I have a form in Application Express where I let the user edit their details, update their password etc.
I would like to use the usual method of having the user type in their password twice and make sure the two passwords are typed identically so I can be sure they have have not made a mistake typing.
However, since both elements are form fields on the same page I can't see a way to compare them. Any direction would be appreciated.
If you are okay with checking they are identical during the submit you can simply do this in a page validation.
Let's say you have P1_NEW_PASSWORD and P1_NEW_PASSWORD_CONFIRM.
Then in the page processing box expand 'Validating', right click 'Validations' and choose 'Create'.
Choose 'Page Item', P1_NEW_PASSWORD, choose a name and as validation type choose 'PL/SQL', then 'PL/SQL Expression'. Enter :P1_NEW_PASSWORD = :P1_NEW_PASSWORD_CONFIRM as Validation Code, and choose an error message. Now create your validation.
Now when you try to submit the page and the passwords don't match, you will get an error message.
Related
I am trying to input email and password into PayPal (sandbox mode) using my Robot Framework script. This is a snippet of my code:
input text login_email ${email}
input text login_password ${password}
login_email is the name of the input field for the email and login_password is for the password.
I am passing the email in the ${email} argument and the password in the ${password} argument.
This doesn't seem to work for some reason. I keep getting this error:
InvalidElementStateException: Message: Element is not currently interactable and may not be manipulated
The email and password field for PayPal are generated upon the loading of the page. Can that be a reason why they are not accessible? Can anybody help me identify what am I doing wrong here?
As Correctly said by Ofer Steinberg , try to find the XPATH manually
Also, add a wait point until that item is visible and the enter name and password
as many times item is present and hidden due to which it says item not interactable.
It seems you have there a 'not constant' id (or similar..).
I had this problem, and the solution was to change the input path from id to xpath.
Moreover, try to inspect the paths manually in 'guest mode' (I guess you using chrome), it should show that page source more accurately since the selenium running by it.
I'm a newbie but I think Paw can do what i need :
I need to extract a session id behind a login page.
I go to https://admin.booking.com, filling the form (login and pass) and the landing page behind includes a session id :
https://admin.booking.com/pc/index.html?ses=xxxxyyyyyzzzzz11112222233333
I'd like to :
1) Push credentials with Paw as part of my request,
2) get the above item (ses) item as a response so i can use the php script extension provided by Paw and then call this script "on demand".
Is this possible ? If so, what should i do ?
Thanks for your help
UPDATE*: we've added a documentation article to describe the process a little more: Login via a web form in Paw. We've detailed the process to deal with CSRF tokens too.
Paw isn't quite yet ready for handling web/HTML forms. Though, there's one way to do it the right way: if you inspect the form with the Chrome dev tools you'll find the name of the input from the DOM/HTML:
In your case, you have the inputs: loginname, password, lang.
Also, find the <form…> tag to see what's the action attribute. If there's no action attribute (like in your example), it means the target URL for your form is the current page's URL (https://admin.booking.com/ in your case). Also, make sure the method="POST" is also there in the <form…> tag, otherwise this method won't work.
Then jump into Paw and set:
URL (in your case https://admin.booking.com/)
method to POST
go to the Body tab and use "Form URL-Encoded + fill up the fields from your form
If all works, you'll see Paw show a redirection request, and if you go to the right-hand side panel under "Response" > "Headers", you should see a Location header with a value similar to the URL you initially mentioned (https://admin.booking.com/pc/index.html?ses=xxxxyyyyyzzzzz11112222233333). Hurray! You got your value into Paw!
Now that you have that, you can create in a new request (click on the + button at the bottom of the left-hand side list). And wherever you want to use this session token/ID, you can insert a dynamic value to retrieve that URL value. You have more infos here, in our docs, but I'll describe the steps here:
On whichever field you want to insert the token, right-click and pick Responses > Response Header.
Make sure you pick the first request in the "Request" dropdown menu, and enter Location in the "Header" field:
You should see the value of the Location header of the previous response appear here.
Now what you want to do is to extract only the part you want (i.e. the value of the ses param in your case). For that you'll need that extension for Paw, so please install it now: https://luckymarmot.com/paw/extensions/RegExMatch
Copy the dynamic value you have just inserted (the blue token), and right-click on that field to insert a new dynamic value, and pick Extensions > RegExp match:
In the Input field, paste the previous dynamic value you copied. And use the RegExp field to write a regular expression that will successfully extract the part of the URL you want (this should work in your case ses=(.*)).
Now that you're set up. You should be able to use this little new blue token wherever you like and automagically extract the value from the previous form. And whenever you send again the initial request, and get a new token, everything else will also update! :)
It was a little long guide, but I hope this will help you and hopefully others too.
Got this site with UN/PW set via the Createuserwizard control.
Client considers PW too large of a barrier to entry and wants to get rid of the password requirement but still have accounts so users simply log back in with emaill address only.
I want the quickest fix possible where I use the same provider and control but just use the same static PW for all users on signup, then sort of enter it for them when they "log in" if they return. Works like a cookie basically but has an actual login.
Problem is the Createuserwizard.Password property is read only. Can I do AutoGeneratePassword= true and force it to generate the exact same password every time?
For what it's worth, this is a simple, no secure data, basically not much stored kind of site. Lets not get into whether the req makes sense though, and the implications of this - I probably agree with you :)
Bla, bla, bla lots of stuff you probably agree with... and now to the point:
Just ditch the CreateUserWizard and call MembershipProvider.CreateUser directly. You will have to throw in a few textboxes for the email and stuff instead of the createuserwizard but it should be a walk in the park. For the login, just drop the login control too and add a textbox for the email and a "login" button. Then in code-behind call MembershipProvider.ValidateUser with the email and hardcoded password, and if it returns true (meaning the user exists) you just call FormsAuthentication.SetAuthCookie followed by FormsAuthentication.RedirectFromLoginPage and the user is logged in.
I have one question. How to change the link after the user has submitted the form? What I mean is that once the user submit the form, the link that direct the user to the FORM will be change to another url which is ViewFormA.asp. How can I do that? Need your advice. Thanks.
Does this help?
Response.Redirect "/ViewFormA.asp"
at first, in the beginning of FORM page on the server side you need to check your own special Cookie or Session variable (like Session("AlreadySubmitted"))
a) if this variable is exist , it means that the user already submitted the form and must be redirected to an other page.
b) if this variable is not exist yet or equal to zero , the user is allowed to fill the FORM and submit the data.
at second, on a page that get submitted data you have to set this variable to 1
I want find a platform/language agnostic solution to ensuring the origin of a FORM POST is from an expected source. I.e. Page1.aspx posting to Page2.php within the same web site.
Specifically what I am attempting to do here is to prevent request forgery.
Use a hidden field in your form, which contains a token your app generated. Store the token in the user session. When the form is submitted, your app will check that the value of the hidden field is identical to the value stored in the user session.
If it is identical, then you know the submitted form comes from where it is expected to come.
Old Thread, but might still be useful.
If you do not have session info set (best option) then you can include a hidden field with an encrypted timestamp then compare it (after de-crypt) to the current time on the process end to make sure it is relatively close and thus as recent as you deem necessary.
You could include into the form a hidden field which would be the SHA1Hash("some-secret" + Remote_IP + PerSessionSecret).
The PerSessionSecret is something you autogenerate in the beginning of the session. "some-secret" is a global secret value - which will help a little bit in case the randomly generated PerSessionSecret turns out not to be very random enough.
Then do the same calculation upon the form submission and you know it's most probably submitted from the same client that it was sent to. (Of course, if you have multiple clients behind the single address, like a proxy or a NAT, you can not distinguish between them reliably).