Login problems

[trajekolus]

Hi

WHen running the code below with: DEBUG=csrf node csrfloginshort.js I get hints of success: csrf trying to login 72352249 +5ms csrf success login to undefined +52ms csrf jar RequestJar { _jar: CookieJar { enableLooseMode: true, store: { idx: { 'blablaserver.internal': { '/': { clientsession: Cookie="clientsession=uirs7e3lv6jrug24s8g37tjvt2; Path=/; hostOnly=true; aAge=50ms; cAge=113ms" } }, null: { '/': { csrftoken: Cookie="csrftoken=a9745bba2dd251258eaf02634d954754f2b278a47a1b1cd151417f1d7f44fa39; Path=/; hostOnly=true; aAge=52ms; cAge=52ms" } } } } } } +0ms

But the html in response.body is a new login page (the site redirects to a login page if you are not logged in), showing the login did not work.

The site also redirect to another page if the login was successful.
So I really want to chain getting result.request(/customer/interestingpage', function (error, response, body) after logging in.

Code for csrfloginshort.js

var csrfLogin = require('csrf-login'); process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";

var options = { loginFormId: 'login-form', tokenFieldName: 'csrfToken', loginPath: '/customer/login', loginUsernameField : "user_name", loginPasswordField : "user_password", username: "myuser", password: "123456", host: "https://blablaserver.internal:8469" };

console.log('trying to login', options.username, 'to', options.host); csrfLogin(options) .then(function (result) { result.request('/customer/login', function (error, response, body) { console.log(response.body); console.log(result.jar._jar.store); }) })

Any suggestion would be appreciated

[trajekolus]

Another anomaly I see in the DEBUG output is a space between the port and the path: csrf Login to https://blablaserver.internal:8469 /customer/login

Also, if I do console.log(result), one thing I notice is: path: '/login',

The path should be '/customer/login'

[trajekolus]

It appears to me that the problem is that the login url path is not handled right when it consists of two components: /customer/login The exact same code works fine with a Django site which has /login as the login url path

Full DEBUG:

using environment variables only csrf fetching page /customer/login +9ms csrf login page info { method: 'post', url: 'login', csrf: '76f40794791567a5b8078f56c9271d1393fd29a7a78d02c67a64e6ac34e708b0', csrfName: 'csrfToken', headers: { server: 'nginx', date: 'Wed, 31 May 2017 00:24:14 GMT', 'content-type': 'text/html; charset=UTF-8', 'transfer-encoding': 'chunked', connection: 'close', 'strict-transport-security': 'max-age=63072000', 'x-frame-options': 'DENY', 'set-cookie': [ 'clientsession=45gb4kgo83lvh2j93dajuq0444; path=/' ], expires: 'Thu, 19 Nov 1981 08:52:00 GMT', 'cache-control': 'no-store, no-cache, must-revalidate, post-check=0, pre-check=0', pragma: 'no-cache', vary: 'Accept-Encoding' } } +132ms csrf csrf info { method: 'post', url: 'login', csrf: '76f40794791567a5b8078f56c9271d1393fd29a7a78d02c67a64e6ac34e708b0', csrfName: 'csrfToken', headers: { server: 'nginx', date: 'Wed, 31 May 2017 00:24:14 GMT', 'content-type': 'text/html; charset=UTF-8', 'transfer-encoding': 'chunked', connection: 'close', 'strict-transport-security': 'max-age=63072000', 'x-frame-options': 'DENY', 'set-cookie': [ 'clientsession=45gb4kgo83lvh2j93dajuq0444; path=/' ], expires: 'Thu, 19 Nov 1981 08:52:00 GMT', 'cache-control': 'no-store, no-cache, must-revalidate, post-check=0, pre-check=0', pragma: 'no-cache', vary: 'Accept-Encoding' } } +3ms csrf Login to https://blablaserver.internal:8469 /customer/login +1ms csrf trying to login 0424000771 +0ms csrf success login to undefined +50ms csrf jar RequestJar { _jar: CookieJar { enableLooseMode: true, store: { idx: { 'omvweb04.internal': { '/': { clientsession: Cookie="clientsession=45gb4kgo83lvh2j93dajuq0444; Path=/; hostOnly=true; aAge=48ms; cAge=105ms" } }, null: { '/': { csrftoken: Cookie="csrftoken=76f40794791567a5b8078f56c9271d1393fd29a7a78d02c67a64e6ac34e708b0; Path=/; hostOnly=true; aAge=50ms; cAge=50ms" } } } } } } +0ms

[trajekolus]

In the source, if I change the following in csrf-login.js, it works: change: var loginUrl = csrfInfo.url to var loginUrl = conf.get('loginPath')