+ handling incorrect sesion data returned from the vendor API

2021-11-11 02:46:35 +01:00 · 2021-11-11 02:46:35 +01:00 · c7bc5ddc0c
parent d859dbad0a
commit c7bc5ddc0c
7 changed files with 102 additions and 11 deletions
--- a/code/common.sh
+++ b/code/common.sh
@ -9,7 +9,12 @@ function get_auth_string() {

 	local user="$(session_get_username ${cookies[sh_session]})"

-	echo "Authorization: Bearer $(cat secret/authTokens.dat | grep -P "^$user:" | sed -s "s/$user://")"
+	local token="$(cat secret/authTokens.dat | grep -P "^$user:" | sed -s "s/$user://")"
+	if [[ "$token" == 'null' ]]; then
+		exit 1
+	fi
+	
+	echo "Authorization: Bearer $token"
 }

 function get_refresh_token() {
@ -40,10 +45,13 @@ function add_account_refreshtoken() {
 	if ! session_verify "${cookies[sh_session]}"; then
 		exit 0
 	fi
+
+	username="$(session_get_username ${cookies[sh_session]})"
 	
-	if check_if_user_exists refreshToken; then
-		echo "$(session_get_username ${cookies[sh_session]}):$1" >> secret/refreshTokens.dat
+	if ! check_if_user_exists refreshToken; then
+		sed -E -i '/^'"$username"':/d' secret/refreshTokens.dat
 	fi
+	echo "$username:$1" >> secret/refreshTokens.dat
 }


@ -53,11 +61,13 @@ function add_account_authtoken() {
 		exit 0
 	fi

+	username="$(session_get_username ${cookies[sh_session]})"
 	token="$(sed 's/Bearer //g' <<< "$@")"
 	
-	if check_if_user_exists authToken; then
-		echo "$(session_get_username ${cookies[sh_session]}):$token" >> secret/authTokens.dat
+	if ! check_if_user_exists authToken; then
+		sed -E -i '/^'"$username"':/d' secret/authTokens.dat
 	fi
+	echo "$username:$token" >> secret/authTokens.dat
 }

 # update_account_authtoken(username)
--- a/front/src/index.ts
+++ b/front/src/index.ts
@ -223,6 +223,17 @@ const request = (resource: string, data: any) =>
              ".package-list",
              ".description",
            ]);
+          case -4:
+            // the API broke our token
+            showElements([".tel-box", ".logout-button", ".reset-notice"]);
+            hideElements([
+              ".login-box",
+              ".register-box",
+              ".mail-box",
+              ".package-list",
+              ".description",
+              ".sms-box",
+            ]);
            break;
          default:
            openError(res.description || res.msg || `Session error: ${res.status}`);
@ -519,6 +530,24 @@ window.addEventListener("load", () => {
    }
  });

+  const tel = document.querySelector(".tel-form")!;
+  tel.addEventListener("submit", async (event) => {
+    event.preventDefault();
+    const form = event.target as HTMLFormElement;
+    if (!phone) {
+      phone = (form.querySelector('input[name="phone"]')! as HTMLInputElement).value;
+    }
+    const res = await request("smscode_send", {
+      phone,
+    });
+    if (res.status == 200) {
+      hideElements([".tel-box"]);
+      showElements([".sms-box"]);
+    } else {
+      openError(res.description || res.msg);
+    }
+  });
+
  const sms = document.querySelector(".sms-form")!;
  sms.addEventListener("submit", async (event) => {
    event.preventDefault();
@ -531,7 +560,7 @@ window.addEventListener("load", () => {
      phone,
    });
    if (res.status == 200) {
-      hideElements([".sms-box", ".description"]);
+      hideElements([".sms-box", ".reset-notice"]);
      phone = null;
      localStorage.removeItem("phone");
      await refreshPackages();
@ -539,6 +568,7 @@ window.addEventListener("load", () => {
    } else {
      openError(res.description || res.msg);
    }
+    (form.querySelector('input[name="code"]')! as HTMLInputElement).value = "";
  });

  [...Array.from(document.querySelectorAll(".modal-background"))].forEach((element) => {
--- a/front/src/style.scss
+++ b/front/src/style.scss
@ -9,6 +9,7 @@ $family-sans-serif: BlinkMacSystemFont, -apple-system, sans-serif;
@import "../node_modules/bulma/sass/grid/columns.sass";
@import "../node_modules/bulma/sass/elements/button.sass";
@import "../node_modules/bulma/sass/elements/container.sass";
+@import "../node_modules/bulma/sass/elements/notification.sass";
@import "../node_modules/bulma/sass/elements/table.sass";
@import "../node_modules/bulma/sass/elements/title.sass";
@import "../node_modules/bulma/sass/elements/other.sass";
@ -28,7 +29,9 @@ $family-sans-serif: BlinkMacSystemFont, -apple-system, sans-serif;
 .error-box,
 .areyousure-box,
 .package-list,
-.details-box {
+.details-box,
+.reset-notice,
+.tel-box {
  display: none;
 }

--- a/webroot/api/packages.shs
+++ b/webroot/api/packages.shs
@ -6,7 +6,15 @@ fi
 data=''

 while [[ "$data" == '' ]]; do
-	data=$(curl -s -H "$(get_auth_string)" "https://api-inmobile-pl.easypack24.net/v1/parcel?updatedAfter=1970-01-01T00:00:00.000Z")
+	auth="$(get_auth_string)"
+	if [[ $? == 1 ]]; then
+		broken_session=true # whatever, this works
+	fi
+	data=$(curl -s -H "$auth" "https://api-inmobile-pl.easypack24.net/v1/parcel?updatedAfter=1970-01-01T00:00:00.000Z")
 done

-echo "$data" | jq -c "[.[] | {shipmentNumber: .shipmentNumber, status: .status, openCode: .openCode, senderName: .senderName, pickupPoint: {name: .pickupPoint.name, status: .pickupPoint.status, location: .pickupPoint.location, description: .pickupPoint.locationDescription, address: .pickupPoint.addressDetails}}]"
+if [[ "$broken_session" == true ]]; then
+	jq -n '{status: $ARGS.positional[0], msg: $ARGS.positional[1]}' --args "-4" "The session went bork"
+else
+	echo "$data" | jq -c "[.[] | {shipmentNumber: .shipmentNumber, status: .status, openCode: .openCode, senderName: .senderName, pickupPoint: {name: .pickupPoint.name, status: .pickupPoint.status, location: .pickupPoint.location, description: .pickupPoint.locationDescription, address: .pickupPoint.addressDetails}}]"
+fi
--- a/webroot/api/smscode.shs
+++ b/webroot/api/smscode.shs
@ -16,8 +16,8 @@ if [[ "${post_data[phone]}" != "" && "${post_data[code]}" != "" ]]; then
 	if [[ $(echo $tokens | jq .status) == "404" ]]; then
 		jq -n '{status: $ARGS.positional[0], msg: $ARGS.positional[1]}' --args -1 "wrongData"
 	else
-		add_account_refreshtoken $(echo $tokens | jq -r .refreshToken)
-		add_account_authtoken $(echo $tokens | jq -r .authToken)
+		add_account_refreshtoken "$(echo "$tokens" | jq -r .refreshToken)"
+		add_account_authtoken "$(echo "$tokens" | jq -r .authToken)"
 		jq -n '{status: $ARGS.positional[0], msg: $ARGS.positional[1]}' --args 200 "success"
 	fi
 fi
--- a/webroot/api/smscode_send.shs
+++ b/webroot/api/smscode_send.shs
@ -0,0 +1,16 @@
+#!/bin/bash
+# stolen from mailcode.shs - probably should be merged sometime
+if ! session_verify "${cookies[sh_session]}"; then
+	jq -n '{status: $ARGS.positional[0], msg: $ARGS.positional[1]}' --args -1 "You're not logged in!"
+	return
+fi
+
+source "${cfg[namespace]}/code/common.sh"
+
+if [[ "${post_data[phone]}" != '' ]]; then
+	x=''
+	while [[ "$x" == '' ]]; do
+		x=$(curl -s "https://api-inmobile-pl.easypack24.net/v1/sendSMSCode/${post_data[phone]}")
+	done
+	jq -n '{status: $ARGS.positional[0], msg: $ARGS.positional[1]}' --args 200 "sent request"
+fi
--- a/webroot/index.html
+++ b/webroot/index.html
@ -26,6 +26,12 @@
      </div>
    </nav>
    <div class="container">
+      <div class="notification is-danger reset-notice">
+        It appears that the vendor API sent OCW a bad token value. This means
+        that to authenticate to the service, you'll need to
+        <strong>re-validate your phone number</strong>.<br /><br />
+        Sorry for the inconvenience.
+      </div>
      <div class="description">
        <div class="title is-1">Welcome to OCW!</div>
        <p class="paragraph">
@ -232,6 +238,24 @@
            <input type="submit" class="button" value="Submit" />
          </form>
        </div>
+        <div class="tel-box column">
+          <label class="label is-large">Phone re-validation</label>
+          <form method="POST" class="tel-form">
+            <div class="field tel-phone-field">
+              <label for="phone" class="label">Phone number</label>
+              <div class="control">
+                <input
+                  type="tel"
+                  name="phone"
+                  class="input"
+                  placeholder="222922597"
+                />
+              </div>
+              <p class="help">The one your packages are assigned to</p>
+            </div>
+            <input type="submit" class="button" value="Submit" />
+          </form>
+        </div>
      </div>
      <div class="areyousure-box modal">
        <div class="modal-background"></div>