I am trying to enter a password into a Citrix window using global send key events and the username works fine, but I cannot send a password as is. My guess is that I would need to create individual key events for each special character, but that would reveal too much of the password in the design of the action.
Is there another approach?
I don't know how it is specifically with Citrix, but I do know RDP blocks certain SendKey events as a security precaution. In either case, you should be able to leverage AutoHotKey via command-line to get around it.
So you need first to create the object to accept the pass that will be inserted into the field. In the start of the object insert the pass as text, do all the required steps and in the process collect the dynamic pass and import it into the object (when you create the action by assigning the right business object, that you created already). Hope I made my self clear.
Then in the Global Send Keys Events action put the variable of the pass you want to type and that is it.
Related
Used "^%{L}" for performing cntrl+Alt+L in BluePrism but the required window is not opening up, the command is working fine in general when executed manually.
First of all, you need to make sure that you are following the appropriate steps to send keys to an application. The recommendation is to first activate the application (this ensures the keys are sent to the proper application), then use a wait stage (this ensures that BluePrism is sending the keys at the right time; i.e. when the application is ready to accept keys), then use the navigation stage on the root application where the send keys is located, something like this:
(If you are typing in a specific field in the window, then use an additional Focus navigation stage on the Field itself before sending keys).
Within the navigation stage, you have two possible options to send keys:
Global Send Keys
Global Send Key Events
Global Send Keys
You can find the official guide (section 10.2) on the BluePrism portal. It doesn't really detail the sending of combination keys for Global Send Keys, but you really have to do it like this:
^(%l)
Do note that if you send ^(%L), this is similar to sending Ctrl+Alt+Shift+L. The parens indicate that for the keying of %l, Shift is held down. The above is equivalent to ^(%(l)). Normal keys do not require braces either, and they cause issues if used in Global Send Key Events (i.e. {L} means Shift+L in Global Send Keys, but will give you an error in Global Send Key Events).
The relevant part of the guide:
So what you were doing with ^%{L} didn't really make sense to BluePrism. It was probably sending Ctrl+Alt, then separately Shift+L (I cannot really confirm this, but this is my guess following testing on BluePrism which definitely show it doesn't work, however).
Global Send Key Events
You can find the documentation in the same guide and section I linked earlier. This time, it does show exactly how to send combination keys, so for your case, the other option with Global Send Key Events will be:
<{CTRL}<{ALT}l>{ALT}>{CTRL}
I don't really like Global Send Key Events because it's longer to type and you have to be careful about more things, but essentially, it becomes easier if you type the opening and closing syntax before proceeding with the next key. For example to do the above, it's easier to first type <{CTRL}>{CTRL}, then insert the ALT part in the middle: <{CTRL}<{ALT}>{ALT}>{CTRL}, then insert the l (do note here that l and L are equivalent here, which is also weird considering that they are not in Global Send Keys).
I presume that it's a GLOBAL SEND KEY EVENT value that you're looking for.
This is shift+I action value:
"<{SHIFT}I>{SHIFT}"
I would try for ctrl+Alt+L maybe something like this:
"<{CTRL}{ALT}L>{CTRL}"
the "<" & ">" is Push down & Release
Global Send Keys is going to send the keys to whatever application has focus on screen, so I would recommend:
Set focus on the desired window by either using a Navigate stage to "Activate Application" or "Global Mouse Click".
Use Global Send Keys
Keep in mind that a Global Mouse Click could again result in something unexpected as its sending the event directly to the screen, and another application/window might be covering the area you've just clicked.
For more info on Global Send Keys and Global Send Keys Event I would read the BluePrism manual for this: Send Keys and Send Key Events
It might also be worthwhile studying some surface automation principles as it can help get you a better understanding of what these Global actions are doing: Introduction to Surface Automation
Activate the application using navigate stage.
Add a 1sec wait between activate and send keys.
Use global send keys event. <{ctrl}<{alt}L>{alt}>{ctrl}
Ensure you are using the root element in Application Modeller (the first at the top of the list) and not any of the child elements. Use a navigate stage with that element and either Global Send Key or Global Send Key Event action. The syntax "^%{L}" is otherwise correct, although you don't say what is it that you are trying to automate (Excel, Word, IE, Citrix...??).
Try to use Global SendKey instead of G.S.Events. I.e. SHIFT+HOME = "+({HOME})"
regular brackets needed for blue prism to understand where to release Shift ("+").
Currently I'm facing this issue after implementing SecurityManager. A simple gist of what I did was, create an object with populated values if an user logins. If another user logins, I would overwrite one specific variable in the previous user's object. Then I proceed to stop server and starts it again. When I check through pulse, my two objects are there as expected but that one specific variable reverted to its initial value before the second user logins. It's the same for subsequent users. Any helps are appreciated.
Requires region.put(retrieved object's key, the retrieved object) back instead of just object.setVariable().
I am using cucumber in combination with selenium for testing the java web application. The following is the Scenario that we have
get generate PIN page
enter user name
enter password
click on submit button
Now it generates a PIN in the database depending on so many calculations. now i need that particular PIN, to give it as an input to a different scenario. how can i achieve this? Thanks in advance.
I would assume that you can access the PIN within the database after the above scenario. That being the case, I would add one more step to the scenario that acquires - and confirms - that the PIN was indeed generated. At that point, you can store the PIN in a local variable and then use it within the next scenario.
So your first scenario would look like this:
Get generate PIN page
Enter user name
Enter password
Click on submit button
Confirm PIN number in database
The last step would not be done within Selenium, but via an API call or some other means to acquire the PIN from the database. It would confirm the PIN (e.g.; regex=/^\d{4}$/) and then store it in a local variable, say something like #customer_pin (assuming you're using Ruby).
Your next scenario would start off something like this:
Get generate login page
Enter customer ID
Enter customer PIN
etc
When you hit the "Enter customer PIN" step, you pull it from the locally stored variable (#customer_pin).
My advice is that when executing this second scenario, you confirm that you have a legitimate PIN within your locally stored variable, in case someone should run this scenario out of sequence. You could do this by using a global variable and running a "Before" hook in your features/support/env.rb file like this:
Before do
$dunit ||= false
return if $dunit
$customer_pin = nil
$dunit = true
end
In this case, I use $customer_pin instead of #customer_pin in order to make the variable globally accessible. Then after running your first scenario, $customer_pin would be assigned to a legitimate value so that it can be used in any subsequent scenarios. Subsequent scenarios would use the regex expression to confirm it has a legitimate value, and raise/throw an exception if not.
I would divide your problem into two.
One that verifies the pin generation as this may be important for your stakeholders.
One that implement a backdoor to support other cases where a valid PIN is needed. Maybe an API that is able to generate or retrieve a valid pin number. Maybe create and store the PIN in the database without touching the system from the outside. I would use this way to retrieve a PIN whenever I need a valid PIN for other scenarios.
The technical solution on how to get a valid PIN isn't too important. What is important is to decouple the execution order of the scenarios. The execution order of the scenarios is undefined. Each scenario must be able to be executed in isolation and in random order.
Coupling scenarios is a well known anti pattern described here and here.
To Solve this kind of situation you have to use Cucumber Background feature, This is run before each step. and will generate a PIN based on given inputs and then generated PIN will be available across the scenarios.
Find feature file definition based on your requirements.
Background:
Given I Get generate PIN page
Then I Enter user name
And Enter password
And I Click on submit button
And I Confirm PIN number in database
#TC01_GetUserInformationByPinTest #NoBrowser
Scenario: Get User information by generated PIN from background.
Given I Get User Information by using generated PIN
And I verified that given username is same as response Data
I believe this will help you to solve your issue.
Actually, i have this url http://mydomain.fr/user/1 in my web application. I think it is not very safe
I would hide the id which is auto_increment.
To not be able to do that:
http://mydomain.fr/user/1
http://mydomain.fr/user/2
http://mydomain.fr/user/3
http://mydomain.fr/user/4
http://mydomain.fr/user/[...]
I do not know which technique to use...
Hash MD5 stored beside primary key
UUID / GUID
I use MySQL.
You should restrict access to URLs based on authentication. Just making it 'hard to guess' an ID will not prevent someone from accessing another user's page or, e.g., deleting an unexpected user. Basically, anyone will be able to access any URL unless you provide some access control.
I think generate a random unique string for a user is the best way.
simply use sha1 hash should be ok.
There is no way properly to hide it, you can generate unique ID with a long random hashed string, it's harder to guest. Basically that won't prevent someone to access other's ID.
OP may be concerned with divulging the primary keys because it could leak information into how many of a certain resource exists.
For example, if he is building a web app and someone creates an account and sees a url of domain.fr/user/23 they will know they have created an account on an application with low adoption.
My suggestion would be to either use a GUID value as suggested above or a username that is constrained to be unique.
If you use a GUID, it will look ugly, but make sure to not just use the beginning part as you could greatly increase the chance of collision since the first 60 bits are based on the timestamp.
If you use a unique username, your url would instead look like domain.fr/user/username
I know this is easily done on RoR.
I'm new to the Zend Framework and I have a problem to create an edit form with the Zend_Form.
My problem is that I need to store the entry ID during editing, I've seen some examples that are using a hidden form field, but a hidden field can be manipulated by a user.
So: how can I set a form field which gets populated by $form->populate($data); and is available after submiting the request but is not editabel/visible to the user in any way?
Thanks for any help!
I'm not sure if there's really a point in trying to hide the value.
Consider the following:
To display the correct editor form, you need the ID of the object that is to be edited.
Before allowing the user to edit a certain ID, you would check if the user can edit it or not.
Thus, if you put the ID in the form, it shouldn't really matter:
When you POST the edit form, you should again check that the user can still edit the ID.
If the user changes the hidden ID, it doesn't really matter. They could still go and edit the other ID by finding it on the site. (This is assuming your check didn't tell you the user does not have access)
what kind of data you wanna hide?
data should be in post or get.if you dont put your data in your form,then you will have to use GET which is less secure than POST.
If you have some data and you dont want the user to see those data,then you should not put those data in a form.you can store and retrieve hidden data using forms submitted values.lets suppose your hidden field is users password.you dont need to send password back to the client when client is editing the form.you can manipulate password in your controller according to the user`s submitted first name and last name.
If you still insist, you may wanna try encrypting data using ZF and echo ing your value and setting encrypted data into a hidden form element.
Zend_Form generates an HTML form element with the form elements you specify. So its element capabilities are narrowed to a simple HTML form.
The hidden form element is used to pass those data that the user is not supposed to enter by hand. But as you yourself said it, there is no guaranty it could not be tampered. so no security is provided by using a hidden form value.
Most of times you'd better use server side values (like stored in sessions) to reference to values that are to be protected from user.
I suggest you keep the ID in a session value, and then you could use the session key in the hidden form field. this way the user can not change the target ID. However you are not able to use the $form->populate($values) on this in one step. you would have to set the target value with other steps:
fetch data from the session
set the form element value with the fetched data