Safari 13 basic authorization in webdriver - selenium

I am looking for a way to fill basic authorization popup in Safari 13 in automated session. I want to log in to website which require such login. Solution can be even manual. Is there any way to do that?
List of solution which I tried:
Fill form manually. Issue: Safari 13 blocks any interaction with automated browser. As far as I know there is no way to do it and then continue with automated session.
Use selenium to fill the form. Issue: Safari does not support such feature.
Use http://login:password#site.com. Issue: Safari 13 does not support such feature.
Add authorization header using proxy. Issue: Some sites does not work the same with proxy. I tried browsermob-proxy and mitmproxy but site did not works the same as without proxy.
Add authorization header using proxy and then refresh page without proxy. Issue: Header is not saved in browser. Authorization is required after refresh.
Use ApplyScript or other to fill the form. Issue: Safari 13 blocks any interaction with automated browser.
Safari extension with authorization header. Issue: as far as I know safari extension does not support any headers modification.
Use Keychain access. Issue: It can not be used in automated session.

Based on a few GitHub issues, I'm not sure if this is possible to achieve given all of the workarounds you have already tried.
This issue is detailing the Safari basic auth issue, closed as out-of-scope for Selenium:
https://github.com/SeleniumHQ/selenium/issues/5610
Which a Selenium developer then links to a still-open, larger-scope issue, in the WebDriver spec repository:
https://github.com/w3c/webdriver/issues/385
It seems like the basic auth support you are looking to achieve needs to be implemented by W3C contributors, not by Selenium developers.
All of the solutions you have mentioned trying seem to be the only available workarounds out there, and without a supported Selenium solution or fully-functioning workaround, this issue may not be solvable.

Related

Login through Google SSO using automated browser

I am trying to automate login to my app which uses among others, google sso authentication.
However login form return error "This browser or app may not be secure.". I set my google account options to allow less secure apps but still nothing.
I browsed few topics:
GMail is blocking login via Automation (Selenium)
Selenium Google Login Block
Automation Google login with python and selenium shows ""This browser or app may be not secure""
And it seems that google is blocking this way at all in favor of oauth.
People write in these topics that solutions stopped working recently
So is it currently possible, to set ChromeDriver somehow using capabalities, to be able to login through SSO?. I need a simple solution, that will run headless with other scripts on cloud (not something that would require me to manually login first on another instance as one anwser suggests).
If its not possible or extremly complicated please tell me I will not waste time on it.
If you want to use chrome capabilities, what you can do is set the user-data-dir to a chrome profile that has already been signed in using SSO.
You should look up how to reuse chrome profiles with selenium.
If your accounts have 2 steps verifications, google believe it's safer and allows you to get login. Then the issue will be how to handle the 2 steps verifications. Working on that :/

C++Builder TWebBrowser doesn't work with Google OAuth login

I maintain an application written in C++Builder 2009. Part of it involves using a TWebBrowser control (based on Internet Explorer) to send users to a Google login page in order to obtain an OAuth key. This has worked well for a while, but now Google, bless their hearts, has implemented some kind of security upgrade, and now my users get to a page that says "Couldn't sign you in, this browser or app may not be secure". FYI, I am already setting a Registry key that is supposed to make IE run in version 11 emulation mode.
I do have a couple of workarounds: If the user runs IE first in admin mode, signs on, leaves it up while running my application, we don't get the problem. Second, I can start up the default browser - Chrome, IE, whatever - and send them to the URL for OAuth, then it avoids the error message.
The problem with this solution is that without being able to hook into TWebBrowser events, I don't have any way to automatically retrieve the OAuth key - it is necessary for the user to cut/paste it into my application. I'd like to avoid these clunky solutions.
I should also mention, this problem occurs only for certain Gmail accounts. I have no idea what the difference is between accounts that work and don't work. Any ideas on that?
So, is there any way to configure IE or TWebBrowser so this security issue is bypassed? Or, if I was to update to a modern version of C++Builder and use TWebBrowser (or something else?), would this problem be avoided? Any other ideas to fix this problem?
The latest C++Builder supports Google's Chromium engine, it's probably safe to say it'll be compatible with Google's security upgrades.
Powerful Chromium Based WebView Component To Host Web Content In Your Delphi/C++ Builder FireMonkey Apps

Basic Authentication with Firefox in Selenium and Nightwatch.js

I use Nightwatch-Cucumber based on Nightwatch.js. Nightwatch.js is a NodeJS framework based on Selenium.
Currently I'm looking for a smart and simple solution to handle with Basic Authentication, especially with the Firefox. In Chrome I can do the Basic Auth via URL, like:
https://user:password#mydomain.com
But in Firefox, I get an anti-phishing dialogue box. I tried it manually on about:config in Firefox with the new entry:
network.http.phishy-userpass-length=255
But without success.
At How to Perform Basic Authentication for FirefoxDriver, ChromeDriver & IEdriver in Selenium WebDriver?, a lot of different solutions were named. But no solution is a smart one.
Maybe is it possible to send a Basic Auth header via Selenium? Or is there any other solution to realize such a Basic Auth, especially in Firefox. A generic solution for every browser/driver will be the smartest solution.

InternetExplorerDriver not opening site, but user can open it

I'm working in a highly secured environment. I can only use IE11 by company's policy. I'm trying to implement test automation on my project.
I'm using Selenium and IEDriver.
Currently I'm trying to implement basic scenario by just opening application page.
When I'm trying to do it via IEDriver, the page is not getting opened and the message "This page cannot be displayed" is shown.
But when I open the page manually by just typing in the url to the address bar everything works fine.
I guess it has something to do with the cookies that are coming with the request I'm making manually. Seems like those cookies contain some signature.
Can someone advise me how can I track the problem to resolve it?
Thanks.
Be sure top follow the required configuration section on this site: https://github.com/SeleniumHQ/selenium/wiki/InternetExplorerDriver
I had some issues with IE acting the same way until following this setup.
So the issue was fixed by setting proxy.
Seems like there was a change in security rules recently.

Can you send cookies with XmlHttpRequest from Safari extension?

While debugging why my extension doesn't work in Safari (but does for other browsers), noticed that I can send an arbitrary made up HTTP header with XmlHttpRequest in a Safari toolbar extension. But try to do same with header named "Cookie" with same content as before, it doesn't get sent.
So does Safari restrict sending back cookies with requests or you need to follow an alternate process to do so? Seems kind of lame since this blocks functionality of apps that require session state persistence for example. If there's an alternate process, Apple made it harder to maintain session state in extensions (extra work in adapting a web app or other browser extension).
I tested using Safari 5.1.7 on Mac OS X 10.7.5 with Charles proxy.
Just figured I should post the solution that worked for me, that I commented in my own question earlier, for easier viewing by others with similar problem:
Turns out for Safari extension, what works for me is to set the browser to not block any cookies and website data. So users would have to do that to use the extension. No code changes needed. But that's not cool though.
The particular step is Safari > Preferences > Privacy > Cookies and website data: Always allow (at least under Safari 10 on Mac OS Yosemite). Although one could try "Allow from websites I visit" to see if that more restrictive option will work or not.