Jerasaurus

Automating tasks out of principle

Updated: 2024-1-17

So recently, I had sat down to start my homework for the night, and had to face the infamous black baud login prompt for the 4th time that day. Thinking to my self what waste of life this was having to click three whole buttons just to see the laundry list of assignments I have for the day, I started looking around to see what we could do about it.

Screenshot from 2024-02-14 13-33-13.png

Now an early attempt at this would involve using a crontab to routinely open the homepage of MySchoolApp, preventing the session form timing out.

//Mac implementation
crontab -e

0 */2 * * *  open "https://school.myschoolapp.com/app/student#studentmyday/progress"

This actually worked quite well, but having a window pop up every two hours reminding me of my impending doom in the evening was not great for my anxiety. Also it would stop working whenever I turned my PC off, and I would have to face the login prompt again the next day.

I'm hearing many of you scream already "juST usE A PasSWORD ManAGER anD AUTOFILL". Unfortunately, a few years ago, blackbaud phased out username/password logins . Now users must complete an Oauth flow through an identity provider like google before signing in. While I love SSO, it comes with the expectation that reasonable session timeouts would be set. Maybe every 24 hours? 12? Nope, its more like every 20-30 minutes. And yes while this technically makes it more secure… any attacker which would be stopped by the session timeout could just.. complete the oauth flow again, since google services generally stay logged in on devices.

If only there was a way to automate this client side… Ah ha! we can make a chrome extension!

Boiled down, chrome extensions are just scripts that are ran whenever a website is loaded, or unloaded. We can start with some boilerplate like this:

// extension/manifest.json
{
  "manifest_version": 3,
  "name": "ByeByeLogin",
  "description": "My cool extension",
  "version": "1.0",
  "content_scripts" : [
       "matches": ["https://school.myschoolapp.com"],
       "js": "src/content.js"
  ]
}

// extension/src/content.js
alert("Hello World!")

The manifest file we just created tells chrome where the entrypoint of our content script is. With this scirpt, we canessentially run any JS as if we were the user!