4. QtNetworkRequest, GET request on a local GUI interface

Important: Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

QtNetworkRequest, GET request on a local GUI interface


  • i'm using QNetworkRequest in order to issue a simple GET request to my router interface. Basically if the post data is empty i issue a GET otherwise i will issue a POST. Let's stick with the GET

    QString url=ui->lineEdit_url->text();
QString paras=ui->pTextEdit_paras->toPlainText();
qDebug()<< "paras" << paras;
QByteArray post_data;
post_data.append(paras);
QNetworkRequest request = QNetworkRequest(QUrl(url));
request.setRawHeader("Content-Type", "application/x-www-form-urlencoded");
if(post_data.isEmpty())
{
    //nam->head(request);
    nam->get(request);
}
else
{
    nam->post(request,post_data);
}

...
connect(nam,
        SIGNAL(finished(QNetworkReply*)),
        this,
        SLOT(finished(QNetworkReply*)));
...

void HttppostWindow::finished(QNetworkReply *reply)
{
    if(reply->error() == QNetworkReply::NoError)
    {
        ui->textEdit_result->setText(QObject::tr(reply->readAll()));
    }
    else
    {
        ui->textEdit_result->setPlainText(reply->errorString());
    }
}

    Right now the local interface asks for a login and a pw. The problem is that the retrieved text (login page) with the GET command is the one that the interface would show if the user would have insterted a wrong password (autentication failed please try again and so on). But it is clear that i'm not passing any parameter to the site.

    Any ideas?

    0
  • Moderators

    @itsmaxdd
    Perhaps because it first requires a login to go further and thus get fetches login failed page.
    Connect to authenticationRequired signal, do authentication, and then get the page.

    0

  • Let me explain how the auth work.

    When there is a GET request, the interface (or browser, i don't know who, i need to sniff more) sends a cookie in the header, its values is xAuth_SESSION_ID=XXXXXXXXXXXXXXX.
    The interface is using this Cookie for antiCSRF mechanisms.
    In particular in the POST request i sniffed with fiddler which is used by the browser to log in, it can be seen that in the body there is the following content: rn=XXXXXXXXXXXXXXX&hidepw=YYYYYYYYYYYYYYYYY

    rn is equal to the xAuth_SESSION_ID value while hidepw is the login pw which pass through a sort of MD5 function (available to me).

    Do you believe the authenticator would be able to solve the problem?
    Who is usually sending an xAuth_SESSION_ID in the header?

    I'll be back with more info in two days
    Regards,

    0 1 Reply
  • Moderators

    @itsmaxdd If you have the username and password you should try by the authenticator.

    0 1 Reply

  • @p3c0 How can the authenticator know that it needs the branded MD5 script and that particular content format? I don't think the local interface is implementing an http basic auth

    0
  • Moderators

    Hi @itsmaxdd . Sorry for the late reply. Well then I think another way perhaps could be creating a QNetworkRequest and setting raw headers defined by the server. Then you can create a QNAM object and the put this request. If the server expects some data with the request then you can create QByteArray of the required data and then post.

    0
Log in to reply