Authentication failed with ReacJS form
Hi,
I tried to scan an application with an authentication form created by Javascript (ReactJS framework). Arachni does not succeed to login to the application, gere the ruby script I used :
browser.goto 'https://***********.com/'
browser.screenshot.save('screen1.jpg')
browser.text_field(:id => 'username' ).set '****'
browser.text_field(:id => 'password' ).set '****'
browser.element(:id => 'confirm-login' ).click
browser.screenshot.save('screen2.jpg')
framework.options.session.check_url = browser.url
framework.options.session.check_pattern = 'pattern'
It's a simple authentication flow (no SSO login or Federation system). Here the logs output from Arachni :
Session: [Watir::Exception::UnknownObjectException] unable to locate element, using {:id=>"username", :tag_name=>"input or textarea", :type=>"(any text type)"}
The "screen1.jpg" does not print the authentication form, only the background of the webpage is present. I tried to add a sleep(x) or a waitForElement just after the goto but the scan does not work either.
Here the source code when I inspect the web page (with chrome/firefox):
<form id="login-form">
<div><!-- react-empty: 5 -->
<div>
<div class="form-group">
<label class="control-label h5"><span>email address</span></label>
<div>
<input type="email" value="" name="username" autocomplete="email" id="username" class="form-control">
</div>
</div>
<div class="form-group">
<label class="control-label w100 h5"><span>Password</span></label>
<input type="password" value="" name="password" autocomplete="current-password" id="password" class="form-control">
</div>
<a class="small" href="/forget"><span>Forgot your password ?</span></a>
</div>
</div>
<button id="confirm-login" type="submit" class="btn-block btn-success btn btn-primary" style="margin-top: 10px;"><span>Login</span></button>
</form>
Javascript is necessary to visit the webpage and to have access to the authentication form.
Have you an idea to fix this situation and succeed to scan this aplication ?
Regards,
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
1 Posted by Gordon on 20 Mar, 2018 08:36 PM
I had similar problems with my script before. Not as a fix, but rather as a suggestion, I can advise to add some sleeps commands. Try below approach and let us know if that helps
sleep 2
browser.goto 'https://********.com/'
sleep 2
browser.screenshot.save('screen1.jpg')
browser.text_field(:id => 'username').wait_until_present
browser.text_field(:id => 'username' ).set ''
browser.text_field(:id => 'password').wait_until_present
browser.text_field(:id => 'password' ).set '***'
browser.element(:id => 'confirm-login' ).click
browser.screenshot.save('screen2.jpg')
Another approach will be to check there is only one unique id of 'username' on the page.
Support Staff 2 Posted by Tasos Laskos on 26 Mar, 2018 07:43 AM
That could work sometimes but this is the proper way to wait for elements: http://www.rubydoc.info/gems/watir-webdriver/Watir/Wait