From 7660666d2384542b92d1f330ff3f20fcd28d36f4 Mon Sep 17 00:00:00 2001
From: Romain Bignon <romain@symlink.me>
Date: Sun, 14 Dec 2014 16:57:36 +0100
Subject: [PATCH] break the fucking new protection made by faggots of Banque
 Populaire

---
 modules/banquepopulaire/browser.py |  5 +++++
 modules/banquepopulaire/pages.py   | 26 ++++++++++++++++++++++++++
 2 files changed, 31 insertions(+)

diff --git a/modules/banquepopulaire/browser.py b/modules/banquepopulaire/browser.py
index bbeee3eaa2..e24030d7b0 100644
--- a/modules/banquepopulaire/browser.py
+++ b/modules/banquepopulaire/browser.py
@@ -97,6 +97,7 @@ def go_on_accounts_list(self):
             self.select_form(nr=0)
             self.set_all_readonly(False)
             self['dialogActionPerformed'] = 'EQUIPEMENT_COMPLET'
+            self['token'] = self.page.build_token(self['token'])
             self.submit()
 
     def get_accounts_list(self):
@@ -112,6 +113,7 @@ def get_accounts_list(self):
             if not self.is_on_page(AccountsPage):
                 self.go_on_accounts_list()
 
+            next_page['token'] = self.page.build_token(self.page.get_token())
             self.location('/cyber/internet/ContinueTask.do', urllib.urlencode(next_page))
 
             for a in self.page.iter_accounts():
@@ -137,6 +139,8 @@ def get_history(self, account, coming=False):
         if params is None:
             return
 
+        params['token'] = self.page.build_token(params['token'])
+
         self.location('/cyber/internet/ContinueTask.do', urllib.urlencode(params))
         self.token = self.page.get_token()
 
@@ -147,6 +151,7 @@ def get_history(self, account, coming=False):
         if len(self.page.document.xpath('//a[@id="tcl4_srt"]')) > 0:
             self.select_form(predicate=lambda form: form.attrs.get('id', '') == 'myForm')
             self.form.action = self.absurl('/cyber/internet/Sort.do?property=tbl1&sortBlocId=blc2&columnName=dateValeur')
+            params['token'] = self.page.build_token(params['token'])
             self.submit()
 
         while True:
diff --git a/modules/banquepopulaire/pages.py b/modules/banquepopulaire/pages.py
index 58be499d0a..59c2cbf857 100644
--- a/modules/banquepopulaire/pages.py
+++ b/modules/banquepopulaire/pages.py
@@ -60,6 +60,32 @@ class BasePage(_BasePage):
     def get_token(self):
         return self.parser.select(self.document.getroot(), '//form//input[@name="token"]', 1, 'xpath').attrib['value']
 
+    def build_token(self, token):
+        """
+        These fucking faggots have introduced a new protection on the token.
+
+        Each time there is a call to SAB (selectActionButton), the token
+        available in the form is modified with a key available in JS:
+
+        ipsff(function(){TW().ipthk([12, 25, 17, 5, 23, 26, 15, 30, 6]);});
+
+        Each value of the array is an index for the current token to append the
+        char at this position at the end of the token.
+        """
+        table = None
+        for script in self.document.xpath('//script'):
+            if script.text is None:
+                continue
+            m = re.search(r'ipthk\(([^\)]+)\)', script.text, flags=re.MULTILINE)
+            if m:
+                table = json.loads(m.group(1))
+        if table is None:
+            return token
+
+        for i in table:
+            token += token[i]
+        return token
+
 
 class RedirectPage(BasePage):
     """
-- 
GitLab