troy1987's comments

troy1987 · on Nov 11, 2014

This seems really dumb!

https://foobar.withgoogle.com/staticfiles/js/landing.5252068... : !function(){ "use strict"; function a(){ var a=document.getElementById("login"); a.addEventListener("click",function(a){a.preventDefault(),window.launchPopup()},!1)} window.handleAuth=function(a){ a.logoutUrl ? window.location.href=a.redirectUrl : window.location.reload() }, window.launchPopup=function(){ window.open("/login/","AppLogin","resizable,scrollbars,status,width=600,height=400") }, a() } ();

This script handles the login. a object looks something like this : Object { message: "Error(6): Login unavailable. Try again later.", logoutUrl: "https://foobar.withgoogle.com/_ah/logout?continue=…ps://foob..., redirectUrl: "/denied/", allow: false}allow: falselogoutUrl: "https://foobar.withgoogle.com/_ah/logout?continue=https://ww...: "Error(6): Login unavailable. Try again later." redirectUrl: "/denied/" }

handleAuth() function will either take you tohttps://foobar.withgoogle.com/denied/ or just reload the page.

Google is just getting a tonne of analytics data.

bastawhiz · on Nov 11, 2014

You're assuming that's the only thing it will ever do. Just because you saw that particular code doesn't mean that's the same code served for every possible user.

dontreact · on Nov 11, 2014

So maybe we just have to figure out the right redirectUrl?

I imagine that when you login with the right user account a different redirectUrl would get passed back.

I see no way of finding that out what that URL is though, short of someone who has access to the puzzle posting it.

jengamaster · on Nov 11, 2014

It's strange that the in the login object is never used. Also that the handleAuth function uses the existence of 'logoutUrl' to decide wether it should refresh or redirect, but uses it for nothing else.

curveship · on Nov 11, 2014

My suspicion is that the HN traffic has overloaded their backend.