fix duplicate csrf value bug

letterboxd appears to now send multiple csrf set-cookie headers
one of which is empty. this means that we are now required to
check both of these to make sure we grab the correct one.
This commit is contained in:
Aaron Manning 2024-11-17 15:55:18 +11:00
parent d2978bb1c7
commit 5ac9cdb103

View File

@ -38,26 +38,28 @@ fn main() -> anyhow::Result<()> {
let args : Args = clap::Parser::parse(); let args : Args = clap::Parser::parse();
let client = reqwest::blocking::ClientBuilder::new() let client = reqwest::blocking::ClientBuilder::new()
// CSRF cookies and login cookies must be passed between requests for authentication to // CSRF cookies and login cookies must be passed between requests for
// succeed // authentication to succeed
.cookie_store(true) .cookie_store(true)
.build()?; .build()?;
let home_response = client.get("https://letterboxd.com") let home_response = client.get("https://letterboxd.com")
.header("user-agent", "Mozilla/5.0 (X11; Linux x86_64; rv:132.0) Gecko/20100101 Firefox/132.0")
.header("accept", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8")
.send()?; .send()?;
let home_cookies = home_response.headers() let home_cookies = home_response.headers()
.get("set-cookie") .get_all("set-cookie");
.context("did not recieve csrf cookie when making home page request")?
.to_str()
.context("cookie value could not be read as string")?;
let cookie = cookie::Cookie::parse(home_cookies).context("failed to parse cookie value")?; let mut csrf = None;
let csrf = if cookie.name() == "com.xk72.webparts.csrf" { for cookie in home_cookies {
cookie.value() if let Ok(cookie) = cookie.to_str() {
} else { let cookie = cookie::Cookie::parse(cookie).context("failed to parse cookie value")?;
anyhow::bail!("unexpected cookie from home page request") if cookie.name() == "com.xk72.webparts.csrf" && cookie.value() != "" {
}; csrf = Some(cookie.value().to_owned());
}
}
}
let login = Login { let login = Login {
username : &match args.username { username : &match args.username {
@ -79,7 +81,7 @@ fn main() -> anyhow::Result<()> {
} }
}, },
authentication_code : "", authentication_code : "",
csrf, csrf: &csrf.context("csrf cookie was not found when fetching homepage")?,
}; };
let login = serde_urlencoded::to_string(&login) let login = serde_urlencoded::to_string(&login)