I can not figure out how can i pass session credentials to and etherpad pad. I always get a message from the etherpad pad like "You do not have permission to access this pad"
Everything i do is according to http://etherpad.org/doc/v1.5.1/#index_example_1 and i can not figure out how can i start a session for a user, having done all the previous steps successfully of the example 1 in the link above.
You need a set a cookie with the key sessionID and the value containing the sessionID received by the createSession api.
To test this, I created the cookie using chrome developer tools by running the following in the console:
document.cookie="sessionID=s.XXXX"
After this I was able to access the pad located at /p/g.fcXsYTpiNlJMwX35$samplePad. Your padID will be different.
Related
I am extremely new to UiPath. I have inherited a project from an experienced UiPath developer. I am trying to find the username and password he uses to login to a specific app. Because the project is not working when executing in the development environment, it is possible the password has expired. I am on the machine he used to develop the project, but logged in under my name. I have found the process that does the "Get Credential". I am using a message box to show the username at this point. When I run the process The "Get Credential" activity returns the error "you are not authenticated Error Code:0" I have researched the error and found several answers as to why it is happening, but not what to do to either fix my problem or get around the problem. The UiPath.systems.Activites version used is 21.4.1. I am aware of the concept of the CredentialStores, but can't seem to find the one used for this project. Where would I find the name of the credential store used? How do I find the username? I need to test the change I made for a user request.
I am going to close this question as I have determined the correct password for what I needed to do. I have no need to get into the credential stores for a password.
Credential stores and password were not the actual issue with the error I was receiving. The error "Loading asset PreAuth_Citrix_FolderName failed:
You are not authenticated! Error code: 0" by referencing the word authenticated, I assumed it had to do with passwords. As I did more research I found the issue to be the new security certificate installed on our web server. While orchestrator recognized the new cert, the Identity Server was not updated with the new thumbprint. I found the information I need at this link https://forum.uipath.com/t/get-asset-you-are-not-authenticated-error-code-0/343910. Once I updated the Identity Server thumbprint, I no longer received the error and my jobs ran. (not successful, but at least they ran past this error!)
I'm very new to python scripting and anything online in general, but I wanted to start somewhere interesting so I came up with a goal to write a simple desktop .py file that everytime I run just simply posts 'Hello World' to my facebook wall under my name.
In the end, I managed by just hardcoding (to my knowledge) a User Access Token and using the facebook graph under that token
facebookGraph = facebook.GraphAPI(access_token="qwertyuiop")
fb_response = facebookGraph.put_object("me", "feed", message="Hello World")
now the docs say that the User Token's lifetime is quite short and I don't really like the idea of having to manually going in and copying it into my program (even if its at every 2 hours or 2 months) so I made a second attempt by instead fetching an App Token to which I enabled every permission to access my account
def FetchAppAccessToken(app_id, app_secret):
headers = {'grant_type': 'client_credentials', 'client_id': app_id, 'client_secret': app_secret}
response = requests.post('https://graph.facebook.com/oauth/access_token?', params = headers)
logging.debug(response.text)
return response
#then.. get the right substring within response and use the graph as before
but I'm always met with
facebook.GraphAPIError: An active access token must be used to query information about the current user.
I thought that maybe using the User Token was the way to go, but after several hours of trial and error including trying to get the User Token by supplying an email and password, I read that it was not possible at all without user interaction. So going back to App Tokens and more reading. I came across using PHP within Python or creating a Login Flow with OAuth/OAuth2 (which I have neither experience with) to retrieve a token that I can use, but I'm starting to feel like I'm getting off track on what I'm supposed to be using.
Is there a simpler way like providing email and password to a file that as long as its in my desktop would accomplish that task?
Also, I'd like to avoid opening any browser and click simulations to do it (if its even possible that way).
Not sure if this is the most efficient answer, but I managed by using App credentials to authenticate my login, but instead of passing it through requests, I had it go through a WebWidget to emulate a browser in which the URL would include the code or token, close the window after retrieving the value and use it to create the facebook graph and run it like normal.
facebookGraph = facebook.GraphAPI(access_token=accessToken["access_token"], version=2.7)
facebookGraph.put_object(parent_object='me', connection_name='feed', message='Hello, world')
Unfortunately it does have to go through a pseudo browser.
I haven't tried this yet but,
On the other hand, if theres a user already logged in, you could check cookies if a user is already logged in and exchange the code for an access token and just do a browser login if theres none. This way the webwidget doesnt need to popup every time the program is run.
I am using the Twebbrowser in Delphi (2009) to log into cpanel on my ISP and add a new remote host IP address for a MySQL database. The user name and password are filled in by code as is clicking the submit button, using code gleaned from several places here.
Navigating directly to the hosts page causes the cpanel login page to be shown first. My program detects this and logs me in.
This uses a line like
WebBrowser1.Navigate'https://thedomain.sgcpanel.com:2083/cpsess1819495779/frontend/Crystal/sql/managehost.html');
which reaches the hosts page OK but I notice that the security token (cpsess1819495779) is changed to something else each time, presumably being supplied by the login page.
However if I try to login first as a separate operation and then navigate to the hosts page using
WebBrowser1.Navigate('https://thedomain.sgcpanel.com:2083');
followed by
WebBrowser1.Navigate'https://thedomain.sgcpanel.com:2083/cpsess1819495779/frontend/Crystal/sql/managehost.html');
I get a server message saying the url for the hosts page has an invalid security token - presumably the cpsess1819495779 bit
Question
How can I use Twebbrowser to get hold of the security token generated by the login page in order to use it to build the correct url for the hosts page so that I pass the correct security token each time.
It's probably something to do with cookies etc but I don't know how to deal with those (yet)
BTW as the Twebbrowser is not visible I did spend quite a few days trying to do the same thing using Indy's TIdHTTP but have given up with that as am getting too many errors I can't sort out.
I may as well answer this myself to close the question and maybe avoid any more down votes for posting a question after extensive research failed to produce the answer and that was framed without much of my code for brevity.
The API documentation for cpanel (the application used by many ISPs to manage MySQL, email etc) is here: https://documentation.cpanel.net/display/SDK/Guide+to+cPanel+API+2
part of that says
Security token After you log in to your server, it automatically appends a security token to the URL for your session. Security tokens
help prevent authorized use of a website through XSRF (Cross-Site
Request Forgery). Security tokens contain the string cpsess and a
10-digit number.
Logging in manually in IE / Chrome etc. does indeed show the token eg cpsess1819495779 inserted into the original url that was navigated to. So if I navigate to
https://thedomain.sgcpanel.com:2083/cpsess0000000000/frontend/Crystal/sql/managehost.html
(to logon to cpanel), the part of the url displayed in the browser after cpsess gets changed to something like this, where the number changes each time.
https://secureukm11.sgcpanel.com:2083/cpsess1819495779/frontend/Crystal/sql/managehost.html
However, using Twebbrowser to show that modified url using
memo1.Lines.Add(WebBrowser1.LocationURL);
or
ShowMessage('URL: ' + Webbrowser1.OleObject.Document.Url);
simply shows the original url with the zeros, not the real security token.
So the answer to my question seems to be it can't be done in Twebbrowser as the url is only changed at the server and and the security token is not transmitted back to the browser.
I've started a project to scrape my work's employee website to scrape the user's (in this case, mine) schedule and munge the data onto a google calendar. I've decided to go with Perl with LWP.
The problem is this, when trying to set up SSL negotiations I don't know what do put for the 'realm'.
For example: (http://www.sciencemedianetwork.org/wiki/Form_submission_with_LWP,_https,_and_authentication)
# ...
my $ua = new LWP::UserAgent;
$ua->protocols_allowed( [ 'http','https'] );
$ua->credentials('some.server:443',**'realm'**,'username','password');
# ...
I've looked at everything my browser can tell me and at a wireshark packet capture trying to find anything but to no avail. I assume that second argument to credentials() isn't optional.
Where do I find the 'realm' I'm supposed to use?
The credentials are for the HTTP authentication protocol (RFC 2617) (Wikipedia).
The server can challenge the client to authenticate itself. This response contains a string called “realm” which tells the client for what authentication is required. This allows the same server under the same domain to request authentication for different things, e.g. in a content management system where there might be an “user password” and an “administrator password”, which would be two different realms.
In a browser, this realm would be displayed alongside the username and password box which allows the user to type in the correct password.
To discover the realm, navigate to a page which requires authentication and look for the WWW-Authenticate header.
Note that HTTP authentication has become quite uncommon, with session cookies being used more often. To deal with such an authentication scheme, make sure that your LWP::UserAgent has an attached cookie storage, and then navigate through the login form before visiting your actual target page. Using WWW::Mechanize tends to make this a lot easier.
I'm writing a unit test for a middleware that relies on persistent sessions in connect. (namely connect-mongo).
I'd like to create a fake session, but can't seem to figure out how.
I have a connect.sid cookie in my browser that I assume correlates to the _id in my sessions collection in some encrypted manner.
Here's what I tried:
I added in the cookieParser middleware and a session store to a server, then used the following request to send it up to the server (copied the key from chrome's dev tools panel):
var jar = request.jar(),
cookie = request.cookie('connect.sid=<REALLYLONGKEY>');
jar.add(cookie);
request({url : 'http://localhost:8585/',jar : jar},this.callback);
that correctly set the cookie on the server side, and I have verified that sessions are working.
However, the magic conversion from cookie to session didn't happen as I had hoped - what's the correct way to do this?
Setting the cookie on the server would only work if a session with that ID exists. Who created the session in the first place?
I can tell you what I did on my server. I wanted to create tests that simulate the client side and send requests to the server. I needed a way to authenticate the clients. My server allowed authentication based on Google OAuth. However, I did not want to go through the trouble of teaching the clients to sign into a Google account.
My solution was to implement an alternative method for signing in to my server - using nothing but a username. This feature is only enabled during testing and disabled for production. My test clients can now sign in without a problem. They receive the cookie 'connect.sid' as a result of the sign-in and send it back to the server in subsequent requests.
I too used request.jar() to create a cookie jar for my requests. I should note, however, that this is only necessary if you are simulating more than one client at the same time and need a separate cookie jar for each client.