I have more than 140 id and password of different web site. I want to open each web site dynamically set set id password and login.
I had try lots of thing ex. iframe, frameset, parent window access, url scripts passed.
but its not working for security. Please help me.
Thank you
You could use Selenium IDE plugin (Firefox only) from Selenium project.
Selenium IDE plugin lets you record your actions on any page and it will generate a script, something like (pseudocode):
openPage('http://google.com');
click("#signinElement");
click("#usernameInputElement")
enter("username");
click("#passwordInputElement")
enter("password");
click("#submitButton")
// ...
openPage('http://amazon.com');
// ...
Then you can edit it, add a loop around the whole script and iterate over your list of credentials.
assuming you want to do it locally and not to create a website
Cross origin issues will indeed occur if you try to change input values on a login provider's web page. To get closer to automation, I suggest opening the browser console after the login page has loaded.
Console, as you probably know, is not just for log, it allows you to write Javascript commands to the page.
If you prepare the following code in advance, all is left to do is just to copy and paste in the console, to control the page elements.
Collect the names of the input and submit elements of each of your account providers.
Something like the following:
var logins = {
yahoo: {
url:'https://login.yahoo.com',
usernameInputName: 'username',
usernameInputValue: 'YOUR_USER_ID_HERE',
usernameStep: true,
usernameStepSubmit: 'signin',
passwordInputName: 'passwd',
passwordInputValue: 'YOUR_PASSWORD_HERE',
submit: 'signin'
},
//google: {...
};
Open your account login page, in this example - https://login.yahoo.com.
Yahoo has two steps of signing in, first - you put your username, submit, then put your password and then submit again. In such case, logins["yahoo"].usernameStep is set to true
If usernameStep is false you submit only once by "clicking" dynamically on logins[LOGIN_NAME].submit:
{
document.getElementsByName(login.usernameInputName)[0].value = login.usernameInputValue;
document.getElementsByName(login.passwordInputName)[0].value = login.passwordInputValue;
document.getElementsByName(login.submit)[0].click();
}
If usernameStep is true you use document.getElementsByName(login.usernameStepSubmit)[0].click(); after putting the username, and then proceed to password and submit.
Hope this helps.
Related
I have written a webapp with the ArcGIS JavaScript API and all is working fine. Now I am trying to add secured layers to the web app and the app starts asking for credentials via a default login screen. I could use that, just entering username and password, but most users don't know their user name and password for ArcGIS.
The company has implemented SSO with ArcGIS so users don't have to fill in their credentials. Users typically go to the main company.maps.arcgis.com site and get to a company specific login screen where they have the option to click this SSO button.
My question; how can I make the JavaScript API show this company specific login page with SSO button instead of the default one?
I tried registering oauthInfo and serverInfo setting but without success.
Did anybody else ever built this?
The SSO sign in prompt should occur as long as you're using OAuthInfo and registering it with the IdentityManager. You'll have to make sure that you:
Add and register an application in the organization where
the data is coming from. The redirect URI should point to the server
that's hosting the application URL.
Get the Client ID from the registered application and add it to the appId in OAuthInfo along with the portalUrl property (which should be https://company.maps.arcgis.com)
Set the popup property to false.
Verify all the data is coming from the same organization. If it's not, then you may get another prompt since it's not registered with the IdentityManager.
Here's an example of what the OAuthInfo should look like:
const info = new OAuthInfo({
// Swap this ID out with registered application ID
appId: "APPID",
portalUrl: "https://company.maps.arcgis.com/",
flowType: "auto", // default that uses two-step flow
popup: false,
});
esriId.registerOAuthInfos([info]);
I am building a chat bot in FB messenger that saves user profile data, food and calorie consumption. I am using Node/Express/MongoDB for the backend and want the user to be able to open a personal dashboard page inside the chat with a link. So that URL would be something like www.myapp.com/:id where :id is a personal key.
The problem I have is how can only the user belonging to this page and data open this without having to login? Normally you would go to a website, login and be able to see the page, but this not a step I want in a chat bot. I want the user just to open the page in the chat, whether that is results in opening a browser tab or a native webview. Any advice on how I can achieve this?
To verify if the user on the page is the facebook user you intend the page to be for, add FB Messenger Extensions to the page.
When clicking a webview in your bot, Messenger extensions will be able to tell who they are logged in as, and allow you to do whatever you want with that info. In your case, checking if the userid matches the one passed by your bot in the url. There are many ways to check this, like splitting query strings, but I stuck with the example route in your question.
Use the following on your dashboard page. The below will check with FB who the logged in user is, and if it doesn't match the ID of the link they followed, deny them access with a redirect.
<script>
MessengerExtensions.getContext(<YOUR-APP-ID>,
function success(thread_context){
// User ID was successfully obtained.
var psid = thread_context.psid;
// Grab the user id from your url (assumes your url is /<USER_ID>)
var loc = window.location.pathname.replace(/^\/|\/$/g, '');
if (psid !=== loc) {
window.location.replace("http://YOUR_DOMAIN.com/error")
}
}, function error(err, errorMessage) {
// Error handling code
});
</script>
Docs on getting user id with Messenger Extensions
Try this:
Open Messenger, then open DevsConsole and go to Network tab. Now paste your link and click it. In the Network tab open the request details issued by the click. Under "Form Data" you should see this:
q:[{"user":<your_fb_id>,...
You can use this id to authenticate the user in your app - just couple it somehow with the authorized user in your app. This is just the first idea off the top of my head, it should be quite safe if you mix it e.g. with CORS security headers.
I have cable internet which requires me to login though a web page. It's annoying how it resets every day at 8 and 12am. I wanted to write a python script which will automate the login process. I've read many StackOverflow solutions so far, nothing has worked. I have tried Requests, Twill, RoboBrowser etc.
Upon inspecting the page source I came across a doLogin() ajax script, which is triggered by login button. Here is the full page source.
following is one of my implementations which fails
import requests
# Fill in your details here to be posted to the login form.
payload = {
'action': 'http://10.10.0.1/login',
'actualusername': 'username',
'actualpassword': 'password'
}
# Use 'with' to ensure the session context is closed after use.
with requests.Session() as s:
p = s.post("http://103.251.83.134/captiveportal/Default.aspx", data=payload)
# print the html returned or something more intelligent to see if it's a successful login page.
print p.text
# An authorised request.
#r = s.get('http://www.google.com')
#print r.text
EDIT: Solution
I used Selenium WebDriver to fix this. Check answer.
Use Selenium :) Download ChromeDriver to the path, make a two-time variable and check the time every minute. If it's 'login time', your browser will pass through the authorization.
from selenium import webdriver
def Authorization_for_broadband():
driver = webdriver.Chrome("C:\YOURPATHTO\CHROMEDRIVER.EXE")
driver.get('http://10.10.0.1/login')
driver.find_element_by_xpath('//*[#id="username"]').send_keys('USERNAME')
driver.find_element_by_xpath('//*[#id="password"]').send_keys('PASSWORD')
driver.find_element_by_xpath('//*[#id="btnLogin"]').click()
driver.close
while(1):
if time=='your-login-period1' or time == 'your-login-period2':
Authorization_for_broadband()
Your URL may be wrong. Looking at the source code it looks like the HTML form is posting data to the http://10.10.0.1/login page and then the doLogin() function is submitting data to Register.aspx?CheckCustomerStatus=1.
Also your payload includes the variable action and you're using a Session object, which I don't think is necessary.
I can't test it since it's a local login page I can't access, but I would try modifying your code to submit the login info to both pages using a simpler POST request
I know there are other similar questions, but none of the answers helped me.
I have an ASP.NET web application hosted in IIS on a server.
The server has a windows operating system with a windows user name, suppose: ServerDomain/ServerUserName.
I have a Main.aspx page. The page has a link tag:
Resend
The page has a script tag and there I have a Java Script function:
function resendHandle(el) {
var clientWindowsName = ?
alert(clientWindowsName );
setCurrentUser(clientWindowsName));
submit();
}
Now suppose a client, who also has a windows operating system with a Windows user name: ClientXDomain/ClientXUserName is browsing my site.
Once he clicks the Resend link, the control flows to resendHandle Java Script function and after "submit" to the Resend method in Main.aspx.cs (behind code file). In this method, I want to retrieve the client windows user name, which is: ClientXDomain/ClientXUserName. Obviously, the aspx.cs is a server code, so if I check there for user identity in this method, I will get: ServerDomain/ServerUserName. But as I've mentioned, I want to get the: ClientXDomain/ClientXUserName in this method.
The clientWindowsName is accessed from the server method with the help of setCurrentUser, so there is no problem for me to transfer the clientWindowsName variable value (within the resendHandle java script function) to the server size.
The problem is that
alert(clientWindowsName );
always returns NULL for me for:
var clientWindowsName = '<%=Page.User.Identity.Name%>';
and for other options I've tried.
Only for:
var clientWindowsName = '<%=Request.LogonUserIdentity.Name.ToString()%>';
it alerts NT AUTHORITYIUSR.
but none of the options gives me the desired user name: ClientXDomain/ClientXUserName.
So, how do I get it? Note that I'm trying to get the value within a Java Script function, maybe I should try to do outside the script tag. Thanks!
EDIT 01: My web config contains:
<authentication mode="Windows"/>
Enable impersonation which will help you to get loggined user identity .
in web.config or it can be set on IIS server please check how to set it .But this is what you are missing .
<identity impersonate="true" />
Hi you need to set impersonation as well this way if user is in active directory then his identity can be passed to code otherwise you will get the identity on account under which it is hosted under IIS.
https://msdn.microsoft.com/en-us/library/aa292118(v=vs.71).aspx
I think you need to configure your website using WIndows Authentication instead of Form authentication, like this https://www.codeproject.com/Articles/94612/Windows-Authentication
I had to disable Anonymous Authentication.
I'm getting conflicting results between the facebook javascript SDK and the python requesthandler variables. The Javascript SDK says my user is not logged in, which is correct, while my template variable that comes from the base request handler says that my user is logged in and displays the name of the user. Is there enough info to tell what is wrong or should I paste the code I think is relevant here? A link to the login page that has the error is here. The example I used is called the runwithfriends demo app from facebook and everything with that app worked except using the logic from the app just from a website without requiring the user to be in the iframe of the app.
Plus I can't seem to get the real-time API working. I can only save userID and not refresh user data - why? I have the code but I'm not sure what's most relevant but here's some of the request handler, the relevant code is basically exactly the same as the one from the demo app:
def render(self, name, **data):
logging.debug('render')
"""Render a template"""
if not data:
logging.debug('no data')
data = {}
data[u'js_conf'] = json.dumps({
u'appId': facebookconf.FACEBOOK_APP_ID,
u'canvasName': facebookconf.FACEBOOK_CANVAS_NAME,
u'userIdOnServer': self.user.id if self.user else None,
})
data[u'logged_in_user'] = self.user #variable that is the problem
data[u'message'] = self.get_message()
data[u'csrf_token'] = self.csrf_token
data[u'canvas_name'] = facebookconf.FACEBOOK_CANVAS_NAME
self.response.out.write(template.render(
os.path.join(
os.path.dirname(__file__), 'templates', name + '.html'),
data))
And even more strange, I can also get the application in a state where the javascript SDK says the user is logged in and the template variable logged_in_user says otherwise. Why are the variables conflicting?
Update: Here are screenshots from the strange login flow. I can go to my page and my name from facebook appears:
Then when I go to next page it also looks alright and has my name
But if I log out then I gets in impossible state: my name + logged out
How can I resolve this strange conflict between js and back-end?
Update: Since I only have this problem for one of my apps I can take what works from my other app and integrate. This page seems to work from my other app: http://cyberfaze.appspot.com/file/20985
Your 'user' is probably referring to the Django user not the Facebook user. Make sure you synchronize the two accounts correctly using a custom authentication backend. It's possible that the accounts get out of sync i.e. if the user switches browsers.
Keep in mind that the Facebook Python SDK will stop working after October 1st unless they update it to Oauth2.0 which is unlikely.
I just updated django-facebook-graph to work with the new authentication flow.