Decode extracted gpcallback

2025-04-02 18:31:50 -04:00 · 2024-04-05 18:01:09 +08:00 · 2024-04-05 18:01:09 +08:00 · 8446874290
commit 8446874290
parent c347f97b95
4 changed files with 36 additions and 9 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -1469,6 +1469,7 @@ dependencies = [
 "compile-time",
 "env_logger",
 "gpapi",
+ "html-escape",
 "log",
 "regex",
 "serde_json",
@ -1673,6 +1674,15 @@ version = "0.4.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70"

+[[package]]
+name = "html-escape"
+version = "0.2.13"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6d1ad449764d627e22bfd7cd5e8868264fc9236e07c752972b4080cd351cb476"
+dependencies = [
+ "utf8-width",
+]
+
 [[package]]
 name = "html5ever"
 version = "0.26.0"
@ -4484,6 +4494,12 @@ version = "0.7.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "09cc8ee72d2a9becf2f2febe0205bbed8fc6615b7cb429ad062dc7b7ddd036a9"

+[[package]]
+name = "utf8-width"
+version = "0.1.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "86bd8d4e895da8537e5315b8254664e6b769c4ff3db18321b297a1e7004392e3"
+
 [[package]]
 name = "utf8parse"
 version = "0.2.1"
--- a/apps/gpauth/Cargo.toml
+++ b/apps/gpauth/Cargo.toml
@ -18,6 +18,7 @@ serde_json.workspace = true
 tokio.workspace = true
 tokio-util.workspace = true
 tempfile.workspace = true
+html-escape = "0.2.13"
 webkit2gtk = "0.18.2"
 tauri = { workspace = true, features = ["http-all"] }
 compile-time.workspace = true
--- a/apps/gpauth/src/auth_window.rs
+++ b/apps/gpauth/src/auth_window.rs
@ -366,26 +366,24 @@ fn read_auth_data_from_html(html: &str) -> Result<SamlAuthData, AuthDataParseErr
    return Err(AuthDataParseError::Invalid);
  }

-  let auth_data = match SamlAuthData::from_html(html) {
+  match SamlAuthData::from_html(html) {
    Ok(auth_data) => Ok(auth_data),
    Err(err) => {
      if let Some(gpcallback) = extract_gpcallback(html) {
        info!("Found gpcallback from html...");
-        SamlAuthData::from_gpcallback(gpcallback)
+        SamlAuthData::from_gpcallback(&gpcallback)
      } else {
        Err(err)
      }
    }
-  };
-
-  auth_data
+  }
 }

-fn extract_gpcallback(html: &str) -> Option<&str> {
+fn extract_gpcallback(html: &str) -> Option<String> {
  let re = Regex::new(r#"globalprotectcallback:[^"]+"#).unwrap();
  re.captures(html)
    .and_then(|captures| captures.get(0))
-    .map(|m| m.as_str())
+    .map(|m| html_escape::decode_html_entities(m.as_str()).to_string())
 }

 fn read_auth_data(main_resource: &WebResource, auth_result_tx: mpsc::UnboundedSender<AuthResult>) {
@ -500,11 +498,23 @@ mod tests {
    "#;

    assert_eq!(
-      extract_gpcallback(html),
+      extract_gpcallback(html).as_deref(),
      Some("globalprotectcallback:PGh0bWw+PCEtLSA8c")
    );
  }

+  #[test]
+  fn extract_gpcallback_cas() {
+    let html = r#"
+      <meta http-equiv="refresh" content="0; URL=globalprotectcallback:cas-as=1&amp;un=xyz@email.com&amp;token=very_long_string">
+    "#;
+
+    assert_eq!(
+      extract_gpcallback(html).as_deref(),
+      Some("globalprotectcallback:cas-as=1&un=xyz@email.com&token=very_long_string")
+    );
+  }
+
  #[test]
  fn extract_gpcallback_none() {
    let html = r#"
--- a/crates/gpapi/src/auth.rs
+++ b/crates/gpapi/src/auth.rs
@ -66,7 +66,7 @@ impl SamlAuthData {
    let auth_data = data.trim_start_matches("globalprotectcallback:");

    if auth_data.starts_with("cas-as") {
-      info!("Got token auth data: {}", auth_data);
+      info!("Got CAS auth data from globalprotectcallback");

      let auth_data: SamlAuthData = serde_urlencoded::from_str(auth_data).map_err(|e| {
        warn!("Failed to parse token auth data: {}", e);