Merge branch 'master' into track-messagestrack-messages

1 files changed, 307 insertions, 19 deletions

diff --git a/facebook/facebook-api.c b/facebook/facebook-api.c
index fb0581d..16bbf6e 100644
--- a/facebook/facebook-api.c
+++ b/facebook/facebook-api.c
@@ -27,6 +27,7 @@
 #include "facebook-util.h"
 
 typedef struct _FbApiData FbApiData;
+typedef struct _FbApiPreloginData FbApiPreloginData;
 
 enum
 {
@@ -39,6 +40,7 @@ enum
     PROP_TOKEN,
     PROP_UID,
     PROP_TWEAK,
+    PROP_WORK,
 
     PROP_N
 };
@@ -64,6 +66,10 @@ struct _FbApiPrivate
     FbId lastmid;
     gchar *contacts_delta;
     int tweak;
+    gboolean is_work;
+    gboolean need_work_switch;
+    gchar *sso_verifier;
+    FbId work_community_id;
 };
 
 struct _FbApiData
@@ -72,6 +78,13 @@ struct _FbApiData
     GDestroyNotify func;
 };
 
+struct _FbApiPreloginData
+{
+    FbApi *api;
+    gchar *user;
+    gchar *pass;
+};
+
 static void
 fb_api_attach(FbApi *api, FbId aid, const gchar *msgid, FbApiMessage *msg);
 
@@ -143,6 +156,9 @@ fb_api_set_property(GObject *obj, guint prop, const GValue *val,
         priv->tweak = g_value_get_int(val);
         fb_http_set_agent(priv->http, fb_api_get_agent_string(priv->tweak, 0));
         break;
+    case PROP_WORK:
+        priv->is_work = g_value_get_boolean(val);
+        break;
 
     default:
         G_OBJECT_WARN_INVALID_PROPERTY_ID (obj, prop, pspec);
@@ -177,6 +193,9 @@ fb_api_get_property(GObject *obj, guint prop, GValue *val, GParamSpec *pspec)
     case PROP_TWEAK:
         g_value_set_int(val, priv->tweak);
         break;
+    case PROP_WORK:
+        g_value_set_boolean(val, priv->is_work);
+        break;
 
     default:
         G_OBJECT_WARN_INVALID_PROPERTY_ID (obj, prop, pspec);
@@ -209,6 +228,7 @@ fb_api_dispose(GObject *obj)
     g_free(priv->stoken);
     g_free(priv->token);
     g_free(priv->contacts_delta);
+    g_free(priv->sso_verifier);
 }
 
 static void
@@ -308,6 +328,16 @@ fb_api_class_init(FbApiClass *klass)
         "",
         0, G_MAXINT, 0,
         G_PARAM_READWRITE);
+
+    /**
+     * FbApi:work:
+     */
+    props[PROP_WORK] = g_param_spec_boolean(
+        "work",
+        "Work",
+        "",
+        FALSE,
+        G_PARAM_READWRITE);
     g_object_class_install_properties(gklass, PROP_N, props);
 
     /**
@@ -546,6 +576,22 @@ fb_api_class_init(FbApiClass *klass)
                  fb_marshal_VOID__POINTER,
                  G_TYPE_NONE,
                  1, G_TYPE_POINTER);
+
+    /**
+     * FbApi::work-sso-login:
+     * @api: The #FbApi.
+     *
+     * Emitted when user interaction is required to continue SAML SSO login
+     */
+
+    g_signal_new("work-sso-login",
+                 G_TYPE_FROM_CLASS(klass),
+                 G_SIGNAL_ACTION,
+                 0,
+                 NULL, NULL,
+                 fb_marshal_VOID__VOID,
+                 G_TYPE_NONE,
+                 0);
 }
 
 static void
@@ -764,7 +810,8 @@ fb_api_http_req(FbApi *api, const gchar *url, const gchar *name,
     GList *l;
     GString *gstr;
 
-    fb_http_values_set_str(values, "api_key", FB_API_KEY);
+    fb_http_values_set_str(values, "api_key",
+        priv->is_work ? FB_WORK_API_KEY : FB_API_KEY);
     fb_http_values_set_str(values, "device_id", priv->did);
     fb_http_values_set_str(values, "fb_api_req_friendly_name", name);
     fb_http_values_set_str(values, "format", "json");
@@ -787,7 +834,7 @@ fb_api_http_req(FbApi *api, const gchar *url, const gchar *name,
         g_string_append_printf(gstr, "%s=%s", key, val);
     }
 
-    g_string_append(gstr, FB_API_SECRET);
+    g_string_append(gstr, priv->is_work ? FB_WORK_API_SECRET : FB_API_SECRET);
     data = g_compute_checksum_for_string(G_CHECKSUM_MD5, gstr->str, gstr->len);
     fb_http_values_set_str(values, "sig", data);
 
@@ -922,23 +969,26 @@ fb_api_cb_mqtt_open(FbMqtt *mqtt, gpointer data)
         ? fb_api_get_agent_string(priv->tweak, 1)
         : FB_API_MQTT_AGENT);
 
-    /* Write the UNKNOWN ("cp"?) */
+    /* Write the client capabilities */
     fb_thrift_write_field(thft, FB_THRIFT_TYPE_I64, 3, 2);
-    fb_thrift_write_i64(thft, 23);
+    fb_thrift_write_i64(thft, FB_CP_ACKNOWLEDGED_DELIVERY |
+                              FB_CP_PROCESSING_LASTACTIVE_PRESENCEINFO |
+                              FB_CP_EXACT_KEEPALIVE |
+                              FB_CP_DELTA_SENT_MESSAGE_ENABLED);
 
-    /* Write the UNKNOWN ("ecp"?) */
+    /* Write the endpoint capabilitites */
     fb_thrift_write_field(thft, FB_THRIFT_TYPE_I64, 4, 3);
     fb_thrift_write_i64(thft, 26);
 
-    /* Write the UNKNOWN */
+    /* Write the publish payload format (deflate) */
     fb_thrift_write_field(thft, FB_THRIFT_TYPE_I32, 5, 4);
     fb_thrift_write_i32(thft, 1);
 
-    /* Write the UNKNOWN ("no_auto_fg"?) */
+    /* Write the noAutomaticForeground flag */
     fb_thrift_write_field(thft, FB_THRIFT_TYPE_BOOL, 6, 5);
     fb_thrift_write_bool(thft, TRUE);
 
-    /* Write the visibility state */
+    /* Write the visibility state (makeUserAvailableInForeground flag) */
     fb_thrift_write_field(thft, FB_THRIFT_TYPE_BOOL, 7, 6);
     fb_thrift_write_bool(thft, !priv->invisible);
 
@@ -946,15 +996,15 @@ fb_api_cb_mqtt_open(FbMqtt *mqtt, gpointer data)
     fb_thrift_write_field(thft, FB_THRIFT_TYPE_STRING, 8, 7);
     fb_thrift_write_str(thft, priv->did);
 
-    /* Write the UNKNOWN ("fg"?) */
+    /* Write the isInitiallyForeground flag */
     fb_thrift_write_field(thft, FB_THRIFT_TYPE_BOOL, 9, 8);
     fb_thrift_write_bool(thft, TRUE);
 
-    /* Write the UNKNOWN ("nwt"?) */
+    /* Write the network type (WIFI) */
     fb_thrift_write_field(thft, FB_THRIFT_TYPE_I32, 10, 9);
     fb_thrift_write_i32(thft, 1);
 
-    /* Write the UNKNOWN ("nwst"?) */
+    /* Write the network subtype (none) */
     fb_thrift_write_field(thft, FB_THRIFT_TYPE_I32, 11, 10);
     fb_thrift_write_i32(thft, 0);
 
@@ -962,16 +1012,18 @@ fb_api_cb_mqtt_open(FbMqtt *mqtt, gpointer data)
     fb_thrift_write_field(thft, FB_THRIFT_TYPE_I64, 12, 11);
     fb_thrift_write_i64(thft, priv->mid);
 
-    /* Write the UNKNOWN */
+    /* Write the list of topics to subscribe */
     fb_thrift_write_field(thft, FB_THRIFT_TYPE_LIST, 14, 12);
     fb_thrift_write_list(thft, FB_THRIFT_TYPE_I32, 0);
+
+    /* Write the STOP for the struct */
     fb_thrift_write_stop(thft);
 
     /* Write the token */
-    fb_thrift_write_field(thft, FB_THRIFT_TYPE_STRING, 15, 14);
+    fb_thrift_write_field(thft, FB_THRIFT_TYPE_STRING, 5, 4);
     fb_thrift_write_str(thft, priv->token);
 
-    /* Write the STOP for the struct */
+    /* Write the STOP for the message */
     fb_thrift_write_stop(thft);
 
     bytes = fb_thrift_get_bytes(thft);
@@ -2104,6 +2156,53 @@ fb_api_attach(FbApi *api, FbId aid, const gchar *msgid, FbApiMessage *msg)
 }
 
 static void
+fb_api_cb_work_peek(FbHttpRequest *req, gpointer data)
+{
+    FbApi *api = data;
+    FbApiPrivate *priv = api->priv;
+    GError *err = NULL;
+    JsonNode *root;
+    gchar *community = NULL;
+
+    if (!fb_api_http_chk(api, req, &root)) {
+        return;
+    }
+
+    /* The work_users[0] explicitly only handles the first user.
+     * If more than one user is ever needed, this is what you want to change,
+     * but as far as I know this feature (linked work accounts) is deprecated
+     * and most users can detach their work accounts from their personal
+     * accounts by assigning a password to the work account. */
+    community = fb_json_node_get_str(root,
+        "$.data.viewer.work_users[0].community.login_identifier", &err);
+
+    FB_API_ERROR_EMIT(api, err,
+        g_free(community);
+        json_node_free(root);
+        return;
+    );
+
+    priv->work_community_id = FB_ID_FROM_STR(community);
+
+    fb_api_auth(api, "X", "X", "personal_to_work_switch");
+
+    g_free(community);
+    json_node_free(root);
+}
+
+static FbHttpRequest *
+fb_api_work_peek(FbApi *api)
+{
+    FbHttpValues *prms;
+
+    prms = fb_http_values_new();
+    fb_http_values_set_int(prms, "doc_id", FB_API_WORK_COMMUNITY_PEEK);
+
+    return fb_api_http_req(api, FB_API_URL_GQL, "WorkCommunityPeekQuery",
+        "post", prms, fb_api_cb_work_peek);
+}
+
+static void
 fb_api_cb_auth(FbHttpRequest *req, gpointer data)
 {
     FbApi *api = data;
@@ -2118,7 +2217,14 @@ fb_api_cb_auth(FbHttpRequest *req, gpointer data)
 
     values = fb_json_values_new(root);
     fb_json_values_add(values, FB_JSON_TYPE_STR, TRUE, "$.access_token");
-    fb_json_values_add(values, FB_JSON_TYPE_INT, TRUE, "$.uid");
+
+    /* extremely silly difference */
+    if (priv->is_work) {
+        fb_json_values_add(values, FB_JSON_TYPE_STR, TRUE, "$.uid");
+    } else {
+        fb_json_values_add(values, FB_JSON_TYPE_INT, TRUE, "$.uid");
+    }
+
     fb_json_values_update(values, &err);
 
     FB_API_ERROR_EMIT(api, err,
@@ -2129,25 +2235,202 @@ fb_api_cb_auth(FbHttpRequest *req, gpointer data)
 
     g_free(priv->token);
     priv->token = fb_json_values_next_str_dup(values, NULL);
-    priv->uid = fb_json_values_next_int(values, 0);
 
-    g_signal_emit_by_name(api, "auth");
+    if (priv->is_work) {
+        priv->uid = FB_ID_FROM_STR(fb_json_values_next_str(values, "0"));
+    } else {
+        priv->uid = fb_json_values_next_int(values, 0);
+    }
+
+    if (priv->need_work_switch) {
+        fb_api_work_peek(api);
+        priv->need_work_switch = FALSE;
+    } else {
+        g_signal_emit_by_name(api, "auth");
+    }
+
     g_object_unref(values);
     json_node_free(root);
 }
 
 void
-fb_api_auth(FbApi *api, const gchar *user, const gchar *pass)
+fb_api_auth(FbApi *api, const gchar *user, const gchar *pass, const gchar *credentials_type)
 {
+    FbApiPrivate *priv = api->priv;
     FbHttpValues *prms;
 
     prms = fb_http_values_new();
     fb_http_values_set_str(prms, "email", user);
     fb_http_values_set_str(prms, "password", pass);
+
+    if (credentials_type) {
+        fb_http_values_set_str(prms, "credentials_type", credentials_type);
+    }
+
+    if (priv->sso_verifier) {
+        fb_http_values_set_str(prms, "code_verifier", priv->sso_verifier);
+        g_free(priv->sso_verifier);
+        priv->sso_verifier = NULL;
+    }
+
+    if (priv->work_community_id) {
+        fb_http_values_set_int(prms, "community_id", priv->work_community_id);
+    }
+
+    if (priv->is_work && priv->token) {
+        fb_http_values_set_str(prms, "access_token", priv->token);
+    }
+
     fb_api_http_req(api, FB_API_URL_AUTH, "authenticate", "auth.login", prms,
                     fb_api_cb_auth);
 }
 
+static void
+fb_api_cb_work_prelogin(FbHttpRequest *req, gpointer data)
+{
+    FbApiPreloginData *pata = data;
+    FbApi *api = pata->api;
+    FbApiPrivate *priv = api->priv;
+    GError *err = NULL;
+    JsonNode *root;
+    gchar *status;
+    gchar *user = pata->user;
+    gchar *pass = pata->pass;
+
+    g_free(pata);
+
+    if (!fb_api_http_chk(api, req, &root)) {
+        return;
+    }
+
+    status = fb_json_node_get_str(root, "$.status", &err);
+
+    FB_API_ERROR_EMIT(api, err,
+        json_node_free(root);
+        return;
+    );
+
+    if (g_strcmp0(status, "can_login_password") == 0) {
+        fb_api_auth(api, user, pass, "work_account_password");
+
+    } else if (g_strcmp0(status, "can_login_via_linked_account") == 0) {
+        fb_api_auth(api, user, pass, "personal_account_password_with_work_username");
+        priv->need_work_switch = TRUE;
+
+    } else if (g_strcmp0(status, "can_login_sso") == 0) {
+        g_signal_emit_by_name(api, "work-sso-login");
+
+    } else if (g_strcmp0(status, "cannot_login") == 0) {
+        char *reason = fb_json_node_get_str(root, "$.cannot_login_reason", NULL);
+
+        if (g_strcmp0(reason, "non_business_email") == 0) {
+            fb_api_error(api, FB_API_ERROR_AUTH,
+                         "Cannot login with non-business email. "
+                         "Change the 'username' setting or disable 'work'");
+        } else {
+            char *title = fb_json_node_get_str(root, "$.error_title", NULL);
+            char *body = fb_json_node_get_str(root, "$.error_body", NULL);
+
+            fb_api_error(api, FB_API_ERROR_AUTH,
+                         "Work prelogin failed (%s - %s)", title, body);
+
+            g_free(title);
+            g_free(body);
+        }
+
+        g_free(reason);
+
+    } else if (g_strcmp0(status, "can_self_invite") == 0) {
+        fb_api_error(api, FB_API_ERROR_AUTH, "Unknown email. "
+                     "Change the 'username' setting or disable 'work'");
+    }
+
+    g_free(status);
+    json_node_free(root);
+}
+
+void
+fb_api_work_login(FbApi *api, gchar *user, gchar *pass)
+{
+    FbApiPrivate *priv = api->priv;
+    FbHttpRequest *req;
+    FbHttpValues *prms, *hdrs;
+    FbApiPreloginData *pata = g_new0(FbApiPreloginData, 1);
+
+    pata->api = api;
+    pata->user = user;
+    pata->pass = pass;
+
+    priv->is_work = TRUE;
+
+    req = fb_http_request_new(priv->http, FB_API_URL_WORK_PRELOGIN, TRUE,
+        fb_api_cb_work_prelogin, pata);
+
+    hdrs = fb_http_request_get_headers(req);
+    fb_http_values_set_str(hdrs, "Authorization", "OAuth null");
+
+    prms = fb_http_request_get_params(req);
+    fb_http_values_set_str(prms, "email", user);
+    fb_http_values_set_str(prms, "access_token",
+        FB_WORK_API_KEY "|" FB_WORK_API_SECRET);
+
+    fb_http_request_send(req);
+}
+
+gchar *
+fb_api_work_gen_sso_url(FbApi *api, const gchar *user)
+{
+    FbApiPrivate *priv = api->priv;
+    gchar *challenge, *verifier, *req_id, *email;
+    gchar *ret;
+
+    fb_util_gen_sso_verifier(&challenge, &verifier, &req_id);
+
+    email = g_uri_escape_string(user, NULL, FALSE);
+
+    ret = g_strdup_printf(FB_API_SSO_URL, req_id, challenge, email);
+
+    g_free(req_id);
+    g_free(challenge);
+    g_free(email);
+
+    g_free(priv->sso_verifier);
+    priv->sso_verifier = verifier;
+
+    return ret;
+}
+
+void
+fb_api_work_got_nonce(FbApi *api, const gchar *url)
+{
+    gchar **split;
+    gchar *uid = NULL;
+    gchar *nonce = NULL;
+    int i;
+
+    if (!g_str_has_prefix(url, "fb-workchat-sso://sso/?")) {
+        return;
+    }
+
+    split = g_strsplit(strchr(url, '?'), "&", -1);
+
+    for (i = 0; split[i]; i++) {
+        gchar *eq = strchr(split[i], '=');
+
+        if (g_str_has_prefix(split[i], "uid=")) {
+            uid = g_strstrip(eq + 1);
+        } else if (g_str_has_prefix(split[i], "nonce=")) {
+            nonce = g_strstrip(eq + 1);
+        }
+    }
+
+    if (uid && nonce) {
+        fb_api_auth(api, uid, nonce, "work_sso_nonce");
+    }
+
+    g_strfreev(split);
+}
+
 static gchar *
 fb_api_user_icon_checksum(gchar *icon)
 {
@@ -2252,6 +2535,8 @@ fb_api_cb_contacts_nodes(FbApi *api, JsonNode *root, GSList *users)
                        "$.represented_profile.id");
     fb_json_values_add(values, FB_JSON_TYPE_STR, FALSE,
                        "$.represented_profile.friendship_status");
+    fb_json_values_add(values, FB_JSON_TYPE_BOOL, FALSE,
+                       "$.is_on_viewer_contact_list");
     fb_json_values_add(values, FB_JSON_TYPE_STR, FALSE,
                        "$.structured_name.text");
     fb_json_values_add(values, FB_JSON_TYPE_STR, FALSE,
@@ -2264,11 +2549,14 @@ fb_api_cb_contacts_nodes(FbApi *api, JsonNode *root, GSList *users)
     }
 
     while (fb_json_values_update(values, &err)) {
+        gboolean in_contact_list;
+
         str = fb_json_values_next_str(values, "0");
         uid = FB_ID_FROM_STR(str);
         str = fb_json_values_next_str(values, NULL);
+        in_contact_list = fb_json_values_next_bool(values, FALSE);
 
-        if (((g_strcmp0(str, "ARE_FRIENDS") != 0) &&
+        if ((!in_contact_list && (g_strcmp0(str, "ARE_FRIENDS") != 0) &&
              (uid != priv->uid)) || (uid == 0))
         {
             if (!is_array) {