Re: [Dorset] OT: WiFi Device Generating Multiple DHCP Requests
On Tuesday, 12 January 2021 09:48:43 GMT Terry Coles wrote: > My EV Charger is generating multiple DHCP Requests. This was first noticed > on Saturday when my son checked the router log and saw that one device was > being allocated an IP Address every 5 minutes or so. I isolated the > problem to the charger by turning stuff off until the problem stopped. > Normally the charger is connected to a WiFi Extender but I get the same > problem when it is connected directly to the Router. Pod-point is claiming that this is normal behaviour. According to their support Rep, he has spoken to the software team and the charger asks for an IP Address every time it wants to send data to the Pod-Point server. I have tried to convince him that this is not normal behaviour and I think he may have understood. He has fed my comments back to the software team. I won't hold my breath -- Terry Coles -- Next meeting: Online, Jitsi, Tuesday, 2021-02-02 20:00 Check to whom you are replying Meetings, mailing list, IRC, ... http://dorset.lug.org.uk New thread, don't hijack: mailto:dorset@mailman.lug.org.uk
Re: [Dorset] Problem using Chromium to log in to Web Page Secured with flask-httpauth
On Tuesday, 26 January 2021 18:16:58 GMT Patrick Wigmore wrote: > Sorry for any confusion I may have injected. Any confusion is definitely created by me. -- Terry Coles -- Next meeting: Online, Jitsi, Tuesday, 2021-02-02 20:00 Check to whom you are replying Meetings, mailing list, IRC, ... http://dorset.lug.org.uk New thread, don't hijack: mailto:dorset@mailman.lug.org.uk
Re: [Dorset] Problem using Chromium to log in to Web Page Secured with flask-httpauth
On Tuesday, 26 January 2021 17:48:32 GMT Ralph Corderoy wrote: > Either way, cookies aren't part of the mechanism, even if they may be > present for other reasons which explains why clearing cookies didn't > have a matching effect. But it did > Rewinding some months... When were these questions asked? Certainly not months ago, because I only started writing this Web App a few weeks ago. Anyway: > - What's the website? It's on the WMT Network, which is an intranet. It provides for Control and Monitoring of the Minster Music and Bells System. This is a re-engineered piece of kit which used to be controlled with toggle switches. > - Does the whole site require authentication? No. Only the Control Page. > - Are the users who need to authenticate a handful so they can be > educated in responding to the browser's login prompt? Yes. A very slack handful. :-) Probably no more than half a dozen. > - Do the users share devices provided at the site? No they use their own. > - How long should a ‘login’ last? Probably only 10 to 15 Minutes. -- Terry Coles -- Next meeting: Online, Jitsi, Tuesday, 2021-02-02 20:00 Check to whom you are replying Meetings, mailing list, IRC, ... http://dorset.lug.org.uk New thread, don't hijack: mailto:dorset@mailman.lug.org.uk
Re: [Dorset] Problem using Chromium to log in to Web Page Secured with flask-httpauth
On Tue, 26 Jan 2021 14:42:22 +, Terry Coles wrote: > Oh. OK. I understand that is the code the Flask method and not the > code for the Flask Development Server, but surely it's the server > that sets the cookie? The term 'server' can become a bit muddled here. If you look at it from a browser or HTTP protocol point of view, then the web server and any frameworks that run in it or alongside it, and any code you write that runs in the framework, are taken together to comprise a server. That is how I meant the word "server" in my previous response to this thread, when I said as much as it was the server's prerogative to decide whether a session cookie corresponded to a valid session. If I look at it that way, then I can say "yes, the server sets the cookie". But that doesn't answer your question, because I think you are looking at it from a more server-internal point of view, where Flask, and the Flask code you write, is treated as being a separate thing and not as part of the 'server'. I would say that this is a valid way to use the word 'server'. Looking at it that way, then I would say that, yes, the server sets the cookie, but that is only half the story, because Flask and your code can be the reason why the server ends up setting a cookie. If you were having Flask manage sessions for you, then it would be Flask telling the server to set a cookie. But Ralph is right; the code for flask-httpauth doesn't appear to use sessions or cookies in its implementation of HTTPBasicAuth. So, the fact that clearing browsing data seemed to clear the active log-in has probably been a bit of a red herring, and I have been guilty of being insufficiently curious. I am now given to assume that Chromium is caching the authentication credentials in a manner that survives browser restarts, or perhaps Chromium is not really being fully shut down when you close the browser, and that is why the authentication persists. Maybe when you cleared the browsing data, it was not the clearing of the cookies but the clearing the cache(s) that de-authenticated you. Sorry for any confusion I may have injected. Patrick -- Next meeting: Online, Jitsi, Tuesday, 2021-02-02 20:00 Check to whom you are replying Meetings, mailing list, IRC, ... http://dorset.lug.org.uk New thread, don't hijack: mailto:dorset@mailman.lug.org.uk
Re: [Dorset] Problem using Chromium to log in to Web Page Secured with flask-httpauth
Hi Terry, > Stephen wrote: > > I think Ralph meant in the link he sent, which had the code from the > > Flask codebase for its version of HTTPBasicAuth. For basic auth it’s > > usually much simpler to use an .htaccess file, or with nginx the > > equivalent. > > Oh. OK. I understand that is the code the Flask method and not the > code for the Flask Development Server, but surely it's the server that > sets the cookie? > > As you can see, I have little idea how these things work. A browser sends an HTTP request and amongst the headers are zero or more Cookie ones for any cookies the browser had stored for the server's domain name. The web server passes those Cookie headers on to your code which is handling the request. https://flask.palletsprojects.com/en/1.1.x/quickstart/#cookies says To access cookies you can use the cookies attribute. When sending the reply from your code, through the web server, and back to the browser you may choose to set one or more cookies with the Set-Cookie header. These may be new cookies or existing ones. That Flask link again: To set cookies you can use the set_cookie method of response objects. But you're using HTTP Basic Authentication. https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication This doesn't use cookies. Instead, there is a WWW-Authenticate header from the server and a Authorization one from the browser. The implementation of those two can be done by the web server or your code. If the web server and it decides access is denied then your code never gets called. This is the ‘basic auth’ using .htaccess which Stephen mentions above and further explained at that mozilla.org page. The browser sees the challenge by the web server and puts up its own login-prompt box for username and password. If you want a nice web page for login then your code implements the test instead which is where your existing use of HTTPBasicAuth() from flask-HTTPAuth comes in. Either way, cookies aren't part of the mechanism, even if they may be present for other reasons which explains why clearing cookies didn't have a matching effect. Rewinding some months... - What's the website? - Does the whole site require authentication? - Are the users who need to authenticate a handful so they can be educated in responding to the browser's login prompt? - Do the users share devices provided at the site? - How long should a ‘login’ last? -- Cheers, Ralph. -- Next meeting: Online, Jitsi, Tuesday, 2021-02-02 20:00 Check to whom you are replying Meetings, mailing list, IRC, ... http://dorset.lug.org.uk New thread, don't hijack: mailto:dorset@mailman.lug.org.uk
[Dorset] Next Meeting - One Week Tonight
Hi, I trust that everyone is keeping well and had a good (or as well as can be expected in a lock down) New Year. The next Meeting will be one week tonight 2021-02-02 at 2000 using Jitsi. Details are as for the previous meetings, but they will be re-posted on the day. -- Terry Coles -- Next meeting: Online, Jitsi, Tuesday, 2021-02-02 20:00 Check to whom you are replying Meetings, mailing list, IRC, ... http://dorset.lug.org.uk New thread, don't hijack: mailto:dorset@mailman.lug.org.uk
Re: [Dorset] Problem using Chromium to log in to Web Page Secured with flask-httpauth
On Tuesday, 26 January 2021 14:34:10 GMT Stephen Wolff wrote: > I think Ralph meant in the link he sent, which had the code from the > Flask codebase for its version of HTTPBasicAuth. For basic auth it’s > usually much simpler to use an .htaccess file, or with nginx the > equivalent. Oh. OK. I understand that is the code the Flask method and not the code for the Flask Development Server, but surely it's the server that sets the cookie? As you can see, I have little idea how these things work. -- Terry Coles -- Next meeting: Online, Jitsi, Tuesday, 2021-02-02 20:00 Check to whom you are replying Meetings, mailing list, IRC, ... http://dorset.lug.org.uk New thread, don't hijack: mailto:dorset@mailman.lug.org.uk
Re: [Dorset] Problem using Chromium to log in to Web Page Secured with flask-httpauth
What code on the server is setting a cookie? As I said above, I didn't spot HTTPBasicAuth updating a session, though perhaps I'm missing it. I think Ralph meant in the link he sent, which had the code from the Flask codebase for its version of HTTPBasicAuth. For basic auth it’s usually much simpler to use an .htaccess file, or with nginx the equivalent. -- Next meeting: Online, Jitsi, Tuesday, 2021-02-02 20:00 Check to whom you are replying Meetings, mailing list, IRC, ... http://dorset.lug.org.uk New thread, don't hijack: mailto:dorset@mailman.lug.org.uk
Re: [Dorset] Problem using Chromium to log in to Web Page Secured with flask-httpauth
On Tuesday, 26 January 2021 14:14:23 GMT Ralph Corderoy wrote: > What code on the server is setting a cookie? As I said above, I didn't > spot HTTPBasicAuth updating a session, though perhaps I'm missing it. This is the Flask Development Server, so I don't know ;-( > Until the use of cookies by the site is better understood, it's hard to > reason about the risks of using cookies. :-) Once the site is deployed it will be running on nginx, where presumably I'll be able to configure it to do what I want / need. -- Terry Coles -- Next meeting: Online, Jitsi, Tuesday, 2021-02-02 20:00 Check to whom you are replying Meetings, mailing list, IRC, ... http://dorset.lug.org.uk New thread, don't hijack: mailto:dorset@mailman.lug.org.uk
Re: [Dorset] Problem using Chromium to log in to Web Page Secured with flask-httpauth
Hi Terry, > > Are you certain it uses the first example which is ‘HTTPBasicAuth’? > > It certainly is. > > > From > > https://github.com/miguelgrinberg/Flask-HTTPAuth/blob/master/flask_httpauth.py > > I don't spot that authentication method updating a session, unlike > > HTTPDigestAuth, for example. > > I believe that Hamish spotted the problem; it's a cookie issue. When > I cleared browsing data in Chromium, it made me log in again. What code on the server is setting a cookie? As I said above, I didn't spot HTTPBasicAuth updating a session, though perhaps I'm missing it. Until the use of cookies by the site is better understood, it's hard to reason about the risks of using cookies. :-) -- Cheers, Ralph. -- Next meeting: Online, Jitsi, Tuesday, 2021-02-02 20:00 Check to whom you are replying Meetings, mailing list, IRC, ... http://dorset.lug.org.uk New thread, don't hijack: mailto:dorset@mailman.lug.org.uk
Re: [Dorset] Problem using Chromium to log in to Web Page Secured with flask-httpauth
On Tuesday, 26 January 2021 13:42:35 GMT Ralph Corderoy wrote: > In Firefox, ‘Tools → Web Developer → Network’ when viewing your page of > interest. Click ‘Reload’ so your page reloads and the new Network > window shows the traffic. > > Select a HTTP request of interest and in the new pane you'll see a > Headers tab which shows the Cookie headers in the request and the > Set-Cookie headers in the reply. The Cookies tab displays just them in > a broken-down format. It was working in Firefox so I tried to do the equivalent to what you suggest in Chromium. Presumably I should be able to see the cookies now I know how these developer tools work. -- Terry Coles -- Next meeting: Online, Jitsi, Tuesday, 2021-02-02 20:00 Check to whom you are replying Meetings, mailing list, IRC, ... http://dorset.lug.org.uk New thread, don't hijack: mailto:dorset@mailman.lug.org.uk
Re: [Dorset] Problem using Chromium to log in to Web Page Secured with flask-httpauth
Hi Terry, > Stephen wrote: > > You can view what cookies are stored in the ‘inspector’, so worth > > checking whether any are stored for an ‘http’ rather than ‘https’ > > connection. > > I'm assuming that this ‘inspector’ is accessed via the 'More tools - > Developer tools' Menu item. I tried that and couldn't see any cookies In Firefox, ‘Tools → Web Developer → Network’ when viewing your page of interest. Click ‘Reload’ so your page reloads and the new Network window shows the traffic. Select a HTTP request of interest and in the new pane you'll see a Headers tab which shows the Cookie headers in the request and the Set-Cookie headers in the reply. The Cookies tab displays just them in a broken-down format. -- Cheers, Ralph. -- Next meeting: Online, Jitsi, Tuesday, 2021-02-02 20:00 Check to whom you are replying Meetings, mailing list, IRC, ... http://dorset.lug.org.uk New thread, don't hijack: mailto:dorset@mailman.lug.org.uk
Re: [Dorset] Problem using Chromium to log in to Web Page Secured with flask-httpauth
On Tuesday, 26 January 2021 13:34:10 GMT Ralph Corderoy wrote: > Are you certain it uses the first example which is ‘HTTPBasicAuth’? It certainly is. > From > https://github.com/miguelgrinberg/Flask-HTTPAuth/blob/master/flask_httpauth. > py I don't spot that authentication method updating a session, unlike > HTTPDigestAuth, for example. I believe that Hamish spotted the problem; it's a cookie issue. When I cleared browsing data in Chromium, it made me log in again. -- Terry Coles -- Next meeting: Online, Jitsi, Tuesday, 2021-02-02 20:00 Check to whom you are replying Meetings, mailing list, IRC, ... http://dorset.lug.org.uk New thread, don't hijack: mailto:dorset@mailman.lug.org.uk
Re: [Dorset] Problem using Chromium to log in to Web Page Secured with flask-httpauth
Hi Terry, > I have set up basic protection for my Minster Control Web page using > the information in the man page for flask-httpauth see: > > http://manpages.ubuntu.com/manpages/groovy/man1/flask-httpauth.1.html > > My App uses the code in the first example given and works fine Are you certain it uses the first example which is ‘HTTPBasicAuth’? From https://github.com/miguelgrinberg/Flask-HTTPAuth/blob/master/flask_httpauth.py I don't spot that authentication method updating a session, unlike HTTPDigestAuth, for example. -- Cheers, Ralph. -- Next meeting: Online, Jitsi, Tuesday, 2021-02-02 20:00 Check to whom you are replying Meetings, mailing list, IRC, ... http://dorset.lug.org.uk New thread, don't hijack: mailto:dorset@mailman.lug.org.uk
