search

sm00th / bitlbee-discord

Bitlbee plugin for Discord (http://discordapp.com)
GNU General Public License v2.0
290 stars 27 forks source link

Use HTTPS instead of HTTP #41

Closed seschwar closed 8 years ago

seschwar commented 8 years ago

When I first tried this plugin I was unable to connect to Discord. There weren't any error messages. After playing around with cURL and Wireshark i found something interesting.

$ curl -q -X POST -d '{}' -H Content-Type:application/json http://discordapp.com/api/auth/login
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>
$ curl -qL -X POST -d '{}' -H Content-Type:application/json http://discordapp.com/api/auth/login
<!DOCTYPE html>
<html lang=en>
  <meta charset=utf-8>
  <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">
  <title>Error 411 (Length Required)!!1</title>
  <style>
    *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px}
  </style>
  <a href=//www.google.com/><span id=logo aria-label=Google></span></a>
  <p><b>411.</b> <ins>That’s an error.</ins>
  <p>POST requests require a <code>Content-length</code> header.  <ins>That’s all we know.</ins>

Wireshark shows that there was a Content-Length header in the original HTTP request. However when we use HTTPS to be begin with, everything works as expected.

$ curl -qL -X POST -d '{}' -H Content-Type:application/json https://discordapp.com/api/auth/login
{"email": ["This field is required."], "password": ["This field is required."]}
$ echo ... | jq -R '{"email":"...","password":.}' | curl -qL -X POST -d @- -H Content-Type:application/json https://discordapp.com/api/auth/login
{"token": "..."}

This patch makes this plugin use HTTPS and allows this plugin to circumvent the above error. With this I can successfully connect to Discord.

As a byproduct it also avoids extra round trips caused by the redirects. Furthermore it doesn't send the login credentials in plaintext anymore!

sm00th commented 8 years ago

Never saw the plugin fail this way, but was meaning to do the switch for some time anyway. Seems to work just fine. Thank you for the patch.