Loop to handle intermediate pages (e.g. cookie check)
|
|
for step in range(1, 6):
|
|
print(f"\n--- Step {step}: GET {current_url} ---")
|
|
if step == 1:
|
|
resp = session.get(current_url)
|
|
else:
|
|
# We are posting from previous step
|
|
pass
|
|
# Logic handled inside loop
|
|
|
|
# We need to render the response from the previous action.
|
|
# But wait, the loop structure is easier if we just do "process page".
|
|
pass
|
|
|
|
# Re-writing loop logic for clarity
|
|
resp = session.get(redirect_url)
|
|
|
|
for step in range(1, 6):
|
|
print(f"\n--- Step {step}: Processing Page {resp.url} ---")
|
|
|
|
# Check for login fields
|
|
if "j_username" in resp.text:
|
|
print("FOUND: j_username field. This is the LOGIN PAGE.")
|
|
break
|
|
|
|
# Check for error
|
|
if "Cookies" in resp.text and "disabled" in resp.text:
|
|
print("ERROR: Page says Cookies disabled.")
|
|
|
|
# Extract form action
|
|
action_url = extract_html_value(resp.text, r'form[^>]*action="([^"]+)"')
|
|
if not action_url:
|
|
print("No form action found. End of flow?")
|
|
print(resp.text[:500])
|
|
break
|
|
|
|
if action_url.startswith("/"):
|
|
parsed = urllib.parse.urlparse(resp.url)
|
|
base = f"{parsed.scheme}://{parsed.netloc}"
|
|
action_url = base + action_url
|
|
|
|
print(f"Form Action: {action_url}")
|
|
|
|
# Extract inputs
|
|
inputs = re.findall(r'<input[^>]*name="([^"]+)"[^>]*value="([^"]*)"', resp.text)
|
|
data = {name: val for name, val in inputs}
|
|
print(f"Hidden inputs: {list(data.keys())}")
|
|
|
|
# If it's the cookie check page, there might be specific JS that auto-submits.
|
|
# usually just posting the form works.
|
|
|
|
if "shib_idp_ls_success.shib_idp_session_ss" in data:
|
|
print("Detected Shibboleth LocalStorage check.")
|
|
|
|
# Submit to move to next page
|
|
print("Submitting form to proceed...")
|
|
# Ensure csrf if not in inputs
|
|
if "csrf_token" not in data:
|
|
csrf = extract_html_value(resp.text, r'name="csrf_token" value="([^"]+)"')
|
|
if csrf:
|
|
data["csrf_token"] = csrf
|
|
|
|
# Add basic things that might be needed
|
|
data["_eventId_proceed"] = ""
|
|
|
|
resp = session.post(action_url, data=data)
|
|
|
|
else:
|
|
print("Max steps reached without finding login page.")
|
|
return
|
|
|
|
# If we broke headers, we are at login page.
|
|
print("\n--- Attempting Login on Final Page ---")
|
|
action_url = extract_html_value(resp.text, r'form[^>]*action="([^"]+)"')
|
|
if action_url:
|
|
if action_url.startswith("/"):
|
|
parsed = urllib.parse.urlparse(resp.url)
|
|
base = f"{parsed.scheme}://{parsed.netloc}"
|
|
action_url = base + action_url
|
|
|
|
inputs = re.findall(r'<input[^>]*name="([^"]+)"[^>]*value="([^"]*)"', resp.text)
|
|
data = {name: val for name, val in inputs}
|
|
|
|
data["j_username"] = "dummy_user"
|
|
data["j_password"] = "dummy_pass"
|
|
data["_eventId_proceed"] = ""
|
|
data["donotcache"] = "1"
|
|
|
|
if "csrf_token" not in data:
|
|
csrf = extract_html_value(resp.text, r'name="csrf_token" value="([^"]+)"')
|
|
if csrf:
|
|
data["csrf_token"] = csrf
|
|
|
|
print(f"Posting creds to {action_url}")
|
|
r4 = session.post(action_url, data=data)
|
|
print(f"Result Code: {r4.status_code}")
|
|
unescaped = html.unescape(r4.text)
|
|
if (
|
|
"Identifizierung gescheitert" in unescaped
|
|
or "Authentication failed" in unescaped
|
|
):
|
|
print("SUCCESS: Got expected 'Authentication failed' message.")
|
|
else:
|
|
print("Result unknown.")
|
|
print(unescaped[:500])
|
|
|
|
|
|
if __name__ == "__main__":
|
|
debug_sso()
|