Open Aymkdn opened 6 years ago
Quick question: does the link https://domain%5Clogin:password@www.intranet.com/site/
work by itself when pasted into the Chrome browser?
@bahmutov yes, at least it redirects me to the correct page and removes the credentials from the URL
So it might be visiting external domains to login? We do have a problem with that if this is the case, see https://docs.cypress.io/guides/references/best-practices.html#Visiting-External-Sites
I'm not sure to understand your question...
The NTLM (Windows credentials) are automatically sent by the browsers to authenticate the user when it wants to request a page from the Sharepoint.
Basically, the browser requests the page, it receives a 401 error with the authentication protocol to use, and then the browser will handle it until it receives a 200.
I cannot run the server on my computer, but the server is inside our intranet network. There is no 3rd party or external domains to login.
ok, if there is no second domain involved, then it is not it. Weird, we will need to investigate on Windows, or you can try investigating yourself with running Cypress with DEBUG=cypress:*
environment variable
@bahmutov Right now I run Cypress with the command: > node_modules\.bin\cypress open
.
How to launch it with debug mode? What should I type exactly?
Thanks I appreciate your help.
Sure,
You just need to set and export environment variable DEBUG
before running cypress. See this doc https://docs.cypress.io/guides/guides/debugging.html#Debug-the-Command-Line
You probably want to set it to cypress:*
to see all messages
@Aymkdn Can I ask what version of Cypress you are using? We did fix an issue with Basic Auth in v 0.20.2
: https://github.com/cypress-io/cypress/issues/739
@jennifer-shehane I downloaded it today, so it's the last version (1.0.3).. also it's not Basic Auth.
@bahmutov I use Windows 10 with PowerShell so the correct command was $env:DEBUG = "cypress:*"
and then node_modules\.bin\cypress open
.
The debug logs from the console will not really tell you anything interesting about what the driver is doing.
This is likely a proxy issue with us not following whatever the protocol is for the NTLM auth challenge. I'll have to read about the spec / find a reproducible example to see what needs to be done.
We won't get what the browser does "for free" because we make the initial visit request out of node - not the browser.
That's the layer that has to mimic what the browser does.
Thanks @brian-mann
@Aymkdn we plan to send diagnostic debug output from the driver back to the console (see this issue #448 for implementation), but this is some time off
Since Cypress proxies the connection, it will need to do something to fully support NTLM authentication.
@Aymkdn - I understand you're running these tests on your local intranet. Do you by chance know of any publicly accessible sites that use NTLM authentication which we can use to reproduce the issue and subsequently test against?
Reference materials:
@RandallKent > no I don't know a public accessible website with NTML authentication... At the end I went to use puppeteer for my needs.
Is there any update on this? I'm having the same problem. The initial 401 error is normal for the NTML protocol but it should send some more requests after that. I couldn't find a public NTML endpoint you could use for testing this.
Unfortunately, until there is an endpoint we can use for testing, we're unable to move forward.
@RandallKent Will see what I can do. For now, I've made a proxy script which I run and it resend the calls with authentication. This is working for me so far.
@CptArn sorry to bother, would you be able to share a gist of your proxy script? I'm taking a look at cypress and I was running into the same issue, I'm not very familiar with NTLM auth unfortunately. Thanks in advance!
Hi @paul42
It's relatively easy to setup for me. The application I'm working on has all relative linking. So the script is just starting an express server and catches all calls. Then when a request is processed, I launch a call with the httpntlm library. When the call is received I forward it back to the application. I've made some command line variables on the proxy script so I can change the user or host.
In bare essence:
app.get('*', (req, res) => {
// Do some stuff
httpntlm.get({
url: HOST + req.url,
username: 'xxx',
password: xxx'',
}, function (err, response){
if(err) return err;
res.set(response.headers);
res.send(response.body);
});
})
I've done that for get/post calls.
Hope this helps.
@CptArn thanks so much for posting this, I'll dig into that library and try out your methods. much appreciated!
@bahmutov @RandallKent I'm having success following @CptArn 's super helpful proxy script, but I'm wondering is there a place I could try to dive into the underlying cy.visit() and cy.request() methods? or is that more of a plugin (perhaps, an NTLM plugin?) I didn't see any surface area exposed in the plugins that related to network requests, but I'd like to poke around if you can point me in a possible area where I can use the httpntlm library (it has great documentation!) and consider a PR? I'm not super advanced, but I think taking a rough crack at it might be fun.
thanks in advance, Paul
So they're is no windows servers you can use in your own network?
Most internet sites that allow for ntlm are windowed to a tenant.
Ex. Microsoft accounts, okta
Hi iám very impressed about cypress !! But now i need to run a test against windows NTLM authenticated server...please tell my how to create a workaround for this? Or maybe for the time being: 1) Login manual (with an headed chromium browser) and then start the test
Having a blast using Cypress but running into the NTLM issue here as well, which is unfortunately a showstopper for me using it and evangelizing it at work.
Any ideas on how should we proceed or are there any plans to implement this functionality?
Any updates?
Gotta love the radio silence.
No work has been done on this feature as of yet. We're a small team and as much as we'd love to work on everything, we have to choose what to work on based on a multitude of things.
Also completely blocked on this issue, unfortunately can't use cypress at all on any of our websites because they are all ntlm authenticated :-(. Anyone know of a fix?
Also completely blocked on this issue, unfortunately can't use cypress at all on any of our websites because they are all ntlm authenticated :-(. Anyone know of a fix?
I still have the same issue but i've added an idea on how to solve this locally with a proxy script, you can find it here: https://github.com/cypress-io/cypress/issues/850#issuecomment-359913446
Also completely blocked on this issue, unfortunately can't use cypress at all on any of our websites because they are all ntlm authenticated :-(. Anyone know of a fix?
I still have the same issue but i've added an idea on how to solve this locally with a proxy script, you can find it here: #850 (comment)
Thanks, tried out the script and it actually does seem to get past authentication now! Unfortunately I'm still getting some kind of error with the website rendering. "Uncaught SyntaxError: Unexpected token <" I'll continue to look into it.
Hi all, I just started using Cypress today, and got this Windows Authentication error with my website on my local IIS. I managed to fix my issue by setting the IIS of my website as Basic Auth AND Windows Auth.
Here is my code example:
cy.visit('https://mywebsite.mydomain.com', {
auth: {
username: 'testuser@mydomain.com',
password: 'password'
}
})
I can now run tests using different user logins! Let me know if that works for you too.
Regards!
I've written a plugin for Cypress that handles the NTLM authentication. It is available on npm (cypress-ntlm-auth) and at: https://github.com/bjowes/cypress-ntlm-auth
Hope it is useful for some of those who ended up reading this thread!
Hey @bjowes, this looks awesome. Could you submit a pull request to have this added to our Plugins in our docs here: https://github.com/cypress-io/cypress-documentation/blob/develop/source/_data/plugins.yml
@jennifer-shehane : It's already there :) Just wanted to notify the readers of this issue that it is available.
@bjowes ' cypress-ntlm-auth plugin is awesome, it has allowed me to test Cypress on my corporate environment. However, it requires a user's Windows password on plain text, to be stored as an environment variable. It is highly unlikely that my security team will approve of this as a standard. To be able to use Cypress here instead of Selenium I would need Cypress to support NTLM out of the box, reading the credentials out of the authenticated user, just as it happens automatically on Chrome
@bjowes ' cypress-ntlm-auth plugin is awesome, it has allowed me to test Cypress on my corporate environment. However, it requires a user's Windows password on plain text, to be stored as an environment variable. It is highly unlikely that my security team will approve of this as a standard. To be able to use Cypress here instead of Selenium I would need Cypress to support NTLM out of the box, reading the credentials out of the authenticated user, just as it happens automatically on Chrome
Thanks for the credd @luis-m-gonzalez . I agree that native NTLM support in Cypress would be great! In the mean time, I have given your idea some consideration for implementation within my plugin. There are two main reasons I didn't go this way already:
Nevertheless, it would be really convenient and more IT sec friendly to support single sign on. I've opened up an issue for it. If you are interested we can continue the discussion (about the plugin) there.
it not work for me, i have this
"scripts": {
"ntlm-proxy": "start /min \"ntlm-proxy\" cmd /c node_modules\\.bin\\ntlm-proxy",
"cypress-ntlm": "npm run ntlm-proxy && (cypress-ntlm open & ntlm-proxy-exit)",
"test": "set NODE_TLS_REJECT_UNAUTHORIZED=0 && npm run cypress-ntlm"
},
and return error 504
@spham : I have opened an issue in the cypress-ntlm-auth repo for troubleshooting your case. Please continue the discussion there.
And to follow up on the comment by @luis-m-gonzalez - the cypress-ntlm-auth plugin now supports Single-sign-on in Windows environment, meaning that credentials are no longer required in the config files.
Hi, Just wanted to check if this issue is resolved. It is a blocker for us to use cypress in our organization
Hi, Just wanted to check if this issue is resolved. It is a blocker for us to use cypress in our organization
It works with https://github.com/bjowes/cypress-ntlm-auth (a plugin). I use it in my organization.
Thanks for your quick reply. But I am still getting 504 error. I am new to Cypress and I am not sure what I am doing wrong.
Had a question. In the document under "Upstream proxy" section its mentioned that, "This is done by setting the (standardized) environment variables" Does that mean I have to put the proxy in systems properties?
You should open a new issue on https://github.com/bjowes/cypress-ntlm-auth
it a waste of time, i'm switch in other tools like codeconcept with jest. and it work fine.
@spham - I understand that it is frustrating when you spend time to get it working but it never took off. But claiming that it is a waste of time is a bit harsh. There are plenty of happy users of my plugin, and I support new ones if they are struggling to get started.
Given the constraints in this support (done for free in my spare time, across time zones, only through a github thread) some cases just take too much calendar time, and the user switches to something else. I respect that. However, I still think when you get it working, it is really worth it. There are no other tools out there that can match the features of cypress.
When I look into the logs I am getting error as PROXY_TO_SERVER_REQUEST_ERROR on /: Error: self signed certificate in certificate chain Does anyone got the similar error ?
@trips11 - the error message comes from the plugin. Read the section about TLS issues in the readme to fix certificate issues.
If you need more help you are welcome to open an issue with the plugin https://github.com/bjowes/cypress-ntlm-auth
Hi @paul42
It's relatively easy to setup for me. The application I'm working on has all relative linking. So the script is just starting an express server and catches all calls. Then when a request is processed, I launch a call with the httpntlm library. When the call is received I forward it back to the application. I've made some command line variables on the proxy script so I can change the user or host.
In bare essence:
app.get('*', (req, res) => { // Do some stuff httpntlm.get({ url: HOST + req.url, username: 'xxx', password: xxx'', }, function (err, response){ if(err) return err; res.set(response.headers); res.send(response.body); }); })
I've done that for get/post calls.
Hope this helps.
Can you Please explain how to run this script to bypass 401 error accessing intranet site?
Hi,
This is a question. I haven't been able to find an answer, so I'm trying here.
I wanted to test your product on our Sharepoint On-Promise, in our intranet. However I'm blocked on
cy.visit("https://domain%5Clogin:password@www.intranet.com/site/")
that returns a 401 error.I tried both Chrome and Electron from the dropdown selection.
Any idea how I could have the authentication working? We use NTLM authentication for our Sharepoint.
Thanks
Hi, I have the same issue. How did you resolve? Please help.
Having a blast using Cypress but running into the NTLM issue here as well, which is unfortunately a showstopper for me using it and evangelizing it at work.
@pringshia Are you using kerberos? I figured out a workaround to make it work in my firm. You can leverage the HTTP_PROXY functionality provided by Cypress.
Hi,
This is a question. I haven't been able to find an answer, so I'm trying here.
I wanted to test your product on our Sharepoint On-Promise, in our intranet. However I'm blocked on
cy.visit("https://domain%5Clogin:password@www.intranet.com/site/")
that returns a 401 error.I tried both Chrome and Electron from the dropdown selection.
Any idea how I could have the authentication working? We use NTLM authentication for our Sharepoint.
Thanks