nojhan/weboob-devel
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

break the fucking new protection made by faggots of Banque Populaire

Browse source
This commit is contained in:
Romain Bignon 2014-12-14 16:57:36 +01:00
commit 7660666d23
2 changed files with 31 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
modules/banquepopulaire/browser.py
View file

@ -97,6 +97,7 @@ class BanquePopulaire(Browser):
self.select_form(nr=0) self.select_form(nr=0)
self.set_all_readonly(False) self.set_all_readonly(False)
self['dialogActionPerformed'] = 'EQUIPEMENT_COMPLET' self['dialogActionPerformed'] = 'EQUIPEMENT_COMPLET'
self['token'] = self.page.build_token(self['token'])
self.submit() self.submit()
def get_accounts_list(self): def get_accounts_list(self):
@ -112,6 +113,7 @@ class BanquePopulaire(Browser):
if not self.is_on_page(AccountsPage): if not self.is_on_page(AccountsPage):
self.go_on_accounts_list() self.go_on_accounts_list()
next_page['token'] = self.page.build_token(self.page.get_token())
self.location('/cyber/internet/ContinueTask.do', urllib.urlencode(next_page)) self.location('/cyber/internet/ContinueTask.do', urllib.urlencode(next_page))
for a in self.page.iter_accounts(): for a in self.page.iter_accounts():
@ -137,6 +139,8 @@ class BanquePopulaire(Browser):
if params is None: if params is None:
return return
params['token'] = self.page.build_token(params['token'])
self.location('/cyber/internet/ContinueTask.do', urllib.urlencode(params)) self.location('/cyber/internet/ContinueTask.do', urllib.urlencode(params))
self.token = self.page.get_token() self.token = self.page.get_token()
@ -147,6 +151,7 @@ class BanquePopulaire(Browser):
if len(self.page.document.xpath('//a[@id="tcl4_srt"]')) > 0: if len(self.page.document.xpath('//a[@id="tcl4_srt"]')) > 0:
self.select_form(predicate=lambda form: form.attrs.get('id', '') == 'myForm') self.select_form(predicate=lambda form: form.attrs.get('id', '') == 'myForm')
self.form.action = self.absurl('/cyber/internet/Sort.do?property=tbl1&sortBlocId=blc2&columnName=dateValeur') self.form.action = self.absurl('/cyber/internet/Sort.do?property=tbl1&sortBlocId=blc2&columnName=dateValeur')
params['token'] = self.page.build_token(params['token'])
self.submit() self.submit()
while True: while True:

26
modules/banquepopulaire/pages.py
View file

@ -60,6 +60,32 @@ class BasePage(_BasePage):
def get_token(self): def get_token(self):
return self.parser.select(self.document.getroot(), '//form//input[@name="token"]', 1, 'xpath').attrib['value'] return self.parser.select(self.document.getroot(), '//form//input[@name="token"]', 1, 'xpath').attrib['value']
def build_token(self, token):
"""
These fucking faggots have introduced a new protection on the token.
Each time there is a call to SAB (selectActionButton), the token
available in the form is modified with a key available in JS:
ipsff(function(){TW().ipthk([12, 25, 17, 5, 23, 26, 15, 30, 6]);});
Each value of the array is an index for the current token to append the
char at this position at the end of the token.
"""
table = None
for script in self.document.xpath('//script'):
if script.text is None:
continue
m = re.search(r'ipthk\(([^\)]+)\)', script.text, flags=re.MULTILINE)
if m:
table = json.loads(m.group(1))
if table is None:
return token
for i in table:
token += token[i]
return token
class RedirectPage(BasePage): class RedirectPage(BasePage):
""" """