X-Git-Url: https://code.communitydata.science/nu-vpn-proxy.git/blobdiff_plain/4e5cd24588877af51835169b89cae394f20813cc..f429acaa10d15792bf74a4c6cafcf890cd0676ad:/gp-saml-gui.py diff --git a/gp-saml-gui.py b/gp-saml-gui.py index 6bc121e..e34d123 100755 --- a/gp-saml-gui.py +++ b/gp-saml-gui.py @@ -6,6 +6,7 @@ import pprint import urllib import requests import xml.etree.ElementTree as ET +import os from sys import stderr from binascii import a2b_base64 @@ -17,31 +18,45 @@ gi.require_version('WebKit2', '4.0') from gi.repository import WebKit2 class SAMLLoginView: - def __init__(self, uri, html=None, verbose=False): + def __init__(self, uri, html=None, verbose=False, cookies=None): window = Gtk.Window() # API reference: https://lazka.github.io/pgi-docs/#WebKit2-4.0 - # TODO: cookies, see https://stackoverflow.com/questions/48368219/webkit2-webview-how-to-store-cookies-and-reuse-it-again self.success = False + self.verbose = verbose + + self.ctx = WebKit2.WebContext.get_default() + self.cookies = self.ctx.get_cookie_manager() + if args.cookies: + self.cookies.set_accept_policy(WebKit2.CookieAcceptPolicy.ALWAYS) + self.cookies.set_persistent_storage(args.cookies, WebKit2.CookiePersistentStorage.TEXT) self.wview = WebKit2.WebView() - if html: - self.wview.load_html(html, uri) - else: - self.wview.load_uri(uri) + window.resize(500, 500) window.add(self.wview) window.show_all() window.set_title("SAML Login") window.connect('delete-event', Gtk.main_quit) self.wview.connect('load-changed', self.get_saml_headers) + self.wview.connect('resource-load-started', self.log_resources) + + if html: + self.wview.load_html(html, uri) + else: + self.wview.load_uri(uri) + + def log_resources(self, webview, resource, request): + if self.verbose > 1: + print('%s for resource %s' % (request.get_http_method() or 'Request', resource.get_uri()), file=stderr) def get_saml_headers(self, webview, event): if event != WebKit2.LoadEvent.FINISHED: return mr = webview.get_main_resource() - print("Finished loading %s..." % mr.get_uri(), file=stderr) + if self.verbose: + print("Finished loading %s" % mr.get_uri(), file=stderr) rs = mr.get_response() h = rs.get_http_headers() if h: @@ -52,7 +67,8 @@ class SAMLLoginView: h.foreach(listify) self.saml_result = d = dict(l) if d: - print("Got SAML relevant headers, done: %r" % d, file=stderr) + if self.verbose: + print("Got SAML relevant headers, done: %r" % d, file=stderr) self.success = True Gtk.main_quit() @@ -61,6 +77,8 @@ def parse_args(args = None): p.add_argument('-v','--verbose', default=0, action='count') p.add_argument('server', help='GlobalProtect server (portal or gateway)') p.add_argument('--no-verify', dest='verify', action='store_false', default=True, help='Ignore invalid server certificate') + p.add_argument('-C', '--no-cookies', dest='cookies', action='store_const', const=None, + default='~/.gp-saml-gui-cookies', help="Don't use cookies (stored in %(default)s)") x = p.add_mutually_exclusive_group() x.add_argument('-p','--portal', dest='portal', action='store_true', help='SAML auth to portal') x.add_argument('-g','--gateway', dest='portal', action='store_false', help='SAML auth to gateway (default)') @@ -72,6 +90,9 @@ def parse_args(args = None): args.extra = dict(x.split('=', 1) for x in args.extra) + if args.cookies: + args.cookies = os.path.expanduser(args.cookies) + if args.cert and args.key: args.cert, args.key = (args.cert, args.key), None elif args.cert: @@ -99,16 +120,16 @@ if __name__ == "__main__": if sam is None or sr is None: p.error("This does not appear to be a SAML prelogin response ( or tags missing)") elif sam.text == 'POST': - print("Got SAML POST content, opening browser...", file=stderr) html, uri = a2b_base64(sr.text).decode(), None elif sam.text == 'REDIRECT': - print("Got SAML REDIRECT to %s, opening browser..." % sr.text, file=stderr) uri, html = sr.text, None else: p.error("Unknown SAML method (%s)" % sam.text) # spawn WebKit view to do SAML interactive login - slv = SAMLLoginView(uri, html, verbose=args.verbose) + if args.verbose: + print("Got SAML POST, opening browser...", file=stderr) + slv = SAMLLoginView(uri, html, verbose=args.verbose, cookies=args.cookies) Gtk.main() if not slv.success: p.error('''Login window closed without producing SAML cookie''')