Connection issues from certain devices - ibm-mobilefirst

Can't connect from device using custom authenticator and ChallengeHandler.
This is from Worklight 6.1.0.2 from an iPod Touch device. On the worklight server, we see this in the Stack Trace.
klight.console.controllers.UsersController from Application javax.ws.rs.core.Application
[10/8/14 15:20:04:170 CDT] 0000001c com.worklight.core.auth.impl.LoginContext E FWLSE0059E: Login into realm 'NullLoginModule' failed. Invalid gadget request format: /WorkExecution/iphone/my_custom_auth_request_urlnull. Unknown handler path: my_custom_auth_request_url. [project AnywhereWorkManagement]
com.worklight.gadgets.GadgetRuntimeException: Invalid gadget request format: /WorkExecution/iphone/my_custom_auth_request_urlnull. Unknown handler path: my_custom_auth_request_url
at com.worklight.gadgets.api.GadgetAP
Our challenge handler submits our Authentication information using this Javascript call:
challengeHandler.submitLoginForm(challengeHandler.getAuthURL(), loginOptions, l
Where getAuthURL returns the string "/my_custom_auth_request."
Strangely, other devices using the same application and worklight server are allowed to login successfully. Another weird datapoint is that if we popup the Worklight Settings panel on this iPod Touch device, and update the Worklight server information, the worklight login then seems to succeed.
Wireshark log from the failed connection:
POST /AnywhereWorkManagement/apps/services/api/WorkExecution/iphone/login HTTP/1.1
Host: mobilenext1.tivlab.austin.ibm.com
Accept-Language: en_US
User-Agent: Mozilla/5.0 (iPod touch; CPU iPhone OS 7_1_2 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Mobile/11D257 (367413328)/Worklight/6.1.0.02.20141006-1624
Content-Length: 71
x-wl-platform-version: 6.1.0.02.20141006-1624
X-Requested-With: XMLHttpRequest
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
x-wl-app-version: 7.5.1.1
Accept: text/javascript, text/html, application/xml, text/xml, */*
Connection: keep-alive
x-wl-native-version: 1475155033
x-wl-device-id: 36CDA8F2-F4E9-49D8-8CBB-A250FDC3B8FA
Cookie: WL_PERSISTENT_COOKIE=ac72a920-b614-423d-8347-e4b5c96a4a1b
Origin: file://
Accept-Encoding: gzip, deflate
realm=CustomAuthenticationRealm&isAjaxRequest=true&x=0.7606244247872382HTTP/1.1 503 Service Unavailable
X-Powered-By: Servlet/3.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Language: en-US
Content-Length: 0
Connection: Close
Date: Fri, 10 Oct 2014 14:32:15 GMT
Then after updating the Custom URL to remove the trailing slash, and relogging in, here's the wireshark log from the successful login:
POST /AnywhereWorkManagement/apps/services/api/WorkExecution/iphone/query HTTP/1.1
Host: mobilenext1.tivlab.austin.ibm.com
Accept-Language: en_US
User-Agent: Mozilla/5.0 (iPod touch; CPU iPhone OS 7_1_2 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Mobile/11D257 (384405120)/Worklight/6.1.0.02.20141006-1624
Accept-Encoding: gzip, deflate
Content-Length: 210
x-wl-platform-version: 6.1.0.02.20141006-1624
X-Requested-With: XMLHttpRequest
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
x-wl-app-version: 7.5.1.1
Accept: text/javascript, text/html, application/xml, text/xml, */*
Connection: keep-alive
x-wl-native-version: 1475155033
x-wl-device-id: 36CDA8F2-F4E9-49D8-8CBB-A250FDC3B8FA
Cookie: WL_PERSISTENT_COOKIE=0983cfc8-8526-48c9-99cb-72659cb934b4; JSESSIONID=0000wSxsNgF79M62_UJTNmXKKYC:2e8ee48e-dec4-4c69-b8b4-ad37f839f1be
Origin: file://
WL-Instance-Id: okur33g93p35c9j7rvpk1r9g5j
adapter=OSLCGenericAdapter&procedure=getProperties&compressResponse&parameters=%5B%7B%22propertyNames%22%3A%5B%22si.auth.type%22%5D%7D%5D&__wl_deviceCtx=Ar1Cjm4_mo9jpBAA&isAjaxRequest=true&x=0.33572526928037405HTTP/1.1 200 OK
X-Powered-By: Servlet/3.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Type: application/json; charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Content-Length: 93
Date: Fri, 10 Oct 2014 14:43:15 GMT
/*-secure-
{"isSuccessful":true,"responseID":"1516","properties":{"si.auth.type":"maximo"}}*/POST /AnywhereWorkManagement/apps/services/api/WorkExecution/iphone/my_custom_auth_request_url HTTP/1.1
Host: mobilenext1.tivlab.austin.ibm.com
Accept-Language: en_US
User-Agent: Mozilla/5.0 (iPod touch; CPU iPhone OS 7_1_2 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Mobile/11D257 (384405120)/Worklight/6.1.0.02.20141006-1624
X-Requested-With: XMLHttpRequest
Accept: text/javascript, text/html, application/xml, text/xml, */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
x-wl-app-version: 7.5.1.1
Connection: keep-alive
Cookie: WL_PERSISTENT_COOKIE=0983cfc8-8526-48c9-99cb-72659cb934b4; JSESSIONID=0000wSxsNgF79M62_UJTNmXKKYC:2e8ee48e-dec4-4c69-b8b4-ad37f839f1be
x-wl-device-id: 36CDA8F2-F4E9-49D8-8CBB-A250FDC3B8FA
Content-Length: 62
Origin: file://
Accept-Encoding: gzip, deflate
username=wilson&password=wilson&authType=maximo&langcode=en-USHTTP/1.1 200 OK
X-Powered-By: Servlet/3.0
P3P: policyref="/w3c/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Type: application/json; charset=UTF-8
Cache-Control: no-cache, must-revalidate
Content-Language: en-US
Transfer-Encoding: chunked
Date: Fri, 10 Oct 2014 14:43:15 GMT
19
{"authStatus":"complete"}
0
I found this in the server logs to correspond with that 503 error from worklight server (I can reproduce by POSTing the same login URL). However in our Worklight Console, there is only one version of each application listed for iphone.
[10/10/14 10:37:54:063 CDT] 00000485 com.worklight.gadgets.serving.GadgetAPIServlet E FWLSE0020E: Ajax request exception: The environment 'iphone' supports multiple versions, therefore you must request it with a version parameter. [project AnywhereWorkManagement]
[10/10/14 10:37:54:066 CDT] 00000485 com.worklight.gadgets.serving.GadgetAPIServlet E FWLSE0117E: Error code: 1, error description: INTERNAL_ERROR, error message: FWLSE0069E: An internal error occurred during gadget request [project AnywhereWorkManagement]The environment 'iphone' supports multiple versions, therefore you must request it with a version parameter., User Identity {wl_authenticityRealm=null, CustomAuthenticationRealm=null, wl_remoteDisableRealm=null, wl_antiXSRFRealm=null, wl_deviceAutoProvisioningRealm=null, wl_deviceNoProvisioningRealm=null, wl_anonymousUserRealm=null}. [project AnywhereWorkManagement]

Scott,
The workaround is to remove the trailing slash from the Server URL.
For a permanent fix I suggest that you will open a PMR so that the development team could investigate the issue closely.
When doing so, please provide a reproducible test case because the flow does work fine, but seems to not work in yours, so need to better understand where exactly it fails. Be sure to provide this question in the description.
It could be that you are altering the URL somewhere in your challenge handler?

Related

HTTP Caching problem. Request works on and off

I'm facing a weird behaviour on chrome with http get requests that most likely has something to do with cache.
Basically, the same request returns 200 the first time, then if I send the same request again by entering again the URL bar it returns 404. THen again 200. Then 404.
The request looks something like this (by using the dev tools on chrome) I use ## to hide sensitive info
General:
Request URL: ###
Request Method: GET
Status Code: 200 OK
Remote Address: ##############
Referrer Policy: strict-origin-when-cross-origin
Response Headers:
Accept-Ranges: bytes
Cache-Control: max-age=0, no-cache
Content-Length: 75209
Content-Type: application/json
Date: Fri, 10 Sep 2021 10:29:22 GMT
ETag: W/"IDGfBPV6nmAIDGefDH3A0M"
Last-Modified: Wed, 08 Sep 2021 08:36:01 GMT
Server: Jetty(9.4.z-SNAPSHOT)
Request headers
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en,it-IT;q=0.9,it;q=0.8,en-US;q=0.7
Connection: keep-alive
Cookie: ##################
Host: #########
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
If i now press enter in the URL bar issuing the request again i get the following response:
General
Request URL: ####
Request Method: GET
Status Code: 404 Not Found
Remote Address: ######
Referrer Policy: strict-origin-when-cross-origin
Response Headers
Cache-Control: must-revalidate,no-cache,no-store
Content-Length: 347
Content-Type: text/html;charset=iso-8859-1
Date: Fri, 10 Sep 2021 10:29:05 GMT
ETag: W/"IDGfBPV6nmAIDGefDH3A0M"
Server: Jetty(9.4.z-SNAPSHOT)
Request Headers
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en,it-IT;q=0.9,it;q=0.8,en-US;q=0.7
Cache-Control: max-age=0
Connection: keep-alive
Cookie: #################
Host: ####
If-Modified-Since: Wed, 08 Sep 2021 08:36:01 GMT
If-None-Match: W/"IDGfBPV6nmAIDGefDH3A0M"
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
And so on, 200, 404, 200, 404 ...
Differences I noticed are in the Cache-Control header of the response and the new If-Modified-Since and If-None-Match request headers.
The backend server is a proprietary server and between the client there is an Apache Proxy Server.
I know that to get the solution I should provide more data (maybe the httpd configuration) but I'm more like trying to understand what the issue is rather than asking for a magic solution.
I searched on google "Get request works on and off" and all sort of wording variations but had no luck.
If anyone could help me out at least understanding the problem
Thanks
Davide
UPDATE
As Kevin suggested in the comment, shutting down the apache proxy did not change this on/off behaviour. Has to be something within the origin server

Apache - Serving png as text / html

The server log says:
[04/Nov/2019:23:11:23 +0100] "GET /imgs/flags/fr.png HTTP/1.1" 200 2173 "http://XXXXX.com/user/start" "Mozilla/5.0 (Linux; Android 5.0; SM-G900P Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3959.0 Mobile Safari/537.36"
However, they are being served as text:
This is only happening in production though... in localhost it works fine.
This image loads ok: /imgs/logo_only_transparent.png
This image does not load: /imgs/flags/es.png
Using Ubuntu 18.04, php 7.2, Laravel 6, Vue 2.x
What am I missing?
From the network tab:
Request Method: GET
Status Code: 200 OK
Referrer Policy: no-referrer-when-downgrade
Cache-Control: no-cache, private
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 1205
Content-Type: text/html; charset=UTF-8
Date: Mon, 04 Nov 2019 22:11:23 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.29 (Ubuntu)
Set-Cookie: XSRF-TOKEN=eyJpdiI6IkFcL3lRY2JcL0o1R0VyNmRzeXdHcytsQT09IiwidmFsdWUiOiJMNWoyeUUyeW1lMG4zOFNRWnVDWG5jRU1FOFU2bVRuTzl6WmZqQlwvVGFXdnhQWVBVM29vbW1JTEszMldlXC9ra1IiLCJtYWMiOiJjM2JmODA4M2RiODVjZjJjODM5NTliYTFiMzI3NzU2ZDk0YjQwNmY3YTU3YzE1NmE3NzI3ZDM2YTIxODQ2YTY3In0%3D; expires=Tue, 05-Nov-2019 00:11:23 GMT; Max-Age=7200; path=/
Vary: Accept-Encoding
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: es,en;q=0.9
Connection: keep-alive
EDIT (Solved): The reason was that the file is named ES.png no es.png. Apparently this is not an issue when running XAMPP in Windows but it when running it in Ubuntu.

how to use httpwebrequest to login to site in vb.net

i want to login to site with my account but using vb.net "httpwebrequest"
this is the header :
http://www.alexasurfing.com/login?task=user.login
POST /login?task=user.login HTTP/1.1
Host: www.alexasurfing.com
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.alexasurfing.com/login
Cookie: __cfduid=d09a17b9b5acf54646546541471462027; refid=14786;
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 159
username=GMAL%40gmail.com&password=PASWW&remember=yes
HTTP/1.1 303 See other
Date: Wed, 17 Aug 2016 19:30:48 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.5.9-1ubuntu4.17
Location: /dashboard/profile
Server: cloudflare-nginx
i dont know how to use httpwebrequest to login to the site with my account ?
See the example here:
HTTP request with post
your post data is: username=GMAL%40gmail.com&password=PASWW&remember=yes
Note: You are sending plain text password over http. If there's an https option you should use that.

Why does the web server sent the file instead of a 304 http: not modified?

My browser send to the server the following request:
Host: www.imprimante.be
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0
Accept: */*
Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
If-Modified-Since: Fri, 29 May 2015 14:22:44 GMT
If-None-Match: "90-5173935ad3a1a-gzip"
Referer: http://www.imprimante.be/premier-avis-gratuit/
Cookie: <hidden>
Connection: keep-alive
The url used is http://www.imprimante.be/wp-content/themes/mch_imprimante/js/theme.min.js? (note: www.imprimante.be is not accessible trough wlan yet)
And the server send me the file with this (status 200) http header:
Accept-Ranges: bytes
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 137
Content-Type: application/javascript
Date: Wed, 03 Jun 2015 07:18:03 GMT
Etag: "90-5173935ad3a1a-gzip"
Keep-Alive: timeout=5, max=99
Last-Modified: Fri, 29 May 2015 14:22:44 GMT
Server: Apache/2.4.10 (Debian)
Vary: Accept-Encoding
As you might notice (Last-Modified: Fri, 29 May 2015 14:22:44 GMT) the file hasn't been modified since the last request.
So I don't get why the response isn't a 304 status: not modified.
I'd really like to know why the caching of this files (and some others) doesn't work as I expect it.
It is bug in Apache. Turn off mod_deflate.

User authentication with XMLHttpRequest works in IE, not in Chrome?

The following function works in IE but not in Chrome:
function doStuff() {
var request = new XMLHttpRequest();
request.open("POST", "http://twitter.com/statuses/update.json", true, "USERNAME-HERE", "PASSWORD-HERE");
request.send("status=STATUS UPDATE HERE");
}
Chrome generates the following request. Note the Authorization header is missing:
OPTIONS /statuses/update.json HTTP/1.1
Host: twitter.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.78 Safari/532.5
Access-Control-Request-Method: POST
Origin: file://
Access-Control-Request-Headers: Content-Type
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
I get the following response (http 401):
HTTP/1.1 401 Unauthorized
Date: Wed, 03 Feb 2010 00:39:33 GMT
Server: hi
Status: 401 Unauthorized
WWW-Authenticate: Basic realm="Twitter API"
X-Runtime: 0.00107
Content-Type: application/json; charset=utf-8
Cache-Control: no-cache, max-age=300
Set-Cookie: _twitter_sess=BAh7BzoHaWQiJTUxMTc2Nzk4N2U0YzMzZmU0ZTQyNzI4NjQyYjI3ODE2Igpm%250AbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAG%250AOgpAdXNlZHsA--bb61324c3ba12c3cd1794b3895a906a69c154edd; domain=.twitter.com; path=/
Expires: Wed, 03 Feb 2010 00:44:33 GMT
Vary: Accept-Encoding
Content-Length: 73
Connection: close
{"request":"/statuses/update.json","error":"Could not authenticate you."}
So, how am I supposed to pass a username and password to XHR? Webkit/Safari documentation says the open method should take these parameters, so I'm not sure why it is failing.
The solution was that I needed to add
request.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
The way I'm doing this is... special... so this may not be of much use to others going forward. But once I added this webkit started adding Authorization.
From the look of it, you're trying to do an X-Domain XMLHTTPRequest, which is why Chrome sends the OPTIONS pre-flight request. Because the Twitter server doesn't respond to the OPTIONS request indicating that X-Domain access is okay, you get a failure here.
Your code would only work in IE in the Local Computer zone, or if you turn off x-domain-checking (very dangerous)
Have you tried:
request.setRequestHeader('Authorization', 'yourvalue');