4

I am having problem bypassing UI login. My web application doesn't use API to authenticate users. There are no endpoints like /login. index.php will just open the login page and submit the form to login.

The application authenticate the user by auth($_REQUEST['username'], $_REQUEST['password_tx']);

This is what cypress printed after UI login submit.

enter image description here

I have no idea how to move on from here. 

    // This doesn't work. The application doesn't get the user details from the body. It is in the submitted form. 
    cy.request({
        method: 'POST',
        url: '/index.php?p=sys001',
        form: true, 
        body: {
            username: 'user',
            password_tx: 'pass'
        }
    })
Emerson
  • 159
  • 5
Jake He
  • 2,417
  • 3
  • 29
  • 41
  • 1
    Use chrome dev tools or a stopped cypress session and see what the request looks like when you submit the login manually, then try to emulate that in your request to log in. – Brendan Aug 16 '18 at 14:52
  • 1
    It might be also helpful to look at server logs. Does it get this requests? What is happening on the server side? – wawka Nov 10 '18 at 08:42

1 Answers1

0

This is the complete testcase for the issue. Added comments to make them understandable.

it("login via form spoof", () => {
cy.get("div#mDiv > form").invoke("attr", "action").then(($action) => { //get 
the attribute of 'action' and pass encoded uname and pwd to it
  let username = Cypress.env("username"); 
  let password = Cypress.env("password");

  cy.intercept("POST", $action, (req) => { //post request and populate body
    // intercepting the POST form to spoof it.
req.body = $action + encodeURIComponent(username)+ encodeURIComponent(password)
  })
    .as("loginForm"); //alias
});

cy.get("div#mDiv > div.login > form")
  .submit();  //Submit the form after locating it.
 });
Atul KS
  • 908
  • 11
  • 21