Basic auth for Webdriverio for headless and headful - basic-authentication

I am trying to create a framework for my application with webdriverio and mocha for headless and headful execution. we use basic auth for login (passing username and password in the authentication pop up), tried passing it username and password as a part of url but that is not working for chrome’s new version.any help on this is much appreciated

The credentials-in-URL method has been broken in Chrome based browsers and Safari for a while. It still works in Firefox, but it pops up an application level dialogue before loading the page and I'm not sure if WebdriverIO can see it.
WebdriverIO has no way of interacting with the HTTPAuth dialog directly. I badger Christian about this every six months or so, guess I'm due to do that again. Browserstack's documentation indicates that they do have a way of dealing with it, but I haven't tried it.

Related

Legacy Webforms User Login/Session not persisted after redirect from iframe in Safari

I have a site which uses are a payment service that exists inside an iframe to take the customers credit card information.
In Chrome/Edge everything is working as expected, but in Safari, when the user is redirected back to the site via the iframe (the user is broken out of the iframe when returned to the site) the user is logged out and returned to the login screen.
This is seems to be something that has happened in the last few months but this may have just not be noticed. I am trying to wrap my head around the SameSite cookie information out there as this may be related.
Has anyone experienced anything like this and have any clue as to how to resolve?
It sounds very much like a SameSite problem.
A quick way to test that theory would be to set SameSite=None and test if it now works, then work back from there.
The fact that it works on Chrome but not Safari could suggest some quirk of Safari's implementation of SameSite.
I've found the following useful in learning about this:
https://web.dev/samesite-cookie-recipes/
https://www.netsparker.com/blog/web-security/same-site-cookie-attribute-prevent-cross-site-request-forgery/
https://andrewwburns.com/2020/08/05/dont-be-lax-about-your-samesite-cookies/

Firebase Crashlytics links from mail, redirect to error-page, due to wrong Chrome user

Setup:
having a firebase project with crashlytics active
receive mails for crashes
try to open the crash from the link within the mail
Example link: https://console.firebase.google.com/project/xxx-8c64/crashlytics/app/android:com.example.project/issues/3fgdfgfdg9e86f653d84df9fdfdfdf3?time=last-seven-days
I have multiple accounts in chrome. One is my private, one is my work account.
My main account is the private one. (/u/0)
Now, once I try to open the link
result: get redirected to wrong user https://console.firebase.google.com/u/0/
expected result: asking which account I want to use to open the link
My current workaround is to stop loading the link in the middle and replacing the u/0 with u/1 and let chrome continue. This will load the link correctly. But it will not always work and is super cumbersome.
Is there anything I can do? Do some of you face the same problem?
(Besides logging in with my work account. No - I don't want to log out from my main and switch forth and back all the time)
Okay I found a way, although I would love to hear a better one.
Using a redirect chrome extension. Redirector
github Link
Chrome Extension Link
RegEx:
From: ^https://console\.firebase\.google\.com/u/./(.*)
to: https://console.firebase.google.com/u/1/$1

"Browser or app may not be secure. Try using a different browser." error with Flutter Firebase Google Login

I am using flutter web and firebase authentication to build a web app. For that
1. Created Firebase app with Google signin as one of the sign in methods.
2. Added the dependencies as given in https://github.com/FirebaseExtended/flutterfire/tree/master/packages/firebase_auth/firebase_auth/example
and https://dart-pub.mirrors.sjtug.sjtu.edu.cn/packages/firebase_auth_web.
When I try to login, the Google sign-in window appears. Once I enter the email address and press enter, it gives the following error.
"Couldn't sign you in This browser or app may not be secure. Try using
a different browser. If you’re already using a supported browser, you
can refresh your screen and try again to sign in."
I used Chrome browser.
What should I do to make my app more secure ? For android, we had the option of using SHA keys to encrypt the connection. Do we need to do something similar for web ?
Incomplete answer:
This problem isn't specific to flutter. It happens whenever you try to sign in to Google in a Chrome instance that has debugging turned on. In other words, if you, your automation software, or IDE starts up chrome with a command like chrome.exe --remote-debugging-port=9222
If running Chrome normally (out of debug mode) is not an option, then try https://support.google.com/accounts/thread/22873505?msgid=24501976 or if you are using Electron then try https://support.google.com/accounts/thread/22873505?msgid=24503570 but I, personally, haven't been able to make these work for me, yet.
Please upvote the question at https://support.google.com/accounts/thread/25209002 if you want a solution to this problem that actually works.
The issue was with the chrome developer version Flutter use to launch as a device. If we open the same URL (localhost:portnumber) in the normal chrome, it will work without any issue.
The following worked for me:
Go into your google account
select Manage Account
Security
Less secure app access (need to scroll down a little bit)
set to off
Then I was able to login in and debug in IntelliJ
(for me, for some reason, I had to create a new google account, couldn't get it working with my existing account but it worked with my new account)
You can use user agent switch to switch another browser (for example opera).
https://chrome.google.com/webstore/detail/user-agent-switcher-for-c/djflhoibgkdhkhhcedjiklpkjnoahfmg
They try login. Once you successfully logged in you can remove or disable the extension.
I had the same problem with Firefox. The only way I could fix it was to create a new profile. So you could try to run Firefox with -p switch and create a new profile.
firefox -ProfileManager
firefox.exe -p
Update: check the firefox config (address field: about:config)
be sure marionette.enabled is false
For Test Automation Users-:I saw many testers are facing this issue for sign in using Google but I think below my idea will save their time.
Best Work Around is as below-:
Open automated Chrome browser as shown below
Sign up with new details which you want to use.
Now after successfully completion of sign up.
Then use that email and password for signing into gmail using Selenium or any other test automation tool

Infinite loop with Safari using Adal JS and ADFS 4.0

I experience problems with Safari when running Adal JS 1.0.13 together with a local ADFS 4.0.
Safari: after a successful redirect back from the ADFS login screen the browser goes into an infinite loop. The sessionStorage is updated approximately 3 times/second with new values each time. If I reload the page later the same loop starts. To reach the login screen I must select “Remove all Website data”. Cookie settings: always accept.
Firefox / Chrome: login works fine and the application runs perfectly. Three cookies are available MSISAuth, MSISAuthenticated & MSISLoopDetectionCookie.
“Keep me signed in” is not selected by the user and the parameter “cacheLocation” is not specified (i.e. use sessionStorage).
Any ideas what causes Safari to behave in this way?
There are various reasons this could be happening and you will need to specifically follow up with adal.js team. See this FAQ from adal.js team.
I recommend collecting adal logs and attaching it to the github issue.
Irrespective of the root cause, the adal.js team recommends two solutions
Specify a different html for the iframe - Gist
Conditional initialization in your main app.js file - Gist
From my experience, the second approach doesn't work for anything but very basic apps. You will need to implement the first solution which takes an iFrame based approach.

Running Canvas app in a Tab

This is my first Facebook app and I'm on quite a tight deadline so forgive me if any of this is a dumb question.
I've set up a Canvas app, I've got it to authenticate by passing the parameters to the facebook URL:
https://www.facebook.com/dialog/oauth?client_id=1234&redirect_uri=MY_APP_URI
I can then get the user_id and name of the user, which for this particular app is all I need. It runs fine in the Canvas page.
Problem is I can't get it to run in a tab, it always redirects to the Canvas, which is not what I want - I need it to run within the context of my client's Facebook page. I've been trying to find examples of setting it up but everything seems to be out of date compared to what I'm seeing in the App settings.
My settings at the moment are:
App on Facebook
Canvas URL: http://localhost/facebook/
Canvas Page: http://apps.facebook.com/MYAPP
Page Tab
Page Tab Name: My test app
Page Tab URL: http://localhost/facebook/
I presume I'm missing something obvious, so if someone can advise I'd be grateful. For what it's worth I'm using .Net webforms and have the C# SDK installed, but don't think I'll need to really use it for this example.
EDITED TO ADD
I'm sure its to do with the authorization - I've followed the guide here developers.facebook.com/docs/appsonfacebook/tutorial on how to redirect the page back with the authorization payload, but obviously doing that has kicked it out of the tab and into the main Canvas again. I need to to stay where it is, if such a thing is possible.
localhost points from your local machine to itself. Facebook does not know what localhost relates to and cannot load the app. You need to make your app accessible from outside of your machine.
It was the fact that I was still redirecting the url, when you run in a tab you don't need to redirect to another url to get the user data, it's just there waiting.

Resources