EasierConnect icon indicating copy to clipboard operation
EasierConnect copied to clipboard

Published 20 hours ago verified publisher icon lyc8503

支持短信验证 Add support to SMS auth.

Open RadixIsatidis opened this issue 2 years ago • 5 comments

When run with a server force auth using SMS, it output

Login Request: https://***/por/login_auth.csp?apiversion=1
Twf Id: ***
RSA Key: ***
RSA Exp: ***
WARNING: No CSRF Code Match. Maybe you're connecting to an older server? Continue anyway...
Password to encrypt: ***
Encrypted Password: ***
Login Request: https://***/por/login_psw.csp?anti_replay=1&encrypt=1&type=cs
goroutine 1 [running]:
runtime/debug.Stack()
	runtime/debug/stack.go:24 +0x64
runtime/debug.PrintStack()
	runtime/debug/stack.go:16 +0x1c
EasierConnect/core.WebLogin({0x1400012c0c0?, 0x2?}, {0x16f3bf5ed, 0xe}, {0x16f3bf606, 0x9})
	EasierConnect/core/web_login.go:137 +0x11cc
EasierConnect/core.(*EasyConnectClient).Login(0x1400019fee8, {0x16f3bf5ed?, 0x1400013de88?}, {0x16f3bf606?, 0x2?})
	EasierConnect/core/EasyConnectClient.go:35 +0xac
main.main()
	EasierConnect/main.go:38 +0x540
Not implemented auth: <?xml version="1.0" encoding="utf-8"?><Auth><Result>2</Result> <EnableMAM>0</EnableMAM><SuportMDM>0</SuportMDM><CurAuth>1</CurAuth><NextAuth>2</NextAuth><AuthInfo><![CDATA[]]></AuthInfo><Note><![CDATA[]]></Note><ChallengeMsg><![CDATA[]]></ChallengeMsg><SmsIsStillValid>1</SmsIsStillValid><Phone><![CDATA[***]]></Phone><CurPhone><![CDATA[]]></CurPhone></Auth>

which look like not support SMS auth.

Please add support to SMS auth, it will extremely helpful.

RadixIsatidis avatar Jan 24 '23 17:01 RadixIsatidis

In fact I have implemented it before, but you're using a different server version (Maybe 7.6.3) whose return value is different in details. I will try to support it in next version.

lyc8503 avatar Jan 24 '23 17:01 lyc8503

Please try https://github.com/lyc8503/EasierConnect/releases/tag/TestBuild12

lyc8503 avatar Jan 25 '23 09:01 lyc8503

Please try https://github.com/lyc8503/EasierConnect/releases/tag/TestBuild12

Now, I receive SMS and it output

...
Login Request: https://***/por/login_psw.csp?anti_replay=1&encrypt=1&type=cs
SMS code required.
SMS Request: https://***/por/login_sms.csp?apiversion=1
goroutine 1 [running]:
runtime/debug.Stack()
	runtime/debug/stack.go:24 +0x64
runtime/debug.PrintStack()
	runtime/debug/stack.go:16 +0x1c
EasierConnect/core.WebLogin({0x140000aa0c0?, 0x2?}, {0x16d1e75ed, 0xe}, {0x16d1e7606, 0x9})
	EasierConnect/core/web_login.go:125 +0xecc
EasierConnect/core.(*EasyConnectClient).Login(0x1400019fee8, {0x16d1e75ed?, 0x140000bbe88?}, {0x16d1e7606?, 0x2?})
	EasierConnect/core/EasyConnectClient.go:35 +0xac
main.main()
	EasierConnect/main.go:39 +0x540
2023/01/26 08:54:16 unexpected sms resp:

plus an HTML page, which can submit SMS code or resend SMS.

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title></title>
<link type="text/css" rel="stylesheet" href="/com/css/common.css" />
<script src="/com/common.js" type="text/javascript"></script>
<script src="/com/ajax_req.js" type="text/javascript"></script>
</head>
<NOSCRIPT>
Your browser does not support JavaScript (or it is blocked). Please check your browser settings and make sure it supports JavaScript.
</NOSCRIPT>
<body onLoad="init()">
<span id="titleInnerHTML" style="display: none;">短信认证</span>
<div class="container">
	<div id="setsms" class="sms">
		<div class="content">
			<h2 _html="短信认证"></h2>
			<form id="form1" name="form1" method="post" action="login_sms1.csp">
				<p id="smsInfo" class="sms_errorinfo" style="display:none"></p>
				<p><span style="color:#FF0000"></span></p>
				<div _html="请输入验证码:"></div>
				<div>
					<input id="svpn_inputsms" name="svpn_inputsms" type="text" class="text_field" maxlength="6" autocomplete="off"/>
					<span class="btnBorder"><input name="Submit" type="submit" class="btn" _value="确定"/></span>
				</div>
				<div style="display:none;" id="tipsInfo" class="error"></div>
				<p>&nbsp;</p>
				<div class="Mbox">
				<p _html="没有收到短信?请尝试重新发送"></p>
				<p><span class="btnBorder"><input type="button" id="sendSms" class="btn" onclick="reSendSms(this)" _value="重新发送"></span></p>
				</div>
			</form>
		</div>
	</div>
</div>
<script type="text/javascript">

var g_ErrorInfo = "";
var g_smsinfo = "";
var g_DisableTime = "29";
var phone = "***";
var g_DisableFormat = tr("({0}秒后)重新发送");
function init()
{
	showInfo("smsInfo",tr("验证码已发送到手机:")+phone);
	document.getElementById("svpn_inputsms").focus();
	tickSendSms();

	if(g_ErrorInfo != "")
	{
		showInfo("tipsInfo", g_ErrorInfo);
	}
	else if(g_smsinfo != "")
	{
		showInfo("tipsInfo", g_smsinfo);
	}
}

function tickSendSms()
{
	var totalTime = parseInt(g_DisableTime, 10)
	if(totalTime > 0){
		var count = 0;
		var button = $ID("sendSms");
		button.disabled = true;
		button.style.color = "gray";
		button.value = String.format(g_DisableFormat,totalTime);
		var timer = window.setInterval(function(){
			if(++count >= totalTime) {
				button.disabled = false;
				button.style.color = "#fff";
				window.clearInterval(timer);
				button.value = tr("重新发送");
			}else {
				if(totalTime-count > 0){
					button.value = String.format(g_DisableFormat, totalTime-count);
				}else{
					button.value = tr("重新发送");
				}
			}
		},1000);
	}
}

function reSendSms(obj)
{
	if(obj.disabled){
		return;
	}
	var result = "";
	try{
		result = post_http("/por/post_sms.csp",null);
	}catch(e){
		alert(e.description);
	}
	if(result == "0"){
		showInfo("smsInfo",tr("验证码已发送到手机:")+phone);
		hideInfo("tipsInfo");
		g_DisableTime = Cookie.getCookie("SMS_INTERVAL");
		tickSendSms();
		return;
	}
	if(result == "1"){
		showInfo("tipsInfo",tr("会话超时,请{0}重新登录{1}","<a href='index.csp'>",'</a>'));
		return;
	}
	if(result == "2"){
		showInfo("tipsInfo",tr("重新发送短信验证码出错!"));
		return;
	}
	if(result == "3"){
		showInfo("tipsInfo",tr("用户尝试暴破登录,已被系统锁定!"));
		return;
	}
	if(result == "4"){
		showInfo("tipsInfo",tr("IP地址尝试暴破登录,已被系统锁定!"));
		return;
	}
	return;
}
function showInfo(tableID,info){
     var id=document.getElementById(tableID);
	 id.style.display="";
	 id.innerHTML=info;
}
function hideInfo(tableID){
     var id=document.getElementById(tableID);
	 id.style.display="none";
}

window.setLang();
</script>
</body>
</html>

RadixIsatidis avatar Jan 26 '23 01:01 RadixIsatidis

It's hard to implement it without seeing an actual/full login process, PR welcome if anyone using the specific version of server can analyze and implement it.

lyc8503 avatar Jan 26 '23 10:01 lyc8503

It's hard to implement it without seeing an actual/full login process, PR welcome if anyone using the specific version of server can analyze and implement it.

I read the code in core/web_login.go processing SMS auth. After requesting /por/login_sms.csp to require an SMS code, it should wait for user type in code, and after that, post svpn_inputsms={code} to /login_sms1.csp.

Golang is beyond my border, so that is all I can do.

RadixIsatidis avatar Jan 28 '23 03:01 RadixIsatidis