[ie/adobepass] Validate login URL before sending credentials (#13131)

Authored by: bashonly

yt_dlp/extractor/adobepass.py

@@ -45,6 +45,7 @@ MSO_INFO = {
         'name': 'Comcast XFINITY',
         'username_field': 'user',
         'password_field': 'passwd',
+        'login_hostname': 'login.xfinity.com',
         'needs_newer_ua': True,
     },
     'TWC': {
@@ -75,6 +76,7 @@ MSO_INFO = {
         'name': 'Verizon FiOS',
         'username_field': 'IDToken1',
         'password_field': 'IDToken2',
+        'login_hostname': 'ssoauth.verizon.com',
     },
     'Cablevision': {
         'name': 'Optimum/Cablevision',
@@ -1339,6 +1341,7 @@ MSO_INFO = {
         'name': 'Sling TV',
         'username_field': 'username',
         'password_field': 'password',
+        'login_hostname': 'identity.sling.com',
     },
     'Suddenlink': {
         'name': 'Suddenlink',
@@ -1405,11 +1408,22 @@ class AdobePassIE(InfoExtractor):  # XXX: Conventionally, base classes should en
             token_expires = unified_timestamp(re.sub(r'[_ ]GMT', '', xml_text(token, date_ele)))
             return token_expires and token_expires <= int(time.time())
 
-        def post_form(form_page_res, note, data={}):
+        def post_form(form_page_res, note, data={}, validate_url=False):
             form_page, urlh = form_page_res
             post_url = self._html_search_regex(r'<form[^>]+action=(["\'])(?P<url>.+?)\1', form_page, 'post url', group='url')
             if not re.match(r'https?://', post_url):
                 post_url = urllib.parse.urljoin(urlh.url, post_url)
+            if validate_url:
+                # This request is submitting credentials so we should validate it when possible
+                url_parsed = urllib.parse.urlparse(post_url)
+                expected_hostname = mso_info.get('login_hostname')
+                if expected_hostname and expected_hostname != url_parsed.hostname:
+                    raise ExtractorError(
+                        f'Unexpected login URL hostname; expected "{expected_hostname}" but got '
+                        f'"{url_parsed.hostname}". Aborting before submitting credentials')
+                if url_parsed.scheme != 'https':
+                    self.write_debug('Upgrading login URL scheme to https')
+                    post_url = urllib.parse.urlunparse(url_parsed._replace(scheme='https'))
             form_data = self._hidden_inputs(form_page)
             form_data.update(data)
             return self._download_webpage_handle(
@@ -1509,7 +1523,7 @@ class AdobePassIE(InfoExtractor):  # XXX: Conventionally, base classes should en
                             provider_login_page_res, 'Logging in', {
                                 mso_info['username_field']: username,
                                 mso_info['password_field']: password,
-                            })
+                            }, validate_url=True)
                         mvpd_confirm_page, urlh = mvpd_confirm_page_res
                         if '<button class="submit" value="Resume">Resume</button>' in mvpd_confirm_page:
                             post_form(mvpd_confirm_page_res, 'Confirming Login')
@@ -1548,7 +1562,7 @@ class AdobePassIE(InfoExtractor):  # XXX: Conventionally, base classes should en
                             provider_redirect_page_res, 'Logging in', {
                                 mso_info['username_field']: username,
                                 mso_info['password_field']: password,
-                            })
+                            }, validate_url=True)
                         saml_login_page, urlh = saml_login_page_res
                         if 'Please try again.' in saml_login_page:
                             raise ExtractorError(
@@ -1569,7 +1583,7 @@ class AdobePassIE(InfoExtractor):  # XXX: Conventionally, base classes should en
                             [saml_login_page, saml_redirect_url], 'Logging in', {
                                 mso_info['username_field']: username,
                                 mso_info['password_field']: password,
-                            })
+                            }, validate_url=True)
                         if 'Please try again.' in saml_login_page:
                             raise ExtractorError(
                                 'Failed to login, incorrect User ID or Password.')
@@ -1640,7 +1654,7 @@ class AdobePassIE(InfoExtractor):  # XXX: Conventionally, base classes should en
                         provider_login_page_res, 'Logging in', {
                             mso_info['username_field']: username,
                             mso_info['password_field']: password,
-                        })
+                        }, validate_url=True)
 
                     provider_refresh_redirect_url = extract_redirect_url(
                         provider_association_redirect, url=urlh.url)
@@ -1691,7 +1705,7 @@ class AdobePassIE(InfoExtractor):  # XXX: Conventionally, base classes should en
                         provider_login_page_res, 'Logging in', {
                             mso_info['username_field']: username,
                             mso_info['password_field']: password,
-                        })
+                        }, validate_url=True)
 
                     provider_refresh_redirect_url = extract_redirect_url(
                         provider_association_redirect, url=urlh.url)
@@ -1726,7 +1740,8 @@ class AdobePassIE(InfoExtractor):  # XXX: Conventionally, base classes should en
                     }
                     if mso_id in ('Cablevision', 'AlticeOne'):
                         form_data['_eventId_proceed'] = ''
-                    mvpd_confirm_page_res = post_form(provider_login_page_res, 'Logging in', form_data)
+                    mvpd_confirm_page_res = post_form(
+                        provider_login_page_res, 'Logging in', form_data, validate_url=True)
                     if mso_id != 'Rogers':
                         post_form(mvpd_confirm_page_res, 'Confirming Login')