Automating the booking process for group study rooms.
Explore the docs »
View Demo
·
Report Bug
·
Request Feature
Table of Contents
This project's lifespan extended through the 2022-2023 academic year at California State University San Marcos.
However in the summer prior to Fall 2023, CSUSM migrated their studyroom reservation management to LibCal, a product of SpringShare's LibApps suite of SaaS.
This migration ultimately rendered this iteration of the project obsolete along with exploitable vulnerabilities discovered in the original management system.
Moving forward, the next iteration of this project may be found here:
This is a Selenium-based Python program to automate the booking of campus library study rooms, thus enhancing the efficiency of booking campus study rooms.
The project features:
- Scheduled Automation: Implemented a scheduled frequency for room booking, ensuring availability at specific times.
- Preference Logic: Prioritized preferred study rooms, amenities, and floors; seamlessly fell back to alternate choices if the first preference was unavailable.
- Multi-Factor Authentication (MFA) Integration: Incorporated HOTP code generation, eliminating the need for manual authentication via push notifications.
- Dynamic Booking Times: Modified booking times in 30-minute increments to find the optimal match for given parameters, maximizing the chances of securing desired study slots.
This project began as a personal project, however has since been aimed to showcase a blend of technical skills in web automation, security awareness, and problem-solving, resulting in a streamlined and intelligent solution for efficient campus study room booking.
2022-10-13 10:43:01 PM :: Kellog Library :: INFO :: Searching For Rooms From 2022-10-14 13:30:00 To 2022-10-14 16:30:00 On Floor 4
2022-10-13 10:43:07 PM :: Kellog Library :: INFO :: Parsing Web Page
2022-10-13 10:43:07 PM :: Kellog Library :: INFO :: Validating and Mapping Search Results
2022-10-13 10:43:07 PM :: Kellog Library :: INFO :: Search Returned 4 Results
2022-10-13 10:43:07 PM :: Auth Flow :: INFO :: Beginning Auth Flow
2022-10-13 10:43:07 PM :: Browser :: INFO :: Initializing ChromeDriver Service
2022-10-13 10:43:07 PM :: Browser :: INFO :: Initializing Chrome Instance with Options: ['--disable-gpu', '--headless', '--window-size=800,600']
2022-10-13 10:43:10 PM :: Auth Flow :: INFO :: Beginning CSUSM Portion of Auth Flow
2022-10-13 10:43:13 PM :: Auth Flow :: INFO :: Beginning DUO 2FA Portion of Auth Flow
2022-10-13 10:43:14 PM :: Auth Flow :: INFO :: Generating 2FA Code
2022-10-13 10:43:14 PM :: Auth Flow :: INFO :: 2FA Code ==> ******
2022-10-13 10:43:14 PM :: Auth Flow :: INFO :: Awaiting Redirect To CSUSM
2022-10-13 10:43:18 PM :: Auth Flow :: INFO :: Is Logged In ==> True
2022-10-13 10:43:18 PM :: Auth Flow :: INFO :: Auth Flow Successful
2022-10-13 10:43:18 PM :: Auth Flow :: INFO :: Is Logged In ==> True
2022-10-13 10:43:18 PM :: Kellog Library :: INFO :: Reserving Room 4001 on 2022-10-14 from 01:30:00 PM to 04:30:00 PM for 2 attendee(s)
2022-10-13 10:43:18 PM :: Kellog Library :: INFO :: Building Reservation Request
2022-10-13 10:43:19 PM :: Kellog Library :: INFO :: Parsing and Validating Server Response
2022-10-13 10:43:19 PM :: Kellog Library :: INFO :: Room 4001 Successfully Reserved
During the development of this project, a vulnerability was discovered in the reservation system's JavaScript code. The system enforces a 24-hour window limitation for booking study rooms, but this limitation is solely implemented on the client side and not validated server-side.
By manually generating query parameters, it is possible to bypass the client-side restrictions and schedule study rooms past the stated 24-hour time window. This poses a potential risk and undermines the intended functionality of the reservation system.
As the reservation system has since been migrated to LibCal, this vulnverability is no longer present, and may be deemed patched.
This is an example of how you may give instructions on setting up your project locally. To get a local copy up and running follow these simple steps.
This is an example of how to list things you need to use the software and how to install them.
pip install -r requirements.txt
or if you prefer to virtualize your environment (preferred method)
python3 -m venv ./env
source ./env/bin/activate
pip install -r requirements.txt
It is recommended to make a copy of your Google Chrome
executable and keep it within the project as it reduces the frequency of Chrome auto-updating and breaking compatibility with the version of chromedriver
installed.
For MacOS this executable can be found at:
/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome
Download a copy of chromedriver that matches your OS environment and Google Chrome installation.
- Clone the repo
git clone https://github.com/SalmanBurhan/csusm-studyroom-reserver-fall-2022.git cd csusm-studyroom-reserver-fall-2022
- Setup Virtual Environment
python3 -m venv ./env source ./env/bin/activate
- Install Dependencies
pip install -r requirements.txt
- Enter your CSUSM Credentials in
constants.py
CSUSM_EMAIL = '[email protected]' CSUSM_PASSWORD = None
- Specify the paths to your DUO secret and Chrome/chromedriver installation
DUO_SECRET_PATH = "duo/base32_secret.hotp" CHROMEDRIVER_PATH = 'browser/chromedriver' CHROMEAPP_PATH = 'browser/Google Chrome.app'
The main.py
file is setup to be run the day prior to the booking, best paired with a cronjob or launchctl scheduled service.
In this constants.py
file...
The TARGET_TIMES
variable is to be defined as follows:
'''
TARGET_TIMES: dict where
k: int - day of the week, where Monday == 0 ... Sunday == 6.
v: tuple[int, int] - ISO 8601 formatted hour and minute.
'''
TARGET_TIMES = {
0: (17, 30),
2: (13, 30),
4: (17, 30)
}
The PREFERRED_ROOM
and ATTENDEES_COUNT
variables should be defined as well.
PREFERRED_ROOM = 4001
ATTENDEES_COUNT = 2
python3 main.py
Since the program is designed to be run the day before the desired booking, the execution of main.py
is intended to exit if run on any other day.
A cron
job or launchd
service should be created to run the script the day before the times specified in TARGET_TIMES
.
Assuming the default TARGET_TIMES
values, the launchd
plist file should look like the following template:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.user.csusm-studyroom-reserver</string>
<key>ProgramArguments</key>
<array>
<string>/path/to/your/venv/bin/python3</string>
<string>/path/to/your/main.py</string>
</array>
<key>StartCalendarInterval</key>
<array>
<dict> <!-- 05:30 PM -->
<key>Hour</key>
<integer>17</integer>
<key>Minute</key>
<integer>30</integer>
<key>Weekday</key>
<integer>0</integer> <!-- Sunday -->
</dict>
<dict> <!-- 01:30 PM -->
<key>Hour</key>
<integer>13</integer>
<key>Minute</key>
<integer>30</integer>
<key>Weekday</key>
<integer>2</integer> <!-- Tuesday -->
</dict>
<dict>
<key>Hour</key> <!-- 05:30 PM -->
<integer>17</integer>
<key>Minute</key>
<integer>30</integer>
<key>Weekday</key>
<integer>4</integer> <!-- Thursday -->
</dict>
</array>
<key>WorkingDirectory</key>
<string>/path/to/your/project/directory</string>
<key>StandardOutPath</key>
<string>/path/to/your/logfile.log</string>
<key>StandardErrorPath</key>
<string>/path/to/your/error-logfile.log</string>
</dict>
</plist>
Upon saving the file to the customary path ~/Library/LaunchAgents/
, load the scheduled job using:
launchctl load ~/Library/LaunchAgents/com.user.csusm-studyroom-reserver.plist
Distributed under the MIT License. See LICENSE.txt
for more information.
Salman Burhan - [email protected]
Project Link: https://github.com/SalmanBurhan/csusm-studyroom-reserver-fall-2022