0

This is a simple login form which is working fine with most of the users, but for some reason there are several users that get 400 (Bad Request) when try to login. There is nothing special with the usernames they use like - having special symbols, special words or etc.

I have already tried several times to change the data format or or use JSON.stringify() of the username and password, but at the end not only the problematic users could not login, but all others.

    $('#submit').click(function() {
            username = $('#username').val();
            password = $('#password').val();
            $.ajax({
                type: 'POST',
                url: '/auth/signin',
                data: 'username=' + username + '&password=' + password,
                success: function(json) {
                    location.reload(true);
                },
                error: function (xhr, ajaxOptions, thrownError) {

                        $('#login-error').html('Invalid username/password');
                }
            });
            return false;
        });

Even if I try to see the thrownError it only gives me "error"

jquery.js:4 POST http://website/auth/signin 400 (Bad Request)
send @ jquery.js:4
ajax @ jquery.js:4
(anonymous) @ login.js:39
dispatch @ jquery.js:3
r.handle @ jquery.js:3

Bad Request
error

jQuery v1.11.1

How can I see the POST executable, cause even in the netwrok tab of chrome inspect there is nothing registered? How is it possible to work with one data (user/pass - they are valid), but not with other , just with different char sequence?

Using encodeURIComponent for user/pass solved this problem
More info thanks to Andreas to:
Does ajax post data need to be URI encoded?

Vasil
  • 60
  • 1
  • 11
  • Could you add examples of username/passwords that don't work? – Chrisstar Dec 28 '18 at 14:13
  • 1
    _"There is nothing special with the usernames"_ - Maybe not with the usernames, but with the passwords. [php - Does ajax post data need to be URI encoded?](https://stackoverflow.com/questions/18381770/does-ajax-post-data-need-to-be-uri-encoded) – Andreas Dec 28 '18 at 14:14
  • Thanks, Andreas - yes this was the problem. I'm using passport-ldapauth module and after reverse engineering the code of the module, I noticed that it should be encoded. The interesting is that using encodeURI doesn't work, but only encodeURIComponent. Guess because if you're encoding a string to put in a URL component (a querystring parameter), you should call encodeURIComponent. If you're encoding an existing URL, call encodeURI – Vasil Jan 02 '19 at 09:07

1 Answers1

0
 $('#submit').click(function() {    
        fire_ajax_submit();
});

function fire_ajax_submit() {
    // PREPARE FORM DATA
    var formData = {
        username  : $("#username").val(),
        password  :  $("#password").val()

    }

    var protocol = window.location.protocol;
    var host = window.location.host;
    var pathArray = window.location.pathname.split('/');
    var pathName = pathArray[1];
    $.ajax({
        type : "POST",
        contentType : "application/json",
        url : protocol + "//" + host + "/" + pathName + "/auth/signin",
        data : JSON.stringify(formData),
        dataType : 'json',
        cache : false,
        success : function(data) {
            //doSomthing

        },
        error : function(e) {
            console.log("ERROR : ", e);         

        }
    });

}
IMParasharG
  • 1,869
  • 1
  • 15
  • 26
  • 1
    Please add an explanation to your code-only answer on what you've changed, and why this will fix the problem. But in this special case: _"**I have already tried** several times to change the data format or or **use JSON.stringify()**"_ – Andreas Dec 28 '18 at 14:29