I’m writing automated tests for a web app on a server with basic authentication enabled.
I’ve tried passing the username and password in the URL and also using the web authentication function. I haven’t had any luck either way. Has anyone else attempted automating basic auth? For now, I’m logging in at beginning of the test manually.
Try using WebUI.authenticate() method:
WebUI.authenticate('http://the-internet.herokuapp.com/basic_auth', 'admin', 'admin', 12)
Related
I currently have a Xamarin Forms App that uses IdentityServer4 & .NET Identity for authentication and login-in users to the app, it also integrates with Office356 login. I now have the need to implement FaceID/TouchID so that the user does not have to login every single time the app launches, but it still needs local authentication to prove they are who they say they are. From the research I have done, the username & password get stored in the Keychain OR the Token so that it can be used to login later. I believe I already have a way of accomplishing it using the Token, nevertheless we want to explore all options and double check if there is a better way of doing it by storing the username/password, is there any way to acquire those when using the WebAuth (ASWebAuthenticationSession)? My first issue is that the device browser is the one used to authenticate and I can’t seem to find a way of getting the username/password from there. In the case I was able to, how could I automatically used those to later authenticate (autofill?). Any help is highly appreciated. Thanks in advance
This is my first GAE app so please let me know if my approach is wrong. I have knowledge of Flask and have used Flask-Login before for my authentication needs. With GAE, it seems they suggest to use Firebase. Mine is not a SPA but I wanted to use Firebase UI and let it handle all the user authentication part.
Looking at the examples here https://github.com/GoogleCloudPlatform/python-docs-samples/blob/master/appengine/standard_python3/building-an-app/building-an-app-3/static/script.js#L42 , i can verify the token server side using the Python Admin SDK. https://firebase.google.com/docs/auth/admin/verify-id-tokens#python or a more developed example https://firebase.google.com/docs/auth/admin/manage-cookies#python . I am able to do this but I am a bit confused about the flow later on.
In the same example, they suggest to store the token (or some part of claims) as secured cookie. This is similar to how Flask Login also stores the cookie and then we verify the cookie in every request - but since in the case the backend is local REDIS or any storage, the validation is not expensive. But when using Firebase, it seems we will have to call Firebase for every api call to validate the token.
Otherwise, it could that be that user has changed their password or reset something in their Google/Facebook provider and we wont know at our server till we validate things at the provider end. This also prevents us from developing locally offline (or we write some logic to specially handle local development).
Whats the best way to solve this?
You can use the Firebase Admin SDK to manage users or to manage authentication tokens, according to the official documentation – marian.vladoi
After searching form wordpress documentation and google, i haven't find any proper way to achieve my goal : able to login to wordpress from custom third party application built with nodeJs.
The steps is check if couple username / password is administrator and process tasks on my external app.
Anyone has already used the REST API of wordpress to auth user? WITHOUT INSTALLING ANY PLUGIN , i just want to get response from server if my couple username/ password is true and is administrator, i know i can asks the database to check but i want to pass throught the built-in wp rest api.
Thank you.
The simple answer is no, and here is why
While cookie authentication is the only authentication mechanism
available natively within WordPress, plugins may be added to support
alternative modes of authentication that will work from remote
applications. Some example plugins are OAuth 1.0a Server, Application
Passwords, and JSON Web Tokens.
Source: Wordpress Official Handbook
However there is a painful and insecure way of doing it with plain HTTP authentication which is not recommended.
Recommended way of doing this securely is to get WordPress JWT or oAuth Server extension and deal with standard authentication process which is more convenient and secure, WordPress already lists them which are referenced in the quote. Hope this helps!
Good afternoon,
Here I am working on Symfony 4 and on the Symfony Security module.
I need to customize the authentication of my users without using plugins such as Fosuser.
This is for the following reasons:
The user connects to a "main" server (ldap) with his login/password
I need to be able to retrieve his credentials to test his account on other ldap servers in parallel.
When the user is authenticated on the main one, the user is redirected to a page telling him if everything is ok or not on the other servers. In case it is not, he has the possibility to update his account.
But the documentation deals with "simple" cases and here I am a little lost.
I tested several possibilities (authentication with Guard, test of creation of a personalized provider...) without results.
I would need to understand the mechanisms of symfony authentication to create a custom authentication.
If anyone has a lead to guide me, that would be great.
Thank you in advance.
I think you need to divide your action into 2 stages:
Authenticate by LDAP against first server, i.e. with Symfony LDAP Component - this can be done by standard authentication form and FOSUserBundle
When you are already authenticated interact with second server in controller action. This can be done by writing entire code in Controler or in service designed to interact with this LDAP server. You can even use the same Symfony LDAP Component as before, but you will need to configure another instance of service by hand.
I need to create an application that fetches User from Ldap and then, generates a token for him to access Restful interface.
First, I am using LdapToolsBundle and I could login using Ldap and login form easily.
Then, I am studying FosOauthServerBundle and oauth2-server-bundle and trying to figure out which one is better for my application. I've installed FosOauthServerBundle correctly but didn't find a way to integrate with LdapToolsBundle.
I studied the possibility of using Fr3dLdapBundle and if anyone has the solution using this bundle, I would be open up.
The problem:
I don't need to persist User Entity. But, if it is required, I don't want to persist it's password. I need always the password being checked from Ldap on every token authentication.
Could anyone help me? I would be greatful.