Include token & auth in Entra redirect state (#442)

frontend/app.py

@@ -586,11 +586,14 @@ async def azure_css_landing(
     """
     info = ""
     if admin_consent == "True":
-        tenant_id = tenant
-        if css := state:
-            css = b64decode(unquote(state)).decode()
-        if css is not None and tenant_id is not None:
-            (success, info) = install_azure_css(tenant_id, css)
+        css = None
+        token = None
+        token_auth = None
+
+        css, token, token_auth = b64decode(unquote(state)).decode().split(":")
+
+        if css is not None and tenant is not None:
+            (success, info) = install_azure_css(tenant, css)
             info += " We have uninstalled our application from you tenant, revoking all of our permissions."
     else:
         info = "Installation failed due to lack of sufficient granted permissions."

templates/generate_new.html

@@ -1508,7 +1508,10 @@ <h3>Your log4shell token is active!</h3>
         }
         var _handleEntraClonedWebsiteResponse = function(data) {
           $('#result_entra_cloned_website').append(data['css']);
-          state = escape(btoa(data['css']));
+          const encodedCss = btoa(data['css']);
+          const encodedData = btoa(`${encodedCss}:${data['token']}:${data['auth_token']}`);
+          state = encodeURIComponent(encodedData);
+
           redirect = window.location.origin + '/azure_css_landing';
           loc = "https://login.microsoftonline.com/common/adminconsent?client_id=" + data['client_id'] + "&state=" + state + "&redirect_uri=" + redirect;
           $('#azure_popup').attr('onclick', 'window.open("' + loc + '"); return false;')