I have a WebApplication that I want to secure with the security-constraint in the web.xml.
Here the loginConfig from the web.xml
<login-config>
<auth-method>FORM</auth-method>
<realm-name>MyUserRealm</realm-name>
<form-login-config>
<form-login-page>/login/login.html</form-login-page>
<form-error-page>/login/login-error.html</form-error-page>
</form-login-config>
</login-config>
And here the security constraints:
<security-constraint>
<web-resource-collection>
<web-resource-name>Public</web-resource-name>
<url-pattern>/login/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Private</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>**</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
This works fine and I get redirected to the required login.html site where I can authenticate myself properly.
login.html looks like this:
<form method="post" action="/j_security_check" id="loginform">
<input class="login" value="" name="j_username" maxlength="25" type="text" placeholder="Username" required/>
<input class="login" value="" name="j_password" maxlength="25" type="password" placeholder="Password" required/>
<input name="submit" type="submit" value="Login" />
</form>
My Problem now is, that the URI Fragments I used for the original URL are forwarded to the login site, but after the authentication not included back to the original site. Because of that I lose all my Fragments and Parameters I want to check in the WebApp.
Anyone an idea why the URI-Fragments are removed?
URI Fragments are not sent by a browser to a server.
See past answer on the subject: https://stackoverflow.com/a/13503246/775715
Related
I'm using the native HTML5 validation for an "email" field and it works fine! However, I would like to increase it to a specific case, where I do not want to accept emails with "free" domains (gmail, hotmail, etc).
I did the regular expression and tested it and it worked correctly (Here you can do the test: https://regex101.com/r/wBt3YN/1). But when applying to the pattern of the email field, nothing happens.
How to proceed?
Some strings:
maykel#gmail.com -> Can't allow
maykel#marfin.com -> Can allow
maykel#outlook.com -> Can't allow
Regex Pattern
^([\w-.]+#(?!gmail\.com)(?!yahoo\.com)(?!hotmail\.com)(?!mail\.com)(?!live\.com)(?!aol\.com)(?!outlook\.com)(?!bol\.com)(?!msn\.com)(?!ymail\.com)([\w-]+.)+[\w-]{2,4})?$
My form
<form>
<div class="field">
<label for="email">Email Corporativo</label>
<input
type="email"
name="email"
id="email"
value=""
pattern="^([\w-.]+#(?!gmail\.com)(?!yahoo\.com)(?!hotmail\.com)(?!mail\.com)(?!live\.com)(?!aol\.com)(?!outlook\.com)(?!bol\.com)(?!msn\.com)(?!ymail\.com)([\w-]+.)+[\w-]{2,4})?$"
title="Utilize seu email corporativo"
placeholder=""
required
>
</div>
<input type="submit" value="ENVIAR">
</form>
Here is my code where I do not allow yahoo & hotmail. However, e-mail validation is a very delicate thing.
<form>
<div class="field">
<label for="email">Email Corporativo</label>
<input
type="email"
name="email"
id="email"
value=""
pattern="^[^#]+#(?!(yahoo|hotmail))[^#]+\.[a-z]{2,}$"
title="Utilize seu email corporativo"
placeholder=""
required
>
</div>
<input type="submit" value="ENVIAR">
</form>
I am new to Jest test cases writing, Trying to write the test case for checking navigation in an react application.
Currently I have written test case which works like below:
I have Login page which is having register link on it, which redirects user to the Register page. So what I am checking is
1. Loading the login page
2. Triggered Register link click event
3. So user moved to the Register page
but I am not able to check if the Register page is loaded or not? Is there any way to check the snapshot of the "Register" page and link in URL.
I have used jest, enzyme and react-test-render as shown in below code.
Login Page Html
<React.Fragment>
<BodyContainer noDrawer fullSpan>
<Grid container spacing={0} className={classes.gridContainer}>
<Grid item xs={12} md={6} lg={7} className="login--form">
<div className="login--form--container">
<img src={LogoPurple} alt="ABL" className="onboarding-logo" />
<h3>Welcome back! Please login to your account.</h3>
{error ? <p>{error}</p> : null}
<Field name="email" component={renderTextField} label="Email" style={styles.formField}/>
<Field name="password" component={renderTextField} label="Password" style={styles.formField} />
<Field name="rememberMe" component={renderCheckbox} label="Remember Me" />
<div className="has-spacing">
<Button variant="raised" size="large" color="primary" className="extraLarge" type="submit" onClick={this.handleSubmit}>
Login
</Button>
</div>
<Link to="forgot-password">Forgot Password</Link>
<p className="need-account">
Need an account?
<Link to="/register">
<strong> Sign up</strong>
</p>
</Link>
<LegalLinks />
</div>
</Grid>
</Grid>
</BodyContainer>
</React.Fragment>
In above code register is the link used to navigate.
thanks in advance...
We have website developers redesigning the whole site in Django, and these are questions from our website developers I don't have any real knowledge of how to answer, so I thought someone here might be able to help.
We ran into a few problems with the web to lead and having it map to Salesforce which I HOPE we resolved.
Here's the code snippet:
<!-- ---------------------------------------------------------------------- -->
<!-- NOTE: Please add the following <META> element to your page <HEAD>. -->
<!-- If necessary, please modify the charset parameter to specify the -->
<!-- character set of your HTML page. -->
<!-- ---------------------------------------------------------------------- -->
<META HTTP-EQUIV="Content-type" CONTENT="text/html; charset=UTF-8">
<!-- ---------------------------------------------------------------------- -->
<!-- NOTE: Please add the following <FORM> element to your page. -->
<!-- ---------------------------------------------------------------------- -->
<form action="https://www.salesforce.com/servlet/servlet.WebToLead?encoding=UTF-8" method="POST">
<input type=hidden name="oid" value="SFDCidhere">
<input type=hidden name="retURL" value="http://">
<!-- ---------------------------------------------------------------------- -->
<!-- NOTE: These fields are optional debugging elements. Please uncomment -->
<!-- these lines if you wish to test in debug mode. -->
<!-- <input type="hidden" name="debug" value=1> -->
<!-- <input type="hidden" name="debugEmail" -->
<!-- value="emailaddresshere"> -->
<!-- ---------------------------------------------------------------------- -->
<label for="first_name">First Name</label><input id="first_name" maxlength="40" name="first_name" size="20" type="text" /><br>
<label for="last_name">Last Name</label><input id="last_name" maxlength="80" name="last_name" size="20" type="text" /><br>
<label for="email">Email</label><input id="email" maxlength="80" name="email" size="20" type="text" /><br>
<label for="company">Company</label><input id="company" maxlength="40" name="company" size="20" type="text" /><br>
<label for="phone">Phone</label><input id="phone" maxlength="40" name="phone" size="20" type="text" /><br>
Subject:<textarea id="00N1600000EgFuw" name="00N1600000EgFuw" rows="3" type="text" wrap="soft"></textarea><br>
Contact me:<input id="00N1600000EvgRY" name="00N1600000EvgRY" type="checkbox" value="1" /><br>
newsletter:<input id="00N1600000EvgRd" name="00N1600000EvgRd" type="checkbox" value="1" /><br>
<input type="submit" name="submit">
</form>
That's what the web-to-lead from SFDC generates, and seems to work now.
However they have 2 questions I am not certain about and would love assistance with:
1) The specs for the new site require that the return page be the one the form was sent from (I.e., no redirection; we’re intending to do the equivalent of a “thanks” page as a pop-up onClick() — how is that accomplished through the API? I’d EXPECT that sending an empty retURL value should do it, but we just get back a blank page with a salesforce.com URL;
2) is it possible to customize the “name” parameter for the two checkbox fields (if not then we have to hack the entire form in the Django template without making it possible for Django to render the form natively since you can’t have a model form field name start with a digit…). This isn’t THAT problematic, but I’d like to know for future reference.
If anyone has any insight, I'd love to hear it and pass it along to them!
Many thanks.
Not sure your solution.
The common way that you could using the Partner WSDL or Enterprise WSDL to insert,update,upsert ,delete your data
Parnter WSDL:
not custom from your salesforce org, but it could be common way to get your data.
In python your could use this package
https://pypi.python.org/pypi/pyforce/1.4
And reference by this
https://developer.salesforce.com/docs/atlas.en-us.api.meta/api/sforce_api_partner.htm
Enterprise WSDL will show your salesforce org status (including field and object) . But one your objects or fields are changing that it might be error.
So i suggest using api to control the redirect function and the action.
My solution is as follows in an example
from captcha.fields import ReCaptchaField
from django.conf import settings
def set_field_html_name(cls, new_name):
"""
This creates wrapper around the normal widget rendering,
allowing for a custom field name (new_name).
"""
old_render = cls.widget.render
def _widget_render_wrapper(name, value, attrs=None):
return old_render(new_name, value, attrs)
cls.widget.render = _widget_render_wrapper
class WebToLeadForm(forms.Form):
# <keep all fields here>
# example field below
referred_by = forms.CharField(label="Referred By", required=False)
# The reCAPTCHA in this form uses keys from settings.
captcha = ReCaptchaField()
set_field_html_name(referred_by, settings.SF_REFERRED_BY)
settings.py
SF_REFERRED_BY = '00xxxxxxxxxxxx'
please bear with me, i'm brand new to Python!
I'm trying to login to a website which uses PHP. The form contains two hidden fields, the value of one and the name of another are generated on page load.
My code below successfuly accesses the page and using regex manages to return the values - great!
The problem I am having is that I then generate my querystring that will be used for the POST (this contains the two values obtained earlier) and opens the url again. This generates brand new tokens/values and my originals are of no use.
Can someone shed some light on how I can connect to a site, use regex to get the values and then POST all in the same connection.
I hope i've made myself clear, if not please let me know.
Thanks in advance for your help.
import urllib2,urllib,re,cookielib
url='http://www.example.com/index.php'
req = urllib2.Request(url)
req.add_header('User-Agent', 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.3 Gecko/2008092417 Firefox/3.0.3')
response = urllib2.urlopen(req)
link=response.read()
response.close()
token1=re.compile('<input type="hidden" name="return" value="(.+?)" />').findall(link)
token2=re.compile('<input type="hidden" name="(.+?)" value="1" />').findall(link)
print token1[0]
print token2[0]
username = 'username'
password = 'password'
cj = cookielib.CookieJar()
opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj))
login_data = urllib.urlencode({'username' : username, 'password' : password, 'return' : token1[0], token2[0] : '1', 'Submit' : 'Log in', 'option' : 'com_users', 'task' : 'user.login'})
opener.open('http://www.example.com/index.php', login_data)
resp = opener.open('http://www.example.com/index.php')
FORM:
<form action="/index.php/welcome2" method="post" id="login-form" >
<fieldset class="userdata">
<p id="form-login-username">
<label for="modlgn-username">User Name</label>
<input id="modlgn-username" type="text" name="username" class="inputbox" size="18" />
</p>
<p id="form-login-password">
<label for="modlgn-passwd">Password</label>
<input id="modlgn-passwd" type="password" name="password" class="inputbox" size="18" />
</p>
<p id="form-login-remember">
<label for="modlgn-remember">Remember Me</label>
<input id="modlgn-remember" type="checkbox" name="remember" class="inputbox" value="yes"/>
</p>
<input type="submit" name="Submit" class="button" value="Log in" />
<input type="hidden" name="option" value="com_users" />
<input type="hidden" name="task" value="user.login" />
<input type="hidden" name="return" value="aW5kZXgucGhwP0l0ZW1pZD0xMjc=" />
<input type="hidden" name="c813c34837e4e48e8e3268c0a42912a2" value="1" />
</fieldset>
<ul>
<li>
<a href="/index.php/my-account/my-details?view=reset">
Forgot your password?</a>
</li>
<li>
<a href="/index.php/my-account/my-details?view=remind">
Forgot your username?</a>
</li>
<li>
<a href="/index.php/register">
Create an account</a>
</li>
</ul>
</form>
When you write...
opener.open('http://www.example.com/index.php', login_data)
resp = opener.open('http://www.example.com/index.php')
Why not just this?
resp = opener.open('http://www.example.com/index.php', login_data)
I've never used this Python library, but my first reaction is that this would give you the response text all in one request, with which you can get the new token, wouldn't it?
Update based on form: It looks like your problem is you're POSTing the login info to index.php rather than index.php/welcome.
I have two different forms on my home page: one for logins and one for registrations. As you can see from the code, the forms have inputs with different names:
<h3> Log In </h3>
<form action="/login/" method="POST" class="form-vertical" style="padding-top: 5px">
<input id="id_login_username" type="text" name="login_username" maxlength="25" />
<input type="password" name="login_password" id="id_login_password" /><br>
<button type="submit" class="btn btn-info">Login</button>
</form>
<h3> Sign Up <small>(It's free!)</small></h3>
<form action="/register/" method="POST" class="form-vertical" style="padding-top: 5px">
<input id="id_register_username" type="text" name="register_username" maxlength="25" />
<input type="text" name="register_email" id="id_register_email" />
<input type="password" name="register_password" id="id_register_password" />
<input type="password" name="register_password2" id="id_register_password2" /><br>
<button type="submit" class="btn">Submit</button>
</form>
Which renders to this in Chrome:
What can be causing this? And how can I fix it?
That's a really good question and I'm sorry to say I have no idea. Did
you try to register once and also login at least once? If so, that
"might" be what's causing it as browsers come complete with the
"autoremember" feature.
Assuming autofill is enabled (it is by default), the reason it autofills the rest is because chrome's autofill server works on regular expressions, not exact matches.
All the regular expressions used for the various fields can be found in autofill_regex_constants.cc.utf8.
From there you can see that the expression for email field is "e.?mail" and for username it is "user.?name|user.?id|nickname|maiden name|title|prefix|suffix"
It appears a similar question has been asked before:
What is the correct way to stop form input boxes auto-completing?
There is an autocomplete attribute you can use in form fields.
<input id="id_login_username" type="text" name="login_username" maxlength="25" autocomplete="off" />