This browser or app may not be secure selenium/java [duplicate] - java

I am trying to login to google with selenium and I keep getting the error that "This browser or app may not be secure."
The function I use to log in is:
async function loginToChrome(driver, username, password) {
await driver.get("https://accounts.google.com/signin");
await driver.sleep(1000);
let email_phone = await driver.findElement(
By.xpath("//input[#id='identifierId']")
);
await email_phone.sendKeys(username);
await driver.findElement(By.id("identifierNext")).click();
await driver.sleep(1000);
let passEl = await driver.findElement(By.xpath("//input[#name='password']"));
await passEl.sendKeys(password);
await driver.findElement(By.id("passwordNext")).click();
await driver.sleep(1000);
}
It is the same problem as
https://stackoverflow.com/questions/59433453/unable-to-log-into-google-account-in-selenium-chrome-driver
and
https://stackoverflow.com/questions/59276975/couldnt-sign-you-in-this-browser-or-app-may-be-insecure-python-selenium-chrome
I have tried using both the chrome and firefox web drivers and both don't work.
I have also tried doing .excludeSwitches(['enable-automation']) which also didn't help.
This made me think that maybe the sign-in page could detect that I was running in an automated environment.
I tried this solution that would hide that the app is running in a web driver: Can a website detect when you are using selenium with chromedriver?
I have also looked into the User-Agent to see if that was the problem but what I have found is that it is identical to my regular chrome one.
All of this has not worked which makes leaves me stuck. I have seen solutions that say to use an already created user profile from your normal installation of chrome, but this wouldn't work for my use case.
Has anyone found the solution to this? I have been searching for hours and have come up empty-handed.
EDIT:
It seems like this has been getting a lot of attention recently. I found a solution that allowed me to continue to use an automated client without having too many problems. Switching to Puppeteer.
Look into these packages:
"puppeteer",
"puppeteer-extra",
"puppeteer-extra-plugin-stealth"
EDIT 2:
I have seen this get a lot of attention recently. I found the code that I ended up using to login. I used puppeteer instead of selenium to do this
async function login(
page: Page,
username: string,
password: string,
backup: string
) {
await page.goto("https://accounts.google.com/");
await page.waitForNavigation();
await page.waitForSelector('input[type="email"]');
await page.click('input[type="email"]');
await page.waitForNavigation();
//TODO : change to your email
await page.type('input[type="email"]', username);
await page.waitForSelector("#identifierNext");
await page.click("#identifierNext");
await page.waitFor(1000);
await page.waitForSelector('input[type="password"]');
await page.click('input[type="password"]');
await page.waitFor(500);
//TODO : change to your password
await page.type('input[type="password"]', password);
await page.waitForSelector("#passwordNext");
await page.click("#passwordNext");
await page.waitForNavigation();
}

The followings work me as well:
1. try to login stackoverflow with your google account
2. once login, go to the email
here is solution
WebDriver driver;
System.setProperty("webdriver.chrome.driver", "chromeDriver/chromedriver.exe");
driver = new ChromeDriver();
GeneralClass te = new GeneralClass ();
driver.get("https://accounts.google.com/signin/oauth/identifier?client_id=717762328687-iludtf96g1hinl76e4lc1b9a82g457nn."
+ "apps.googleusercontent.com&as=JS6BM8cjL-8j9votansdkw&destination=https%3A%2F%2Fstackauth"
+ ".com&approval_state=!ChRoYWVvLUlNMk5hSXJWUGlaSVl2WBIfc3lSa0lueENpb29lSU5vbEVpbVNxcUZGaGNkSEJoYw%E2%88%99AJDr988AAAAAXlBKc7PzEomxSzgNqd4wLptVlf0Ny3Qx&oauthgdpr=1&xsrfsig=ChkAeAh8T8JNDxCf2Zah5fb_rQ55OMiF8KmMEg5hcHByb3ZhbF9zdGF0ZRILZGVzdGluYXRpb24SBXNvYWN1Eg9vYXV0aHJpc2t5c2NvcGU&flowName=GeneralOAuthFlow");
te.waitingForElementSendingKey(driver, By.id("identifierId"), "XXXXXXXX#gmail.com");
te.waitingForElementForClickOnly(driver, By.id("identifierNext"));
te.waitingForElementSendingKey(driver,By.name("password"), "PASSSWORD");
te.waitingForElementForClickOnly(driver, By.id("passwordNext"));
Thread.sleep(1500);
driver.get("https://mail.google.com/mail/u/0/#inbox");
Thanks

I just tried something out that worked for me after several hours of trial and error.
Adding args: ['--disable-web-security', '--user-data-dir', '--allow-running-insecure-content' ] to my config resolved the issue.
I realized later that this was not what helped me out as I tried with a different email and it didn't work. After some observations, I figured something else out and this has been tried and tested.
Using automation:
Go to https://stackoverflow.com/users/login
Select Log in with Google Strategy
Enter Google username and password
Login to Stackoverflow
Go to https://gmail.com (or whatever Google app you want to access)
After doing this consistently for like a whole day (about 24 hours), try automating your login directly to gmail (or whatever Google app you want to access) directly... I've had at least two other people do this with success.
PS - You might want to continue with the stackoverflow login until you at least get a captcha request as we all went through that phase as well.

One workaround that worked for me is creating a google account in the chrome instance started by the webdriver. Using this newly created account works for me, but I cannot tell what is exactly the difference between it and other google accounts.

Here's what worked for me:
I am using Puppeteer, but I'd bet it's the same for any automated scripts.
You must have a userDataDirectory so that the browser can use the same storage information.
You must initially run the script with headless: false so that you can get a browser to open. If you try to sign in on the current tab (the tab that was navigated automatically), then you will get that error on every sign-in attempt.
The trick (for me) was to open a new tab, navigate manually, try again.
Next time you run the script, you do not need to login.

Try using undetected_chromedriver library :
!pip install undetected_chromedriver
import undetected_chromedriver as uc
driver = uc.Chrome(executable_path='chromedriver.exe') #change for your path
driver.get('https://accounts.google.com/ServiceLogin')
#continue work code here...
It worked pretty well for me

This error message...
This browser or app may not be secure.
Try using a different browser. If you’re already using a supported browser, you can refresh your screen and try again to sign in.
...implies that the WebDriver was unable to authenticate the Browsing Context i.e. Browser session.
Potential reasons and solution
There can be diverse reason behind this error as follows:
#Raphael Schaad in the article "This browser or app may not be secure" error when trying to sign in with Google on desktop apps mentioned that, if an user can log into the same app just fine with other Google accounts, then the problem must lie with the particular account. The possible reason, it is the only account where user is using Two Factor Authentification.
Another pottential reason can be usage of Less secure apps. If an app or site doesn’t meet google-chrome's security standards, Google may block anyone who’s trying to sign in to your account from it. Less secure apps can make it easier for hackers to get in to your account, so blocking sign-ins from these apps helps keep your account safe.
Solution
In these cases the respective solution would be to:
Disable Two Factor Authentification for this Google account and execute your #Test.
Allow less secure apps
You can find a detailed discussion in Sign in to gmail account fails (selenium automation)
tl; dr
A couple of relevent documentation:
Sign in with a supported browser

Related

Unable to login to Google service with Selenium in Java: “This browser or app may not be secure.”

I have this problem with selenium, i try to run my code below but i have this error: https://i.postimg.cc/VNd3F4rm/u2zrn.jpg .
Image of my "Signing in to Google": https://i.stack.imgur.com/w3POX.png (As you can see "App password" does not appear to me)
I have already tried to disable the "less secure apps" section in account settings and checked if JavaScipt was actived, but without success.
WebDriver driver= new ChromeDriver();
driver.navigate().to("https://accounts.google.com/signin");
driver.findElement(By.name("identifier")).sendKeys("email#gmail.com");
driver.findElement(By.xpath("/html/body/div[2]/div[2]/div[2]/div/div[2]/div/div/div[2]/div/div[2]/div/div[2]/div/div/button")).click();
driver.findElement(By.name("password")).sendKeys("*******");
I believe you need to go to your Google Account settings and under Security, you need to register your test app with a password. I had to do this in order to implement in Cucumber a way to send and read emails.
Then, from your test application, you will use those credentials (not your real Google creds) to authenticate and do what you need. You could also try this.
I have another solution in python that might help you.
Use Seleniumwire with undetected browser v2
Note: put chromedriver in your sys path.
from seleniumwire.undetected_chromedriver.v2 import Chrome, ChromeOptions
import time
options = {}
chrome_options = ChromeOptions()
chrome_options.add_argument('--user-data-dir=hash')
chrome_options.add_argument("--disable-gpu")
chrome_options.add_argument("--incognito")
chrome_options.add_argument("--disable-dev-shm-usage")
# chrome_options.add_argument("--headless")
browser = Chrome(seleniumwire_options=options, options=chrome_options)
browser.get('https://gmail.com')
browser.find_element_by_xpath('//*[#id="identifierId"]').send_keys('your-email')
browser.find_element_by_xpath('//*[#id="identifierNext"]/div/button').click()
time.sleep(5)
browser.find_element_by_xpath('//*[#id="password"]/div[1]/div/div[1]/input').send_keys('you-password')
browser.find_element_by_xpath('//*[#id="passwordNext"]/div/button').click()
In addition to this, selenium wire has many awesome features, check out Github repository

PhantomJs GhostDriver not allowing me to click on submit (Grant Access to Box) works with chromewebdriver

I am attempting to automate the process of Oauth 2.0 with selenium.
I managed to get the entire process to work ChromeWebdriver ( headless and non-headless mode).
I want to use the code with phantomJS, as well but I cannot get the last button to press the "Grant Access to Box".
I know the button is visible since this condition works:
element = wait.until(ExpectedConditions.elementToBeClickable(By.cssSelector("#consent_accept_button")));
I have tried various methods of clicking the button:
actions
javascript executor
and element click/submit
None of these seem to cause it to go to the next page.
Grant access to Box
Granting access to Box...
I was expecting the url from the driver to be http://127.0.0.1/api/code?state=csrftoken&code=somerandomstring
but it returns the url for this page so I know it's not advancing.
Looks like it had to do with the redirect string going to a local host address not resolving. Can't have it go to an address that gives a connection refused exception. HtmlUnitDriver works better for this implementation.

Selenium Basic Authentication via URL HeadlessChrome ( On Linux Server)

In my Selenium Tests I need to test a webpage where I use a basic Authen,
Knowing that I am using Chrome Headless Java and Selenium WebDriver.
On my machine 'locally' It works perfectly using driver.get("https://admin:admin#localhost..");
and then
driver.get("https://localhost..") for example.
I know that Chrome doesn't support this function anymore but I managed to make it work based on someone's solution here by passing the first URL with credentials and the second without.
But when I run it on remote (Jenkins) On Linux servers I get the following Error
the configuration of your browser does not accept cookies
. I don't have vision on the servers when I can configure Chrome ..any ideas how to make it work without facing that problem.
I know a lot of people asked that question before, But I didn't find any valide answer for my issue.
try ChromeDriver 2.45 (changelog) or change the location, where it is supposed to save the cookies:
ChromeOptions options = new ChromeOptions();
options.addArguments("user-data-dir=/path/to/your/custom/profile");
otherwise (per default) it would create a new temporary directory each time it starts a session.
ChromeOptions options = new ChromeOptions();
//Command line flag for enabling account consistency. The default mode is disabled.
options.addArguments("--account-consistency");
//Chrome that will start logging to a file from startup
options.addArguments("--log-net-log=C:/some_path/resource/log.json");
//Sets the granularity of events to capture in the network log.
options.addArguments("--net-log-capture-mode=IncludeCookiesAndCredentials");
Try this, basically, it saves the logs on startup of chrome browser, then it will set the account consistency. Anywhere from the log, you can debug the issue.
Hello I managed to fix the problem (I forgot to mention that our website is protected by Siteminder) so I did the following following:
1-We inject the USER and the PASSWORD on the URL :
The issue we faced was that the displayed prompt wasn’t part of the page’s HTML and it was hard for us to catch it using Selenium. We managed this by directly injecting the user login and the user password in the URL as follow :
‘https://USERNAME:PASSWORD#basicAuthentURL’
This will launch the Chrome session. Beware, this is only the first step of the process. The user identification have not been performed yet.
2- We create a new cookie :
After launching the URL, we have to manually create a cookie called « SMCHALLENGE » and add it to current session with Selenium, for example in JAVA :
new Cookie("SMCHALLENGE", "YES");
3- Call the URL without the user credencials :
As the SMCHALLENGE cookie is now set, the last step is to call the URL again (https://basicAuthentURL ). The SMCHALLENGE cookie will be deleted once the authentication succeed and a SMSESSION cookie will be generated by Siteminder.
The SMSESSION cookie now allows us to call the application and sucessfully pass Siteminder as if normally logged in (via SSO).
Let me know if you try this out.

Problems running demo application

As far as I can determine I have followed the steps as detailed at https://ipp.developer.intuit.com/0010_Intuit_Partner_Platform/0200_DevKits_for_Intuit_Partner_Platform/Sample_Apps/Java_Sample_App_for_AggCat_Services/0010_Creating_the_App for running the java demo application.
After enabling the logs, I see following entries in the log output
DEBUG: com.intuit.aggcat.logger - Response code=401
DEBUG: com.intuit.aggcat.logger - OAuth access tokens = null
DEBUG: com.intuit.aggcat.logger - Could not get oAuth tokens: null
So I think server thinks I don't have permissions, however intuit developer website shows I have test access permissions for Customer Account Data API. Can someone please let me know what I am doing wrong.
By the way I think documentation at above link is cut off. Very Last statement says "run as" but does not say run as what
I would recommend that you try using the API explorer (developer.intuit.com/apiexplorer) with the same set of keys to verify that the keys and cert used are correct. If you are able to retrieve the tokens through the API Explorer, then you should be able to do the same through the Java sample app.
You should login to the sample app with the username "user"

Selenium RC failing to retrieve or timing out on page load.

I exported a working Selenium test case to Java, running it via selenium-rc's selenium-server.jar in Junit4 on Eclipse.
The test case breaks the next step after opening the page, trying to write to an element. When stepping through the runtime I noticed the error,
The requested URL could not be retrieved
The following error was encountered:
Unable to determine IP address from host name for unknown server name
This means that: The cache was not able to resolve the hostname presented in the URL. Check if the address is correct.
So, I changed the url to the corresponding IP address of the web page, but now I am timing out.
Opening the page using both the url and IP formats manually is working, (except IP doesn't for IE8). I'm originally targeting Firefox, but will expand to other browsers once I have solved this issue.
Is there a security issue involved with Selenium opening a page in a browser via RC programatically that browsers don't like? What sort of issues should I be investigating to solve this?
I think you are trying to open a secure page.In selenium pages which has ssl certificates should be handled.
The problem actually came down to the proxy set up on my machine. After removing it things worked fine.

Categories

Resources