I have been learning how to use SailsJS most effectively, which includes using authentication. After the nightmare that sails-auth gave me, I decided to use Waterlock.
I have a default setup with Waterlock. I am trying to use multiple auth strategies (waterlock-local-auth + waterlock-google-auth).
Whenever I POST credentials to the register page, I am presented with
HTTP 400: you must specify a type parameter.
After reading the code, I notice I must submit an authentication type string with my form submit. So I add <input type="hidden" name="type" value="waterlock-local-auth"/> to the form. However, now I am presented with this:
HTTP 400: unknown/invalid authentication type
Why?
The proper way to encode the type string in the form data this way:
Your auth package name is waterlock-x-auth
The value on the input tag should be x
The input tag (if using local, for example) would look like this:
<input type="hidden" name="type" value="local"/>
Related
I am using AngleSharp to "open" a URL, change the value attribute of an input and then submit the form.
BUT when I get the HTML code from the URL, I get an unrecognized char in the name attribute of the input that interests me. See:
<!DOCTYPE html>
<html>
<head></head>
<body>
<hr>
<center>USER MENU<hr></center>
<form method="post" name="input" enctype="text/plain">
<fieldset>
<legend>ENTER USER CODE</legend>
ENTER USER CODE: <input type="password" name="�00" maxlength="4">
<br>
<button type="submit" formenctype="text/plain">SEND</button>
</fieldset>
</form>
</body>
</html>
As you can see this is the only input in the form so I can "catch" it (to change the value) by other attributes of it as selectors. Like this: [type=password]
context.Active.QuerySelector(Of IHtmlInputElement)("[type=password]").SetAttribute("value", "1111")
So, the problem is when I submit the form, it sends the post data with wrong name and they cannot get recognized. I learned what the unrecognizable character is by opening this URL in browser, and double check it using Wireshark (to get the HEX value of the char).
Finally, the char was a greek A in the browser source view and as Wireshark said it was the Symbol of C1 which is Á with description: Latin capital letter A with acute (see http://www.ascii-code.com/)
I know the man who created this web interface and he told me he used a greek A by fault and he cannot change it (I will explain why).
So, now that I know what the server expects I thought I could set the name attribute too and then send the form. But when I do it doesn't get recognized neither cause as I check in Wireshark the char is not the same char the browser sends when you submit the form. (I struggled to set the right name with no luck).
I also thought it may be some kind of encoding issue but I didn't manage to set the encoding in the context configuration. I set the culture to "el-GR" before I get the HTML but nothing changed.
What can I do? Do you have any suggestions?
PS. This is a low security web interface hosted by a microcontroller. The HTML cannot be changed because the device has already got a certification. Also, the interface works perfectly when used in browser.
I had to create a class that Implements the IEncodingProvider interface and then supply an instance of this class to the Configuration constructor via the with method.
Here is the class:
Private Class FixedEncodingProvider
Implements IEncodingProvider
Public Function Suggest(locale As String) As Encoding Implements IEncodingProvider.Suggest
Return Encoding.GetEncoding(1253)
End Function
End Class
and then use it like this:
Dim Config = Configuration.Default.WithDefaultLoader.With(New FixedEncodingProvider())
Dim context = BrowsingContext.[New](Config)
Special Thanks to the library's creator FlorianRappl for the guidance!
I have an html form in one of my views. One value in that form is a username. I gave that input an id.
<input name="username" class="form-control" id="username" placeholder="Username">
When the form is submitted, I redirect to a new view.
res.redirect('/nextView');
nextView has a javascript file being served to it from my public folder. In that javascript file, I am trying to access the username value like this:
$('#username').val()
This is not working. I think it's because now that I am on nextView, the id 'username' does not exist.
How can I persist this value from one view to the next?
You can redirect to a URL with a query parameter attached or save a cookie value.
To attach a query parameter:
res.redirect('/nextView?userName=' + username)
To read from a query parameter in the browser use a queryParam parser. Example
I'm trying to learn about login/password/user session stuff in flask.
i found this link and have been trying to understand the code it provides (on the bottom of the page, the largest piece of code).
http://thecircuitnerd.com/flask-login-tokens/
The link doesn't provide, though, the contents of the login.html file.
So far, the way i've been handling forms in flask requires me to specify to the render_template function what user input will be attributed to each python variable. But since the author didn't do it, i suppose his method of getting the user input should be different than that.
If you look at the login route handler in the code you linked you'll see that it uses request.form to get out two variables, 'username' and 'password':
#app.route("/login/", methods=["GET", "POST"])
def login_page():
"""
Web Page to Display Login Form and process form.
"""
if request.method == "POST":
user = User.get(request.form['username'])
#If we found a user based on username then compare that the submitted
#password matches the password in the database. The password is stored
#is a slated hash format, so you must hash the password before comparing
#it.
if user and hash_pass(request.form['password']) == user.password:
login_user(user, remember=True)
return redirect(request.args.get("next") or "/")
return render_template("login.html")
The simplest way to do this would be with the following HTML:
<form action="/login/" method="POST">
<input name="username" placeholder="username">
<input type="password" name="password" placeholder="password">
<input type="submit" value="Login">
</form>
This will not re-populate the username if the user mis-types their username or password, nor will it give the user any indication that they failed to login. They will just see the login form again. However, this is just some example code, so it's understandable that the author chose to leave out useful code that would obscure the point he was trying to make.
I am new to Struts and I Don't Understand Struts Action Parameters, specifcally: Name,Validate,Input and Redirect="true"
Example:
*#struts.action name="activation" path="/activation" validate="false" parameter="activation"
*#struts.action-forward name="activationStart" path="/activation.html" redirect="true"
Please try to answer me in terms of above example.
So basically you refuse to read the Struts 1 documentation?
name
The name of the ActionForm bean for this action.
validate
Should validation run?
input
The input page for the form, usually used to return to the form on a validation error.
redirect
When this forward is returned should it be a redirect or a forward?
Name
Name is the name of the formbean which is associated with you JSP. In your struts-config you will have something like this
<form-beans>
<form-bean
name="activation">
<form-property name="name" type="java.lang.String"/>
</form-bean>
</form-beans>
validate
You have validator framework which has some validations in place, like checking the name field for null value and so. You tell your struts whether the validator should work or not. If validation=false, then validation is not performed in your current jsp
input
input is the input jsp. If there are any validation errors, the execute method of the action will not get called; instead the control will go back to that ***.jsp. But you have not specified any input in your example
redirect
Whether to redirect or just forward
New to Jmeter. Still learning. Any help will be appreciated.
Login post request:
GET https://exe.example.com/dsfs/ls/?wa=esignin1.0&trealm=https%3A%2F%2Fexe.example.com%2F&wctx=rm%3D1%26id%3D82339bbd-7cdb-4372-ae5f-65efd2dac185%26ru%3Dhttps%253a%252f%252fexample.com%252fdefault.aspx&wct=2014-05-08T17%3A47%3A46Z&wauth=urn%3Aoasis%3Anames%3Atc%3ASAML%3A1.0%3Aam%3Apassword
Above is the post request where I send values for wa, trealm,wctx, wct, wauth which I get from previous response.
For the above post request I get the below response with one more hidden variable "wresult"
<html><head>
<title>Working...</title>
</head>
<body>
<html><head><title>Working...</title></head><body>
<form method="POST" name="hiddenform" action="https://exe.example.com/">
<input type="hidden" name="wa" value="esignin1.0" />
<input type="hidden" name="wresult" value="<t:RequestSecurityTokenResponse xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust"><t:Lifetim….…….../trust/Issue</t:RequestType><t:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</t:KeyType></t:RequestSecurityTokenResponse>" />
<input type="hidden" name="rctx" value="rm=1&id=f71cbbfb-c9f6-4255-bb38-f9ec81f1d4aa&ru=https%3a%2f%2fexample.com%2fdefault.aspx" />
<noscript><p>Script is disabled. Click Submit to continue.<input type="submit" value="Submit" /></noscript></form><script language="javascript">window.setTimeout('document.forms[0].submit()', 0);</script></body></html>
I have to send wrestle value in my next request. wrestle value should be like below.
<t:RequestSecurityTokenResponsexmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust<t:Lifetim……………entity/NoProofKey</t:KeyType></t:RequestSecurityTokenResponse>
but instead wresult value is being sent as
<t:RequestSecurityTokenResponse xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust"><t:Lifetim….….……entity/NoProofKey</t:KeyType></t:RequestSecurityTokenResponse>" />
In browser I'm guessing something replaces "<" with "<" . I have checked everything, it looks like the request is failing because "<" is not getting replaced by
"<" in jmeter. Is my guess right? If yes, is there a way to edit wresult's value in Jmeter and then send it in the request?
Could anyone please let me know how to solve this issue?
JMeter does not execute any javascript But your Browser does!
So You might be correct!
So, in your analysis, If "<" - only this is causing issues - You can use BeanShell PostProcessor / PreProcessor to look for the char/string to be replaced and replace it with what you want!
http://jmeter.apache.org/usermanual/component_reference.html#BeanShell_PostProcessor
Try to use "Content encoding:" "UTF-8" or "iso-8859-1" in your HTTP Request.
Also you have to Check the parameters in "Encode?" column of your request.
hope this will help.
If it's the only place where you're experiencing this problem you can work it around by adding a Beanshell Pre-Processor with the following code:
String wresult = vars.get("wresult").replaceAll("<([^.]*?)", "<");
vars.put("wresult",wresult);
Add Beanshell Pre Processor with the code above as a child of the request, in where you're trying to pass wresult variable.