From c7bc5ddc0cc13b16b14cff48e210af85eed95415 Mon Sep 17 00:00:00 2001 From: Dominika Date: Thu, 11 Nov 2021 02:46:35 +0100 Subject: [PATCH] + handling incorrect sesion data returned from the vendor API --- code/common.sh | 20 +++++++++++++++----- front/src/index.ts | 32 +++++++++++++++++++++++++++++++- front/src/style.scss | 5 ++++- webroot/api/packages.shs | 12 ++++++++++-- webroot/api/smscode.shs | 4 ++-- webroot/api/smscode_send.shs | 16 ++++++++++++++++ webroot/index.html | 24 ++++++++++++++++++++++++ 7 files changed, 102 insertions(+), 11 deletions(-) create mode 100644 webroot/api/smscode_send.shs diff --git a/code/common.sh b/code/common.sh index 57daeb2..10b2f3e 100644 --- a/code/common.sh +++ b/code/common.sh @@ -9,7 +9,12 @@ function get_auth_string() { local user="$(session_get_username ${cookies[sh_session]})" - echo "Authorization: Bearer $(cat secret/authTokens.dat | grep -P "^$user:" | sed -s "s/$user://")" + local token="$(cat secret/authTokens.dat | grep -P "^$user:" | sed -s "s/$user://")" + if [[ "$token" == 'null' ]]; then + exit 1 + fi + + echo "Authorization: Bearer $token" } function get_refresh_token() { @@ -40,10 +45,13 @@ function add_account_refreshtoken() { if ! session_verify "${cookies[sh_session]}"; then exit 0 fi + + username="$(session_get_username ${cookies[sh_session]})" - if check_if_user_exists refreshToken; then - echo "$(session_get_username ${cookies[sh_session]}):$1" >> secret/refreshTokens.dat + if ! check_if_user_exists refreshToken; then + sed -E -i '/^'"$username"':/d' secret/refreshTokens.dat fi + echo "$username:$1" >> secret/refreshTokens.dat } @@ -53,11 +61,13 @@ function add_account_authtoken() { exit 0 fi + username="$(session_get_username ${cookies[sh_session]})" token="$(sed 's/Bearer //g' <<< "$@")" - if check_if_user_exists authToken; then - echo "$(session_get_username ${cookies[sh_session]}):$token" >> secret/authTokens.dat + if ! check_if_user_exists authToken; then + sed -E -i '/^'"$username"':/d' secret/authTokens.dat fi + echo "$username:$token" >> secret/authTokens.dat } # update_account_authtoken(username) diff --git a/front/src/index.ts b/front/src/index.ts index 40f4260..a7cb831 100644 --- a/front/src/index.ts +++ b/front/src/index.ts @@ -223,6 +223,17 @@ const request = (resource: string, data: any) => ".package-list", ".description", ]); + case -4: + // the API broke our token + showElements([".tel-box", ".logout-button", ".reset-notice"]); + hideElements([ + ".login-box", + ".register-box", + ".mail-box", + ".package-list", + ".description", + ".sms-box", + ]); break; default: openError(res.description || res.msg || `Session error: ${res.status}`); @@ -519,6 +530,24 @@ window.addEventListener("load", () => { } }); + const tel = document.querySelector(".tel-form")!; + tel.addEventListener("submit", async (event) => { + event.preventDefault(); + const form = event.target as HTMLFormElement; + if (!phone) { + phone = (form.querySelector('input[name="phone"]')! as HTMLInputElement).value; + } + const res = await request("smscode_send", { + phone, + }); + if (res.status == 200) { + hideElements([".tel-box"]); + showElements([".sms-box"]); + } else { + openError(res.description || res.msg); + } + }); + const sms = document.querySelector(".sms-form")!; sms.addEventListener("submit", async (event) => { event.preventDefault(); @@ -531,7 +560,7 @@ window.addEventListener("load", () => { phone, }); if (res.status == 200) { - hideElements([".sms-box", ".description"]); + hideElements([".sms-box", ".reset-notice"]); phone = null; localStorage.removeItem("phone"); await refreshPackages(); @@ -539,6 +568,7 @@ window.addEventListener("load", () => { } else { openError(res.description || res.msg); } + (form.querySelector('input[name="code"]')! as HTMLInputElement).value = ""; }); [...Array.from(document.querySelectorAll(".modal-background"))].forEach((element) => { diff --git a/front/src/style.scss b/front/src/style.scss index 7f42aec..a4818d5 100644 --- a/front/src/style.scss +++ b/front/src/style.scss @@ -9,6 +9,7 @@ $family-sans-serif: BlinkMacSystemFont, -apple-system, sans-serif; @import "../node_modules/bulma/sass/grid/columns.sass"; @import "../node_modules/bulma/sass/elements/button.sass"; @import "../node_modules/bulma/sass/elements/container.sass"; +@import "../node_modules/bulma/sass/elements/notification.sass"; @import "../node_modules/bulma/sass/elements/table.sass"; @import "../node_modules/bulma/sass/elements/title.sass"; @import "../node_modules/bulma/sass/elements/other.sass"; @@ -28,7 +29,9 @@ $family-sans-serif: BlinkMacSystemFont, -apple-system, sans-serif; .error-box, .areyousure-box, .package-list, -.details-box { +.details-box, +.reset-notice, +.tel-box { display: none; } diff --git a/webroot/api/packages.shs b/webroot/api/packages.shs index 951f98b..b14e8a9 100644 --- a/webroot/api/packages.shs +++ b/webroot/api/packages.shs @@ -6,7 +6,15 @@ fi data='' while [[ "$data" == '' ]]; do - data=$(curl -s -H "$(get_auth_string)" "https://api-inmobile-pl.easypack24.net/v1/parcel?updatedAfter=1970-01-01T00:00:00.000Z") + auth="$(get_auth_string)" + if [[ $? == 1 ]]; then + broken_session=true # whatever, this works + fi + data=$(curl -s -H "$auth" "https://api-inmobile-pl.easypack24.net/v1/parcel?updatedAfter=1970-01-01T00:00:00.000Z") done -echo "$data" | jq -c "[.[] | {shipmentNumber: .shipmentNumber, status: .status, openCode: .openCode, senderName: .senderName, pickupPoint: {name: .pickupPoint.name, status: .pickupPoint.status, location: .pickupPoint.location, description: .pickupPoint.locationDescription, address: .pickupPoint.addressDetails}}]" +if [[ "$broken_session" == true ]]; then + jq -n '{status: $ARGS.positional[0], msg: $ARGS.positional[1]}' --args "-4" "The session went bork" +else + echo "$data" | jq -c "[.[] | {shipmentNumber: .shipmentNumber, status: .status, openCode: .openCode, senderName: .senderName, pickupPoint: {name: .pickupPoint.name, status: .pickupPoint.status, location: .pickupPoint.location, description: .pickupPoint.locationDescription, address: .pickupPoint.addressDetails}}]" +fi diff --git a/webroot/api/smscode.shs b/webroot/api/smscode.shs index 2daf306..d0b4994 100644 --- a/webroot/api/smscode.shs +++ b/webroot/api/smscode.shs @@ -16,8 +16,8 @@ if [[ "${post_data[phone]}" != "" && "${post_data[code]}" != "" ]]; then if [[ $(echo $tokens | jq .status) == "404" ]]; then jq -n '{status: $ARGS.positional[0], msg: $ARGS.positional[1]}' --args -1 "wrongData" else - add_account_refreshtoken $(echo $tokens | jq -r .refreshToken) - add_account_authtoken $(echo $tokens | jq -r .authToken) + add_account_refreshtoken "$(echo "$tokens" | jq -r .refreshToken)" + add_account_authtoken "$(echo "$tokens" | jq -r .authToken)" jq -n '{status: $ARGS.positional[0], msg: $ARGS.positional[1]}' --args 200 "success" fi fi diff --git a/webroot/api/smscode_send.shs b/webroot/api/smscode_send.shs new file mode 100644 index 0000000..0388c47 --- /dev/null +++ b/webroot/api/smscode_send.shs @@ -0,0 +1,16 @@ +#!/bin/bash +# stolen from mailcode.shs - probably should be merged sometime +if ! session_verify "${cookies[sh_session]}"; then + jq -n '{status: $ARGS.positional[0], msg: $ARGS.positional[1]}' --args -1 "You're not logged in!" + return +fi + +source "${cfg[namespace]}/code/common.sh" + +if [[ "${post_data[phone]}" != '' ]]; then + x='' + while [[ "$x" == '' ]]; do + x=$(curl -s "https://api-inmobile-pl.easypack24.net/v1/sendSMSCode/${post_data[phone]}") + done + jq -n '{status: $ARGS.positional[0], msg: $ARGS.positional[1]}' --args 200 "sent request" +fi diff --git a/webroot/index.html b/webroot/index.html index 8b95b68..b37be19 100644 --- a/webroot/index.html +++ b/webroot/index.html @@ -26,6 +26,12 @@
+
+ It appears that the vendor API sent OCW a bad token value. This means + that to authenticate to the service, you'll need to + re-validate your phone number.

+ Sorry for the inconvenience. +
Welcome to OCW!

@@ -232,6 +238,24 @@

+
+ +
+
+ +
+ +
+

The one your packages are assigned to

+
+ +
+