Исправь зацикливание Keycloak submit

2026-05-20 09:57:27 +03:00
parent 0a09dd5b90
commit 94863e50bd
3 changed files with 54 additions and 4 deletions
--- a/bin/vpn-lemanapro.sh
+++ b/bin/vpn-lemanapro.sh
@@ -35,6 +35,7 @@ DEBUG=false
 JSON_MODE=false
 STATUS_MODE=false
 CONFIGURE_KEYCHAIN_MODE=false
+PATCH_ONLY_MODE=false

 for arg in "$@"; do
  case "$arg" in
@@ -42,15 +43,17 @@ for arg in "$@"; do
    --json) JSON_MODE=true ;;
    --status) STATUS_MODE=true ;;
    --configure-keychain) CONFIGURE_KEYCHAIN_MODE=true ;;
+    --patch-only) PATCH_ONLY_MODE=true ;;
    --help|-h)
      cat <<'HELP'
-Usage: vpn-lemanapro.sh [--debug] [--json] [--status] [--configure-keychain]
+Usage: vpn-lemanapro.sh [--debug] [--json] [--status] [--configure-keychain] [--patch-only]

  --status              Show current VPN status without connecting
  --status --json       Show current VPN status as JSON
  --debug               Run visible browser and passthrough debug logs
  --json                Emit JSON Lines events for UI wrappers
  --configure-keychain  Prompt for LDAP password and TOTP secret, then save them to Keychain
+  --patch-only          Apply openconnect-lite runtime patches and exit
 HELP
      exit 0
      ;;
@@ -141,7 +144,8 @@ _patches_active() {
  [[ -n "$wep" && -f "$wep" ]] || return 1
  grep -q '"offscreen"' "$wep" \
    && grep -q 'new Event("input", {{bubbles: true}})' "$wep" \
-    && grep -q 'new RegExp' "$wep"
+    && grep -q 'new RegExp' "$wep" \
+    && grep -q '__lemanaVpnClicked' "$wep"
 }

 _keychain_has() {
@@ -322,10 +326,20 @@ if src != original:
    original = src

 old_fill = 'elem.dispatchEvent(new Event("focus")); elem.value = {value}; elem.dispatchEvent(new Event("blur"));'
-new_fill = 'elem.dispatchEvent(new Event("focus")); elem.value = {value}; elem.dispatchEvent(new Event("input", {{bubbles: true}})); elem.dispatchEvent(new Event("change", {{bubbles: true}})); elem.dispatchEvent(new Event("blur"));'
+fill_with_events = 'elem.dispatchEvent(new Event("focus")); elem.value = {value}; elem.dispatchEvent(new Event("input", {{bubbles: true}})); elem.dispatchEvent(new Event("change", {{bubbles: true}})); elem.dispatchEvent(new Event("blur"));'
+new_fill = 'elem.dispatchEvent(new Event("focus")); elem.value = {value}; window.__lemanaVpnFilled = true; elem.dispatchEvent(new Event("input", {{bubbles: true}})); elem.dispatchEvent(new Event("change", {{bubbles: true}})); elem.dispatchEvent(new Event("blur"));'
 if old_fill in src:
    src = src.replace(old_fill, new_fill)
    messages.append("input/change events")
+elif fill_with_events in src:
+    src = src.replace(fill_with_events, new_fill)
+    messages.append("fill marker")
+
+old_click = 'var elem = document.querySelector({selector}); if (elem) {{ elem.dispatchEvent(new Event("focus")); elem.click(); }}'
+new_click = 'var elem = document.querySelector({selector}); if (elem && !elem.disabled && elem.offsetParent !== null && window.__lemanaVpnFilled) {{ window.__lemanaVpnClicked = window.__lemanaVpnClicked || {{}}; var clickKey = location.href + "|" + {selector}; if (!window.__lemanaVpnClicked[clickKey]) {{ window.__lemanaVpnClicked[clickKey] = true; elem.dispatchEvent(new Event("focus")); elem.click(); }} }}'
+if old_click in src:
+    src = src.replace(old_click, new_click)
+    messages.append("submit click guard")

 if "new RegExp" not in src:
    old_block = '''                script.setSourceCode(
@@ -370,6 +384,26 @@ autoFill();
    src = src.replace(old_block, new_block)
    messages.append("URL guard")

+page_state = '''    if (window.__lemanaVpnPageHref !== location.href) {{
+        window.__lemanaVpnPageHref = location.href;
+        window.__lemanaVpnFilled = false;
+        window.__lemanaVpnClicked = {{}};
+    }}
+'''
+if "window.__lemanaVpnPageHref" not in src:
+    marker = '''    _afRun++;
+
+    {get_selectors(rules, credentials)}
+'''
+    if marker not in src:
+        print("Cannot apply page state guard patch: unsupported openconnect-lite source", file=sys.stderr)
+        sys.exit(1)
+    src = src.replace(marker, '''    _afRun++;
+''' + page_state + '''
+    {get_selectors(rules, credentials)}
+''')
+    messages.append("page state guard")
+
 if src != before:
    backup_dir.mkdir(parents=True, exist_ok=True)
    if not backup_file.exists():
@@ -656,6 +690,11 @@ if $CONFIGURE_KEYCHAIN_MODE; then
  exit 0
 fi

+if $PATCH_ONLY_MODE; then
+  _patch_oc
+  exit 0
+fi
+
 if ! $JSON_MODE; then
  _module_status_human
 else