I got a href from Website by inspect it, and I would like to send http request to update the value. But unfortunately the value isn't updated. And response text is the login page.
The href as below.
<a href="SystemTeam.do?formPostType=Update&ID=001&toggle=false">
My JScript as below.
var baseURL =
"https://xx.xx.xx.xx/admin/SystemTeam.do?formPostType=Update&ID=001&toggle=true";
var xmlHttpRequest = new ActiveXObject("MSXML2.ServerXMLHTTP.3.0");
//Ignore SSL error.
xmlHttpRequest.setOption(2,13056);
xmlHttpRequest.open("GET", baseURL, false);
//Set login user authorization
xmlHttpRequest.setRequestHeader("Authorization", "Basic XXXXX");
xmlHttpRequest.send();
Could anyone give some suggestions?
Related
In JScript I need to read a list of books from a web server that has a 2-step authentication i.e. user + password and token afterwards - once you call an IP address you get a token in response which needs to be used in a header for books (Authorization; Bearer + token). Server is supposed to respond with a paginated list of books
[{"book_Id": 1,"book_Name": "AAA","book_Year": 2021}].
Path is "GET /book", parameters are: "Page" and "Size". I've managed to call the server and get token in reponse:
var xmlhttp = new ActiveXObject("WinHttp.WinHttpRequest.5.1");
xmlhttp.open("GET", "http://XX.XX.XX.XX:XXXX/authenticate?username=XXX&password=XXX", false);
xmlhttp.send();
var token = JSON.parse(xmlhttp.responseText).token
and tried to use it
var header = xmlhttp.SetRequestHeader("Authorization", "Bearer "+token)
new ActiveXObject("WScript.Shell").Popup(header.responseText)
but got empty response and got stuck. I'd very much appreciate being moved on with how to read the list.
Edit
So I've added new object and now get status 404 error Not Found. Is there some error in the coding yet?
var xmlhttp = new ActiveXObject("WinHttp.WinHttpRequest.5.1");
xmlhttp.open("GET", "http://XX.XX.XX.XX:XXXX/authenticate?
username=XXX&password=XXX", false);
xmlhttp.send();
var token = JSON.parse(xmlhttp.responseText).token
var xmlhttp2 = new ActiveXObject("WinHttp.WinHttpRequest.5.1");
xmlhttp2.open("GET", "http://XX.XX.XX.XX:XXXX/book?limit=1", false);
xmlhttp2.SetRequestHeader("Authorization", "Bearer "+token)
xmlhttp2.send();
new ActiveXObject("WScript.Shell").Popup(xmlhttp2.responseText)
I tried to generate the token from login request.It is successful in postman tool and success in soapui groovy script.But I couldnot do via rest assured library.Below are the screenshot where the request uses Body - form-data with username and password.
I have tried the using queryparams, formparam but getting the below error.Kindly help me to solve the error.
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.4.4</center>
</body>
</html>
Rest assured code:
Map<String, String> formParams = new HashMap<>();
formParams.put("username", "test");
formParams.put("password", "welcome");
Response response = RestAssured.given().config(RestAssured.config().redirect(redirectConfig().followRedirects(false)).encoderConfig(EncoderConfig.encoderConfig().encodeContentTypeAs("multipart/form-data", ContentType.TEXT)))
.queryParams(formParams)
.post("http://posturl");
You are sending the parameters as a query, not as form params.
Also, looks like you need to follow the redirect, since you're getting a 301, so you need followRedirects(true) instead of false.
You need to do it this way:
Response response = RestAssured.given()
.config(RestAssured.config()
.redirect(new RedirectConfig().followRedirects(true))
.encoderConfig(EncoderConfig
.encoderConfig()
.encodeContentTypeAs("multipart/form-data", ContentType.TEXT)))
.formParams(formParams)
.post("http://posturl");
I would like to capture the SAML Response from a URL request made which uses hidden SAML authentication. I am able to see the response in Fiddler but how to save it for further analysis. Post the redirect request by the URL, SAML reponse with "200 OK" arrives in fiddler and I want to capture it. Is there any Powershell utility which can be used to do the same or Do I have to automate the Fiddler itself using some module. Please suggest if any other option is also there.
I have tried some snippets with "Invoke-WebRequest" in Powershell but not able to reproduce much regarding the SAML Response.
Tooting my own horn but my chrome plugin will help you with this. It adds a ta to the dev tools console. Then tabs show all traffic and highlights the ones wiyh saml messages. When you click one it will show you the saml xml in clear text nicely formated.
I have tried a lot of things and finally getting it almost done with the help of phantomjs.
var page = require('webpage').create();
page.customHeaders={'Authorization': 'Basic '+btoa('USER:PASSWORD')};
// hook into initial request
page.onResourceRequested = function(request) {
//console.log("Request: "+ JSON.stringify(request, undefined, 4));
var req_json = JSON.stringify(request, undefined, 4);
if (request.method == "POST" && request.postData != null){
//console.log("Request: "+ JSON.stringify(request, undefined, 4));
console.log("SAML Req/Resp: \n" + request.postData);
}
};
// hook to response
page.onResourceReceived = function(response) {
//console.log("Response: "+ JSON.stringify(response, undefined, 4));
var resp_json = JSON.stringify(response, undefined, 4);
};
page.open("https://yourURLwithhiddenSAML");
For now I am able to get the postdata with SAMLRequest and SAMLResponse and redirecting the output to some file. However, there is one more thing I have noticed. If I add
phantom.exit();
inside the function I am not able to get the complete request/response lifecycle which contains SAML.
I am trying to redirect the user that uses my website after he has logged into his account, he will be redirected to a dashboard.
The problem is that I can see a request for the /dashboard route in the Network tab of the browser Inspection Tools, but the page never loads.
This is my code so far.
router.post('/login', function(request, response){
// verify against database and send back response
var userData = {};
userData.email = request.body.email;
userData.password = request.body.password;
userData.rememberPassword = request.body.rememberPassword;
// check if in the database and re-route
var query = database.query('SELECT * FROM users WHERE email = ?', [userData.email], function(error, result){
if(error){
console.log('Error ', error);
}
if(result.length){
// check if the password is correct
if(userData.password === result[0].password){
// redirect to the dashboard
// TODO this piece of code does not redirect correctly
response.redirect('/dashboard'); // < HERE
console.log('Haha');
}
}
else{
// do something when there is are no results
// invalid email status code
response.statusCode = 405;
response.send('');
}
});
});
And this is the route towards the dashboard, and it is being rendered properly when accessed in the browser.
router.get('/dashboard', function(request, response){
response.render(path.resolve(__dirname, 'views', 'dashboard.pug'));
});
Why can't it redirect when the user completes the login process?
Thanks.
The issue can be in the frontend and not in the backend. If you are using AJAX to send the POST request, it is specifically designed to not change your url.
Use window.location.href after AJAX's request has completed to update the URL with the desired path.But the easiest way would be to create a form with action as /login and use the submission to trigger the url change.
To make sure that the problem does not lie with the backend,
Add a logging statement to router.get('/dashboard' to verify if
the control was passed.
Check that the HTTP status code of the /login route is 302 indicating a redirect and location header has the route /dashboard.
Content type of response /dashboard is text/html.If not please set it using res.setHeader("Content-Type", "text/html").
I'm trying to login to my Rocket.chat app on localhost via API.
When I'm sending POST to http://localhost:3000/api/login with data: {"user":"myusername","password":"mypassword"}
I'm getting response 401 with status error, no matter if used xhr request, axios or jquery ajax.
BUT when I send the same data with python virtualenv or curl, the response is 200 and status success.
What am I doing wrong? Why POST fails when sending with javascript and passes when sending with python or curl?
var xhr = new XMLHttpRequest();
xhr.open("POST", 'http://localhost:3000/api/login/', true);
xhr.send(JSON.stringify({
user: "myusername",
password: "mypassword"
}));
// result: {status: "error", message: "Unauthorized"}
I'm sending login request with no header, because:
xhr.setRequestHeader('Content-Type', 'application/json');
returns 500
Here are request details from Chrome:
You are running rocket chat on a domain which is different from the domain from which you are making ajax request. The domain and port from which you make ajax request should be same as the domain and port of the destination url. This is because of a security feature in web browsers called Cross Origin Resource Sharing (CORS). See https://en.wikipedia.org/wiki/Cross-origin_resource_sharing.
To fix this error your web server needs to allow requests from other domains.
try this Code
var xmlhttp = new XMLHttpRequest(); // new HttpRequest instance
xmlhttp.open("POST","http://localhost:3000/api/login/");
xmlhttp.setRequestHeader("Content-Type", "application/json;charset=UTF- 8");xmlhttp.send(JSON.stringify({name:"myusername", time:"mypassword"}));