I'm making an app where students can login to there portal website and it shows their data, however I'm having trouble authenticated users, when I did this project on another website I used NTLMClients in Dart and that was it, here it does not work and upon closer inspection the website uses CSRF tokens, how can I pass them without using headless browsers like playwright, is there a way to modify the NTLMClient to pass it?
import 'package:http/http.dart' as http;
import 'package:html/parser.dart' show parse;
import 'package:html/dom.dart';
import 'package:my_portal/globals.dart' as globals;
class GIUPortalLogin {
final String baseUrl = 'https://portal.giu-uni.de/GIUb/EXTStudent/Home.aspx';
final http.Client _client = http.Client();
Map<String, String> _cookies = {};
Future<bool> login(String username, String password) async {
try {
final loginResponse = await _client.get(
Uri.parse(baseUrl),
headers: {
'User-Agent':
'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36'
},
);
_updateCookies(loginResponse);
final document = parse(loginResponse.body);
final viewState = _getInputValue(document, '__VIEWSTATE');
final eventValidation = _getInputValue(document, '__EVENTVALIDATION');
final viewStateGenerator = _getInputValue(document, '__VIEWSTATEGENERATOR');
final loginData = {
'__VIEWSTATE': viewState,
'__EVENTVALIDATION': eventValidation,
'__VIEWSTATEGENERATOR': viewStateGenerator,
'__EVENTTARGET': '',
'__EVENTARGUMENT': '',
'username': username,
'password': password,
};
final response = await _client.post(
Uri.parse('$baseUrl/login'),
headers: {
'Cookie': _formatCookies(),
'Content-Type': 'application/x-www-form-urlencoded',
'User-Agent':
'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36'
},
body: loginData,
);
_updateCookies(response);
return _isLoggedIn(response.body);
} catch (e) {
print('Error during login: $e');
return false;
}
}
String _getInputValue(Document document, String inputName) {
final input = document.querySelector('input[name="$inputName"]');
return input?.attributes['value'] ?? '';
}
void _updateCookies(http.Response response) {
final cookies = response.headers['set-cookie'];
if (cookies != null) {
final cookieList = cookies.split(',');
for (var cookie in cookieList) {
final parts = cookie.split(';')[0].split('=');
if (parts.length == 2) {
_cookies[parts[0].trim()] = parts[1].trim();
}
}
}
}
String _formatCookies() {
return _cookies.entries.map((e) => '${e.key}=${e.value}').join('; ');
}
bool _isLoggedIn(String responseBody) {
return responseBody.contains('') ||
responseBody.contains('Home.aspx');
}
Future<String?> getHomePage() async {
try {
final response = await _client.get(
Uri.parse(baseUrl),
headers: {
'Cookie': _formatCookies(),
'User-Agent':
'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36'
},
);
return response.body;
} catch (e) {
print('Error fetching home page: $e');
return null;
}
}
void dispose() {
_client.close();
}
}
NTLMClient Code:
Future<bool> loginGUC(String username, String password) async {
NTLMClient client = NTLMClient(
domain: "",
workstation: "",
username: username,
password: password,
);
try {
var res = await client.get(Uri.parse('https://portal.giu-uni.de/GIUb/EXTStudent/Home.aspx'));
if (res.statusCode == 200 ) {
globals.username = username;
globals.password = password;
return true;
}
} catch (e) {
}
return false;
}
I tried authenticating but can't pass CSRF token.
