improved SynackAPI Login button

bamhm182 · bamhm182 · commit 9428ec1e68b0 · 2025-02-06T13:10:49.000Z
diff --git a/docs/src/usage/main-components/files.md b/docs/src/usage/main-components/files.md
@@ -34,6 +34,7 @@ It is intended to be used with the following TamperMonkey script in order to do
 // @version      0.1
 // @description  Go to the platform automatically
 // @author       You
+// @run-at       document-start
 // @match        https://*.synack.com/*
 // @require      file:///home/<homedir>/.config/synack/login.js
 // @grant        none
diff --git a/src/synack/plugins/auth.py b/src/synack/plugins/auth.py
@@ -89,17 +89,16 @@ def set_api_token_invalid(self):
         return False
 
     def set_login_script(self):
-        script = "let forceLogin = () => {" +\
+        script = "(function() {sessionStorage.setItem('shared-session-com.synack.accessToken'" +\
+            ",'" +\
+            self._state.api_token +\
+            "');})();" +\
+            "let forceLogin = () => {" +\
             "const loc = window.location;" +\
             "if(loc.href.startsWith('https://login." + self._state.synack_domain + "/')) {" +\
             "loc.replace('https://platform." + self._state.synack_domain + "');" +\
             "}};" +\
             "(function() {" +\
-            "sessionStorage.setItem('shared-session-" +\
-            '.'.join(reversed(self._state.synack_domain.split('.'))) + ".accessToken'" +\
-            ",'" +\
-            self._state.api_token +\
-            "');" +\
             "setTimeout(forceLogin,60000);" +\
             "let btn = document.createElement('button');" +\
             "btn.addEventListener('click',forceLogin);" +\
