NOISSUE sanitize some MSA auth logging

This commit is contained in:
Petr Mrázek 2021-08-19 00:43:19 +02:00
parent 4a283fe4c1
commit 345641f7d2
2 changed files with 37 additions and 26 deletions

View File

@ -127,12 +127,14 @@ void AuthContext::onOAuthLinkingSucceeded() {
return; return;
} }
QVariantMap extraTokens = o2t->extraTokens(); QVariantMap extraTokens = o2t->extraTokens();
#ifndef NDEBUG
if (!extraTokens.isEmpty()) { if (!extraTokens.isEmpty()) {
qDebug() << "Extra tokens in response:"; qDebug() << "Extra tokens in response:";
foreach (QString key, extraTokens.keys()) { foreach (QString key, extraTokens.keys()) {
qDebug() << "\t" << key << ":" << extraTokens.value(key); qDebug() << "\t" << key << ":" << extraTokens.value(key);
} }
} }
#endif
doUserAuth(); doUserAuth();
} }
@ -219,35 +221,34 @@ bool getNumber(QJsonValue value, double & out) {
// 2148916238 = child account not linked to a family // 2148916238 = child account not linked to a family
*/ */
bool parseXTokenResponse(QByteArray & data, Katabasis::Token &output) { bool parseXTokenResponse(QByteArray & data, Katabasis::Token &output, const char * name) {
qInfo() << "Parsing" << name <<":";
#ifndef NDEBUG
qDebug() << data;
#endif
QJsonParseError jsonError; QJsonParseError jsonError;
QJsonDocument doc = QJsonDocument::fromJson(data, &jsonError); QJsonDocument doc = QJsonDocument::fromJson(data, &jsonError);
if(jsonError.error) { if(jsonError.error) {
qWarning() << "Failed to parse response from user.auth.xboxlive.com as JSON: " << jsonError.errorString(); qWarning() << "Failed to parse response from user.auth.xboxlive.com as JSON: " << jsonError.errorString();
qDebug() << data;
return false; return false;
} }
auto obj = doc.object(); auto obj = doc.object();
if(!getDateTime(obj.value("IssueInstant"), output.issueInstant)) { if(!getDateTime(obj.value("IssueInstant"), output.issueInstant)) {
qWarning() << "User IssueInstant is not a timestamp"; qWarning() << "User IssueInstant is not a timestamp";
qDebug() << data;
return false; return false;
} }
if(!getDateTime(obj.value("NotAfter"), output.notAfter)) { if(!getDateTime(obj.value("NotAfter"), output.notAfter)) {
qWarning() << "User NotAfter is not a timestamp"; qWarning() << "User NotAfter is not a timestamp";
qDebug() << data;
return false; return false;
} }
if(!getString(obj.value("Token"), output.token)) { if(!getString(obj.value("Token"), output.token)) {
qWarning() << "User Token is not a timestamp"; qWarning() << "User Token is not a timestamp";
qDebug() << data;
return false; return false;
} }
auto arrayVal = obj.value("DisplayClaims").toObject().value("xui"); auto arrayVal = obj.value("DisplayClaims").toObject().value("xui");
if(!arrayVal.isArray()) { if(!arrayVal.isArray()) {
qWarning() << "Missing xui claims array"; qWarning() << "Missing xui claims array";
qDebug() << data;
return false; return false;
} }
bool foundUHS = false; bool foundUHS = false;
@ -266,7 +267,6 @@ bool parseXTokenResponse(QByteArray & data, Katabasis::Token &output) {
QString claim; QString claim;
if(!getString(obj.value(iter.key()), claim)) { if(!getString(obj.value(iter.key()), claim)) {
qWarning() << "display claim " << iter.key() << " is not a string..."; qWarning() << "display claim " << iter.key() << " is not a string...";
qDebug() << data;
return false; return false;
} }
output.extra[iter.key()] = claim; output.extra[iter.key()] = claim;
@ -276,11 +276,10 @@ bool parseXTokenResponse(QByteArray & data, Katabasis::Token &output) {
} }
if(!foundUHS) { if(!foundUHS) {
qWarning() << "Missing uhs"; qWarning() << "Missing uhs";
qDebug() << data;
return false; return false;
} }
output.validity = Katabasis::Validity::Certain; output.validity = Katabasis::Validity::Certain;
qDebug() << data; qInfo() << name << "is valid.";
return true; return true;
} }
@ -300,7 +299,7 @@ void AuthContext::onUserAuthDone(
} }
Katabasis::Token temp; Katabasis::Token temp;
if(!parseXTokenResponse(replyData, temp)) { if(!parseXTokenResponse(replyData, temp, "UToken")) {
qWarning() << "Could not parse user authentication response..."; qWarning() << "Could not parse user authentication response...";
finishActivity(); finishActivity();
changeState(STATE_FAILED_HARD, tr("XBox user authentication response could not be understood.")); changeState(STATE_FAILED_HARD, tr("XBox user authentication response could not be understood."));
@ -349,7 +348,7 @@ void AuthContext::doSTSAuthMinecraft() {
connect(requestor, &Requestor::finished, this, &AuthContext::onSTSAuthMinecraftDone); connect(requestor, &Requestor::finished, this, &AuthContext::onSTSAuthMinecraftDone);
requestor->post(request, xbox_auth_data.toUtf8()); requestor->post(request, xbox_auth_data.toUtf8());
qDebug() << "Second layer of XBox auth ... commencing."; qDebug() << "Getting Minecraft services STS token...";
} }
void AuthContext::onSTSAuthMinecraftDone( void AuthContext::onSTSAuthMinecraftDone(
@ -365,7 +364,7 @@ void AuthContext::onSTSAuthMinecraftDone(
} }
Katabasis::Token temp; Katabasis::Token temp;
if(!parseXTokenResponse(replyData, temp)) { if(!parseXTokenResponse(replyData, temp, "STSAuthMinecraft")) {
qWarning() << "Could not parse authorization response for access to mojang services..."; qWarning() << "Could not parse authorization response for access to mojang services...";
m_requestsDone ++; m_requestsDone ++;
return; return;
@ -405,7 +404,7 @@ void AuthContext::doSTSAuthGeneric() {
connect(requestor, &Requestor::finished, this, &AuthContext::onSTSAuthGenericDone); connect(requestor, &Requestor::finished, this, &AuthContext::onSTSAuthGenericDone);
requestor->post(request, xbox_auth_data.toUtf8()); requestor->post(request, xbox_auth_data.toUtf8());
qDebug() << "Second layer of XBox auth ... commencing."; qDebug() << "Getting generic STS token...";
} }
void AuthContext::onSTSAuthGenericDone( void AuthContext::onSTSAuthGenericDone(
@ -421,7 +420,7 @@ void AuthContext::onSTSAuthGenericDone(
} }
Katabasis::Token temp; Katabasis::Token temp;
if(!parseXTokenResponse(replyData, temp)) { if(!parseXTokenResponse(replyData, temp, "STSAuthGaneric")) {
qWarning() << "Could not parse authorization response for access to xbox API..."; qWarning() << "Could not parse authorization response for access to xbox API...";
m_requestsDone ++; m_requestsDone ++;
return; return;
@ -461,10 +460,13 @@ void AuthContext::doMinecraftAuth() {
namespace { namespace {
bool parseMojangResponse(QByteArray & data, Katabasis::Token &output) { bool parseMojangResponse(QByteArray & data, Katabasis::Token &output) {
QJsonParseError jsonError; QJsonParseError jsonError;
qDebug() << "Parsing Mojang response...";
#ifndef NDEBUG
qDebug() << data;
#endif
QJsonDocument doc = QJsonDocument::fromJson(data, &jsonError); QJsonDocument doc = QJsonDocument::fromJson(data, &jsonError);
if(jsonError.error) { if(jsonError.error) {
qWarning() << "Failed to parse response from user.auth.xboxlive.com as JSON: " << jsonError.errorString(); qWarning() << "Failed to parse response from api.minecraftservices.com/authentication/login_with_xbox as JSON: " << jsonError.errorString();
qDebug() << data;
return false; return false;
} }
@ -472,7 +474,6 @@ bool parseMojangResponse(QByteArray & data, Katabasis::Token &output) {
double expires_in = 0; double expires_in = 0;
if(!getNumber(obj.value("expires_in"), expires_in)) { if(!getNumber(obj.value("expires_in"), expires_in)) {
qWarning() << "expires_in is not a valid number"; qWarning() << "expires_in is not a valid number";
qDebug() << data;
return false; return false;
} }
auto currentTime = QDateTime::currentDateTimeUtc(); auto currentTime = QDateTime::currentDateTimeUtc();
@ -482,18 +483,16 @@ bool parseMojangResponse(QByteArray & data, Katabasis::Token &output) {
QString username; QString username;
if(!getString(obj.value("username"), username)) { if(!getString(obj.value("username"), username)) {
qWarning() << "username is not valid"; qWarning() << "username is not valid";
qDebug() << data;
return false; return false;
} }
// TODO: it's a JWT... validate it? // TODO: it's a JWT... validate it?
if(!getString(obj.value("access_token"), output.token)) { if(!getString(obj.value("access_token"), output.token)) {
qWarning() << "access_token is not valid"; qWarning() << "access_token is not valid";
qDebug() << data;
return false; return false;
} }
output.validity = Katabasis::Validity::Certain; output.validity = Katabasis::Validity::Certain;
qDebug() << data; qDebug() << "Mojang response is valid.";
return true; return true;
} }
} }
@ -508,13 +507,17 @@ void AuthContext::onMinecraftAuthDone(
if (error != QNetworkReply::NoError) { if (error != QNetworkReply::NoError) {
qWarning() << "Reply error:" << error; qWarning() << "Reply error:" << error;
#ifndef NDEBUG
qDebug() << replyData; qDebug() << replyData;
#endif
return; return;
} }
if(!parseMojangResponse(replyData, m_data->yggdrasilToken)) { if(!parseMojangResponse(replyData, m_data->yggdrasilToken)) {
qWarning() << "Could not parse login_with_xbox response..."; qWarning() << "Could not parse login_with_xbox response...";
#ifndef NDEBUG
qDebug() << replyData; qDebug() << replyData;
#endif
return; return;
} }
m_mcAuthSucceeded = true; m_mcAuthSucceeded = true;
@ -558,11 +561,15 @@ void AuthContext::onXBoxProfileDone(
if (error != QNetworkReply::NoError) { if (error != QNetworkReply::NoError) {
qWarning() << "Reply error:" << error; qWarning() << "Reply error:" << error;
#ifndef NDEBUG
qDebug() << replyData; qDebug() << replyData;
#endif
return; return;
} }
#ifndef NDEBUG
qDebug() << "XBox profile: " << replyData; qDebug() << "XBox profile: " << replyData;
#endif
m_xboxProfileSucceeded = true; m_xboxProfileSucceeded = true;
checkResult(); checkResult();
@ -583,24 +590,26 @@ void AuthContext::checkResult() {
namespace { namespace {
bool parseMinecraftProfile(QByteArray & data, MinecraftProfile &output) { bool parseMinecraftProfile(QByteArray & data, MinecraftProfile &output) {
qDebug() << "Parsing Minecraft profile...";
#ifndef NDEBUG
qDebug() << data;
#endif
QJsonParseError jsonError; QJsonParseError jsonError;
QJsonDocument doc = QJsonDocument::fromJson(data, &jsonError); QJsonDocument doc = QJsonDocument::fromJson(data, &jsonError);
if(jsonError.error) { if(jsonError.error) {
qWarning() << "Failed to parse response from user.auth.xboxlive.com as JSON: " << jsonError.errorString(); qWarning() << "Failed to parse response from user.auth.xboxlive.com as JSON: " << jsonError.errorString();
qDebug() << data;
return false; return false;
} }
auto obj = doc.object(); auto obj = doc.object();
if(!getString(obj.value("id"), output.id)) { if(!getString(obj.value("id"), output.id)) {
qWarning() << "minecraft profile id is not a string"; qWarning() << "Minecraft profile id is not a string";
qDebug() << data;
return false; return false;
} }
if(!getString(obj.value("name"), output.name)) { if(!getString(obj.value("name"), output.name)) {
qWarning() << "minecraft profile name is not a string"; qWarning() << "Minecraft profile name is not a string";
qDebug() << data;
return false; return false;
} }

View File

@ -516,7 +516,9 @@ QString OAuth2::refreshToken() {
return token_.refresh_token; return token_.refresh_token;
} }
void OAuth2::setRefreshToken(const QString &v) { void OAuth2::setRefreshToken(const QString &v) {
#ifndef NDEBUG
qDebug() << "OAuth2::setRefreshToken" << v << "..."; qDebug() << "OAuth2::setRefreshToken" << v << "...";
#endif
token_.refresh_token = v; token_.refresh_token = v;
} }
@ -573,7 +575,7 @@ void OAuth2::onRefreshFinished() {
setLinked(true); setLinked(true);
emit linkingSucceeded(); emit linkingSucceeded();
emit refreshFinished(QNetworkReply::NoError); emit refreshFinished(QNetworkReply::NoError);
qDebug() << " New token expires in" << expires() << "seconds"; qDebug() << "New token expires in" << expires() << "seconds";
} else { } else {
qDebug() << "OAuth2::onRefreshFinished: Error" << (int)refreshReply->error() << refreshReply->errorString(); qDebug() << "OAuth2::onRefreshFinished: Error" << (int)refreshReply->error() << refreshReply->errorString();
} }