Fix shibboleth login by passing a CSRF token (#4)

Credits go 2714ac6be6
where I derived this fix from.
This commit is contained in:
Maximilian Bosch 2020-12-31 10:59:28 +01:00 committed by GitHub
parent d557efef6b
commit 973bb65867
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -642,13 +642,18 @@ impl ILIAS {
"home_organization_selection": "Mit KIT-Account anmelden" "home_organization_selection": "Mit KIT-Account anmelden"
})) }))
.send().await?; .send().await?;
let url = session_establishment.url().clone();
let text = session_establishment.text().await?;
let dom_sso = Html::parse_document(text.as_str());
let csrf_token = dom_sso.select(&Selector::parse(r#"input[name="csrf_token"]"#).unwrap()).next().context("no csrf token")?;
println!("Logging into Shibboleth.."); println!("Logging into Shibboleth..");
let login_response = this.client let login_response = this.client
.post(session_establishment.url().clone()) .post(url)
.form(&json!({ .form(&json!({
"j_username": &this.user, "j_username": &this.user,
"j_password": &this.pass, "j_password": &this.pass,
"_eventId_proceed": "" "_eventId_proceed": "",
"csrf_token": csrf_token.value().attr("value").ok_or(anyhow!("no csrf token"))?,
})) }))
.send().await?.text().await?; .send().await?.text().await?;
let dom = Html::parse_document(&login_response); let dom = Html::parse_document(&login_response);