How to post password from a custom controller using ajax?
I have a custom controller where the user can enter username and password (http://confluence.jetbrains.com/display/TCD8/Web+UI+Extensions#WebUIExtensions-DevelopingaCustomController)
What is the proper way to post the password and decrypt it from the jsp page?
Here is a snipper of what I have:
loadTargetRepos:function (selectedUrlId) {
BS.ajaxRequest(base_uri + '${controllerUrl}', {
parameters:'selectedUrlId=' + selectedUrlId + '&onServerChange=true&loadTargetRepos=true'
+ '&username=' + $('deployerUsername').value
+ '&password=' + $('secure:deployerPassword').value,
onComplete:function (response, options) {
...
}
});
},
Here is the controller:
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response, Element element) {
String selectedUrl = request.getParameter("selectedUrlId");
if (StringUtils.isNotBlank(selectedUrl)) {
long id = Long.parseLong(selectedUrl);
String loadTargetRepos = request.getParameter("loadTargetRepos");
if (StringUtils.isNotBlank(loadTargetRepos) && Boolean.valueOf(loadTargetRepos)) {
Element deployableReposElement = new Element("deployableRepos");
boolean overrideDeployerCredentials = Boolean.valueOf(request.getParameter("overrideDeployerCredentials"));
String username = request.getParameter("username");
String password = request.getParameter("password");
}
I see from my browser that the passwrod is sent wrong:
Please sign in to leave a comment.
OK making some progress here:
Found that there is a hidden field:
<input type="hidden" name="prop:encrypted:secure:deployerPassword" id="prop:encrypted:secure:deployerPassword" value="7bd0e4c15ab920c8ec4aaf4149ab4ee51795dcd18f8a8464c951ec2abe8e277d66620efc47fe8f7e2eb0dcbcf736646c5729052ce9418d560cf410644f82375d38c2c8b775d1db800a9fdf09f34d80945a6f85f80dc083b482ad8fdf694a9db12ccd291cbf3b3c2f4a4a0d96fc52a81a7551c44455e92f9f22314489fce49872">
I suppose I need to use EncryptUtil.unscramble() somehow but this string is not enough to pass as a parameter to this method.
Found it!
String password = request.getParameter("password");
password = RSACipher.decryptWebRequestData(password)
How do you submit the form? Did you write some JavaScript code to populate this encrypted hidden field with value from password field? In TeamCity we use forms.js/BS.AbstractPasswordForm object to do this type of encryption (see serializeParameters function).