I was asked a question in an interview:
You are working on a session and there are some questionnaire for first time users. But when the user close the browser and reopen it, the questionnaire must not appear (because he is not a first time user now). I had to tell how to automate this scenario in Selenium using TestNG framework(using Java). So basically he wanted to close/quit the current driver and wanted to use another driver to reopen the page and make sure that new session remembers that the user has visited before (just like its done manually).
My answer to it was to add the cookie to the new driver session. But he dint want to do that. He wanted to test exactly like a user would do.
He gave me a hint about using FirefoxProfile for this to retain the profile that we are working on.
What is the use of FirefoxProfile and how can we use it in current scenario. I'd appreciate if you can provide the code that is to be written for this.
So it comes down to how that specific website determines if you have answered questionnaire or not. As you gave no explanation in the question, I will just assume it is done the way most people do it - that is - using a cookie.
If this assumption is correct, your suggestion to use a cookie is the best suggestion and your interviewers statement to use FF profile simply makes no sense. I mean, I am not even sure you can do such thing with FF profile, anyway, injecting a cookie when a browser is fired (or inject using a proxy) is definitely a way to go with this. It also may or may not be that your interviewer has a little distorted knowledge about how the web works. So:
He wanted to test exactly like a user would do.
how would that really look like in your interviewers mind - "a prankster user wondering around the web, closing his sessions whenever acceptable and starting again with clean installation of a browser, but in the same time always secretly injecting a cookie so he is not getting the questionnaire?"... I am not really a certified expert in this matter and I have no scientific data to prove it, but I hardly think that this is what my users do.. So what users really do is .. nothing. It is the browser that is remembering the cookies, hence giving the webapp a way to understand if this user has visited you or not. So yea, I state again, that injecting that cookie is what you should do. And even if it possible to inject cookies or smth with FF profile - just refuse to do it and use WebDriver object instead, as using a profile for such task just makes no sense (new FF profile is created when FF is launched, also the statement:
"lose/quit the current driver and wanted to use another driver to
reopen the page and make sure that new session remembers that the user has visited before (just like its done manually).
"
: spinning up new WebDriver instance and clicking "open firefox button as a user" are not the same thing. Please consult the docs if you don't believe me. Calling new FirefoxDriver() causes the system to load new FF with new anon profile, whereas the "normal FF installation" lives in the harddisk with all his caches and other stuff.
So sometimes in interviews they intentionally give you questions that make no sense and trying to solve them would hurt your family as well as mine and all the mankind in general - like "Write a regexp to parse HTML". In these cases you just need to say: "Thats not really how we do it, let proceed to the next question". And thats what you should do in my opinion. Best luck.
Related
Summary - Want to make a simple website form filler. The website is NOT mine and I cannot edit its source code. Don't know what tools/languages are needed. Would java, jsp, html be enough ?
Request - Please reconsider your decision to close or downvote. I only need to know if java is enough or not.
There is a form on a website, say for reserving a visit to only one dentist. You fill your details and the date and time you want to visit. Then, it tells you if an appointment can be made or not, somewhere in the webpage.
This web page is NOT protected by CAPTCHA. I don't want to enter my details all the time to look for a reservation. I want to make code to do it for me.
I want to make code which will -
1 - Fill the details into the form and "press" submit.
2 - Then, read the resulting page and find out if a reservation is
available or not. If yes, do something like maybe - pop up a GUI
message, send e-mail or whatever.
3 - Repeat the above steps every 5 hours or so.
What are the languages and tools I would need to do this job ? Would I need more than java, jsp and html (thats all i know now) to make such code ?
Thanks.
I will suggest you try CURL. That will make you solution more simple in my opinion.
You can execute HTTP GET/POST with CURL, which is enough to solve your problem. Give it a try, and if you get block you can ask a more specific question about CURL or HTTP.
Hope it helps.
IMO, If you really just want to fill up some forms to check a reservation, no need to code anything, why not just install a plugin, Selenium, record your actions there and just run it at specified times: http://docs.seleniumhq.org/
Sure.
You need a web server and a database on the back end.
Since you feel comfortable with Java, JSP/HTML would probably be an ideal solution.
IMHO...
I can make a log in for easily, so that's not the problem. What is my problem is that I don't know how to check if the user's name and password are correct. I had a few ideas so here they are:
1) Saved in game, update every time someone registers -> Not practical
2) A MySQL database with something -> I'm just too stupid for that.
3) A website (php) that asks for ?name= and &password= in the URL, if it exists it echoes true, else false and then when I want to login, I just try to connect to that website (the user won't see that, of course) and see what it returns. I think this is the best idea for me but I don't know how to connect to the website and read what it says.
Just to make it clear, I have a domain and a website.
You're correct that #1 is really impractical and #3 seems effectively the same as you'd need to store your collection of username / password pairs somewhere. You should really consider #2. At some point we all felt "too stupid" for something new, but check it out, do some tutorials, and I'm sure you'll be well on your way.
An appropriate solution should include password encryption (ideally with a salt). Since you mentioned PHP, check out crypt. Also, take a look at PDO, probably the best (in my opinion) MySQL interface for PHP. Again take a look at the official docs here.
You seem like you're quite new to this, so some of that may be over your head at first. If so, just Google around with those keywords and you'll be sure to find many great tutorials.
There is this site wich in the address bar only shows like "http://example.com/examplepage.aspx".
Normally if it would have parameters behind it you probably could just copy that one.
But since it doesn't, how do i bookmark this page.
It doesn't necessarily have to be a bookmark, but at least an easy way to access the page.
(fyi I know basic HTML and Java, maybe it's only possible programmatically).
thnx
Generally dynamic pages (taking in context with the question) are not book mark friendly.
You could probably sniff the incoming request, and create a fake form which you can then submit later.
However there may be situations where there are parameters such as session id which are valid for only small periods of time.
You should read up on sessions. In really simple terms, a session is assigned to users accessing a website. They have an expiry period. IF you stay idle beyond set time (determined by the developer) you will not be able to get in. And every time you log back in, you may be assign a new session.
You would have noticed, that some websites automatically log you in, this is mostly done with the help of cookies. Cookies work in tandem with sessions, they store very basic information, so the next time you come back to a website, it will be able to identify you as a returning user and provide you with access.
Then again, some pages don't use sessions, they might have their own custom way of identifying users.
Bookmarks can be used in dynamic pages, if the code allows you to send GET requests, if they don't have any other extra parameters which will block you.
To Summarize:
Dynamic page not very bookmark friendly.
There may be parameters used to access a webpage which change constantly, which you cannot really save.
You may be able to get into dynamic pages using bookmarks, if they don't use any of the dynamically changing parameters.
Since you know Java, you should probably read up on JSPs/servlets to get an understanding of what happens behind the scenes in dynamic pages.
Hope this answers your questions.
I am using wicket application to initiate my Java method in my code. I have the url as follows
http://localhost:8080/web/resources/org.apache.wicket.Application/StartMethod
I want to add an extra option at the end client=cutomser1
http://localhost:8080/web/resources/org.apache.wicket.Application/StartMethod?client=customer1
As I want these use the same code but for different customers
So when I run this URL from command promte it should fetch the Customer1 into my Java code
in this way..
String client = customer1
How can I implement this in Java. I mean I want to fetch this String name customer1
Wicket is strong in data binding and you should take advantage of that.
If you display in the browser data from Customer1, the Wicket knows that when you do requests from that page.
The translation of request parameters to variables happens behind the scene.
That is disconcerting at first but really powerful when used as intended.
I would suggest you select a good tutorial from the answer to this question and go through a couple of examples to see how things are done. This may take an afternoon but this will pay back for itself before the week is out.
I think I am a bit too late, but still I will say that you can use PageParameters in your page and you should make the page bookmarkable.
I've already read most of the questions regarding techniques to prevent form spam, but none of them seem to suggest the use of the browser's session.
We have a form that sends an email to given email address and we didn't like the idea of using "captchas" or Javascript, as we wanted to keep the user journey simple and accessible to those without Javascript.
We would like to use the session object to help prevent form spam. Our webapp is developed on Weblogic Server 10 using Struts.
The solution being, when the form loads, it would set a variable in the session object. Once you click submit, we check if the session for the variable. No variable, redirect to the form. Variable exists send the email.
I would really appreciate any opinions/reasons why this might be a bad idea, so we can evaluate this solution against others.
Many thanks,
Jonathan
There is nothing to prevent a spammer from automating the process of downloading your form (thus generating the cookie) and submitting it. It may impose a slight burden on the spammer, but a trivial one.
As an example, a form can be easily downloaded and submitted, with cookies preserved, using a command-line tool such as cURL. This can then be run from a script repeatedly.
Session objects can, depending on implementation, be relatively heavy in terms of resource usage, as well as somewhat slow. Additionally, the spammer, if they realize how you are blocking them, can simply start a new session every time they hit the form by not sending back the session cookie.
So, because that technique relies on the client to behave nicely, and the expected behavior is fairly easy to prevent, it is possibly less useful than some other ways to solve the problem.
Thank you for your reply cdeszaq, but I'm not sure if you mis-understood my question.
For the form submission to complete successfully, clients will be forced to load the form to set up the session object correctly. Only when the session is in the correct state, will it be possible to send an email.
If the spammer is not sending back the session cookie, then they will not be able to spam my form as they haven't gone to my form page that creates the right session.
I agree that using the session object would create extra resource. Our implementation would simply, (using JSP) call session.setAttribute("formLoaded", true); and in my Struts action I would simply use session.getAttribute("formLoaded"); to check.
I wonder if this might work:
Each time you render page/form, create a random bit of text
Put that text in the session
Include that text as a hidden field in the form
User submits the form
Action compares the hidden text to the value in the session - if there's a match, send the email
Since a hacker wouldn't be able to put any random value in the session, they wouldn't be able to spam. Right?