fix: fix verify flow and precompile cookies

passportAuth.go

@@ -9,20 +9,23 @@ import (
 
 // PassportAuth structure holds our credentials
 type PassportAuth struct {
-	user    string
-	pw      string
-	header  *http.Header
-	cookies []string
+	user       string
+	pw         string
+	partnerUrl string
+	header     http.Header
+	cookies    []http.Cookie
 }
 
-// constructor for PassportAuth automatically creates a
+// constructor for PassportAuth creates a new PassportAuth object and
+// automatically authenticates against the server
 func NewPassportAuth(user, pw, reqUrl string, header *http.Header) (*PassportAuth, error) {
 	p := &PassportAuth{
-		user:   user,
-		pw:     pw,
-		header: header,
+		user:       user,
+		pw:         pw,
+		partnerUrl: reqUrl,
+		header:     header.Clone(),
 	}
-	err := p.genCookies(reqUrl)
+	err := p.genCookies()
 	if err != nil {
 		return nil, err
 	}
@@ -34,24 +37,21 @@ func (p *PassportAuth) Authorize(c *http.Client, rq *http.Request, path string)
 	// prevent redirects to detect subsequent authentication requests
 	rq.Header.Set(XInhibitRedirect, "1")
 	for _, cookie := range p.cookies {
-		cookieParts := strings.Split(cookie, ";")
-		cookieName := strings.Split(cookieParts[0], "=")[0]
-		cookieValue := strings.Split(cookieParts[0], "=")[1]
-
-		rq.AddCookie(&http.Cookie{
-			Name:  cookieName,
-			Value: cookieValue,
-		})
+		rq.AddCookie(&cookie)
 	}
 	return nil
 }
 
 // Verify verifies if the authentication is good
-func (p *PassportAuth) Verify(c *http.Client, rs *http.Response, path string) (reauth bool, err error) {
+func (p *PassportAuth) Verify(c *http.Client, rs *http.Response, path string) (redo bool, err error) {
 	if rs.StatusCode == 302 {
 		if rs.Header.Get("WWW-Authenticate") != "" {
 			// re-authentication required as we are redirected to the login page
-			reauth = true
+			err = p.genCookies()
+			if err != nil {
+				return
+			}
+			redo = true
 			return
 		} else {
 			// just a redirect, follow it
@@ -96,7 +96,7 @@ func (p *PassportAuth) String() string {
 	return fmt.Sprintf("PassportAuth login: %s", p.user)
 }
 
-func (p *PassportAuth) genCookies(partnerUrl string) error {
+func (p *PassportAuth) genCookies() error {
 	// For more details refer to:
 	// https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-pass/2c80637d-438c-4d4b-adc5-903170a779f3
 	// Skipping step 1 and 2 as we already have the partner server challenge
@@ -121,7 +121,7 @@ func (p *PassportAuth) genCookies(partnerUrl string) error {
 		Method: "GET",
 		URL:    &authenticationServerUrl,
 		Header: http.Header{
-			"Authorization": []string{"Passport1.4 sign-in=" + url.QueryEscape(p.user) + ",pwd=" + url.QueryEscape(p.pw) + ",OrgVerb=GET,OrgUrl=" + partnerUrl + "," + partnerServerChallenge},
+			"Authorization": []string{"Passport1.4 sign-in=" + url.QueryEscape(p.user) + ",pwd=" + url.QueryEscape(p.pw) + ",OrgVerb=GET,OrgUrl=" + p.partnerUrl + "," + partnerServerChallenge},
 		},
 	}
 
@@ -153,7 +153,7 @@ func (p *PassportAuth) genCookies(partnerUrl string) error {
 	}
 
 	// Step 7 (First Authentication Request to Partner Server)
-	origUrl, err := url.Parse(partnerUrl)
+	origUrl, err := url.Parse(p.partnerUrl)
 	if err != nil {
 		return err
 	}
@@ -174,7 +174,18 @@ func (p *PassportAuth) genCookies(partnerUrl string) error {
 	}
 
 	// Step 8 (Set Token Message from Partner Server)
-	p.cookies = rs.Header.Values("Set-Cookie")
+	p.cookies = []http.Cookie{}
+
+	for _, cookie := range rs.Header.Values("Set-Cookie") {
+		cookieParts := strings.Split(cookie, ";")
+		cookieName := strings.Split(cookieParts[0], "=")[0]
+		cookieValue := strings.Split(cookieParts[0], "=")[1]
+
+		p.cookies = append(p.cookies, http.Cookie{
+			Name:  cookieName,
+			Value: cookieValue,
+		})
+	}
 
 	return nil
 }