added okta compatibility

XCreds/KeychainUtil.swift

@@ -49,15 +49,17 @@ class KeychainUtil {
 
     func findPassword(_ name: String) throws -> String {
 
-        TCSLogWithMark("Finding Password")
+        TCSLogWithMark("Finding \(name) in keychain")
         myErr = SecKeychainFindGenericPassword(nil, UInt32(serviceName.count), serviceName, UInt32(name.count), name, &passLength, &passPtr, &myKeychainItem)
 
         if myErr == OSStatus(errSecSuccess) {
             let password = NSString(bytes: passPtr!, length: Int(passLength), encoding: String.Encoding.utf8.rawValue)
-            TCSLogWithMark("Password found")
-            return password as! String
+            if password != "" {
+                TCSLogWithMark("\(name) found in keychain")
+            }
+            return password as? String ?? ""
         } else {
-            TCSLogWithMark("Password not found")
+            TCSLogWithMark("Password not found in keychain")
             throw KeychainError.noStoredPassword
         }
     }

XCreds/TokenManager.swift

@@ -123,7 +123,6 @@ class TokenManager {
 
 
         if let tokenEndpoint = oidc().OIDCTokenEndpoint {
-            UserDefaults.standard.set(tokenEndpoint, forKey: PrefKeys.tokenEndpoint.rawValue)
             return tokenEndpoint
         }
         return nil

XCreds/WebView.swift

@@ -73,104 +73,94 @@ class WebViewController: NSWindowController {
 extension WebViewController: WKNavigationDelegate {
 
     public func webView(_ webView: WKWebView, decidePolicyFor navigationAction: WKNavigationAction, decisionHandler: @escaping (WKNavigationActionPolicy) -> Void) {
-        TCSLogWithMark("DecidePolicyFor: \(navigationAction.request.url?.absoluteString ?? "None")")
-
+//        TCSLogWithMark("DecidePolicyFor: \(navigationAction.request.url?.absoluteString ?? "None")")
 
         let idpHostName = UserDefaults.standard.value(forKey: PrefKeys.idpHostName.rawValue)
-        let passwordElementID = UserDefaults.standard.value(forKey: PrefKeys.passwordElementID.rawValue) as? String ?? "passwordInput"
-        // if it's a POST let's see what we're posting...
-        if navigationAction.request.httpMethod == "POST" {
-            TCSLogWithMark("POST")
-            if let idpHostName = idpHostName as? String, navigationAction.request.url?.host == idpHostName {
-                TCSLogWithMark("host matches custom idpHostName")
-
-                TCSLogWithMark(idpHostName.sanitized())
-                TCSLogWithMark("inserting javascript to get password")
-
-                let javaScript = "document.getElementById('\(passwordElementID.sanitized())').value"
-                webView.evaluateJavaScript(javaScript, completionHandler: { response, error in
-                    if let rawPass = response as? String {
-                        TCSLogWithMark("password set.")
-                        self.password=rawPass
-                    }
-                    else {
-                        TCSLogWithMark("No password found")
-                        return
-                    }
-                })
-
-            }
-
-            // Azure snarfing
-            else if ["login.microsoftonline.com", "login.live.com"].contains(navigationAction.request.url?.host) {
-                TCSLogWithMark("Azure")
-
-                var javaScript = "document.getElementById('i0118').value"
-                ///passwordInput
-                webView.evaluateJavaScript(javaScript, completionHandler: { response, error in
-                    if let rawPass = response as? String {
-                        self.password=rawPass
-                    }
-                    else {
-                        TCSLogWithMark("No password found")
-
-                    }
-                })
+        let passwordElementID:String? = UserDefaults.standard.value(forKey: PrefKeys.passwordElementID.rawValue) as? String
+        if let idpHostName = idpHostName as? String, navigationAction.request.url?.host == idpHostName, let passwordElementID = passwordElementID {
+            TCSLogWithMark("host matches custom idpHostName")
+            TCSLogWithMark("passwordElementID is \(passwordElementID)")
 
-                javaScript = "document.getElementById('confirmNewPassword').value"
-                webView.evaluateJavaScript(javaScript, completionHandler: { response, error in
-                    if let rawPass = response as? String {
-                        self.password=rawPass
-                    }
-                    else {
-                        TCSLogWithMark("No confirmNewPassword found")
-                    }
-                })
-            } else if navigationAction.request.url?.host == "accounts.google.com" {
-                // Google snarfing
-                TCSLogWithMark("Google")
-                let javaScript = "document.querySelector('input[type=password]').value"
-                webView.evaluateJavaScript(javaScript, completionHandler: { response, error in
-                    if let rawPass = response as? String {
-                        self.password=rawPass
-                    }
-                    else {
-                        TCSLogWithMark("No password found")
-
-                    }
+            TCSLogWithMark(idpHostName.sanitized())
+            TCSLogWithMark("inserting javascript to get password")
 
+            let javaScript = "document.getElementById('\(passwordElementID.sanitized())').value"
+            webView.evaluateJavaScript(javaScript, completionHandler: { response, error in
+                if let rawPass = response as? String, rawPass != "" {
+                    TCSLogWithMark("password set.")
+                    self.password=rawPass
+                }
+                else {
+                    TCSLogWithMark("No password found")
+                    return
+                }
+            })
 
-                })
-            } else if navigationAction.request.url?.path.contains("verify") ?? false {
-                // maybe OneLogin?
-                TCSLogWithMark("Other Provider")
+        }
+        // Azure snarfing
+        else if ["login.microsoftonline.com", "login.live.com"].contains(navigationAction.request.url?.host) {
+            TCSLogWithMark("Azure")
 
-                let javaScript = "document.getElementById('input8').value"
-                webView.evaluateJavaScript(javaScript, completionHandler: { response, error in
-                })
+            var javaScript = "document.getElementById('i0118').value"
+            if  let passwordElementID = passwordElementID {
+                javaScript = "document.getElementById('\(passwordElementID.sanitized())').value"
             }
-            else {
-                TCSLogWithMark("Unknown Provider")
-                TCSLogWithMark(navigationAction.request.url?.path ?? "<<URL EMPTY>>")
-            }
-        } else if navigationAction.request.httpMethod == "GET" && navigationAction.request.url?.path.contains("token/redirect") ?? false {
-            TCSLogWithMark("GET with Token/redirect")
-            // for Okta
-            let javaScript = "document.getElementById('input74').value"
+            ///passwordInput
             webView.evaluateJavaScript(javaScript, completionHandler: { response, error in
+                if let rawPass = response as? String {
+                    self.password=rawPass
+                }
+                else {
+                    TCSLogWithMark("No password found")
+
+                }
             })
-        }
-        else {
-            TCSLogWithMark(navigationAction.request.httpMethod ?? "Unknown method")
-            TCSLogWithMark("path = \(navigationAction.request.url?.path ?? "no path")");
 
-//            let javaScript = "document.documentElement.outerHTML.toString()"
+//            javaScript = "document.getElementById('confirmNewPassword').value"
 //            webView.evaluateJavaScript(javaScript, completionHandler: { response, error in
-//                TCSLogWithMark(response as? String ?? "No HTML")
+//                if let rawPass = response as? String {
+//                    self.password=rawPass
+//                }
 //            })
+        } else if navigationAction.request.url?.host == "accounts.google.com" {
+            // Google snarfing
+            TCSLogWithMark("Google")
+            let javaScript = "document.querySelector('input[type=password]').value"
+            webView.evaluateJavaScript(javaScript, completionHandler: { response, error in
+                if let rawPass = response as? String {
+                    self.password=rawPass
+                }
+                else {
+                    TCSLogWithMark("No password found")
+                }
+            })
+        } else if navigationAction.request.url?.path.contains("verify") ?? false {
+            // maybe OneLogin?
+            TCSLogWithMark("Other Provider")
 
+            let javaScript = "document.getElementById('input8').value"
+            webView.evaluateJavaScript(javaScript, completionHandler: { response, error in
+            })
+        }
+        else if navigationAction.request.url?.host?.contains("okta.com") ?? false {
+            TCSLogWithMark("okta")
+            // for Okta
+            var javaScript = "document.getElementById('okta-signin-password').value"
+            if  let passwordElementID = passwordElementID {
+                javaScript = "document.getElementById('\(passwordElementID.sanitized())').value"
+            }
+            webView.evaluateJavaScript(javaScript, completionHandler: { response, error in
+                if let rawPass = response as? String, rawPass != "" {
+                    TCSLogWithMark("password set.")
+                    self.password=rawPass
+                }
+            })
 
         }
+        else {
+            TCSLogWithMark("Unknown Provider")
+            TCSLogWithMark(navigationAction.request.url?.path ?? "<<URL EMPTY>>")
+        }
 
         decisionHandler(.allow)
     }

xCreds.xcodeproj/project.pbxproj

@@ -887,7 +887,7 @@
 				CLANG_ENABLE_MODULES = YES;
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 3285;
+				CURRENT_PROJECT_VERSION = 3286;
 				DEFINES_MODULE = YES;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				GENERATE_INFOPLIST_FILE = YES;
@@ -918,7 +918,7 @@
 				CLANG_ENABLE_MODULES = YES;
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 3285;
+				CURRENT_PROJECT_VERSION = 3286;
 				DEFINES_MODULE = YES;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				GENERATE_INFOPLIST_FILE = YES;
@@ -977,7 +977,7 @@
 				CODE_SIGN_ENTITLEMENTS = "XCreds Login Overlay/XCreds_Login_Overlay.entitlements";
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 3285;
+				CURRENT_PROJECT_VERSION = 3286;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				ENABLE_HARDENED_RUNTIME = YES;
 				GENERATE_INFOPLIST_FILE = YES;
@@ -1007,7 +1007,7 @@
 				CODE_SIGN_ENTITLEMENTS = "XCreds Login Overlay/XCreds_Login_Overlay.entitlements";
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 3285;
+				CURRENT_PROJECT_VERSION = 3286;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				ENABLE_HARDENED_RUNTIME = YES;
 				GENERATE_INFOPLIST_FILE = YES;
@@ -1150,7 +1150,7 @@
 				CODE_SIGN_ENTITLEMENTS = XCreds/xCreds.entitlements;
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 3285;
+				CURRENT_PROJECT_VERSION = 3286;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				ENABLE_HARDENED_RUNTIME = YES;
 				GENERATE_INFOPLIST_FILE = YES;
@@ -1179,7 +1179,7 @@
 				CODE_SIGN_ENTITLEMENTS = XCreds/xCreds.entitlements;
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 3285;
+				CURRENT_PROJECT_VERSION = 3286;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				ENABLE_HARDENED_RUNTIME = YES;
 				GENERATE_INFOPLIST_FILE = YES;

xCreds.xcodeproj/xcuserdata/tperfitt.xcuserdatad/xcdebugger/Breakpoints_v2.xcbkptlist

@@ -3,86 +3,4 @@
    uuid = "94C20054-8AB3-42DB-93A7-A3026166D6FC"
    type = "1"
    version = "2.0">
-   <Breakpoints>
-      <BreakpointProxy
-         BreakpointExtensionID = "Xcode.Breakpoint.FileBreakpoint">
-         <BreakpointContent
-            uuid = "C8A9F38D-D0DD-4ED6-B10E-5AD8C5DE8EAE"
-            shouldBeEnabled = "Yes"
-            ignoreCount = "0"
-            continueAfterRunningActions = "No"
-            filePath = "../OIDCLite/Sources/OIDCLite/OIDCLite.swift"
-            startingColumnNumber = "9223372036854775807"
-            endingColumnNumber = "9223372036854775807"
-            startingLineNumber = "142"
-            endingLineNumber = "142"
-            landmarkName = "getToken(code:)"
-            landmarkType = "7">
-         </BreakpointContent>
-      </BreakpointProxy>
-      <BreakpointProxy
-         BreakpointExtensionID = "Xcode.Breakpoint.FileBreakpoint">
-         <BreakpointContent
-            uuid = "37F44C02-DFBB-49D0-8C2D-5FFDB8782B9D"
-            shouldBeEnabled = "Yes"
-            ignoreCount = "0"
-            continueAfterRunningActions = "No"
-            filePath = "../OIDCLite/Sources/OIDCLite/OIDCLite.swift"
-            startingColumnNumber = "9223372036854775807"
-            endingColumnNumber = "9223372036854775807"
-            startingLineNumber = "147"
-            endingLineNumber = "147"
-            landmarkName = "getToken(code:)"
-            landmarkType = "7">
-            <Locations>
-               <Location
-                  uuid = "37F44C02-DFBB-49D0-8C2D-5FFDB8782B9D - 98dc66ec8db21dab"
-                  shouldBeEnabled = "Yes"
-                  ignoreCount = "0"
-                  continueAfterRunningActions = "No"
-                  symbolName = "OIDCLite.OIDCLite.getToken(code: Swift.String) -&gt; ()"
-                  moduleName = "XCreds"
-                  usesParentBreakpointCondition = "Yes"
-                  urlString = "file:///Users/tperfitt/Documents/Projects/OIDCLite/Sources/OIDCLite/OIDCLite.swift"
-                  startingColumnNumber = "9223372036854775807"
-                  endingColumnNumber = "9223372036854775807"
-                  startingLineNumber = "147"
-                  endingLineNumber = "147"
-                  offsetFromSymbolStart = "640">
-               </Location>
-               <Location
-                  uuid = "37F44C02-DFBB-49D0-8C2D-5FFDB8782B9D - 98dc66ec8db21dab"
-                  shouldBeEnabled = "Yes"
-                  ignoreCount = "0"
-                  continueAfterRunningActions = "No"
-                  symbolName = "OIDCLite.OIDCLite.getToken(code: Swift.String) -&gt; ()"
-                  moduleName = "XCreds"
-                  usesParentBreakpointCondition = "Yes"
-                  urlString = "file:///Users/tperfitt/Documents/Projects/OIDCLite/Sources/OIDCLite/OIDCLite.swift"
-                  startingColumnNumber = "9223372036854775807"
-                  endingColumnNumber = "9223372036854775807"
-                  startingLineNumber = "147"
-                  endingLineNumber = "147"
-                  offsetFromSymbolStart = "711">
-               </Location>
-            </Locations>
-         </BreakpointContent>
-      </BreakpointProxy>
-      <BreakpointProxy
-         BreakpointExtensionID = "Xcode.Breakpoint.FileBreakpoint">
-         <BreakpointContent
-            uuid = "57A3201C-2571-43AA-8A89-CFE9C66FC0EC"
-            shouldBeEnabled = "Yes"
-            ignoreCount = "0"
-            continueAfterRunningActions = "No"
-            filePath = "XCredsLoginPlugIn/Mechanisms/XCredsLoginMechanism.swift"
-            startingColumnNumber = "13"
-            endingColumnNumber = "48"
-            startingLineNumber = "125"
-            endingLineNumber = "125"
-            landmarkName = "allowLogin()"
-            landmarkType = "7">
-         </BreakpointContent>
-      </BreakpointProxy>
-   </Breakpoints>
 </Bucket>