senec 0.21.0 → 0.22.1

data/lib/senec/cloud/connection.rb

@@ -1,4 +1,5 @@
 require 'oauth2'
+require 'rotp'
 
 module Senec
   module Cloud
@@ -16,13 +17,14 @@ module Senec
     class Connection
       DEFAULT_USER_AGENT = "ruby-senec/#{Senec::VERSION} (+https://github.com/solectrus/senec)".freeze
 
-      def initialize(username:, password:, user_agent: DEFAULT_USER_AGENT)
+      def initialize(username:, password:, user_agent: DEFAULT_USER_AGENT, totp_uri: nil)
         @username = username
         @password = password
         @user_agent = user_agent
+        @totp_uri = totp_uri
       end
 
-      attr_reader :username, :password, :user_agent
+      attr_reader :username, :password, :user_agent, :totp_uri
 
       def authenticate!
         code_verifier = SecureRandom.alphanumeric(43)
@@ -81,30 +83,36 @@ module Senec
       def fetch_login_form_url(auth_url)
         response = http_request(:get, auth_url)
         store_cookies(response) # Required for Keycloak CSRF protection
-        extract_form_action_url(response.body)
+        extract_login_form_action_url(response.body) || raise('Login form not found')
       end
 
-      def extract_form_action_url(html)
-        forms = html.scan(%r{<form[^>]*action="([^"]+)"[^>]*>(.*?)</form>}mi)
-
-        forms.each do |action_url, form_content|
-          has_username = form_content.match(/name=["']?username["']?/i)
-          has_password = form_content.match(/name=["']?password["']?/i)
+      def submit_credentials(form_url)
+        credentials = { username:, password: }
+        response = http_request(:post, form_url, data: credentials)
 
-          return CGI.unescapeHTML(action_url) if has_username && has_password
+        if response.status == 200
+          # Check if MFA is required
+          if (totp_form_url = extract_totp_form_action_url(response.body))
+            unless totp_uri
+              raise 'MFA required but no TOTP URI provided'
+            end
+
+            response = submit_totp_form(totp_form_url)
+          else
+            # No OTP form found, assume login failed
+            raise 'Login failed - invalid credentials or unexpected response'
+          end
         end
 
-        # :nocov:
-        raise 'Login form not found'
-        # :nocov:
+        # Handle final redirect (same for both MFA and non-MFA flows)
+        handle_redirect_response(response)
       end
 
-      def submit_credentials(form_url)
-        credentials = { username:, password: }
-        response = http_request(:post, form_url, data: credentials)
-        raise 'Login failed' unless response.status == 302
+      def submit_totp_form(form_url)
+        totp = build_totp_from_uri(totp_uri)
 
-        response.headers['location'] || raise('No redirect location')
+        totp_data = { otp: totp.now }
+        http_request(:post, form_url, data: totp_data)
       end
 
       def extract_authorization_code(redirect_url)
@@ -116,48 +124,88 @@ module Senec
         params['code'] || raise('No authorization code found')
       end
 
-      def ensure_token_valid
+      def extract_login_form_action_url(html)
+        find_form_action_url(html) do |form|
+          # Look for a form with username and password fields
+          form.match(/name=["']?username["']?/i) &&
+            form.match(/name=["']?password["']?/i)
+        end
+      end
+
+      def extract_totp_form_action_url(html)
+        find_form_action_url(html) do |form|
+          # Look for a form with an OTP field
+          form.match(/name=["']?otp["']?/i)
+        end
+      end
+
+      def find_form_action_url(html)
+        forms = html.scan(%r{<form[^>]*action="([^"]+)"[^>]*>(.*?)</form>}mi)
+
+        forms.each do |action_url, form_content|
+          return CGI.unescapeHTML(action_url) if yield(form_content)
+        end
+
+        nil
+      end
+
+      def build_totp_from_uri(uri_string)
+        params = URI.decode_www_form(URI.parse(uri_string).query).to_h
+        secret = params['secret'] || raise('Missing secret in TOTP URI')
+
+        ROTP::TOTP.new(
+          secret,
+          digits: params['digits']&.to_i,
+          period: params['period']&.to_i,
+          algorithm: params['algorithm'],
+        )
+      end
+
+      def handle_redirect_response(response)
+        unless response.status == 302
+          raise "Authentication failed, got unexpected response: #{response.status} #{response.body}"
+        end
+
+        response.headers['location'] || raise('No redirect location')
+      end
+
+      def ensure_token_valid!
         authenticate! unless authenticated?
-        return true unless oauth_token.expired?
+        return unless oauth_token.expired?
 
         self.oauth_token = oauth_token.refresh!
-        true
       rescue StandardError => e
-        # :nocov:
-        warn "Token refresh failed: #{e.message}"
-        false
-        # :nocov:
+        warn "Token refresh failed: #{e.message}, trying to re-authenticate..."
+
+        authenticate!
       end
 
-      def get(url, default: nil)
-        return default unless ensure_token_valid
+      def get(url)
+        ensure_token_valid!
 
         response = oauth_token.get(url)
-        return default unless response.status == 200
-
         JSON.parse(response.body)
       rescue StandardError => e
         # :nocov:
         warn "API error: #{e.message}"
-        default
+        nil
         # :nocov:
       end
 
-      def post(url, data, default: nil)
-        return default unless ensure_token_valid
+      def post(url, data)
+        ensure_token_valid!
 
         response = oauth_token.post(
           url,
           body: data.to_json,
           headers: { 'Content-Type' => 'application/json' },
         )
-        return default unless response.status == 200
 
         JSON.parse(response.body)
       rescue StandardError => e
         # :nocov:
         warn "API error: #{e.message}"
-        default
+        nil
         # :nocov:
       end
 

data/lib/senec/version.rb

@@ -1,3 +1,3 @@
 module Senec
-  VERSION = '0.21.0'.freeze
+  VERSION = '0.22.1'.freeze
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: senec
 version: !ruby/object:Gem::Version
-  version: 0.21.0
+  version: 0.22.1
 platform: ruby
 authors:
 - Georg Ledermann
@@ -65,6 +65,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: rotp
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Access your local SENEC Solar Battery Storage System
 email:
 - georg@ledermann.dev
@@ -150,6 +164,8 @@ files:
 - pkg/senec-0.19.0.gem
 - pkg/senec-0.2.0.gem
 - pkg/senec-0.20.0.gem
+- pkg/senec-0.21.0.gem
+- pkg/senec-0.22.0.gem
 - pkg/senec-0.3.0.gem
 - pkg/senec-0.4.0.gem
 - pkg/senec-0.5.0.gem