How to fetch username and password from url using basic authentication in node.js?

Question

I need to get the username and the password that a browser has send to my node.js application from the url.

I digged through various documentations and objects but I can't find anything useful. Does anybody know how to do that? Using Authentication header is not an option because modern bowsers don't set them.

https://username:password@myurl.com/
        =================
//         /\
//         ||
// I need this part

Thanks for your help!

@SyedKashanAli No, It`s not part of query string. It's placed before url as you can see in the sample above — Mehdi Yeganeh, Sep 13 '18 at 08:45

Seyed Ali Akhavani · Accepted Answer · 2018-09-20T09:31:49.680

7

This method of authentication is called "Basic Auth". You can access username and password via basic-auth npm package using bellow code:

const express = require('express');
const basicAuth = require('basic-auth');
let app = express();
app.get('/', function (req, res) {
    let user = basicAuth(req);
    console.log(user.name); //prints username
    console.log(user.pass); //prints password
});
app.listen(3000, function () {});

Now if you send a request to http://username:password@localhost:3000/ this code will print your username and password in the console.

Be aware that this method of authentication is not supported in most of the browsers anymore.

edited Sep 20 '18 at 09:31

answered Sep 13 '18 at 07:08

Seyed Ali Akhavani

633
1
6
18

Thanks for helping me, Its used in git, i wrote a git helper and i send it to git command, you can see `simple-git` package that the way of authentication in git repository. https://www.npmjs.com/package/simple-git#authentication – Mehdi Yeganeh Sep 13 '18 at 08:50
Thanks for elaboration. I edited the post and answered your question. @MehdiYeganeh – Seyed Ali Akhavani Sep 13 '18 at 09:45
basic-auth or express-basic-auth working with request headers (like: www-authentication, proxy-authorization, ... ) and this user & pass stored in url, i`ll checked your code to show you request details, and you can see the result in this image, there isn't any header about auth, user & pass is in the url: [Screen Shot](https://pasteboard.co/HDOYBgw.png) – Mehdi Yeganeh Sep 14 '18 at 08:35
I told you that this method of passing username and password is deprecated and most of the browsers won't send these data anymore. You can use ```request``` npm module and check your code with this: ```const request = require('request'); request('http://username:password@localhost:3000', function (error, response, body) {});``` – Seyed Ali Akhavani Sep 15 '18 at 05:30
Its deprecated in some browsers not for servers and the deprecation is not my problem, I want to catch all data passed to NodeJS http server, you can catch this url in c#, java, python or ... . so we just want to get all of data. and i want to catch data and not sending user & pass with request object. So, please just answer to the question and if you think is not possible you can say it with references. Thank you – Mehdi Yeganeh Sep 15 '18 at 10:17
1

I told you that you can "fetch" username and password that are sent by basic authentication method via this code. Your problem now is "sending" these data and is not related to this question. Because you can test the above code by using curl and see that it fetches username and password: ```curl -XGET http://user:pass@localhost:3000/``` As I told you before, browsers no longer send basic authentication data and if you are sending requests to your server with your browser, you can't access them in your server. – Seyed Ali Akhavani Sep 15 '18 at 11:04
1

@SeyedAliAkhavani question definitely says that "I need to get the username and the password that a __browser has send__ to my node.js", so your answer is not valid. It is just impossible – Andrii Muzalevskyi Sep 19 '18 at 15:49

score 2 · Answer 2 · answered Sep 18 '18 at 22:17

2

The http://username:password@example.com format is no longer supported by either IE or Chrome, wouldn't be surprised if others followed suit if they haven't already.

(From T.J. Crowder comment here)

answered Sep 18 '18 at 22:17

Andrii Muzalevskyi

3,261
16
20

score 1 · Answer 3 · edited May 23 '17 at 10:26

1

This is exactly what you're looking for:

http://nodejs.org/api/url.html

If you want to know where to get the URL itself from, it is passed in the request object, also known as "path":

Node.js: get path from the request

edited May 23 '17 at 10:26

Community

1
1

answered Oct 01 '14 at 16:15

Organiccat

5,633
17
57
104

1

Thank you for your answer. But I need to know where to get the full url to pass it to the url.format() function. – Stephan Oct 03 '14 at 20:02
2

Then you aren't looking how to get the username/password, you're looking for the basic URL? Just get it out of the request object: req.url – Organiccat Oct 04 '14 at 21:04
1

req.url only contains the path after the fqdn (at least when I test on localhost). – Stephan Oct 07 '14 at 07:22

score 1 · Answer 4 · edited May 23 '17 at 12:13

1

The username:password is contained in the Authorization header as a base64-encoded string:

http.createServer(function(req, res) {
  var header = req.headers['authorization'] || '',        // get the header
      token = header.split(/\s+/).pop()||'',            // and the encoded auth token
      auth = new Buffer(token, 'base64').toString(),    // convert from base64
      parts=auth.split(/:/),                          // split on colon
      username=parts[0],
      password=parts[1];

  res.writeHead(200,{'Content-Type':'text/plain'});
  res.end('username is "'+username+'" and password is "'+password+'"');

}).listen(1337,'127.0.0.1');

see this post: Basic HTTP authentication in Node.JS?

edited May 23 '17 at 12:13

Community

1
1

answered Oct 01 '14 at 16:17

Victor

5,043
3
41
55

1

Thank you for your answer but unfortunatly this doesn't work for me. It works if I use curl but not with Chrome (v37) or Firefox (v32). The browsers don't convert the Information to an authorization header. – Stephan Oct 03 '14 at 19:58
1

Doesn´t work for me either, tested in firefox. – Codebeat Aug 08 '18 at 13:17

score 0 · Answer 5 · answered Sep 13 '18 at 07:42

0

/createserver/:username/:password

let params={
userName:req.params.username,
password:req.params.password
}
console.log(params);

Is this is what you wanted .?

answered Sep 13 '18 at 07:42

Ujjual

958
2
10
36

No, i want catch it from url, not query string – Mehdi Yeganeh Sep 13 '18 at 08:46
have you checked this thread? https://stackoverflow.com/questions/10183291/how-to-get-the-full-url-in-express – Ujjual Sep 13 '18 at 09:03
Thanks for helping, Yes, I checked it before, there is two things, the first i didn't use express and i want it from pure node, and the second express like node didn't give me back the username & password, we just could make full url with joining host and path and we haven`t username & password in url – Mehdi Yeganeh Sep 13 '18 at 09:26

score -2 · Answer 6 · answered Oct 04 '14 at 21:15

-2

the URL is accessible by the server in the request object :

http.createServer(function(req, res) {
    var url = req.url
    console.log(url) //echoes https://username:password@myurl.com/
    //do something with url
}).listen(8081,'127.0.0.1');

answered Oct 04 '14 at 21:15

xShirase

11,975
4
53
85

2

This only displays "/" in the console, it does not contain fqdn, username or password. – Stephan Oct 06 '14 at 07:51

How to fetch username and password from url using basic authentication in node.js?

6 Answers6

Linked