portable BASIC auth

[akostadinov]

Hello, reading through old issue:
https://code.google.com/p/selenium/issues/detail?id=34

I can't find any descent way to test sites using basic auth that's stable and portable across browsers and OSes. Any hope selenium can implement reliable and portable basic auth support?

[lukeis]

There's a stub API to handle this, but it's not implemented anywhere:

http://seleniumhq.github.io/selenium/docs/api/java/org/openqa/selenium/Alert.html#authenticateUsing-org.openqa.selenium.security.Credentials-

[lukeis]

more info... good to have out there :)

the W3C spec is working on 1.0 version, handling HTTP AUTH has been decided to be handled in the next version of the spec.

The only bit in 1.0 covering a piece of HTTP Auth is that the driver should return when presented with a dialog.
This is the spec test for that:
https://github.com/w3c/web-platform-tests/blob/master/webdriver/navigation/auth_tests.py

Keep in mind "Selenium" isn't intending on being spec compliant until we release a 4.0 version? (This is up in the air a bit as we want to make a '3.0' version that has the Selenium RC separation)

[kenorb]

Related:

• How to send Basic Authentication headers in Selenium?
• How to perform Basic Authentication for FirefoxDriver, ChromeDriver and IEdriver?
• How to override basic authentication in selenium2 chrome driver?

[lukeis]

recent commits to the IEDriver allow the use of setting the credentials in the Basic Auth dialog box.

using driver.switchTo().alert().authenticateUsing (in java) or driver.switch_to.alert.authenticate (in python).

This is currently only available with IE (and if you grab the latest from master)

[baudren]

@lukeis Any estimation if/when this will be ported to Firefox/Chrome/others any time?
I am also confused about how it will work. Currently, when using get on an url that requires authentication, the method does not return. Is there any sort of delayed fire for Selenium to make this work in Python?

In any case, simple authentication usage that does not involve sending in clear text any password would be nice to have (currently, when using the technique username:[email protected], it is logged on the selenium grid master, which is suboptimal for security reasons).

[lukeis]

Firefox is unlikely to have this implemented in the Selenium project's FirefoxDriver. It's much more likely to get implemented in Marionette instead, although that is only implementing the w3c spec currently which only states to not block navigation when the authentication prompt is displayed.

The behavior will be that after issuing a driver.get and the prompt appears, the get command will then immediately return.

As for clear text going across the wire to control the remote end... sorry, this isn't going to be changed with this implementation and can still be logged in plain text by a hub or any other intermediary node. Also the transmission of the command is done in plain text, without ussing ssl. So anyone sniffing on the network would be able to read it too.

[baudren]

Ok, fair enough. Thank you for pointing me towards Marionette - I had not heard about it yet. Thanks also for the clarification on clear text, and good luck with this project!

[PatrickHuetter]

+1

[divsrinivasan]

i need help in Authentication pop up.
Iam looking for this solution since 2 weeks. iam learning Selenium with Python so its kind of self learning.
i tried all the methods
profile = webdriver.FirefoxProfile()
profile.set_preference('network.http.phishy-userpass-length', 255)
self.driver = webdriver.Firefox(firefox_profile=profile)
self.driver.get("http://username:[email protected]")
this did not work for me.

Neither this worked
import unittest
from selenium import webdriver
from selenium.webdriver.support.ui import WebDriverWait
from selenium.webdriver.support.ui import Select
from selenium.webdriver.support import expected_conditions as EC
from selenium.webdriver.common.keys import Keys
self.driver = webdriver.Firefox()
self.driver.get("website")
wait = WebDriverWait(self.driver, 5)
alert = wait.until(EC.alert_is_present())
alert = self.driver.switch_to_alert()
alert.send_keys('username')
alert.send_keys(Keys.TAB)
alert.send_keys('password')
alert.accept()

[gerixx]

FYI - with Firefox 50, Selenium 3.0.1 and using the Alert API:
alert.authenticateUsing(new UserAndPassword(login, pwd))
I get following error:
org.openqa.selenium.UnsupportedCommandException: POST /session/f1e069b6-c662-4933-9193-0b7f9930e2b0/alert/credentials did not match a known command

Doing the same with Chrome 54 it hangs infinitely.

[FibreFoX]

Is there any progress on this issue? What is required to have this being "fixed"/provided for us testers/developers?

The initial report (archived version at SeleniumHQ/selenium-google-code-issue-archive#34) was created 2007, now is ten years later ;) maybe some forgotten issue?

[aaltat]

Because Chrome 59 dropped support for providing the basic authentication in the URL [1], I am having problem how to do the basic authentication. When I try to: Alert(driver).authenticate('user', 'password') I get exception. Also when doing: driver.switch_to_alert..authenticate('user', 'password') or WebDriverWait(driver, 10).until(EC.alert_is_present()) fails on exception.

Is there a solution from selenium side to perform basic authentication?

Here is my code:

from selenium import webdriver
from selenium.webdriver.common.alert import Alert

url = 'https://httpbin.org/basic-auth/user/passwd'
driver = webdriver.Chrome()
driver.get(url)
try:
    Alert(driver).authenticate('user', 'password')
except Exception:
    raise
finally:
    driver.quit()

And this is the exception I get:

Traceback (most recent call last):
  File "C:\tmp1.py", line 8, in <module>
    Alert(driver).authenticate('user', 'password')
  File "C:\Python27\lib\site-packages\selenium\webdriver\common\alert.py", line 121, in authenticate
    {'username': username, 'password': password})
  File "C:\Python27\lib\site-packages\selenium\webdriver\remote\webdriver.py", line 256, in execute
    self.error_handler.check_response(response)
  File "C:\Python27\lib\site-packages\selenium\webdriver\remote\errorhandler.py", line 165, in check_response
    raise exception_class(value)
selenium.common.exceptions.WebDriverException: Message: unknown command: session/b84df7f911ea9db2886aba10ac20f138/alert/credentials

I using ChromeDriver 2.30.477700, selenium 3.4.3 and Python Python 2.7.13.
[1] https://www.chromestatus.com/feature/5669008342777856

[shs96c]

This is the relevant spec issue: w3c/webdriver#385 It's tagged for Milestone 2. This means it won't be in the first level of the spec (which is currently in CR), but should be in the next version of the spec.

It's something that everyone wanted to have sorted out, but which we never managed to properly spec out.

[p0deje]

At the moment, WebDriver specification doesn't tell drivers to support HTTP authentication. Since Selenium implements the spec, it doesn't support auth as well.

There is an open bug for specification to add support of HTTP authentication, so once it's done, support will be added to Selenium. Please, track w3c/webdriver#385.

[aaltat]

So for now the best option is to make Chrome extension. I guess I will go to that direction then.

[SchulteDev]

@p0deje Thanks for the information

[rolish]

Easier than Chrome extension is to use chrome command line argument:
--disable-blink-features=BlockCredentialedSubresources

Works also for Headless Chrome which do not support extensions properly.

[fmaupas]

@rolish - can you provide a code example of how to handle the authentification using chrome command line argument ?

[rolish]

@fmaupas, I'm using robot framework with selenium.

Helper python function (robot keyword):

from selenium import webdriver
def get_chrome_options():
  options = webdriver.ChromeOptions()
  options.add_argument('--disable-blink-features=BlockCredentialedSubresources')
  return options

In robot framework I do:

    ${chrome_options}  get chrome options 
    ${kwargs}  create dictionary  chrome_options=${chrome_options}
    create webdriver  Chrome  kwargs=${kwargs}  alias=session1
    go to  http://username:password@host:port/

Hope it helps.