I'm trying to use Requests to login to a website that only has a password field, no username. Anytime I try and do a request using simply:
response = requests.get(URL, auth = ('password'), verify=False)
All I get is the HTML formatting of the page asking for the password, which is the following:
'<html><head>\t<title>Relay Diagnostics Login page</title></head><body>\t<form action="/rd" method="POST">\t\tPlease, enter the password to access the Relay Diagnostics page:\t\t<br />\t\t<input type="password" placeholder="Password" name="password" />\t\t<br />\t\t<input type="submit" value="Login" />\t\t<input type="hidden" name="rnd" value="WtKEYTI64T3InibBmG+OKVM9dIo" />\t</form></body></html>'
Is there anyway to pass auth with just a password?
Thanks
Its rare for site to only have password. Try auth=('','password') or auth=(None,'password')
Related
When I first created this Classic ASP script, with the help of W3Schools, to send email, it worked fine. Now I'm having issues with sending the actual email; it appears to hang on the .Send method.
I noticed that when I set the To and From email address to just the email address, it reformats it to a "Friendly Name"/Email Address format:
myMail.From="Support#myDomain.com"
Response.Write myMail.From
The output of the Response Write is:
"Support#myDomain.com" <Support#myDomain.com>
I don't know if this was happening before, or if I should be setting the To and From fields in this format. Just to check if this is causing my problem, is there anyway to prevent these fields from being changed from just the email address?
Maybe the e-mail sending from the server now needs some kind of authentication such as setting these fields:
' Outgoing SMTP server.
objCDO.Configuration.Fields("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "mail.mydomain.com"
objCDO.Configuration.Fields("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25
objCDO.Configuration.Fields("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
objCDO.Configuration.Fields("http://schemas.microsoft.com/cdo/configuration/smtpconnectiontimeout") = 60
' Type of authentication, 0=NONE, 1-Basic (Base64 encoded), and 2=NTLM.
objCDO.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/smtpauthenticate") = 1
' UserID on the SMTP server
objCDO.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/sendusername") = "support#mydomain.com"
' Password on the SMTP server
objCDO.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/sendpassword") = "myemailpassword"
' Update config.
objCDO.Configuration.Fields.Update
The issue stemmed from the fact that the "From" email address was actually a distribution list and the account credentials used to login to the email server were not authorized to "Send As". Once that was rectified emails sent without further problems.
Thanks for the response.
I installed the plugin contactform 7 on my wordpress. Everytime I try to send the message the error :
There was an error trying to send your message. Please try again later.
will appear.
I checked all my settings, desinstall and reinstall the plugin but always the same problem.
My form:
<label> Your Name (required)
[text* your-name] </label>
<label> Your Email (required)
[email* your-email] </label>
<label> Subject
[text your-subject] </label>
<label> Your Message
[textarea your-message] </label>
[submit "Send"]
My mail option:
To: info#mycompany.com
From: [your-name] <info#mycompany.com>
Subject: Company "[your-subject]"
Additional Headers: Reply-To: [your-email]
Message body: From: [your-name] <[your-email]>
Subject: [your-subject]
Message Body:
[your-message]
--
This e-mail was sent from a contact form on Company (https://company.com)
I did not find any answer to this problem in the docs file
You need to install smtp plugin to send email template.
There are many smtp plugins are available email setting in WordPress.
You can also use below plugin, It will work for you.
https://wordpress.org/plugins/wp-mail-smtp/
based on Paypal tutorial, this is the form they provide for testing the IPN:
<form target="_new" method="post" action="https://www.YourDomain.com/Path/YourIPNHandler.php">
<input type="hidden" name="SomePayPalVar" value="SomeValue1"/>
<input type="hidden" name="SomeOtherPPVar" value="SomeValue2"/>
<!-- code for other variables to be tested ... -->
<input type="submit"/>
</form>
I got my IPN listener code in server/routing.js and used iron router and specified the path to /ipn. here is the code for it
Router.map(function () {
this.route('ipn', {
path: '/ipn',
where: 'server',
so my question now, what URL should i put in the form instead of "https://www.YourDomain.com/Path/YourIPNHandler.php" URL? Because am testing it in my local machine "localhost:3000"
I had the same problem friend. The solution was very simple.
Paypal does not allow test in your local machine: Paypal says: We're sorry, URL with port number is not allowed for IPN.
You must have a server with your "www.YourDomain.com". In my case for development tests I downloaded a "tunnel" application called NGROK which gives to you a testing domain. You can get it from here.
Then will be enought just open the ngrok console and write the command:
> ngrok http -host-header=localhost 3000
After that execute your web application. After you've started ngrok, just open http://localhost:4040 in a web browser to review your domain provided by ngrok.
When you go to localhost:4040 in your browser ngrok show to you a http and http domains like they show in the examples.
http://92832de0.ngrok.io
https://92832de0.ngrok.io
Now just replace "www.YourDomain.com" with this ngrok URL.
Hope this helps to you. Regards!
The problem
I have a shiny application that requires user to login to access the underlying dataset.
The username and password are collected from form fields and submitted via a RESTful API on another server to get an access token which is used in future requests. I haven't included those details in this example.
I want to get the web browser to remember the login details and login automatically, but can't quite see how.
What I tried
In my first implementation, the <input type="text" name="username"> and <input type="password" name="password"> plus an actionButton were dynamically added to the page. This forced the user to re-login each time the shiny application was restarted, which was complex for development and unpleasant for users.
I then found https://gist.github.com/kostiklv/968927 which details the conditions for having the web browser remember the password and log in.
Shiny works on one page, so I couldn't have a separate login page (this would generate a new shiny session, discarding the login!).
I have tried various combinations of things, here is the closest I have got. This script correctly fills in a past password, but the user still has to manually hit submit.
Example code
Note that I have a custom hack my shiny in to enable type="password" to be treated the same as type="text". See bottom of question for access to this code
save this code as login.R then run R and type source("login.R")
write("","blank.html")
require(shiny)
addResourcePath("login",tools:::file_path_as_absolute("./"))
runApp(list(
ui=bootstrapPage(
tags$form(action="#",target="loginframe",
tags$input(id="username",type="text",placeholder="Username"),
tags$input(id="password",type="password",placeholder="Password"),
tags$input(id="loginButton",class="btn btn-primary",type="submit",value="Login")
),
tags$iframe(name="loginframe",src="login/blank.html",style="display:none")
),
server=function(input, output) {
observe({message(
"username ",input$username,"\n",
"password ",input$password,"\n"
)})
})
)
Analysis of what happened
Note that the presence of an html input submit button seems to tell shiny that it should only update the inputs once every submit. Without the submit button shiny updates its inputs every keystroke.
The same is true for shiny's submitButton.
Leaving the form but removing the button allows input$username and input$password to reach the server code, but...
To enable both conventional user login and automated login, I need the button to avoid repeated attempts to authenticate (which might cause problems) for partial usernames and passwords.
Log of what happened
Here are the console logs from the tests
Log with a submit button:
username
password
<enter username AA and password BB>
*no update*
<hit submit>
*browser requests to save password / yes*
username A
password B
<refresh page>
username
password
* onscreen form inputs are populated *
<hit submit>
username A
password B
Log without a submit button
Comment out
tags$input(id="loginButton",class="btn btn-primary",type="submit",value="Login")
and the preceding comma
note you may want to tell your browser to forget localhost web passwords for now.
username
password
<enter username AA and password BB>
username A
password
username AA
password
username AA
password B
password BB
<refresh browser>
* onscreen form inputs are not populated *
* browser requests to save password *
username
password
<refresh browser>
* onscreen form inputs are populated *
username
password
username AA
username BB
Shiny patch to enable password handling:
Install using library(devtools)
install_github("shiny","alexbbrown",ref="password-field")
Or download and install manually:
https://github.com/alexbbrown/shiny.git (branch password-field)
Or patch your shiny manually:
index 9b63c7b..15377d8 100644
--- a/inst/www/shared/shiny.js
+++ b/inst/www/shared/shiny.js
## -1336,7 +1336,7 ##
var textInputBinding = new InputBinding();
$.extend(textInputBinding, {
find: function(scope) {
- return $(scope).find('input[type="text"]');
+ return $(scope).find('input[type="text"],input[type="password"]');
},
getId: function(el) {
return InputBinding.prototype.getId.call(this, el) || el.name;
cf Password field using R Shiny framework
I was looking for something similar, and trestletech's fantastic package shinyStore worked for me.
It enables HTML5 client-side data storage for any data in your shiny app.
The github page is here, and an example of how it works is here.
You may wish to read the "Security" section on the README and ensure it is secure enough for your purposes.
I believe that you can use postForm() from RCurl package to perform a regular HTTP form submit request (unless Shiny would interfere with this functionality, which is based on using underlying libcurl library). For an example code, please see function srdaLogin() in my R module "getSourceForgeData.R": https://github.com/abnova/diss-floss/blob/master/import/getSourceForgeData.R.
We have a web application that is publicly accessible.
When a user is logged in he fills his personal details.
The Problem
The user may forget to close the browser in a kiosk or a shared environment, potentially allowing some other user to see his personal information.
We are using a session timeout of 5 min,
My Thoughts
Is it better to build a separate app for Kiosks environment where i can ask the users Is this a shared computer or public. If yes how would i Implement it further?
For every 3 minutes of inactivity we want to prompt the user: "Do you want to continue?" If yes, get confirmation for password, just to make it more secure.
I have seen the below link
Security considerations for an ASP.Net web application that will be used on a public computer or kiosk
Could you please share more thoughts on this issue: how to make it more secure.
You will have to use JavaScript of some sort. The server does not have the ability to update the client Web page without some sort of client side scripting (obviously JavaScript) to handle a request. I have done something similar, asking a user if they want to keep their session alive through showing a Pop-Up message. But in your case it seems like you should create a DNN page for re-login and add a custom module or HTML block with a simple JavaScript in it to every page you want to check logins (or put it in your template header or footer) which redirects the user to a re-login screen. Something like:
function setHeartbeat() {
setTimeout("heartbeat()", 300000); // every 5 min
}
function heartbeat() {
window.location.href = "Relogin.aspx?LastPage=" + window.location.href;
}
then Relogin.aspx will have a message at the top that the user has been idle for 3 minutes, and provide the password box. After the user logs in you can redirect them back to LastPage (it's been a hwile since I've used DNN, but I think there is a way to format the URL so it automatically redirects).
A more user friendly option would be to show a Pop-Up after the 3 minutes, showing a message and password field with an OK button. Again, this can be done with jQuery, where you have something like:
<div id="confirmSession" style="display: none">
<p class="message" style="display: none;"></p>
<p>You have been idle for 3 minutes, if you want to continue your session please re-enter your password.</p>
<p>Password: <input type="password" id="password" /></p>
<input type="button" id="btnContinueSession" />
<input type="hidden" id="userName" value='<%# HttpContext.Current.User.Principal.Identity %>' />
</div>
and the following JavaScript:
function setHeartbeat() {
setTimeout("heartbeat()", 300000); // every 5 min
}
function heartbeat() {
$("#confirmSession").show();
}
$("#btnContinueSession").click(function () {
$.ajax({
type: "post",
url: "/relogin.aspx",
error: function(returnval) {
// Login failed for some reason, typically page not available 404 error, or code threw an error. so have the user try again.
$(".message").text(returnval + " failure");
$(".message").show();
},
success: function (returnval) {
$("#confirmSession").hide();
setHeartbeat();
}
});
});
Here you'll have to create a relogin.aspx page or some other service which will take in the username and password, re-validate the user, then either throw an error if the password was invalid (caught in the jQuery above and shown to the user). This is obviously a bit more work, and will need custom coding for the validation, versus simply redirecting to a login screen, but it much more user friendly.
In this Ajax approach, it's worth noting that your server session timeout may have to be longer than 3 minutes. If it's three minutes or less, and the user enters their password, they will already be logged out of the server, and you'll get an invalid authentication error. So overall redirecting to the login page may make the most sense. But you'll want to make sure that if a user has entered data that you save it in a cookie or somehow, so you can re-fill it (I've heard hundreds of times of people being frustrated that their data was "lost").
Examples I've taken from are:
Keeping Session alive with jQuery
StackOverflow Ajax Post success error
StackOverflow keeping session open/alive