Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add ability to send https requests without SSL verification #486

Open
pacnpal opened this issue Oct 29, 2024 · 9 comments
Open

Add ability to send https requests without SSL verification #486

pacnpal opened this issue Oct 29, 2024 · 9 comments
Labels
enhancement New feature or request good first issue Good for newcomers

Comments

@pacnpal
Copy link

pacnpal commented Oct 29, 2024

Tell us about the task you want to perform and are unable to do so because the feature is not available

Unable to send https requests to servers that don't have certificates, such as local IP addresses

Describe the solution/feature you'd like us to add

Add function for curl request to be sent with the -k option, ignoring the certificate verification step

@pacnpal pacnpal added the enhancement New feature or request label Oct 29, 2024
@ashitaprasad
Copy link
Member

Thank you for raising the issue. This is definitely a useful feature.
Also, a good issue on which people can contribute.

@ashitaprasad ashitaprasad added the good first issue Good for newcomers label Oct 30, 2024
@nilaygit-10721
Copy link

can you assign me this issue?

@ashitaprasad
Copy link
Member

@nilaygit-10721 We do not assign any issues. Anyone can work on the issue and submit a PR.

@Clasherzz
Copy link
Contributor

Clasherzz commented Nov 12, 2024

@ashitaprasad i would love to work on this since i myself faced this issue while working on adding codgen for hyper.
My approach and changes would be:
-> adding a toogle button in settings for ssl certificate verification (by default its turned on.)
-> changing settings model and adding a provider for ssl.
-> make a custom http client that can make requests without checking for ssl certificates and use that client when ssl certification is turned off.

@ashitaprasad
Copy link
Member

@Clasherzz Can you share how the custom client will look in this thread.

@Clasherzz
Copy link
Contributor

@Clasherzz Can you share how the custom client will look in this thread.

Sure thing @ashitaprasad i have tested this client on https://expired.badssl.com/ and received the html i saw on the site as response body


import 'package:http/http.dart' as http;

import 'package:http/io_client.dart';

import 'dart:io';



/// Create a custom `HttpClient` with SSL verification disabled.
http.Client createHttpClientWithNoSSL() {
  var ioClient = HttpClient()
    ..badCertificateCallback =
        (X509Certificate cert, String host, int port) => true;
  return IOClient(ioClient);
}

// Use this client in your function
// Future<(http.Response?, Duration?, String?)> request(
//   HttpRequestModel requestModel, {
//   String defaultUriScheme = kDefaultUriScheme,
// }) async {
//   (Uri?, String?) uriRec = getValidRequestUri(
//     requestModel.url,
//     requestModel.enabledParams,
//     defaultUriScheme: defaultUriScheme,
//   );

//   // Replace the default client with the custom one
//   http.Client client = createHttpClientWithNoSSL();

//   if (uriRec.$1 != null) {
//     Uri requestUrl = uriRec.$1!;
//     Map<String, String> headers = requestModel.enabledHeadersMap;
//     http.Response response;
//     String? body;

//     try {
//       Stopwatch stopwatch = Stopwatch()..start();
//       var isMultiPartRequest =
//           requestModel.bodyContentType == ContentType.formdata;

//       if (kMethodsWithBody.contains(requestModel.method)) {
//         var requestBody = requestModel.body;
//         if (requestBody != null && !isMultiPartRequest) {
//           var contentLength = utf8.encode(requestBody).length;
//           if (contentLength > 0) {
//             body = requestBody;
//             headers[HttpHeaders.contentLengthHeader] = contentLength.toString();
//             if (!requestModel.hasContentTypeHeader) {
//               headers[HttpHeaders.contentTypeHeader] =
//                   requestModel.bodyContentType.header;
//             }
//           }
//         }
//         if (isMultiPartRequest) {
//           var multiPartRequest = http.MultipartRequest(
//             requestModel.method.name.toUpperCase(),
//             requestUrl,
//           );
//           multiPartRequest.headers.addAll(headers);
//           for (var formData in requestModel.formDataList) {
//             if (formData.type == FormDataType.text) {
//               multiPartRequest.fields.addAll({formData.name: formData.value});
//             } else {
//               multiPartRequest.files.add(
//                 await http.MultipartFile.fromPath(
//                   formData.name,
//                   formData.value,
//                 ),
//               );
//             }
//           }
//           http.StreamedResponse multiPartResponse =
//               await multiPartRequest.send();
//           stopwatch.stop();
//           http.Response convertedMultiPartResponse =
//               await http.Response.fromStream(multiPartResponse);
//           return (convertedMultiPartResponse, stopwatch.elapsed, null);
//         }
//       }

//       switch (requestModel.method) {
//         case HTTPVerb.get:
//           response = await client.get(requestUrl, headers: headers);
//           break;
//         case HTTPVerb.head:
//           response = await client.head(requestUrl, headers: headers);
//           break;
//         case HTTPVerb.post:
//           response = await client.post(requestUrl, headers: headers, body: body);
//           break;
//         case HTTPVerb.put:
//           response = await client.put(requestUrl, headers: headers, body: body);
//           break;
//         case HTTPVerb.patch:
//           response = await client.patch(requestUrl, headers: headers, body: body);
//           break;
//         case HTTPVerb.delete:
//           response = await client.delete(requestUrl, headers: headers, body: body);
//           break;
     
        
//       }
//       stopwatch.stop();
//       return (response, stopwatch.elapsed, null);
//     } catch (e) {
//       return (null, null, e.toString());
//     } finally {
//       client.close();
//     }
//   } else {
//     return (null, null, uriRec.$2);
//   }
// }

void main() async {
 
  Uri uri = Uri.parse("https://expired.badssl.com/");
  

  http.Client client = createHttpClientWithNoSSL();

  try {

    final response = await client.get(uri);
    print(response.body);
  } catch (e) {
    print("Error: $e");
  } finally {
    client.close();  
  }
}

@ashitaprasad
Copy link
Member

@Clasherzz What about multipart request?

@Clasherzz
Copy link
Contributor

@Clasherzz What about multipart request?

@ashitaprasad i would try parsing the multipart request made to the custom client

void main() async {
  Uri uri = Uri.parse("https://localhost:3443/upload");
  http.Client client = createHttpClientWithNoSSL();

  try {
    var request = http.MultipartRequest("POST", uri);

    request.fields['field1'] = 'value1';
    request.fields['field2'] = 'value2';


  
    var streamedResponse = await client.send(request);

   request.files.add(await http.MultipartFile.fromPath(
      'file',
      'C:/Users/HP/Downloads/DBMS',
    ));
    var response = await http.Response.fromStream(streamedResponse);

    print("Response status: ${response.statusCode}");
    print("Response body: ${response.body}");
  } catch (e) {
    print("Error: $e");
  } finally {
    client.close();
  }
}

this was tested on the upload endpoint in local system(code : https://github.com/Clasherzz/testing)

@Clasherzz
Copy link
Contributor

@Clasherzz What about multipart request?

@ashitaprasad i would try parsing the multipart request made to the custom client

void main() async {
  Uri uri = Uri.parse("https://localhost:3443/upload");
  http.Client client = createHttpClientWithNoSSL();

  try {
    var request = http.MultipartRequest("POST", uri);

    request.fields['field1'] = 'value1';
    request.fields['field2'] = 'value2';


  
    var streamedResponse = await client.send(request);

   request.files.add(await http.MultipartFile.fromPath(
      'file',
      'C:/Users/HP/Downloads/DBMS',
    ));
    var response = await http.Response.fromStream(streamedResponse);

    print("Response status: ${response.statusCode}");
    print("Response body: ${response.body}");
  } catch (e) {
    print("Error: $e");
  } finally {
    client.close();
  }
}

this was tested on the upload endpoint in local system(code : https://github.com/Clasherzz/testing)

@ashitaprasad does this look good ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request good first issue Good for newcomers
Projects
None yet
Development

No branches or pull requests

5 participants
@ashitaprasad @Clasherzz @nilaygit-10721 @pacnpal and others