Given a backend wrote in nodejs that returns a page that should either link to login (if the user is not logged in) or a link to logout (if the users is already logged in).
Considering I'm using firebase as authentication tool, how can I know in the first request, when the user is accessing the website, if is he authenticated to then
set the ejs template to respond with the correct link ?
Is there some header, or token that can I use ?
The only solution I found was use ajax after the server response, but I don't like this solution because apparently there is a delay in the link renderization.
As far as I know there is no way to know if the user is authentication on the initial request. From a quick inspection no data is sent along with that request. That kinda makes sense, given that upon this request it is not even known if you're using authentication to being with.
Update
I actually just ran into this blog post from one of the Firebase engineers, which seems promising: Introducing session cookies for server-side web apps. I haven't fully read it yet, but the title sounds like it may be exactly what you want.
I have a Plone-4.3-based site which provides access to another site as well: Whenever someone logs in to my site, (s)he can click on special hyperlinks and proceed to that other site without the need to enter a password there (some kind of simple SSO, based on a ReST interface).
Now I have the need to logout the user from that other site whenever (s)he logs out from my own site, e.g. by sending a special request which is of course not the topic of this question (perhaps it still needs to be implemented, because session expiration used to be good enough.)
How would I accomplish this, to be precise: Where would I hook in that secondary logout code? Is there some kind of logout hook, or should I modify some logout.[c]py view? I couldn't find no event nor category mentioned in the Event types section here.
There is the Products.PlonePAS.events.UserLoggedOutEvent for such purposes.
As an example, it is explained at the Events Section of the Plone Addon Developer Guide
i'm making a scraper system... it's a challange by my teacher.
The idea is make a mobile app to do and store a class register, this way make possible to the teacher do your job into your smartphone and upload this data later.
We dont have access to college system, but we are imagining this scenario:
The App receive the data like Username and Password through your own graphic interface and make a login request to College WebSite simulating a human user.
The problem is know how to pass the login data by POST into the system... because the URL doesn't show the parameter entries like:
http://website.com/login.php?name=user
I'm looking for some idea... that help me to see the login parameters used in the browser request on the login process, after that i wanna try to loggin into the system by using URL parameters if possible or some other way.
the website is:
https://www.sigacentropaulasouza.com.br/fatec/login.aspx
UPDATED!!!
i'd a firebug installation into my browser and i saw something interesting in the Network Console of this plugin:
In the header, i saw something like:
Refer = https://www.sigacentropaulasouza.com.br/fatec/login.aspx?MyUserName,MyPassWord
so... i've trying to access my profile page by passing this URL into my browser.
Without Success!
I think... because this page uses the HTTPS probably?!
Any idea?
I am trying to integrate a product offered by a 3rd party into my web site. This 3rd party does not have the resources to make code changes for a single sign-on type of setup so I am looking for a way to provide a similar user experience through some possible shortcuts. One that I am considering is to use an HTML POST to post the login credentials directly to the form on the login page which would hopefully bypass the page all together and direct the user directly to the home page fully authenticated. Does anyone know if this is possible, and if so how would I go about it?
i don't think it's possible. i believe that most well made authentication will have some sort of nonce in its form, which is essentially to ensure that unless you use their form to submit, the submission will be rejected.
and even if currently they don't have nonce, in the future they might have
On some websites, when you want to login, you need to enter a captcha as well. If I want to provide support for an user to enter a captcha into my application ( which will then log into the website ), how would I do this?
My problem is that the link to the captcha image is like this: example.com/captcha , and it serves a different image each time it's accesed.
My approach is like this:
request page
download image
show image to user
user inputs login information
application logs in
The thing is, if you download the image in order to show it to the user, you're actually receiving a different image than the one generated when the page was loaded, right? How can I get to the image that was generated when the page was loaded, so that when I show it to the user, it's the correct one?
The question is language agnostic.
I think your problem is about sessions, the session your app downloading the image and the session your app submiting the login form may not be the same session, then your captcha will never be correct, you should maitain the session between requests, normally is some cookie set by the website.
By design, most captcha will always give you a different image. No way to work around that fact.
The first thing to do, is to open up fiddler. That way you can see what the browser is doing so that it can autenticate & remain autenticated.
It usually comes down to a cookie being sent. So what you need to do is to hold the cookie on your client app, and have all the requests sent with that cookie. Different platforms provide features to do so, but I'm sure a quick search will show you how.
Remember to pay attention to all being exchanged in fiddler, you need to make sure your apps triggers the same. Besides cookies, pay attention to any hidden field a js might set on the form.
It sounds like you're trying to invent a captcha solution yourself. Have you considered using reCAPTCHA? It's free.
Can you be a bit more specific about your situation? From what you've said, I'm assuming the following:
You have a "client GUI app" that logs in to a third-party site. Is this a web-app, or a desktop/standalone application? In what language is it written?
Your app contacts the third party site and downloads the Captcha image. This image is then shown to the user.
The user enters the captcha phrase and submits it to your app. Your app then submits this phrase to the site for validation. This is where sessions come in. Assuming the remote site uses cookie-based session tracking, you will need to send the same cookie to the third-party server with this submission as you do when the image was downloaded (in the step above). This allows the server to match your submission to the correct image it sent. Precisely how you do this depends on what language you've written your app in and the precise structure of it all. Without more information, a more specific solution is impossible.
The image that's generated is also the image served to the user. Your 'main' html page doesn't/shouldn't generate the image, it only embeds it using the image tag.
You could pass a token of some kind with the captcha image, perhaps appended to the filename such as captcha-0ad719bef61bc6a0.jpg and the appended data could link into a temporary table in a database server side that has the correct answer. This would allow you to check things were ok without passing both the image and answer across to your application.
I'm not sure if I entirely understand this question, but wouldn't you simply store the captcha locally after requesting it from the server, and then embed the local image from the client application, while storing any necessary session captcha data that will allow the captcha to be validated on post, assuming the user input is correct?
If the problem is that the captcha changes everytime you request it, just request it only once.
Can you offer any more clarification if this wouldn't apply to you?
It depends from capcha to another captcha. Maybe you need to use sessions or cookies or some captcha image filename. Show the page with that captcha.