Skip to content
This repository has been archived by the owner on Jul 30, 2024. It is now read-only.

支持短信验证 Add support to SMS auth. #15

Open
RadixIsatidis opened this issue Jan 24, 2023 · 5 comments
Open

支持短信验证 Add support to SMS auth. #15

RadixIsatidis opened this issue Jan 24, 2023 · 5 comments
Labels
bug Something isn't working help wanted Extra attention is needed

Comments

@RadixIsatidis
Copy link

When run with a server force auth using SMS, it output

Login Request: https://***/por/login_auth.csp?apiversion=1
Twf Id: ***
RSA Key: ***
RSA Exp: ***
WARNING: No CSRF Code Match. Maybe you're connecting to an older server? Continue anyway...
Password to encrypt: ***
Encrypted Password: ***
Login Request: https://***/por/login_psw.csp?anti_replay=1&encrypt=1&type=cs
goroutine 1 [running]:
runtime/debug.Stack()
	runtime/debug/stack.go:24 +0x64
runtime/debug.PrintStack()
	runtime/debug/stack.go:16 +0x1c
EasierConnect/core.WebLogin({0x1400012c0c0?, 0x2?}, {0x16f3bf5ed, 0xe}, {0x16f3bf606, 0x9})
	EasierConnect/core/web_login.go:137 +0x11cc
EasierConnect/core.(*EasyConnectClient).Login(0x1400019fee8, {0x16f3bf5ed?, 0x1400013de88?}, {0x16f3bf606?, 0x2?})
	EasierConnect/core/EasyConnectClient.go:35 +0xac
main.main()
	EasierConnect/main.go:38 +0x540
Not implemented auth: <?xml version="1.0" encoding="utf-8"?><Auth><Result>2</Result> <EnableMAM>0</EnableMAM><SuportMDM>0</SuportMDM><CurAuth>1</CurAuth><NextAuth>2</NextAuth><AuthInfo><![CDATA[]]></AuthInfo><Note><![CDATA[]]></Note><ChallengeMsg><![CDATA[]]></ChallengeMsg><SmsIsStillValid>1</SmsIsStillValid><Phone><![CDATA[***]]></Phone><CurPhone><![CDATA[]]></CurPhone></Auth>

which look like not support SMS auth.

Please add support to SMS auth, it will extremely helpful.

@lyc8503
Copy link
Owner

lyc8503 commented Jan 24, 2023

In fact I have implemented it before, but you're using a different server version (Maybe 7.6.3) whose return value is different in details.
I will try to support it in next version.

@lyc8503 lyc8503 added the bug Something isn't working label Jan 24, 2023
@lyc8503
Copy link
Owner

lyc8503 commented Jan 25, 2023

@RadixIsatidis
Copy link
Author

RadixIsatidis commented Jan 26, 2023

Please try https://github.com/lyc8503/EasierConnect/releases/tag/TestBuild12

Now, I receive SMS and it output

...
Login Request: https://***/por/login_psw.csp?anti_replay=1&encrypt=1&type=cs
SMS code required.
SMS Request: https://***/por/login_sms.csp?apiversion=1
goroutine 1 [running]:
runtime/debug.Stack()
	runtime/debug/stack.go:24 +0x64
runtime/debug.PrintStack()
	runtime/debug/stack.go:16 +0x1c
EasierConnect/core.WebLogin({0x140000aa0c0?, 0x2?}, {0x16d1e75ed, 0xe}, {0x16d1e7606, 0x9})
	EasierConnect/core/web_login.go:125 +0xecc
EasierConnect/core.(*EasyConnectClient).Login(0x1400019fee8, {0x16d1e75ed?, 0x140000bbe88?}, {0x16d1e7606?, 0x2?})
	EasierConnect/core/EasyConnectClient.go:35 +0xac
main.main()
	EasierConnect/main.go:39 +0x540
2023/01/26 08:54:16 unexpected sms resp:

plus an HTML page, which can submit SMS code or resend SMS.

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title></title>
<link type="text/css" rel="stylesheet" href="/com/css/common.css" />
<script src="/com/common.js" type="text/javascript"></script>
<script src="/com/ajax_req.js" type="text/javascript"></script>
</head>
<NOSCRIPT>
Your browser does not support JavaScript (or it is blocked). Please check your browser settings and make sure it supports JavaScript.
</NOSCRIPT>
<body onLoad="init()">
<span id="titleInnerHTML" style="display: none;">短信认证</span>
<div class="container">
	<div id="setsms" class="sms">
		<div class="content">
			<h2 _html="短信认证"></h2>
			<form id="form1" name="form1" method="post" action="login_sms1.csp">
				<p id="smsInfo" class="sms_errorinfo" style="display:none"></p>
				<p><span style="color:#FF0000"></span></p>
				<div _html="请输入验证码:"></div>
				<div>
					<input id="svpn_inputsms" name="svpn_inputsms" type="text" class="text_field" maxlength="6" autocomplete="off"/>
					<span class="btnBorder"><input name="Submit" type="submit" class="btn" _value="确定"/></span>
				</div>
				<div style="display:none;" id="tipsInfo" class="error"></div>
				<p>&nbsp;</p>
				<div class="Mbox">
				<p _html="没有收到短信?请尝试重新发送"></p>
				<p><span class="btnBorder"><input type="button" id="sendSms" class="btn" onclick="reSendSms(this)" _value="重新发送"></span></p>
				</div>
			</form>
		</div>
	</div>
</div>
<script type="text/javascript">

var g_ErrorInfo = "";
var g_smsinfo = "";
var g_DisableTime = "29";
var phone = "***";
var g_DisableFormat = tr("({0}秒后)重新发送");
function init()
{
	showInfo("smsInfo",tr("验证码已发送到手机:")+phone);
	document.getElementById("svpn_inputsms").focus();
	tickSendSms();

	if(g_ErrorInfo != "")
	{
		showInfo("tipsInfo", g_ErrorInfo);
	}
	else if(g_smsinfo != "")
	{
		showInfo("tipsInfo", g_smsinfo);
	}
}

function tickSendSms()
{
	var totalTime = parseInt(g_DisableTime, 10)
	if(totalTime > 0){
		var count = 0;
		var button = $ID("sendSms");
		button.disabled = true;
		button.style.color = "gray";
		button.value = String.format(g_DisableFormat,totalTime);
		var timer = window.setInterval(function(){
			if(++count >= totalTime) {
				button.disabled = false;
				button.style.color = "#fff";
				window.clearInterval(timer);
				button.value = tr("重新发送");
			}else {
				if(totalTime-count > 0){
					button.value = String.format(g_DisableFormat, totalTime-count);
				}else{
					button.value = tr("重新发送");
				}
			}
		},1000);
	}
}

function reSendSms(obj)
{
	if(obj.disabled){
		return;
	}
	var result = "";
	try{
		result = post_http("/por/post_sms.csp",null);
	}catch(e){
		alert(e.description);
	}
	if(result == "0"){
		showInfo("smsInfo",tr("验证码已发送到手机:")+phone);
		hideInfo("tipsInfo");
		g_DisableTime = Cookie.getCookie("SMS_INTERVAL");
		tickSendSms();
		return;
	}
	if(result == "1"){
		showInfo("tipsInfo",tr("会话超时,请{0}重新登录{1}","<a href='index.csp'>",'</a>'));
		return;
	}
	if(result == "2"){
		showInfo("tipsInfo",tr("重新发送短信验证码出错!"));
		return;
	}
	if(result == "3"){
		showInfo("tipsInfo",tr("用户尝试暴破登录,已被系统锁定!"));
		return;
	}
	if(result == "4"){
		showInfo("tipsInfo",tr("IP地址尝试暴破登录,已被系统锁定!"));
		return;
	}
	return;
}
function showInfo(tableID,info){
     var id=document.getElementById(tableID);
	 id.style.display="";
	 id.innerHTML=info;
}
function hideInfo(tableID){
     var id=document.getElementById(tableID);
	 id.style.display="none";
}

window.setLang();
</script>
</body>
</html>

@lyc8503
Copy link
Owner

lyc8503 commented Jan 26, 2023

It's hard to implement it without seeing an actual/full login process, PR welcome if anyone using the specific version of server can analyze and implement it.

@lyc8503 lyc8503 added the help wanted Extra attention is needed label Jan 26, 2023
@RadixIsatidis
Copy link
Author

It's hard to implement it without seeing an actual/full login process, PR welcome if anyone using the specific version of server can analyze and implement it.

I read the code in core/web_login.go processing SMS auth.
After requesting /por/login_sms.csp to require an SMS code, it should wait for user type in code, and after that, post svpn_inputsms={code} to /login_sms1.csp.

Golang is beyond my border, so that is all I can do.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
bug Something isn't working help wanted Extra attention is needed
Projects
None yet
Development

No branches or pull requests

2 participants