I'm trying to scrape the movements of my bank account with Puppeteer, with a simple script that I run from VSCode. But the login always fails, even though the user and password are 100% correct.
After lots of HTTP requests testing, I found out the culprit is one cookie called _abck provided by the server when visiting the login url:
If I visit the website using Chrome and copy paste that cookie, the login requests work perfectly:
However, if I try to use the same token fresh from Puppeteer or Axios... it fails with a 403:
I have even tried this: running the code and when Chromium appears, I open a new tab, go to my bank's website, get the cookie from devtools, paste it in a request and fails the same way. I'm puzzled.
Why? How can I get a working _abck token programmatically?
Related
I am making a chrome extension for my Meteor app. Is it possible for the chrome extension to check if a user has logged in the Meteor app?
I was thinking to send Meteor.user() data from Meteor app to chrome extension whenever a user tries to login and logout. But I am not sure if that's the right way to do it.
What is the best practice for this?
Updated
If your Meteor app stores login info in a cookie, you could detect if a user has logged in by checking the cookies for your Meteor app url.
Take a look at chrome.cookies and Document.cookie, you could either use chrome.cookies in background page or just use document.cookie in content scripts.
Previous
If you mean there are two ways to login your Meteor app, one is from normal web page and the other is chrome extension. Then I think you could check the login source by the analyse the http request.
You could check origin of the http request, if the request is sent from extension background, the origin would look like chrome-extension://xxxxx. Or you could send extra info as a flag when sending login info.
You won't have access to your app's objects from a Chrome extension but you will have access to the DOM. What I suggest you do is include a DOM element (even a hidden one) that indicates whether or not a user is logged in and have your extension look for that.
I am currently writing a NodeJS application based on Sails.JS, and I'm using ntlm-express for NTLM authentication. This works perfectly fine when the authentication succeeds but in cases where it fails (for example, a Firefox user entering wrong credentials) ntlm-express returns a 500 error code, FireFox stores the credentials in its cache and the user is unable to login to the web app at all, since he's not getting a new prompt to enter credentials. The only way for the user to log in is to manually clear the authentication cache in FireFox and try again.
What I'd like to do is in cases where ntlm-express fails to authenticate the user, to prompt him again for credentials instead of returning 500.
Has anyone done something like this and can point me in the right direction? I found very little information online regarding this topic...
For anyone who runs into a similar issue, I managed to solve it by overriding the express-ntlm forbidden function to return a 401 instead of of 500 and editing the default Sails unauthorized.js response to also return a "WWW-Authenticate: NTLM" header.
That way I am forcing the client to retry NTLM negotiation until he gets it right...
I want to test flow using Protractor which occurs after login page, can I bypass or skip or avoid login while testing that flow?
One option would be to instead of opening a fresh browser instance each test, you open Firefox loading the Firefox profile previously saved when you was logged in. Aside from many other things, the profile contains cookies, that are usually used for login session validation:
log in to your application via Firefox
open Help->Troubleshooting Information->Profile Folder->Show in Finder (for Mac OS)
copy the path to the profile
use setFirefoxProfile HowTo to learn how to load this profile every time you run your tests
You can always mock the login, where details will depend on how the login is implemented.
If it is the session or key returned by the server, you can mock the server response by supplying that key, that will be accepted by your front end code, as if there was successful login.
I am following the dialog documentation to try to display dialog in a Windows 8 Store app (html5/javascript).
https://developers.facebook.com/docs/reference/dialogs/
In a Windows 8 Store app, we have to use iframe to display another web page. Here is an example of what I did:
<iframe src="https://www.facebook.com/dialog/feed?app_id=145634995501895&redirect_uri=http://www.facebook.com&show_error=true&display=iframe&access_token={access_token}"></iframe>
Since it is an iframe, I specify display=iframe and access_token={access_token}.
If you want to try it, please remember to change access_token.
I get the following errors:
API Error Code: 110
API Error Description: Invalid user id
Error Message: Missing user cookie (to validate session user)
I guess this may be caused by the fact that user has not login yet. In the documentation (https://developers.facebook.com/docs/reference/dialogs/), it said "If the user is not already logged in, Facebook will prompt them to login before showing the the Dialog you invoked." I am wondering how to prompt the user to login? Did I miss a parameter to prompt user to login? I looked through the parameters, I did not seem to find anything.
Appreciate your help.
I am seeing different behavior from you which I'll document here, even though it may not be "your answer".
I obtained my own access token, and when I use your IFRAME, I do see the attempt to redirect to Facebook.com to login; however, that's followed by a security error in the JavaScript console - including the following:
APPHOST9613: The app couldn’t navigate to
https://www.facebook.com/login.php?api_key=177388709024886&skip_api_login=1...
because of this error: FORBIDFRAMING.
A request to the login.php script generates a response with the X-FRAME-OPTIONS header to DENY. This would indeed prevent the login page from Facebook from appearing in the IFRAME within the app - hence FORBIDFRAMING.
There is some discussion on an MSDN Forum thread as well and it's slightly dated, but am not aware of any changes since then.
I have not tried Facebook logins directly with Window 8 applications using Windows Azure Mobile Services, but it may be something to try. Azure Mobile Services is VERY simple to set up, so you'll know very quickly whether or not there is still an issue within a HTML5/JS Windows Store app.
I'm building a phonegap app in which I need to link to facebook, instagram and twitter. I need to allow users to login to each of these with their credentials and return an access token which I will be saving on the device using local storage. I can login the users perfectly fine when working on an actual site (which is a test site I have setup). The way it works is I have to redirect the user to a login page for each brand where they can login. This I can do fine from a phonegap app, but the issue is that each of them require a redirect url which I must supply for them to basically send the access token to once the user logs in. On the internet this works perfect, but I need to redirect url to somehow point back to the mobile device it originated from. I can do this using a proxy but I don't want to employ the use of a server as this comes with way to much overhead. So all that to actually ask my question:
How the heck do I redirect the user back to the mobile app after they have successfully logged in? I'm hoping this is something very simple that I'm missing, but I'm just not seeing it. :/
This is oAuth authentication which logs the user in and then tells the user's browser to go to the second URL. Typically, if you write an iOS app, you can always open it by doing something like this: ://. it should also be able to ready parameters passed this way.
For example: open safari on your iPhone and put "Skype://" as the address and it should open your skype app if you have it installed.
Try setting the return URL similar to what I mention above and see if that works.