SEBWIN-469: Implemented workaround for user identifier retrieval via Moodle theme.

This commit is contained in:
Damian Büchel 2021-03-04 17:25:19 +01:00
parent 9f9f7c847d
commit 985f0a81f1

View file

@ -319,7 +319,7 @@ namespace SafeExamBrowser.Browser.Handlers
return false; return false;
} }
private bool TrySearchBySession(IRequest request, IResponse response) private void TrySearchBySession(IRequest request, IResponse response)
{ {
var cookies = response.Headers.GetValues("Set-Cookie"); var cookies = response.Headers.GetValues("Set-Cookie");
@ -328,48 +328,51 @@ namespace SafeExamBrowser.Browser.Handlers
var session = cookies.FirstOrDefault(c => c.Contains("MoodleSession")); var session = cookies.FirstOrDefault(c => c.Contains("MoodleSession"));
if (session != default(string)) if (session != default(string))
{
var requestUrl = request.Url;
Task.Run(async () =>
{ {
try try
{ {
var start = session.IndexOf("=") + 1; var start = session.IndexOf("=") + 1;
var end = session.IndexOf(";"); var end = session.IndexOf(";");
var value = session.Substring(start, end - start); var value = session.Substring(start, end - start);
var uri = new Uri(request.Url); var uri = new Uri(requestUrl);
var message = new HttpRequestMessage(HttpMethod.Get, $"{uri.Scheme}{Uri.SchemeDelimiter}{uri.Host}/user/view.php"); var message = new HttpRequestMessage(HttpMethod.Get, $"{uri.Scheme}{Uri.SchemeDelimiter}{uri.Host}/theme/boost_ethz/sebuser.php");
var task = Task.Run(async () =>
{
using (var handler = new HttpClientHandler { UseCookies = false }) using (var handler = new HttpClientHandler { UseCookies = false })
using (var client = new HttpClient(handler)) using (var client = new HttpClient(handler))
{ {
message.Headers.Add("Cookie", $"MoodleSession={value}"); message.Headers.Add("Cookie", $"MoodleSession={value}");
return await client.SendAsync(message); var result = await client.SendAsync(message);
}
});
var result = task.GetAwaiter().GetResult(); if (result.IsSuccessStatusCode)
var id = "id=";
if (result.RequestMessage.RequestUri.Query.Contains(id))
{ {
var index = result.RequestMessage.RequestUri.Query.IndexOf(id) + id.Length; var userId = await result.Content.ReadAsStringAsync();
var userId = result.RequestMessage.RequestUri.Query.Substring(index);
if (int.TryParse(userId, out var id) && id > 0)
{
#pragma warning disable CS4014
Task.Run(() => SessionIdentifierDetected?.Invoke(userId)); Task.Run(() => SessionIdentifierDetected?.Invoke(userId));
#pragma warning restore CS4014
logger.Info("Moodle session detected."); logger.Info("Moodle session detected.");
}
return true; }
else
{
logger.Error($"Failed to retrieve Moodle session identifier! Response: {result.StatusCode} {result.ReasonPhrase}");
}
} }
} }
catch (Exception e) catch (Exception e)
{ {
logger.Error("Failed to parse Moodle session identifier!", e); logger.Error("Failed to parse Moodle session identifier!", e);
} }
});
} }
} }
return false;
} }
} }
} }