Skip to content

Hashed Password Usage #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Kab1r wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Hashed Password Usage #2

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
3ff2de2
modified use of hashed password
Kab1r Jul 3, 2019
9fbb54b
removed unnecessary parentheses
Kab1r Jul 3, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 11 additions & 24 deletions break/SchoolLoop/SchoolLoop.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -715,7 +715,7 @@ public class SchoolLoop: NSObject, NSSecureCoding {
/// any errors that occurred during the send.
public func sendLoopMail(with composedLoopMail: SchoolLoopComposedLoopMail, completion: ((_ error: SchoolLoopError) -> Void)?) {
let url = SchoolLoopConstants.loopMailSendURL(domainName: school.domainName)
var request = hashedAuthenticatedRequest(url: url)
var request = authenticatedRequest(url: url, httpMethod: "POST")
modify(&request, forSendingUsing: composedLoopMail)
let session = URLSession.shared
session.dataTask(with: request) { (data, response, error) in
Expand Down Expand Up @@ -809,7 +809,7 @@ public class SchoolLoop: NSObject, NSSecureCoding {
/// any errors that occurred during the fetch
public func getLocker(withPath path: String, completion: ((_ error: SchoolLoopError) -> Void)?) {
let url = SchoolLoopConstants.lockerURL(path: path, domainName: school.domainName, username: account.username)
let request = authenticatedRequest(url: url, httpMethod: "PROPFIND")
let request = authenticatedRequest(url: url, httpMethod: "PROPFIND", useRealPassword: true)
let session = URLSession.shared
session.dataTask(with: request) { (data, response, error) in
let httpResponse = response as? HTTPURLResponse
Expand Down Expand Up @@ -841,27 +841,10 @@ public class SchoolLoop: NSObject, NSSecureCoding {
/// - url: The URL to used for creation of the request
/// - httpMethod: The HTTP method used for the creation of the request
/// - Returns: An authenticated request with the current user's credentials
private func authenticatedRequest(url: URL, httpMethod: String = "GET") -> URLRequest {
private func authenticatedRequest(url: URL, httpMethod: String = "GET", useRealPassword: Bool = false) -> URLRequest {
let request = NSMutableURLRequest(url: url)
request.httpMethod = httpMethod
authenticate(request)
return request as URLRequest
}

/// Creates an hashed, authenticated request with the current user's
/// credentials, suitable for interaction with School Loop's POST API.
///
/// - Parameters:
/// - url: The URL to used for creation of the request
/// - httpMethod: The HTTP method used for the creation of the request
/// - Returns: An hashed, authenticated request with the current user's
/// credentials
private func hashedAuthenticatedRequest(url: URL, httpMethod: String = "POST") -> URLRequest {
let request = NSMutableURLRequest(url: url)
request.httpMethod = httpMethod
authenticate(request)
request.addValue("true", forHTTPHeaderField: "SL-HASH")
request.addValue(SchoolLoopConstants.devToken, forHTTPHeaderField: "SL-UUID")
authenticate(request, useRealPassword: useRealPassword)
return request as URLRequest
}

Expand All @@ -871,9 +854,13 @@ public class SchoolLoop: NSObject, NSSecureCoding {
///
/// - Parameters:
/// - request: The request to add authentication to
private func authenticate(_ request: NSMutableURLRequest) {
let base64String = Data("\(account.username):\(account.password)".utf8).base64EncodedString()
private func authenticate(_ request: NSMutableURLRequest, useRealPassword: Bool) {
let base64String = Data("\(account.username):\(useRealPassword ? account.password : account.hashedPassword)".utf8).base64EncodedString()
request.addValue("Basic \(base64String)", forHTTPHeaderField: "Authorization")
if !useRealPassword {
request.addValue("true", forHTTPHeaderField: "SL-HASH")
request.addValue(SchoolLoopConstants.devToken, forHTTPHeaderField: "SL-UUID")
}
}

/// Modifies a request for sending based on the specified composed LoopMail.
Expand All @@ -896,7 +883,7 @@ public class SchoolLoop: NSObject, NSSecureCoding {
/// request
/// - Returns: A request for the specified locker item
private func request(lockerItemPath path: String) -> URLRequest {
return authenticatedRequest(url: SchoolLoopConstants.lockerURL(path: path, domainName: school.domainName, username: account.username))
return authenticatedRequest(url: SchoolLoopConstants.lockerURL(path: path, domainName: school.domainName, username: account.username), useRealPassword: true)
}

// MARK: - Lookup methods
Expand Down
2 changes: 1 addition & 1 deletion break/SchoolLoop/SchoolLoopConstants.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ enum SchoolLoopConstants {
/// - Returns: A URL to the School Loop login endpoint with the specified
/// domain name
static func loginURL(domainName: String) -> URL {
return URL(string: "https://\(domainName)/mapi/login?version=\(version)&devToken=\(SchoolLoopConstants.devToken)&devOS=\(SchoolLoopConstants.devOS)&year=\(SchoolLoopConstants.year)".addingPercentEncoding(withAllowedCharacters: .urlQueryAllowed)!)!
return URL(string: "https://\(domainName)/mapi/login?version=\(version)&devToken=\(SchoolLoopConstants.devToken)&devOS=\(SchoolLoopConstants.devOS)&year=\(SchoolLoopConstants.year)&uuid=\(devToken)".addingPercentEncoding(withAllowedCharacters: .urlQueryAllowed)!)!
}

/// Creates a URL to the School Loop course endpoint with the specified
Expand Down