Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Basic Auth in URL escaping ? #4091

Closed
spras opened this issue May 1, 2019 · 6 comments
Closed

Basic Auth in URL escaping ? #4091

spras opened this issue May 1, 2019 · 6 comments
Labels
stage: needs investigating Someone from Cypress needs to look at this stale no activity on this issue for a long period

Comments

@spras
Copy link

spras commented May 1, 2019
edited by jennifer-shehane

Current behavior:

I can't test with basic authentication in URL because of some special character in password.

Steps to reproduce: (app code and test code)

Please see this example : http://github.com/spras/issue-cypress

There's a docker nginx config with basic authentication

two users:password are authorized:

user:pass
userIssue:*Y7QcbKRcGKze\5d

when we test basic auth via browser it'ok.

when we test basic auth via curl it'ok, escaping the * and the \ of the password :

curl http://user:pass@localhost
curl http://userIssue:\*Y7QcbKRcGKze\\5d@localhost

are fine

CYPRESS_baseUrl=http://user:pass@localhost $(npm bin)/cypress open

It's perfectly fine

CYPRESS_baseUrl=http://userIssue:\*Y7QcbKRcGKze\\5d@localhost/ $(npm bin)/cypress open

Doesn't work :

Capture d’écran 2019-05-01 à 16 41 25

Capture d’écran 2019-05-01 à 16 39 54
@cypress-bot cypress-bot bot added the stage: ready for work The issue is reproducible and in scope label May 2, 2019
@jennifer-shehane jennifer-shehane removed the stage: ready for work The issue is reproducible and in scope label May 2, 2019
@jennifer-shehane
Copy link
Member

Can you attempt to call cy.visit() with the basic auth url pasted directly into the cy.visit() command, not using the baseUrl from the config? What is the result when you do this?

I want to see if this is isolated to the baseUrl since there have been issues with this config and basic auth. #1598

Also, it's hard to tell if this is the actual url it is visiting or if this is just Cypress escaping the characters when showing the text of the error messages.

Could you run the following command to open Cypress and click on the failing test? Then please paste the logs here. This should log the actual url request that went out:

DEBUG=cypress:server:request cypress open

It should look something like this:

cypress:server:request sending request as stream { auth: null, failOnStatusCode: true, method: 'GET', body: null, headers: { accept: 'text/html,/', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36' }, gzip: false, url: 'https://examples.cypress.io/commands/actions', followRedirect: [Function], strictSSL: false }

@cypress-bot cypress-bot bot added the stage: needs information Not enough info to reproduce the issue label May 2, 2019
@spras
Copy link
Author

spras commented May 2, 2019
edited by jennifer-shehane

Some precisions :

Using URLEncode \=> %5C solve the problème in firefox but not in chrome

Open a private window in firefox , put http://userIssue:*Y7QcbKRcGKze%5C5d@localhost in the address bar, it is OK

Open a private window in chrome , put http://userIssue:*Y7QcbKRcGKze%5C5d@localhost in the address bar, it is KO, the open the user / password prompt

When testing it on cypress :
CYPRESS_baseUrl=http://userIssue:*Y7QcbKRcGKze%5C5d@localhost/ $(npm bin)/cypress open

I haven't the warning anymore, but when i run the test, there's a 401 error

@spras
Copy link
Author

spras commented May 2, 2019
edited by jennifer-shehane

I tried with the DEBUG=cypress:server:request parameter.

With baseUrl and cy.visit('/') i get this :

cypress:server:request sending request as stream { 
  auth: { 
    username: 'userIssue', 
    password: '*Y7QcbKRcGKze%5C5d' 
  }, 
  failOnStatusCode: true, 
  method: 'GET', 
  body: null, 
  headers: { accept: 'text/html,*/*', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36' }, 
  gzip: false, 
  url: 'http://localhost/', 
  followRedirect: [Function], 
  strictSSL: false 
} +0ms
cypress:server:request setting request jar cookies [] +131ms

without baseUrl and cy.visit('http://userIssue:*Y7QcbKRcGKze%5C5d@localhost/') i get this:

cypress:server:request sending request as stream { 
  auth: { 
    username: 'userIssue', 
    password: '*Y7QcbKRcGKze%5C5d' 
  }, 
  failOnStatusCode: true, 
  method: 'GET', 
  body: null, 
  headers: { accept: 'text/html,*/*', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36' }, 
  gzip: false, 
  url: 'http://localhost/', 
  followRedirect: [Function], 
  strictSSL: false 
} +0ms
cypress:server:request setting request jar cookies [] +87ms

in both cases, the test give a 401 error

When i doesn't urlencode the password, and try cy.visit('http://userIssue:*Y7QcbKRcGKze\\5d@localhost/')

i get the Error: getaddrinfo ENOTFOUND userissue userissue:80

cypress:server:request sending request as stream { 
  auth: null, 
  failOnStatusCode: true, 
  method: 'GET', 
  body: null, 
  headers: { accept: 'text/html,*/*', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36' }, 
  gzip: false, 
  url: 'http://userissue/:*y7qcbkrcgkze/5d@localhost/', 
  followRedirect: [Function], 
  strictSSL: false 
} +0ms

@cypress-bot cypress-bot bot added stage: needs investigating Someone from Cypress needs to look at this and removed stage: needs information Not enough info to reproduce the issue labels Jul 11, 2019
@allista
Copy link

allista commented Apr 30, 2020

I have the same problem, but in my case nothing helps, as the password ENDS with the '@' symbol.

@cbruge cbruge mentioned this issue Dec 16, 2020
Closed
@cypress-app-bot
Copy link
Collaborator

This issue has not had any activity in 180 days. Cypress evolves quickly and the reported behavior should be tested on the latest version of Cypress to verify the behavior is still occurring. It will be closed in 14 days if no updates are provided.

@cypress-app-bot cypress-app-bot added the stale no activity on this issue for a long period label May 18, 2023
@cypress-app-bot
Copy link
Collaborator

This issue has been closed due to inactivity.

@cypress-app-bot cypress-app-bot closed this as not planned Won't fix, can't repro, duplicate, stale Jun 2, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stage: needs investigating Someone from Cypress needs to look at this stale no activity on this issue for a long period
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@spras @jennifer-shehane @allista @cypress-app-bot