I am trying to log into a site programmatically using the Mechanize Ruby library and then access the content available as a signed in user.
# intantiating a Mechanize instance
#agent = Mechanize.new
# username and password for site log in
username = "username"
password = "password"
#load site site
page = #agent.get("https://someDomain.com/")
# get the login form
form = #agent.page.forms.first
#fill the form with credentials
form.field_with(:name => "username").value = username
form.field_with(:name => "password").value = password
form.method = "POST"
#submit the login form
page = form.submit
Once the form submitted the Mechanize object assigned to page has a url property that looks like this:
{url
#<URI::HTTPS https://someDomain.com/?username=username&password=password#>
}
I think the way I'm passing my username and password to the url through the use of Mechanize is wrong because it looks like the website doesn't do that when I go and sign in manually.
Question
Does the local variable page contain the response page that is shown once the user is logged in?
I now want to access certain urls that only signed in user have access to-- what do I need to do?
Related
hi I am trying to access the page through mechanize get method.The page takes cookie of the previous page post request to give response.
Can anyone tell me how to pass the cookie in the header of get method of Mechanize?
I am trying the approach mentioned below but not hitting the result page not getting data of result page..
def get_body_2
{
"ctl00$Content$ddSpecialization" => "Appellate Practice"
}
end
def post_request
url = 'https://portal.ncbar.gov/verification/search.aspx'
body = get_body_2
page = #agent.post(url,body)
#cookie_val = #agent.cookies[0]
end
def mechanize_call
url = 'https://portal.ncbar.gov/Verification/results.aspx'
byebug
page = #agent.get(url,{"Cookie" => #cookie_val})
end
Hello guys I want to make the remember me checkbox and I want to save the user info into cookies so next time when try to login he find the user name and password in their fields I try to use :
$rememberMe = false;
if(isset($req->remember_me)) {
$rememberMe = true;
}
if(Sentinel::authenticate($req->all(), $rememberMe)) {
$slug = Sentinel::getUser()->roles()->first()->slug();
}
The cookies was set, I see it in the chrome settings but it does not do as I expect
I'm using laravel 5.2
You can use Cookies
cookie, is a small piece of data sent from a website and stored in a user's web browser while the user is browsing that website. Every time the user loads the website, the browser sends the cookie back to the server to notify the website of the user's previous activity
To create:
$response->withCookie(Cookie::make('name', 'value', $minutes));
To retrieve
$value = Cookie::get('name');
Your question is not to remember the user login.. The question is how to fill the inputs based on saved auth information. You can do that if you print the authentication values in the input value attribute while loading the page.
larval Cookies Docs
Also Laravel has it's own implementation of "Remember Me"
if (Auth::attempt(array('email' => $email, 'password' => $password), true))
{
// The user is being remembered...
}
if (Auth::viaRemember())
{
//
}
More information about https://laravel.com/docs/5.4/authentication#remembering-users
There is two main thing need to taken care:
1) You must pass a bool value as second parameter to the method, make sure you cast it before passing it to the method. - In your code, it's perfect
$credentials = $req->only('LOGINNAME', 'PASSNAME')
if(Sentinel::authenticate($credentials , $req->has('remember_me'))){
//Other stuff
}
2) you can verify it works by ensuring a cookie is set with the key cartalyst_sentinel?
So first change as per 1) option and then check the 2) option, may be this is your answer.
I'm having some trouble authenticating users for my app. During the authentication process I get the following error:
Refused to display 'https://www.facebook.com/dialog/oauth?response_type=code&client_id=xxxxxxxx…%2Fliketodownload.xx-xxxx.com%2Fauth%2Ffacebook%2Fcallback&scope=email' in a frame because it set 'X-Frame-Options' to 'DENY'.
I think it's to do with the authentication trying to redirected to an invalid target and that's why it's getting blocked. But with Ruby and Sinatra I am unsure of how to overcome this.
Many thanks.
UPDATE
I'm not redirecting to views, of which the auth and add to page dialogs are trigged into new targets via html. Now I'm trying to figure out the logic of which to auth and redirect users appropriately.
Code below:
post '/' do
if current_user
signed_request = FBGraph::Canvas.parse_signed_request(APP_SECRET, params[:signed_request])
if signed_request["page"] != nil
is_admin = signed_request["page"]["admin"]
is_liked = signed_request["page"]["liked"]
if is_admin #if admin, see if existing user is in db, if not create, then send to admin page
puts "user is a page admin" #logging for dev
redirect '/index'
elsif is_liked #if liked send to download end point
puts "user has liked page" #logging for dev purposes
redirect '/main/#/liked'
elsif !is_liked #otherwise make them like the page
puts "user has not liked" #logging for dev purposes
redirect '/main/#/notliked'
end
else
redirect '/addtopage/#/addtopageview'
end
elsif $auth1 && !current_user
puts "post / add to page view reached"
User.first_or_create({:uid => $auth1["uid"]}, {
:uid => $auth1["uid"],
:nickname => $auth1["info"]["nickname"],
:name => $auth1["info"]["name"],
:email_address => $auth1["info"]["email"],
:created_at => Time.now})
redirect '/addtopage/#/addtopageview'
else
# we just redirect to /auth/facebook here which will parse the #signed_request FB sends us, asking for auth if the user has not already granted access, or simply moving straight to the callback where they have already granted access.
puts "post / auth me reached"
redirect '/addtopage/#/authme'
end
end
get '/auth/:provider/callback' do
content_type 'application/json'
response.set_cookie 'test', {:value => "facebook_callback", :path => "/"}
JSON.generate(request.env)
auth = request.env["omniauth.auth"]
$auth1 = auth
#need escape here to allow user to initially authorise app without the full #signed_request?
session['fb_auth'] = auth
session['fb_token'] = cookies[:fb_token] = auth['credentials']['token']
session['fb_error'] = nil
if params[:signed_request] != nil #if the signed request isn't empty
signed_request = FBGraph::Canvas.parse_signed_request(APP_SECRET, params[:signed_request])
if signed_request["page"] != nil #if the signed request contains page data
$page_id = signed_request["page"]["id"]
is_admin = signed_request["page"]["admin"]
is_liked = signed_request["page"]["liked"]
if is_admin #if admin, see if existing user is in db, if not create, then send to admin page
puts "user is a page admin" #logging for dev
User.first_or_create({:uid => auth["uid"]}, {
:uid => auth["uid"],
:nickname => auth["info"]["nickname"],
:name => auth["info"]["name"],
:email_address => auth["info"]["email"],
:created_at => Time.now})
#insert page_id into database?
redirect '/index'
elsif is_liked #if liked send to download end point
puts "user has liked page" #logging for dev purposes
redirect '/main/#/liked'
elsif !is_liked #otherwise make them like the page
puts "user has not liked" #logging for dev purposes
redirect '/main/#/notliked'
end
else #user authed app but needs to add to page
puts "add to page view"
redirect '/addtopage/#/addtopageview'
end
else
#needs to redirect to a page telling them that they must be on facebook or that they must authorise the application
redirect '/index'
end
end
helpers do
def current_user
#current_user ||= User.get(session[:user_id]) if session[:user_id]
end
end
Facebook domains can not be iframed except for the socials plugins, Why?
for security reasons, for example let's say you're logged into Your Facebook account
and I have http://example.com/xss.html which has an iframe of http://facebook.com in this way I can steal or hi-jack sensitive information from your account like fb_dtsg token, same thing for oAuth Dialogs I can set my iframe source to to it and steal Your access_token :)
I hope it's clear enough why Facebook uses
header('X-Frame-Options: DENY');
I have this code, and I login successfully:
require 'mechanize'
require 'logger'
agent = Mechanize.new{|a| a.log = Logger.new(STDERR) }
agent.read_timeout = 60
def add_cookie(agent, uri, cookie)
uri = URI.parse(uri)
Mechanize::Cookie.parse(uri, cookie) do |cookie|
agent.cookie_jar.add(uri, cookie)
end
end
page = agent.get "http://www.webpage.com"
form = page.forms.first
form.correo_ingresar = "user"
form.password = "password"
page = agent.submit form
myarray = page.body.scan(/SetCookie\(\"(.+)\", \"(.+)\"\)/)
After I login I do not get redirected, so I looked at the webpage and Java is the one redirecting me, but if I use page = agent.get("http://webpage.com") all session cookies are deleted. And I have to login again , and it is a cycle because I don't get past that. I already tried several recommendations like ignore_discard
It looks like you have the right code to add the cookie but forgot to call it.
At the end try:
myarray.each{|line| add_cookie agent, 'http://www.sistemasaplicados.com.mx', "#{line[0]}=#{line[1]}"}
Mechanize automatically receives, stores, and sends cookies when using the same instance to get new pages.
Are you certain that the site is actually sending cookies?
Have you confirmed that Mechanize is really not sending the cookies? (Have you inspected the request headers it sends?)
You said "Java is [...] redirecting me"; did you really mean JavaScript?
i'd like to know how can get the user name and his password and use it when i set the crmservice connection
CrmDiscoveryService disco = new CrmDiscoveryService();
disco.Url = "https://localhost/MSCRMServices/2007/SPLA/CrmDiscoveryService.asmx";
//Retrieve a list of available organizations from the CrmDiscoveryService Web service.
RetrieveOrganizationsRequest orgRequest = new RetrieveOrganizationsRequest();
HERE I WANT TO PUT THE USERNAME AND PASSWORD FROM THE SIGNIN PAGE
// Substitute an appropriate domain, username, and password here.
orgRequest.UserId = domain + "\\" + username;
orgRequest.Password = password;
RetrieveOrganizationsResponse orgResponse = (RetrieveOrganizationsResponse)disco.Execute(orgRequest);
thanks to the helper :)
I'm assuming you're talking about the IFD signin page? There is no way for you to pull the user's credentials from that page. If you need the user's credentials you'll need to pull them in on a custom page.
You can also accomplish the orgrequest using the UseDefaultCredentials property which will use the current user's credentials:
CrmDiscoveryService disco = new CrmDiscoveryService();
disco.Url = "https://localhost/MSCRMServices/2007/SPLA/CrmDiscoveryService.asmx";
disco.UseDefaultCredentials = true;
Or you can use an HttpContext/HttpRequest auth if you're doing this on a custom page.