Update Public 5.2.1 (#262)

joshdoman · web-flow · commit fe4a45ae5642 · 2019-11-17T22:13:29.000-05:00
Fixes for new Penn Auth system (#260)
diff --git a/PennMobile.xcodeproj/project.pbxproj b/PennMobile.xcodeproj/project.pbxproj
@@ -1949,14 +1949,14 @@
 				CODE_SIGN_ENTITLEMENTS = PennMobile/PennMobile.entitlements;
 				CODE_SIGN_IDENTITY = "iPhone Developer";
 				CODE_SIGN_STYLE = Automatic;
-				CURRENT_PROJECT_VERSION = 5211;
+				CURRENT_PROJECT_VERSION = 5220;
 				DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
 				DEVELOPMENT_TEAM = VU59R57FGM;
 				GCC_PREFIX_HEADER = PennMobile/Supporting_Files/PrefixHeader.pch;
 				INFOPLIST_FILE = PennMobile/Supporting_Files/Info.plist;
 				IPHONEOS_DEPLOYMENT_TARGET = 11.0;
 				LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/Frameworks";
-				MARKETING_VERSION = 5.2.1;
+				MARKETING_VERSION = 5.2.2;
 				PRODUCT_BUNDLE_IDENTIFIER = org.pennlabs.PennMobile;
 				PRODUCT_NAME = "$(TARGET_NAME)";
 				PROVISIONING_PROFILE = "";
@@ -1977,13 +1977,13 @@
 				CODE_SIGN_ENTITLEMENTS = PennMobile/PennMobile.entitlements;
 				CODE_SIGN_IDENTITY = "iPhone Developer";
 				CODE_SIGN_STYLE = Automatic;
-				CURRENT_PROJECT_VERSION = 5211;
+				CURRENT_PROJECT_VERSION = 5220;
 				DEVELOPMENT_TEAM = VU59R57FGM;
 				GCC_PREFIX_HEADER = PennMobile/Supporting_Files/PrefixHeader.pch;
 				INFOPLIST_FILE = PennMobile/Supporting_Files/Info.plist;
 				IPHONEOS_DEPLOYMENT_TARGET = 11.0;
 				LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/Frameworks";
-				MARKETING_VERSION = 5.2.1;
+				MARKETING_VERSION = 5.2.2;
 				PRODUCT_BUNDLE_IDENTIFIER = org.pennlabs.PennMobile;
 				PRODUCT_NAME = "$(TARGET_NAME)";
 				PROVISIONING_PROFILE = "";
diff --git a/PennMobile/General/PennAuthRequestable.swift b/PennMobile/General/PennAuthRequestable.swift
@@ -12,12 +12,12 @@ protocol PennAuthRequestable {}
 
 extension PennAuthRequestable {
     
-    private var loginUrl: String {
-        return "https://weblogin.pennkey.upenn.edu/login"
+    private var baseUrl: String {
+        return "https://weblogin.pennkey.upenn.edu"
     }
     
     private var authUrl: String {
-        return "https://idp.pennkey.upenn.edu/idp/Authn"
+        return "https://weblogin.pennkey.upenn.edu/idp/profile"
     }
     
     func makeAuthRequest(targetUrl: String, shibbolethUrl: String, _ completionHandler: @escaping (Data?, URLResponse?, Error?) -> Void) {
@@ -51,20 +51,12 @@ extension PennAuthRequestable {
     }
     
     private func makeRequestWithAuth(targetUrl: String, shibbolethUrl: String, html: String, _ completionHandler: @escaping (Data?, URLResponse?, Error?) -> Void) {
-        guard let passcode = html.getMatches(for: "name=\"passcode\" value=\"(.*?)\"").first,
-                let required = html.getMatches(for: "name=\"required\" value=\"(.*?)\"").first,
-                let appfactor = html.getMatches(for: "name=\"appfactor\" value=\"(.*?)\"").first,
-                let ref = html.getMatches(for: "name=\"ref\" value=\"(.*?)\"").first,
-                let service = html.getMatches(for: "name=\"service\" value=\"(.*?)\"").first else {
-                UserDefaults.standard.setShibbolethAuth(authedIn: false)
-                completionHandler(nil, nil, NetworkingError.authenticationError)
-                return
+        guard let actionUrl = html.getMatches(for: "form action=\"(.*?)\" method=\"POST\" id=\"login-form\"").first else {
+            UserDefaults.standard.setShibbolethAuth(authedIn: false)
+            completionHandler(nil, nil, NetworkingError.authenticationError)
+            return
         }
         
-        // Check if have two factor trusted browser cookie (may have expired)
-//        let cookies = HTTPCookieStorage.shared.cookies ?? []
-        let isTwoFactorTrusted = true //!cookies.filter { $0.name == "twoFactorTrustedBrowser" }.isEmpty
-        
         let genericPwdQueryable =
             GenericPasswordQueryable(service: "PennWebLogin")
         let secureStore =
@@ -84,30 +76,22 @@ extension PennAuthRequestable {
             pennkey = nil
         }
         
-        guard pennkey != nil && password != nil && isTwoFactorTrusted else {
+        guard pennkey != nil && password != nil else {
             UserDefaults.standard.setShibbolethAuth(authedIn: false)
             completionHandler(nil, nil, NetworkingError.authenticationError)
             return
         }
         
-        let url = URL(string: loginUrl)!
+        let url = URL(string: baseUrl + actionUrl)!
         var request = URLRequest(url: url)
         request.httpMethod = "POST"
         
-        var params: [String: String] = [
-            "password": password,
-            "submit1": "Log in",
-            "passcode": passcode,
-            "required": required,
-            "appfactor": appfactor,
-            "ref": ref,
-            "service": service,
-            "login": pennkey,
+        let params: [String: String] = [
+            "j_username": pennkey,
+            "j_password": password,
+            "_eventId_proceed": "",
         ]
         
-        if let reauth = html.getMatches(for: "name=\"reauth\" value=\"(.*?)\"").first {
-            params["reauth"] = reauth
-        }
         request.setValue("application/x-www-form-urlencoded", forHTTPHeaderField: "Content-Type")
         let characterSet = CharacterSet(charactersIn: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789")
         let parameterArray = params.map { key, value -> String in
@@ -133,7 +117,6 @@ extension PennAuthRequestable {
     private func makeRequestWithShibboleth(targetUrl: String, shibbolethUrl: String, html: String, _ completionHandler: @escaping (Data?, URLResponse?, Error?) -> Void) {
         guard let samlResponse = html.getMatches(for: "<input type=\"hidden\" name=\"SAMLResponse\" value=\"(.*?)\"/>").first,
             let relayState = html.getMatches(for: "<input type=\"hidden\" name=\"RelayState\" value=\"(.*?)\"/>").first?.replacingOccurrences(of: "&#x3a;", with: ":") else {
-                HTTPCookieStorage.shared.removeCookies(since: Date(timeIntervalSince1970: 0))
                 UserDefaults.standard.setShibbolethAuth(authedIn: false)
                 completionHandler(nil, nil, NetworkingError.authenticationError)
                 return
diff --git a/PennMobile/General/PennLoginController.swift b/PennMobile/General/PennLoginController.swift
@@ -104,13 +104,15 @@ class PennLoginController: UIViewController, WKUIDelegate, WKNavigationDelegate
                 // Webview has redirected to desired site.
                 self.handleSuccessfulNavigation(webView, decisionHandler: decisionHandler)
             } else {
-                if url.absoluteString == self.loginURL {
-                    webView.evaluateJavaScript("document.getElementById('pennkey').value;") { (result, error) in
+                if url.absoluteString.contains("password") {
+                    webView.evaluateJavaScript("document.getElementById('pennname').value;") { (result, error) in
                         if let pennkey = result as? String {
                             webView.evaluateJavaScript("document.getElementById('password').value;") { (result, error) in
                                 if let password = result as? String {
-                                    self.pennkey = pennkey
-                                    self.password = password
+                                    if(!pennkey.isEmpty && !password.isEmpty) {
+                                        self.pennkey = pennkey
+                                        self.password = password
+                                    }
                                 }
                                 decisionHandler(.allow)
                             }
@@ -144,29 +146,30 @@ class PennLoginController: UIViewController, WKUIDelegate, WKNavigationDelegate
         guard let url = webView.url else {
             return
         }
-        
-        if url.absoluteString == loginURL {
+
+        if url.absoluteString.contains("twostep") {
             guard let pennkey = pennkey, let password = password else { return }
             try? secureStore.setValue(pennkey, for: "PennKey")
             try? secureStore.setValue(password, for: "PennKey Password")
-            trustDevice()
-            return
-        } else if url.absoluteString.contains(loginURL) {
+        } else {
             self.autofillCredentials()
+            self.trustDevice()
         }
     }
     
     func autofillCredentials() {
         guard let pennkey = pennkey else { return }
-        webView.evaluateJavaScript("document.getElementById('pennkey').value = '\(pennkey)'") { (_,_) in
+        webView.evaluateJavaScript("document.getElementById('pennname').value = '\(pennkey)'") { (_,_) in
         }
         guard let password = password else { return }
         webView.evaluateJavaScript("document.getElementById('password').value = '\(password)'") { (_,_) in
         }
     }
     
     func trustDevice() {
-        webView.evaluateJavaScript("document.getElementById('trustUA').value = 'true'") { (_, _) in
+        webView.evaluateJavaScript("document.getElementById('trustUA').value = 'true'") { (res, err) in
+            self.webView.evaluateJavaScript("document.documentElement.outerHTML.toString()") { (html, error) in
+            }
         }
     }
     

Original file line number	Diff line number	Diff line change
`@@ -104,13 +104,15 @@ class PennLoginController: UIViewController, WKUIDelegate, WKNavigationDelegate`
`104`	`104`	`// Webview has redirected to desired site.`
`105`	`105`	`self.handleSuccessfulNavigation(webView, decisionHandler: decisionHandler)`
`106`	`106`	`} else {`
`107`		`- if url.absoluteString == self.loginURL {`
`108`		`- webView.evaluateJavaScript("document.getElementById('pennkey').value;") { (result, error) in`
	`107`	`+ if url.absoluteString.contains("password") {`
	`108`	`+ webView.evaluateJavaScript("document.getElementById('pennname').value;") { (result, error) in`
`109`	`109`	`if let pennkey = result as? String {`
`110`	`110`	`webView.evaluateJavaScript("document.getElementById('password').value;") { (result, error) in`
`111`	`111`	`if let password = result as? String {`
`112`		`- self.pennkey = pennkey`
`113`		`- self.password = password`
	`112`	`+ if(!pennkey.isEmpty && !password.isEmpty) {`
	`113`	`+ self.pennkey = pennkey`
	`114`	`+ self.password = password`
	`115`	`+ }`
`114`	`116`	`}`
`115`	`117`	`decisionHandler(.allow)`
`116`	`118`	`}`
`@@ -144,29 +146,30 @@ class PennLoginController: UIViewController, WKUIDelegate, WKNavigationDelegate`
`144`	`146`	`guard let url = webView.url else {`
`145`	`147`	`return`
`146`	`148`	`}`
`147`		`-`
`148`		`- if url.absoluteString == loginURL {`
	`149`	`+`
	`150`	`+ if url.absoluteString.contains("twostep") {`
`149`	`151`	`guard let pennkey = pennkey, let password = password else { return }`
`150`	`152`	`try? secureStore.setValue(pennkey, for: "PennKey")`
`151`	`153`	`try? secureStore.setValue(password, for: "PennKey Password")`
`152`		`- trustDevice()`
`153`		`- return`
`154`		`- } else if url.absoluteString.contains(loginURL) {`
	`154`	`+ } else {`
`155`	`155`	`self.autofillCredentials()`
	`156`	`+ self.trustDevice()`
`156`	`157`	`}`
`157`	`158`	`}`
`158`	`159`
`159`	`160`	`func autofillCredentials() {`
`160`	`161`	`guard let pennkey = pennkey else { return }`
`161`		`- webView.evaluateJavaScript("document.getElementById('pennkey').value = '\(pennkey)'") { (_,_) in`
	`162`	`+ webView.evaluateJavaScript("document.getElementById('pennname').value = '\(pennkey)'") { (_,_) in`
`162`	`163`	`}`
`163`	`164`	`guard let password = password else { return }`
`164`	`165`	`webView.evaluateJavaScript("document.getElementById('password').value = '\(password)'") { (_,_) in`
`165`	`166`	`}`
`166`	`167`	`}`
`167`	`168`
`168`	`169`	`func trustDevice() {`
`169`		`- webView.evaluateJavaScript("document.getElementById('trustUA').value = 'true'") { (_, _) in`
	`170`	`+ webView.evaluateJavaScript("document.getElementById('trustUA').value = 'true'") { (res, err) in`
	`171`	`+ self.webView.evaluateJavaScript("document.documentElement.outerHTML.toString()") { (html, error) in`
	`172`	`+ }`
`170`	`173`	`}`
`171`	`174`	`}`
`172`	`175`