How to get HttpOnly cookies from the sketchup plugin browser in ruby api


#1

I have a plugin in which I can login to my website through a web page in sketpchup. After login I want to send a request to my web site server, so the request was authorized. In order to do that, I have to set some httponly cookies("__RequestVerificationToken" in my case) in the reuqest, but I don’t know how to get these cookies brom the browser in ruby api,
When initially I make a request from the ruby api I can get all cookies from the response using the following code:

res = Net::HTTP.start(uri.hostname, uri.port) do |http|
            http.request(req)
        end

 newCookie = res.get_fields('set-cookie')[2].split('=')[1].split("\;")[0]

But I need to get cookies from sketchup browser, How can I do that?


#2

Are you using a HtmlDialog to open a web page where the user can login to you site?
Do you control this login page?
What type of authentication do you use?


#3

1.Yes I am using HtmlDialog to open the web page, but the content of the page is requested from the server.
2. Yes I can control that web page which is on the server.
3. The web site is based on Aspnet mvc and the autenthication is its offered default authenctication method(based on __RequestVerificationToken).
When I log in via sketchup browser, I can see that token in the browser cookies, but I don’t know how programmaticaly get the value of that token to make another request from the ruby api.


#4

You need to keep a persistent reference to the token object (that you get from the HTTP Response), so it can be reused throughout the login session (and sent along with subsequent HTTP requests.)

In Ruby this would likely be either a module (@@token) or instance (@token) variable.



#5

The whole login process is made from browser,
1.My login page looks like the folowing

<html xmlns="http://www.w3.org/1999/xhtml lang=" en-us"=""><head>
<body >
</body>
<script>
   window.location='http://localhost:1334/Sketchup/MainWindow'  
</script>
</html>
  1. Then it brings me Login page with apropriate inputs. When I type login and password it and click login it makes another request to the server, and returns me a response page and the mentioned token in cookies,
    and during this process i haven’t done any request from ruby api,
    3.Now I want to make a reuquest to the server with some data about my sketchup model, so I need to do that request from ruby api, but the problem is that my request has to be authorized with the token, and I don’t know how the token “bring down from the browser to the ruby api”.
    After login process all my requests made from browser are authorized, but the reuqests made from ruby api are rejected because of that token.
    If I could receive the token I would reuse it throughout the login session.

#6

From your login page, can you get the token from JavaScript? Then you can pass it back to Ruby via action callbacks. http://ruby.sketchup.com/UI/HtmlDialog.html#add_action_callback-instance_method

Side note:

Why do you use a JS redirection instead of dialog.set_url?


#7

I can’t get the token from javascript because it’s httponly. I will use dialog.set_url, if be honest I didn’t know about it. But actually my problem still remains, I wander isn’t there any way to “bring the auhtentication from browser to ruby”? I guess it is not possible…


#8

No, there is no such feature. So you need to figure out a way to pass the auth token to Ruby from JS. What kind of authentication is being used? OAuth?


#9

Yes, Yes it’s OAuth.
Cookie based authentication, It is Aspnet MVC default authentication.