如何通过本机消息传递 API 将用户凭据传递给 chrome [英] How to pass pass user credentials to chrome via Native Messaging API
问题描述
这是一个非常具体的问题……但是如果您在一台不属于 Active Directory 的机器上使用 Selenium 等,并且您被浏览器弹出窗口阻挠,我有一个解决方案你.
This is a pretty specific problem to have ... but if you're using Selenium, etc, from a machine which is not part of an Active Directory and you're being foiled by browser popups, I have a solution for you.
我将解释问题并链接到一些资源(以及我的其他问题,其中包含更多链接),这些资源为解决方案提供了信息,然后我将发布我对我编写"的扩展示例所做的更改.
I will explain the problem and link to some resources (and my other questions, with even more links in them) which informed the solution then I'll post the change I made to the example for the extension I "wrote."
您正在通过 selenium 或类似的东西进行自动化或测试……然后突然弹出一个 auth 弹出窗口!但此弹出窗口不是 JavaScript,您需要不要在您正在测试的机器上保存任何凭据.
You're automating or testing via selenium or something similar ... and an auth popup comes out of the blue! But this popup isn't JavaScript and you're required not to save any credentials on the machine you're testing from.
您如何将身份验证凭据传递给浏览器并防止出现该弹出窗口……但不使用密钥库、浏览器存储或 ghasp 文件?
How do you pass through the authentication credentials to the browser and prevent that popup from occurring ... but without using keystores, browser storage or, ghasp, a file?
一旦您知道如何传入该数据,您如何以允许免提身份验证的方式将这些值输入到浏览器中?
Once you know how to pass that data in, how do you then get the values into the browser in such a way as to allow hands-free authentication?
推荐答案
解决方案:
您将需要使用浏览器扩展程序.我的解决方案是为 Chrome 构建的,但它应该几乎不变地移植到 Firefox 和 也许 edge.
首先,您需要为浏览器提供 2 个 API:
First up, you need 2 APIs to be available for your browser:
webRequest.onAuthRequired- Chrome & Firefoxruntime.nativeMessaging- Chrome & Firefox
虽然这两个浏览器 API 非常相似,但它们确实有一些显着差异 - 例如 Chrome 的实现缺少 Promises.
While both browser APIs are very similar, they do have some significant differences - such as Chrome's implementation lacking Promises.
如果您将本地消息传递主机设置为发送格式正确的 JSON 字符串,则只需轮询一次.这意味着您可以使用一次对 runtime.sendNativeMessage() 的调用,并确保您的凭据是可解析的.双关语.
If you setup your Native Messaging Host to send a properly-formed JSON string, you need only poll it once. This means you can use a single call to runtime.sendNativeMessage() and be assured that your credentials are paresable. Pun intended.
接下来,我们需要看看我们应该如何处理 webRequest.onAuthRequired 事件.
Next, we need to look at how we're supposed to handle the webRequest.onAuthRequired event.
因为我在 Chromium 工作,所以我需要使用无承诺的 Chrome API.
Since I'm working in Chromium, I need to use the promise-less Chrome API.
chrome.webRequest.onAuthRequired.addListener(
callbackFunctionHere,
{urls:[targetUrls]},
['asyncBlocking'] // --> this line is important, too. Very.
变化:
我将调用我的函数 provideCredentials 因为我是一个大偷窃者并且使用了一个来自 这个 来源.寻找异步版本.
The Change:
I'll be calling my function provideCredentials because I'm a big stealy-stealer and used an example from this source. Look for the asynchronous version.
示例代码从 storage.local ...
The example code fetches the credentials from storage.local ...
chrome.storage.local.get(null, gotCredentials);
我们不想那样.没有.
我们希望从对 sendNativeMessage 的单个调用中获取凭据,因此我们将更改这一行.
We want to get the credentials from a single call to sendNativeMessage so we'll change that one line.
chrome.runtime.sendNativeMessage(hostName, { text: "Ready" }, gotCredentials);
仅此而已.严重地.只要您的主持人表现出色,这就是最大的秘密.我什至不会告诉你我花了多长时间才找到它!
That's all it takes. Seriously. As long as your Host plays nice, this is the big secret. I won't even tell you how long it took me to find it!
我的问题以及有用的链接:
My questions with helpful links:
- Here - Workaround for Authenticating against Active Directory
- Here - Also has some working code for a functional NM Host
- Here - Some enlightening material on promises
这篇关于如何通过本机消息传递 API 将用户凭据传递给 chrome的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
