reddy-api-srm 1.0.4 → 1.0.6

package/dist/src/auth/terminateSessions.d.ts

@@ -0,0 +1,22 @@
+export interface TerminateSessionsInput {
+    /** The concurrent session flow/ticket ID from validatePassword (isConcurrentLimit response) */
+    flowId: string | null;
+    /** Zoho identifier from verifyUser */
+    identifier: string;
+    /** Zoho digest from verifyUser */
+    digest: string;
+    /** Optional CSRF token (value of iamcsr cookie, without the prefix) */
+    csrfToken?: string;
+}
+
+export interface TerminateSessionsResult {
+    success: boolean;
+    status?: number;
+    /** Which strategy succeeded: "block-sessions" | "webclient-delete" | "none" */
+    strategy?: string;
+    data?: unknown;
+    error?: string;
+    errorReason?: unknown;
+}
+
+export declare function terminateSessions(params: TerminateSessionsInput): Promise<TerminateSessionsResult>;

package/dist/src/auth/terminateSessions.js

@@ -0,0 +1,123 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.terminateSessions = terminateSessions;
+
+/**
+ * Terminates all concurrent/existing sessions for a user on SRM Academia.
+ *
+ * SRM uses Zoho Accounts for IAM. When the 2-device limit is hit during login,
+ * the server redirects to a "block-sessions" preannouncement page where the user
+ * can terminate old sessions to continue with the new login.
+ *
+ * Two strategies are tried in sequence:
+ *
+ * Strategy 1 – Block-Sessions page POST (login-time termination):
+ *   POST https://academia.srmist.edu.in/accounts/p/40-10002227248/preannouncement/block-sessions
+ *   with mode=terminate and the current login's digest/identifier.
+ *   This is the endpoint hit when the user clicks "Terminate All Sessions" on the
+ *   preannouncement page during a login attempt.
+ *
+ * Strategy 2 – webclient DELETE (session-ticket termination, used in "My Account → Sessions"):
+ *   DELETE https://academia.srmist.edu.in/accounts/p/40-10002227248/webclient/v1/account/self/user/self/session/{SESSION_TICKET}
+ *   with x-zcsrf-token header. Used to delete individual known sessions.
+ *   flowId is used as the session ticket here if provided.
+ *
+ * @param {string} flowId      - The flow/session ID from validatePassword (concurrent limit response)
+ * @param {string} identifier  - Zoho identifier from verifyUser
+ * @param {string} digest      - Zoho digest from verifyUser
+ * @param {string} [csrfToken] - Optional x-zcsrf-token value (extracted from iamcsr cookie)
+ */
+async function terminateSessions({ flowId, identifier, digest, csrfToken }) {
+    // ── Strategy 1: Block-Sessions preannouncement POST ────────────────────────
+    // This is what fires when the user clicks "Terminate All Sessions" on the
+    // SRM concurrent-sessions warning page during a fresh login attempt.
+    try {
+        const blockSessionsUrl =
+            "https://academia.srmist.edu.in/accounts/p/40-10002227248/preannouncement/block-sessions";
+
+        const body = new URLSearchParams({
+            mode: "terminate",
+            identifier: identifier ?? "",
+            digest: digest ?? "",
+            cli_time: String(Date.now()),
+            servicename: "ZohoCreator",
+            service_language: "en",
+            serviceurl:
+                "https://academia.srmist.edu.in/portal/academia-academic-services/redirectFromLogin",
+        });
+
+        // Append flowId if we have it (some Zoho versions need it in the body)
+        if (flowId) body.append("flowId", flowId);
+
+        const res1 = await fetch(blockSessionsUrl, {
+            method: "POST",
+            headers: {
+                accept: "*/*",
+                "accept-language": "en-US,en;q=0.9",
+                "content-type": "application/x-www-form-urlencoded;charset=UTF-8",
+                "sec-fetch-dest": "empty",
+                "sec-fetch-mode": "cors",
+                "sec-fetch-site": "same-origin",
+                ...(csrfToken
+                    ? { "x-zcsrf-token": `iamcsrcoo=${csrfToken}` }
+                    : {}),
+                Referer:
+                    "https://academia.srmist.edu.in/accounts/p/10002227248/signin?hide_fp=true&servicename=ZohoCreator&service_language=en&dcc=true&serviceurl=https%3A%2F%2Facademia.srmist.edu.in%2Fportal%2Facademia-academic-services%2FredirectFromLogin",
+                "Referrer-Policy": "strict-origin-when-cross-origin",
+            },
+            body: body.toString(),
+        });
+
+        if (res1.ok || res1.status === 200 || res1.status === 201 || res1.redirected) {
+            let data = null;
+            try { data = await res1.json(); } catch { /* redirect or empty body is fine */ }
+            return { success: true, status: res1.status, strategy: "block-sessions", data };
+        }
+
+        console.warn("[terminateSessions] Strategy 1 (block-sessions POST) returned:", res1.status);
+    } catch (e1) {
+        console.warn("[terminateSessions] Strategy 1 error:", e1);
+    }
+
+    // ── Strategy 2: webclient DELETE by session ticket ─────────────────────────
+    // Used when we have a specific session ticket (flowId acts as session ticket).
+    // This is what the "My Account → Sessions" page uses to delete individual sessions.
+    if (flowId) {
+        try {
+            const deleteUrl = `https://academia.srmist.edu.in/accounts/p/40-10002227248/webclient/v1/account/self/user/self/session/${encodeURIComponent(flowId)}`;
+
+            const res2 = await fetch(deleteUrl, {
+                method: "DELETE",
+                headers: {
+                    accept: "application/json, text/javascript, */*; q=0.01",
+                    "accept-language": "en-US,en;q=0.9",
+                    "x-requested-with": "XMLHttpRequest",
+                    ...(csrfToken
+                        ? { "x-zcsrf-token": `iamcsrcoo=${csrfToken}` }
+                        : {}),
+                    Referer: "https://accounts.zoho.in/",
+                    "Referrer-Policy": "strict-origin-when-cross-origin",
+                },
+            });
+
+            if (res2.ok || res2.status === 200 || res2.status === 204) {
+                let data = null;
+                try { data = await res2.json(); } catch { /* 204 No Content is fine */ }
+                return { success: true, status: res2.status, strategy: "webclient-delete", data };
+            }
+
+            console.warn("[terminateSessions] Strategy 2 (webclient DELETE) returned:", res2.status);
+        } catch (e2) {
+            console.warn("[terminateSessions] Strategy 2 error:", e2);
+        }
+    }
+
+    // Both strategies failed — return a non-fatal "best-effort" result.
+    // The caller (handleTerminateAndRetry) will still attempt to re-login because
+    // sometimes the termination succeeds server-side even if we get an odd HTTP response.
+    return {
+        success: false,
+        error: "Both termination strategies failed — re-login will still be attempted",
+        strategy: "none",
+    };
+}

package/dist/src/auth/validatePassword.js

@@ -11,7 +11,9 @@ async function validatePassword({ identifier, digest, password, }) {
                 "sec-fetch-dest": "empty",
                 "sec-fetch-mode": "cors",
                 "sec-fetch-site": "same-origin",
-                Referer: "https://academia.srmist.edu.in/accounts/p/10002227248/signin?hide_fp=true&servicename=ZohoCreator&service_language=en&serviceurl=https%3A%2F%2Facademia.srmist.edu.in%2Fportal%2Facademia-academic-services%2FredirectFromLogin",
+                "x-zcsrf-token": "iamcsrcoo=fae2d8fa-e5a1-4cb0-a5ee-cc40af87e89f",
+                cookie: "zalb_74c3a1eecc=4cad43ac9848cc7edd20d2313fcde774; zccpn=a6fa7bc8-11c7-44ad-8be8-0aa6b04fad8a; JSESSIONID=3BD0053672AF3D628D983A15AA469D07; cli_rgn=IN; _ga=GA1.3.2061081340.1748689001; _gid=GA1.3.1677956689.1748689001; _ga_HQWPLLNMKY=GS2.3.s1748689001$o1$g0$t1748689001$j60$l0$h0; zalb_f0e8db9d3d=7ad3232c36fdd9cc324fb86c2c0a58ad; iamcsr=fae2d8fa-e5a1-4cb0-a5ee-cc40af87e89f; _zcsr_tmp=fae2d8fa-e5a1-4cb0-a5ee-cc40af87e89f; stk=d6559e9a58e77dbea9e24adf3bb57941",
+                Referer: "https://academia.srmist.edu.in/accounts/p/10002227248/signin?hide_fp=true&servicename=ZohoCreator&service_language=en&css_url=/49910842/academia-academic-services/downloadPortalCustomCss/login&dcc=true&serviceurl=https%3A%2F%2Facademia.srmist.edu.in%2Fportal%2Facademia-academic-services%2FredirectFromLogin",
                 "Referrer-Policy": "strict-origin-when-cross-origin",
             },
             body: `{"passwordauth":{"password":"${password}"}}`,
@@ -33,17 +35,38 @@ async function validatePassword({ identifier, digest, password, }) {
             };
             return { data, isAuthenticated: true };
         }
-        const captchaRequired = response.localized_message
-            ?.toLowerCase()
-            ?.includes("captcha")
-            ? true
-            : false;
+        // ── Concurrent / device-limit detection ──────────────────────────────────
+        // Zoho returns status_code 435 when the concurrent session limit is hit.
+        // The response also embeds a flowId used to call the terminate endpoint.
+        // Field names seen in Zoho responses: flowId, flow_id, concurrent_flow_id
+        const msg = (response.localized_message ?? response.message ?? "").toLowerCase();
+        const isConcurrentLimit =
+            response.status_code === 435 ||
+            msg.includes("concurrent") ||
+            msg.includes("maximum number") ||
+            msg.includes("device limit") ||
+            msg.includes("already logged") ||
+            !!response.flowId ||
+            !!response.flow_id ||
+            !!response.concurrent_flow_id;
+        // Extract the flow identifier — try all known field names
+        const flowId =
+            response.flowId ??
+            response.flow_id ??
+            response.concurrent_flow_id ??
+            response.login_flow_id ??
+            null;
+        // ─────────────────────────────────────────────────────────────────────────
+        const captchaRequired = msg.includes("captcha");
         const data = {
             statusCode: response.status_code,
-            message: response.localized_message,
+            message: response.localized_message ?? response.message,
             captcha: captchaRequired
                 ? { required: true, digest: response.cdigest }
                 : { required: false, digest: null },
+            // NEW: concurrent session fields
+            isConcurrentLimit,
+            flowId,
         };
         return { data, isAuthenticated: false };
     }

package/dist/src/auth/validateUser.js

@@ -14,7 +14,9 @@ async function validateUser(username) {
                 "sec-fetch-dest": "empty",
                 "sec-fetch-mode": "cors",
                 "sec-fetch-site": "same-origin",
-                Referer: "https://academia.srmist.edu.in/accounts/p/10002227248/signin?hide_fp=true&servicename=ZohoCreator&service_language=en&serviceurl=https%3A%2F%2Facademia.srmist.edu.in%2Fportal%2Facademia-academic-services%2FredirectFromLogin",
+                "x-zcsrf-token": "iamcsrcoo=3dea6395-0540-44ea-8de7-544256dd7549",
+                cookie: "zalb_74c3a1eecc=50830239914cba1225506e915a665a91; zccpn=68703e7d-ccf0-42ba-92b2-9c87c7a0c8ae; JSESSIONID=739937C3826C1F58C37186170B4F4B36; cli_rgn=IN; _ga=GA1.3.1846200817.1748679237; _gid=GA1.3.734795940.1748679237; _gat=1; _ga_HQWPLLNMKY=GS2.3.s1748679237$o1$g0$t1748679237$j60$l0$h0; zalb_f0e8db9d3d=983d6a65b2f29022f18db52385bfc639; iamcsr=3dea6395-0540-44ea-8de7-544256dd7549; _zcsr_tmp=3dea6395-0540-44ea-8de7-544256dd7549; stk=4ec13d42454007681bd4337cf126baec",
+                Referer: "https://academia.srmist.edu.in/accounts/p/10002227248/signin?hide_fp=true&servicename=ZohoCreator&service_language=en&css_url=/49910842/academia-academic-services/downloadPortalCustomCss/login&dcc=true&serviceurl=https%3A%2F%2Facademia.srmist.edu.in%2Fportal%2Facademia-academic-services%2FredirectFromLogin",
                 "Referrer-Policy": "strict-origin-when-cross-origin",
             },
             body: `mode=primary&cli_time=${Date.now()}&servicename=ZohoCreator&service_language=en&serviceurl=https%3A%2F%2Facademia.srmist.edu.in%2Fportal%2Facademia-academic-services%2FredirectFromLogin`,

package/dist/src/index.d.ts

@@ -3,6 +3,9 @@ export type { PasswordInput, UserResponse, AuthResult, UserValidationResult, Log
 export declare function verifyUser(username: string): Promise<UserValidationResult>;
 export declare function verifyPassword({ identifier, digest, password, }: PasswordInput): Promise<AuthResult>;
 export declare function logoutUser(cookie: string): Promise<LogoutResponse>;
+export interface TerminateSessionsInput { flowId: string | null; identifier: string; digest: string; csrfToken?: string; }
+export interface TerminateSessionsResult { success: boolean; status?: number; strategy?: string; data?: unknown; error?: string; errorReason?: unknown; }
+export declare function terminateSessions(params: TerminateSessionsInput): Promise<TerminateSessionsResult>;
 export declare function getTimetable(cookie: string): Promise<TimetableResponse>;
 export declare function getAttendance(cookie: string): Promise<AttendanceResponse>;
 export declare function getMarks(cookie: string): Promise<MarksResponse>;

package/dist/src/index.js

@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.verifyUser = verifyUser;
 exports.verifyPassword = verifyPassword;
 exports.logoutUser = logoutUser;
+exports.terminateSessions = terminateSessions;
 exports.getTimetable = getTimetable;
 exports.getAttendance = getAttendance;
 exports.getMarks = getMarks;
@@ -12,6 +13,7 @@ exports.getDayOrder = getDayOrder;
 exports.getCourse = getCourse;
 const validatePassword_1 = require("./auth/validatePassword");
 const validateUser_1 = require("./auth/validateUser");
+const terminateSessions_1 = require("./auth/terminateSessions");
 const fetchAttendance_1 = require("./fetch/fetchAttendance");
 const fetchCourseDetails_1 = require("./fetch/fetchCourseDetails");
 const fetchMarks_1 = require("./fetch/fetchMarks");
@@ -39,6 +41,10 @@ async function verifyPassword({ identifier, digest, password, }) {
 async function logoutUser(cookie) {
     return await (0, fetchLogout_1.fetchLogout)(cookie);
 }
+// Terminate concurrent sessions (2-device limit bypass)
+async function terminateSessions({ flowId, identifier, digest }) {
+    return await (0, terminateSessions_1.terminateSessions)({ flowId, identifier, digest });
+}
 // Get TimeTable
 async function getTimetable(cookie) {
     const fetch = await (0, fetchTimetable_1.fetchTimetable)(cookie);

package/dist/utils/dynamicUrl.js

@@ -9,14 +9,12 @@ async function calendarDynamicUrl() {
     let academicYearString;
     let semesterType;
     if (currentMonth >= 1 && currentMonth <= 6) {
-        // Jan-June: EVEN semester of previous academic year
         semesterType = "EVEN";
         academicYearString = `${currentYear - 1}_${currentYear
             .toString()
             .slice(-2)}`;
     }
     else {
-        // July-Dec: ODD semester of current academic year
         semesterType = "ODD";
         academicYearString = `${currentYear}_${(currentYear + 1)
             .toString()
@@ -27,8 +25,6 @@ async function calendarDynamicUrl() {
     return dynamicUrl;
 }
 async function courseDynamicUrl() {
-    // My_Time_Table_2023_24 serves the current semester timetable data
-    // Note: Despite the name, this endpoint returns the current academic year data
     const baseUrl = "https://academia.srmist.edu.in/srm_university/academia-academic-services/page/My_Time_Table_2023_24";
     return baseUrl;
 }

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "reddy-api-srm",
   "description": "SRMIST KTR Academia portal",
-  "version": "1.0.4",
+  "version": "1.0.6",
   "main": "dist/src/index.js",
   "types": "dist/src/index.d.ts",
   "exports": {