From: Fredrik Tolf <fredrik@dolda2000.com>
Date: Wed, 2 Jun 2021 00:46:02 +0000 (+0200)
Subject: fsb: Add hardware token authentication support.
X-Git-Url: http://git.dolda2000.com/gitweb/?p=fulbank.git;a=commitdiff_plain;h=66c360163e0fa23c7cd5613114b070b1766187f6

fsb: Add hardware token authentication support.
---

diff --git a/fulbank/fsb.py b/fulbank/fsb.py
index 8f6280c..9e059c1 100644
--- a/fulbank/fsb.py
+++ b/fulbank/fsb.py
@@ -1,4 +1,5 @@
-import json, http.cookiejar, binascii, time, datetime, pickle, urllib.error
+import json, http.cookiejar, binascii, time, datetime, pickle, urllib.error, io
+from PIL import Image
 from urllib import request, parse
 from bs4 import BeautifulSoup as soup
 from . import currency, auth, data
@@ -227,6 +228,46 @@ class session(object):
         rolesw = linkurl(resolve(prof["banks"][0], ("privateProfile", "links", "next", "uri")))
         self._jreq(rolesw, method="POST")
 
+    def auth_token(self, user, conv=None):
+        if conv is None:
+            conv = auth.default()
+        try:
+            data = self._jreq("v5/identification/securitytoken/challenge", data = {
+                "userId": user,
+                "useEasyLogin": "false",
+                "generateEasyLoginId": "false"})
+        except jsonerror as e:
+            if e.code == 400:
+                flds = resolve(e.data, ("errorMessages", "fields"), False)
+                if isinstance(flds, list):
+                    for fld in flds:
+                        if resolve(fld, ("field",), None) == "userId":
+                            raise autherror(fld["message"])
+            raise
+        if data.get("useOneTimePassword"):
+            raise fmterror("unexpectedly found useOneTimePassword")
+        if data.get("challenge") != "":
+            raise fmterror("unexpected challenge: " + str(data.get("challenge")))
+        if not isinstance(data.get("imageChallenge"), dict) or resolve(data, ("imageChallenge", "method")) != "GET":
+            raise fmterror("invalid image challenge: " + str(data.get("imageChallenge")))
+        iurl = linkurl(resolve(data, ("imageChallenge", "uri")))
+        vfy = linkurl(resolve(data, ("links", "next", "uri")))
+        img = Image.open(io.BytesIO(self._req(iurl)))
+        conv.image(img)
+        response = conv.prompt("Token response: ", True)
+        try:
+            data = self._jreq(vfy, data={"response": response})
+        except jsonerror as e:
+            msgs = resolve(e.data, ("errorMessages", "general"), False)
+            if isinstance(msgs, list):
+                for msg in msgs:
+                    if msg.get("message"):
+                        raise autherror(msg.get("message"))
+            raise
+        if not data.get("authenticationRole", ""):
+            raise fmterror("authentication appears to have succeded, but there is no authenticationRole: " + str(data))
+        self._postlogin()
+
     def auth_bankid(self, user, conv=None):
         if conv is None:
             conv = auth.default()