Last active
February 15, 2020 14:49
-
-
Save fotile96/9e45e5a504074499f1b59cf0a033dfa0 to your computer and use it in GitHub Desktop.
auth proxy worker source code
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| addEventListener('fetch', event => { | |
| let resp = new Response("", { | |
| status: 404, | |
| }); | |
| let request = event.request; | |
| let url = new URL(request.url); | |
| if (request.method == "POST" && url.pathname == "/sharepoint") | |
| resp = sharepoint_login(request); | |
| event.respondWith(resp); | |
| }) | |
| async function sharepoint_login(request) { | |
| let form = await request.formData(); | |
| if (form == null) | |
| return new Response("", {status: 400}); | |
| let refresh_token = form.get("refresh_token"); | |
| if (refresh_token == null) | |
| return new Response("", {status: 400}); | |
| let json = JSON.parse(refresh_token) || {}; | |
| let { username, password, tenant, site_url } = json; | |
| if (username == null || password == null || tenant == null || site_url == null) | |
| return new Response("", {status: 401}); | |
| let sts_body = `<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" | |
| xmlns:a="http://www.w3.org/2005/08/addressing" | |
| xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> | |
| <s:Header> | |
| <a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action> | |
| <a:ReplyTo> | |
| <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address> | |
| </a:ReplyTo> | |
| <a:To s:mustUnderstand="1">https://login.microsoftonline.com/extSTS.srf</a:To> | |
| <o:Security s:mustUnderstand="1" | |
| xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> | |
| <o:UsernameToken> | |
| <o:Username>${username}</o:Username> | |
| <o:Password>${password}</o:Password> | |
| </o:UsernameToken> | |
| </o:Security> | |
| </s:Header> | |
| <s:Body> | |
| <t:RequestSecurityToken xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust"> | |
| <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> | |
| <a:EndpointReference> | |
| <a:Address>https://${tenant}/</a:Address> | |
| </a:EndpointReference> | |
| </wsp:AppliesTo> | |
| <t:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</t:KeyType> | |
| <t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType> | |
| <t:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType> | |
| </t:RequestSecurityToken> | |
| </s:Body> | |
| </s:Envelope>`; | |
| let sts_resp = await fetch("https://login.microsoftonline.com/extSTS.srf", { | |
| body: sts_body, | |
| method: "POST", | |
| headers: { | |
| 'User-Agent': 'PostmanRuntime/7.22.0', | |
| } | |
| }); | |
| if (sts_resp == null) | |
| return new Response("", {status: 500}); | |
| if (sts_resp.status != 200) | |
| return new Response("", {status: 401}); | |
| let sts_text = await sts_resp.text(); | |
| if (sts_text == null) | |
| return new Response("", {status: 500}); | |
| let bin_token = null; | |
| try { | |
| bin_token = sts_text.split('<wsse:BinarySecurityToken Id="Compact0" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">')[1].split('&')[0]; | |
| } catch(e) {} | |
| if (bin_token == null) | |
| return new Response("", {status: 401}); | |
| let signin_resp = await fetch(/*`https://${tenant}/_forms/default.aspx?wa=wsignin1.0`*/`https://${tenant}/_vti_bin/idcrl.svc`, { | |
| //body: bin_token, | |
| method: "GET", | |
| headers: { | |
| 'User-Agent': 'PostmanRuntime/7.22.0', | |
| 'Referer': `https://${tenant}/_forms/default.aspx?wa=wsignin1.0`, | |
| 'Authorization': 'BPOSIDCRL ' + bin_token | |
| } | |
| }); | |
| if (signin_resp == null) | |
| return new Response("", {status: 500}); | |
| /*return new Response(signin_resp.body, { | |
| status: signin_resp.status, | |
| headers: new Headers(signin_resp.headers) | |
| })*/ | |
| if (signin_resp.status != 200) | |
| return new Response("", {status: 401}); | |
| let set_cookie = signin_resp.headers.get('set-cookie'); | |
| if (set_cookie == null) | |
| return new Response("", {status: 500}); | |
| let res_cookie = ''; | |
| let a = set_cookie.split(', '); | |
| a.forEach((x) => { | |
| res_cookie += (res_cookie == '' ? '' : '&') + x.split(';')[0]; | |
| }); | |
| let ctxinfo_resp = await fetch(`${site_url}/_api/contextinfo`, { | |
| method: "POST", | |
| headers: { | |
| 'Cookie': res_cookie, | |
| 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36' | |
| } | |
| }); | |
| if (ctxinfo_resp == null) | |
| return new Response("", {status: 500}); | |
| if (ctxinfo_resp.status != 200) | |
| return new Response("", {status: 401}); | |
| let ctxinfo_text = await ctxinfo_resp.text(); | |
| if (ctxinfo_text == null) | |
| return new Response("", {status: 500}); | |
| let digest = null; | |
| try { | |
| digest = ctxinfo_text.split('<d:FormDigestValue>')[1].split('</d:FormDigestValue>')[0]; | |
| } catch(e) {} | |
| if (digest == null) | |
| return new Response("", {status: 401}); | |
| let res_headers = { | |
| 'Cookie': res_cookie, | |
| 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36', | |
| 'X-RequestDigest': digest | |
| }; | |
| let res = { | |
| access_token: JSON.stringify(res_headers), | |
| token_type: 'headers', | |
| expires_in: 1700 | |
| }; | |
| return new Response(JSON.stringify(res), { | |
| status: 200, | |
| headers:{ | |
| 'Content-Type': 'application/json' | |
| } | |
| }); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment