Add Method for Fetching Cookies

[ans-4175]

Right now cookies need to fetched manually from Talenta Web.
I think it easier to have module that fetch cookies from Talenta based on user & password passing parameters

[k1m0ch1]

working with this, but kinda stuck. the pattern is like this

you login with username and password, you need the authenticity_token alongside with _mekari_account cookie
and then the status code must 302 get the location header, and move to next one and another with 302 after the third part, you will get the cookie PHPSESSID and others

and I can't even get the right result from the first part, it is just piss me off and I try to check the mobile application communicate with the app in hope the mobile app using access_token JWT, and it actually the same with website

here is my latest code, kinda leave this one later

const axios = require('axios');
const cheerio = require('cheerio');
const FormData = require('form-data');

const prepFormLogin = (obj) => {
  const { auth_token, mekari_cookie } = obj;
  const data = new FormData();

  data.append('utf8', "%E2%9C%93");
  data.append('authenticity_token', auth_token);
  data.append('user[email]', "yahya.fadhluloh@efishery.com");
  data.append('no-captcha-token', "");
  data.append('user[password]', "mypass");

  const config = {
    method: 'POST',
    url: 'https://account.mekari.com/users/sign_in?app_referer=Talenta',
    headers: { 
      "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
      'Accept-Encoding': "gzip, deflate, br",
      'Accept-Language': "en-US,en;q=0.9",
      'Cookie': `${mekari_cookie};`,
      'content-type':`application/x-www-form-urlencoded`,
      'User-Agent': "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36",
      'Referer': "https://account.mekari.com/users/sign_in?app_referer=Talenta",
      'Host': 'account.mekari.com',
      'Origin': 'https://account.mekari.com',
      'sec-ch-ua': '"Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"',
      'sec-ch-ua-mobile': '?0',
      'sec-ch-ua-platform': '"Windows"',
      'Sec-Fetch-Dest': "document",
      'Sec-Fetch-Mode': "navigate",
      'Sec-Fetch-Site': "same-origin",
      'Sec-Fetch-User': "?1",
      'Upgrade-Insecure-Requests': "1",
      ...data.getHeaders()
    },
    data : data
  };

  return config;
};

const secondLogin = (obj) => {
  const { mekari_cookie } = obj;
  const config = {
    method: 'GET',
    url: 'https://account.mekari.com/auth?client_id=TAL-73645&response_type=code&scope=sso:profile',
    headers: { 
      "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
      'Accept-Encoding': "gzip, deflate, br",
      'Accept-Language': "en-US,en;q=0.9",
      Cookie: mekari_cookie,
      "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36",
      'Referer': "https://account.mekari.com/users/sign_in?app_referer=Talenta",
      'Host': 'account.mekari.com',
      'sec-ch-ua': '"Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"',
      'sec-ch-ua-mobile': '?0',
      'sec-ch-ua-platform': '"Windows"',
      'Sec-Fetch-Dest': "document",
      'Sec-Fetch-Mode': "navigate",
      'Sec-Fetch-Site': "same-origin",
      'Sec-Fetch-User': "?1",
      'Upgrade-Insecure-Requests': "1"
    },
    validateStatus: function (status) {
      return status >= 200 && status < 400;
    }
  };

  return config;
}

const loggedIn = async (obj) => {

  const respLogin = await axios.get("https://account.mekari.com/users/sign_in?app_referer=Talenta")

  const $ = await cheerio.load(respLogin.data);
  let auth_token = ""

  $("form.new_user input").map(function(i, v){
    if($(v).attr("name") == "authenticity_token"){
      auth_token = $(v).val();
    }
  });

  // console.log(auth_token)

  let mekari_cookie = respLogin.headers["set-cookie"][0];
  mekari_cookie = mekari_cookie.split(";")[0]

  console.log(mekari_cookie)

  const config = prepFormLogin({
    auth_token: auth_token,
    mekari_cookie: mekari_cookie
  });
  const fResp = await axios(config);

  console.log(fResp)

  // mekari_cookie = fResp.headers["set-cookie"];

  // console.log(mekari_cookie)

  // const sConfig = secondLogin({mekari_cookie: mekari_cookie})
  // const sResp = await axios(sConfig);

  // console.log(sResp.data)

  // console.log("SECOND")
  // // console.log(sResp.headers)
  // // console.log(sResp.data)
  // console.log(sResp)

  // return sResp.headers;
}

module.exports = {
  loggedIn
}

console.log(loggedIn());

[aldryandimas]

Thanks for the api you built @ans-4175 @k1m0ch1! I really appreciate it and ease my work to prevent forgotting clockin and clockout from Talenta. Are we having any updates with this issue? 'coz right now I'm facing issue that I need to update the cookies each day for clockin/clockout since Talenta always update different cookies when login on website.

Once again, thank you for the great work! 🥂 🍻

[ans-4175]

@aldryandimas aah you are right, right now they make it shorter for cookies expiration. I still hold cookies that expired in 2022.
Hmm, I haven't look up at this again, maybe using headless browser would be too much engineering/dependencies for me.
So actually, we still haven't figured out how just to use fetch/axios flow.

Any ideas, Mas?

[yuliusardian]

@ans-4175 This is really cool, Actually I know this method since 2020 and have an idea to make a scheduler for clock in and clock out, But I haven't because I think it's better to do it manually to diciplin myself. But my wild brain still thinking about this to integrate it with Microsoft Teams since my company using Microsoft Teams for communicate and other stuff. So challange myself to create the app.

Actually you don't need to authorize it manually by copying the PHPSESSID and _identity, Just follow the behaviour of the app from inspect element like @k1m0ch1 said, And after all the 3rd hit was completed just look at the response header of

https://hr.talenta.co/sso-callback?code={SOMETHING}

You'll see :

set-cookie: PHPSESSID={SOMETHING} //
set-cookie: _identity={SOMETHING} //

So all you have to do is just parse the response header, grab the value and set it globally on your internal session or write it to config.js.

If you have no idea what I'm talking about just wait and see, I'll create the app and update the progress here. :)

[ans-4175]

Hi @yuliusardian , could you show us with activity flow diagram?
Req/Response sequence, and on 3rd

And after all the 3rd hit was completed just look at the response header

@k1m0ch1 probable could you share your login sequence activity?

[k1m0ch1]

@ans-4175 thanks for the lead man, this has been an ages, and still active, will to update the progress too

@yuliusardian ohhhh what a great person you are, that would be very very wild of genius brain you have, it would be very generous if you made also for Microsoft teams on your company.

oh please since you have a very wild brain you can help us and update the progress here, here is the sequence activity that I know if you need it to get the session

1. POST to https://account.mekari.com/users/sign_in?client_id=TAL-73645&return_to=L2F1dGg_Y2xpZW50X2lkPVRBTC03MzY0NSZyZXNwb25zZV90eXBlPWNvZGUmc2NvcGU9c3NvOnByb2ZpbGU%3D with payload you can guess by 'follow the behaviour the app'
2. GET to https://account.mekari.com/auth?client_id=TAL-73645&response_type=code&scope=sso:profile with from previous sesison
3. GET to another https://hr.talenta.co/sso-callback?code=rQCClaZ48FR6UjAeSFkrvCyIic4l10W0&locale=id and you get response header from set-cookie