-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathssoapi.py
332 lines (257 loc) · 10.6 KB
/
ssoapi.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
#!/usr/bin/python
"""
Copyright (C) 2011-2013 Milos Ivanovic
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
"""
import sys
import urllib, urllib2
import cookielib
import lxml.html, lxml.etree
import random
import time
class XPath(object):
def parser(self, expression, input, list = False):
if type(input) == str:
result = lxml.html.fromstring(input)
elif type(input) == lxml.etree._ElementTree:
result = input
else:
result = lxml.html.parse(input)
if expression:
findings = result.xpath(expression)
else:
return result
if findings:
if list:
return findings
else:
return findings[0]
else:
return None
class SSOAPI(object):
def __init__(self, username, password, debug = False):
self.xpath = XPath().parser
self.debug = debug
self.username = username
self.password = password
self.urls = [
'https://www.student.auckland.ac.nz',
'https://iam.auckland.ac.nz/Authn/UserPassword',
'/ps%s/ps/EMPLOYEE/HRMS/c/SA_LEARNER_SERVICES.%s.GBL'
]
self.default_component = 'SSS_STUDENT_CENTER'
self.last_component = None
self._build_session()
def _build_session(self):
self.session = cookielib.CookieJar()
self.opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(self.session))
self.opener.addheaders = [('User-Agent', 'Mozilla/5.0 (Windows NT 6.2; WOW64; rv:19.0) Gecko/20100101 Firefox/19.0')]
self.login_time = None
self.current_user = None
def _fetch(self, url, params = None):
retry = 0
while True:
try:
obj = self.opener.open(url, params)
if self.login_time and (obj.geturl().replace(':443', '') == self.urls[1] or retry > 0):
self.reset()
return self._fetch(url, params)
else:
return obj
except urllib2.URLError, e:
if getattr(e, 'code', False):
self.reset()
raise
time.sleep(1)
retry += 1
self._abort(e)
def _log(self, message, severity = 0):
if self.debug:
print message
if severity >= 1:
return False
def _abort(self, e):
self._log("\n[ !! ] Unrecoverable error (details: %s); aborting\n" % (e or 'unknown'), 2)
#sys.exit(getattr(e, 'code', -1))
def login(self):
if not self.login_time:
self.login_time = 0
if self._idp_login():
self.login_time = time.time()
return True
else:
self._log('Already logged in.')
return False
def reset(self):
if self.login_time:
self._build_session()
self.login()
return True
self._log('Not logged in yet.')
return False
def logout(self):
if self.login_time:
self._build_session()
return True
self._log('Not logged in yet.')
return False
def _idp_login(self):
self._log("* Shibboleth IdP")
self._log("** Loading login page...")
self._fetch('%s/' % self.urls[0])
# login onto the identity provider
self._log("** Sending encapsulated credentials...")
ssosubmit = self._fetch(self.urls[1], urllib.urlencode(
{
'submitted': 1,
'j_username': self.username,
'j_password': self.password,
}
))
if not ssosubmit:
return self._log('Error sending credentials.', 1)
elif ssosubmit.geturl().replace(':443', '') == self.urls[1]:
return self._log('Invalid credentials.', 1)
ssopagexp = self.xpath(None, ssosubmit, True)
# send authentication response
self._log("** Exchanging session data...")
saml = self._fetch('%s/Shibboleth.sso/SAML2/POST' % self.urls[0], urllib.urlencode(
{
'RelayState': self.xpath("//input[@name='RelayState']/@value", ssopagexp),
'SAMLResponse': self.xpath("//input[@name='SAMLResponse']/@value", ssopagexp)
}
))
if not saml:
return self._log('Error with SAML exchange.', 1)
return self._sso_login()
def _sso_login(self):
# load SSO homepage
self._log("\n* Oracle PeopleSoft")
self._log("** Loading SSO homepage...")
ssoframes = self._fetch('%s%s?cmd=login' % (self.urls[0], self.urls[2] % ('p', self.default_component)), urllib.urlencode(
{
'timezoneOffset': -780,
'userid': '%s*sso' % self.username,
'pwd': 'ssologin%d' % random.randint(1, 1000000000000)
}
))
if not ssoframes:
return self._log('Error loading SSO frame data.', 1)
# load main HTML frame and grab SID and user's first name
self._log("** Loading primary frame...")
homepage = self._fetch(self.xpath("//frame[@name='TargetContent']/@src", ssoframes)).read()
icsid = self.xpath("//input[@name='ICSID']/@value", homepage)
if not icsid:
return self._log('Error loading primary data frame.', 1)
self._log("** Received session ID: %s" % icsid)
self.current_user = self.xpath("//span[starts-with(@id, 'UOA_DERIVED_SSS_TITLE1')]/text()", homepage).split()[1]
return True
def call(self, component, action = None, params = {}):
if self.login_time:
component = self.default_component if not component else component
recurse = True if self.last_component != component and action else False
self.url = '%s%s' % (self.urls[0], self.urls[2] % ('c', component))
self.params = {'ICAction': action} if action else {}
if params:
self.params.update(params)
if recurse:
self._log("Loading %s -> Default..." % component)
self._submit(with_params = False)
self._log("Loading %s -> %s..." % (component, self.params.get('ICAction', 'Default')))
self._log("Params: %s\n" % dict((k, v) for (k, v) in self.params.iteritems() if k != 'ICAction'))
self.last_component = component
return self._parse(component, self._submit(post = True if params else False))
self._log('Not logged in.')
return False
def _submit(self, post = False, with_params = True):
params = self.params if with_params else {}
if post:
result = self._fetch(self.url, urllib.urlencode(params)).read()
else:
result = self._fetch("%s?%s" % (self.url, urllib.urlencode(params))).read()
return result
def _parse(self, component, html):
return html
# this method does nothing whatsoever (yet)
if __name__ == "__main__":
print "Usage: place this module in the same directory as your python script and import it"
'''
QUICK START GUIDE WITH A FEW SIMPLE EXAMPLES
------------------------------------------------------------------------------------------
1. Install any missing dependencies (probably lxml)
2. Either interactively load Python and import the module, which needs to be in the same
directory as your current working directory:
>>> import ssoapi
>>> [further commands go here]
OR
Write a script; the commands are the same as with the interactive interpreter.
3. Create an instance of the SSOAPI class
api = ssoapi.SSOAPI('user', 'pass')
You may pass an optional argument to increase verbosity: SSOAPI('user', 'pass', True)
4. Login using the API
api.login()
The user's first name is stored in api.current_user to use if needed.
You can also logout at any time by using api.logout() or if you want to reset
your session (logout and login), use api.reset()
5. Select an API call; you will receive the HTML for the requested page
SSO homepage
api.call(None)
List all graded semesters since induction
api.call('SSR_SSENRL_GRADE')
Current semester timetable
api.call('SSR_SSENRL_LIST', 'DERIVED_SSS_SCT_SSR_PB_GO', {'SSR_DUMMY_RECV1$sels$0': '0'})
Next semester timetable
increase the value of 'SSR_DUMMY_RECV1$sels$0' from '0' to '1' - that means this here ^
(0 means first choice on any ordered SSO list, 1 means second, and so on)
Latest-enrolled semester grades
api.call('SSR_SSENRL_GRADE', 'DERIVED_SSS_SCT_SSR_PB_GO', {'SSR_DUMMY_RECV1$sels$0': '0'})
Second-latest-enrolled semester grades
increase the value of 'SSR_DUMMY_RECV1$sels$0' from '0' to '1'
-------------------------------------------------------------------------------------------
If you want other features, find out what you need to request to get the page you want.
Live HTTP Headers is the Firefox add-on that was used in the making of this API.
-------------------------------------------------------------------------------------------
HOW TO FIND YOUR OWN API CALLS TO USE WITH THIS MODULE
-----------------------------------------------------------------------------------------------
Note that depending on what you would like to achieve, steps 3 and 4 may be optional.
1. To be able to see the frame URL successfully you must choose to view only the main frame
while exploring SSO. On Firefox this can be done by right-clicking and choosing:
This Frame -> Show Only This Frame
2. Paying attention to the URL, you will see that there is a dynamic section, between the
two dots near the right end:
/psc/ps/EMPLOYEE/HRMS/c/SA_LEARNER_SERVICES.SSS_STUDENT_CENTER.GBL
'SSS_STUDENT_CENTER' is what is being referred to in this example, which is the first
parameter for api.call() if you are interested in this page.
3. Now it is necessary to look for the value of the hidden ICAction form field.
When hovering on the link you want the API to emulate a click on, you will notice
the browser's status area display something like the below, with a capitalised section:
javascript: hAction_win0(document.win0,'DERIVED_SSS_SCR_SSS_LINK_ANCHOR2',%200, ... );
'DERIVED_SSS_SCR_SSS_LINK_ANCHOR2' is what is being referred to in this example, which
is also coincidentally the second parameter for api.call().
4. When the link explained in the previous step is clicked on, it will submit an AJAX
POST request to the server which you may or may not need to scrape (spy on) to match
with this API. You may specify as little or as many additional parameters to api.call()
as needed to generate the same result as your browser.
A full API call of the above scenario is exposed below.
api.call('SSS_STUDENT_CENTER', 'DERIVED_SSS_SCR_SSS_LINK_ANCHOR2', {
'param1': 'value1',
'param2': 'value2',
'param3': 'value3'
})
This submits the link DERIVED_SSS_SCR_SSS_LINK_ANCHOR2 to page SSS_STUDENT_CENTER with
parameters
param1 => value1
param2 => value2
param3 => value3
and returns the HTML content of whatever this might generate.
It's now up to you to extend this API and parse the response.
'''