update parseFormInputs for the new password page

package.json

@@ -24,6 +24,7 @@
   "homepage": "https://github.com/rlueder/node-car-net#readme",
   "dependencies": {
     "axios": "^0.25.0",
+    "axios-curlirize": "^2.0.0",
     "dotenv": "^14.2.0",
     "jsdom": "^19.0.0",
     "prompts": "^2.4.2",

src/api/constants.js

@@ -0,0 +1,3 @@
+module.exports = {
+  IOS_USER_AGENT: "Mozilla/5.0 (iPhone; CPU iPhone OS 15_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.4 Mobile/15E148 Safari/604.1"
+}

src/api/getAuthPage.js

@@ -0,0 +1,35 @@
+import axios from "axios";
+
+import {VW_IDENTITY_URL} from "../config.js";
+
+/**
+ * @async
+ * @name postEmailForm
+ * @param {string} email
+ * @param {Object} form
+ * @param {string} cookie
+ * @returns {Promise<any>}
+ */
+
+const getAuthPage = async (email, form, cookie) => {
+  const {action, params} = form;
+  return await axios
+    .post(action, null, {
+      baseURL: VW_IDENTITY_URL,
+      headers: {
+        Cookie: cookie,
+      },
+      params: {
+        ...params,
+        email,
+      },
+    })
+    .then((response) => {
+      return response.data
+    })
+    .catch((err) => {
+      console.log(err.message);
+    });
+};
+
+export default postEmailForm;

src/api/index.js

@@ -1,8 +1,8 @@
-export { default as followRedirects } from "./followRedirects.js";
-export { default as getAuthentication } from "./getAuthentication.js";
-export { default as getAuthTokens } from "./getAuthTokens.js";
-export { default as getAcctStatus } from "./getAcctStatus.js";
-export { default as getCarStatus } from "./getCarStatus.js";
-export { default as getHealthStatus } from "./getHealthStatus.js";
-export { default as postEmailForm } from "./postEmailForm.js";
-export { default as postPasswordForm } from "./postPasswordForm.js";
+export {default as followRedirects} from "./followRedirects.js";
+export {default as getAuthentication} from "./getAuthentication.js";
+export {default as getAuthTokens} from "./getAuthTokens.js";
+export {default as getAcctStatus} from "./getAcctStatus.js";
+export {default as getCarStatus} from "./getCarStatus.js";
+export {default as getHealthStatus} from "./getHealthStatus.js";
+export {default as postEmailForm} from "./postEmailForm.js";
+export {default as postPasswordForm} from "./postPasswordForm.js";

src/api/postEmailForm.js

@@ -1,6 +1,6 @@
 import axios from "axios";
 
-import { VW_IDENTITY_URL } from "../config.js";
+import {VW_IDENTITY_URL} from "../config.js";
 
 /**
  * @async
@@ -12,7 +12,7 @@ import { VW_IDENTITY_URL } from "../config.js";
  */
 
 const postEmailForm = async (email, form, cookie) => {
-  const { action, params } = form;
+  const {action, params} = form;
   return await axios
     .post(action, null, {
       baseURL: VW_IDENTITY_URL,
@@ -24,7 +24,9 @@ const postEmailForm = async (email, form, cookie) => {
         email,
       },
     })
-    .then((response) => response.data)
+    .then((response) => {
+      return response.data
+    })
     .catch((err) => {
       console.log(err.message);
     });

src/api/postPasswordForm.js

@@ -1,35 +1,44 @@
 import axios from "axios";
+import curlirize from "axios-curlirize";
 
-import { VW_IDENTITY_URL } from "../config.js";
+curlirize(axios);
+import {VW_IDENTITY_URL, IOS_USER_AGENT} from "../config.js";
 
-import { followRedirects } from "./index.js";
+import {followRedirects} from "./index.js";
 
 /**
  * @async
  * @name postPasswordForm
+ * @param {string} email
  * @param {string} password
- * @param {Object} form
  * @param {string} cookie
+ * @param {Object} form
  * @returns {Promise<any>}
  */
 
-const postPasswordForm = async (password, form, cookie) => {
-  const { action, params } = form;
+const postPasswordForm = async (email, password, form, cookie) => {
+  const {action, params} = form;
+
   return await axios
     .post(action, null, {
-      baseURL: VW_IDENTITY_URL,
-      headers: {
+      baseURL: VW_IDENTITY_URL, headers: {
         Cookie: cookie,
-      },
-      maxRedirects: 0, // disable redirects so we can intercept them
+        "Content-Type": "application/x-www-form-urlencoded",
+        "Accept-Encoding": "gzip, deflate, br",
+        "User-Agent": IOS_USER_AGENT,
+        Referer: "https://identity.na.vwgroup.io/signin-service/v1/b680e751-7e1f-4008-8ec1-3a528183d215@apps_vw-dilab_com/login/authenticate?relayState=" + params.relayState,
+        Origin: "identity.na.vwgroup.io",
+        Host: "identity.na.vwgroup.io",
+        Connection: "keep-alive",
+        Accept: "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
+
+      }, maxRedirects: 0, // disable redirects so we can intercept them
       params: {
-        ...params,
-        password: password,
-      },
-      validateStatus: (status) => status >= 200 && status < 400,
+        ...params, //email, password,
+      }, validateStatus: (status) => status >= 200 && status < 401,
     })
     .then((response) => followRedirects(response))
-    .catch((err) => console.log(err.message));
+    .catch((err) => console.log(JSON.stringify(err)));
 };
 
 export default postPasswordForm;

src/config.js

@@ -44,3 +44,11 @@ export const VW_EMAIL = process.env.VW_EMAIL;
  */
 
 export const VW_PASSWORD = process.env.VW_PASSWORD;
+
+/**
+ * @name IOS_USER_AGENT
+ * @summary IOS User Agent
+ * @type {string}
+ */
+
+export const IOS_USER_AGENT = "Mozilla/5.0 (iPhone; CPU iPhone OS 15_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.4 Mobile/15E148 Safari/604.1";

src/index.js

@@ -5,11 +5,10 @@ import { questions, spinner } from "./utils/index.js";
 import logIn from "./logIn.js";
 
 (async () => {
-  const response = await prompts(questions).then((res) => {
+  let response = await prompts(questions).then((res) => {
     spinner.start("Logging in to VW car-net...");
     return res;
   });
-
   const tokens = await logIn(response);
   // console.log(tokens);
 

src/logIn.js

@@ -18,28 +18,29 @@ const logIn = async (response) => {
   const { email, password } = response;
   const { challenge, verifier } = getPKCE();
 
-  let cookie, form, tokens;
+  let cookie, form1, form2, tokens;
 
   try {
     // Step 1 - GET Auth parameters
-    form = await getAuthentication(challenge).then((response) => {
+    form1 = await getAuthentication(challenge).then((response) => {
       const headers = response.headers["set-cookie"][0];
       cookie = headers.split(";")[0];
-      return parseFormInputs(response.data);
+      return parseFormInputs(response.data, 1);
     });
-
     // Step 2 - POST email form
-    form = await postEmailForm(email, form, cookie).then((response) =>
-      parseFormInputs(response)
-    );
+    form2 = await postEmailForm(email, form1, cookie).then((response) => {
+      return parseFormInputs(response, 2)
+    });
 
     // Step 3 - POST password form
-    const code = await postPasswordForm(password, form, cookie).then(
+    const code = await postPasswordForm(email, password, form2, cookie).then(
       (response) => response?.split("&")[1].split("=")[1]
     );
+    console.log("Code 3:" + code)
 
     // Step 4 - GET tokens
     tokens = await getAuthTokens(code, verifier);
+    console.log("Tokens 4:" + form2)
 
     return tokens;
   } catch (err) {

src/utils/parseFormInputs.js

@@ -5,22 +5,47 @@ import jsdom from "jsdom";
  * @summary Parses form action and hidden inputs for params needed for OAuth
  * requests.
  * @param {Object} data
+ * @param {Number} formNum
  * @returns {Object}
  */
 
-const parseFormInputs = (data) => {
+const parseFormInputs = (data, formNum) => {
   const dom = new jsdom.JSDOM(data);
   const params = {};
-  // get the form action attribute
-  const action = dom.window.document.querySelector("form").action;
-  // filter input elements for values needed for next request
-  const inputs = [...dom.window.document.querySelectorAll("input")];
-  inputs
-    .filter((input) => input.type === "hidden")
-    .map((input) => {
-      const { name, value } = input;
-      params[name] = value;
-    });
+  let action;
+  let inputs;
+  if (formNum === 1) {
+    // get the form action attribute
+    action = dom.window.document.querySelector("form").action;
+    // filter input elements for values needed for next request
+    inputs = [...dom.window.document.querySelectorAll("input")];
+    inputs
+      .filter((input) => input.type === "hidden")
+      .map((input) => {
+        const {name, value} = input;
+        params[name] = value;
+      });
+  } else if (formNum === 2) {
+    // build 9th script and strip a bunch of characters to build a json of info. yes, this seems brittle.
+    const scriptJson = JSON.parse(dom.window.document.scripts.item(9).text
+      .replace(/\s+/g, '')
+      .replace("window._IDK={templateModel:", "")
+      .split(",currentLocale")[0])
+    // set the form action attribute
+    action = "/signin-service/v1/b680e751-7e1f-4008-8cc1-3a528183d215@apps_vw-dilab_com/login/authenticate";
+    // define elements for values needed for next request
+    params["_csrf"] = dom.window.document.scripts.item(9).text
+      .replace(/\s+/g, '')
+      .split("csrf_token:'")[1]
+      .split("'")[0]
+    params["relayState"] = scriptJson.relayState
+    params["hmac"] = scriptJson.hmac
+  } else {
+    throw new Error("Form Number not recognized. Must be Form 1 or 2.")
+  }
+  if (!action || !params) {
+    throw new Error("Action / params empty. Action: " + action + " . Params: " + JSON.stringify(params))
+  }
   return {
     action,
     params,

src/utils/questions.js

@@ -13,7 +13,7 @@ const questions = [
     message: "Enter your VW password:",
     name: "password",
     style: "password",
-    type: "text",
+    type: "text"
   },
 ];