Chrome Extension: popup.html closes and opens response in a new tab? - javascript

I've got a login form on my popup.html which calls the following function...
chrome.extension.sendRequest({
req: "login",
user: username,
pass: pass,
remember: remember
}, function(response) {
console.log("RESPONSE RECIEVED HOOORAH!");
});
this function in turn goes to the following switch statement in my background.html..
do_login(request.user, request.pass, request.remember, false, true, function(response){
if(response == true){
sendResponse("success");
}else{
sendResponse("badLogin");
}
})
the following is the contents of do_login. During the execution of do login my popup.html randomly closes and reopens in a new tab, the code is completed there and I'm logged in. Why is this happening?
var xhr = new XMLHttpRequest();
xhr.open("GET",requrl,true);
xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded;charset=utf-8");
xhr.onreadystatechange = function(do_login){
if(xhr.readyState == 4){
if(xhr.status == 200){
console.log(xhr.responseText);
try{
//Incase they were just logged in as another user.
createContextMenu();
//users info.
var resp = JSON.parse(xhr.responseText);
if(resp.default === void(0)){
logOut();
callback(null);
}
default = resp.default;
for(var i=0;i<resp.s.length;i++){
globalStaks[i] = resp.s[i];
}
st = global;
bud = resp.bud;
msg = resp.msg;
stakid = resp.default;
}catch(x){
// This situation is where you have incorrect password
console.log("something is wrong with logging in ")
clearLoginInfo();
console.log("Incorrect password");
}
if(resp.msg == "denied")
{
clearLoginInfo();
callback(false);
}
else
{
loggedIn = true;
user = username;
userid = resp.userid;
if(refresh){
refreshpage();
}
if(notificationdisplay){
notification.cancel();
}
if(remember)
{
clearLoginInfo();
storeLogin(username,pass);
}
localStorage.setItem("pass",pass);
md5 = pass;
callback(true);
}
}else {
callback(false);
}
}
}
xhr.send(null);
EDIT
It appears as the last error recieved background.html throws.. Attempting to use a disconnected port object
full trace is...
Uncaught Error: Attempting to use a disconnected port object
chrome.Port.postMessagechrome/RendererExtensionBindings:147
chromeHidden.Port.dispatchOnConnect.connectEventchrome/RendererExtensionBindings:89
sendResponse.reply background.html:1266
xhr.onreadystatechange

The code and data in a popup is ephemeral, in that as soon as the popup closes the associated code closes with it, therefore any callback from say a background page to the popup will fail (there is nothing to call back to).
You need to find what is opening the new page (not all your code is included in the question - what does createContentMenu do?). Desktop Notifications can cause you to lose focus and thus potentially close the popup.
Also make sure you catch the form submit in your popup and then pass the request through XMLHttpRequest (or use an embedded imframe to host the form), as form submission in a popup doesn't work as you might think (you page will not update inside the popup).

Related

Restrict user from visiting a page without logging in using javascript

I have made a register form, from where data is getting stored into the local storage. Only after user logs in successfully, it redirects to success.html or else takes user back to the login page. I have added the following script at the head of success.html-
<script>
if (localStorage.getItem('status') != null)
{
//redirect to page
window.location.href = "success.html";
}
else
{
//show validation message
window.location.href = "login.html"
}
</script>
and following is my login validation function-
//Storing data from local storage into an array of objects
var usersdata = JSON.parse( localStorage.getItem('key_users' ) );
function loginvalidate()
{
usersdata = JSON.parse( localStorage.getItem('key_users' ) );
var usernameinput = document.getElementById("username");
var passwordinput = document.getElementById("password");
for(var p in usersdata)
{
console.log(p+':'+usersdata[p].username+'|'+usersdata[p].email);
if(usernameinput==usersdata[p].username && passwordinput==usersdata[p].password)
{
alert("Logged in successfully");
}
}
jQuery(window).load(function() {
localStorage.setItem('status','loggedIn')
});
}
Here, I am unable to set the status to 'loggedIn' and if I set it manually through console the success.html keeps on loading just like running any infinite loop.
The loop is occurring because of the following condition on the success page. It redirects even when you are at the success page and thus the loop.
if (localStorage.getItem('status') != null)
{
//redirect to page
window.location.href = "success.html";
}
Change it to
if (localStorage.getItem('status') == null)
{
//show validation message
window.location.href = "login.html"
}
P.S. I do highly recommend not to use localstorage to send the username and password to the clientside. It breaks the whole point of authentication and authorization services even existing.

Google Smartlock: what to do when PromiseStatus: pending via Javascript in console

we are integrating Google Smartlock. Every time we run the JS code to enable Smart lock on 1 screen it does nothing at all. And when we trigger it manually we only see this in console log.
Promise {[[PromiseStatus]]: "pending", [[PromiseValue]]: undefined}
javascript is like this
<script>
window.onload=function(e){
var debug = true;
var always = function() { console.log('Promise resolved: but dont understand how should process: we want/need to login') }
navigator.credentials.get({password: true, unmediated: true, }).then(function(cred) {
if (cred) {
if (cred.type == 'password') {
var form = new FormData();
cred.additionalData = form;
var url = 'domain.com/login';
fetch(url, {method: 'POST', credentials: cred }).then(function(response) {
if (response.status == 202) {
if (debug) { console.log('Login success; reload stopped'); exit; }
window.location.reload();
}
if (debug) { console.log('Server status: ' + response.status); }
return;
}).catch(function(err) { console.log('Smartlock Ajax error:'+ err);
}).then(always, always);
} // can add federated here
} else if (typeof cred === "undefined") {
// user clicks cancel or no credentials found
var expiry = new Date(); expiry.setDate(expiry.getDate() + (1/3600*30));
document.cookie="dontshowagain=true; expires=" + expiry.toGMTString();
}
});
}
</script>
Question: Does anyone know what is happening here?
I tested with 1 saved passwd, with 2 saved passwd's. We do see the small key icon next to the URL in Chrome. But it doesn't popup or do anything.
Help/advise appreciated
References:
https://support.google.com/accounts/answer/6160273?hl=en
It looks like you're requesting unmediated: true which forces the browser to not show the account selector UI.
When you have more than one credentials stored or one credential that requires user mediation, get(...) returns undefined unless you allow the mediation (unmediated: false which is default).
Note: Your credentials should require mediation when the user signs out of an account (navigator.credentials.requireUserMediation()).

Promise to execute a particular code first

I have the following scenario. Actual Page loading starts, user login is checked for authentication. If access granted, actual page loading completes and user can access the page. If access denied, actual page loading stops and user is redirected to 'access denied' page.
Infact the scenario should be like this. User authentication is checked. if access granted, actual page loading starts and user can access page. If access denied, user is directly directed to 'access denied' page.
can someone tell me how to include promise for this scenario. current code is as follows.
$q.when().then(function () {
return $rootScope.$emit('resetView', false, 'default');
}).then(function (result) {
loadNavBar(); //actual page loading starts here
}, function (error) {
$log.error("Caught an error:", error);
return $q.reject('New error');
});
the below function is loadNavBar() which gets executed. User authentication is done inside of this. Hence page loading starts and then user is checked. I want user to be checked first itself and then load page accordingly depending on his access rights.
var loadNavBar = function () {
//few functions here to display page.
//below code to check user authentication
var serviceURL_CheckUserExists = '/api/Pre/CheckUserExists';
//ajax to check if user exists in database. give/ deny access based on user present in DB and if user is set as blockuser in db.
$.ajax({
type: "GET",
url: serviceURL_CheckUserExists,
}).then(function (response) {
if (response.Results.length == 1 && response.Results[0].BlockUser == false) { //user has access if condition is satisfied.
$rootScope.myLayout.eventHub.emit('getUserName', response.Results[0].User_ID.trim());
$scope.role = "";
var details = response.Results[0];
for (var parameters in details) {
if (details[parameters] == true) {
$scope.role += parameters + ',';
}
}
$scope.role = $scope.role.replace(/.$/, ".");
var firstname = response.Results[0].FirstName;
firstname = firstname.replace(/\s/g, '');
$scope.$apply(function () {
$scope.username = response.Results[0].FirstName + " " + response.Results[0].LastName;
});
}
else { $window.location.href = '../../../BlockUser.html'; } //block access to actual page and redirect to 'access denied' page.
}
}
});
};
i think that the right approach to your problem is to use resolve property in the route, so the user can't navigate to certain pages if he isn't logged in and once he logged in you can inject the user object to the controller
for example to navigate to home page you must be logged in
.when("/home", {
templateUrl: "homeView.html",
controller: "homeController",
resolve: {
user: function(AuthenticationService){
return AuthenticationService.getUser();
}
}
})
app.controller("homeController", function ($scope, user) {
$scope.user = user;
});
https://www.sitepoint.com/implementing-authentication-angular-applications/
Here's a quick example of hiding the content until the user is authenticated to see it. Click the 'authenticate' button to trigger the function that you would run if the user is authenticated by your ajax call. Showing the content can be done with a fuction like:
function userIsAuthenticated(){
document.getElementById('pageContent').style.display = 'block';
}
See JsFiddle for a simple implementation.

FB.logout with server side code session cleanup

I need to fire my server side code after calling the FB.logout from Facebook JS sdk. Here's how my html looks
<asp:LinkButton ID="lbtnSignOut" runat="server" Text="Sign Out" OnClientClick="return Logout();" OnClick="lbtnSignOut_Click"></asp:LinkButton>
and the js code
function Logout() {
var currentToken = "<%= Session["AccessToken"]%>";
if (currentToken != null && currentToken != '') {
FB.logout(function (response) {
});
}
return true;
}
and subsequently in the server side code, i clear out all application specific session and signs the user out using FormsAuthentication sign out call and redirect to different page.
Now the problem is, the moment I return true from the js function, the server side code fires without waiting for fb.logout to complete the call and the user token does not expire and user is automatically logged back in the FB.Event.subscribe('auth.authResponseChange', function (response) {}; call in the page load which i have picked from standard code.
FB.Event.subscribe('auth.authResponseChange', function (response) {
if (response.status === 'connected') {
//SUCCESS
//the user is logged in and has authenticated your
// app, and response.authResponse supplies
// the user's ID, a valid access token, a signed
// request, and the time the access token
// and signed request each expire
var currentToken = "<%= Session["AccessToken"] %>";
if (currentToken == null || currentToken == '') {
// Handle the access token
// Do a post to the server to finish the logon
// This is a form post since we don't want to use AJAX
var accessToken = response.authResponse.accessToken;
var form = document.createElement("form");
form.setAttribute("method", 'post');
form.setAttribute("action", '/facebookLogin.ashx');
var field = document.createElement("input");
field.setAttribute("type", "hidden");
field.setAttribute("name", 'AccessToken');
field.setAttribute("value", accessToken);
form.appendChild(field);
document.body.appendChild(form);
form.submit();
}
}
else if (response.status === 'not_authorized') {
//FAILED
console.log('User cancelled login or did not fully authorize.');
}
else {
//UNKNOWN ERROR
console.log('Logged Out.');
}
});
};
while if i set the value to false, user is logged out from facebook but my custom code does not fire.
So my question is how to call the server side code after the facebook js sdk logout code has fired?
Any help or pointers will be much appreciated!!!
Paritosh
Put the return true inside the function(response){} block, so that is only called when the FB.logout call returns

How do I save user email as a variable when someone installs the extension?

In my bookmarking extension, I need to send the gmail address of the user to google app engine in order to write the bookmark to the database as the user as "owner".
My understanding is that I cannot use a popup because I have a background page (I remember reading about this but I could not find it again). I am also reading the installation process in Chrome store. I would appreciate if anyone can direct me to the right place in the documentation.
I copy my background.html below with the variable extension_user included. How do I get this variable from the user when they upload the extension? This is my previous question.
<html>
<script>
chrome.browserAction.onClicked.addListener(function(tab) {
chrome.tabs.getSelected(null, function(tab) {
// Send a request to the content script.
chrome.tabs.sendRequest(tab.id, {action: "getDOM"}, function(response) {
var firstParagraph = response.dom;
var formData = new FormData();
formData.append("url", tab.url);
formData.append("title", tab.title);
formData.append("pitch", firstParagraph);
//***the variable with user email to send to backend:***//
//formData.append("extension_user", extension_user)
var xhr = new XMLHttpRequest();
xhr.open("POST", "http://ting-1.appspot.com/submithandlertest", true);
xhr.onreadystatechange = function (aEvt) {
if (xhr.readyState == 4) {
if (xhr.status == 200){
console.log("request 200-OK");
chrome.browserAction.setBadgeText ( { text: "done" } );
setTimeout(function () {
chrome.browserAction.setBadgeText( { text: "" } );
}, 2000);
}else{
console.log("connection error");
chrome.browserAction.setBadgeText ( { text: "ERR" } );
}
}
};
xhr.send(formData);
}); //chrome.tabs.sendRequest
});
});
</script>
</html>
You can use both a popup and background page in a single extension. A lot of my extensions use both... Use the background page to communicate and save data for your popup page...
You can prompt your user to save their email address on install in your background page as follows:
<script type="text/javascript">
addEventListener('load', function(){
var MAJOR_VERSION=1.0;
if(!localStorage.updateread||localStorage.updateread!=MAJOR_VERSION)
{
var email=prompt("Enter the Email Address : ")
localStorage["Email"] = Email;
localStorage.updateread=MAJOR_VERSION
}
}, 0);
</script>
This script will only run when you first install the extension. And the users email address will be saved in the extensions LocalStorage until they uninstall... Calling this variable will now work in both your background page and your popup page...

Categories

Resources