finki-auth 2.0.0 → 3.0.0

package/README.md

@@ -1,18 +1,22 @@
 # FINKI Hub / FINKI Auth
 
-Node.js package for managing authentication and cookies for FCSE's services, built using [axios](https://github.com/axios/axios).
+Node.js package for managing authentication and cookies for FCSE's services.
 
 ## Features
 
 Currently supports the following services:
 
+- [Anketi](https://anketi.ukim.mk/)
 - [CAS](https://cas.finki.ukim.mk/)
+- [Consultations](https://consultations.finki.ukim.mk/)
 - [Courses](https://courses.finki.ukim.mk/)
 - [Diplomas](https://diplomski.finki.ukim.mk/)
-- [Old Courses](https://oldcourses.finki.ukim.mk/)
-- [Masters](https://magisterski.finki.ukim.mk/)
+- [GitLab](https://gitlab.finki.ukim.mk/)
+- [iKnow](https://www.iknow.ukim.mk/)
 - [Internships](https://internships.finki.ukim.mk/)
-- [Consultations](https://consultations.finki.ukim.mk/)
+- [Ispiti](https://ispiti.finki.ukim.mk/)
+- [Masters](https://magisterski.finki.ukim.mk/)
+- [Old Courses](https://oldcourses.finki.ukim.mk/)
 
 ## Installation
 
@@ -44,9 +48,9 @@ const cookies = await auth.getCookie(Service.COURSES);
 const cookieHeader = await auth.buildCookieHeader(Service.COURSES);
 
 // Check if the cookie is still valid, and if not, call `authenticate` again
-const isCookieValid = await auth.isCookieValid(Service.COURSES);
+const valid = await auth.isCookieValid(Service.COURSES);
 
-if (!isCookieValid) await auth.authenticate(Service.COURSES);
+if (!valid) await auth.authenticate(Service.COURSES);
 
 // There are also some utility functions available:
 const isCookieValidStandalone = await isCookieValid({

package/dist/authentication.d.ts

@@ -1,7 +1,6 @@
 import { Service } from './lib/Service.js';
 export declare class CasAuthentication {
     private readonly cookieJar;
-    private readonly fetchWithCookies;
     private readonly password;
     private readonly username;
     constructor({ password, username }: {
@@ -9,9 +8,16 @@ export declare class CasAuthentication {
         username: string;
     });
     private static readonly getFullLoginUrl;
+    private static readonly submitOidcFormPost;
     readonly authenticate: (service: Service) => Promise<void>;
     readonly buildCookieHeader: (service: Service) => Promise<string>;
     readonly getCookie: (service: Service) => Promise<import("tough-cookie").Cookie[]>;
     readonly isCookieValid: (service: Service) => Promise<boolean>;
+    private readonly authenticateAnketi;
+    private readonly authenticateCas;
+    private readonly authenticateGitlab;
+    private readonly authenticateIknow;
+    private readonly authenticateService;
     private readonly getFormData;
+    private readonly getGitlabFormData;
 }

package/dist/authentication.js

@@ -1,19 +1,17 @@
 import * as cheerio from 'cheerio';
 import makeFetchCookie from 'fetch-cookie';
 import { CookieJar } from 'tough-cookie';
-import { SERVICE_LOGIN_URLS, SERVICE_URLS } from './constants.js';
+import { ANKETI_SIGN_IN_URL, GITLAB_LDAP_CALLBACK_URL, IKNOW_CAS_SERVICE_URL, SERVICE_LOGIN_URLS, } from './constants.js';
 import { Service } from './lib/Service.js';
-import { getCookieValidity } from './utils.js';
+import { formatCookieHeader, getCookieValidity } from './utils.js';
 export class CasAuthentication {
     cookieJar;
-    fetchWithCookies;
     password;
     username;
     constructor({ password, username }) {
         this.username = username;
         this.password = password;
         this.cookieJar = new CookieJar();
-        this.fetchWithCookies = makeFetchCookie(fetch, this.cookieJar);
     }
     static getFullLoginUrl = (service) => {
         if (service === Service.CAS) {
@@ -21,33 +19,145 @@ export class CasAuthentication {
         }
         return `${SERVICE_LOGIN_URLS[Service.CAS]}?service=${encodeURIComponent(SERVICE_LOGIN_URLS[service])}`;
     };
-    authenticate = async (service) => {
-        const fullUrl = CasAuthentication.getFullLoginUrl(service);
-        const initialResponse = await this.fetchWithCookies(fullUrl);
-        const html = await initialResponse.text();
+    static submitOidcFormPost = async (fetchWithCookies, html) => {
         const $ = cheerio.load(html);
-        const urlSearchParams = this.getFormData($);
-        await this.fetchWithCookies(fullUrl, {
-            body: urlSearchParams,
+        const form = $('form[action*="/signin-oidc"]').first();
+        if (form.length === 0) {
+            return;
+        }
+        const action = form.attr('action');
+        if (!action) {
+            return;
+        }
+        const params = new URLSearchParams();
+        form.find('input[type="hidden"]').each((_i, input) => {
+            const name = $(input).attr('name');
+            const value = $(input).attr('value');
+            if (name) {
+                params.append(name, value ?? '');
+            }
+        });
+        const response = await fetchWithCookies(action, {
+            body: params,
             method: 'POST',
         });
+        await response.body?.cancel();
+    };
+    authenticate = async (service) => {
+        await this.authenticateService(service);
+        const cookies = await this.getCookie(service);
+        if (cookies.length === 0) {
+            throw new Error(`Authentication for "${service}" produced no cookies; the credentials may be invalid or the service may be unavailable`);
+        }
     };
     buildCookieHeader = async (service) => {
         const cookies = await this.getCookie(service);
-        return cookies.map(({ key, value }) => `${key}=${value}`).join('; ');
+        return formatCookieHeader(cookies);
     };
     getCookie = async (service) => {
         const serviceLoginUrl = SERVICE_LOGIN_URLS[service];
-        return await this.cookieJar.getCookies(serviceLoginUrl);
+        return this.cookieJar.getCookies(serviceLoginUrl);
     };
     isCookieValid = async (service) => {
-        const url = SERVICE_URLS[service];
+        const serviceLoginUrl = SERVICE_LOGIN_URLS[service];
         const cookies = await this.getCookie(service);
         const jar = new CookieJar();
         for (const cookie of cookies) {
-            await jar.setCookie(cookie, url);
+            await jar.setCookie(cookie, serviceLoginUrl);
         }
-        return await getCookieValidity({ cookieJar: jar, service });
+        return getCookieValidity({ cookieJar: jar, service });
+    };
+    authenticateAnketi = async () => {
+        const jar = new CookieJar();
+        const fetchWithCookies = makeFetchCookie(fetch, jar);
+        const casLoginUrl = `${SERVICE_LOGIN_URLS[Service.CAS]}?service=${encodeURIComponent(IKNOW_CAS_SERVICE_URL)}`;
+        const initialResponse = await fetchWithCookies(casLoginUrl);
+        const html = await initialResponse.text();
+        const $ = cheerio.load(html);
+        const urlSearchParams = this.getFormData($);
+        const postResponse = await fetchWithCookies(casLoginUrl, {
+            body: urlSearchParams,
+            method: 'POST',
+        });
+        await postResponse.body?.cancel();
+        const signInResponse = await fetchWithCookies(ANKETI_SIGN_IN_URL);
+        await CasAuthentication.submitOidcFormPost(fetchWithCookies, await signInResponse.text());
+        const serviceUrl = SERVICE_LOGIN_URLS[Service.ANKETI];
+        const serviceCookies = await jar.getCookies(serviceUrl);
+        for (const cookie of serviceCookies) {
+            await this.cookieJar.setCookie(cookie, serviceUrl);
+        }
+    };
+    authenticateCas = async (service) => {
+        const jar = new CookieJar();
+        const fetchWithCookies = makeFetchCookie(fetch, jar);
+        const casLoginUrl = CasAuthentication.getFullLoginUrl(service);
+        const initialResponse = await fetchWithCookies(casLoginUrl);
+        const html = await initialResponse.text();
+        const $ = cheerio.load(html);
+        const urlSearchParams = this.getFormData($);
+        const postResponse = await fetchWithCookies(casLoginUrl, {
+            body: urlSearchParams,
+            method: 'POST',
+        });
+        await postResponse.body?.cancel();
+        const serviceLoginUrl = SERVICE_LOGIN_URLS[service];
+        const serviceCookies = await jar.getCookies(serviceLoginUrl);
+        for (const cookie of serviceCookies) {
+            await this.cookieJar.setCookie(cookie, serviceLoginUrl);
+        }
+    };
+    authenticateGitlab = async () => {
+        const jar = new CookieJar();
+        const fetchWithCookies = makeFetchCookie(fetch, jar);
+        const signInUrl = SERVICE_LOGIN_URLS[Service.GITLAB];
+        const initialResponse = await fetchWithCookies(signInUrl);
+        const html = await initialResponse.text();
+        const $ = cheerio.load(html);
+        const urlSearchParams = this.getGitlabFormData($);
+        const postResponse = await fetchWithCookies(GITLAB_LDAP_CALLBACK_URL, {
+            body: urlSearchParams,
+            method: 'POST',
+        });
+        await postResponse.body?.cancel();
+        const serviceCookies = await jar.getCookies(signInUrl);
+        for (const cookie of serviceCookies) {
+            await this.cookieJar.setCookie(cookie, signInUrl);
+        }
+    };
+    authenticateIknow = async () => {
+        const jar = new CookieJar();
+        const fetchWithCookies = makeFetchCookie(fetch, jar);
+        const casLoginUrl = `${SERVICE_LOGIN_URLS[Service.CAS]}?service=${encodeURIComponent(IKNOW_CAS_SERVICE_URL)}`;
+        const initialResponse = await fetchWithCookies(casLoginUrl);
+        const html = await initialResponse.text();
+        const $ = cheerio.load(html);
+        const urlSearchParams = this.getFormData($);
+        const postResponse = await fetchWithCookies(casLoginUrl, {
+            body: urlSearchParams,
+            method: 'POST',
+        });
+        await CasAuthentication.submitOidcFormPost(fetchWithCookies, await postResponse.text());
+        const serviceUrl = SERVICE_LOGIN_URLS[Service.IKNOW];
+        const serviceCookies = await jar.getCookies(serviceUrl);
+        for (const cookie of serviceCookies) {
+            await this.cookieJar.setCookie(cookie, serviceUrl);
+        }
+    };
+    authenticateService = async (service) => {
+        if (service === Service.GITLAB) {
+            await this.authenticateGitlab();
+            return;
+        }
+        if (service === Service.IKNOW) {
+            await this.authenticateIknow();
+            return;
+        }
+        if (service === Service.ANKETI) {
+            await this.authenticateAnketi();
+            return;
+        }
+        await this.authenticateCas(service);
     };
     getFormData = ($) => {
         const urlSearchParams = new URLSearchParams();
@@ -63,4 +173,14 @@ export class CasAuthentication {
         urlSearchParams.append('submit', 'LOGIN');
         return urlSearchParams;
     };
+    getGitlabFormData = ($) => {
+        const urlSearchParams = new URLSearchParams();
+        const ldapForm = $('form[action="/users/auth/ldapmain/callback"]').first();
+        const authenticityToken = ldapForm.find('input[name="authenticity_token"]').attr('value') ?? '';
+        urlSearchParams.append('authenticity_token', authenticityToken);
+        urlSearchParams.append('username', this.username);
+        urlSearchParams.append('password', this.password);
+        urlSearchParams.append('remember_me', '0');
+        return urlSearchParams;
+    };
 }

package/dist/constants.d.ts

@@ -1,27 +1,42 @@
 export declare const SERVICE_URLS: {
+    readonly anketi: "https://anketi.ukim.mk";
     readonly cas: "https://cas.finki.ukim.mk/cas";
     readonly consultations: "https://consultations.finki.ukim.mk";
     readonly courses: "https://courses.finki.ukim.mk";
-    readonly diplomas: "http://diplomski.finki.ukim.mk";
+    readonly diplomas: "https://diplomski.finki.ukim.mk";
+    readonly gitlab: "https://gitlab.finki.ukim.mk";
+    readonly iknow: "https://www.iknow.ukim.mk";
     readonly internships: "https://internships.finki.ukim.mk";
+    readonly ispiti: "https://ispiti.finki.ukim.mk";
     readonly masters: "https://magisterski.finki.ukim.mk";
     readonly old_courses: "https://oldcourses.finki.ukim.mk";
 };
 export declare const SERVICE_LOGIN_URLS: {
+    readonly anketi: "https://anketi.ukim.mk";
     readonly cas: "https://cas.finki.ukim.mk/cas/login";
     readonly consultations: "https://consultations.finki.ukim.mk/consultations";
     readonly courses: "https://courses.finki.ukim.mk/login/index.php";
     readonly diplomas: "http://diplomski.finki.ukim.mk/Account/LoginCAS";
+    readonly gitlab: "https://gitlab.finki.ukim.mk/users/sign_in";
+    readonly iknow: "https://www.iknow.ukim.mk";
     readonly internships: "https://internships.finki.ukim.mk/login";
+    readonly ispiti: "https://ispiti.finki.ukim.mk/login/index.php";
     readonly masters: "https://magisterski.finki.ukim.mk/login";
     readonly old_courses: "https://oldcourses.finki.ukim.mk/login/index.php";
 };
 export declare const SERVICE_SUCCESS_SELECTORS: {
+    readonly anketi: "a[href=\"/MicrosoftIdentity/Account/SignOut\"]";
     readonly cas: "div.success";
     readonly consultations: "a#username";
     readonly courses: "span.usertext.me-1";
     readonly diplomas: "#logoutForm > ul > li:nth-child(1) > a";
+    readonly gitlab: "aside.super-sidebar";
+    readonly iknow: "a#ctl00_ctl00_lnkLogOut";
     readonly internships: "span.text-white";
+    readonly ispiti: "span.usertext.me-1";
     readonly masters: "li > a > span";
     readonly old_courses: "span.usertext.mr-1";
 };
+export declare const GITLAB_LDAP_CALLBACK_URL = "https://gitlab.finki.ukim.mk/users/auth/ldapmain/callback";
+export declare const IKNOW_CAS_SERVICE_URL = "https://is.iknow.ukim.mk/account/logincas";
+export declare const ANKETI_SIGN_IN_URL = "https://anketi.ukim.mk/MicrosoftIdentity/Account/SignIn";

package/dist/constants.js

@@ -1,28 +1,45 @@
 import { Service } from './lib/Service.js';
 export const SERVICE_URLS = {
+    [Service.ANKETI]: 'https://anketi.ukim.mk',
     [Service.CAS]: 'https://cas.finki.ukim.mk/cas',
     [Service.CONSULTATIONS]: 'https://consultations.finki.ukim.mk',
     [Service.COURSES]: 'https://courses.finki.ukim.mk',
-    [Service.DIPLOMAS]: 'http://diplomski.finki.ukim.mk',
+    [Service.DIPLOMAS]: 'https://diplomski.finki.ukim.mk',
+    [Service.GITLAB]: 'https://gitlab.finki.ukim.mk',
+    [Service.IKNOW]: 'https://www.iknow.ukim.mk',
     [Service.INTERNSHIPS]: 'https://internships.finki.ukim.mk',
+    [Service.ISPITI]: 'https://ispiti.finki.ukim.mk',
     [Service.MASTERS]: 'https://magisterski.finki.ukim.mk',
     [Service.OLD_COURSES]: 'https://oldcourses.finki.ukim.mk',
 };
 export const SERVICE_LOGIN_URLS = {
+    [Service.ANKETI]: 'https://anketi.ukim.mk',
     [Service.CAS]: 'https://cas.finki.ukim.mk/cas/login',
     [Service.CONSULTATIONS]: 'https://consultations.finki.ukim.mk/consultations',
     [Service.COURSES]: 'https://courses.finki.ukim.mk/login/index.php',
+    // CAS only authorises this service under its http URL; an https `service`
+    // param is rejected and no ticket is issued. The server upgrades to https.
     [Service.DIPLOMAS]: 'http://diplomski.finki.ukim.mk/Account/LoginCAS',
+    [Service.GITLAB]: 'https://gitlab.finki.ukim.mk/users/sign_in',
+    [Service.IKNOW]: 'https://www.iknow.ukim.mk',
     [Service.INTERNSHIPS]: 'https://internships.finki.ukim.mk/login',
+    [Service.ISPITI]: 'https://ispiti.finki.ukim.mk/login/index.php',
     [Service.MASTERS]: 'https://magisterski.finki.ukim.mk/login',
     [Service.OLD_COURSES]: 'https://oldcourses.finki.ukim.mk/login/index.php',
 };
 export const SERVICE_SUCCESS_SELECTORS = {
+    [Service.ANKETI]: 'a[href="/MicrosoftIdentity/Account/SignOut"]',
     [Service.CAS]: 'div.success',
     [Service.CONSULTATIONS]: 'a#username',
     [Service.COURSES]: 'span.usertext.me-1',
     [Service.DIPLOMAS]: '#logoutForm > ul > li:nth-child(1) > a',
+    [Service.GITLAB]: 'aside.super-sidebar',
+    [Service.IKNOW]: 'a#ctl00_ctl00_lnkLogOut',
     [Service.INTERNSHIPS]: 'span.text-white',
+    [Service.ISPITI]: 'span.usertext.me-1',
     [Service.MASTERS]: 'li > a > span',
     [Service.OLD_COURSES]: 'span.usertext.mr-1',
 };
+export const GITLAB_LDAP_CALLBACK_URL = 'https://gitlab.finki.ukim.mk/users/auth/ldapmain/callback';
+export const IKNOW_CAS_SERVICE_URL = 'https://is.iknow.ukim.mk/account/logincas';
+export const ANKETI_SIGN_IN_URL = 'https://anketi.ukim.mk/MicrosoftIdentity/Account/SignIn';

package/dist/lib/Service.d.ts

@@ -1,10 +1,14 @@
 import { z } from 'zod';
 export declare enum Service {
+    ANKETI = "anketi",
     CAS = "cas",
     CONSULTATIONS = "consultations",
     COURSES = "courses",
     DIPLOMAS = "diplomas",
+    GITLAB = "gitlab",
+    IKNOW = "iknow",
     INTERNSHIPS = "internships",
+    ISPITI = "ispiti",
     MASTERS = "masters",
     OLD_COURSES = "old_courses"
 }

package/dist/lib/Service.js

@@ -1,11 +1,15 @@
 import { z } from 'zod';
 export var Service;
 (function (Service) {
+    Service["ANKETI"] = "anketi";
     Service["CAS"] = "cas";
     Service["CONSULTATIONS"] = "consultations";
     Service["COURSES"] = "courses";
     Service["DIPLOMAS"] = "diplomas";
+    Service["GITLAB"] = "gitlab";
+    Service["IKNOW"] = "iknow";
     Service["INTERNSHIPS"] = "internships";
+    Service["ISPITI"] = "ispiti";
     Service["MASTERS"] = "masters";
     Service["OLD_COURSES"] = "old_courses";
 })(Service || (Service = {}));

package/dist/utils.d.ts

@@ -1,5 +1,13 @@
 import { type Cookie, CookieJar } from 'tough-cookie';
 import type { Service } from './lib/Service.js';
+export declare const parseCookieHeader: (cookieHeader: string) => Array<{
+    key: string;
+    value: string;
+}>;
+export declare const formatCookieHeader: (cookies: ReadonlyArray<{
+    key: string;
+    value: string;
+}>) => string;
 export declare const getCookieValidity: ({ cookieJar, service, }: {
     cookieJar: CookieJar;
     service: Service;

package/dist/utils.js

@@ -2,6 +2,16 @@ import * as cheerio from 'cheerio';
 import makeFetchCookie from 'fetch-cookie';
 import { CookieJar } from 'tough-cookie';
 import { SERVICE_SUCCESS_SELECTORS, SERVICE_URLS } from './constants.js';
+export const parseCookieHeader = (cookieHeader) => {
+    if (!cookieHeader) {
+        return [];
+    }
+    return cookieHeader.split('; ').map((cookie) => {
+        const [key = '', ...valueParts] = cookie.split('=');
+        return { key, value: valueParts.join('=') };
+    });
+};
+export const formatCookieHeader = (cookies) => cookies.map(({ key, value }) => `${key}=${value}`).join('; ');
 export const getCookieValidity = async ({ cookieJar, service, }) => {
     const url = SERVICE_URLS[service];
     const userElementSelector = SERVICE_SUCCESS_SELECTORS[service];
@@ -30,13 +40,7 @@ export const isCookieValid = async ({ cookies, service, }) => {
 export const isCookieHeaderValid = async ({ cookieHeader, service, }) => {
     const url = SERVICE_URLS[service];
     const jar = new CookieJar();
-    const cookies = cookieHeader
-        ? cookieHeader.split('; ').map((cookie) => {
-            const [key, ...valParts] = cookie.split('=');
-            const value = valParts.join('=');
-            return { key, value };
-        })
-        : [];
+    const cookies = parseCookieHeader(cookieHeader);
     for (const { key, value } of cookies) {
         await jar.setCookie(`${key}=${value}`, url);
     }

package/package.json

@@ -20,21 +20,20 @@
   },
   "description": "Authentication for FCSE services",
   "devDependencies": {
-    "@commitlint/cli": "^20.4.2",
-    "@commitlint/config-conventional": "^20.4.2",
-    "commitizen": "^4.3.1",
+    "@commitlint/cli": "^21.0.0",
+    "@commitlint/config-conventional": "^21.0.0",
+    "commitizen": "^4.3.2",
     "cz-conventional-changelog": "^3.3.0",
-    "dotenv": "^17.3.1",
-    "eslint": "^9.39.3",
-    "eslint-config-imperium": "^3.4.0",
+    "eslint": "^10.5.0",
+    "eslint-config-imperium": "^4.1.1",
     "husky": "^9.1.7",
     "rimraf": "^6.1.3",
     "semantic-release": "^25.0.2",
-    "typescript": "~5.9.3",
+    "typescript": "~6.0.2",
     "vitest": "^4.0.18"
   },
   "engines": {
-    "node": "^22 || ^24"
+    "node": "^22 || ^24 || ^26"
   },
   "files": [
     "dist",
@@ -68,5 +67,5 @@
   },
   "type": "module",
   "types": "dist/index.d.ts",
-  "version": "2.0.0"
+  "version": "3.0.0"
 }