Commit ac28793c authored by aal's avatar aal
Browse files

websso hackserei

parent 401436d1
#!/usr/bin/env python3
from studsauger.studsauger import main
from studsauger.__main__ import main
main()
......@@ -19,7 +19,7 @@ setup(
},
entry_points={
'console_scripts': [
'studsauger = studsauger.studsauger:main'
'studsauger = studsauger:main'
]
}
)
# -*- codding: utf-8 -*-
import argparse
import os
from studsauger import mkdir, download, sso_login
from .studsauger import main
main()
def main(args=None):
try:
import keyring
except ImportError:
usekeyring = False
else:
usekeyring = True
parser = argparse.ArgumentParser()
parser.add_argument('-p', '--path', help='Pfad für lokalen Dateibaum')
parser.add_argument('-u', '--user', help='Stud.IP Benutzername')
parser.add_argument('-pw', '--password', help='Stud.IP Passwort')
parser.add_argument('-b', '--blacklist', help='Blacklist für Veranstaltungen, mehrmals angeben für mehrere Veranstaltungen', action='append')
parser.add_argument('-i', '--ignore', help='Blacklist für Dateinamen als regex')
parser.add_argument('-a', '--allsemesters', help='Alle Semester statt nur dem aktuellen', action="store_true")
parser.add_argument('-c', '--config',
help='JSON-Konfigurationsdatei, wird ohne Angabe in $XDG_CONFIG_HOME/studsauger/config.json oder $HOME/.config/studsauger/config.json gesucht')
args = parser.parse_args()
configpath = None
if args.config:
if os.path.isfile(args.config):
configpath = args.config
else:
print('Die Konfigurationsdatei "' + args.config + '" existiert nicht!')
exit(1)
elif 'XDG_CONFIG_HOME' in os.environ:
if os.path.isfile(os.environ['XDG_CONFIG_HOME'] + '/studsauger/config.json'):
configpath = os.environ['XDG_CONFIG_HOME'] + '/studsauger/config.json'
elif 'HOME' in os.environ:
if os.path.isfile(os.environ['HOME'] + '/.config/studsauger/config.json'):
configpath = os.environ['HOME'] + '/.config/studsauger/config.json'
if configpath:
with open(configpath, 'r') as stream:
config = json.load(stream)
else:
config = {}
if args.path:
path = args.path
elif 'path' in config:
path = config['path']
else:
print('Kein Pfad angegeben!')
exit(1)
if args.user:
user = args.user
elif 'user' in config:
user = config['user']
else:
print('Kein Benutzer angegeben!')
exit(1)
keyringpw = None
if usekeyring:
keyringpw = keyring.get_password('studsauger', user)
if keyringpw:
password = keyringpw
if args.password or 'password' in config:
print('Passwort für Benutzer "' + user + '" ist im Keyring und darf nicht angegeben werden!')
exit(1)
elif args.password:
password = args.password
elif 'password' in config:
password = config['password']
else:
print('Kein Passwort angegeben!')
exit(1)
if args.blacklist:
blacklist = args.blacklist
elif 'blacklist' in config:
blacklist = config['blacklist']
else:
blacklist = {}
if args.ignore:
ignore = args.ignore
elif 'ignore' in config:
ignore = config['ignore']
else:
ignore = None
if args.allsemesters:
allsemesters = True
elif 'allsemesters' in config:
allsemesters = config['allsemesters']
else:
allsemesters = False
mkdir(path)
sso_login(user, password)
main()
\ No newline at end of file
......@@ -6,7 +6,7 @@ terms of the Do What The Fuck You Want To Public License, Version 2, as
published by Sam Hocevar. See http://www.wtfpl.net/ for more details.
"""
import argparse
import json
import os
import re
......@@ -14,154 +14,86 @@ import shutil
import time
import requests
try:
import keyring
except ImportError:
usekeyring = False
else:
usekeyring = True
import lxml.html
BASEURL = 'https://studip.uni-hannover.de/api.php'
def main():
parser = argparse.ArgumentParser()
parser.add_argument('-p', '--path', help='Pfad für lokalen Dateibaum')
parser.add_argument('-u', '--user', help='Stud.IP Benutzername')
parser.add_argument('-pw', '--password', help='Stud.IP Passwort')
parser.add_argument('-b', '--blacklist', help='Blacklist für Veranstaltungen, mehrmals angeben für mehrere Veranstaltungen', action='append')
parser.add_argument('-i', '--ignore', help='Blacklist für Dateinamen als regex')
parser.add_argument('-a', '--allsemesters', help='Alle Semester statt nur dem aktuellen', action="store_true")
parser.add_argument('-c', '--config',
help='JSON-Konfigurationsdatei, wird ohne Angabe in $XDG_CONFIG_HOME/studsauger/config.json oder $HOME/.config/studsauger/config.json gesucht')
args = parser.parse_args()
configpath = None
if args.config:
if os.path.isfile(args.config):
configpath = args.config
else:
print('Die Konfigurationsdatei "' + args.config + '" existiert nicht!')
exit(1)
elif 'XDG_CONFIG_HOME' in os.environ:
if os.path.isfile(os.environ['XDG_CONFIG_HOME'] + '/studsauger/config.json'):
configpath = os.environ['XDG_CONFIG_HOME'] + '/studsauger/config.json'
elif 'HOME' in os.environ:
if os.path.isfile(os.environ['HOME'] + '/.config/studsauger/config.json'):
configpath = os.environ['HOME'] + '/.config/studsauger/config.json'
if configpath:
with open(configpath, 'r') as stream:
config = json.load(stream)
else:
config = {}
if args.path:
path = args.path
elif 'path' in config:
path = config['path']
else:
print('Kein Pfad angegeben!')
exit(1)
if args.user:
user = args.user
elif 'user' in config:
user = config['user']
else:
print('Kein Benutzer angegeben!')
exit(1)
keyringpw = None
if usekeyring:
keyringpw = keyring.get_password('studsauger', user)
if keyringpw:
password = keyringpw
if args.password or 'password' in config:
print('Passwort für Benutzer "' + user + '" ist im Keyring und darf nicht angegeben werden!')
exit(1)
elif args.password:
password = args.password
elif 'password' in config:
password = config['password']
else:
print('Kein Passwort angegeben!')
exit(1)
if args.blacklist:
blacklist = args.blacklist
elif 'blacklist' in config:
blacklist = config['blacklist']
else:
blacklist = {}
if args.ignore:
ignore = args.ignore
elif 'ignore' in config:
ignore = config['ignore']
else:
ignore = None
if args.allsemesters:
allsemesters = True
elif 'allsemesters' in config:
allsemesters = config['allsemesters']
else:
allsemesters = False
mkdir(path)
session = requests.Session()
session.auth = (user, password)
json_user = session.get(BASEURL + '/user').json()
json_semesters = session.get(BASEURL + '/semesters', params='limit=1000').json()
json_courses = session.get(BASEURL + '/user/' + json_user['user_id'] + '/courses', params='limit=1000').json()
if not allsemesters:
latest = None
unixnow = int(time.time())
for key, semester in json_semesters['collection'].items():
if unixnow >= semester['begin'] and unixnow <= semester['end']:
latest = key
break
if not latest:
print('Aktuelles Semester nicht gefunden')
exit(1)
if os.path.isfile(path + '/.database.json'):
with open(path + '/.database.json', 'r') as databasefile:
database = json.load(databasefile)
else:
database = {}
for key, course in json_courses['collection'].items():
if not allsemesters and course['start_semester'] != latest:
continue
if course['title'] in blacklist:
continue
print('=== ' + course['title'] + ' ===')
mkdir(path + '/' + course['title'].replace('/', '_'))
json_files = session.get(BASEURL + '/course/' + course['course_id'] + '/files', params='limit=1000').json()
for key, file in json_files['collection'].items():
if not file['documents']:
continue
for key, document in file['documents'].items():
if re.match(ignore, document['filename']):
continue
date = ''
if document['file_id'] in database:
if database[document['file_id']] == document['chdate']:
continue
else:
date = document['chdate']
database[document['file_id']] = document['chdate']
print(document['filename'] + str(date))
target = path + '/' + course['title'].replace('/', '_') + '/' + document['filename'] + str(date)
download = session.get(BASEURL + '/file/' + document['file_id'] + '/content', stream=True)
with open(target, 'wb') as downloadfile:
download.raw.decode_content = True
shutil.copyfileobj(download.raw, downloadfile)
with open(path + '/.database.json', 'w') as databasefile:
json.dump(database, databasefile, indent=4)
LOGIN_URL = "https://studip.uni-hannover.de/Shibboleth.sso/Login?target=https%3A%2F%2Fstudip.uni-hannover.de%2Findex.php%3Fagain%3Dyes%26sso%3Dshib"
SAML_URL = "https://studip.uni-hannover.de/Shibboleth.sso/SAML2/POST"
def sso_login(username, password):
# Start session and get login form.
with requests.session() as session:
session.auth = (username, password)
login = session.get(LOGIN_URL)
form = {'j_username': username, 'j_password': password}
response = session.post(login.url, data=form)
SAML_html = lxml.html.fromstring(response.text)
hidden_inputs = SAML_html.xpath(r'//form//input[@type="hidden"]')
form2 = {x.attrib["name"]: x.attrib["value"] for x in hidden_inputs}
response2 = session.post(SAML_URL, data=form2)
print(session.cookies)
# print(response2.text)
print(session.get(BASEURL + '/user').text)
def download():
with requests.Session() as session:
session.auth = (user, password)
# json_user = session.get(BASEURL + '/user').json()
print(session.get(BASEURL + '/user').request.headers)
# json_semesters = session.get(BASEURL + '/semesters', params='limit=1000').json()
# json_courses = session.get(BASEURL + '/user/' + json_user['user_id'] + '/courses', params='limit=1000').json()
#
# if not allsemesters:
# latest = None
# unixnow = int(time.time())
# for key, semester in json_semesters['collection'].items():
# if unixnow >= semester['begin'] and unixnow <= semester['end']:
# latest = key
# break
# if not latest:
# print('Aktuelles Semester nicht gefunden')
# exit(1)
#
# if os.path.isfile(path + '/.database.json'):
# with open(path + '/.database.json', 'r') as databasefile:
# database = json.load(databasefile)
# else:
# database = {}
#
# for key, course in json_courses['collection'].items():
# if not allsemesters and course['start_semester'] != latest:
# continue
# if course['title'] in blacklist:
# continue
# print('=== ' + course['title'] + ' ===')
# mkdir(path + '/' + course['title'].replace('/', '_'))
# json_files = session.get(BASEURL + '/course/' + course['course_id'] + '/files', params='limit=1000').json()
# for key, file in json_files['collection'].items():
# if not file['documents']:
# continue
# for key, document in file['documents'].items():
# if re.match(ignore, document['filename']):
# continue
# date = ''
# if document['file_id'] in database:
# if database[document['file_id']] == document['chdate']:
# continue
# else:
# date = document['chdate']
# database[document['file_id']] = document['chdate']
# print(document['filename'] + str(date))
# target = path + '/' + course['title'].replace('/', '_') + '/' + document['filename'] + str(date)
# download = session.get(BASEURL + '/file/' + document['file_id'] + '/content', stream=True)
# with open(target, 'wb') as downloadfile:
# download.raw.decode_content = True
# shutil.copyfileobj(download.raw, downloadfile)
#
# with open(path + '/.database.json', 'w') as databasefile:
# json.dump(database, databasefile, indent=4)
#
#
def mkdir(directory):
if not os.path.exists(directory):
os.makedirs(directory)
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment