From dadaaf2a04bf50471c1aad402a5d7016c8535e2f Mon Sep 17 00:00:00 2001 From: Privacy_Dragon Date: Sun, 12 Jan 2025 23:48:20 +0100 Subject: [PATCH] Work in progress --- .idea/deploymentTargetSelector.xml | 10 ++++ .idea/inspectionProfiles/Project_Default.xml | 8 +++ .idea/migrations.xml | 10 ++++ .idea/runConfigurations.xml | 17 ++++++ .../privacydragon/bookwyrm/StartActivity.java | 55 +++++++++++++++++-- 5 files changed, 96 insertions(+), 4 deletions(-) create mode 100644 .idea/deploymentTargetSelector.xml create mode 100644 .idea/inspectionProfiles/Project_Default.xml create mode 100644 .idea/migrations.xml create mode 100644 .idea/runConfigurations.xml diff --git a/.idea/deploymentTargetSelector.xml b/.idea/deploymentTargetSelector.xml new file mode 100644 index 0000000..b268ef3 --- /dev/null +++ b/.idea/deploymentTargetSelector.xml @@ -0,0 +1,10 @@ + + + + + + + + + \ No newline at end of file diff --git a/.idea/inspectionProfiles/Project_Default.xml b/.idea/inspectionProfiles/Project_Default.xml new file mode 100644 index 0000000..95f3467 --- /dev/null +++ b/.idea/inspectionProfiles/Project_Default.xml @@ -0,0 +1,8 @@ + + + + \ No newline at end of file diff --git a/.idea/migrations.xml b/.idea/migrations.xml new file mode 100644 index 0000000..f8051a6 --- /dev/null +++ b/.idea/migrations.xml @@ -0,0 +1,10 @@ + + + + + + \ No newline at end of file diff --git a/.idea/runConfigurations.xml b/.idea/runConfigurations.xml new file mode 100644 index 0000000..16660f1 --- /dev/null +++ b/.idea/runConfigurations.xml @@ -0,0 +1,17 @@ + + + + + + \ No newline at end of file diff --git a/app/src/main/java/nl/privacydragon/bookwyrm/StartActivity.java b/app/src/main/java/nl/privacydragon/bookwyrm/StartActivity.java index 4e0a23c..f1c5340 100644 --- a/app/src/main/java/nl/privacydragon/bookwyrm/StartActivity.java +++ b/app/src/main/java/nl/privacydragon/bookwyrm/StartActivity.java @@ -10,7 +10,9 @@ import android.content.SharedPreferences; import android.content.pm.PackageManager; import android.graphics.Bitmap; import android.net.Uri; +import android.os.Build; import android.os.Bundle; +import android.os.NetworkOnMainThreadException; import android.util.Base64; import android.view.KeyEvent; import android.view.View; @@ -32,7 +34,13 @@ import androidx.core.content.ContextCompat; import com.journeyapps.barcodescanner.ScanContract; import com.journeyapps.barcodescanner.ScanOptions; +import java.io.BufferedInputStream; import java.io.IOException; +import java.io.InputStream; +import java.io.UnsupportedEncodingException; +import java.net.HttpURLConnection; +import java.net.URL; +import java.net.URLEncoder; import java.nio.charset.StandardCharsets; import java.security.InvalidAlgorithmParameterException; import java.security.InvalidKeyException; @@ -174,9 +182,9 @@ public class StartActivity extends AppCompatActivity { LoadIndicator.setVisibility(View.GONE); myWebView.setVisibility(View.VISIBLE); - view.loadUrl("javascript:(function() { document.getElementById('id_password_confirm').value = '" + wacht + "'; ;})()"); - view.loadUrl("javascript:(function() { document.getElementById('id_localname_confirm').value = '" + name + "'; ;})()"); - view.loadUrl("javascript:(function() { if (window.location.href == 'https://" + server + "/login') { document.getElementsByName(\"login-confirm\")[0].submit();} ;})()"); + //view.loadUrl("javascript:(function() { document.getElementById('id_password_confirm').value = '" + wacht + "'; ;})()"); + //view.loadUrl("javascript:(function() { document.getElementById('id_localname_confirm').value = '" + name + "'; ;})()"); + //view.loadUrl("javascript:(function() { if (window.location.href == 'https://" + server + "/login') { document.getElementsByName(\"login-confirm\")[0].submit();} ;})()"); view.loadUrl("javascript:(function() { " + "if (document.querySelectorAll(\"[data-modal-open]\")[0]) {" + "let ISBN_Button = document.querySelectorAll(\"[data-modal-open]\")[0];" + @@ -198,7 +206,46 @@ public class StartActivity extends AppCompatActivity { } }); //Here, load the login page of the server. That actually does all that is needed. - myWebView.loadUrl("https://" + server + "/login"); + String geheimeToken = null; + try { + geheimeToken = getMiddleWareToken(server); + } catch (IOException e) { + throw new RuntimeException(e); + } + String gegevens = null; + try { + gegevens = "csrfmiddlewaretoken=" + URLEncoder.encode(geheimeToken, "UTF-8") + "&localname=" + URLEncoder.encode(name, "UTF-8") + "&password=" + URLEncoder.encode(passw, "UTF-8"); + } catch (UnsupportedEncodingException e) { + throw new RuntimeException(e); + } + myWebView.postUrl("https://" + server + "/login", gegevens.getBytes()); + } + public String getMiddleWareToken(String server) throws IOException { //Er gaat hier nog iets fout. Steeds een error ofzo. + //Het idee is dat deze functie de loginpagina van de server laadt en dan de 'csrfmiddlewaretoken' uit het inlogformulier haalt, + //Zodat dat dan gebruikt kan worden bij het inloggen. + String token; + InputStream ina; + URL url = new URL("https://" + server + "/login"); + HttpURLConnection urlConnection = (HttpURLConnection) url.openConnection(); + try { + ina = new BufferedInputStream(urlConnection.getInputStream()); + byte[] pagina = null; + if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.TIRAMISU) { + pagina = ina.readAllBytes(); + } + try { + ina.close(); + } catch (IOException e) { + throw new RuntimeException(e); + } + String zooi = new String(pagina); + String[] opgebroken = zooi.split("name=\"csrfmiddlewaretoken\" value="); + String[] breukjes = opgebroken[1].split("\">"); + token = breukjes[0]; + } finally { + urlConnection.disconnect(); + } + return token; } private final ActivityResultLauncher barcodeLanceerder = registerForActivityResult(new ScanContract(), result -> {