Ruptura_Projetada/PEF/token_GI.py

import os
import hashlib
import base64
import requests
import re
import json
from datetime import datetime
import csv

dir = fr"C:\Users\caique.pereira\Downloads\PEF" 
# Seu diretório

hoje_coluna = datetime.today() # Pegando a Data e Hora de hoje
hoje_formatado = hoje_coluna.strftime('%Y-%m-%d')
data_atual = datetime.now().strftime("%Y-%m-%d %H:%M:%S")

def generate_code_verifier():
    """Gera um code_verifier aleatório."""
    return base64.urlsafe_b64encode(os.urandom(32)).decode('utf-8').rstrip("=")

def generate_code_challenge(code_verifier):
    """Gera o code_challenge usando SHA-256."""
    sha256_hash = hashlib.sha256(code_verifier.encode('utf-8')).digest()
    return base64.urlsafe_b64encode(sha256_hash).decode('utf-8').rstrip("=")

def send_authorization_request(session, code_challenge):
    """Envia uma requisição GET para a página de login usando a sessão."""
    url = "https://login.extranet.grupoboticario.com.br/1e6392bd-5377-48f0-9a8e-467f5b381b18/oauth2/v2.0/authorize"
    params = {
        "p": "B2C_1A_JIT_SIGNUPORSIGNIN_FEDCORP_APIGEE_PRD",
        "client_id": "b3001e60-a8e0-4da8-82ba-c3a701405f08",
        "redirect_uri": "https://extranet.grupoboticario.com.br/auth/callback",
        "response_type": "code",
        "scope": "openid email https://gboticariob2c.onmicrosoft.com/a6cd4fe6-3d71-455a-b99d-f458a07cc0d1/extranet.api offline_access",
        "state": "15d9d7f95f8648d1941426f4665aa383",
        "code_challenge": code_challenge,
        "code_challenge_method": "S256",
        "response_mode": "query"
    }

    response = session.get(url, params=params)
    if response.status_code == 200:
        print("Página de login carregada com sucesso.")
        return response.text  # Retorna o HTML
    else:
        print(f"Erro ao acessar a página de login: {response.status_code}")
        print("Resposta de erro:", response.text)
        return None

def extract_tokens(html_content):
    """Extrai o CSRF Token e StateProperties do conteúdo HTML."""
    csrf_token = None
    state_properties = None

    if html_content:
        csrf_match = re.search(r'"csrf":"(.*?)"', html_content)
        csrf_token = csrf_match.group(1) if csrf_match else None

        state_properties_match = re.search(r'"transId":"StateProperties=(.*?)"', html_content)
        state_properties = state_properties_match.group(1) if state_properties_match else None

    return csrf_token, state_properties

def send_login_request(session, csrf_token, state_properties, username, password):
    """Envia uma requisição POST para realizar o login usando a sessão."""
    url = "https://login.extranet.grupoboticario.com.br/1e6392bd-5377-48f0-9a8e-467f5b381b18/B2C_1A_JIT_SignUpOrSignin_FedCorp_APIGEE_PRD/SelfAsserted"

    params = {
        "tx": f"StateProperties={state_properties}",
        "p": "B2C_1A_JIT_SignUpOrSignin_FEDCorp_APIGEE_PRD"
    }

    headers = {
        "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8",
        "X-CSRF-TOKEN": csrf_token,
        "X-Requested-With": "XMLHttpRequest",
        "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36 Edg/132.0.0.0",
        "Accept": "application/json, text/javascript, */*; q=0.01",
        "Origin": "https://login.extranet.grupoboticario.com.br",
        "Referer": "https://login.extranet.grupoboticario.com.br/1e6392bd-5377-48f0-9a8e-467f5b381b18/oauth2/v2.0/authorize"
    }

    data = {
        "request_type": "RESPONSE",
        "signInName": username,
        "password": password
    }

    response = session.post(url, params=params, headers=headers, data=data)
    if response.status_code == 200:
        print("Login realizado com sucesso!")
        return response.text
    else:
        print(f"Erro ao realizar login: {response.status_code}")
        return None

def send_final_request(session, csrf_token, state_properties):
    """
    Envia a última requisição GET para obter a página HTML.
    """
    url = "https://login.extranet.grupoboticario.com.br/1e6392bd-5377-48f0-9a8e-467f5b381b18/B2C_1A_JIT_SignUpOrSignin_FedCorp_APIGEE_PRD/api/CombinedSigninAndSignup/confirmed"

    params = {
        "rememberMe": "false",
        "csrf_token": csrf_token,
        "tx": f"StateProperties={state_properties}",
        "p": "B2C_1A_JIT_SignUpOrSignin_FedCorp_APIGEE_PRD"
    }

    headers = {
        "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36 Edg/132.0.0.0",
        "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7",
        "Referer": "https://login.extranet.grupoboticario.com.br/1e6392bd-5377-48f0-9a8e-467f5b381b18/oauth2/v2.0/authorize"
    }

    response = session.get(url, headers=headers, params=params, allow_redirects=False)
    if response.status_code == 200:
        print("Requisição final bem-sucedida!")
        return response.text  # Retorna o HTML
    else:
        print(f"Erro na requisição final: {response.status_code}")
        return response.text
    
def extract_code_from_html(html_content):
    """
    Extrai o valor do parâmetro `code` da URL no HTML fornecido.

    :param html_content: O conteúdo HTML como string.
    :return: O valor do código ou None, se não encontrado.
    """
    # Regex para encontrar o parâmetro `code` na URL do atributo `href`
    match = re.search(r'href="[^"]*?code=([^&"]+)', html_content)
    if match:
        return match.group(1)  # Captura o valor do parâmetro `code`
    return match

def send_token_request(code, code_verifier):
    """
    Envia uma requisição POST para obter o token usando o código e o code_verifier.

    :param code: O código extraído da etapa anterior.
    :param code_verifier: O code_verifier usado no início do fluxo.
    :return: A resposta do servidor.
    """
    url = "https://login.extranet.grupoboticario.com.br/1e6392bd-5377-48f0-9a8e-467f5b381b18/oauth2/v2.0/token"
    params = {
        "p": "B2C_1A_JIT_SIGNUPORSIGNIN_FEDCORP_APIGEE_PRD"
    }

    headers = {
        "Host": "login.extranet.grupoboticario.com.br",
        "Connection": "keep-alive",
        "Content-Type": "application/x-www-form-urlencoded",
        "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36 Edg/132.0.0.0",
        "Accept": "*/*",
        "Origin": "https://extranet.grupoboticario.com.br",
        "Sec-Fetch-Site": "same-site",
        "Sec-Fetch-Mode": "cors",
        "Sec-Fetch-Dest": "empty",
        "Referer": "https://extranet.grupoboticario.com.br/",
        "Accept-Encoding": "gzip, deflate, br",
        "Accept-Language": "pt-BR,pt;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6",
    }

    data = {
        "client_id": "b3001e60-a8e0-4da8-82ba-c3a701405f08",
        "code": code,
        "redirect_uri": "https://extranet.grupoboticario.com.br/auth/callback",
        "code_verifier": code_verifier,
        "grant_type": "authorization_code"
    }

    response = requests.post(url, params=params, headers=headers, data=data)
    return response.text


def extract_tokens_2(response_1):
    response = json.loads(response_1)
    try:
        access_token = response.get("access_token")
        id_token = response.get("id_token")
        refresh_token = response.get("refresh_token")

        return {
            "access_token": access_token,
            "id_token": id_token,
            "refresh_token": refresh_token
        }
    except Exception as e:
        print(f"Erro ao extrair tokens: {e}")
        return None
    


# Processo principal
def main():
    session = requests.Session()  # Iniciar uma sessão persistente

    code_verifier = generate_code_verifier()
    code_challenge = generate_code_challenge(code_verifier)
    print(f"Code Verifier: {code_verifier}")
    print(f"Code Challenge: {code_challenge}")

    # Enviar requisição GET para obter tokens
    html_content = send_authorization_request(session, code_challenge)
    csrf_token, state_properties = extract_tokens(html_content)

    if not csrf_token or not state_properties:
        print("Falha ao extrair CSRF Token ou StateProperties.")
    else:
        print("CSRF Token:", csrf_token)
        print("StateProperties:", state_properties)

        # Dados de login
        username = "caique.santos1" # Colocar sua conta
        password = "Peopleshit@55"

        # Enviar requisição POST para login
        login_response = send_login_request(session, csrf_token, state_properties, username, password)

        if login_response:
            print("Resposta do servidor:", login_response)

            # Enviar requisição final
            final_page_html = send_final_request(session, csrf_token, state_properties)
            code = extract_code_from_html(final_page_html)
    token = send_token_request(code, code_verifier)

# Carregar o JSON do arquivo texto
    tokens = extract_tokens_2(token)
    if tokens:
              Access =  tokens["access_token"]
              csv_filename =fr"{dir}\token.csv"

              # Escrever no arquivo CSV (criando se não existir)
              with open(csv_filename,'r+') as file:
                      file.truncate(0)
              with open(csv_filename, mode="a", newline="", encoding="utf-8") as file:

                writer = csv.writer(file)
                print('baixei o arquivo')

                # Se o arquivo estiver vazio, escrever o cabeçalho
                if file.tell() == 0:
                    writer.writerow(["token", "data"])

                # Escrever os dados
                writer.writerow([Access, data_atual])
              #print("ID Token:", tokens["id_token"])
              #print("Refresh Token:", tokens["refresh_token"])
    else:
             print("Falha ao carregar ou processar o JSON.")

if __name__ == "__main__":
    main()