Add login for guest account (#72)

ning-y · indocomsoft · commit 614fa629bc2e · 2018-06-29T00:38:59.000+08:00
* Add module to sign in as guest account

* Update README with instructions for GUEST_*

* Refactor with review comments

* Make less verbose
diff --git a/.env.example b/.env.example
@@ -18,3 +18,7 @@ CADET_WEBPACK_ENTRY=app
 
 # IVLE LAPI Key
 IVLE_KEY=your_ivle_lapi_key
+
+# Guest account details for Cadet.Public.Updater
+GUEST_USERNAME=guest_account_username
+GUEST_PASSWORD=guest_account_password
diff --git a/README.md b/README.md
@@ -32,6 +32,8 @@ a recompilation with `mix clean && mix`.
 
     IVLE_KEY=your_ivle_lapi_key
 
+If available, also replace the values for GUEST\_USER and GUEST\_PASSWORD
+
 Run the server in your local machine
 
     mix cadet.server
diff --git a/lib/cadet/public/updater.ex b/lib/cadet/public/updater.ex
@@ -0,0 +1,75 @@
+defmodule Cadet.Public.Updater do
+  @moduledoc """
+  Represents a guest account in the CS1101S IVLE module. The guest account
+  allows us to programmatically access the IVLE module contents, such as
+  announcements and files.
+
+  The credentials for the guest account are defined in the `.env` file.
+  """
+  @api_key Dotenv.load().values["IVLE_KEY"]
+  @api_url "https://ivle.nus.edu.sg"
+  @api_url_login @api_url |> URI.merge("api/login/?apikey=#{@api_key}&url=_") |> URI.to_string()
+  @username Dotenv.load().values["GUEST_USERNAME"]
+  @password Dotenv.load().values["GUEST_PASSWORD"]
+
+  @doc """
+  Get an authentication token for the guest account.
+
+  1. `get_browser_session` is a GET to obtain information representing a
+    browser session
+  2. Login credentials and information from (1) are sent via POST. IVLE responds
+    with a 302.
+  3. The location returned in (2) is visited with a GET. Again, IVLE responds
+    with a 302. This time, an authentication token is embedded in the location,
+    which is extracted with `Regex`.
+  """
+  def get_token do
+    session = get_browser_session()
+    http_opts = [hackney: [cookie: session.cookie, follow_redirect: false]]
+    form = [userid: @username, password: @password, __VIEWSTATE: session.viewstate]
+
+    location =
+      @api_url_login
+      |> HTTPoison.post!({:form, form}, %{}, http_opts)
+      |> get_redirect_path()
+
+    @api_url
+    |> URI.merge(location)
+    |> URI.to_string()
+    |> HTTPoison.get!(%{}, http_opts)
+    |> get_redirect_path()
+    |> URI.parse()
+    |> Map.get(:query)
+    |> URI.query_decoder()
+    |> Enum.into(%{})
+    |> Map.get("token")
+  end
+
+  # A browser session is identified by the cookie with key ASP.NET_SessionId
+  # Additionally, the POST login form requires a field named __VIEWSTATE that is
+  # embedded in the html (in an input tag). Therefore, a function
+  # `get_browser_session` is defined to return %{:cookie, :viewstate}
+  defp get_browser_session do
+    response = HTTPoison.get!(@api_url_login)
+
+    viewstate =
+      response.body
+      |> Floki.find("input#__VIEWSTATE")
+      |> Floki.attribute("value")
+      |> List.first()
+
+    cookie =
+      response.headers
+      |> Enum.into(%{})
+      |> Map.get("Set-Cookie")
+
+    %{:cookie => cookie, :viewstate => viewstate}
+  end
+
+  # Extracts the location of a 302 redirect from a %HTTPoison.Response
+  defp get_redirect_path(response) do
+    response.headers
+    |> Enum.into(%{})
+    |> Map.get("Location")
+  end
+end
diff --git a/mix.exs b/mix.exs
@@ -48,6 +48,7 @@ defmodule Cadet.Mixfile do
       {:ecto_enum, "~> 1.0"},
       {:ex_json_schema, "~> 0.5"},
       {:ex_machina, "~> 2.1"},
+      {:floki, "~> 0.20.0"},
       {:gettext, "~> 0.11"},
       {:guardian, "~> 1.0"},
       {:guardian_db, "~> 1.0"},
diff --git a/mix.lock b/mix.lock
@@ -23,11 +23,13 @@
   "exjsx": {:hex, :exjsx, "4.0.0", "60548841e0212df401e38e63c0078ec57b33e7ea49b032c796ccad8cde794b5c", [:mix], [{:jsx, "~> 2.8.0", [hex: :jsx, repo: "hexpm", optional: false]}], "hexpm"},
   "exvcr": {:hex, :exvcr, "0.10.2", "a66a0fa86d03153e5c21e38b1320d10b537038d7bc7b10dcc1ab7f0343569822", [:mix], [{:exactor, "~> 2.2", [hex: :exactor, repo: "hexpm", optional: false]}, {:exjsx, "~> 4.0", [hex: :exjsx, repo: "hexpm", optional: false]}, {:httpoison, "~> 1.0", [hex: :httpoison, repo: "hexpm", optional: true]}, {:httpotion, "~> 3.1", [hex: :httpotion, repo: "hexpm", optional: true]}, {:ibrowse, "~> 4.4", [hex: :ibrowse, repo: "hexpm", optional: true]}, {:meck, "~> 0.8", [hex: :meck, repo: "hexpm", optional: false]}], "hexpm"},
   "file_system": {:hex, :file_system, "0.2.5", "a3060f063b116daf56c044c273f65202e36f75ec42e678dc10653056d3366054", [:mix], [], "hexpm"},
+  "floki": {:hex, :floki, "0.20.3", "dfb3a71eb99938e330b4156433d55c6d0b188d936c9683d115a8540bac56e019", [:mix], [{:html_entities, "~> 0.4.0", [hex: :html_entities, repo: "hexpm", optional: false]}, {:mochiweb, "~> 2.15", [hex: :mochiweb, repo: "hexpm", optional: false]}], "hexpm"},
   "gettext": {:hex, :gettext, "0.15.0", "40a2b8ce33a80ced7727e36768499fc9286881c43ebafccae6bab731e2b2b8ce", [:mix], [], "hexpm"},
   "git_hooks": {:hex, :git_hooks, "0.2.0", "3e437954b8dd8d63c723c25b6ae412766ad957a628d2c0aa3fd58cdf941c66c9", [:mix], [{:blankable, "~> 0.0.1", [hex: :blankable, repo: "hexpm", optional: false]}, {:recase, "~> 0.2", [hex: :recase, repo: "hexpm", optional: false]}], "hexpm"},
   "guardian": {:hex, :guardian, "1.1.0", "36c1ea356a1bac02bc120c3f91f4f0259c5aa0ee92cee0efe8def5d7401f1921", [:mix], [{:jose, "~> 1.8", [hex: :jose, repo: "hexpm", optional: false]}, {:phoenix, "~> 1.0 or ~> 1.2 or ~> 1.3", [hex: :phoenix, repo: "hexpm", optional: true]}, {:plug, "~> 1.3.3 or ~> 1.4", [hex: :plug, repo: "hexpm", optional: true]}, {:poison, "~> 2.2 or ~> 3.0", [hex: :poison, repo: "hexpm", optional: false]}, {:uuid, ">= 1.1.1", [hex: :uuid, repo: "hexpm", optional: false]}], "hexpm"},
   "guardian_db": {:hex, :guardian_db, "1.1.0", "45ab94206cce38f7443dc27de6dc52966ccbdeff65ca1b1f11a6d8f3daceb556", [:mix], [{:ecto, "~> 2.2", [hex: :ecto, repo: "hexpm", optional: false]}, {:guardian, "~> 1.0", [hex: :guardian, repo: "hexpm", optional: false]}, {:postgrex, "~> 0.13", [hex: :postgrex, repo: "hexpm", optional: true]}], "hexpm"},
   "hackney": {:hex, :hackney, "1.13.0", "24edc8cd2b28e1c652593833862435c80661834f6c9344e84b6a2255e7aeef03", [:rebar3], [{:certifi, "2.3.1", [hex: :certifi, repo: "hexpm", optional: false]}, {:idna, "5.1.2", [hex: :idna, repo: "hexpm", optional: false]}, {:metrics, "1.0.1", [hex: :metrics, repo: "hexpm", optional: false]}, {:mimerl, "1.0.2", [hex: :mimerl, repo: "hexpm", optional: false]}, {:ssl_verify_fun, "1.1.1", [hex: :ssl_verify_fun, repo: "hexpm", optional: false]}], "hexpm"},
+  "html_entities": {:hex, :html_entities, "0.4.0", "f2fee876858cf6aaa9db608820a3209e45a087c5177332799592142b50e89a6b", [:mix], [], "hexpm"},
   "httpoison": {:hex, :httpoison, "1.2.0", "2702ed3da5fd7a8130fc34b11965c8cfa21ade2f232c00b42d96d4967c39a3a3", [:mix], [{:hackney, "~> 1.8", [hex: :hackney, repo: "hexpm", optional: false]}], "hexpm"},
   "idna": {:hex, :idna, "5.1.2", "e21cb58a09f0228a9e0b95eaa1217f1bcfc31a1aaa6e1fdf2f53a33f7dbd9494", [:rebar3], [{:unicode_util_compat, "0.3.1", [hex: :unicode_util_compat, repo: "hexpm", optional: false]}], "hexpm"},
   "jason": {:hex, :jason, "1.0.0", "0f7cfa9bdb23fed721ec05419bcee2b2c21a77e926bce0deda029b5adc716fe2", [:mix], [{:decimal, "~> 1.0", [hex: :decimal, repo: "hexpm", optional: true]}], "hexpm"},
@@ -37,6 +39,7 @@
   "metrics": {:hex, :metrics, "1.0.1", "25f094dea2cda98213cecc3aeff09e940299d950904393b2a29d191c346a8486", [:rebar3], [], "hexpm"},
   "mime": {:hex, :mime, "1.3.0", "5e8d45a39e95c650900d03f897fbf99ae04f60ab1daa4a34c7a20a5151b7a5fe", [:mix], [], "hexpm"},
   "mimerl": {:hex, :mimerl, "1.0.2", "993f9b0e084083405ed8252b99460c4f0563e41729ab42d9074fd5e52439be88", [:rebar3], [], "hexpm"},
+  "mochiweb": {:hex, :mochiweb, "2.15.0", "e1daac474df07651e5d17cc1e642c4069c7850dc4508d3db7263a0651330aacc", [:rebar3], [], "hexpm"},
   "parse_trans": {:hex, :parse_trans, "3.2.0", "2adfa4daf80c14dc36f522cf190eb5c4ee3e28008fc6394397c16f62a26258c2", [:rebar3], [], "hexpm"},
   "pbkdf2_elixir": {:hex, :pbkdf2_elixir, "0.12.3", "6706a148809a29c306062862c803406e88f048277f6e85b68faf73291e820b84", [:mix], [], "hexpm"},
   "phoenix": {:hex, :phoenix, "1.3.3", "bafb5fa408d202e8d9f739e781bdb908446a2c1c1e00797c1158918ed55566a4", [:mix], [{:cowboy, "~> 1.0", [hex: :cowboy, repo: "hexpm", optional: true]}, {:phoenix_pubsub, "~> 1.0", [hex: :phoenix_pubsub, repo: "hexpm", optional: false]}, {:plug, "~> 1.3.3 or ~> 1.4", [hex: :plug, repo: "hexpm", optional: false]}, {:poison, "~> 2.2 or ~> 3.0", [hex: :poison, repo: "hexpm", optional: false]}], "hexpm"},
diff --git a/test/cadet/public/updater_test.exs b/test/cadet/public/updater_test.exs
@@ -0,0 +1,34 @@
+defmodule Cadet.Public.UpdaterTest do
+  @moduledoc """
+  This test module uses pre-recoreded HTTP responses saved by ExVCR. This
+  allows testing without actual external IVLE API calls.
+
+  In the case that you need to change the recorded responses, you will need
+  to set the environment variables IVLE_KEY, GUEST_USERNAME, and GUEST_PASSWORD.
+  Don't forget to delete the cassette files, otherwise ExVCR will not override
+  the cassettes.
+
+  Token refers to the user's authentication token. Please see the IVLE API docs:
+  https://wiki.nus.edu.sg/display/ivlelapi/Getting+Started
+  To quickly obtain a token, simply supply a dummy url to a login call:
+      https://ivle.nus.edu.sg/api/login/?apikey=YOUR_API_KEY&url=http://localhost
+  then copy down the token from your browser's address bar.
+  """
+
+  use ExUnit.Case, async: false
+  use ExVCR.Mock, adapter: ExVCR.Adapter.Hackney
+
+  alias Cadet.Public.Updater
+
+  setup_all do
+    HTTPoison.start()
+  end
+
+  test "Get authentication token" do
+    # a custom cassette is used, as body of 302 redirects expose the api key
+    use_cassette "updater/get_token#1", custom: true do
+      token = Updater.get_token()
+      assert String.length(token) == 480
+    end
+  end
+end
diff --git a/test/fixtures/custom_cassettes/updater/get_token#1.json b/test/fixtures/custom_cassettes/updater/get_token#1.json
@@ -0,0 +1,89 @@
+[
+  {
+    "request": {
+      "body": "",
+      "headers": [],
+      "method": "get",
+      "options": [],
+      "request_body": "",
+      "url": "~r/https://ivle.nus.edu.sg/api/login/\?apikey=.*/"
+    },
+    "response": {
+      "binary": false,
+      "body": "\r\n\r\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\r\n\r\n<html xmlns=\"http://www.w3.org/1999/xhtml\">\r\n<head><title>\r\n\tLogin | IVLE\r\n</title><meta name=\"viewport\" content=\"width=device-width, initial-scale=1, maximum-scale=1\" /></head>\r\n<body>\r\n<!-- Header -->\r\n    <table border=\"0\" style=\"background: #4F4E52;color: White; font-weight:bold\" width=\"100%\" cellpadding=\"8\" cellspacing=\"8\">\r\n        <tr><td width=\"*\">Access to IVLE requested</td>\r\n        <!-- <td width=\"20px\"><a onclick=\"parent.ivle_close();\" title=\"Close\">[X]</a></td> -->\r\n        </tr>\r\n    </table>\r\n    <form name=\"frm\" method=\"post\" action=\"./?apikey=0&amp;url=_\" id=\"frm\">\r\n<input type=\"hidden\" name=\"__VIEWSTATE\" id=\"__VIEWSTATE\" value=\"/wEPDwULLTEzODMyMDQxNjEPFgIeE1ZhbGlkYXRlUmVxdWVzdE1vZGUCARYCAgEPZBYEAgEPD2QWAh4Gb25ibHVyBQ91c2VySWRUb1VwcGVyKClkAgkPD2QWBB4Lb25tb3VzZW92ZXIFNWRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdsb2dpbmltZzEnKS5zcmM9b2ZmaW1nLnNyYzE7Hgpvbm1vdXNlb3V0BTRkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnbG9naW5pbWcxJykuc3JjPW9uaW1nLnNyYzE7ZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUJbG9naW5pbWcxYTg4Q/LO3lNCB13iJpTeINmF1JQmGv61ni1TVgDIOII=\" />\r\n\r\n<input type=\"hidden\" name=\"__VIEWSTATEGENERATOR\" id=\"__VIEWSTATEGENERATOR\" value=\"B0AF59B8\" />\r\n    <table border=\"0\">\r\n    <tr valign=\"top\"><td>UserID</td><td>:</td><td> <input name=\"userid\" type=\"text\" maxlength=\"30\" id=\"userid\" onblur=\"userIdToUpper()\" />\r\n                                                  </td></tr>\r\n    <tr valign=\"top\"><td>Password</td><td>:</td><td><input name=\"password\" type=\"password\" maxlength=\"100\" id=\"password\" />\r\n                                                  </td></tr>\r\n                                                  <tr valign=\"top\"><td colspan=\"3\">\r\n <input type=\"image\" name=\"loginimg1\" id=\"loginimg1\" onmouseover=\"document.getElementById(&#39;loginimg1&#39;).src=offimg.src1;\" onmouseout=\"document.getElementById(&#39;loginimg1&#39;).src=onimg.src1;\" src=\"/images/login.gif\" onclick=\"javascript:WebForm_DoPostBackWithOptions(new WebForm_PostBackOptions(&quot;loginimg1&quot;, &quot;&quot;, true, &quot;login&quot;, &quot;&quot;, false, false))\" border=\"0\" />\r\n                                                  <br />\r\n                                                  \r\n                                                  \r\n                                                  </td></tr>\r\n    </table>\r\n    </form>\r\n    <script language=\"javascript\">\r\n        var onimg = new Image();\r\n        var offimg = new Image();\r\n        onimg.src = \"/images/enter_new.gif\"; offimg.src = \"/images/enter_h_new.gif\";\r\n        onimg.src1 = \"/images/login.gif\"; offimg.src1 = \"/images/login_h.gif\";\r\n\r\n        function userIdToUpper() {\r\n            var txt = document.getElementById(\"userid\");\r\n            txt.value = txt.value.toUpperCase();\r\n        }    \r\n    </script>\r\n</body>\r\n</html>\r\n",
+      "headers": {
+        "Cache-Control": "private",
+        "Content-Type": "text/html; charset=utf-8",
+        "Server": "Microsoft-IIS/8.5",
+        "Request-Context": "appId=cid-v1:9bebd252-0be2-48b7-a1db-8e2b70524944",
+        "Set-Cookie": "ASP.NET_SessionId=mfczcakb4tjhejtzq53h2r0h; path=/; HttpOnly",
+        "X-AspNet-Version": "4.0.30319",
+        "X-Powered-By": "ASP.NET",
+        "Date": "Mon, 25 Jun 2018 07:57:27 GMT",
+        "Content-Length": "2942"
+      },
+      "status_code": 200,
+      "type": "ok"
+    }
+  },
+  {
+    "request": {
+      "body": "~r/.*/",
+      "headers": [],
+      "method": "post",
+      "options": {
+        "cookie": "ASP.NET_SessionId=mfczcakb4tjhejtzq53h2r0h; path=/; HttpOnly",
+        "follow_redirect": "false"
+      },
+      "request_body": "",
+      "url": "~r/https://ivle.nus.edu.sg/api/login/.*/"
+    },
+    "response": {
+      "binary": false,
+      "body": "<html><head><title>Object moved</title></head><body>\r\n<h2>Object moved to <a href=\"/api/login/login_result.ashx?apikey=0;url=_&amp;r=0\">here</a>.</h2>\r\n</body></html>\r\n",
+      "headers": {
+        "Cache-Control": "private",
+        "Content-Type": "text/html; charset=utf-8",
+        "Location": "/api/login/login_result.ashx?apikey=0&url=_&r=0",
+        "Server": "Microsoft-IIS/8.5",
+        "Request-Context": "appId=cid-v1:9bebd252-0be2-48b7-a1db-8e2b70524944",
+        "X-AspNet-Version": "4.0.30319",
+        "X-Powered-By": "ASP.NET",
+        "Date": "Mon, 25 Jun 2018 07:57:27 GMT",
+        "Content-Length": "192"
+      },
+      "status_code": 302,
+      "type": "ok"
+    }
+  },
+  {
+    "request": {
+      "body": "",
+      "headers": [],
+      "method": "get",
+      "options": {
+        "cookie": "ASP.NET_SessionId=mfczcakb4tjhejtzq53h2r0h; path=/; HttpOnly",
+        "follow_redirect": "false"
+      },
+      "request_body": "",
+      "url": "~r/https://ivle.nus.edu.sg/api/login/login_result.*/"
+    },
+    "response": {
+      "binary": false,
+      "body": "<html><head><title>Object moved</title></head><body>\r\n<h2>Object moved to <a href=\"/api/login/_?token=2F2EAA5F146E57D90A682A3F656A94923051CEBABB1BBA8934C7A2EBC03B2DDEFC9919B4F1DB5406949894A3E07332E5DF9391345449D593C67D7888C1FC0BA8F6D2BF74198B0E8C0376CF222892BD3CD324702BC7D80E9A8D7D66A0E01307D9E0F934FBABE12480B809932670F598D9BCD7054D25579A9EEDCA93F26F4FDAFF5233A0495F0FB17A918CA246E61851EC1D383758401F44C4310A188F7816D675582F3B3478A6AADF0497393BE9222CCFD343A7C372736976438178162E2AB1CF8278F64DBD0FD83AFA29B07238CB826FC28A0FFEBEF35B08EF764B9370CC259590575589CC7319E8A00A04070928E70D\">here</a>.</h2>\r\n</body></html>\r\n",
+      "headers": {
+        "Cache-Control": "private",
+        "Content-Type": "text/html; charset=utf-8",
+        "Location": "/api/login/_?token=2F2EAA5F146E57D90A682A3F656A94923051CEBABB1BBA8934C7A2EBC03B2DDEFC9919B4F1DB5406949894A3E07332E5DF9391345449D593C67D7888C1FC0BA8F6D2BF74198B0E8C0376CF222892BD3CD324702BC7D80E9A8D7D66A0E01307D9E0F934FBABE12480B809932670F598D9BCD7054D25579A9EEDCA93F26F4FDAFF5233A0495F0FB17A918CA246E61851EC1D383758401F44C4310A188F7816D675582F3B3478A6AADF0497393BE9222CCFD343A7C372736976438178162E2AB1CF8278F64DBD0FD83AFA29B07238CB826FC28A0FFEBEF35B08EF764B9370CC259590575589CC7319E8A00A04070928E70D",
+        "Server": "Microsoft-IIS/8.5",
+        "Request-Context": "appId=cid-v1:9bebd252-0be2-48b7-a1db-8e2b70524944",
+        "X-AspNet-Version": "4.0.30319",
+        "X-Powered-By": "ASP.NET",
+        "Date": "Mon, 25 Jun 2018 07:57:27 GMT",
+        "Content-Length": "616"
+      },
+      "status_code": 302,
+      "type": "ok"
+    }
+  }
+]
