From dadaaf2a04bf50471c1aad402a5d7016c8535e2f Mon Sep 17 00:00:00 2001 From: Privacy_Dragon Date: Sun, 12 Jan 2025 23:48:20 +0100 Subject: [PATCH 1/3] Work in progress --- .idea/deploymentTargetSelector.xml | 10 ++++ .idea/inspectionProfiles/Project_Default.xml | 8 +++ .idea/migrations.xml | 10 ++++ .idea/runConfigurations.xml | 17 ++++++ .../privacydragon/bookwyrm/StartActivity.java | 55 +++++++++++++++++-- 5 files changed, 96 insertions(+), 4 deletions(-) create mode 100644 .idea/deploymentTargetSelector.xml create mode 100644 .idea/inspectionProfiles/Project_Default.xml create mode 100644 .idea/migrations.xml create mode 100644 .idea/runConfigurations.xml diff --git a/.idea/deploymentTargetSelector.xml b/.idea/deploymentTargetSelector.xml new file mode 100644 index 0000000..b268ef3 --- /dev/null +++ b/.idea/deploymentTargetSelector.xml @@ -0,0 +1,10 @@ + + + + + + + + + \ No newline at end of file diff --git a/.idea/inspectionProfiles/Project_Default.xml b/.idea/inspectionProfiles/Project_Default.xml new file mode 100644 index 0000000..95f3467 --- /dev/null +++ b/.idea/inspectionProfiles/Project_Default.xml @@ -0,0 +1,8 @@ + + + + \ No newline at end of file diff --git a/.idea/migrations.xml b/.idea/migrations.xml new file mode 100644 index 0000000..f8051a6 --- /dev/null +++ b/.idea/migrations.xml @@ -0,0 +1,10 @@ + + + + + + \ No newline at end of file diff --git a/.idea/runConfigurations.xml b/.idea/runConfigurations.xml new file mode 100644 index 0000000..16660f1 --- /dev/null +++ b/.idea/runConfigurations.xml @@ -0,0 +1,17 @@ + + + + + + \ No newline at end of file diff --git a/app/src/main/java/nl/privacydragon/bookwyrm/StartActivity.java b/app/src/main/java/nl/privacydragon/bookwyrm/StartActivity.java index 4e0a23c..f1c5340 100644 --- a/app/src/main/java/nl/privacydragon/bookwyrm/StartActivity.java +++ b/app/src/main/java/nl/privacydragon/bookwyrm/StartActivity.java @@ -10,7 +10,9 @@ import android.content.SharedPreferences; import android.content.pm.PackageManager; import android.graphics.Bitmap; import android.net.Uri; +import android.os.Build; import android.os.Bundle; +import android.os.NetworkOnMainThreadException; import android.util.Base64; import android.view.KeyEvent; import android.view.View; @@ -32,7 +34,13 @@ import androidx.core.content.ContextCompat; import com.journeyapps.barcodescanner.ScanContract; import com.journeyapps.barcodescanner.ScanOptions; +import java.io.BufferedInputStream; import java.io.IOException; +import java.io.InputStream; +import java.io.UnsupportedEncodingException; +import java.net.HttpURLConnection; +import java.net.URL; +import java.net.URLEncoder; import java.nio.charset.StandardCharsets; import java.security.InvalidAlgorithmParameterException; import java.security.InvalidKeyException; @@ -174,9 +182,9 @@ public class StartActivity extends AppCompatActivity { LoadIndicator.setVisibility(View.GONE); myWebView.setVisibility(View.VISIBLE); - view.loadUrl("javascript:(function() { document.getElementById('id_password_confirm').value = '" + wacht + "'; ;})()"); - view.loadUrl("javascript:(function() { document.getElementById('id_localname_confirm').value = '" + name + "'; ;})()"); - view.loadUrl("javascript:(function() { if (window.location.href == 'https://" + server + "/login') { document.getElementsByName(\"login-confirm\")[0].submit();} ;})()"); + //view.loadUrl("javascript:(function() { document.getElementById('id_password_confirm').value = '" + wacht + "'; ;})()"); + //view.loadUrl("javascript:(function() { document.getElementById('id_localname_confirm').value = '" + name + "'; ;})()"); + //view.loadUrl("javascript:(function() { if (window.location.href == 'https://" + server + "/login') { document.getElementsByName(\"login-confirm\")[0].submit();} ;})()"); view.loadUrl("javascript:(function() { " + "if (document.querySelectorAll(\"[data-modal-open]\")[0]) {" + "let ISBN_Button = document.querySelectorAll(\"[data-modal-open]\")[0];" + @@ -198,7 +206,46 @@ public class StartActivity extends AppCompatActivity { } }); //Here, load the login page of the server. That actually does all that is needed. - myWebView.loadUrl("https://" + server + "/login"); + String geheimeToken = null; + try { + geheimeToken = getMiddleWareToken(server); + } catch (IOException e) { + throw new RuntimeException(e); + } + String gegevens = null; + try { + gegevens = "csrfmiddlewaretoken=" + URLEncoder.encode(geheimeToken, "UTF-8") + "&localname=" + URLEncoder.encode(name, "UTF-8") + "&password=" + URLEncoder.encode(passw, "UTF-8"); + } catch (UnsupportedEncodingException e) { + throw new RuntimeException(e); + } + myWebView.postUrl("https://" + server + "/login", gegevens.getBytes()); + } + public String getMiddleWareToken(String server) throws IOException { //Er gaat hier nog iets fout. Steeds een error ofzo. + //Het idee is dat deze functie de loginpagina van de server laadt en dan de 'csrfmiddlewaretoken' uit het inlogformulier haalt, + //Zodat dat dan gebruikt kan worden bij het inloggen. + String token; + InputStream ina; + URL url = new URL("https://" + server + "/login"); + HttpURLConnection urlConnection = (HttpURLConnection) url.openConnection(); + try { + ina = new BufferedInputStream(urlConnection.getInputStream()); + byte[] pagina = null; + if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.TIRAMISU) { + pagina = ina.readAllBytes(); + } + try { + ina.close(); + } catch (IOException e) { + throw new RuntimeException(e); + } + String zooi = new String(pagina); + String[] opgebroken = zooi.split("name=\"csrfmiddlewaretoken\" value="); + String[] breukjes = opgebroken[1].split("\">"); + token = breukjes[0]; + } finally { + urlConnection.disconnect(); + } + return token; } private final ActivityResultLauncher barcodeLanceerder = registerForActivityResult(new ScanContract(), result -> { From e17daa9e41a3302f01c6339f3c6d808144dfe781 Mon Sep 17 00:00:00 2001 From: Privacy_Dragon Date: Mon, 13 Jan 2025 15:39:56 +0100 Subject: [PATCH 2/3] login improvements --- .../bookwyrm/HandlerActivity.java | 130 +++++------ .../privacydragon/bookwyrm/StartActivity.java | 212 +++++++++++++++--- 2 files changed, 243 insertions(+), 99 deletions(-) diff --git a/app/src/main/java/nl/privacydragon/bookwyrm/HandlerActivity.java b/app/src/main/java/nl/privacydragon/bookwyrm/HandlerActivity.java index 4993fe4..cc57b97 100644 --- a/app/src/main/java/nl/privacydragon/bookwyrm/HandlerActivity.java +++ b/app/src/main/java/nl/privacydragon/bookwyrm/HandlerActivity.java @@ -118,12 +118,12 @@ public class HandlerActivity extends AppCompatActivity { String defaultValue = "none"; SharedPreferences sharedPref = HandlerActivity.this.getSharedPreferences(getString(R.string.server), Context.MODE_PRIVATE); String server = sharedPref.getString(getString(R.string.server), defaultValue); - SharedPreferences sharedPrefName = HandlerActivity.this.getSharedPreferences(getString(R.string.name), Context.MODE_PRIVATE); - String name = sharedPrefName.getString(getString(R.string.name), defaultValue); - SharedPreferences sharedPrefPass = HandlerActivity.this.getSharedPreferences(getString(R.string.pw), Context.MODE_PRIVATE); - String pass = sharedPrefPass.getString(getString(R.string.pw), defaultValue); - SharedPreferences sharedPrefMagic = HandlerActivity.this.getSharedPreferences(getString(R.string.q), Context.MODE_PRIVATE); - String codeMagic = sharedPrefMagic.getString(getString(R.string.q), defaultValue); + //SharedPreferences sharedPrefName = HandlerActivity.this.getSharedPreferences(getString(R.string.name), Context.MODE_PRIVATE); + //String name = sharedPrefName.getString(getString(R.string.name), defaultValue); + //SharedPreferences sharedPrefPass = HandlerActivity.this.getSharedPreferences(getString(R.string.pw), Context.MODE_PRIVATE); + //String pass = sharedPrefPass.getString(getString(R.string.pw), defaultValue); + //SharedPreferences sharedPrefMagic = HandlerActivity.this.getSharedPreferences(getString(R.string.q), Context.MODE_PRIVATE); + //String codeMagic = sharedPrefMagic.getString(getString(R.string.q), defaultValue); //If there is nothing configured yet, the user should be redirected to the main screen for logging in. if (server == "none") { startActivity(new Intent(HandlerActivity.this, nl.privacydragon.bookwyrm.MainActivity.class)); @@ -150,62 +150,62 @@ public class HandlerActivity extends AppCompatActivity { } //Then all the decryption stuff has to happen. There are a lot of try-catch stuff, because apparently that seems to be needed. //First get the keystore thing. - KeyStore keyStore = null; - try { - keyStore = KeyStore.getInstance("AndroidKeyStore"); - } catch (KeyStoreException e) { - e.printStackTrace(); - } - //Then, load it. or something. To make sure that it can be used. - try { - keyStore.load(null); - } catch (CertificateException e) { - e.printStackTrace(); - } catch (IOException e) { - e.printStackTrace(); - } catch (NoSuchAlgorithmException e) { - e.printStackTrace(); - } - //Next, retrieve the key to be used for the decryption. - Key DragonLikeKey = null; - try { - DragonLikeKey = keyStore.getKey("BookWyrm", null); - } catch (KeyStoreException e) { - e.printStackTrace(); - } catch (NoSuchAlgorithmException e) { - e.printStackTrace(); - } catch (UnrecoverableKeyException e) { - e.printStackTrace(); - } - //Do something with getting the/a cipher or something. - Cipher c = null; - try { - c = Cipher.getInstance("AES/GCM/NoPadding"); - } catch (NoSuchAlgorithmException e) { - e.printStackTrace(); - } catch (NoSuchPaddingException e) { - e.printStackTrace(); - } - //And then initiating the cipher, so it can be used. - try { - c.init(Cipher.DECRYPT_MODE, DragonLikeKey, new GCMParameterSpec(128, codeMagic.getBytes())); - } catch (InvalidAlgorithmParameterException e) { - e.printStackTrace(); - } catch (InvalidKeyException e) { - e.printStackTrace(); - } - //Decrypt the password! - byte[] truePass = null; - try { - truePass = c.doFinal(Base64.decode(pass, Base64.DEFAULT)); - } catch (BadPaddingException e) { - e.printStackTrace(); - } catch (IllegalBlockSizeException e) { - e.printStackTrace(); - } - //Convert the decrypted password back to a string. - String passw = new String(truePass, StandardCharsets.UTF_8); - String wacht = passw.replaceAll("'", "\\\\'"); +// KeyStore keyStore = null; +// try { +// keyStore = KeyStore.getInstance("AndroidKeyStore"); +// } catch (KeyStoreException e) { +// e.printStackTrace(); +// } +// //Then, load it. or something. To make sure that it can be used. +// try { +// keyStore.load(null); +// } catch (CertificateException e) { +// e.printStackTrace(); +// } catch (IOException e) { +// e.printStackTrace(); +// } catch (NoSuchAlgorithmException e) { +// e.printStackTrace(); +// } +// //Next, retrieve the key to be used for the decryption. +// Key DragonLikeKey = null; +// try { +// DragonLikeKey = keyStore.getKey("BookWyrm", null); +// } catch (KeyStoreException e) { +// e.printStackTrace(); +// } catch (NoSuchAlgorithmException e) { +// e.printStackTrace(); +// } catch (UnrecoverableKeyException e) { +// e.printStackTrace(); +// } +// //Do something with getting the/a cipher or something. +// Cipher c = null; +// try { +// c = Cipher.getInstance("AES/GCM/NoPadding"); +// } catch (NoSuchAlgorithmException e) { +// e.printStackTrace(); +// } catch (NoSuchPaddingException e) { +// e.printStackTrace(); +// } +// //And then initiating the cipher, so it can be used. +// try { +// c.init(Cipher.DECRYPT_MODE, DragonLikeKey, new GCMParameterSpec(128, codeMagic.getBytes())); +// } catch (InvalidAlgorithmParameterException e) { +// e.printStackTrace(); +// } catch (InvalidKeyException e) { +// e.printStackTrace(); +// } +// //Decrypt the password! +// byte[] truePass = null; +// try { +// truePass = c.doFinal(Base64.decode(pass, Base64.DEFAULT)); +// } catch (BadPaddingException e) { +// e.printStackTrace(); +// } catch (IllegalBlockSizeException e) { +// e.printStackTrace(); +// } +// //Convert the decrypted password back to a string. +// String passw = new String(truePass, StandardCharsets.UTF_8); + //String wacht = passw.replaceAll("'", "\\\\'"); //A webviewclient thing is needed for some stuff. To automatically log in, the credentials are put in the form by the javascript that is loaded once the page is fully loaded. Then it is automatically submitted if the current page is the login page. String finalToGoServer = toGoServer; @@ -214,10 +214,10 @@ public class HandlerActivity extends AppCompatActivity { LoadIndicator.setVisibility(View.GONE); myWebView.setVisibility(View.VISIBLE); - view.loadUrl("javascript:(function() { document.getElementById('id_password').value = '" + wacht + "'; ;})()"); - view.loadUrl("javascript:(function() { document.getElementById('id_localname').value = '" + name + "'; ;})()"); + //view.loadUrl("javascript:(function() { document.getElementById('id_password').value = '" + wacht + "'; ;})()"); + //view.loadUrl("javascript:(function() { document.getElementById('id_localname').value = '" + name + "'; ;})()"); view.loadUrl("javascript:(function() { if (window.location.href == '" + finalToGoServer + "' && !/(review|generatednote|quotation|comment|book)/i.test(window.location.href)) { document.getElementsByName(\"login\")[0].submit();} ;})()"); - view.loadUrl("javascript:(function() { if (window.location.href == 'https://" + server + "') { document.getElementsByName(\"login\")[0].submit();} ;})()"); + //view.loadUrl("javascript:(function() { if (window.location.href == 'https://" + server + "') { document.getElementsByName(\"login\")[0].submit();} ;})()"); view.loadUrl("javascript:(function() { if (/(review|generatednote|quotation|comment|book)/i.test(window.location.href)) {" + "blocks = document.getElementsByClassName('block');" + "for (let element of blocks){" + diff --git a/app/src/main/java/nl/privacydragon/bookwyrm/StartActivity.java b/app/src/main/java/nl/privacydragon/bookwyrm/StartActivity.java index f1c5340..dd54c8d 100644 --- a/app/src/main/java/nl/privacydragon/bookwyrm/StartActivity.java +++ b/app/src/main/java/nl/privacydragon/bookwyrm/StartActivity.java @@ -12,7 +12,6 @@ import android.graphics.Bitmap; import android.net.Uri; import android.os.Build; import android.os.Bundle; -import android.os.NetworkOnMainThreadException; import android.util.Base64; import android.view.KeyEvent; import android.view.View; @@ -38,7 +37,12 @@ import java.io.BufferedInputStream; import java.io.IOException; import java.io.InputStream; import java.io.UnsupportedEncodingException; +import java.net.CookieHandler; +import java.net.CookieManager; +import java.net.CookieStore; +import java.net.HttpCookie; import java.net.HttpURLConnection; +import java.net.URI; import java.net.URL; import java.net.URLEncoder; import java.nio.charset.StandardCharsets; @@ -50,6 +54,8 @@ import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.UnrecoverableKeyException; import java.security.cert.CertificateException; +import java.util.List; +import java.util.Objects; import javax.crypto.BadPaddingException; import javax.crypto.Cipher; @@ -174,7 +180,7 @@ public class StartActivity extends AppCompatActivity { } //Convert the decrypted password back to a string. String passw = new String(truePass, StandardCharsets.UTF_8); - String wacht = passw.replaceAll("'", "\\\\'"); + //String wacht = passw.replaceAll("'", "\\\\'"); //A webviewclient thing is needed for some stuff. To automatically log in, the credentials are put in the form by the javascript that is loaded once the page is fully loaded. Then it is automatically submitted if the current page is the login page. myWebView.setWebViewClient(new MyWebViewClient(){ @@ -185,6 +191,7 @@ public class StartActivity extends AppCompatActivity { //view.loadUrl("javascript:(function() { document.getElementById('id_password_confirm').value = '" + wacht + "'; ;})()"); //view.loadUrl("javascript:(function() { document.getElementById('id_localname_confirm').value = '" + name + "'; ;})()"); //view.loadUrl("javascript:(function() { if (window.location.href == 'https://" + server + "/login') { document.getElementsByName(\"login-confirm\")[0].submit();} ;})()"); + //view.loadUrl("javascript:(function() { if (window.location.href == 'https://" + server + "/login' && document.title != '403 Forbidden') { this.document.location.href = 'source://' + encodeURI(document.documentElement.outerHTML);} ;})()"); view.loadUrl("javascript:(function() { " + "if (document.querySelectorAll(\"[data-modal-open]\")[0]) {" + "let ISBN_Button = document.querySelectorAll(\"[data-modal-open]\")[0];" + @@ -206,46 +213,183 @@ public class StartActivity extends AppCompatActivity { } }); //Here, load the login page of the server. That actually does all that is needed. - String geheimeToken = null; +// try { +// getMiddleWareToken(server, name, passw); +// } catch (IOException e) { +// throw new RuntimeException(e); +// } +// String geheimeToken = null; +// try { +// geheimeToken = getMiddleWareToken(server); +// } catch (IOException e) { +// throw new RuntimeException(e); +// } +// String gegevens = null; +// try { +// gegevens = "csrfmiddlewaretoken=" + URLEncoder.encode(geheimeToken, "UTF-8") + "&localname=" + URLEncoder.encode(name, "UTF-8") + "&password=" + URLEncoder.encode(passw, "UTF-8"); +// } catch (UnsupportedEncodingException e) { +// throw new RuntimeException(e); +// } +// myWebView.postUrl("https://" + server + "/login", gegevens.getBytes()); + //myWebView.loadUrl("https://" + server + "/login"); +// myWebView.setVisibility(View.GONE); +// LoadIndicator.setVisibility(View.VISIBLE); +// android.webkit.CookieManager oven = android.webkit.CookieManager.getInstance(); + //myWebView.loadUrl("javascript:this.document.location.href = 'source://' + encodeURI(document.documentElement.outerHTML);"); try { - geheimeToken = getMiddleWareToken(server); + getMiddleWareTokenAndLogIn(server, name, passw); } catch (IOException e) { throw new RuntimeException(e); } - String gegevens = null; - try { - gegevens = "csrfmiddlewaretoken=" + URLEncoder.encode(geheimeToken, "UTF-8") + "&localname=" + URLEncoder.encode(name, "UTF-8") + "&password=" + URLEncoder.encode(passw, "UTF-8"); - } catch (UnsupportedEncodingException e) { - throw new RuntimeException(e); - } - myWebView.postUrl("https://" + server + "/login", gegevens.getBytes()); + + } - public String getMiddleWareToken(String server) throws IOException { //Er gaat hier nog iets fout. Steeds een error ofzo. +// public void logIn(String lichaam) { +// //First, verkrijg the user credentials. +// //The user credentials are stored in the shared preferences, so first they have to be read from there. +// String defaultValue = "none"; +// SharedPreferences sharedPref = StartActivity.this.getSharedPreferences(getString(R.string.server), Context.MODE_PRIVATE); +// String server = sharedPref.getString(getString(R.string.server), defaultValue); +// SharedPreferences sharedPrefName = StartActivity.this.getSharedPreferences(getString(R.string.name), Context.MODE_PRIVATE); +// String name = sharedPrefName.getString(getString(R.string.name), defaultValue); +// SharedPreferences sharedPrefPass = StartActivity.this.getSharedPreferences(getString(R.string.pw), Context.MODE_PRIVATE); +// String pass = sharedPrefPass.getString(getString(R.string.pw), defaultValue); +// SharedPreferences sharedPrefMagic = StartActivity.this.getSharedPreferences(getString(R.string.q), Context.MODE_PRIVATE); +// String codeMagic = sharedPrefMagic.getString(getString(R.string.q), defaultValue); +// //Then all the decryption stuff has to happen. There are a lot of try-catch stuff, because apparently that seems to be needed. +// //First get the keystore thing. +// KeyStore keyStore = null; +// try { +// keyStore = KeyStore.getInstance("AndroidKeyStore"); +// } catch (KeyStoreException e) { +// e.printStackTrace(); +// } +// //Then, load it. or something. To make sure that it can be used. +// try { +// keyStore.load(null); +// } catch (CertificateException | IOException | NoSuchAlgorithmException e) { +// e.printStackTrace(); +// } +// //Next, retrieve the key to be used for the decryption. +// Key DragonLikeKey = null; +// try { +// DragonLikeKey = keyStore.getKey("BookWyrm", null); +// } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) { +// e.printStackTrace(); +// } +// //Do something with getting the/a cipher or something. +// Cipher c = null; +// try { +// c = Cipher.getInstance("AES/GCM/NoPadding"); +// } catch (NoSuchAlgorithmException | NoSuchPaddingException e) { +// e.printStackTrace(); +// } +// //And then initiating the cipher, so it can be used. +// try { +// assert c != null; +// c.init(Cipher.DECRYPT_MODE, DragonLikeKey, new GCMParameterSpec(128, codeMagic.getBytes())); +// } catch (InvalidAlgorithmParameterException | InvalidKeyException e) { +// e.printStackTrace(); +// } +// //Decrypt the password! +// byte[] truePass = null; +// try { +// truePass = c.doFinal(Base64.decode(pass, Base64.DEFAULT)); +// } catch (BadPaddingException | IllegalBlockSizeException e) { +// e.printStackTrace(); +// } +// //Convert the decrypted password back to a string. +// String passw = new String(truePass, StandardCharsets.UTF_8); +// Log.d("body", lichaam); +// String[] opgebroken = lichaam.split("name=\"csrfmiddlewaretoken\" value=\""); +// String[] breukjes = opgebroken[1].split("\">"); +// String middelToken = breukjes[0]; +// String[] splitsing = lichaam.split("var csrf_token = '"); +// String[] dilemma = splitsing[1].split("';"); +// String csrf = dilemma[0]; +// Log.d("tokens", "middel= " + middelToken); +// Log.d("tokens", "csrf= " + csrf); +// String gegevens = null; +// try { +// gegevens = "csrfmiddlewaretoken=" + URLEncoder.encode(middelToken, "UTF-8") + "&localname=" + URLEncoder.encode(name, "UTF-8") + "&password=" + URLEncoder.encode(passw, "UTF-8"); +// } catch (UnsupportedEncodingException e) { +// throw new RuntimeException(e); +// } +//// android.webkit.CookieManager oven = android.webkit.CookieManager.getInstance(); +//// oven.setCookie("https://" + server, "csrftoken=" + csrf); +// myWebView.postUrl("https://" + server + "/login", gegevens.getBytes()); +// } + public void getMiddleWareTokenAndLogIn(String server, String name, String passw) throws IOException { //Het idee is dat deze functie de loginpagina van de server laadt en dan de 'csrfmiddlewaretoken' uit het inlogformulier haalt, //Zodat dat dan gebruikt kan worden bij het inloggen. - String token; - InputStream ina; - URL url = new URL("https://" + server + "/login"); - HttpURLConnection urlConnection = (HttpURLConnection) url.openConnection(); - try { - ina = new BufferedInputStream(urlConnection.getInputStream()); - byte[] pagina = null; - if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.TIRAMISU) { - pagina = ina.readAllBytes(); + Thread draadje = new Thread(new Runnable() { + @Override + public void run() { + try { + URL url = new URL("https://" + server + "/login"); + CookieManager koekManager = new CookieManager(); + CookieHandler.setDefault(koekManager); + CookieStore bakker = koekManager.getCookieStore(); + HttpURLConnection urlConnection = (HttpURLConnection) url.openConnection(); + try { + InputStream ina = new BufferedInputStream(urlConnection.getInputStream()); + byte[] pagina = null; + if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.TIRAMISU) { + pagina = ina.readAllBytes(); + } else { + ina.read(pagina, 0, ina.available()); + } + try { + ina.close(); + } catch (IOException e) { + throw new RuntimeException(e); + } + String zooi = new String(pagina); + String[] opgebroken = zooi.split("name=\"csrfmiddlewaretoken\" value=\""); + String[] breukjes = opgebroken[1].split("\">"); + String token = breukjes[0]; + String gegevens = null; + + String speculaas = "", THT = ""; + List koektrommel = bakker.get(URI.create("https://" + server)); + //Log.d("koek", koektrommel.toString()); + for (int i = 0; i < koektrommel.size(); ++i) { + HttpCookie koekje = koektrommel.get(i); + if (Objects.equals(koekje.getName(), "csrftoken")) { + speculaas = koekje.toString(); + THT = String.valueOf(koekje.getMaxAge()); + //Log.d("domein", koekje.getDomain()); + } + } + try { + gegevens = "csrfmiddlewaretoken=" + URLEncoder.encode(token, "UTF-8") + "&localname=" + URLEncoder.encode(name, "UTF-8") + "&password=" + URLEncoder.encode(passw, "UTF-8"); + } catch (UnsupportedEncodingException e) { + throw new RuntimeException(e); + } + String finalGegevens = gegevens; + //Log.d("token", speculaas); + String finalSpeculaas = speculaas; + String finalTHT = THT; + runOnUiThread(new Runnable() { + @Override + public void run() { + + android.webkit.CookieManager oven = android.webkit.CookieManager.getInstance(); + oven.setCookie("https://" + server, finalSpeculaas + "; Max-Age=" + finalTHT + "; Path=/; SameSite=Lax; Secure"); + myWebView.postUrl("https://" + server + "/login?next=/", finalGegevens.getBytes()); + } + }); + + } finally { + urlConnection.disconnect(); + } + } catch (Exception e) { + throw new RuntimeException(e); + } } - try { - ina.close(); - } catch (IOException e) { - throw new RuntimeException(e); - } - String zooi = new String(pagina); - String[] opgebroken = zooi.split("name=\"csrfmiddlewaretoken\" value="); - String[] breukjes = opgebroken[1].split("\">"); - token = breukjes[0]; - } finally { - urlConnection.disconnect(); - } - return token; + }); + draadje.start(); + //return token; } private final ActivityResultLauncher barcodeLanceerder = registerForActivityResult(new ScanContract(), result -> { From f2eb043e7f99500b689162deaadcd2d371396363 Mon Sep 17 00:00:00 2001 From: Privacy_Dragon Date: Mon, 13 Jan 2025 16:43:12 +0100 Subject: [PATCH 3/3] Bug fix for login improvements --- .../bookwyrm/HandlerActivity.java | 18 ------------------ .../privacydragon/bookwyrm/StartActivity.java | 3 ++- 2 files changed, 2 insertions(+), 19 deletions(-) diff --git a/app/src/main/java/nl/privacydragon/bookwyrm/HandlerActivity.java b/app/src/main/java/nl/privacydragon/bookwyrm/HandlerActivity.java index cc57b97..fea72b7 100644 --- a/app/src/main/java/nl/privacydragon/bookwyrm/HandlerActivity.java +++ b/app/src/main/java/nl/privacydragon/bookwyrm/HandlerActivity.java @@ -11,7 +11,6 @@ import android.content.pm.PackageManager; import android.graphics.Bitmap; import android.net.Uri; import android.os.Bundle; -import android.util.Base64; import android.view.KeyEvent; import android.view.View; import android.webkit.JavascriptInterface; @@ -32,23 +31,6 @@ import androidx.core.content.ContextCompat; import com.journeyapps.barcodescanner.ScanContract; import com.journeyapps.barcodescanner.ScanOptions; -import java.io.IOException; -import java.nio.charset.StandardCharsets; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.UnrecoverableKeyException; -import java.security.cert.CertificateException; - -import javax.crypto.BadPaddingException; -import javax.crypto.Cipher; -import javax.crypto.IllegalBlockSizeException; -import javax.crypto.NoSuchPaddingException; -import javax.crypto.spec.GCMParameterSpec; - public class HandlerActivity extends AppCompatActivity { WebView myWebView; diff --git a/app/src/main/java/nl/privacydragon/bookwyrm/StartActivity.java b/app/src/main/java/nl/privacydragon/bookwyrm/StartActivity.java index dd54c8d..ec3db2e 100644 --- a/app/src/main/java/nl/privacydragon/bookwyrm/StartActivity.java +++ b/app/src/main/java/nl/privacydragon/bookwyrm/StartActivity.java @@ -337,7 +337,8 @@ public class StartActivity extends AppCompatActivity { if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.TIRAMISU) { pagina = ina.readAllBytes(); } else { - ina.read(pagina, 0, ina.available()); + pagina = new byte[30000]; + ina.read(pagina); } try { ina.close();