diff --git a/app/src/main/java/com/futo/platformplayer/Extensions_Formatting.kt b/app/src/main/java/com/futo/platformplayer/Extensions_Formatting.kt index 0ebaa40f..8e4399ec 100644 --- a/app/src/main/java/com/futo/platformplayer/Extensions_Formatting.kt +++ b/app/src/main/java/com/futo/platformplayer/Extensions_Formatting.kt @@ -360,11 +360,11 @@ fun String.matchesDomain(queryDomain: String): Boolean { val parts = queryDomain.lowercase().split("."); if(parts.size < 3) - throw IllegalStateException("Illegal use of wildcards on First-Level-Domain"); + throw IllegalStateException("Illegal use of wildcards on First-Level-Domain (" + queryDomain + ")"); if(parts.size >= 3){ val isSLD = slds.contains("." + parts[parts.size - 2] + "." + parts[parts.size - 1]); if(isSLD && parts.size <= 3) - throw IllegalStateException("Illegal use of wildcards on Second-Level-Domain"); + throw IllegalStateException("Illegal use of wildcards on Second-Level-Domain (" + queryDomain + ")"); } //TODO: Should be safe, but double verify if can't be exploited @@ -372,4 +372,13 @@ fun String.matchesDomain(queryDomain: String): Boolean { } else return this == queryDomain; +} + +fun String.getSubdomainWildcardQuery(): String { + val domainParts = this.split("."); + val sldParts = "." + domainParts[domainParts.size - 2].lowercase() + "." + domainParts[domainParts.size - 1].lowercase(); + if(slds.contains(sldParts)) + return "." + domainParts.drop(domainParts.size - 3).joinToString("."); + else + return "." + domainParts.drop(domainParts.size - 2).joinToString("."); } \ No newline at end of file diff --git a/app/src/main/java/com/futo/platformplayer/others/LoginWebViewClient.kt b/app/src/main/java/com/futo/platformplayer/others/LoginWebViewClient.kt index 0d6e5eea..29229d6d 100644 --- a/app/src/main/java/com/futo/platformplayer/others/LoginWebViewClient.kt +++ b/app/src/main/java/com/futo/platformplayer/others/LoginWebViewClient.kt @@ -14,6 +14,7 @@ import com.futo.platformplayer.api.media.platforms.js.SourcePluginAuthConfig import com.futo.platformplayer.api.media.platforms.js.SourcePluginConfig import com.futo.platformplayer.constructs.Event1 import com.futo.platformplayer.constructs.Event2 +import com.futo.platformplayer.getSubdomainWildcardQuery import com.futo.platformplayer.logging.Logger import com.futo.platformplayer.matchesDomain import kotlinx.serialization.encodeToString @@ -109,8 +110,9 @@ class LoginWebViewClient : WebViewClient { //TODO: For now we assume cookies are legit for all subdomains of a top-level domain, this is the most common scenario anyway val cookieString = CookieManager.getInstance().getCookie(request.url.toString()); if(cookieString != null) { - val domainParts = domain!!.split("."); - val cookieDomain = "." + domainParts.drop(domainParts.size - 2).joinToString("."); + //val domainParts = domain!!.split("."); + //val cookieDomain = "." + domainParts.drop(domainParts.size - 2).joinToString("."); + val cookieDomain = domain!!.getSubdomainWildcardQuery(); if(_pluginConfig == null || _pluginConfig.allowUrls.any { it == "everywhere" || it.lowercase().matchesDomain(cookieDomain) }) _authConfig.cookiesToFind?.let { cookiesToFind -> val cookies = cookieString.split(";"); diff --git a/app/src/main/java/com/futo/platformplayer/others/WebViewRequirementExtractor.kt b/app/src/main/java/com/futo/platformplayer/others/WebViewRequirementExtractor.kt index 1722d274..6b22d1a7 100644 --- a/app/src/main/java/com/futo/platformplayer/others/WebViewRequirementExtractor.kt +++ b/app/src/main/java/com/futo/platformplayer/others/WebViewRequirementExtractor.kt @@ -3,6 +3,7 @@ package com.futo.platformplayer.others import android.net.Uri import android.webkit.CookieManager import android.webkit.WebResourceRequest +import com.futo.platformplayer.getSubdomainWildcardQuery import com.futo.platformplayer.logging.Logger import com.futo.platformplayer.matchesDomain @@ -64,8 +65,8 @@ class WebViewRequirementExtractor { //TODO: For now we assume cookies are legit for all subdomains of a top-level domain, this is the most common scenario anyway val cookieString = CookieManager.getInstance().getCookie(request.url.toString()); if(cookieString != null) { - val domainParts = domain!!.split("."); - val cookieDomain = "." + domainParts.drop(domainParts.size - 2).joinToString("."); + //val domainParts = domain!!.split("."); + val cookieDomain = domain!!.getSubdomainWildcardQuery()//"." + domainParts.drop(domainParts.size - 2).joinToString("."); if(allowedUrls.any { it == "everywhere" || it.lowercase().matchesDomain(cookieDomain) }) cookiesToFind?.let { cookiesToFind -> val cookies = cookieString.split(";"); diff --git a/app/src/test/java/com/futo/platformplayer/ExtensionsFormattingTests.kt b/app/src/test/java/com/futo/platformplayer/ExtensionsFormattingTests.kt index 26069804..a267aa74 100644 --- a/app/src/test/java/com/futo/platformplayer/ExtensionsFormattingTests.kt +++ b/app/src/test/java/com/futo/platformplayer/ExtensionsFormattingTests.kt @@ -68,9 +68,19 @@ class ExtensionsFormattingTests { @Test fun testMatchesDomain() { assertTrue("google.com".matchesDomain("google.com")) + assertTrue("google.com".matchesDomain(".google.com")) assertFalse("yahoo.com".matchesDomain("google.com")) assertTrue("mail.google.com".matchesDomain(".google.com")) } + @Test + fun testPrimaryDomain() { + assertEquals(".google.com", "google.com".getSubdomainWildcardQuery()); + assertEquals(".google.com", "test.google.com".getSubdomainWildcardQuery()); + assertEquals(".google.com", "test1.test2.google.com".getSubdomainWildcardQuery()); + assertEquals(".google.co.uk", "google.co.uk".getSubdomainWildcardQuery()); + assertEquals(".google.co.uk", "test.google.co.uk".getSubdomainWildcardQuery()); + assertEquals(".google.co.uk", "test1.test2.google.co.uk".getSubdomainWildcardQuery()); + } @Test fun testTimeDiff() {