Release 1.4.7

GPClient/gpclient.cpp

@@ -153,7 +153,7 @@ void GPClient::populateGatewayMenu()
         if (g.name() == currentGatewayName) {
             iconImage = ":/images/radio_selected.png";
         }
-        gatewaySwitchMenu->addAction(QIcon(iconImage), g.name())->setData(i);
+        gatewaySwitchMenu->addAction(QIcon(iconImage), QString("%1 (%2)").arg(g.name(), g.address()))->setData(i);
     }
 }
 
@@ -307,7 +307,7 @@ void GPClient::onPortalSuccess(const PortalConfigResponse portalConfig, const QS
 {
     PLOGI << "Portal authentication succeeded.";
 
-    // No gateway found in protal configuration
+    // No gateway found in portal configuration
     if (portalConfig.allGateways().size() == 0) {
         PLOGI << "No gateway found in portal configuration, treat the portal address as a gateway.";
         tryGatewayLogin();

GPClient/gphelper.cpp

@@ -33,7 +33,7 @@ QNetworkReply* gpclient::helper::createRequest(QString url, QByteArray params)
 
 GPGateway gpclient::helper::filterPreferredGateway(QList<GPGateway> gateways, const QString ruleName)
 {
-    PLOGI << gateways.size() << " gateway(s) avaiable, filter the gateways with rule: " << ruleName;
+    PLOGI << gateways.size() << " gateway(s) available, filter the gateways with rule: " << ruleName;
 
     GPGateway gateway = gateways.first();
 

GPClient/main.cpp

@@ -23,8 +23,8 @@ int main(int argc, char *argv[])
 
     PLOGI << "GlobalProtect started, version: " << VERSION;
 
-    QString port = QString::fromLocal8Bit(qgetenv(ENV_CDP_PORT));
-    QString hidpiSupport = QString::fromLocal8Bit(qgetenv(QT_AUTO_SCREEN_SCALE_FACTOR));
+    auto port = QString::fromLocal8Bit(qgetenv(ENV_CDP_PORT));
+    auto hidpiSupport = QString::fromLocal8Bit(qgetenv(QT_AUTO_SCREEN_SCALE_FACTOR));
 
     if (port.isEmpty()) {
         qputenv(ENV_CDP_PORT, "12315");
@@ -49,9 +49,9 @@ int main(int argc, char *argv[])
     });
     parser.process(app);
 
-    const QStringList positional = parser.positionalArguments();
+    const auto positional = parser.positionalArguments();
 
-    IVpn *vpn = parser.isSet("json") // yes it leaks, but this is cleared on exit anyway
+    auto *vpn = parser.isSet("json") // yes it leaks, but this is cleared on exit anyway
       ? static_cast<IVpn*>(new VpnJson(nullptr)) // Print to stdout and exit
       : static_cast<IVpn*>(new VpnDbus(nullptr)); // Contact GPService daemon via dbus
     GPClient w(nullptr, vpn);

GPClient/portalauthenticator.cpp

@@ -122,9 +122,18 @@ void PortalAuthenticator::samlAuth()
 
     SAMLLoginWindow *loginWindow = new SAMLLoginWindow;
 
-    connect(loginWindow, &SAMLLoginWindow::success, this, &PortalAuthenticator::onSAMLLoginSuccess);
-    connect(loginWindow, &SAMLLoginWindow::fail, this, &PortalAuthenticator::onSAMLLoginFail);
-    connect(loginWindow, &SAMLLoginWindow::rejected, this, &PortalAuthenticator::onLoginWindowRejected);
+    connect(loginWindow, &SAMLLoginWindow::success, [this, loginWindow](const QMap<QString, QString> samlResult) {
+        onSAMLLoginSuccess(samlResult);
+        loginWindow->deleteLater();
+    });
+    connect(loginWindow, &SAMLLoginWindow::fail, [this, loginWindow](const QString msg) {
+        onSAMLLoginFail(msg);
+        loginWindow->deleteLater();
+    });
+    connect(loginWindow, &SAMLLoginWindow::rejected, [this, loginWindow]() {
+        onLoginWindowRejected();
+        loginWindow->deleteLater();
+    });
 
     loginWindow->login(preloginResponse.samlMethod(), preloginResponse.samlRequest(), preloginUrl);
 }

GPClient/portalconfigresponse.cpp

@@ -93,15 +93,17 @@ void PortalConfigResponse::parseGateway(QXmlStreamReader &reader, GPGateway &gat
 
     auto finished = false;
     while (!finished) {
-        if (reader.name() == "entry") {
+        if (reader.name() == "entry" && reader.isStartElement()) {
             auto address = reader.attributes().value("name").toString();
             gateway.setAddress(address);
-        } else if (reader.name() == "description") { // gateway name
+        } else if (reader.name() == "description" && reader.isStartElement()) { // gateway name
             gateway.setName(reader.readElementText());
-        } else if (reader.name() == "priority-rule") { // priority rules
+        } else if (reader.name() == "priority-rule" && reader.isStartElement()) { // priority rules
             parsePriorityRule(reader, gateway);
         }
-        finished = !reader.readNextStartElement();
+
+        auto result = reader.readNext();
+        finished = result == QXmlStreamReader::Invalid || (reader.name() == "entry" && reader.isEndElement());
     }
 }
 
@@ -113,16 +115,19 @@ void PortalConfigResponse::parsePriorityRule(QXmlStreamReader &reader, GPGateway
 
     while (!finished) {
         // Parse the priority-rule -> entry
-        if (reader.name() == "entry") {
+        if (reader.name() == "entry" && reader.isStartElement()) {
             auto ruleName = reader.attributes().value("name").toString();
             // move to the priority value
-            while (reader.name() != "priority") {
-                reader.readNextStartElement();
+            while (reader.readNextStartElement()) {
+                if (reader.name() == "priority") {
+                    auto priority = reader.readElementText().toInt();
+                    priorityRules.insert(ruleName, priority);
+                    break;
+                }
             }
-            auto priority = reader.readElementText().toInt();
-            priorityRules.insert(ruleName, priority);
         }
-        finished = !reader.readNextStartElement();
+        auto result = reader.readNext();
+        finished = result == QXmlStreamReader::Invalid || (reader.name() == "priority-rule" && reader.isEndElement());
     }
 
     gateway.setPriorityRules(priorityRules);

GPClient/samlloginwindow.cpp

@@ -58,12 +58,17 @@ void SAMLLoginWindow::onResponseReceived(QJsonObject params)
     QJsonObject response = params.value("response").toObject();
     QJsonObject headers = response.value("headers").toObject();
 
+    LOGI << "Trying to receive from " << response.value("url").toString();
+
     const QString username = headers.value("saml-username").toString();
     const QString preloginCookie = headers.value("prelogin-cookie").toString();
     const QString userAuthCookie = headers.value("portal-userauthcookie").toString();
 
-    LOGI << "Response received from " << response.value("url").toString();
+    this->checkSamlResult(username, preloginCookie, userAuthCookie);
+}
 
+void SAMLLoginWindow::checkSamlResult(QString username, QString preloginCookie, QString userAuthCookie)
+{
     if (!username.isEmpty()) {
         LOGI << "Got username from SAML response headers " << username;
         samlResult.insert("username", username);
@@ -90,11 +95,38 @@ void SAMLLoginWindow::onResponseReceived(QJsonObject params)
         emit success(samlResult);
         accept();
     } else {
-        this->show();
+        show();
     }
 }
 
 void SAMLLoginWindow::onLoadFinished()
 {
-     LOGI << "Load finished " << this->webView->page()->url().toString();
+     LOGI << "Load finished " << webView->page()->url().toString();
+     webView->page()->toHtml([this] (const QString &html) { this->handleHtml(html); });
+}
+
+void SAMLLoginWindow::handleHtml(const QString &html)
+{
+    // try to check the html body and extract from there
+    const QRegularExpression regex("<saml-auth-status>(.*)</saml-auth-status>");
+    const QRegularExpressionMatch match = regex.match(html);
+    const QString samlAuthStatusOnBody = match.captured(1);
+
+    if (samlAuthStatusOnBody == "1") {
+        const QRegularExpression preloginCookieRegex("<prelogin-cookie>(.*)</prelogin-cookie>");
+        const QRegularExpressionMatch preloginCookieMatch = preloginCookieRegex.match(html);
+        const QString preloginCookie = preloginCookieMatch.captured(1);
+
+        const QRegularExpression usernameRegex("<saml-username>(.*)</saml-username>");
+        const QRegularExpressionMatch usernameMatch = usernameRegex.match(html);
+        const QString username = usernameMatch.captured(1);
+
+        const QRegularExpression userAuthCookieRegex("<portal-userauthcookie>(.*)</portal-userauthcookie>");
+        const QRegularExpressionMatch userAuthCookieMatch = userAuthCookieRegex.match(html);
+        const QString userAuthCookie = userAuthCookieMatch.captured(1);
+
+        checkSamlResult(username, preloginCookie, userAuthCookie);
+    } else {
+        show();
+    }
 }

GPClient/samlloginwindow.h

@@ -24,12 +24,14 @@ signals:
 private slots:
     void onResponseReceived(QJsonObject params);
     void onLoadFinished();
+    void checkSamlResult(QString username, QString preloginCookie, QString userAuthCookie);
 
 private:
     EnhancedWebView *webView;
     QMap<QString, QString> samlResult;
 
     void closeEvent(QCloseEvent *event);
+    void handleHtml(const QString &html);
 };
 
 #endif // SAMLLOGINWINDOW_H

README.md

@@ -176,15 +176,6 @@ Install the [AppIndicator and KStatusNotifierItem Support](https://extensions.gn
 <p>
 
 
-
-## Future plan
-
-- [x] Improve the release process
-- [ ] Process bugs and feature requests
-- [ ] Support for bypassing the `gpclient` parameters
-- [ ] Support the CLI mode
-
-
 ## Troubleshooting
 
 Run `gpclient` in the Terminal and collect the logs.

VERSION

@@ -1 +1 @@
-1.4.5
+1.4.7

debian/changelog

@@ -1,3 +1,22 @@
+globalprotect-openconnect (1.4.7-1) unstable; urgency=medium
+
+  * Updated VERSION, Bumped 1.4.6 –> 1.4.7
+  * fix: release resources when properly
+  * fix: add support for parsing tokens from HTML
+  * handle html comment for saml result with okta 2fa (#156)
+  * chore: use auto to declare variable
+  * chore: simplify readme
+
+ -- Kevin Yue <k3vinyue@gmail.com>  Tue, 07 Jun 2022 21:46:04 +0800
+
+globalprotect-openconnect (1.4.6-1) unstable; urgency=medium
+
+  * Updated VERSION, Bumped 1.4.5 –> 1.4.6
+  * feat: display address in gateway menu item
+  * fix: fix bug of parsing the portal respponse
+
+ -- Kevin Yue <k3vinyue@gmail.com>  Wed, 01 Jun 2022 23:55:50 +0800
+
 globalprotect-openconnect (1.4.5-1) unstable; urgency=medium
 
   * Updated VERSION, Bumped 1.4.4 –> 1.4.5

packaging/aur/PKGBUILD

@@ -1,7 +1,7 @@
 # Maintainer: Keinv Yue <yuezk001@gmail.com>
 
-_pkgver="1.4.5"
-_commit="a489c5881bdc9d3565da0f2efac4963bec3f7069"
+_pkgver="1.4.7"
+_commit="5a485197b7c7b17f064d89bfe98ec1733d60e221"
 pkgname=globalprotect-openconnect-git
 pkgver=${_pkgver}
 pkgrel=1

packaging/obs/globalprotect-openconnect.changes

@@ -1,3 +1,22 @@
+-------------------------------------------------------------------
+Tue Jun  7 13:46:04 UTC 2022 - k3vinyue@gmail.com - 1.4.7
+
+- Update to 1.4.7
+  * Updated VERSION, Bumped 1.4.6 –> 1.4.7
+  * fix: release resources when properly
+  * fix: add support for parsing tokens from HTML
+  * handle html comment for saml result with okta 2fa (#156)
+  * chore: use auto to declare variable
+  * chore: simplify readme
+
+-------------------------------------------------------------------
+Wed Jun  1 15:55:50 UTC 2022 - k3vinyue@gmail.com - 1.4.6
+
+- Update to 1.4.6
+  * Updated VERSION, Bumped 1.4.5 –> 1.4.6
+  * feat: display address in gateway menu item
+  * fix: fix bug of parsing the portal respponse
+
 -------------------------------------------------------------------
 Sun May 29 13:15:40 UTC 2022 - k3vinyue@gmail.com - 1.4.5
 

packaging/obs/globalprotect-openconnect.spec

@@ -1,5 +1,5 @@
 Name:           globalprotect-openconnect
-Version:        1.4.5
+Version:        1.4.7
 Release:        1
 Summary:        A GlobalProtect VPN client powered by OpenConnect
 Group:          Productivity/Networking/PPP