Skip to content

Login problems #18

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
trajekolus opened this issue May 30, 2017 · 3 comments
Open

Login problems #18

trajekolus opened this issue May 30, 2017 · 3 comments

Comments

@trajekolus
Copy link

trajekolus commented May 30, 2017
edited
Loading

Hi

WHen running the code below with:
DEBUG=csrf node csrfloginshort.js
I get hints of success:
csrf trying to login 72352249 +5ms csrf success login to undefined +52ms csrf jar RequestJar { _jar: CookieJar { enableLooseMode: true, store: { idx: { 'blablaserver.internal': { '/': { clientsession: Cookie="clientsession=uirs7e3lv6jrug24s8g37tjvt2; Path=/; hostOnly=true; aAge=50ms; cAge=113ms" } }, null: { '/': { csrftoken: Cookie="csrftoken=a9745bba2dd251258eaf02634d954754f2b278a47a1b1cd151417f1d7f44fa39; Path=/; hostOnly=true; aAge=52ms; cAge=52ms" } } } } } } +0ms

But the html in response.body is a new login page (the site redirects to a login page if you are not logged in), showing the login did not work.

The site also redirect to another page if the login was successful.
So I really want to chain getting
result.request(/customer/interestingpage', function (error, response, body)
after logging in.

Code for csrfloginshort.js

var csrfLogin = require('csrf-login'); process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";

var options = { loginFormId: 'login-form', tokenFieldName: 'csrfToken', loginPath: '/customer/login', loginUsernameField : "user_name", loginPasswordField : "user_password", username: "myuser", password: "123456", host: "https://blablaserver.internal:8469" };

console.log('trying to login', options.username, 'to', options.host); csrfLogin(options) .then(function (result) { result.request('/customer/login', function (error, response, body) { console.log(response.body); console.log(result.jar._jar.store); }) })

Any suggestion would be appreciated
@trajekolus
Copy link
Author

Another anomaly I see in the DEBUG output is a space between the port and the path:
csrf Login to https://blablaserver.internal:8469 /customer/login

Also, if I do console.log(result), one thing I notice is:
path: '/login',

The path should be '/customer/login'

@trajekolus
Copy link
Author

It appears to me that the problem is that the login url path is not handled right when it consists of two components: /customer/login
The exact same code works fine with a Django site which has /login as the login url path

Full DEBUG:

using environment variables only csrf fetching page /customer/login +9ms csrf login page info { method: 'post', url: 'login', csrf: '76f40794791567a5b8078f56c9271d1393fd29a7a78d02c67a64e6ac34e708b0', csrfName: 'csrfToken', headers: { server: 'nginx', date: 'Wed, 31 May 2017 00:24:14 GMT', 'content-type': 'text/html; charset=UTF-8', 'transfer-encoding': 'chunked', connection: 'close', 'strict-transport-security': 'max-age=63072000', 'x-frame-options': 'DENY', 'set-cookie': [ 'clientsession=45gb4kgo83lvh2j93dajuq0444; path=/' ], expires: 'Thu, 19 Nov 1981 08:52:00 GMT', 'cache-control': 'no-store, no-cache, must-revalidate, post-check=0, pre-check=0', pragma: 'no-cache', vary: 'Accept-Encoding' } } +132ms csrf csrf info { method: 'post', url: 'login', csrf: '76f40794791567a5b8078f56c9271d1393fd29a7a78d02c67a64e6ac34e708b0', csrfName: 'csrfToken', headers: { server: 'nginx', date: 'Wed, 31 May 2017 00:24:14 GMT', 'content-type': 'text/html; charset=UTF-8', 'transfer-encoding': 'chunked', connection: 'close', 'strict-transport-security': 'max-age=63072000', 'x-frame-options': 'DENY', 'set-cookie': [ 'clientsession=45gb4kgo83lvh2j93dajuq0444; path=/' ], expires: 'Thu, 19 Nov 1981 08:52:00 GMT', 'cache-control': 'no-store, no-cache, must-revalidate, post-check=0, pre-check=0', pragma: 'no-cache', vary: 'Accept-Encoding' } } +3ms csrf Login to https://blablaserver.internal:8469 /customer/login +1ms csrf trying to login 0424000771 +0ms csrf success login to undefined +50ms csrf jar RequestJar { _jar: CookieJar { enableLooseMode: true, store: { idx: { 'omvweb04.internal': { '/': { clientsession: Cookie="clientsession=45gb4kgo83lvh2j93dajuq0444; Path=/; hostOnly=true; aAge=48ms; cAge=105ms" } }, null: { '/': { csrftoken: Cookie="csrftoken=76f40794791567a5b8078f56c9271d1393fd29a7a78d02c67a64e6ac34e708b0; Path=/; hostOnly=true; aAge=50ms; cAge=50ms" } } } } } } +0ms

@trajekolus
Copy link
Author

In the source, if I change the following in csrf-login.js, it works:
change:
var loginUrl = csrfInfo.url
to
var loginUrl = conf.get('loginPath')

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@trajekolus