njau-auth 0.1.0__tar.gz

njau_auth-0.1.0/.gitignore

@@ -0,0 +1,15 @@
+__pycache__/
+*.py[cod]
+*.egg-info/
+.pytest_cache/
+.ruff_cache/
+.mypy_cache/
+.venv/
+venv/
+dist/
+build/
+auth_session.json
+captcha_temp.*
+playwright-profiles/
+.env
+

njau_auth-0.1.0/LICENSE

@@ -0,0 +1,22 @@
+MIT License
+
+Copyright (c) 2026 leecyang
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+

njau_auth-0.1.0/PKG-INFO

@@ -0,0 +1,80 @@
+Metadata-Version: 2.4
+Name: njau-auth
+Version: 0.1.0
+Summary: NJAU CAS authentication helper
+Project-URL: Homepage, https://github.com/leecyang/NJAU-Auth
+Project-URL: Repository, https://github.com/leecyang/NJAU-Auth
+Project-URL: Issues, https://github.com/leecyang/NJAU-Auth/issues
+Author: leecyang
+License: MIT
+License-File: LICENSE
+Keywords: auth,cas,httpx,njau
+Requires-Python: >=3.10
+Requires-Dist: httpx>=0.28.1
+Requires-Dist: pycryptodome>=3.20.0
+Provides-Extra: dev
+Requires-Dist: pytest>=8.0.0; extra == 'dev'
+Description-Content-Type: text/markdown
+
+# NJAU-Auth
+
+南京农业大学统一身份认证（CAS）登录辅助库。项目形态参考 `Golevka2001/SEU-Auth`，当前版本使用纯 HTTP 请求完成登录，不依赖 Playwright 或浏览器自动化。
+
+当前实现参考了本地 `NJAU-Libyy` 项目中可工作的 CAS 自动化流程，支持：
+
+- 使用学号和统一认证密码登录。
+- 先 GET 登录页，提取 `execution` 和 `pwdEncryptSalt`。
+- 使用 AES-128-CBC / PKCS7 生成提交用密码密文。
+- 检测账号密码错误、验证码要求和短信二次验证。
+- 通过回调提交短信验证码。
+- 保存并复用 Cookie，减少重复登录。
+- 默认服务地址为 `http://jw3.njau.edu.cn/`。
+
+## Installation
+
+```bash
+pip install -e .
+```
+
+## Basic Usage
+
+```python
+import asyncio
+from njau_auth import NJAUAuthManager
+
+
+async def sms_callback(challenge):
+    print(challenge.message)
+    return input("SMS code: ").strip()
+
+
+async def main():
+    manager = NJAUAuthManager(
+        student_id="2023000000",
+        password="your-password",
+        sms_callback=sms_callback,
+    )
+
+    async with manager:
+        result = await manager.login()
+        print(result.final_url)
+        print(result.cookies)
+
+
+asyncio.run(main())
+```
+
+## CLI
+
+```bash
+njau-auth-login --student-id 2023000000
+```
+
+如果不传 `--password`，命令会从交互式密码输入读取。
+
+## Notes
+
+- 默认密码密文使用当前 CAS 可接受的形态：`pwdEncryptSalt` 作为 AES key、固定 16 字节 IV、`64 位随机前缀 + 原始密码` 作为明文。
+- `utils.crypto` 里保留了固定 key 的兼容函数 `encrypt_password_with_fixed_key()`，用于兼容其他部署或后续验证。
+- 如果要认证其他 CAS 服务，可在 `NJAUAuthClient` 或 `NJAUAuthManager` 中传入 `service_url` 和 `success_url_contains`。
+- 当统一认证要求图形验证码或滑块验证码时，当前版本会直接抛出 `CaptchaRequiredError`，避免误判或卡死。

njau_auth-0.1.0/README.md

@@ -0,0 +1,62 @@
+# NJAU-Auth
+
+南京农业大学统一身份认证（CAS）登录辅助库。项目形态参考 `Golevka2001/SEU-Auth`，当前版本使用纯 HTTP 请求完成登录，不依赖 Playwright 或浏览器自动化。
+
+当前实现参考了本地 `NJAU-Libyy` 项目中可工作的 CAS 自动化流程，支持：
+
+- 使用学号和统一认证密码登录。
+- 先 GET 登录页，提取 `execution` 和 `pwdEncryptSalt`。
+- 使用 AES-128-CBC / PKCS7 生成提交用密码密文。
+- 检测账号密码错误、验证码要求和短信二次验证。
+- 通过回调提交短信验证码。
+- 保存并复用 Cookie，减少重复登录。
+- 默认服务地址为 `http://jw3.njau.edu.cn/`。
+
+## Installation
+
+```bash
+pip install -e .
+```
+
+## Basic Usage
+
+```python
+import asyncio
+from njau_auth import NJAUAuthManager
+
+
+async def sms_callback(challenge):
+    print(challenge.message)
+    return input("SMS code: ").strip()
+
+
+async def main():
+    manager = NJAUAuthManager(
+        student_id="2023000000",
+        password="your-password",
+        sms_callback=sms_callback,
+    )
+
+    async with manager:
+        result = await manager.login()
+        print(result.final_url)
+        print(result.cookies)
+
+
+asyncio.run(main())
+```
+
+## CLI
+
+```bash
+njau-auth-login --student-id 2023000000
+```
+
+如果不传 `--password`，命令会从交互式密码输入读取。
+
+## Notes
+
+- 默认密码密文使用当前 CAS 可接受的形态：`pwdEncryptSalt` 作为 AES key、固定 16 字节 IV、`64 位随机前缀 + 原始密码` 作为明文。
+- `utils.crypto` 里保留了固定 key 的兼容函数 `encrypt_password_with_fixed_key()`，用于兼容其他部署或后续验证。
+- 如果要认证其他 CAS 服务，可在 `NJAUAuthClient` 或 `NJAUAuthManager` 中传入 `service_url` 和 `success_url_contains`。
+- 当统一认证要求图形验证码或滑块验证码时，当前版本会直接抛出 `CaptchaRequiredError`，避免误判或卡死。

njau_auth-0.1.0/examples/basic_usage.py

@@ -0,0 +1,24 @@
+import asyncio
+
+from njau_auth import NJAUAuthManager
+
+
+async def sms_callback(challenge):
+    print(challenge.message)
+    return input("SMS code: ").strip()
+
+
+async def main():
+    async with NJAUAuthManager(
+        student_id="2023000000",
+        password="your-password",
+        sms_callback=sms_callback,
+    ) as manager:
+        result = await manager.login()
+        print(result.final_url)
+        print(result.token)
+
+
+if __name__ == "__main__":
+    asyncio.run(main())
+

njau_auth-0.1.0/pyproject.toml

@@ -0,0 +1,43 @@
+[project]
+name = "njau-auth"
+version = "0.1.0"
+description = "NJAU CAS authentication helper"
+readme = "README.md"
+authors = [{ name = "leecyang" }]
+license = { text = "MIT" }
+keywords = ["njau", "cas", "auth", "httpx"]
+requires-python = ">=3.10"
+dependencies = ["httpx>=0.28.1", "pycryptodome>=3.20.0"]
+
+[project.scripts]
+njau-auth-login = "njau_auth.cli:main"
+
+[project.urls]
+Homepage = "https://github.com/leecyang/NJAU-Auth"
+Repository = "https://github.com/leecyang/NJAU-Auth"
+Issues = "https://github.com/leecyang/NJAU-Auth/issues"
+
+[dependency-groups]
+dev = [
+    "pytest>=8.0.0",
+]
+
+[project.optional-dependencies]
+dev = [
+    "pytest>=8.0.0",
+]
+
+[build-system]
+requires = ["hatchling"]
+build-backend = "hatchling.build"
+
+[tool.hatch.build.targets.wheel]
+packages = ["src/njau_auth"]
+
+[tool.pytest.ini_options]
+pythonpath = ["src"]
+testpaths = ["tests"]
+python_files = ["test_*.py"]
+python_classes = ["Test*"]
+python_functions = ["test_*"]
+addopts = "--verbose --strict-markers"

njau_auth-0.1.0/src/njau_auth/__init__.py

@@ -0,0 +1,25 @@
+from .auth_client import NJAUAuthClient
+from .auth_manager import AuthStorage, JsonFileAuthStorage, NJAUAuthManager
+from .exceptions import (
+    CaptchaRequiredError,
+    CASFormError,
+    InvalidCredentialsError,
+    NJAUAuthError,
+    SMSRequiredError,
+)
+from .models import LoginResult, PageState, SMSChallenge
+
+__all__ = [
+    "AuthStorage",
+    "CaptchaRequiredError",
+    "CASFormError",
+    "InvalidCredentialsError",
+    "JsonFileAuthStorage",
+    "LoginResult",
+    "NJAUAuthClient",
+    "NJAUAuthError",
+    "NJAUAuthManager",
+    "PageState",
+    "SMSChallenge",
+    "SMSRequiredError",
+]

njau_auth-0.1.0/src/njau_auth/auth_client.py

@@ -0,0 +1,325 @@
+import inspect
+import re
+from typing import Any, Awaitable, Callable
+from urllib.parse import urlencode, urlparse, urlunparse
+
+import httpx
+
+from .exceptions import CaptchaRequiredError, InvalidCredentialsError, NJAUAuthError
+from .models import LoginResult, SMSChallenge
+from .utils.crypto import DEFAULT_AES_IV, encrypt_password
+from .utils.parse import (
+    extract_error_text,
+    extract_login_page,
+    has_captcha_challenge,
+    has_sms_challenge,
+    is_student_id,
+)
+
+DEFAULT_BASE_URL = "https://authserver.njau.edu.cn"
+DEFAULT_SERVICE_URL = "http://jw3.njau.edu.cn/"
+DEFAULT_SUCCESS_URL_CONTAINS = "jw"
+DEFAULT_TOKEN_STORAGE_KEY = None
+DEFAULT_USER_AGENT = (
+    "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 "
+    "(KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
+)
+
+SMSCallback = Callable[[SMSChallenge], str | Awaitable[str]]
+
+
+async def _default_sms_callback(challenge: SMSChallenge) -> str:
+    print(challenge.message)
+    return input("Please enter SMS code: ").strip()
+
+
+class NJAUAuthClient:
+    """Pure HTTP NJAU CAS client."""
+
+    def __init__(
+        self,
+        *,
+        base_url: str = DEFAULT_BASE_URL,
+        service_url: str = DEFAULT_SERVICE_URL,
+        success_url_contains: str = DEFAULT_SUCCESS_URL_CONTAINS,
+        token_storage_key: str | None = DEFAULT_TOKEN_STORAGE_KEY,
+        timeout: float = 30.0,
+        headers: dict[str, str] | None = None,
+        aes_iv: str = DEFAULT_AES_IV,
+    ):
+        self.base_url = base_url.rstrip("/")
+        self.service_url = service_url
+        self.success_url_contains = success_url_contains
+        self.token_storage_key = token_storage_key
+        self.timeout = timeout
+        self.aes_iv = aes_iv
+        self._headers = {
+            "User-Agent": DEFAULT_USER_AGENT,
+            "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
+            **(headers or {}),
+        }
+        self._client: httpx.AsyncClient | None = None
+
+    async def __aenter__(self) -> "NJAUAuthClient":
+        await self.open()
+        return self
+
+    async def __aexit__(self, exc_type, exc_val, exc_tb) -> None:
+        await self.close()
+
+    @property
+    def client(self) -> httpx.AsyncClient:
+        if self._client is None:
+            raise RuntimeError("Client is not open. Call open() first.")
+        return self._client
+
+    async def open(self) -> None:
+        if self._client is not None:
+            return
+        self._client = httpx.AsyncClient(
+            headers=self._headers,
+            follow_redirects=True,
+            timeout=self.timeout,
+        )
+
+    async def close(self) -> None:
+        if self._client is not None:
+            await self._client.aclose()
+            self._client = None
+
+    def get_cookies(self) -> dict[str, str]:
+        return dict(self.client.cookies)
+
+    def load_cookies(self, cookies: dict[str, str]) -> None:
+        self.client.cookies.update(cookies)
+
+    async def resume(self) -> LoginResult | None:
+        await self.open()
+        response = await self.client.get(self.login_url)
+        if self._is_success(response):
+            return self._result(response)
+        return None
+
+    async def login(
+        self,
+        student_id: str,
+        password: str,
+        *,
+        sms_callback: SMSCallback | None = None,
+        captcha: str = "",
+        clear_existing_state: bool = True,
+    ) -> LoginResult:
+        if not is_student_id(student_id):
+            raise ValueError("student_id must be 4-32 letters or digits")
+        if not password:
+            raise ValueError("password must not be empty")
+
+        await self.open()
+        if clear_existing_state:
+            self.client.cookies.clear()
+
+        login_response = await self.client.get(self.login_url)
+        login_response.raise_for_status()
+        page = extract_login_page(
+            login_response.text,
+            str(login_response.url),
+            base_url=self.base_url,
+        )
+        encrypted = encrypt_password(password, page.pwd_encrypt_salt, iv=self.aes_iv)
+
+        data = {
+            "username": student_id,
+            "password": encrypted,
+            "captcha": captcha,
+            "_eventId": page.fields.get("_eventId", "submit"),
+            "cllt": "userNameLogin",
+            "dllt": page.fields.get("dllt", "generalLogin"),
+            "lt": page.fields.get("lt", ""),
+            "execution": page.execution,
+        }
+        response = await self.client.post(
+            self._with_service(page.action),
+            data=data,
+            headers={
+                "Origin": self.base_url,
+                "Referer": str(login_response.url),
+                "Content-Type": "application/x-www-form-urlencoded",
+            },
+        )
+        return await self._handle_login_response(
+            response,
+            sms_callback=sms_callback or _default_sms_callback,
+        )
+
+    async def _handle_login_response(
+        self,
+        response: httpx.Response,
+        *,
+        sms_callback: SMSCallback,
+    ) -> LoginResult:
+        if self._is_success(response):
+            return self._result(response)
+
+        error_text = extract_error_text(response.text)
+        if has_captcha_challenge(response.text, error_text):
+            raise CaptchaRequiredError(error_text or "CAS requires captcha verification")
+        if self._is_invalid_credentials(error_text):
+            raise InvalidCredentialsError(error_text)
+        if has_sms_challenge(response.text, str(response.url)):
+            response = await self._complete_sms(response, sms_callback)
+            if self._is_success(response):
+                return self._result(response)
+            error_text = extract_error_text(response.text)
+            raise NJAUAuthError("CAS_SMS_FAILED", error_text or "SMS verification failed")
+        if error_text:
+            raise NJAUAuthError("CAS_LOGIN_FAILED", error_text)
+        raise NJAUAuthError("CAS_LOGIN_FAILED", "CAS login did not reach the target service")
+
+    async def _complete_sms(
+        self,
+        response: httpx.Response,
+        sms_callback: SMSCallback,
+    ) -> httpx.Response:
+        send_message = await self._try_send_sms_code(response)
+        for attempt in range(1, 4):
+            code = await self._call_sms_callback(
+                sms_callback,
+                SMSChallenge(
+                    attempt=attempt,
+                    expires_at=0,
+                    message=send_message or "Enter the 6-digit SMS code sent by NJAU CAS",
+                ),
+            )
+            if not code.isdigit() or len(code) != 6:
+                raise ValueError("SMS code must be exactly 6 digits")
+
+            data = self._sms_form_data(response.text)
+            data["dynamicCode"] = code
+            submit_url = self._sms_submit_url(response)
+            response = await self.client.post(
+                submit_url,
+                data=data,
+                headers={
+                    "Origin": self.base_url,
+                    "Referer": str(response.url),
+                    "Content-Type": "application/x-www-form-urlencoded",
+                },
+            )
+            if self._is_success(response):
+                return response
+            error_text = extract_error_text(response.text)
+            if attempt == 3 or not has_sms_challenge(response.text, str(response.url)):
+                raise NJAUAuthError("CAS_SMS_FAILED", error_text or "SMS verification failed")
+        return response
+
+    async def _try_send_sms_code(self, response: httpx.Response) -> str:
+        candidates = self._sms_send_candidates(response)
+        last_error = ""
+        for url, data in candidates:
+            try:
+                sent = await self.client.post(
+                    url,
+                    data=data,
+                    headers={
+                        "Origin": self.base_url,
+                        "Referer": str(response.url),
+                        "X-Requested-With": "XMLHttpRequest",
+                    },
+                )
+                if sent.status_code >= 400:
+                    continue
+                payload = self._json_or_text(sent)
+                if isinstance(payload, dict):
+                    message = str(payload.get("message") or payload.get("msg") or payload.get("info") or "")
+                    code = str(payload.get("code") or "")
+                    if code.lower() in {"success", "ok", "200"} or payload.get("success") is True:
+                        return message
+                    last_error = message or code
+                elif "success" in payload.lower() or "已发送" in payload:
+                    return payload
+            except httpx.HTTPError as exc:
+                last_error = str(exc)
+        if last_error:
+            return last_error
+        return "SMS send endpoint was not confirmed; enter the code if it was sent"
+
+    def _sms_send_candidates(self, response: httpx.Response) -> list[tuple[str, dict[str, str]]]:
+        html = response.text
+        candidates: list[tuple[str, dict[str, str]]] = []
+        for match in set(
+            re_match
+            for re_match in re.findall(r'["\']([^"\']*dynamicCode[^"\']*?\.htl)["\']', html)
+        ):
+            candidates.append((httpx.URL(str(response.url)).join(match).__str__(), {}))
+        candidates.extend(
+            [
+                (f"{self.base_url}/authserver/reAuth/getDynamicCode.htl", {}),
+                (f"{self.base_url}/authserver/reAuth/sendDynamicCode.htl", {}),
+                (f"{self.base_url}/authserver/dynamicCode/getDynamicCode.htl", {}),
+            ]
+        )
+        return candidates
+
+    def _sms_form_data(self, html: str) -> dict[str, str]:
+        from .utils.parse import parse_forms
+
+        forms = parse_forms(html)
+        form = forms.get("pwdFromId") or forms.get("phoneFromId") or next(iter(forms.values()), None)
+        fields = dict(form["inputs"]) if form else {}
+        fields.setdefault("_eventId", "submit")
+        fields.setdefault("cllt", "userNameLogin")
+        fields.setdefault("dllt", "generalLogin")
+        fields.setdefault("lt", "")
+        return fields
+
+    def _sms_submit_url(self, response: httpx.Response) -> str:
+        from .utils.parse import parse_forms
+
+        forms = parse_forms(response.text)
+        form = forms.get("pwdFromId") or forms.get("phoneFromId") or next(iter(forms.values()), None)
+        action = form["attrs"].get("action") if form else "/authserver/login"
+        return self._with_service(httpx.URL(str(response.url)).join(action or "/authserver/login").__str__())
+
+    def _is_success(self, response: httpx.Response) -> bool:
+        url = str(response.url)
+        if "authserver.njau.edu.cn" not in url and self.success_url_contains in url:
+            return True
+        return "xsMain.jsp" in url or "ticket=ST-" in url
+
+    def _result(self, response: httpx.Response) -> LoginResult:
+        return LoginResult(
+            final_url=str(response.url),
+            token=None,
+            cookies=self.get_cookies(),
+            storage_state={"cookies": self.get_cookies()},
+            html=response.text,
+        )
+
+    def _with_service(self, url: str) -> str:
+        parsed = urlparse(url)
+        query = parsed.query
+        if "service=" not in query:
+            query = f"{query}&{urlencode({'service': self.service_url})}" if query else urlencode({"service": self.service_url})
+        return urlunparse(parsed._replace(query=query))
+
+    @property
+    def login_url(self) -> str:
+        return f"{self.base_url}/authserver/login?{urlencode({'service': self.service_url})}"
+
+    @staticmethod
+    def _json_or_text(response: httpx.Response) -> Any:
+        try:
+            return response.json()
+        except ValueError:
+            return response.text
+
+    @staticmethod
+    def _is_invalid_credentials(error_text: str) -> bool:
+        return any(word in error_text for word in ["用户名", "密码错误", "账号", "凭证错误"])
+
+    @staticmethod
+    async def _call_sms_callback(callback: SMSCallback, challenge: SMSChallenge) -> str:
+        value = callback(challenge)
+        if inspect.isawaitable(value):
+            value = await value
+        return str(value).strip()

njau_auth-0.1.0/src/njau_auth/auth_manager.py

@@ -0,0 +1,136 @@
+import json
+from pathlib import Path
+from typing import Any, Protocol
+
+from .auth_client import (
+    DEFAULT_SERVICE_URL,
+    DEFAULT_SUCCESS_URL_CONTAINS,
+    DEFAULT_TOKEN_STORAGE_KEY,
+    NJAUAuthClient,
+    SMSCallback,
+)
+from .models import LoginResult
+
+
+class AuthStorage(Protocol):
+    async def load_cookies(self, student_id: str) -> dict[str, str] | None:
+        ...
+
+    async def save_cookies(self, student_id: str, cookies: dict[str, str]) -> None:
+        ...
+
+    async def clear_cookies(self, student_id: str) -> None:
+        ...
+
+
+class JsonFileAuthStorage:
+    def __init__(self, path: str | Path = "auth_session.json"):
+        self.path = Path(path)
+        self._data: dict[str, Any] = {}
+        self._load()
+
+    def _load(self) -> None:
+        if not self.path.exists():
+            return
+        try:
+            self._data = json.loads(self.path.read_text(encoding="utf-8"))
+        except (OSError, json.JSONDecodeError):
+            self._data = {}
+
+    def _save(self) -> None:
+        self.path.parent.mkdir(parents=True, exist_ok=True)
+        self.path.write_text(
+            json.dumps(self._data, ensure_ascii=False, indent=2),
+            encoding="utf-8",
+        )
+
+    async def load_cookies(self, student_id: str) -> dict[str, str] | None:
+        value = self._data.get("cookies", {}).get(student_id)
+        return value if isinstance(value, dict) else None
+
+    async def save_cookies(self, student_id: str, cookies: dict[str, str]) -> None:
+        self._data.setdefault("cookies", {})[student_id] = cookies
+        self._save()
+
+    async def clear_cookies(self, student_id: str) -> None:
+        self._data.get("cookies", {}).pop(student_id, None)
+        self._save()
+
+
+class NJAUAuthManager:
+    def __init__(
+        self,
+        student_id: str,
+        password: str,
+        *,
+        sms_callback: SMSCallback | None = None,
+        storage: AuthStorage | None = None,
+        service_url: str = DEFAULT_SERVICE_URL,
+        success_url_contains: str = DEFAULT_SUCCESS_URL_CONTAINS,
+        token_storage_key: str | None = DEFAULT_TOKEN_STORAGE_KEY,
+        timeout: float = 30.0,
+        headers: dict[str, str] | None = None,
+    ):
+        self.student_id = student_id
+        self.password = password
+        self.sms_callback = sms_callback
+        self.storage = storage or JsonFileAuthStorage()
+        self.service_url = service_url
+        self.success_url_contains = success_url_contains
+        self.token_storage_key = token_storage_key
+        self.timeout = timeout
+        self.headers = headers or {}
+        self._client: NJAUAuthClient | None = None
+
+    async def __aenter__(self) -> "NJAUAuthManager":
+        return self
+
+    async def __aexit__(self, exc_type, exc_val, exc_tb) -> None:
+        await self.close()
+
+    async def close(self) -> None:
+        if self._client is not None:
+            await self._client.close()
+            self._client = None
+
+    async def login(self, *, force_refresh: bool = False) -> LoginResult:
+        cookies = None
+        if not force_refresh:
+            cookies = await self.storage.load_cookies(self.student_id)
+
+        self._client = NJAUAuthClient(
+            service_url=self.service_url,
+            success_url_contains=self.success_url_contains,
+            token_storage_key=self.token_storage_key,
+            timeout=self.timeout,
+            headers=self.headers,
+        )
+        await self._client.open()
+        if cookies:
+            self._client.load_cookies(cookies)
+
+        if not force_refresh and cookies is not None:
+            resumed = await self._client.resume()
+            if resumed is not None:
+                return resumed
+            await self._client.close()
+            self._client = None
+            cookies = None
+
+        if self._client is None:
+            self._client = NJAUAuthClient(
+                service_url=self.service_url,
+                success_url_contains=self.success_url_contains,
+                token_storage_key=self.token_storage_key,
+                timeout=self.timeout,
+                headers=self.headers,
+            )
+
+        result = await self._client.login(
+            self.student_id,
+            self.password,
+            sms_callback=self.sms_callback,
+            clear_existing_state=force_refresh,
+        )
+        await self.storage.save_cookies(self.student_id, result.cookies)
+        return result

njau_auth-0.1.0/src/njau_auth/cli.py

@@ -0,0 +1,46 @@
+import argparse
+import asyncio
+import getpass
+
+from .auth_manager import NJAUAuthManager
+
+
+def _parser() -> argparse.ArgumentParser:
+    parser = argparse.ArgumentParser(description="Login to NJAU CAS")
+    parser.add_argument("--student-id", required=True)
+    parser.add_argument("--password")
+    parser.add_argument("--force-refresh", action="store_true")
+    parser.add_argument("--service-url")
+    return parser
+
+
+async def _run(args: argparse.Namespace) -> None:
+    password = args.password or getpass.getpass("CAS password: ")
+
+    async def sms_callback(challenge):
+        print(challenge.message)
+        return input("SMS code: ").strip()
+
+    options = {}
+    if args.service_url:
+        options["service_url"] = args.service_url
+
+    async with NJAUAuthManager(
+        student_id=args.student_id,
+        password=password,
+        sms_callback=sms_callback,
+        **options,
+    ) as manager:
+        result = await manager.login(force_refresh=args.force_refresh)
+        print(f"final_url={result.final_url}")
+        print(f"token={result.token or ''}")
+        print("cookies=" + "; ".join(f"{key}={value}" for key, value in result.cookies.items()))
+
+
+def main() -> None:
+    args = _parser().parse_args()
+    asyncio.run(_run(args))
+
+
+if __name__ == "__main__":
+    main()

njau_auth-0.1.0/src/njau_auth/exceptions.py

@@ -0,0 +1,27 @@
+class NJAUAuthError(Exception):
+    """Base exception for NJAU authentication failures."""
+
+    def __init__(self, code: str, message: str, detail: str | None = None):
+        super().__init__(message)
+        self.code = code
+        self.detail = detail
+
+
+class InvalidCredentialsError(NJAUAuthError):
+    def __init__(self, message: str = "Invalid student id or password"):
+        super().__init__("CAS_INVALID_CREDENTIALS", message)
+
+
+class CaptchaRequiredError(NJAUAuthError):
+    def __init__(self, message: str = "CAS requires captcha verification"):
+        super().__init__("CAS_CAPTCHA_REQUIRED", message)
+
+
+class SMSRequiredError(NJAUAuthError):
+    def __init__(self, message: str = "CAS requires SMS verification"):
+        super().__init__("CAS_SMS_REQUIRED", message)
+
+
+class CASFormError(NJAUAuthError):
+    def __init__(self, message: str = "CAS login form is incomplete"):
+        super().__init__("CAS_FORM_ERROR", message)

njau_auth-0.1.0/src/njau_auth/models.py

@@ -0,0 +1,38 @@
+from dataclasses import dataclass
+from enum import Enum
+from typing import Any
+
+
+class PageState(str, Enum):
+    LOGIN = "LOGIN"
+    PASSWORD = "PASSWORD"
+    SMS = "SMS"
+    AUTHENTICATED = "AUTHENTICATED"
+    CAPTCHA = "CAPTCHA"
+    ERROR = "ERROR"
+    WAITING = "WAITING"
+
+
+@dataclass(slots=True)
+class SMSChallenge:
+    attempt: int
+    expires_at: float
+    message: str
+
+
+@dataclass(slots=True)
+class LoginResult:
+    final_url: str
+    token: str | None
+    cookies: dict[str, str]
+    storage_state: dict[str, Any]
+    html: str = ""
+
+
+@dataclass(slots=True)
+class LoginPage:
+    url: str
+    action: str
+    execution: str
+    pwd_encrypt_salt: str
+    fields: dict[str, str]

njau_auth-0.1.0/src/njau_auth/utils/__init__.py

@@ -0,0 +1,19 @@
+from .crypto import (
+    DEFAULT_AES_IV,
+    DEFAULT_AES_KEY,
+    aes_128_cbc_pkcs7_base64,
+    encrypt_password,
+    encrypt_password_with_fixed_key,
+)
+from .parse import classify_sms_page_state, is_student_id, normalize_cas_error
+
+__all__ = [
+    "DEFAULT_AES_IV",
+    "DEFAULT_AES_KEY",
+    "aes_128_cbc_pkcs7_base64",
+    "classify_sms_page_state",
+    "encrypt_password",
+    "encrypt_password_with_fixed_key",
+    "is_student_id",
+    "normalize_cas_error",
+]

njau_auth-0.1.0/src/njau_auth/utils/crypto.py

@@ -0,0 +1,53 @@
+import base64
+import secrets
+
+from Crypto.Cipher import AES
+from Crypto.Util.Padding import pad
+
+DEFAULT_AES_KEY = "gfsdiR2u0wBytBq7"
+DEFAULT_AES_IV = "HDbk7NdBpFPpFrZR"
+RANDOM_PREFIX_CHARS = "ABCDEFGHJKMNPQRSTWXYZabcdefhijkmnprstwxyz2345678"
+
+
+def aes_128_cbc_pkcs7_base64(plaintext: str, key: str, iv: str = DEFAULT_AES_IV) -> str:
+    key_bytes = key.encode("utf-8")
+    iv_bytes = iv.encode("utf-8")
+    if len(key_bytes) != 16:
+        raise ValueError("AES-128-CBC key must be exactly 16 bytes")
+    if len(iv_bytes) != 16:
+        raise ValueError("AES-128-CBC IV must be exactly 16 bytes")
+    cipher = AES.new(key_bytes, AES.MODE_CBC, iv_bytes)
+    ciphertext = cipher.encrypt(pad(plaintext.encode("utf-8"), AES.block_size))
+    return base64.b64encode(ciphertext).decode("ascii")
+
+
+def random_prefix(length: int = 64) -> str:
+    return "".join(secrets.choice(RANDOM_PREFIX_CHARS) for _ in range(length))
+
+
+def encrypt_password(password: str, pwd_encrypt_salt: str, *, iv: str = DEFAULT_AES_IV) -> str:
+    """Encrypt the password in the format accepted by the current NJAU CAS page.
+
+    The browser script calls encryptPassword(password, pwdEncryptSalt). Empirically
+    the server accepts AES-CBC with the dynamic page salt as the key, any 16-byte
+    IV, and a 64-character random prefix before the raw password.
+    """
+
+    return aes_128_cbc_pkcs7_base64(
+        random_prefix(64) + password,
+        key=pwd_encrypt_salt,
+        iv=iv,
+    )
+
+
+def encrypt_password_with_fixed_key(
+    password: str,
+    pwd_encrypt_salt: str,
+    *,
+    key: str = DEFAULT_AES_KEY,
+    iv: str = DEFAULT_AES_IV,
+) -> str:
+    """Compatibility helper for fixed-key deployments: AES(salt + password)."""
+
+    return aes_128_cbc_pkcs7_base64(pwd_encrypt_salt + password, key=key, iv=iv)
+

njau_auth-0.1.0/src/njau_auth/utils/parse.py

@@ -0,0 +1,126 @@
+import re
+from html.parser import HTMLParser
+from typing import Any
+from urllib.parse import urljoin
+
+from njau_auth.exceptions import CASFormError
+from njau_auth.models import LoginPage, PageState
+
+
+def is_student_id(value: str) -> bool:
+    return bool(re.fullmatch(r"[0-9A-Za-z]{4,32}", value or ""))
+
+
+def normalize_cas_error(text: str) -> str:
+    value = re.sub(r"<[^>]+>", "", text or "")
+    return " ".join(value.split()).strip()
+
+
+def classify_sms_page_state(
+    *,
+    url: str,
+    token: str | None = None,
+    input_visible: bool = False,
+    error_text: str = "",
+    success_url_contains: str = "",
+) -> PageState:
+    if success_url_contains and success_url_contains in url:
+        return PageState.AUTHENTICATED
+    if token:
+        return PageState.AUTHENTICATED
+    if error_text.strip():
+        return PageState.ERROR
+    if input_visible:
+        return PageState.SMS
+    return PageState.WAITING
+
+
+class _FormParser(HTMLParser):
+    def __init__(self) -> None:
+        super().__init__()
+        self.forms: dict[str, dict[str, Any]] = {}
+        self._current_form_id: str | None = None
+
+    def handle_starttag(self, tag: str, attrs: list[tuple[str, str | None]]) -> None:
+        attr = {key: value or "" for key, value in attrs}
+        if tag.lower() == "form":
+            form_id = attr.get("id") or f"__form_{len(self.forms)}"
+            self._current_form_id = form_id
+            self.forms[form_id] = {
+                "attrs": attr,
+                "inputs": {},
+            }
+            return
+
+        if tag.lower() == "input" and self._current_form_id:
+            name = attr.get("name") or attr.get("id")
+            if name:
+                self.forms[self._current_form_id]["inputs"][name] = attr.get("value", "")
+
+    def handle_endtag(self, tag: str) -> None:
+        if tag.lower() == "form":
+            self._current_form_id = None
+
+
+def parse_forms(html: str) -> dict[str, dict[str, Any]]:
+    parser = _FormParser()
+    parser.feed(html)
+    return parser.forms
+
+
+def extract_login_page(html: str, url: str, *, base_url: str) -> LoginPage:
+    forms = parse_forms(html)
+    form = forms.get("pwdFromId")
+    if not form:
+        raise CASFormError("pwdFromId form was not found")
+
+    fields = dict(form["inputs"])
+    execution = fields.get("execution", "")
+    pwd_encrypt_salt = fields.get("pwdEncryptSalt", "")
+    if not execution:
+        raise CASFormError("execution field was not found")
+    if not pwd_encrypt_salt:
+        raise CASFormError("pwdEncryptSalt field was not found")
+
+    action = form["attrs"].get("action") or "/authserver/login"
+    return LoginPage(
+        url=url,
+        action=urljoin(base_url, action),
+        execution=execution,
+        pwd_encrypt_salt=pwd_encrypt_salt,
+        fields=fields,
+    )
+
+
+def extract_error_text(html: str) -> str:
+    patterns = [
+        r'id=["\']showErrorTip["\'][^>]*>(.*?)</',
+        r'class=["\'][^"\']*(?:form-error|error|el-message)[^"\']*["\'][^>]*>(.*?)</',
+    ]
+    for pattern in patterns:
+        match = re.search(pattern, html, re.I | re.S)
+        if match:
+            text = normalize_cas_error(match.group(1))
+            if text:
+                return text
+    return ""
+
+
+def has_sms_challenge(html: str, url: str) -> bool:
+    needles = [
+        "dynamicCode",
+        "getDynamicCode",
+        "短信验证码",
+        "reAuthCheck",
+        "reAuthLoginView",
+    ]
+    return any(needle in html or needle in url for needle in needles)
+
+
+def has_captcha_challenge(html: str, error_text: str = "") -> bool:
+    if "sliderCaptchaDiv" in html:
+        return True
+    if "captchaDiv" in html and "getCaptcha.htl" in html:
+        return True
+    return any(word in error_text for word in ["验证码", "图形动态码", "滑块"])
+

njau_auth-0.1.0/tests/test_parse_utils.py

@@ -0,0 +1,105 @@
+from njau_auth.models import PageState
+from njau_auth.utils import (
+    aes_128_cbc_pkcs7_base64,
+    classify_sms_page_state,
+    encrypt_password_with_fixed_key,
+    is_student_id,
+    normalize_cas_error,
+)
+from njau_auth.utils.parse import extract_login_page
+
+
+def test_is_student_id_accepts_letters_and_digits():
+    assert is_student_id("2023000000") is True
+    assert is_student_id("A1234567") is True
+
+
+def test_is_student_id_rejects_bad_values():
+    assert is_student_id("") is False
+    assert is_student_id("123") is False
+    assert is_student_id("2023-000") is False
+
+
+def test_classify_authenticated_when_success_url_and_token():
+    assert (
+        classify_sms_page_state(
+            url="https://libyy.njau.edu.cn/student/studentIndex",
+            token="token",
+            input_visible=False,
+            error_text="",
+            success_url_contains="/student/studentIndex",
+        )
+        is PageState.AUTHENTICATED
+    )
+
+
+def test_classify_error_before_waiting():
+    assert (
+        classify_sms_page_state(
+            url="https://authserver.njau.edu.cn/authserver/reAuthLoginView",
+            token=None,
+            input_visible=True,
+            error_text=" 验证码错误 ",
+            success_url_contains="/student/studentIndex",
+        )
+        is PageState.ERROR
+    )
+
+
+def test_classify_sms_waiting():
+    assert (
+        classify_sms_page_state(
+            url="https://authserver.njau.edu.cn/authserver/reAuthLoginView",
+            token=None,
+            input_visible=True,
+            error_text="",
+            success_url_contains="/student/studentIndex",
+        )
+        is PageState.SMS
+    )
+
+
+def test_normalize_cas_error_collapses_whitespace():
+    assert normalize_cas_error("  用户名或\n密码错误\t") == "用户名或 密码错误"
+
+
+def test_extract_login_page_from_pwd_form():
+    html = """
+    <form id="pwdFromId" action="/authserver/login">
+      <input id="username" name="username" value="">
+      <input id="saltPassword" name="password" type="hidden">
+      <input id="_eventId" name="_eventId" value="submit">
+      <input id="cllt" name="cllt" value="userNameLogin">
+      <input id="dllt" name="dllt" value="generalLogin">
+      <input id="lt" name="lt" value="">
+      <input id="pwdEncryptSalt" value="abcdefghijklmnop">
+      <input id="execution" name="execution" value="exec-token">
+    </form>
+    """
+    page = extract_login_page(
+        html,
+        "https://authserver.njau.edu.cn/authserver/login",
+        base_url="https://authserver.njau.edu.cn",
+    )
+    assert page.action == "https://authserver.njau.edu.cn/authserver/login"
+    assert page.execution == "exec-token"
+    assert page.pwd_encrypt_salt == "abcdefghijklmnop"
+
+
+def test_aes_128_cbc_pkcs7_base64_is_deterministic_for_fixed_inputs():
+    encrypted = aes_128_cbc_pkcs7_base64(
+        "salt-password",
+        key="gfsdiR2u0wBytBq7",
+        iv="HDbk7NdBpFPpFrZR",
+    )
+    assert encrypted == "CrlQs5cBatFsWRtEppXJjg=="
+
+
+def test_fixed_key_compatibility_helper_uses_salt_plus_password():
+    encrypted = encrypt_password_with_fixed_key(
+        "password",
+        "salt-",
+        key="gfsdiR2u0wBytBq7",
+        iv="HDbk7NdBpFPpFrZR",
+    )
+    assert encrypted == "CrlQs5cBatFsWRtEppXJjg=="