From a157c1e95ede446af6157b7a2f37033dde331ef7 Mon Sep 17 00:00:00 2001 From: Aaron Cowdin Date: Wed, 5 Jun 2024 07:28:07 -0700 Subject: [PATCH 1/2] Update the googleapps IDP provider to work with changes to Google login page while maintaining gaialogin compatibility --- .../example/form-password-challengeid-3.html | 93 +++++++++++++++++++ pkg/provider/googleapps/googleapps.go | 43 ++++++--- pkg/provider/googleapps/googleapps_test.go | 36 +++++++ 3 files changed, 161 insertions(+), 11 deletions(-) create mode 100644 pkg/provider/googleapps/example/form-password-challengeid-3.html diff --git a/pkg/provider/googleapps/example/form-password-challengeid-3.html b/pkg/provider/googleapps/example/form-password-challengeid-3.html new file mode 100644 index 000000000..3591d59fc --- /dev/null +++ b/pkg/provider/googleapps/example/form-password-challengeid-3.html @@ -0,0 +1,93 @@ + + + + + + + + + + + Sign in - Google Accounts + + +
+
+
+
+
+ Google +
+
+
+
+

Welcome

+

+ +
+
+
+ +
+ + + + +
+
+
+
+ +
+
+
+
+
+
+ + +
+
+ +
+
+
+
+ +
+
+ +
+
+
+ +
+
+
+
+
+
+ + diff --git a/pkg/provider/googleapps/googleapps.go b/pkg/provider/googleapps/googleapps.go index 8409465c0..36a99f953 100644 --- a/pkg/provider/googleapps/googleapps.go +++ b/pkg/provider/googleapps/googleapps.go @@ -63,7 +63,14 @@ func (kc *Client) Authenticate(loginDetails *creds.LoginDetails) (string, error) // Post email address w/o password, then Get the password-input page passwordURL, passwordForm, err := kc.loadLoginPage(authURL+"?hl=en&loc=US", loginDetails.URL+"&hl=en&loc=US", authForm) if err != nil { - return "", errors.Wrap(err, "error loading login page") + //if failed, try with "identifier" + authForm.Set("Email", "") // Clear previous key + authForm.Set("identifier", loginDetails.Username) + passwordURL, passwordForm, err = kc.loadLoginPage(authURL+"?hl=en&loc=US", loginDetails.URL+"&hl=en&loc=US", authForm) + + if err != nil { + return "", errors.Wrap(err, "error loading login page") + } } logger.Debugf("loginURL: %s", passwordURL) @@ -311,11 +318,13 @@ func (kc *Client) loadChallengePage(submitURL string, referer string, authForm u secondFactorHeader := "This extra step shows it’s really you trying to sign in" secondFactorHeader2 := "This extra step shows that it’s really you trying to sign in" + secondFactorHeader3 := "2-Step Verification" secondFactorHeaderJp := "2 段階認証プロセス" // have we been asked for 2-Step Verification if extractNodeText(doc, "h2", secondFactorHeader) != "" || extractNodeText(doc, "h2", secondFactorHeader2) != "" || + extractNodeText(doc, "h1", secondFactorHeader3) != "" || extractNodeText(doc, "h1", secondFactorHeaderJp) != "" { responseForm, secondActionURL, err := extractInputsByFormID(doc, "challenge") @@ -326,7 +335,7 @@ func (kc *Client) loadChallengePage(submitURL string, referer string, authForm u logger.Debugf("secondActionURL: %s", secondActionURL) switch { - case strings.Contains(secondActionURL, "challenge/totp/"): // handle TOTP challenge + case strings.Contains(secondActionURL, "challenge/totp"): // handle TOTP challenge var token = loginDetails.MFAToken if token == "" { @@ -337,7 +346,7 @@ func (kc *Client) loadChallengePage(submitURL string, referer string, authForm u responseForm.Set("TrustDevice", "on") // Don't ask again on this computer return kc.loadResponsePage(secondActionURL, submitURL, responseForm) - case strings.Contains(secondActionURL, "challenge/ipp/"): // handle SMS challenge + case strings.Contains(secondActionURL, "challenge/ipp"): // handle SMS challenge if extractNodeText(doc, "button", "Send text message") != "" { responseForm.Set("SendMethod", "SMS") // extractInputsByFormID does not extract the name and value from + +
+
+
+
+ +
+
+
+
+ +
+ Please enter the characters you see in the image above +
+
+
+
+ +
+ + + + + + + + + + + +
+

Not your computer? Use a private browsing window to sign in. Learn more about using Guest mode

+
+
+
+
+
+ +
+
+ + + + + + + + + diff --git a/pkg/provider/googleapps/googleapps.go b/pkg/provider/googleapps/googleapps.go index 36a99f953..4afb168f5 100644 --- a/pkg/provider/googleapps/googleapps.go +++ b/pkg/provider/googleapps/googleapps.go @@ -88,6 +88,7 @@ func (kc *Client) Authenticate(loginDetails *creds.LoginDetails) (string, error) captchaInputIds := []string{ "logincaptcha", "identifier-captcha-input", + "captchaimg", } var captchaFound *goquery.Selection @@ -103,6 +104,10 @@ func (kc *Client) Authenticate(loginDetails *creds.LoginDetails) (string, error) for captchaFound != nil && captchaFound.Length() > 0 { captchaImgDiv := responseDoc.Find(".captcha-img") + if captchaImgDiv != nil { + captchaImgDiv = responseDoc.Find("div[data-auto-init='CaptchaInput']") + captchaInputId = "ca" + } captchaPictureSrc, found := goquery.NewDocumentFromNode(captchaImgDiv.Children().Nodes[0]).Attr("src") if !found {