QtNetworkRequest, GET request on a local GUI interface



  • i'm using QNetworkRequest in order to issue a simple GET request to my router interface. Basically if the post data is empty i issue a GET otherwise i will issue a POST. Let's stick with the GET

    QString url=ui->lineEdit_url->text();
    QString paras=ui->pTextEdit_paras->toPlainText();
    qDebug()<< "paras" << paras;
    QByteArray post_data;
    post_data.append(paras);
    QNetworkRequest request = QNetworkRequest(QUrl(url));
    request.setRawHeader("Content-Type", "application/x-www-form-urlencoded");
    if(post_data.isEmpty())
    {
        //nam->head(request);
        nam->get(request);
    }
    else
    {
        nam->post(request,post_data);
    }
    
    ...
    connect(nam,
            SIGNAL(finished(QNetworkReply*)),
            this,
            SLOT(finished(QNetworkReply*)));
    ...
    
    void HttppostWindow::finished(QNetworkReply *reply)
    {
        if(reply->error() == QNetworkReply::NoError)
        {
            ui->textEdit_result->setText(QObject::tr(reply->readAll()));
        }
        else
        {
            ui->textEdit_result->setPlainText(reply->errorString());
        }
    }
    
    

    Right now the local interface asks for a login and a pw. The problem is that the retrieved text (login page) with the GET command is the one that the interface would show if the user would have insterted a wrong password (autentication failed please try again and so on). But it is clear that i'm not passing any parameter to the site.

    Any ideas?


  • Moderators

    @itsmaxdd
    Perhaps because it first requires a login to go further and thus get fetches login failed page.
    Connect to authenticationRequired signal, do authentication, and then get the page.



  • Let me explain how the auth work.

    When there is a GET request, the interface (or browser, i don't know who, i need to sniff more) sends a cookie in the header, its values is xAuth_SESSION_ID=XXXXXXXXXXXXXXX.
    The interface is using this Cookie for antiCSRF mechanisms.
    In particular in the POST request i sniffed with fiddler which is used by the browser to log in, it can be seen that in the body there is the following content: rn=XXXXXXXXXXXXXXX&hidepw=YYYYYYYYYYYYYYYYY

    rn is equal to the xAuth_SESSION_ID value while hidepw is the login pw which pass through a sort of MD5 function (available to me).

    Do you believe the authenticator would be able to solve the problem?
    Who is usually sending an xAuth_SESSION_ID in the header?

    I'll be back with more info in two days
    Regards,


  • Moderators

    @itsmaxdd If you have the username and password you should try by the authenticator.



  • @p3c0 How can the authenticator know that it needs the branded MD5 script and that particular content format? I don't think the local interface is implementing an http basic auth


  • Moderators

    Hi @itsmaxdd . Sorry for the late reply. Well then I think another way perhaps could be creating a QNetworkRequest and setting raw headers defined by the server. Then you can create a QNAM object and the put this request. If the server expects some data with the request then you can create QByteArray of the required data and then post.


Log in to reply
 

Looks like your connection to Qt Forum was lost, please wait while we try to reconnect.