Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

portable BASIC auth #453

Closed
akostadinov opened this issue Apr 14, 2015 · 19 comments
Labels

Comments

@akostadinov
Copy link

@akostadinov akostadinov commented Apr 14, 2015

Hello, reading through old issue:
https://code.google.com/p/selenium/issues/detail?id=34

I can't find any descent way to test sites using basic auth that's stable and portable across browsers and OSes. Any hope selenium can implement reliable and portable basic auth support?

@lukeis

This comment has been minimized.

Copy link
Member

@lukeis lukeis commented Apr 14, 2015

@lukeis

This comment has been minimized.

Copy link
Member

@lukeis lukeis commented Apr 14, 2015

more info... good to have out there :)

the W3C spec is working on 1.0 version, handling HTTP AUTH has been decided to be handled in the next version of the spec.

The only bit in 1.0 covering a piece of HTTP Auth is that the driver should return when presented with a dialog.
This is the spec test for that:
https://github.com/w3c/web-platform-tests/blob/master/webdriver/navigation/auth_tests.py

Keep in mind "Selenium" isn't intending on being spec compliant until we release a 4.0 version? (This is up in the air a bit as we want to make a '3.0' version that has the Selenium RC separation)

@lukeis

This comment has been minimized.

Copy link
Member

@lukeis lukeis commented Jul 15, 2015

recent commits to the IEDriver allow the use of setting the credentials in the Basic Auth dialog box.

using driver.switchTo().alert().authenticateUsing (in java) or driver.switch_to.alert.authenticate (in python).

This is currently only available with IE (and if you grab the latest from master)

@baudren

This comment has been minimized.

Copy link

@baudren baudren commented Nov 10, 2015

@lukeis Any estimation if/when this will be ported to Firefox/Chrome/others any time?
I am also confused about how it will work. Currently, when using get on an url that requires authentication, the method does not return. Is there any sort of delayed fire for Selenium to make this work in Python?

In any case, simple authentication usage that does not involve sending in clear text any password would be nice to have (currently, when using the technique username:password@website.com, it is logged on the selenium grid master, which is suboptimal for security reasons).

@lukeis

This comment has been minimized.

Copy link
Member

@lukeis lukeis commented Nov 10, 2015

Firefox is unlikely to have this implemented in the Selenium project's FirefoxDriver. It's much more likely to get implemented in Marionette instead, although that is only implementing the w3c spec currently which only states to not block navigation when the authentication prompt is displayed.

The behavior will be that after issuing a driver.get and the prompt appears, the get command will then immediately return.

As for clear text going across the wire to control the remote end... sorry, this isn't going to be changed with this implementation and can still be logged in plain text by a hub or any other intermediary node. Also the transmission of the command is done in plain text, without ussing ssl. So anyone sniffing on the network would be able to read it too.

@baudren

This comment has been minimized.

Copy link

@baudren baudren commented Nov 11, 2015

Ok, fair enough. Thank you for pointing me towards Marionette - I had not heard about it yet. Thanks also for the clarification on clear text, and good luck with this project!

@PatrickHuetter

This comment has been minimized.

Copy link

@PatrickHuetter PatrickHuetter commented Dec 4, 2015

+1

@divsrinivasan

This comment has been minimized.

Copy link

@divsrinivasan divsrinivasan commented Apr 14, 2016

i need help in Authentication pop up.
Iam looking for this solution since 2 weeks. iam learning Selenium with Python so its kind of self learning.
i tried all the methods
profile = webdriver.FirefoxProfile()
profile.set_preference('network.http.phishy-userpass-length', 255)
self.driver = webdriver.Firefox(firefox_profile=profile)
self.driver.get("http://username:Password@websitr.com")
this did not work for me.

Neither this worked
import unittest
from selenium import webdriver
from selenium.webdriver.support.ui import WebDriverWait
from selenium.webdriver.support.ui import Select
from selenium.webdriver.support import expected_conditions as EC
from selenium.webdriver.common.keys import Keys
self.driver = webdriver.Firefox()
self.driver.get("website")
wait = WebDriverWait(self.driver, 5)
alert = wait.until(EC.alert_is_present())
alert = self.driver.switch_to_alert()
alert.send_keys('username')
alert.send_keys(Keys.TAB)
alert.send_keys('password')
alert.accept()

@gerixx

This comment has been minimized.

Copy link
Contributor

@gerixx gerixx commented Dec 12, 2016

FYI - with Firefox 50, Selenium 3.0.1 and using the Alert API:
alert.authenticateUsing(new UserAndPassword(login, pwd))
I get following error:
org.openqa.selenium.UnsupportedCommandException: POST /session/f1e069b6-c662-4933-9193-0b7f9930e2b0/alert/credentials did not match a known command

Doing the same with Chrome 54 it hangs infinitely.

@FibreFoX

This comment has been minimized.

Copy link

@FibreFoX FibreFoX commented Feb 28, 2017

Is there any progress on this issue? What is required to have this being "fixed"/provided for us testers/developers?

The initial report (archived version at SeleniumHQ/selenium-google-code-issue-archive#34) was created 2007, now is ten years later ;) maybe some forgotten issue?

@aaltat

This comment has been minimized.

Copy link

@aaltat aaltat commented Jun 21, 2017

Because Chrome 59 dropped support for providing the basic authentication in the URL [1], I am having problem how to do the basic authentication. When I try to: Alert(driver).authenticate('user', 'password') I get exception. Also when doing: driver.switch_to_alert..authenticate('user', 'password') or WebDriverWait(driver, 10).until(EC.alert_is_present()) fails on exception.

Is there a solution from selenium side to perform basic authentication?

Here is my code:

from selenium import webdriver
from selenium.webdriver.common.alert import Alert

url = 'https://httpbin.org/basic-auth/user/passwd'
driver = webdriver.Chrome()
driver.get(url)
try:
    Alert(driver).authenticate('user', 'password')
except Exception:
    raise
finally:
    driver.quit()

And this is the exception I get:

Traceback (most recent call last):
  File "C:\tmp1.py", line 8, in <module>
    Alert(driver).authenticate('user', 'password')
  File "C:\Python27\lib\site-packages\selenium\webdriver\common\alert.py", line 121, in authenticate
    {'username': username, 'password': password})
  File "C:\Python27\lib\site-packages\selenium\webdriver\remote\webdriver.py", line 256, in execute
    self.error_handler.check_response(response)
  File "C:\Python27\lib\site-packages\selenium\webdriver\remote\errorhandler.py", line 165, in check_response
    raise exception_class(value)
selenium.common.exceptions.WebDriverException: Message: unknown command: session/b84df7f911ea9db2886aba10ac20f138/alert/credentials

I using ChromeDriver 2.30.477700, selenium 3.4.3 and Python Python 2.7.13.
[1] https://www.chromestatus.com/feature/5669008342777856

@shs96c

This comment has been minimized.

Copy link
Member

@shs96c shs96c commented Jun 22, 2017

This is the relevant spec issue: w3c/webdriver#385 It's tagged for Milestone 2. This means it won't be in the first level of the spec (which is currently in CR), but should be in the next version of the spec.

It's something that everyone wanted to have sorted out, but which we never managed to properly spec out.

@p0deje

This comment has been minimized.

Copy link
Member

@p0deje p0deje commented Jun 22, 2017

At the moment, WebDriver specification doesn't tell drivers to support HTTP authentication. Since Selenium implements the spec, it doesn't support auth as well.

There is an open bug for specification to add support of HTTP authentication, so once it's done, support will be added to Selenium. Please, track w3c/webdriver#385.

@p0deje p0deje closed this Jun 22, 2017
@aaltat

This comment has been minimized.

Copy link

@aaltat aaltat commented Jun 22, 2017

So for now the best option is to make Chrome extension. I guess I will go to that direction then.

@SchulteMarkus

This comment has been minimized.

Copy link

@SchulteMarkus SchulteMarkus commented Jun 26, 2017

@p0deje Thanks for the information

@rolish

This comment has been minimized.

Copy link

@rolish rolish commented Feb 22, 2018

Easier than Chrome extension is to use chrome command line argument:
--disable-blink-features=BlockCredentialedSubresources

Works also for Headless Chrome which do not support extensions properly.

@fmaupas

This comment has been minimized.

Copy link

@fmaupas fmaupas commented Apr 8, 2018

@rolish - can you provide a code example of how to handle the authentification using chrome command line argument ?

@rolish

This comment has been minimized.

Copy link

@rolish rolish commented Apr 18, 2018

@fmaupas, I'm using robot framework with selenium.

Helper python function (robot keyword):

from selenium import webdriver
def get_chrome_options():
  options = webdriver.ChromeOptions()
  options.add_argument('--disable-blink-features=BlockCredentialedSubresources')
  return options

In robot framework I do:

    ${chrome_options}  get chrome options 
    ${kwargs}  create dictionary  chrome_options=${chrome_options}
    create webdriver  Chrome  kwargs=${kwargs}  alias=session1
    go to  http://username:password@host:port/

Hope it helps.

@lock lock bot locked and limited conversation to collaborators Aug 16, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
You can’t perform that action at this time.