Beefy Boxes and Bandwidth Generously Provided by pair Networks
Do you know where your variables are?
 
PerlMonks  

Re: Multiple Step Login in Perl

by sundialsvc4 (Abbot)
on May 20, 2014 at 16:53 UTC ( [id://1086822]=note: print w/replies, xml ) Need Help??


in reply to Multiple Step Login in Perl

Also, in the spirit of “most common oops,” be certain that your user-agent does have a cookie-jar, that it does follow redirects, and that it does capture and properly return all GET-variables.   I suggest that you perform a manual login while using a browser-debugger such as Firebug, and note exactly where and how authentication tokens are being exchanged.   Sometimes they are “in-band” to the SOAP, and sometimes, “out-of-band.”   It can be quite difficult to predict what a particular designer might have done.   Once you know, similarly inspect your code to be certain that it does exactly the same, for both error and non-error cases, and that it knows when to give-up.

I find it useful to create a “mock host” in Perl for testing purposes.   Once you know exactly what the real host does, you build a small Perl script that you can connect-to over an appropriate localhost port, and bounce your client against that.   The mock-host will never lock you out.   (Unless, of course, you need to mock that behavior too, for testing purposes.)

Finally, note that tools like Wireshark cannot help you with encrypted (https ...) content, whereas a browser debugger can.

Replies are listed 'Best First'.
Re^2: Multiple Step Login in Perl
by redgreen (Priest) on May 20, 2014 at 17:11 UTC
[reply]
Re^2: Multiple Step Login in Perl
by sylph001 (Sexton) on May 20, 2014 at 17:28 UTC
    Can you explain a bit about what does the 'in-band' and 'out-of-bank' refer to?
    From my view of the web page, the SOAP response only contains the '__REQUESTDIGEST' value, which shows in the POST content I caught using firebug.
    Also, the other form parameters seem not changed, by comparing what was extracted from page source, with those caught from the POST content in firebug.

    Regards
[reply]
      sylph001,
      I have no idea what the original author intended by in and out of band but here are some interesting things I have ran into while doing website automation:
      • Cookies being set with Javascript
      • Authentication using an Ajax JSON post not associated with the "login" button
      • Redirecting to a 1 use URL which authenticated and then redirected to normal page
      I am sure there are others but the point was that not all authentication methods are straight forward.

      Cheers - L~R

[reply]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://1086822]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others meditating upon the Monastery: (3)
As of 2024-04-25 12:21 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found