As part of my C++ app, I'm needing to log into a web service which has an oauth2 login flow. I'm wanting to use webkitgtk-3.0 to accomplish this however, I'm having trouble detecting the login is complete.
What I need to do is detect when the browser wants to redirect to "http://localhost:12345" before it actually attempts to do so.
I've tried looking at the answers from here: Webkit GTK :: How to detect when a download has finished?
But none of them work. Unfortunately the final page loaded, is what is able to be loaded, not http://localhost:12345. Since there is nothing listening on http localhost port 12345. i.e. from my load_finished_cb:
static void load_finished_cb(WebKitWebView *web_view, WebKitWebFrame *web_frame, gpointer data)
{
printf("Finished downloading %s\n", webkit_web_view_get_uri(web_view));
}
The value printed above is in fact a url to my login service and not localhost:12345 as I'd hoped.
What I'm really after is a callback to pre-browse. How do I detect that?
Is it even possible? I know it is with webkit2, but I don't want to use webkit2. I wan't to use webkit and there is a very good reason for that that I won't get into here.
FYI: Under webkit2 what I would do is:
g_signal_connect(web_view, "load-changed", ... );
And in the callback for load-changed detect WEBKIT_LOAD_STARTED and check the value for the URI.
Related
I am using http://dummy.restapiexample.com/ API .While using POSTMAN and creating a new employee using POST ,it seems to work .But when I use axios in React Native and do the same thing the POST is returning success response but when I try GET method to get all the new employees I'm not seeing the newly created employee which worked on POSTMAN
This is my POST method
create(){
axios.post('http://dummy.restapiexample.com/api/v1/create',{
"name":this.state.name,
"salary":this.state.sal,
"age":this.state.age
}).then((res)=>console.log(res.data)).then(()=>this.setState({createModal:false})).catch(err=>console.log(err))
}
and this is my GET method
async getData(){
await axios.get('http://dummy.restapiexample.com/api/v1/employees').then((res)=>this.setState({employees:res.data.data},()=>console.log(res.data.data))).catch((err)=>console.log(err))
}
From your example code it seems that you are making a call over http. Note that such calls are blocked by iOS and Android unless you explicitely specify a domain that is allowed to be reached over http.
More information about networking can be found here:
https://reactnative.dev/docs/network
By default, iOS will block any request that's not encrypted using SSL.
If you need to fetch from a cleartext URL (one that begins with http)
you will first need to add an App Transport Security exception. If you
know ahead of time what domains you will need access to, it is more
secure to add exceptions only for those domains; if the domains are
not known until runtime you can disable ATS completely. Note however
that from January 2017, Apple's App Store review will require
reasonable justification for disabling ATS. See Apple's documentation
for more information.
Either allow the domain for non-secure request or use https.
The problem had something to do with running on Android device. Once run on the emulator it seemed to work fine
I know that Fetch Domain is used for this purpose but I do not know how exactly I can implement it. In Selenium python, I used the following code to enable issuing of requestPaused events.
driver.execute_cdp_cmd("Fetch.enable",{})
driver.get('https://www.example.com')
But I do not know how can I handle requestPaused event (I need to call one fulfillRequest or continueRequest/continueWithAuth). As a result, my program stops working.
I really appreciate it if anyone could provide me an example to help me understand how it works.
Yes, you saw it right.
As per the release notes of Selenium v4.0.0-alpha-3:
* Expose devtools APIs from chromium derived drivers.
* Expose presence of devtools support on a role-based interface
As per the release notes of Selenium v4.0.0.0-alpha-1:
* Basic support for CDP landed via the "DevTools" interface.
So chrome-devtools-protocol is all set to be available with selenium4 which will allow for tools to instrument, inspect, debug and profile Chromium, Chrome and other Blink-based browsers. In the discussion Controlling Chrome Devtools with Selenium Webdriver #AdiOhana mentions of the example usage of a few commands from the Profiler Domain as follows:
driver.getDevTools().createSession();
driver.getDevTools().send(new Command("Profiler.enable", ImmutableMap.of()));
driver.getDevTools().send(new Command("Profiler.start", ImmutableMap.of()));
//register to profiler events
driver.getDevTools().addListener(new Event("Profiler.consoleProfileStarted", ConsoleProfileStarted.class), new Consumer<Object>() {
#Override
public void accept(Object o) {
//do something
}
});
Note: Until the Profiler domain will added to Selenium java client, you will have to supply your Mapper.
Fetch Domain
Fetch Domain will enable clients substitute browser's network layer with client code.
The Fetch Domain methods are as follows:
Fetch.disable: Disables the fetch domain.
Fetch.enable: Enables issuing of requestPaused events. A request will be paused until client calls one of failRequest, fulfillRequest or continueRequest/continueWithAuth.
Fetch.failRequest: Causes the request to fail with specified reason.
Fetch.fulfillRequest: Provides response to the request.
Fetch.continueRequest: Continues the request, optionally modifying some of its parameters.
Fetch.continueWithAuth: Continues a request supplying authChallengeResponse following authRequired event.
Fetch.getResponseBody: Causes the body of the response to be received from the server and returned as a single string. May only be issued for a request that is paused in the Response stage and is mutually exclusive with takeResponseBodyForInterceptionAsStream. Calling other methods that affect the request or disabling fetch domain before body is received results in an undefined behavior.
Fetch.takeResponseBodyAsStream: Returns a handle to the stream representing the response body. The request must be paused in the HeadersReceived stage. Note that after this command the request can't be continued as is -- client either needs to cancel it or to provide the response body. The stream only supports sequential read, IO.read will fail if the position is specified. This method is mutually exclusive with getResponseBody. Calling other methods that affect the request or disabling fetch domain before body is received results in an undefined behavior.
The Fetch Domain events are as follows:
Fetch.requestPaused: Issued when the domain is enabled and the request URL matches the specified filter. The request is paused until the client responds with one of continueRequest, failRequest or fulfillRequest. The stage of the request can be determined by presence of responseErrorReason and responseStatusCode -- the request is at the response stage if either of these fields is present and in the request stage otherwise.
Fetch.authRequired: Issued when the domain is enabled with handleAuthRequests set to true. The request is paused until client responds with continueWithAuth.
References
You can find a couple of revelant discussions in:
Can Selenium WebDriver (java) interact with the Browser's inspect tool element selector?
What is the difference between WebDriver and DevTool protocol
I am currently implementing Paypal's express checkout using JAVA, interfacing with the PayPal NVP API. I have SetExpressCheckout, GetExpressCheckoutDetails, DoExpressCheckout, DoAuthorization and DoCapture methods all working. However, I need to implement the Instant Update API in order to calculate shipping costs and taxes on our server and display in paypal's page. I followed all the steps and recommendations, however, the callback is never called. I have tried playing with the setExpressCheckout parameters as I read in this forum that those parameters could be the problem but couldn't make it work yet. When I log in or change shipping addresses the callback is never called, I'm in sandbox environment BTW.
My callback url is public and works properly. When trying with a webbrowser it invokes my payPalCheckoutUpdate method and writes in a log file in my server, so I'm positive that the url was called. The problem is that when I log in paypal's checkout mobile site or change shipping address this callback url is never called.
My paypal update method is hosted in an Apache Ofbiz based application, I found in different forums that paypal can't access ofbiz's urls in port 8443 or 8080. So I used apache to redirect from my callback URL to my actual method and avoid using a port different than 80 in the callback url. (this works fine when tested with a webbrowser)
This is my call to setExpressCheckout without the credentials (let me know if you see a problem in this call)
372623 [http-0.0.0.0-8443-3] INFO com.paypal.sdk.core.nvp.NVPAPICaller -
L_SHIPPINGOPTIONAMOUNT0=0.00&CANCELURL=https%3A%2F%2Fdev2.XXXjacker.com%3A8443%2FXXXjacker%2Fcontrol%2FpayPalCheckoutCancel&MAXAMT=80.99&L_SHIPPINGOPTIONLABEL0=Calculated+Offline&AMT=80.99&RETURNURL=https%3A%2F%2Fdev2.XXXjacker.com%3A8443%2FXXXjacker%2Fcontrol%2FpayPalCheckoutReturn&CALLBACK=http%3A%2F%2Fdev2.XXXjacker.com%2FpayPalCheckoutUpdate&L_SHIPPINGOPTIONISDEFAULT0=true&L_AMT0=80.99&TAXAMT=0.00&L_QTY0=1&L_NUMBER0=286202&SHIPPINGAMT=0.00&L_NAME0=DVD+%2B+VCR+w%2F+Line+in+%28no+tuner%29&ITEMAMT=80.99&CALLBACKVERSION+=84.0&VERSION=84.0&L_SHIPPINGOPTIONNAME0=Calculated+Offline&CALLBACKTIMEOUT=3&METHOD=SetExpressCheckout&CURRENCYCODE=USD&PWD=**&SOURCE=PAYPAL_JAVA_SDK_76.0&SIGNATURE=****&USER=xxxxx_12xxxx643_biz_api1.xxxxxxxxxxxxx.com
I tried with and without L_SHIPPINGOPTIONLABEL0 parameter, and also tried with version and callbackversion set to 76.0 (the default set by the java library I'm using, taken from paypal) I always get the same result, the callback url isn't invoked.
And this is the response from paypal:
373536 [http-0.0.0.0-8443-3] INFO com.paypal.sdk.core.nvp.NVPAPICaller - TOKEN=EC%2dXXXXXXXX03911650G&TIMESTAMP=2012%2d06%2d12T22%3a03%3a06Z&CORRELATIONID=f1e3c64211d5e&ACK=Success&VERSION=84%2e0&BUILD=2975009 Ack : 200 Elapsed Time : 914 ms
Thank you in advance for your assistance in this matter.
Callback may need to be SSL?:
http://www.konakart.com/forum/index.php?topic=280.0
http://afillyateit.com/forums/topic/500
This is probably a related question, except it's in Android: How to check WiFi is pass through web page login?
Anyway, my issue is that I need to detect whether the user on my WP7 app is connecting to an access point that requires web authentication. The access point would not provide any Internet connectivity if the user has not authenticated himself.
Is there any way I can detect such a situation? Or perhaps redirecting the user to the access point's authentication webpage before proceeding with the app flow would be nice too!
I'm currently using WCF Data Services btw.
Easy: just make a WebRequest for a url that you know that always return the HTTP response code 200 (the OK code) and if it returns any 30x that will be the router redirecting you elsewhere!
Example: requesting http://www.whatismyip.org/ should return HTTP response code 200!
There is currently no way to detect this.
What I did was to make a HttpWebRequest to the service, and see if it starts off with xmlns using the .Contains() method. If the call is redirected to the WiFi hotspot, then it will return a HTTP response, which is inherently different in nature.
I know this might not be the best of solutions, but it works for me to simply test reachability.
Is there a way using Java to over-ride the browser authentication dialog box when a 401 message is received from the web server? I want to know when this dialog is being displayed, and instead of it being given to the user, I fill in the credentials for them.
Overview of application:
i wrote the web server, so essentially i want to stop someone from opening an external browser and putting in the localhost and port to gain access to the data being displayed. my app has an embedded web browser linked to my written server. the browser displays decrypted content, so if i force the auth (even for my embedded browser), an external browser would need credentials. if my embedded browser is trying to access the files, i supply the credentials for the user and display the content
If you don't care about the password showing you can construct the URL so it passes the credentials ex. http://username:password#www.example.com This will by pass the authentication box but will show the user the credentials so also might not be what you are looking for.
SWT 3.5M6 has a new listener within it call AuthenticationListener. It simply listens for authentication event passed from the server and is fired. The code below is what performs the behavior I wanted. It waits for the auth, and if the host is my application, it passes back the credentials. Of course fill in the USER_NAME, PASSWORD and HOST_NAME with appropriate variables. Otherwise it lets the browser auth dialog pop up and makes the user enter the credentials. This code can also be found in the Eclipse SWT snippets page:
webBrowser.addAuthenticationListener(new AuthenticationListener()
{
public void authenticate(AuthenticationEvent event) {
try {
URL url = new URL(event.location);
if (url.getHost().equals(HOST_NAME))
{
event.user = USER_NAME;
event.password = PASSWORD;
}
else
{
/* do nothing, let default prompter run */
}
} catch (MalformedURLException e) {
/* should not happen, let default prompter run */
}
}
});
your question is a bit unclear. The whole basic authentication is based on HTTP Headers.
If the browser gets an authorization header than it displays the dialog. The content from the dialog is then send back to the server. There is nothing special about it. It iser username:password in base64 encoded. Have a look at
wikipedia
The problem is how you want to interfere. You would have to capture the authorization header and then for the next request you have to alter the HTTP header to include the credentials.
hope that helps
I think this is mostly browser-dependent behavior and what the server reports to the browser.
For example, Internet Explorer, being a Microsoft product, directly supports automatic sending of Windows credentials (you can modify this behavior in your Internet Settings) after an anonymous request fails in a 401.
Firefox, for example, does not and will always prompt the user even if it was set to remember the id and password via the password manager. IE will also prompt if auto-login fails (such as your Windows credentials still result in a 401 because you're id isn't allowed).
I don't think, as a web developer, you have much control over this besides setting up your server and app to work in the most expected and harmonious way... if you could, this might get into black hat territory.
If you want to control what is displayed to the user for authentication, you can change the auth-method in the login-config section of the web.xml from BASIC to FORM.
Then you can specify what page should be displayed when the user is authenticating, and, I suppose, pre-fill the credentials for them...but doesn't this defeat the whole purpose of security?
Setting up Authentication for Web Applications
Edit after further details:
My only suggestion would be to change the auth-method to CLIENT-CERT and require two-way SSL, where the client is also required to present a certificate to the server. If you install the certificate into your embedded browser (and make sure external browsers can't get the certificate) then you should be OK. And actually this should stop any authentication dialog from being displayed.