Skip to content
Snippets Groups Projects
Commit 47220e85 authored by Marco Malavolti's avatar Marco Malavolti
Browse files

Improved ECCS by fixing <iframe> check

parent 44c0d48c
No related branches found
No related tags found
No related merge requests found
...@@ -48,11 +48,11 @@ ECCS_SPS = [ ...@@ -48,11 +48,11 @@ ECCS_SPS = [
ROBOTS_USER_AGENT = "ECCS/2.0 (+https://technical.edugain.org/eccs)" ROBOTS_USER_AGENT = "ECCS/2.0 (+https://technical.edugain.org/eccs)"
# PATTERNS # PATTERNS
JAVASCRIPT = "x-my-okta-version" JAVASCRIPT = '"x-my-okta-version"'
IDPERROR = "error.has.occurred|error.occurred|Error.when.processing.authentication.request|The.system.encountered.an.error|Internal.Server.Error|403.Forbidden|Service.Unavailable|InvalidProfileConfiguration|Unexpected.System.Error|404.not.found|404.-.not.found|OpenAthens:.404|On.tapahtunut.virhe|Unhandled.exception|Bad.Gateway|Page.Not.Found|Δεν.επιτρέπεται.η.πρόσβαση|temporary.error|temporarily.unavailable|License.error|n'est.pas.gérée" IDPERROR = "error\s(has\s)?occur(r)?ed|Error\swhen\sprocessing\s(the\s)?authentication\srequest|The.(server|system).encountered.an.error|Internal.Server.Error|403.Forbidden|Service.Unavailable|InvalidProfileConfiguration|Unexpected.System.Error|404\s(.\s)?[Nn]ot.[Ff]ound|OpenAthens:.404|On.tapahtunut.virhe|Unhandled.exception|Bad.Gateway|Page.Not.Found|Δεν.επιτρέπεται.η.πρόσβαση|temporary\s(unavailable|error).?|License.error|n'est.pas.gérée|Invalid.Request|Erreur.!|Please.report.this.error.to|该网站无法访问"
METADATAPATTERN = "Unable.to.locate(\sissuer.in|).metadata(\sfor|)|no.metadata.found|profile.is.not.configured.for.relying.party|Cannot.locate.entity|fail.to.load.unknown.provider|does.not.recognise.the.service|unable.to.load.provider|Nous.n'avons.pas.pu.(charg|charger).le.fournisseur.de service|Metadata.not.found|application.you.have.accessed.is.not.registered.for.use.with.this.service|Message.did.not.meet.security.requirements|Unsupported.Request|Not.Authorized|METADATANOTFOUND|Unknown.login.requester|is.unspecified.or.unsupported|Unknown.service.provider|Richiesta.non.supportata|Metadati.non.trovati|untrusted.provider|Unregistered.Service|Unsupported.request|UNHANDLEDEXCEPTION|Metadata.*.expired|Could.not.find.any.*.metadata.*.for|不支持的请求|l'application.n'est.pas.enregistrée|Requisição.não.suportada|トされていないリクエスト|is.not.allowed|Authorization.Failure|Pedido.não.suportado" METADATAPATTERN = "Unable.to.locate(\sissuer.in|).metadata(\sfor|)|no.metadata.found|profile.is.not.configured.for.relying.party|Cannot.locate.entity|fail.to.load.unknown.provider|does.not.recognise.the.service|unable.to.load.provider|Nous.n'avons.pas.pu.(charg|charger).le.fournisseur.de service|Metadata.not.found|application.you.have.accessed.is.not.registered.for.use.with.this.service|Message.did.not.meet.security.requirements|Unsupported.Request|Not.Authorized|METADATANOTFOUND|Unknown.login.requester|is.unspecified.or.unsupported|Unknown.service.provider|Richiesta.non.supportata|Metadati.non.trovati|untrusted.provider|Unregistered.Service|Unsupported.request|UNHANDLEDEXCEPTION|Metadata.*.expired|Could.not.find.any.*.metadata.*.for|不支持的请求|l'application.n'est.pas.enregistrée|Requisição.não.suportada|トされていないリクエスト|is.not.allowed|Authorization.Failure|Pedido.não.suportado|Nicht.unterstützte.Anfrage"
PASSWORDPATTERN = '<input[\s]+[^>]*(type=\s*[\'"]password[\'"]|password)[^>]*>' PASSWORDPATTERN = '<input[\s]+[^>]*(type=\s*[\'"]password[\'"]|password)[^>]*>'
REFUSEDPATTERN = '(^http)(.*\.png$)|(.*\.css$)|(.*\.js$)|(.*\.gif$)|(.*\.svg$)|(.*\.jpg$)' USERNAMEPATTERN = '<input[\s]+[^>]*((type=\s*[\'"](text|email)[\'"]|user)|(name=\s*[\'"](name)[\'"]))[^>]*>'
# { 'reg_auth':'reason' } # { 'reg_auth':'reason' }
FEDS_DISABLED_DICT = { FEDS_DISABLED_DICT = {
......
...@@ -200,9 +200,6 @@ def follow_all_nested_iframes(driver): ...@@ -200,9 +200,6 @@ def follow_all_nested_iframes(driver):
# ECCS Check made by Selenium # ECCS Check made by Selenium
def check_idp_response_selenium(sp,idp,test): def check_idp_response_selenium(sp,idp,test):
# Disable SSL requests warning messages
#requests.packages.urllib3.disable_warnings()
# Common variables # Common variables
fqdn_idp = get_label(idp['Location']) fqdn_idp = get_label(idp['Location'])
wayfless_url = f"{sp}{idp['entityID']}" wayfless_url = f"{sp}{idp['entityID']}"
...@@ -301,14 +298,18 @@ def check_idp_response_selenium(sp,idp,test): ...@@ -301,14 +298,18 @@ def check_idp_response_selenium(sp,idp,test):
# If meet <iframe> follow all iframes # If meet <iframe> follow all iframes
if ('<iframe' in driver.page_source): if ('<iframe' in driver.page_source):
follow_all_nested_iframes(driver) pwd_regexp = e_p.PASSWORDPATTERN
pwd_found = re.search(pwd_regexp,driver.page_source, re.I)
if (not pwd_found):
follow_all_nested_iframes(driver)
load_js = re.search(e_p.JAVASCRIPT, driver.page_source, re.I) load_js = re.search(e_p.JAVASCRIPT, driver.page_source, re.I)
if (load_js): if (load_js):
driver.refresh() driver.refresh()
input_xpath = '//input[@type="password"]|//input[@type="Password"]|//input[@type="text"]|//input[@type="email"]|//input[@type="user"]|//input[@name="name"]'
WebDriverWait(driver, e_p.ECCS_SELENIUMPAGELOADTIMEOUT).until( WebDriverWait(driver, e_p.ECCS_SELENIUMPAGELOADTIMEOUT).until(
EC.presence_of_element_located((By.XPATH,'//input[@type="password"]|//input[@type="Password"]')) EC.presence_of_element_located((By.XPATH,input_xpath))
) )
if (test): pgsrc = f"\n[WAYFLESS_URL]\n{wayfless_url} - OK" if (test): pgsrc = f"\n[WAYFLESS_URL]\n{wayfless_url} - OK"
...@@ -322,7 +323,8 @@ def check_idp_response_selenium(sp,idp,test): ...@@ -322,7 +323,8 @@ def check_idp_response_selenium(sp,idp,test):
metadata_not_found = re.search(e_p.METADATAPATTERN,driver.page_source, re.I) metadata_not_found = re.search(e_p.METADATAPATTERN,driver.page_source, re.I)
try: try:
input_password_found = driver.find_element(By.XPATH,'//input[@type="password"]|//input[@type="Password"]') input_xpath = '//input[@type="password"]|//input[@type="Password"]|//input[@type="text"]|//input[@type="email"]|//input[@type="user"]|//input[@name="name"]'
input_password_found = driver.find_element(By.XPATH, input_xpath)
except NoSuchElementException as e: except NoSuchElementException as e:
# This IF is for those IdP that doesn't consuming the eduGAIN metadata and reaching Timeout # This IF is for those IdP that doesn't consuming the eduGAIN metadata and reaching Timeout
...@@ -353,7 +355,7 @@ def check_idp_response_selenium(sp,idp,test): ...@@ -353,7 +355,7 @@ def check_idp_response_selenium(sp,idp,test):
pass # ignore all requests exceptions pass # ignore all requests exceptions
if (driver.page_source != "<html><head></head><body></body></html>"): if (driver.page_source != "<html><head></head><body></body></html>"):
if (test): pgsrc = f"\n[PAGE_SOURCE]\n{driver.page_source}\nInvalid-Form: No valid login form found in {e_p.ECCS_SELENIUMPAGELOADTIMEOUT} seconds" if (test): pgsrc = f"\n[PAGE_SOURCE]\n{driver.page_source}\nInvalid-Form: No valid login form found in {e_p.ECCS_SELENIUMPAGELOADTIMEOUT} seconds."
else: pgsrc = f"<h1>Invalid Form: no valid login form found in {e_p.ECCS_SELENIUMPAGELOADTIMEOUT} seconds</h1><h2>PAGE SOURCE:</h2><br/>{driver.page_source}" else: pgsrc = f"<h1>Invalid Form: no valid login form found in {e_p.ECCS_SELENIUMPAGELOADTIMEOUT} seconds</h1><h2>PAGE SOURCE:</h2><br/>{driver.page_source}"
stored = store_page_source(pgsrc,idp,sp,test) stored = store_page_source(pgsrc,idp,sp,test)
if (stored): if (stored):
...@@ -364,6 +366,7 @@ def check_idp_response_selenium(sp,idp,test): ...@@ -364,6 +366,7 @@ def check_idp_response_selenium(sp,idp,test):
stored = store_page_source(pgsrc,idp,sp,test) stored = store_page_source(pgsrc,idp,sp,test)
if (stored): if (stored):
return (idp['entityID'],wayfless_url,check_time,"Timeout",webdriver_error) return (idp['entityID'],wayfless_url,check_time,"Timeout",webdriver_error)
# Exceptions that are not "NoSuchElementExceptions"
except e: except e:
if (test): pgsrc = f"\n[PAGE_SOURCE]\n{driver.page_source}\nTimeout: No valid login form loaded in {e_p.ECCS_SELENIUMPAGELOADTIMEOUT} seconds." if (test): pgsrc = f"\n[PAGE_SOURCE]\n{driver.page_source}\nTimeout: No valid login form loaded in {e_p.ECCS_SELENIUMPAGELOADTIMEOUT} seconds."
else: pgsrc = driver.page_source else: pgsrc = driver.page_source
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment