MTD, Handle Gov-Client-Browser-Plugins fraud prevention header

uzerpllp · Nov 16, 2020 · be5b055 · be5b055
1 parent 993ed20
commit be5b055
Show file tree

Hide file tree

Showing 2 changed files with 56 additions and 7 deletions.
diff --git a/lib/classes/standard/MTD.php b/lib/classes/standard/MTD.php
@@ -59,7 +59,6 @@ function __construct($client_fp_info='', $config_key='mtd-vat') {
         ]);
 
         $config = Config::Instance();
-        $device_uuid = $oauth_config['clientuuid'];
         $current   = timezone_open('Europe/London');
         $utcTime  = new \DateTime('now', new \DateTimeZone('UTC'));
         $offsetInSecs =  $current->getOffset($utcTime);
@@ -108,18 +107,21 @@ function __construct($client_fp_info='', $config_key='mtd-vat') {
 
         // Gov-Client-Browser-Plugins
         // Modern browsers return an empty list
-        //$browser_plugins = get_object_vars($this->client_fp_info->plugins);
+        $browser_plugins = get_object_vars($this->client_fp_info->plugins);
+        if (count($browser_plugins) > 0) {
+            $plugin_names = [];
+            foreach ($browser_plugins as $plugin) {
+                $plugin_names[] = rawurlencode($plugin->name);
+            }
+            $this->fraud_protection_headers['Gov-Client-Browser-Plugins'] = implode(',', $plugin_names);
+        }
 
         // Gov-Client-Browser-JS-User-Agent
         $this->fraud_protection_headers['Gov-Client-Browser-JS-User-Agent'] = $this->client_fp_info->userAgent;
 
         // Gov-Client-Browser-Do-Not-Track
         $this->fraud_protection_headers['Gov-Client-Browser-Do-Not-Track'] = $this->client_fp_info->dnt;
 
-
-        // Gov-Client-Multi-Factor
-        //N/a
-
         // Gov-Vendor-Public-IP
         // The public IP address of the servers the originating device sent their requests to.
         // Public networks only

diff --git a/modules/public_pages/erp/ledger/vat/resources/js/vat.js b/modules/public_pages/erp/ledger/vat/resources/js/vat.js
@@ -28,6 +28,53 @@ $(document).ready(function(){
 		dnt: ''
 	}
 
+	var getBrowserPlugins = function(navigator) {
+		var rdls = function (vals) {
+			var res = [];
+			var tmp = vals.sort();
+
+			for (var i = 0; i < tmp.length; i++) {
+				res.push(tmp[i]);
+				while (JSON.stringify(tmp[i]) == JSON.stringify(tmp[i + 1])) {
+					i++;
+				}
+			}
+
+			return res;
+		};
+
+		var res = [];
+		if (!navigator || !navigator.plugins) {
+			return res;
+		}
+
+		for (var p in navigator.plugins) {
+			var plugin = navigator.plugins[p];
+
+			for (var j = 0; j < plugin.length; j++) {
+				var mime = plugin[j];
+
+				if (!mime) {
+					continue;
+				}
+
+				var ep = mime.enabledPlugin;
+				if (ep) {
+					var item = {
+						mime: mime.type,
+						name: ep.name,
+						description: ep.description,
+						filename: ep.filename
+					};
+
+					res.push(item);
+				}
+			}
+		}
+
+		return rdls(res);
+	};
+
 	const ip = new Promise((resolve, reject) => {
 		const conn = new RTCPeerConnection()
 		conn.createDataChannel('')
@@ -51,7 +98,7 @@ $(document).ready(function(){
 	fp.windowWidth = window.outerWidth;
 	fp.windowHeight = window.outerHeight;
 
-	fp.plugins = navigator.plugins;
+	fp.plugins = getBrowserPlugins(navigator);
 
 	fp.userAgent = navigator.userAgent;