Sort of a weird situation here. I'm building a backend and frontend which talks to a third party RESTFUL API that controls some hardware. The third party api is installed on your local system as a webserver, so to make HTTP requests you would direct them towards "localhost".
The main problem is after some changes the hardware has to be updated by logging into the webserver and clicking the "update hardware" button, this pushes all the newest changes to the actual hardware. Unfortunately the API doesn't have any default calls/commands for doing this.
After running through the files I found that I can refresh a door by simply making a GET request tohttp://localhost/IntelliM/DoorsConfig/DownloadChangeForAllDoors.ashx
If I enter this into my browser it updates the hardware perfectly.
The problem is that access to this page requires a login, which I've been trying to achieve through this code
/* update door */
router.get('/updatedoor', function (req, res) {
request.post({
headers: {'content-type' : 'application/x-www-form-urlencoded'},
url: "http://localhost/IntelliM/login/index.ashx?",
body: "password=admin&username=admin"
}, function(error, response, body){
//Here is where I would make a GET request to doorupdate mentioned earlier
console.log(body);
});
});
When I log the body, or have it displayed on a page, I get a large body response with most of it not really mattering besides these two lines:
Username: <input type="text" id="username" name="username" value="" />
Password: <input type="password" id="password" name="password" value="admin" />
It looks like the page isn't even getting my "username" value and just returning the body of the page I would get with only the "password" input filled in.
I'm trying to get it to log the page I would normally see after logging in, because then I would know the login worked and I could then make a GET request to the page I need to.
EDIT: For context the hardware is a door controller and the changes that have to be pushed are adding a user that can access a door.
EDIT FULL BODY:
<form id="loginForm" action="/IntelliM/login/login.ashx" method="post">
<fieldset id="loginFieldSet">
<legend id="loginFieldSetLegend">Authentication</legend>
<div id="loginFieldSetFields">
<p id="loginFieldSetUsername">Username: <input type="text" id="username" name="username" value="" /></p>
<p id="loginFieldSetPassword">Password: <input type="password" id="password" name="password" value="admin" /></p> <input type="hidden" id="ReturnUrl" name="ReturnUrl" value="/IntelliM/default.aspx" />
<p id="loginFieldSetButton"><input type="submit" value="Login" id="submit" /></p>
</div>
</fieldset>
<div id="loginFormRegister">Your system is licensed for Intelli-M Access</div>
Change url to /IntelliM/login/login.ashx and add change body to
form: {password="admin", username="admin", ReturnURL:"/IntelliM/default.aspx"}
Related
I am new to this whole concept, so I am sorry if I am asking a basic question.
My HTML page has following form element,
<form method="POST" action="/:user">
<label>user :<label>
<input type="text" id="user" name="user">
<label>password :</label>
<input type="password" id="password" name="password">
<button> Submit <button>
</form>
My part of nodejs code from server side when calling this post method is:
app.post('/:user',(req,res)=>{
console.log(req.params.user);
})
All excluding this HTML element are working fine.
In the above HTML code, let's say if I give user input some name as " john", my idea is that it should call the router mentioned in the below nodejs code on the server-side.
But the way it is working is, it is calling the '/:user' rather than calling the '/'.Please help me how to change the action in the form element in HTML above, so as to have the desired output. By the way, I'm using ejs framework for HTML.
Origin of the problem: In our flying club we are sharing an account to view different approach charts on a third party website. To access them, you have to login with your credentials and then click a button that will forward to a created link. I tried using that link directly, but it contains an MD5-Hash that will be newly created at every visit and I couldn't recreate the values that are used to generate it.
My idea: Since I have the login data for the third party website and I know under which ID I can find the according href-Link, I would like the user to able to click a button on my website which causes an auto-login on the third-party side, grabs the href-Link and forwards the user to the page.
Unfortunately I can`t seem to find an appropriate way to achieve that, as the login-form also creates and uses a CSRF-Token (see example below):
<form name="sLogin" method="post" action="https://www.example.com/sTarget/downloads" id="login--form">
<input name="sTarget" type="hidden" value="account">
<div class="register--login-description">Einloggen mit Ihrer E-Mail-Adresse und Ihrem Passwort</div>
<div class="register--login-email">
<input name="email" placeholder="Ihre E-Mail-Adresse" type="email" autocomplete="email" tabindex="1" value="" id="email" class="register--login-field">
</div>
<div class="register--login-password">
<input name="password" placeholder="Ihr Passwort" type="password" autocomplete="current-password" tabindex="2" id="passwort" class="register--login-field">
</div>
<div class="register--login-lostpassword">
<a href="https://example.com/passwordreset" title="Passwort vergessen?">
Passwort vergessen?
</a>
</div>
<div class="register--login-action">
<button type="submit" class="register--login-btn btn is--primary is--large is--icon-right" name="Submit">Anmelden <i class="icon--arrow-right"></i></button>
</div>
<input type="hidden" name="__csrf_token" value="j0LpIt1lwL4ya3UEc4C0ayDE3ZpJhd"></form>
Do you guys have an idea how to approach this problem? Can I somehow auto-login via PHP or JavaScript?
i have one website that generates a session id and opens another website in the context of this session id.i want one button to open the first site and than automaticaly login on the second site.
site 1:http://thisisanexample/example leads to http://thisisanotherexample/another
this opens the the first site and the second site is opened afterwards:
var myWindow;
function openWin() {
myWindow = window.open("http://thisisanexample/example");
}
</script>
after here i'm stuck. How could i submit the following Post request to site 2
<form action="http://thisisanotherexample/another/" method="POST" name="logonForm">
<input type="text" name="user" value="placeholder">
<input type="hidden" name="passwordnew1" value="">
<input type="hidden" name="passwordnew2" value="">
<input type="password" name="password" value="placeholder">
<input type="hidden" name="welcomescreen" value="1">
<input type="submit" value="Anmelden" name="cmd_login">
I hope you get what i mean :-)
You can use:
window.location.href = "http://www.example.com/otherSite?name=ferret";
to navigate to the second site while passing the username and possibly the password via a query string parameter. The second site will have some kind of method to accept these arguments and automatically log the user in. It's highly recommended that you encrypt the query string data somehow.
https://en.wikipedia.org/wiki/ROT13
This question already has answers here:
Using PUT method in HTML form
(10 answers)
Closed 7 years ago.
Sorry I have been a backend developer and my question may look dump; my apologies; I want to have a from and submit to an API endpoint which uses PUT method and based on that if the result is 200 or 400 I want to redirect to different pages; so what I have done so far:
<form class="form-signin" method="PUT" action="MY_API">
<h2 class="form-signin-heading">Please sign in</h2>
<input class="form-control" type="text" required name="email" placeholder="Email address">
<input class="form-control" type="password" required name="password" placeholder="Password">
<input class="form-control" type="text" required name="name" placeholder="name">
<button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button>
</form>
But after submitting it goes to the url from action as GET data, why is that?!
When I submit the page to the API endpoint I want to check the HTTP status code and based on that redirect to different pages.
Also, it is worth mentioning I'm open to any solution which is the fastest(in terms of implementation) and easiest one either pure javascript, JQuery,...
Thanks
The HTML form spec only allows GET and POST, any unknown methods go through GET. What you're going to need to do is create an XMLHttpRequest through javascript programmatically, and set it to PUT with a request body.
I am using Braintree for payment gateway and I have across an issue.
I am sending credit card information with other user details.
For security purposes Credit card information has to be encrypted and it is being done by Braintree by including following:
braintree.onSubmitEncryptForm('braintree-payment-form');
This works fine until I use pure javascript (AngularJS) in front-end and I'm seeing that data is not encrypted while sending to server,
Here is code:
<form name="paymentForm" ng-submit="submitUser(userDetails)" method="post" id="braintree-payment-form">
<p>
<label style="color:white">Name</label>
<input type="text" ng-model="userDetails.userName" name="userName" size="20" />
</p>
<p>
<label style="color:white">Email</label>
<input type="text" ng-model="userDetails.email" name="email" size="20"/>
</p>
<p>
<label style="color:white">Company</label>
<input type="text" ng-model="userDetails.company" name="company" size="20" />
</p>
<label style="color:white">Card Number</label>
<input type="text" size="20" ng-model="userDetails.number" autocomplete="off" data-encrypted-name="number" />
</p>
<p>
<label style="color:white">CVV</label>
<input type="text" size="4" ng-model="userDetails.cvv" autocomplete="off" data-encrypted-name="cvv" />
</p>
<p>
<label style="color:white">Expiration (MM/YYYY)</label>
<input type="text" size="2" ng-model="userDetails.month" data-encrypted-name="month" /> / <input type="text" size="4" ng-model="userDetails.year" data-encrypted-name="year" />
</p>
<input type="submit" id="submit" />
On form submit, I am sending data to server.
$scope.submitUser = function(userDetails){
$http({
url: '/createtransaction',
method: 'POST',
data: JSON.stringify(userDetails),
headers: {'Content-Type': 'application/json'}
}).success(function (data, status, headers, config) {
// success
}).error(function (data, status, headers, config) {
//error
});
}
Is there anyway I can encrypt card details?
The question is "why is the AJAX request data not encrypted by Braintree JS", and the answer is nothing to do with HTTPS.
Yes, HTTPS is required to encrypt traffic in production - and in this case it will encrypt the already encrypted card data - but HTTPS is neither the question nor the answer here.
If you look at the Braintree documentation (Example here) you'll note that each input in the example form has added an attribute data-encrypted-name:
<input type="text" size="20" autocomplete="off" data-encrypted-name="number" />
The documentation then points out this code:
braintree.onSubmitEncryptForm('braintree-payment-form');
When the form is submitted, code in braintree.js is invoked, inspects the form, looks at the plain text in each marked input, encrypts it, save those encrypted values according to the data--encrypted-name attributes, and then that encrypted data is used when the form is transmitted via HTTP/HTTPS.
In the AngularJS example code above, the OP does include the data-encrypted-name attributes on some of the inputs (I don't know if it needs to be on all of them) but just labeling the input is not enough. The function to encrypt the raw input values (or in this case, the model data) still needs to be invoked, and then that encrypted model can be sent in a POST back to the server.
Said another way, the problem implementation:
Form builds a model
Model sent via HTTP to server
The corrected implementation would be:
Form builds a model
Braintree.js invoked to encrypt some parts of the model.
Encrypted model is sent via HTTP (or HTTPS in production) to server
Here's a plunkr someone else did showing one way to encrypt AngularJS model data on the fly:
http://plnkr.co/edit/2kF9Im?p=preview
If it were me, I'd just call braintree.encrypt() on each field immediately prior to submitting the form rather than on every keypress - or modify the directive to work on the form at submission time.
If your html page is accessed using HTTPS then your form submission will be (unless otherwise specified) be HTTPS. If you want to ensure that HTTPS is used, then you would need to do something on server to disallow HTTP for this particular page.