Decode extracted gpcallback

yuezk · Apr 5, 2024 · 8446874 · 8446874
1 parent c347f97
commit 8446874
Show file tree

Hide file tree

Showing 4 changed files with 36 additions and 9 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/apps/gpauth/Cargo.toml b/apps/gpauth/Cargo.toml
@@ -18,6 +18,7 @@ serde_json.workspace = true
 tokio.workspace = true
 tokio-util.workspace = true
 tempfile.workspace = true
+html-escape = "0.2.13"
 webkit2gtk = "0.18.2"
 tauri = { workspace = true, features = ["http-all"] }
 compile-time.workspace = true
diff --git a/apps/gpauth/src/auth_window.rs b/apps/gpauth/src/auth_window.rs
@@ -366,26 +366,24 @@ fn read_auth_data_from_html(html: &str) -> Result<SamlAuthData, AuthDataParseErr
     return Err(AuthDataParseError::Invalid);
   }
 
-  let auth_data = match SamlAuthData::from_html(html) {
+  match SamlAuthData::from_html(html) {
     Ok(auth_data) => Ok(auth_data),
     Err(err) => {
       if let Some(gpcallback) = extract_gpcallback(html) {
         info!("Found gpcallback from html...");
-        SamlAuthData::from_gpcallback(gpcallback)
+        SamlAuthData::from_gpcallback(&gpcallback)
       } else {
         Err(err)
       }
     }
-  };
-
-  auth_data
+  }
 }
 
-fn extract_gpcallback(html: &str) -> Option<&str> {
+fn extract_gpcallback(html: &str) -> Option<String> {
   let re = Regex::new(r#"globalprotectcallback:[^"]+"#).unwrap();
   re.captures(html)
     .and_then(|captures| captures.get(0))
-    .map(|m| m.as_str())
+    .map(|m| html_escape::decode_html_entities(m.as_str()).to_string())
 }
 
 fn read_auth_data(main_resource: &WebResource, auth_result_tx: mpsc::UnboundedSender<AuthResult>) {
@@ -500,11 +498,23 @@ mod tests {
     "#;
 
     assert_eq!(
-      extract_gpcallback(html),
+      extract_gpcallback(html).as_deref(),
       Some("globalprotectcallback:PGh0bWw+PCEtLSA8c")
     );
   }
 
+  #[test]
+  fn extract_gpcallback_cas() {
+    let html = r#"
+      <meta http-equiv="refresh" content="0; URL=globalprotectcallback:cas-as=1&amp;un=xyz@email.com&amp;token=very_long_string">
+    "#;
+
+    assert_eq!(
+      extract_gpcallback(html).as_deref(),
+      Some("globalprotectcallback:cas-as=1&un=xyz@email.com&token=very_long_string")
+    );
+  }
+
   #[test]
   fn extract_gpcallback_none() {
     let html = r#"

diff --git a/crates/gpapi/src/auth.rs b/crates/gpapi/src/auth.rs
@@ -66,7 +66,7 @@ impl SamlAuthData {
     let auth_data = data.trim_start_matches("globalprotectcallback:");
 
     if auth_data.starts_with("cas-as") {
-      info!("Got token auth data: {}", auth_data);
+      info!("Got CAS auth data from globalprotectcallback");
 
       let auth_data: SamlAuthData = serde_urlencoded::from_str(auth_data).map_err(|e| {
         warn!("Failed to parse token auth data: {}", e);