implemented 2FA

Author: Zohair-coder

.github/workflows/build_and_deploy.yml

@@ -1,91 +1,91 @@
-# name: Build and Deploy to Kubernetes
+name: Build and Deploy to Kubernetes
 
-# on:
-#   push:
-#     branches:
-#       - main
-#       - dev
+on:
+  push:
+    branches:
+      - main
+      - dev
 
-# env:
-#   DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
-#   DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
-#   KUBECONFIG: ${{ secrets.KUBECONFIG }}
-#   IMAGE_NAME: zohairr/drexelscheduler-scraper
+env:
+  DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+  DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
+  KUBECONFIG: ${{ secrets.KUBECONFIG }}
+  IMAGE_NAME: zohairr/drexelscheduler-scraper
 
-# jobs:
-#   build-and-push:
-#     runs-on: ubuntu-latest
-#     steps:
-#       - name: Checkout code
-#         uses: actions/checkout@v4
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
 
-#       - name: Set up QEMU
-#         uses: docker/setup-qemu-action@v3
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
 
-#       - name: Set up Docker Buildx
-#         uses: docker/setup-buildx-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
 
-#       - name: Login to DockerHub
-#         run: echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_USERNAME }}" --password-stdin
+      - name: Login to DockerHub
+        run: echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_USERNAME }}" --password-stdin
 
-#       - name: Build and push Docker image
-#         run: |
-#           COMMIT_SHA=$(echo $GITHUB_SHA | cut -c1-7)
-#           docker buildx create --use
-#           docker buildx build --platform linux/arm64 -t $IMAGE_NAME:$COMMIT_SHA . --push
+      - name: Build and push Docker image
+        run: |
+          COMMIT_SHA=$(echo $GITHUB_SHA | cut -c1-7)
+          docker buildx create --use
+          docker buildx build --platform linux/arm64 -t $IMAGE_NAME:$COMMIT_SHA . --push
 
-#   deploy:
-#     needs: build-and-push
-#     runs-on: ubuntu-latest
-#     steps:
-#       - name: Checkout code
-#         uses: actions/checkout@v4
+  deploy:
+    needs: build-and-push
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
 
-#       - name: Install and configure kubectl
-#         run: |
-#           sudo snap install kubectl --classic
-#           echo "$KUBECONFIG" | base64 --decode > kubeconfig.yaml
+      - name: Install and configure kubectl
+        run: |
+          sudo snap install kubectl --classic
+          echo "$KUBECONFIG" | base64 --decode > kubeconfig.yaml
 
-#       - name: Set Namespace based on Branch
-#         run: echo "NAMESPACE=$(if [ "${{ github.ref }}" = "refs/heads/main" ]; then echo 'default'; else echo 'dev'; fi)" >> $GITHUB_ENV
+      - name: Set Namespace based on Branch
+        run: echo "NAMESPACE=$(if [ "${{ github.ref }}" = "refs/heads/main" ]; then echo 'default'; else echo 'dev'; fi)" >> $GITHUB_ENV
 
-#       - name: Set up Helm
-#         run: |
-#           curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3
-#           chmod 700 get_helm.sh
-#           ./get_helm.sh
+      - name: Set up Helm
+        run: |
+          curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3
+          chmod 700 get_helm.sh
+          ./get_helm.sh
       
-#       - name: Check for running Kubernetes jobs
-#         run: |
-#           KUBECONFIG=kubeconfig.yaml
-#           while kubectl get jobs -n ${{ env.NAMESPACE }} -o jsonpath='{.items[?(@.status.active)].metadata.name}' | grep "drexel-scheduler-cronjob"; do
-#             echo "Waiting for jobs to complete..."
-#             sleep 30
-#           done
+      - name: Check for running Kubernetes jobs
+        run: |
+          KUBECONFIG=kubeconfig.yaml
+          while kubectl get jobs -n ${{ env.NAMESPACE }} -o jsonpath='{.items[?(@.status.active)].metadata.name}' | grep "drexel-scheduler-cronjob"; do
+            echo "Waiting for jobs to complete..."
+            sleep 30
+          done
 
-#       - name: Deploy to Kubernetes
-#         run: |
-#           COMMIT_SHA=$(echo $GITHUB_SHA | cut -c1-7)
-#           VALUES_FILE="./k8s/drexel-scraper/values-${{ env.NAMESPACE }}.yaml"
-#           RELEASE_NAME="drexel-scraper-${{ env.NAMESPACE }}"
-#           KUBECONFIG=kubeconfig.yaml helm upgrade --install $RELEASE_NAME ./k8s/drexel-scraper -f $VALUES_FILE -n ${{ env.NAMESPACE }} --set image.tag=$COMMIT_SHA --atomic
+      - name: Deploy to Kubernetes
+        run: |
+          COMMIT_SHA=$(echo $GITHUB_SHA | cut -c1-7)
+          VALUES_FILE="./k8s/drexel-scraper/values-${{ env.NAMESPACE }}.yaml"
+          RELEASE_NAME="drexel-scraper-${{ env.NAMESPACE }}"
+          KUBECONFIG=kubeconfig.yaml helm upgrade --install $RELEASE_NAME ./k8s/drexel-scraper -f $VALUES_FILE -n ${{ env.NAMESPACE }} --set image.tag=$COMMIT_SHA --atomic
 
-#       - name: Clear Cache
-#         run: |
-#           kubectl create job -n ${{ env.NAMESPACE }} --from=cronjob/delete-extra-course-data-cronjob github-actions-delete-credits-job --kubeconfig=kubeconfig.yaml
-#           kubectl create job -n ${{ env.NAMESPACE }} --from=cronjob/delete-ratings-cronjob github-actions-delete-ratings-job --kubeconfig=kubeconfig.yaml
+      - name: Clear Cache
+        run: |
+          kubectl create job -n ${{ env.NAMESPACE }} --from=cronjob/delete-extra-course-data-cronjob github-actions-delete-credits-job --kubeconfig=kubeconfig.yaml
+          kubectl create job -n ${{ env.NAMESPACE }} --from=cronjob/delete-ratings-cronjob github-actions-delete-ratings-job --kubeconfig=kubeconfig.yaml
 
-#       - name: Add Grafana Helm Repo
-#         run: |
-#           helm repo add grafana https://grafana.github.io/helm-charts
-#           helm repo update
+      - name: Add Grafana Helm Repo
+        run: |
+          helm repo add grafana https://grafana.github.io/helm-charts
+          helm repo update
 
-#       - name: Deploy Grafana to Dev
-#         if: github.ref == 'refs/heads/dev'
-#         run: |
-#           KUBECONFIG=kubeconfig.yaml helm upgrade --install grafana-dev grafana/grafana -f k8s/grafana-dev-values.yaml -n dev
+      - name: Deploy Grafana to Dev
+        if: github.ref == 'refs/heads/dev'
+        run: |
+          KUBECONFIG=kubeconfig.yaml helm upgrade --install grafana-dev grafana/grafana -f k8s/grafana-dev-values.yaml -n dev
 
-#       - name: Deploy Grafana to Prod
-#         if: github.ref == 'refs/heads/main'
-#         run: |
-#           KUBECONFIG=kubeconfig.yaml helm upgrade --install grafana grafana/grafana -f k8s/grafana-default-values.yaml --set env.GF_ANALYTICS_GOOGLE_ANALYTICS_4_ID=${{ secrets.GOOGLE_ANALYTICS_ID }} -n default
+      - name: Deploy Grafana to Prod
+        if: github.ref == 'refs/heads/main'
+        run: |
+          KUBECONFIG=kubeconfig.yaml helm upgrade --install grafana grafana/grafana -f k8s/grafana-default-values.yaml --set env.GF_ANALYTICS_GOOGLE_ANALYTICS_4_ID=${{ secrets.GOOGLE_ANALYTICS_ID }} -n default

.github/workflows/functional_test.yml

@@ -48,7 +48,9 @@ jobs:
 
     - name: Run the scraper
       env:
-        DREXEL_SCHEDULER_SHIB_IDP_SESSION_COOKIE: ${{ secrets.DREXEL_SCHEDULER_SHIB_IDP_SESSION_COOKIE }}
+        DREXEL_USERNAME: ${{ secrets.DREXEL_USERNAME }}
+        DREXEL_PASSWORD: ${{ secrets.DREXEL_PASSWORD }}
+        DREXEL_MFA_SECRET_KEY: ${{ secrets.DREXEL_MFA_SECRET_KEY }}
       run: docker compose run scraper python3 src/main.py --db --all-colleges --ratings
 
     - name: Verify courses data exists in database

.gitignore

@@ -7,4 +7,6 @@ grafana_data
 trash.py
 profile_output.pstat
 callgrind.out.profile
-.venv
+.venv
+test.py
+test.txt

.vscode/launch.json

@@ -4,6 +4,13 @@
   // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
   "version": "0.2.0",
   "configurations": [
+    {
+      "name": "Python Debugger: Current File",
+      "type": "debugpy",
+      "request": "launch",
+      "program": "${file}",
+      "console": "integratedTerminal"
+    },
     {
       "name": "Python: main.py",
       "type": "debugpy",

docker-compose.yml

@@ -12,7 +12,9 @@ services:
       AWS_DEFAULT_REGION: us-east-1
       AWS_ACCESS_KEY_ID: "my-access-key"
       AWS_SECRET_ACCESS_KEY: "my-secret-access-key"
-      DREXEL_SCHEDULER_SHIB_IDP_SESSION_COOKIE: ${DREXEL_SCHEDULER_SHIB_IDP_SESSION_COOKIE}
+      DREXEL_USERNAME: ${DREXEL_USERNAME}
+      DREXEL_PASSWORD: ${DREXEL_PASSWORD}
+      DREXEL_MFA_SECRET_KEY: ${DREXEL_MFA_SECRET_KEY}
     volumes:
       - ./:/app
     depends_on:

src/config.py

@@ -15,13 +15,17 @@
 # example values = CI, A, AS
 college_code = "CI"
 
+# Drexel Connect Credentials
+drexel_username = os.environ["DREXEL_USERNAME"]
+drexel_password = os.environ["DREXEL_PASSWORD"]
+drexel_mfa_secret_key = os.environ["DREXEL_MFA_SECRET_KEY"]
+
 # URL's
 tms_base_url = "https://termmasterschedule.drexel.edu"
 tms_home_url = tms_base_url + "/webtms_du"
 tms_quarter_url = tms_home_url + "/collegesSubjects/" + year + quarter
 
-# Cookies
-shib_idp_session_cookie = os.environ["DREXEL_SCHEDULER_SHIB_IDP_SESSION_COOKIE"]
+drexel_connect_base_url = "https://connect.drexel.edu"
 
 # Email AWS Configuration
 topic_arn = os.getenv("DREXEL_SCHEDULER_TOPIC_ARN")

src/login.py

@@ -0,0 +1,148 @@
+from requests import Session
+from bs4 import BeautifulSoup, Tag
+import sys
+import re
+
+import config
+import totp
+
+def login_with_drexel_connect(session: Session):
+    response = session.get(config.drexel_connect_base_url)
+    soup = BeautifulSoup(response.text, "html.parser")
+
+    csrf_token = extract_csrf_token(soup)
+    form_action_path = extract_form_action_path(soup)
+    
+    login_payload = {
+        "j_username": config.drexel_username,
+        "j_password": config.drexel_password,
+        "csrf_token": csrf_token,
+        "_eventId_proceed": ""
+    }
+
+    # this should send the credentials and send the MFA request
+    response = session.post(config.drexel_connect_base_url + form_action_path, data=login_payload)
+
+    soup = BeautifulSoup(response.text, "html.parser")
+    data = parse_initial_mfa_page(soup)
+
+    response = session.post(config.drexel_connect_base_url + data["url"], data=data["form-data"])
+    json_response = response.json()
+
+    data = {
+        json_response["csrfN"]: json_response["csrfV"],
+        "_eventId": json_response["actValue"],
+    }
+
+    response = session.post(config.drexel_connect_base_url + json_response["flowExURL"], data=data)
+    soup = BeautifulSoup(response.text, "html.parser")
+
+    parsed_data = parse_final_mfa_page(soup)
+    
+    totp_code = totp.get_token(config.drexel_mfa_secret_key)
+
+    data = {
+        "csrf_token": parsed_data["csrf_token"],
+        "_eventId": "proceed",
+        "j_mfaToken": totp_code
+    }
+
+    response = session.post(config.drexel_connect_base_url + parsed_data["url"], data=data)
+
+    return session
+
+def extract_csrf_token(soup: BeautifulSoup) -> str:
+    csrf_token_input_tag = soup.find("input", {"name": "csrf_token"}) 
+
+    if not isinstance(csrf_token_input_tag, Tag):
+        raise Exception("Could not find CSRF token.")
+    
+    csrf_token = csrf_token_input_tag["value"]
+
+    if not isinstance(csrf_token, str):
+        raise Exception(f"CSRF token was not a string. Found: {csrf_token} of type: {type(csrf_token)}")
+
+    return csrf_token
+
+def extract_form_action_path(soup: BeautifulSoup) -> str:
+    # the form is a child of a div with id "login-box"
+    login_box_div = soup.find("div", {"id": "login-box"})
+
+    if not isinstance(login_box_div, Tag):
+        raise Exception("Could not find login box div.")
+
+    login_form = login_box_div.find("form")
+
+    if not isinstance(login_form, Tag):
+        raise Exception("Could not find login form.")
+
+    form_action_path = login_form["action"]
+
+    if not isinstance(form_action_path, str):
+        raise Exception(f"Form action path was not a string. Found: {form_action_path} of type: {type(form_action_path)}")
+
+    return form_action_path
+
+def parse_initial_mfa_page(soup: BeautifulSoup) -> dict[str, str]:
+    data = {}
+
+    # get the first script tag that isn't empty
+    script_tag = soup.find("script", string=lambda text: text and len(text) > 0)
+
+    if not isinstance(script_tag, Tag):
+        raise Exception("Could not find non-empty script tag.")
+
+    script_content = script_tag.string
+
+    if not isinstance(script_content, str):
+        raise Exception(f"Script content was not a string. Found: {script_content} of type: {type(script_content)}")
+
+    url_match = re.search(r"url:\s*['\"](/idp/profile/cas/login\?execution=[^'\"]+)['\"]", script_content)
+    if not url_match:
+        raise Exception("Could not find MFA URL.")
+
+    event_id_match = event_id_match = re.search(r"data:\s*'_eventId=([^'&]+)&csrf_token", script_content)
+    if not event_id_match:
+        raise Exception("Could not find MFA event ID.")
+
+    csrf_token_match = re.search(r"csrf_token=([^'&]+)", script_content)
+    if not csrf_token_match:
+        raise Exception("Could not find MFA CSRF token.")
+    
+    data["url"] = url_match.group(1)
+    data["form-data"] = {
+        "_eventId": event_id_match.group(1),
+        "csrf_token": csrf_token_match.group(1)
+    }
+
+
+    return data
+
+def parse_final_mfa_page(soup: BeautifulSoup) -> dict[str, str]:
+    data: dict[str, str] = {}
+
+    # get form by id "otp"
+    form = soup.find("form", {"id": "otp"})
+
+    if not isinstance(form, Tag):
+        raise Exception("Could not find OTP form.")
+    
+    url = form["action"]
+
+    if not isinstance(url, str):
+        raise Exception(f"Action was not a string. Found: {url} of type: {type(url)}")
+    
+    csrf_token_input = form.find("input", {"name": "csrf_token"})
+
+    if not isinstance(csrf_token_input, Tag):
+        raise Exception("Could not find CSRF token input.")
+    
+    csrf_token = csrf_token_input["value"]
+
+    if not isinstance(csrf_token, str):
+        raise Exception(f"CSRF token was not a string. Found: {csrf_token} of type: {type(csrf_token)}")
+
+    data["url"] = url
+    data["csrf_token"] = csrf_token
+
+    return data

src/scrape.py

@@ -7,13 +7,14 @@
 from helpers import send_request
 from parse import parse_subject_page, parse_crn_page
 import config
-
+import login
 
 def scrape(
     include_ratings: bool = False, all_colleges: bool = False
 ) -> dict[str, dict[str, Any]]:
     session = Session()
-    session.cookies.set("shib_idp_session", config.shib_idp_session_cookie)  # type: ignore
+
+    session = login.login_with_drexel_connect(session)
 
     data: dict[str, dict[str, Any]] = {}