pyhOn/pyhon/connection/auth.py

import json
import logging
import re
import secrets
import urllib
from pprint import pformat
from typing import List, Tuple
from urllib import parse
from urllib.parse import quote

from yarl import URL

from pyhon import const, exceptions

_LOGGER = logging.getLogger(__name__)


class HonAuth:
    def __init__(self, session, email, password, device) -> None:
        self._session = session
        self._email = email
        self._password = password
        self._access_token = ""
        self._refresh_token = ""
        self._cognito_token = ""
        self._id_token = ""
        self._device = device
        self._called_urls: List[Tuple[int, str]] = []

    @property
    def cognito_token(self):
        return self._cognito_token

    @property
    def id_token(self):
        return self._id_token

    @property
    def access_token(self):
        return self._access_token

    @property
    def refresh_token(self):
        return self._refresh_token

    async def _error_logger(self, response, fail=True):
        result = "hOn Authentication Error\n"
        for i, (status, url) in enumerate(self._called_urls):
            result += f" {i + 1: 2d}     {status} - {url}\n"
        result += f"ERROR - {response.status} - {response.request_info.url}\n"
        result += f"{15 * '='} Response {15 * '='}\n{await response.text()}\n{40 * '='}"
        _LOGGER.error(result)
        if fail:
            raise exceptions.HonAuthenticationError("Can't login")

    async def _load_login(self):
        nonce = secrets.token_hex(16)
        nonce = f"{nonce[:8]}-{nonce[8:12]}-{nonce[12:16]}-{nonce[16:20]}-{nonce[20:]}"
        params = {
            "response_type": "token+id_token",
            "client_id": const.CLIENT_ID,
            "redirect_uri": urllib.parse.quote(
                f"{const.APP}://mobilesdk/detect/oauth/done"
            ),
            "display": "touch",
            "scope": "api openid refresh_token web",
            "nonce": nonce,
        }
        params = "&".join([f"{k}={v}" for k, v in params.items()])
        async with self._session.get(
            f"{const.AUTH_API}/services/oauth2/authorize/expid_Login?{params}"
        ) as response:
            self._called_urls.append((response.status, response.request_info.url))
            text = await response.text()
            if not (login_url := re.findall("url = '(.+?)'", text)):
                if "oauth/done#access_token=" in text:
                    self._parse_token_data(text)
                    raise exceptions.HonNoAuthenticationNeeded()
                await self._error_logger(response)
                return False
        async with self._session.get(login_url[0], allow_redirects=False) as redirect1:
            self._called_urls.append((redirect1.status, redirect1.request_info.url))
            if not (url := redirect1.headers.get("Location")):
                await self._error_logger(redirect1)
                return False
        async with self._session.get(url, allow_redirects=False) as redirect2:
            self._called_urls.append((redirect2.status, redirect2.request_info.url))
            if not (
                url := redirect2.headers.get("Location")
                + "&System=IoT_Mobile_App&RegistrationSubChannel=hOn"
            ):
                await self._error_logger(redirect2)
                return False
        async with self._session.get(
            URL(url, encoded=True), headers={"user-agent": const.USER_AGENT}
        ) as login_screen:
            self._called_urls.append(
                (login_screen.status, login_screen.request_info.url)
            )
            if context := re.findall(
                '"fwuid":"(.*?)","loaded":(\\{.*?})', await login_screen.text()
            ):
                fw_uid, loaded_str = context[0]
                loaded = json.loads(loaded_str)
                login_url = login_url[0].replace(
                    "/".join(const.AUTH_API.split("/")[:-1]), ""
                )
                return fw_uid, loaded, login_url
            await self._error_logger(login_screen)
        return False

    async def _login(self, fw_uid, loaded, login_url):
        data = {
            "message": {
                "actions": [
                    {
                        "id": "79;a",
                        "descriptor": "apex://LightningLoginCustomController/ACTION$login",
                        "callingDescriptor": "markup://c:loginForm",
                        "params": {
                            "username": quote(self._email),
                            "password": quote(self._password),
                            "startUrl": parse.unquote(
                                login_url.split("startURL=")[-1]
                            ).split("%3D")[0],
                        },
                    }
                ]
            },
            "aura.context": {
                "mode": "PROD",
                "fwuid": fw_uid,
                "app": "siteforce:loginApp2",
                "loaded": loaded,
                "dn": [],
                "globals": {},
                "uad": False,
            },
            "aura.pageURI": login_url,
            "aura.token": None,
        }
        params = {"r": 3, "other.LightningLoginCustom.login": 1}
        async with self._session.post(
            const.AUTH_API + "/s/sfsites/aura",
            headers={"Content-Type": "application/x-www-form-urlencoded"},
            data="&".join(f"{k}={json.dumps(v)}" for k, v in data.items()),
            params=params,
        ) as response:
            self._called_urls.append((response.status, response.request_info.url))
            if response.status == 200:
                try:
                    data = await response.json()
                    return data["events"][0]["attributes"]["values"]["url"]
                except json.JSONDecodeError:
                    pass
                except KeyError:
                    _LOGGER.error(
                        "Can't get login url - %s", pformat(await response.json())
                    )
            await self._error_logger(response)
            return ""

    def _parse_token_data(self, text):
        if access_token := re.findall("access_token=(.*?)&", text):
            self._access_token = access_token[0]
        if refresh_token := re.findall("refresh_token=(.*?)&", text):
            self._refresh_token = refresh_token[0]
        if id_token := re.findall("id_token=(.*?)&", text):
            self._id_token = id_token[0]

    async def _get_token(self, url):
        async with self._session.get(url) as response:
            self._called_urls.append((response.status, response.request_info.url))
            if response.status != 200:
                await self._error_logger(response)
                return False
            url = re.findall("href\\s*=\\s*[\"'](.+?)[\"']", await response.text())
            if not url:
                await self._error_logger(response)
                return False
        if "ProgressiveLogin" in url[0]:
            async with self._session.get(url[0]) as response:
                self._called_urls.append((response.status, response.request_info.url))
                if response.status != 200:
                    await self._error_logger(response)
                    return False
                url = re.findall("href\\s*=\\s*[\"'](.*?)[\"']", await response.text())
        url = "/".join(const.AUTH_API.split("/")[:-1]) + url[0]
        async with self._session.get(url) as response:
            self._called_urls.append((response.status, response.request_info.url))
            if response.status != 200:
                await self._error_logger(response)
                return False
            self._parse_token_data(await response.text())
        return True

    async def _api_auth(self):
        post_headers = {"id-token": self._id_token}
        data = self._device.get()
        async with self._session.post(
            f"{const.API_URL}/auth/v1/login", headers=post_headers, json=data
        ) as response:
            self._called_urls.append((response.status, response.request_info.url))
            try:
                json_data = await response.json()
            except json.JSONDecodeError:
                await self._error_logger(response)
                return False
            self._cognito_token = json_data["cognitoUser"]["Token"]
        return True

    async def authenticate(self):
        self.clear()
        try:
            if not (login_site := await self._load_login()):
                raise exceptions.HonAuthenticationError("Can't open login page")
            if not (url := await self._login(*login_site)):
                raise exceptions.HonAuthenticationError("Can't login")
            if not await self._get_token(url):
                raise exceptions.HonAuthenticationError("Can't get token")
            if not await self._api_auth():
                raise exceptions.HonAuthenticationError("Can't get api token")
        except exceptions.HonNoAuthenticationNeeded:
            return

    async def refresh(self):
        params = {
            "client_id": const.CLIENT_ID,
            "refresh_token": self._refresh_token,
            "grant_type": "refresh_token",
        }
        async with self._session.post(
            f"{const.AUTH_API}/services/oauth2/token", params=params
        ) as response:
            self._called_urls.append((response.status, response.request_info.url))
            if response.status >= 400:
                await self._error_logger(response, fail=False)
                return False
            data = await response.json()
        self._id_token = data["id_token"]
        self._access_token = data["access_token"]
        return await self._api_auth()

    def clear(self):
        self._session.cookie_jar.clear_domain(const.AUTH_API.split("/")[-2])
        self._cognito_token = ""
        self._id_token = ""
        self._access_token = ""
        self._refresh_token = ""
Init commit 2023-02-13 01:41:38 +01:00			`import json`
			`import logging`
			`import re`
			`import secrets`
			`import urllib`
Improve logging 2023-04-10 06:42:40 +02:00			`from pprint import pformat`
Add some type hints 2023-04-13 23:25:49 +02:00			`from typing import List, Tuple`
Init commit 2023-02-13 01:41:38 +01:00			`from urllib import parse`
Encode username/password 2023-04-12 02:09:41 +02:00			`from urllib.parse import quote`
Init commit 2023-02-13 01:41:38 +01:00
Clean up authentication 2023-03-17 01:56:04 +01:00			`from yarl import URL`
Init commit 2023-02-13 01:41:38 +01:00
Fix unclear session errors 2023-04-12 19:14:14 +02:00			`from pyhon import const, exceptions`
Init commit 2023-02-13 01:41:38 +01:00
Fix login issue 2023-04-10 20:31:55 +02:00			`_LOGGER = logging.getLogger(__name__)`
Init commit 2023-02-13 01:41:38 +01:00

			`class HonAuth:`
Use connection handler 2023-04-09 18:13:50 +02:00			`def __init__(self, session, email, password, device) -> None:`
			`self._session = session`
			`self._email = email`
			`self._password = password`
Clean up authentication 2023-03-17 01:56:04 +01:00			`self._access_token = ""`
			`self._refresh_token = ""`
Init commit 2023-02-13 01:41:38 +01:00			`self._cognito_token = ""`
			`self._id_token = ""`
Use connection handler 2023-04-09 18:13:50 +02:00			`self._device = device`
Add some type hints 2023-04-13 23:25:49 +02:00			`self._called_urls: List[Tuple[int, str]] = []`
Init commit 2023-02-13 01:41:38 +01:00
			`@property`
			`def cognito_token(self):`
			`return self._cognito_token`

			`@property`
			`def id_token(self):`
			`return self._id_token`

Clean up authentication 2023-03-17 01:56:04 +01:00			`@property`
			`def access_token(self):`
			`return self._access_token`

			`@property`
			`def refresh_token(self):`
			`return self._refresh_token`

Improve logging for authentication errors 2023-04-11 00:59:00 +02:00			`async def _error_logger(self, response, fail=True):`
			`result = "hOn Authentication Error\n"`
			`for i, (status, url) in enumerate(self._called_urls):`
			`result += f" {i + 1: 2d} {status} - {url}\n"`
			`result += f"ERROR - {response.status} - {response.request_info.url}\n"`
			`result += f"{15 * '='} Response {15 * '='}\n{await response.text()}\n{40 * '='}"`
			`_LOGGER.error(result)`
			`if fail:`
Fix unclear session errors 2023-04-12 19:14:14 +02:00			`raise exceptions.HonAuthenticationError("Can't login")`
Improve logging for authentication errors 2023-04-11 00:59:00 +02:00
Use connection handler 2023-04-09 18:13:50 +02:00			`async def _load_login(self):`
Clean up authentication 2023-03-17 01:56:04 +01:00			`nonce = secrets.token_hex(16)`
			`nonce = f"{nonce[:8]}-{nonce[8:12]}-{nonce[12:16]}-{nonce[16:20]}-{nonce[20:]}"`
			`params = {`
			`"response_type": "token+id_token",`
			`"client_id": const.CLIENT_ID,`
Format with black 2023-04-09 20:55:36 +02:00			`"redirect_uri": urllib.parse.quote(`
			`f"{const.APP}://mobilesdk/detect/oauth/done"`
			`),`
Clean up authentication 2023-03-17 01:56:04 +01:00			`"display": "touch",`
			`"scope": "api openid refresh_token web",`
Format with black 2023-04-09 20:55:36 +02:00			`"nonce": nonce,`
Clean up authentication 2023-03-17 01:56:04 +01:00			`}`
			`params = "&".join([f"{k}={v}" for k, v in params.items()])`
Format with black 2023-04-09 20:55:36 +02:00			`async with self._session.get(`
			`f"{const.AUTH_API}/services/oauth2/authorize/expid_Login?{params}"`
Fix login issue 2023-04-10 20:31:55 +02:00			`) as response:`
Improve logging for authentication errors 2023-04-11 00:59:00 +02:00			`self._called_urls.append((response.status, response.request_info.url))`
Fix unclear session errors 2023-04-12 19:14:14 +02:00			`text = await response.text()`
			`if not (login_url := re.findall("url = '(.+?)'", text)):`
			`if "oauth/done#access_token=" in text:`
			`self._parse_token_data(text)`
			`raise exceptions.HonNoAuthenticationNeeded()`
Improve logging for authentication errors 2023-04-11 00:59:00 +02:00			`await self._error_logger(response)`
Clean up authentication 2023-03-17 01:56:04 +01:00			`return False`
Use connection handler 2023-04-09 18:13:50 +02:00			`async with self._session.get(login_url[0], allow_redirects=False) as redirect1:`
Improve logging for authentication errors 2023-04-11 00:59:00 +02:00			`self._called_urls.append((redirect1.status, redirect1.request_info.url))`
Clean up authentication 2023-03-17 01:56:04 +01:00			`if not (url := redirect1.headers.get("Location")):`
Improve logging for authentication errors 2023-04-11 00:59:00 +02:00			`await self._error_logger(redirect1)`
Clean up authentication 2023-03-17 01:56:04 +01:00			`return False`
Use connection handler 2023-04-09 18:13:50 +02:00			`async with self._session.get(url, allow_redirects=False) as redirect2:`
Improve logging for authentication errors 2023-04-11 00:59:00 +02:00			`self._called_urls.append((redirect2.status, redirect2.request_info.url))`
Format with black 2023-04-09 20:55:36 +02:00			`if not (`
			`url := redirect2.headers.get("Location")`
			`+ "&System=IoT_Mobile_App&RegistrationSubChannel=hOn"`
			`):`
Improve logging for authentication errors 2023-04-11 00:59:00 +02:00			`await self._error_logger(redirect2)`
Clean up authentication 2023-03-17 01:56:04 +01:00			`return False`
Fix session issues 2023-04-12 01:07:03 +02:00			`async with self._session.get(`
			`URL(url, encoded=True), headers={"user-agent": const.USER_AGENT}`
			`) as login_screen:`
Improve logging for authentication errors 2023-04-11 00:59:00 +02:00			`self._called_urls.append(`
			`(login_screen.status, login_screen.request_info.url)`
			`)`
Format with black 2023-04-09 20:55:36 +02:00			`if context := re.findall(`
			`'"fwuid":"(.?)","loaded":(\\{.?})', await login_screen.text()`
			`):`
Clean up authentication 2023-03-17 01:56:04 +01:00			`fw_uid, loaded_str = context[0]`
			`loaded = json.loads(loaded_str)`
Format with black 2023-04-09 20:55:36 +02:00			`login_url = login_url[0].replace(`
			`"/".join(const.AUTH_API.split("/")[:-1]), ""`
			`)`
Clean up authentication 2023-03-17 01:56:04 +01:00			`return fw_uid, loaded, login_url`
Improve logging for authentication errors 2023-04-11 00:59:00 +02:00			`await self._error_logger(login_screen)`
Clean up authentication 2023-03-17 01:56:04 +01:00			`return False`

Use connection handler 2023-04-09 18:13:50 +02:00			`async def _login(self, fw_uid, loaded, login_url):`
Init commit 2023-02-13 01:41:38 +01:00			`data = {`
			`"message": {`
			`"actions": [`
			`{`
			`"id": "79;a",`
			`"descriptor": "apex://LightningLoginCustomController/ACTION$login",`
			`"callingDescriptor": "markup://c:loginForm",`
			`"params": {`
Encode username/password 2023-04-12 02:09:41 +02:00			`"username": quote(self._email),`
			`"password": quote(self._password),`
Format with black 2023-04-09 20:55:36 +02:00			`"startUrl": parse.unquote(`
			`login_url.split("startURL=")[-1]`
			`).split("%3D")[0],`
			`},`
Init commit 2023-02-13 01:41:38 +01:00			`}`
			`]`
			`},`
			`"aura.context": {`
			`"mode": "PROD",`
Clean up authentication 2023-03-17 01:56:04 +01:00			`"fwuid": fw_uid,`
Init commit 2023-02-13 01:41:38 +01:00			`"app": "siteforce:loginApp2",`
Clean up authentication 2023-03-17 01:56:04 +01:00			`"loaded": loaded,`
Init commit 2023-02-13 01:41:38 +01:00			`"dn": [],`
			`"globals": {},`
Format with black 2023-04-09 20:55:36 +02:00			`"uad": False,`
			`},`
Clean up authentication 2023-03-17 01:56:04 +01:00			`"aura.pageURI": login_url,`
Format with black 2023-04-09 20:55:36 +02:00			`"aura.token": None,`
			`}`
Init commit 2023-02-13 01:41:38 +01:00			`params = {"r": 3, "other.LightningLoginCustom.login": 1}`
Use connection handler 2023-04-09 18:13:50 +02:00			`async with self._session.post(`
Format with black 2023-04-09 20:55:36 +02:00			`const.AUTH_API + "/s/sfsites/aura",`
			`headers={"Content-Type": "application/x-www-form-urlencoded"},`
			`data="&".join(f"{k}={json.dumps(v)}" for k, v in data.items()),`
			`params=params,`
Init commit 2023-02-13 01:41:38 +01:00			`) as response:`
Improve logging for authentication errors 2023-04-11 00:59:00 +02:00			`self._called_urls.append((response.status, response.request_info.url))`
Clean up authentication 2023-03-17 01:56:04 +01:00			`if response.status == 200:`
			`try:`
Improve logging 2023-04-10 06:42:40 +02:00			`data = await response.json()`
			`return data["events"][0]["attributes"]["values"]["url"]`
Clean up authentication 2023-03-17 01:56:04 +01:00			`except json.JSONDecodeError:`
			`pass`
Improve logging 2023-04-10 06:42:40 +02:00			`except KeyError:`
			`_LOGGER.error(`
			`"Can't get login url - %s", pformat(await response.json())`
			`)`
Improve logging for authentication errors 2023-04-11 00:59:00 +02:00			`await self._error_logger(response)`
Clean up authentication 2023-03-17 01:56:04 +01:00			`return ""`
Init commit 2023-02-13 01:41:38 +01:00
Fix unclear session errors 2023-04-12 19:14:14 +02:00			`def _parse_token_data(self, text):`
			`if access_token := re.findall("access_token=(.*?)&", text):`
			`self._access_token = access_token[0]`
			`if refresh_token := re.findall("refresh_token=(.*?)&", text):`
			`self._refresh_token = refresh_token[0]`
			`if id_token := re.findall("id_token=(.*?)&", text):`
			`self._id_token = id_token[0]`

Use connection handler 2023-04-09 18:13:50 +02:00			`async def _get_token(self, url):`
Fix login issue 2023-04-10 20:31:55 +02:00			`async with self._session.get(url) as response:`
Improve logging for authentication errors 2023-04-11 00:59:00 +02:00			`self._called_urls.append((response.status, response.request_info.url))`
Fix login issue 2023-04-10 20:31:55 +02:00			`if response.status != 200:`
Improve logging for authentication errors 2023-04-11 00:59:00 +02:00			`await self._error_logger(response)`
Clean up authentication 2023-03-17 01:56:04 +01:00			`return False`
Fix login issue 2023-04-10 20:31:55 +02:00			`url = re.findall("href\\s=\\s[\"'](.+?)[\"']", await response.text())`
Improve logging for authentication errors 2023-04-11 00:59:00 +02:00			`if not url:`
			`await self._error_logger(response)`
			`return False`
Fix login issue 2023-04-10 20:31:55 +02:00			`if "ProgressiveLogin" in url[0]:`
			`async with self._session.get(url[0]) as response:`
Improve logging for authentication errors 2023-04-11 00:59:00 +02:00			`self._called_urls.append((response.status, response.request_info.url))`
Fix login issue 2023-04-10 20:31:55 +02:00			`if response.status != 200:`
Improve logging for authentication errors 2023-04-11 00:59:00 +02:00			`await self._error_logger(response)`
Fix login issue 2023-04-10 20:31:55 +02:00			`return False`
			`url = re.findall("href\\s=\\s[\"'](.*?)[\"']", await response.text())`
			`url = "/".join(const.AUTH_API.split("/")[:-1]) + url[0]`
			`async with self._session.get(url) as response:`
Improve logging for authentication errors 2023-04-11 00:59:00 +02:00			`self._called_urls.append((response.status, response.request_info.url))`
Fix login issue 2023-04-10 20:31:55 +02:00			`if response.status != 200:`
Improve logging for authentication errors 2023-04-11 00:59:00 +02:00			`await self._error_logger(response)`
Init commit 2023-02-13 01:41:38 +01:00			`return False`
Fix unclear session errors 2023-04-12 19:14:14 +02:00			`self._parse_token_data(await response.text())`
Init commit 2023-02-13 01:41:38 +01:00			`return True`

Fix token refresh problems 2023-04-11 17:09:02 +02:00			`async def _api_auth(self):`
Get new token via refresh-token #10 2023-04-09 18:43:57 +02:00			`post_headers = {"id-token": self._id_token}`
Use connection handler 2023-04-09 18:13:50 +02:00			`data = self._device.get()`
Format with black 2023-04-09 20:55:36 +02:00			`async with self._session.post(`
			`f"{const.API_URL}/auth/v1/login", headers=post_headers, json=data`
Fix login issue 2023-04-10 20:31:55 +02:00			`) as response:`
Improve logging for authentication errors 2023-04-11 00:59:00 +02:00			`self._called_urls.append((response.status, response.request_info.url))`
Use connection handler 2023-04-09 18:13:50 +02:00			`try:`
Fix login issue 2023-04-10 20:31:55 +02:00			`json_data = await response.json()`
Use connection handler 2023-04-09 18:13:50 +02:00			`except json.JSONDecodeError:`
Improve logging for authentication errors 2023-04-11 00:59:00 +02:00			`await self._error_logger(response)`
Use connection handler 2023-04-09 18:13:50 +02:00			`return False`
			`self._cognito_token = json_data["cognitoUser"]["Token"]`
Init commit 2023-02-13 01:41:38 +01:00			`return True`
Get new token via refresh-token #10 2023-04-09 18:43:57 +02:00
Fix unclear session errors 2023-04-12 19:14:14 +02:00			`async def authenticate(self):`
			`self.clear()`
			`try:`
			`if not (login_site := await self._load_login()):`
			`raise exceptions.HonAuthenticationError("Can't open login page")`
			`if not (url := await self._login(*login_site)):`
			`raise exceptions.HonAuthenticationError("Can't login")`
			`if not await self._get_token(url):`
			`raise exceptions.HonAuthenticationError("Can't get token")`
			`if not await self._api_auth():`
			`raise exceptions.HonAuthenticationError("Can't get api token")`
			`except exceptions.HonNoAuthenticationNeeded:`
			`return`

Get new token via refresh-token #10 2023-04-09 18:43:57 +02:00			`async def refresh(self):`
			`params = {`
			`"client_id": const.CLIENT_ID,`
			`"refresh_token": self._refresh_token,`
Format with black 2023-04-09 20:55:36 +02:00			`"grant_type": "refresh_token",`
Get new token via refresh-token #10 2023-04-09 18:43:57 +02:00			`}`
Format with black 2023-04-09 20:55:36 +02:00			`async with self._session.post(`
			`f"{const.AUTH_API}/services/oauth2/token", params=params`
Fix login issue 2023-04-10 20:31:55 +02:00			`) as response:`
Improve logging for authentication errors 2023-04-11 00:59:00 +02:00			`self._called_urls.append((response.status, response.request_info.url))`
Fix login issue 2023-04-10 20:31:55 +02:00			`if response.status >= 400:`
Improve logging for authentication errors 2023-04-11 00:59:00 +02:00			`await self._error_logger(response, fail=False)`
Get new token via refresh-token #10 2023-04-09 18:43:57 +02:00			`return False`
Fix login issue 2023-04-10 20:31:55 +02:00			`data = await response.json()`
Improve logging 2023-04-10 06:42:40 +02:00			`self._id_token = data["id_token"]`
			`self._access_token = data["access_token"]`
Fix token refresh problems 2023-04-11 17:09:02 +02:00			`return await self._api_auth()`
Fix unclear session errors 2023-04-12 19:14:14 +02:00
			`def clear(self):`
			`self._session.cookie_jar.clear_domain(const.AUTH_API.split("/")[-2])`
			`self._cognito_token = ""`
			`self._id_token = ""`
			`self._access_token = ""`
			`self._refresh_token = ""`